Abstract:Backdoor poisoning attacks behave counter-intuitively in high dimensions: stronger training triggers can help the defender. We study regularised generalised linear models on Gaussian-mixture data in the proportional regime ($p/n \to \kappa$), varying the training trigger strength $\alpha$ against a fixed test trigger. Three phenomena emerge: (i) clean test accuracy increases with $\alpha$; (ii) attack success peaks at a finite $\alpha$ and then declines; and (iii) the most damaging trigger direction is the minimum eigenvector of the data covariance. We prove all three results in closed form for the squared loss, and extend (i) and (ii) to general convex GLM losses via a Gaussian-proxy fixed-point system. We identify a finite-sample noise floor proportional to $\kappa$ as the mechanism behind (i), invisible to classical $n \gg p$ analysis. Experiments on CIFAR-10 and Gaussian surrogates match the theory closely; ResNet-18 experiments show the same phenomena beyond the convex setting.
| Subjects: | Machine Learning (cs.LG); Statistics Theory (math.ST) |
| Cite as: | arXiv:2605.22481 [cs.LG] |
| (or arXiv:2605.22481v1 [cs.LG] for this version) | |
| https://doi.org/10.48550/arXiv.2605.22481 arXiv-issued DOI via DataCite (pending registration) |
From: Donald Flynn [view email]
[v1]
Thu, 21 May 2026 13:39:06 UTC (246 KB)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。