English

A Linear Approach to Data Poisoning

Machine Learning 2026-01-06 v3 Cryptography and Security Machine Learning Statistics Theory Statistics Theory

Abstract

Backdoor and data-poisoning attacks can flip predictions with tiny training corruptions, yet a sharp theory linking poisoning strength, overparameterization, and regularization is lacking. We analyze ridge least squares with an unpenalized intercept in the high-dimensional regime p,np,n\to\infty, p/ncp/n\to c. Targeted poisoning is modelled by shifting a θ\theta-fraction of one class by a direction v\mathbf{v} and relabelling. Using resolvent techniques and deterministic equivalents from random matrix theory, we derive closed-form limits for the poisoned score explicit in the model parameters. The formulas yield scaling laws, recover the interpolation threshold as c1c\to1 in the ridgeless limit, and show that the weights align with the poisoning direction. Synthetic experiments match theory across sweeps of the parameters and MNIST backdoor tests show qualitatively consistent trends. The results provide a tractable framework for quantifying poisoning in linear models.

Keywords

Cite

@article{arxiv.2505.15175,
  title  = {A Linear Approach to Data Poisoning},
  author = {Donald Flynn and Diego Granziol},
  journal= {arXiv preprint arXiv:2505.15175},
  year   = {2026}
}

Comments

9 pages, 9 Figures

R2 v1 2026-07-01T02:27:32.388Z