The multivariate Gaussian distribution underpins myriad operations-research, decision-analytic, and machine-learning models (e.g., Bayesian optimization, Gaussian influence diagrams, and variational autoencoders). However, despite recent advances in adversarial machine learning (AML), inference for Gaussian models in the presence of an adversary is notably understudied. Therefore, we consider a self-interested attacker who wishes to disrupt a decisionmaker's conditional inference and subsequent actions by corrupting a set of evidentiary variables. To avoid detection, the attacker also desires the attack to appear plausible wherein plausibility is determined by the density of the corrupted evidence. We consider white- and grey-box settings such that the attacker has complete and incomplete knowledge about the decisionmaker's underlying multivariate Gaussian distribution, respectively. Select instances are shown to reduce to quadratic and stochastic quadratic programs, and structural properties are derived to inform solution methods. We assess the impact and efficacy of these attacks in three examples, including, real estate evaluation, interest rate estimation and signals processing. Each example leverages an alternative underlying model, thereby highlighting the attacks' broad applicability. Through these applications, we also juxtapose the behavior of the white- and grey-box attacks to understand how uncertainty and structure affect attacker behavior.

翻译：多元高斯分布支撑着众多运筹学、决策分析和机器学习模型（例如贝叶斯优化、高斯影响图和变分自编码器）。然而，尽管对抗性机器学习（AML）领域近期取得了进展，但在存在对抗者的情况下高斯模型的推断研究明显不足。因此，我们考虑一个自利的攻击者，其希望通过篡改一组证据变量来破坏决策者的条件推断及后续行动。为避免被检测，攻击者还希望攻击具有看似合理的特性，其中合理性由被篡改证据的概率密度决定。我们分别考虑了白盒与灰盒场景，攻击者分别对决策者底层多元高斯分布具有完全和不完全知识。研究表明部分实例可简化为二次规划与随机二次规划问题，并推导了结构特性以指导求解方法。我们在三个示例中评估了这些攻击的影响与效力，包括房地产评估、利率估计和信号处理。每个示例均采用不同的底层模型，从而突显了攻击的广泛适用性。通过这些应用，我们还对比了白盒与灰盒攻击的行为模式，以理解不确定性和结构如何影响攻击者行为。