Hypothesis testing in presence of adversaries

Original Title: “Hypothesis testing in presence of adversaries”

Authors: Jorge González-Ortega (ICMAT-CSIC), David Ríos Insua (AXA-ICMAT), Fabrizio Ruggeri (Istituto di Matematica Applicata e Tecnologie Informatiche, CNR) y Refik Soyer (George Washington University)

Source: The American Statistician (2019)

Date of online publication: July 10, 2019

Link: https://doi.org/10.1080/00031305.2019.1630001


One of the fundamental problems in statistical inference is hypothesis testing. Although not unaffected by controversy, the problem has been studied in depth from the perspective of the statistical decision theory, both from a frequentist and a bayesian point of view, as a result of the seminal work carried out by Abraham Wald in 1950. In recent years, there has been a growing interest in hypothesis testing problems, in which hostile adversaries distort the observed data in order to confuse the decision maker about the relevant hypothesis, with the aim of attaining some objective. These types of problems often occur in fields such as the processing of adversarial signs, adversarial classification and adversarial machine learning, and they have applications in fields like fraud detection, spam identification and autonomous vehicle guidance. However, most of the approaches to these problems employ techniques based on game theory, and involve unrealistic common knowledge hypotheses in the contexts of security described above.

In this paper, Jorge González-Ortega, David Ríos Insua, Fabrizio Ruggeri and Refik Soyer propose an alternative general approach to the problem of adversarial hypothesis testing based on concepts belonging to adversarial risk analysis. They consider an agent (the defender) who must decide which is the most appropriate hypothesis on the basis of observations that may have been distorted by another agent (the attacker). They study the problem from the point of view of the defender, and to do that they formulate a bayesian decision making problem that requires the prediction of what decision the attacker will make, taking into account the uncertainty regarding the preferences and beliefs of the said attacker; to that end, they employ the adversarial statistical decision theory.  Furthermore, they illustrate their results with a specific binary hypothesis testing problem regarding the monitoring of spam. They also discuss several alternative applications.