Saved in:
Bibliographic Details
Main Authors: Choi, Soyon, Alfeld, Scott, Ma, Meiyi
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2603.05625
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912946204966912
author Choi, Soyon
Alfeld, Scott
Ma, Meiyi
author_facet Choi, Soyon
Alfeld, Scott
Ma, Meiyi
contents When used in automated decision-making systems, machine learning (ML) models are vulnerable to data-manipulation attacks. Some defense mechanisms (e.g., adversarial regularization) directly affect the ML models while others (e.g., anomaly detection) act within the broader system. In this paper we consider a different task for defending the adversary, focusing on the attacker, rather than the attack. We present and demonstrate a framework for identifying characteristics about the attacker from an observed attack. We prove that, without additional knowledge, the attacker is non-identifiable (multiple potential attackers would perform the same observed attack). To address this challenge, we propose a domain-agnostic framework to identify the most probable attacker. This framework aids the defender in two ways. First, knowledge about the attacker can be leveraged for exogenous mitigation (i.e., addressing the vulnerability by altering the decision-making system outside the learning algorithm and/or limiting the attacker's capability). Second, when implementing defense methods that directly affect the learning process (e.g., adversarial regularization), knowledge of the specific attacker improves performance. We present the details of our framework and illustrate its applicability through specific instantiations on a variety of learners.
format Preprint
id arxiv_https___arxiv_org_abs_2603_05625
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Identifying Adversary Characteristics from an Observed Attack
Choi, Soyon
Alfeld, Scott
Ma, Meiyi
Machine Learning
When used in automated decision-making systems, machine learning (ML) models are vulnerable to data-manipulation attacks. Some defense mechanisms (e.g., adversarial regularization) directly affect the ML models while others (e.g., anomaly detection) act within the broader system. In this paper we consider a different task for defending the adversary, focusing on the attacker, rather than the attack. We present and demonstrate a framework for identifying characteristics about the attacker from an observed attack. We prove that, without additional knowledge, the attacker is non-identifiable (multiple potential attackers would perform the same observed attack). To address this challenge, we propose a domain-agnostic framework to identify the most probable attacker. This framework aids the defender in two ways. First, knowledge about the attacker can be leveraged for exogenous mitigation (i.e., addressing the vulnerability by altering the decision-making system outside the learning algorithm and/or limiting the attacker's capability). Second, when implementing defense methods that directly affect the learning process (e.g., adversarial regularization), knowledge of the specific attacker improves performance. We present the details of our framework and illustrate its applicability through specific instantiations on a variety of learners.
title Identifying Adversary Characteristics from an Observed Attack
topic Machine Learning
url https://arxiv.org/abs/2603.05625