On the Adversarial Robustness of Hypothesis Testing

In this paper, we investigate the adversarial robustness of hypothesis testing rules. In the considered model, after a sample is generated, it will be modified by an adversary before being observed by the decision maker. The decision maker needs to decide the underlying hypothesis that generates the sample from the adversarially-modified data. We formulate this problem as a minimax hypothesis testing problem, in which the goal of the adversary is to design attack strategy to maximize the error probability while the decision maker aims to design decision rules so as to minimize the error probability. We consider both hypothesis-aware case, in which the attacker knows the true underlying hypothesis, and hypothesis-unaware case, in which the attacker does not know the true underlying hypothesis. We solve this minimax problem and characterize the corresponding optimal strategies for both cases.

Automated summary

This paper investigates the adversarial robustness of hypothesis testing rules, where decision makers need to determine the underlying hypothesis of generated samples after being modified by an adversary. The study reveals that decision makers can design different decision rules to minimize error probability under different scenarios of whether the adversary is aware of the true underlying hypothesis.