This paper explores a scenario in which a malicious actor employs a multi-armed attack strategy to manipulate data samples, offering them various avenues to introduce noise into the dataset. Our central objective is to protect the data by detecting any alterations to the input. We approach this defensive strategy with utmost caution, operating in an environment where the defender possesses significantly less information compared to the attacker. Specifically, the defender is unable to utilize any data samples for training a defense model or verifying the integrity of the channel. Instead, the defender relies exclusively on a set of pre-existing detectors readily available "off the shelf". To tackle this challenge, we derive an innovative information-theoretic defense approach that optimally aggregates the decisions made by these detectors, eliminating the need for any training data. We further explore a practical use-case scenario for empirical evaluation, where the attacker possesses a pre-trained classifier and launches well-known adversarial attacks against it. Our experiments highlight the effectiveness of our proposed solution, even in scenarios that deviate from the optimal setup.

翻译：本文探讨了一种场景，其中恶意行为者采用多臂攻击策略操纵数据样本，为其向数据集注入噪声提供了多种途径。我们的核心目标是通过检测输入的任何篡改来保护数据。我们以高度谨慎的态度实施这一防御策略，在防御者相较攻击者拥有显著更少信息的条件下运行。具体而言，防御者无法利用任何数据样本来训练防御模型或验证信道完整性，而是仅依赖一组现成的预设检测器。为应对这一挑战，我们推导出一种创新的信息论防御方法，该方法能够最优地聚合这些检测器的决策，且无需任何训练数据。我们进一步探索了一个实际应用场景进行实证评估，其中攻击者拥有预训练分类器并对其发动已知的对抗攻击。实验结果表明，即使在偏离最优设定的场景下，我们提出的解决方案仍展现出有效性。