We propose a label poisoning attack on geometric data sets against $k$-nearest neighbor classification. We provide an algorithm that can compute an $\varepsilon n$-additive approximation of the optimal poisoning in $n\cdot 2^{2^{O(d+k/\varepsilon)}}$ time for a given data set $X \in \mathbb{R}^d$, where $|X| = n$. Our algorithm achieves its objectives through the application of multi-scale random partitions.

翻译：我们提出了一种针对几何数据集在$k$-近邻分类任务上的标签投毒攻击方法。该算法能在给定数据集$X \in \mathbb{R}^d$（其中$|X| = n$）的情况下，以$n\cdot 2^{2^{O(d+k/\varepsilon)}}$的时间复杂度计算最优投毒策略的$\varepsilon n$-加性近似。该算法通过应用多尺度随机划分来实现其目标。