On the Adversarial Robustness of Learning-based Conformal Novelty Detection
By: Daofu Zhang , Mehrdad Pournaderi , Hanne M. Clifford and more
Potential Business Impact:
Makes AI better at spotting fake or unusual things.
This paper studies the adversarial robustness of conformal novelty detection. In particular, we focus on AdaDetect, a powerful learning-based framework for novelty detection with finite-sample false discovery rate (FDR) control. While AdaDetect provides rigorous statistical guarantees under benign conditions, its behavior under adversarial perturbations remains unexplored. We first formulate an oracle attack setting that quantifies the worst-case degradation of FDR, deriving an upper bound that characterizes the statistical cost of attacks. This idealized formulation directly motivates a practical and effective attack scheme that only requires query access to AdaDetect's output labels. Coupling these formulations with two popular and complementary black-box adversarial algorithms, we systematically evaluate the vulnerability of AdaDetect on synthetic and real-world datasets. Our results show that adversarial perturbations can significantly increase the FDR while maintaining high detection power, exposing fundamental limitations of current error-controlled novelty detection methods and motivating the development of more robust alternatives.
Similar Papers
Are Robust LLM Fingerprints Adversarially Robust?
Cryptography and Security
Cracks computer "fingerprints" that prove ownership.
A Statistical Method for Attack-Agnostic Adversarial Attack Detection with Compressive Sensing Comparison
Cryptography and Security
Stops sneaky computer tricks from fooling smart programs.
Revisiting Physically Realizable Adversarial Object Attack against LiDAR-based Detection: Clarifying Problem Formulation and Experimental Protocols
CV and Pattern Recognition
Makes self-driving cars safer from fake sensor data.