Backdoor and data-poisoning attacks can flip predictions with tiny training corruptions, yet a sharp theory linking poisoning strength, overparameterization, and regularization is lacking. We analyze ridge least squares with an unpenalized intercept in the high-dimensional regime \(p,n\to\infty\), \(p/n\to c\). Targeted poisoning is modelled by shifting a \(θ\)-fraction of one class by a direction \(\mathbf{v}\) and relabelling. Using resolvent techniques and deterministic equivalents from random matrix theory, we derive closed-form limits for the poisoned score explicit in the model parameters. The formulas yield scaling laws, recover the interpolation threshold as \(c\to1\) in the ridgeless limit, and show that the weights align with the poisoning direction. Synthetic experiments match theory across sweeps of the parameters and MNIST backdoor tests show qualitatively consistent trends. The results provide a tractable framework for quantifying poisoning in linear models.

翻译：后门攻击与数据投毒攻击能够通过微小的训练数据污染改变模型预测，然而目前尚缺乏关于投毒强度、过参数化与正则化之间关系的精确理论。我们在高维情形 \(p,n\to\infty\)，\(p/n\to c\) 下分析带有无惩罚截距项的岭最小二乘回归。目标投毒通过将某一类别中 \(θ\) 比例的数据沿方向 \(\mathbf{v}\) 平移并重新标注来建模。利用随机矩阵理论中的留数技术与确定性等价方法，我们推导出中毒评分的闭式极限，其表达式显式地包含模型参数。所得公式揭示了标度律，在无岭极限下当 \(c\to1\) 时恢复了插值阈值，并表明权重向量与投毒方向趋于对齐。合成实验在参数扫描中与理论结果一致，MNIST 后门测试也显示出定性相符的趋势。该结果为量化线性模型中的投毒效应提供了一个可处理的框架。