Search papers, labs, and topics across Lattice.
This paper addresses the challenge of maintaining consistent false-positive rates (FPR) in detection models that operate in adversarial environments, where the malicious distribution can change rapidly. The authors propose a novel calibration method that targets the entire FPR curve rather than just class probabilities, ensuring stable model updates without disrupting downstream users. Their approach achieves a relative FPR error of only 2.3% at 10% FPR and 7.2% at 0.01% FPR, while keeping the calibration artifact size under 200 KB across varying sample sizes.
Consistent false-positive rates across model updates could revolutionize how detection systems operate in dynamic adversarial settings.
Detection models running in adversarial environments face a malicious distribution that drifts rapidly while the benign distribution stays comparatively stable, so teams retrain and redeploy constantly to stay ahead of new threats. Retraining tends to change the output prediction scores, which breaks downstream users of the model. For these security-oriented models we need consistent false-positive rate (FPR) across all output values, whereas standard probability-calibration methods target class probability rather than an FPR contract. We introduce a method built on top of existing calibration primitives that targets the whole FPR curve, giving scores a consistent FPR meaning across deployments. On one held-out split, the observed relative FPR error was at most 2.3% from 10% down to 0.1% FPR and 7.2% at 0.01% FPR. The shipped artifact remains under 200 KB in measurements across calibration sets from 1K to 10M benign samples.