Adversarial Attacks for Drift Detection
Fabian Hinder, Valerie Vaquet, Barbara Hammer
TL;DR
This paper analyzes the vulnerabilities of existing concept drift detection methods, demonstrating how adversarial data streams can evade detection, and provides theoretical and empirical insights into these shortcomings.
Contribution
It introduces the concept of drift adversarials, systematically constructs them for common schemes, and highlights their impact on drift detection reliability.
Findings
Common drift detection schemes can be bypassed by adversarial data streams.
Theoretical analysis of all possible adversarials for typical detection methods.
Empirical evaluations confirm the effectiveness of drift adversarials.
Abstract
Concept drift refers to the change of data distributions over time. While drift poses a challenge for learning models, requiring their continual adaption, it is also relevant in system monitoring to detect malfunctions, system failures, and unexpected behavior. In the latter case, the robust and reliable detection of drifts is imperative. This work studies the shortcomings of commonly used drift detection schemes. We show how to construct data streams that are drifting without being detected. We refer to those as drift adversarials. In particular, we compute all possible adversairals for common detection schemes and underpin our theoretical findings with empirical evaluations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAnomaly Detection Techniques and Applications · Adversarial Robustness in Machine Learning · Data Stream Mining Techniques