Provably effective detection of effective data poisoning attacks

Jonathan Gallagher; Yasaman Esfandiari; Callen MacPhee; Michael Warren

arXiv:2501.11795·cs.CR·January 22, 2025

Provably effective detection of effective data poisoning attacks

Jonathan Gallagher, Yasaman Esfandiari, Callen MacPhee, Michael Warren

PDF

Open Access

TL;DR

This paper introduces a mathematically rigorous method to detect data poisoning attacks using the Conformal Separability Test, providing both theoretical guarantees and experimental validation of its effectiveness.

Contribution

It defines dataset poisoning attacks precisely and proves they can be effectively detected with a new statistical test, bridging theory and practical detection.

Findings

01

The Conformal Separability Test reliably detects poisoning in real-world datasets.

02

Mathematical proof guarantees poisoning detection is always possible if poisoning occurs.

03

Experimental results confirm the test's effectiveness in practical scenarios.

Abstract

This paper establishes a mathematically precise definition of dataset poisoning attack and proves that the very act of effectively poisoning a dataset ensures that the attack can be effectively detected. On top of a mathematical guarantee that dataset poisoning is identifiable by a new statistical test that we call the Conformal Separability Test, we provide experimental evidence that we can adequately detect poisoning attempts in the real world.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsNetwork Security and Intrusion Detection