DC Field
Value
Language
dc.contributor.author
Pichler, Georg
-
dc.contributor.author
Romanelli, Marco
-
dc.contributor.author
Manivannan, Divya Prakash
-
dc.contributor.author
Krishnamurthy, Prashanth
-
dc.contributor.author
Khorrami, Farshad
-
dc.contributor.author
Garg, Siddharth
-
dc.date.accessioned
2025-02-03T13:17:09Z
-
dc.date.available
2025-02-03T13:17:09Z
-
dc.date.issued
2024-05-02
-
dc.identifier.citation
<div class="csl-bib-body"> <div class="csl-entry">Pichler, G., Romanelli, M., Manivannan, D. P., Krishnamurthy, P., Khorrami, F., &#38; Garg, S. (2024). On the (In)feasibility of ML Backdoor Detection as an Hypothesis Testing Problem. In <i>Proceedings of The 27th International Conference on Artificial Intelligence and Statistics</i> (pp. 4051–4059). PMLR. https://doi.org/10.34726/8503</div> </div>
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/210566
-
dc.identifier.uri
https://doi.org/10.34726/8503
-
dc.description.abstract
We introduce a formal statistical definition for the problem of backdoor detection in machine learning systems and use it to analyze the feasibility of such problems, providing evidence for the utility and applicability of our definition. The main contributions of this work are an impossibility result and an achievability result for backdoor detection. We show a no-free-lunch theorem, proving that universal (adversary-unaware) backdoor detection is impossible, except for very small alphabet sizes. Thus, we argue, that backdoor detection methods need to be either explicitly, or implicitly adversary-aware. However, our work does not imply that backdoor detection cannot work in specific scenarios, as evidenced by successful backdoor detection methods in the scientific literature. Furthermore, we connect our definition to the probably approximately correct (PAC) learnability of the out-of-distribution detection problem.
en
dc.language.iso
en
-
dc.relation.ispartofseries
Proceedings of Machine Learning Research
-
dc.rights.uri
http://rightsstatements.org/vocab/InC/1.0/
-
dc.subject
backdoor attacks
en
dc.subject
backdoor detection
en
dc.subject
Out-of-distribution
en
dc.subject
Statistics
en
dc.subject
hypothesis testing
en
dc.subject
PAC learning
en
dc.title
On the (In)feasibility of ML Backdoor Detection as an Hypothesis Testing Problem
en
dc.type
Inproceedings
en
dc.type
Konferenzbeitrag
de
dc.rights.license
Urheberrechtsschutz
de
dc.rights.license
In Copyright
en
dc.identifier.doi
10.34726/8503
-
dc.contributor.affiliation
New York University, United States of America (the)
-
dc.contributor.affiliation
New York University, United States of America (the)
-
dc.contributor.affiliation
New York University, United States of America (the)
-
dc.contributor.affiliation
New York University, United States of America (the)
-
dc.contributor.affiliation
New York University, United States of America (the)
-
dc.description.startpage
4051
-
dc.description.endpage
4059
-
dc.rights.holder
Copyright 2024 by the author(s)
-
dc.type.category
Full-Paper Contribution
-
tuw.booktitle
Proceedings of The 27th International Conference on Artificial Intelligence and Statistics
-
tuw.container.volume
238
-
tuw.relation.publisher
PMLR
-
tuw.researchTopic.id
I7
-
tuw.researchTopic.id
C4
-
tuw.researchTopic.id
I4
-
tuw.researchTopic.name
Telecommunication
-
tuw.researchTopic.name
Mathematical and Algorithmic Foundations
-
tuw.researchTopic.name
Information Systems Engineering
-
tuw.researchTopic.value
20
-
tuw.researchTopic.value
40
-
tuw.researchTopic.value
40
-
tuw.linking
https://github.com/g-pichler/in_feasibility_of_ml_backdoor_detection
-
tuw.publication.orgunit
E389-03 - Forschungsbereich Signal Processing
-
dc.identifier.libraryid
AC17425564
-
dc.description.numberOfPages
9
-
tuw.author.orcid
0000-0001-5696-4472
-
tuw.author.orcid
0000-0001-5530-4042
-
tuw.author.orcid
0000-0002-6958-8258
-
tuw.author.orcid
0000-0001-8264-7972
-
tuw.author.orcid
0000-0002-8418-004X
-
tuw.author.orcid
0000-0002-6158-9512
-
dc.rights.identifier
Urheberrechtsschutz
de
dc.rights.identifier
In Copyright
en
tuw.event.name
27th International Conference on Artificial Intelligence and Statistics
en
dc.description.sponsorshipexternal
National Science Foundation (NSF)
-
dc.description.sponsorshipexternal
Army Research Office
-
dc.description.sponsorshipexternal
Tamkeen
-
dc.relation.grantnoexternal
ARO 77191
-
dc.relation.grantnoexternal
W911NF-21-1-0155
-
dc.relation.grantnoexternal
CG010
-
tuw.event.startdate
02-05-2024
-
tuw.event.enddate
04-05-2024
-
tuw.event.online
On Site
-
tuw.event.type
Event for scientific audience
-
tuw.event.place
Valencia
-
tuw.event.country
ES
-
tuw.event.presenter
Pichler, Georg
-
tuw.event.track
Multi Track
-
wb.sciencebranch
Elektrotechnik, Elektronik, Informationstechnik
-
wb.sciencebranch.oefos
2020
-
wb.sciencebranch.value
100
-
item.languageiso639-1
en
-
item.openairetype
conference paper
-
item.grantfulltext
open
-
item.fulltext
with Fulltext
-
item.cerifentitytype
Publications
-
item.mimetype
application/pdf
-
item.openairecristype
http://purl.org/coar/resource_type/c_5794
-
item.openaccessfulltext
Open Access
-
crisitem.author.dept
E389-03 - Forschungsbereich Signal Processing
-
crisitem.author.dept
New York University
-
crisitem.author.dept
New York University
-
crisitem.author.dept
New York University
-
crisitem.author.dept
New York University
-
crisitem.author.dept
New York University
-
crisitem.author.orcid
0000-0001-5696-4472
-
crisitem.author.orcid
0000-0001-8264-7972
-
crisitem.author.orcid
0000-0002-8418-004X
-
crisitem.author.orcid
0000-0002-6158-9512
-
crisitem.author.parentorg
E389 - Institute of Telecommunications
-
Appears in Collections:
Conference Paper
Thumbnail
Fulltext (Version of Record (published version))
Adobe PDF
(429.79 kB)
Open Access In Copyright
Show simple item record

Page view(s)

67
checked on Feb 4, 2025

Download(s)

9
checked on Feb 4, 2025

Google ScholarTM

Check