English

Algorithmic Complexity Attacks on All Learned Cardinality Estimators: A Data-centric Approach

Databases 2025-07-11 v1

Abstract

Learned cardinality estimators show promise in query cardinality prediction, yet they universally exhibit fragility to training data drifts, posing risks for real-world deployment. This work is the first to theoretical investigate how minimal data-level drifts can maximally degrade the accuracy of learned estimators. We propose data-centric algorithmic complexity attacks against learned estimators in a black-box setting, proving that finding the optimal attack strategy is NP-Hard. To address this, we design a polynomial-time approximation algorithm with a (1κ)(1-\kappa) approximation ratio. Extensive experiments demonstrate our attack's effectiveness: on STATS-CEB and IMDB-JOB benchmarks, modifying just 0.8\% of training tuples increases the 90th percentile Qerror by three orders of magnitude and raises end-to-end processing time by up to 20×\times. Our work not only reveals critical vulnerabilities in deployed learned estimators but also provides the first unified worst-case theoretical analysis of their fragility under data updates. Additionally, we identify two countermeasures to mitigate such black-box attacks, offering insights for developing robust learned database optimizers.

Keywords

Cite

@article{arxiv.2507.07438,
  title  = {Algorithmic Complexity Attacks on All Learned Cardinality Estimators: A Data-centric Approach},
  author = {Yingze Li and Xianglong Liu and Dong Wang and Zixuan Wang and Hongzhi Wang and Kaixing Zhang and Yiming Guan},
  journal= {arXiv preprint arXiv:2507.07438},
  year   = {2025}
}
R2 v1 2026-07-01T03:54:14.449Z