Inference of causal structures from observational data is a key component of causal machine learning; in practice, this data may be incompletely observed. Prior work has demonstrated that adversarial perturbations of completely observed training data may be used to force the learning of inaccurate causal structural models (SCMs). However, when the data can be audited for correctness (e.g., it is crytographically signed by its source), this adversarial mechanism is invalidated. This work introduces a novel attack methodology wherein the adversary deceptively omits a portion of the true training data to bias the learned causal structures in a desired manner. Theoretically sound attack mechanisms are derived for the case of arbitrary SCMs, and a sample-efficient learning-based heuristic is given for Gaussian SCMs. Experimental validation of these approaches on real and synthetic data sets demonstrates the effectiveness of adversarial missingness attacks at deceiving popular causal structure learning algorithms.

翻译：从观测数据推断因果结构是因果机器学习的关键组成部分；在实践中，这些数据可能不完整。先前研究表明，对完全观测的训练数据进行对抗性扰动可用于迫使学习不准确的因果结构模型（SCMs）。然而，当数据可被审核正确性时（例如，数据由其来源进行加密签名），这种对抗机制失效。本文提出了一种新颖的攻击方法，其中攻击者通过欺骗性地遗漏部分真实训练数据，以按预期方式偏置所学习的因果结构。针对任意SCM情况推导了理论上合理的攻击机制，并针对高斯SCM给出了基于样本高效学习的启发式方法。在真实和合成数据集上的实验验证表明，对抗性缺失攻击在欺骗主流因果结构学习算法方面具有有效性。