Dikaios: Privacy Auditing of Algorithmic Fairness via Attribute
Inference Attacks
- URL: http://arxiv.org/abs/2202.02242v1
- Date: Fri, 4 Feb 2022 17:19:59 GMT
- Title: Dikaios: Privacy Auditing of Algorithmic Fairness via Attribute
Inference Attacks
- Authors: Jan Aalmoes, Vasisht Duddu, Antoine Boutet
- Abstract summary: We propose Dikaios, a privacy auditing tool for fairness algorithms for model builders.
We show that our attribute inference attacks with adaptive prediction threshold significantly outperform prior attacks.
- Score: 0.5801044612920815
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Machine learning (ML) models have been deployed for high-stakes applications.
Due to class imbalance in the sensitive attribute observed in the datasets, ML
models are unfair on minority subgroups identified by a sensitive attribute,
such as race and sex. In-processing fairness algorithms ensure model
predictions are independent of sensitive attribute. Furthermore, ML models are
vulnerable to attribute inference attacks where an adversary can identify the
values of sensitive attribute by exploiting their distinguishable model
predictions. Despite privacy and fairness being important pillars of
trustworthy ML, the privacy risk introduced by fairness algorithms with respect
to attribute leakage has not been studied. We identify attribute inference
attacks as an effective measure for auditing blackbox fairness algorithms to
enable model builder to account for privacy and fairness in the model design.
We proposed Dikaios, a privacy auditing tool for fairness algorithms for model
builders which leveraged a new effective attribute inference attack that
account for the class imbalance in sensitive attributes through an adaptive
prediction threshold. We evaluated Dikaios to perform a privacy audit of two
in-processing fairness algorithms over five datasets. We show that our
attribute inference attacks with adaptive prediction threshold significantly
outperform prior attacks. We highlighted the limitations of in-processing
fairness algorithms to ensure indistinguishable predictions across different
values of sensitive attributes. Indeed, the attribute privacy risk of these
in-processing fairness schemes is highly variable according to the proportion
of the sensitive attributes in the dataset. This unpredictable effect of
fairness mechanisms on the attribute privacy risk is an important limitation on
their utilization which has to be accounted by the model builder.
Related papers
- Fairness Without Harm: An Influence-Guided Active Sampling Approach [32.173195437797766]
We aim to train models that mitigate group fairness disparity without causing harm to model accuracy.
The current data acquisition methods, such as fair active learning approaches, typically require annotating sensitive attributes.
We propose a tractable active data sampling algorithm that does not rely on training group annotations.
arXiv Detail & Related papers (2024-02-20T07:57:38Z) - Fairness Under Demographic Scarce Regime [7.523105080786704]
We propose a framework to build attribute classifiers that achieve better fairness-accuracy tradeoffs.
We show that enforcing fairness constraints on samples with uncertain sensitive attributes can negatively impact the fairness-accuracy tradeoff.
Our framework can outperform models trained with fairness constraints on the true sensitive attributes in most benchmarks.
arXiv Detail & Related papers (2023-07-24T19:07:34Z) - Learning for Counterfactual Fairness from Observational Data [62.43249746968616]
Fairness-aware machine learning aims to eliminate biases of learning models against certain subgroups described by certain protected (sensitive) attributes such as race, gender, and age.
A prerequisite for existing methods to achieve counterfactual fairness is the prior human knowledge of the causal model for the data.
In this work, we address the problem of counterfactually fair prediction from observational data without given causal models by proposing a novel framework CLAIRE.
arXiv Detail & Related papers (2023-07-17T04:08:29Z) - Towards Assumption-free Bias Mitigation [47.5131072745805]
We propose an assumption-free framework to detect the related attributes automatically by modeling feature interaction for bias mitigation.
Experimental results on four real-world datasets demonstrate that our proposed framework can significantly alleviate unfair prediction behaviors.
arXiv Detail & Related papers (2023-07-09T05:55:25Z) - Group Fairness with Uncertainty in Sensitive Attributes [34.608332397776245]
A fair predictive model is crucial to mitigate biased decisions against minority groups in high-stakes applications.
We propose a bootstrap-based algorithm that achieves the target level of fairness despite the uncertainty in sensitive attributes.
Our algorithm is applicable to both discrete and continuous sensitive attributes and is effective in real-world classification and regression tasks.
arXiv Detail & Related papers (2023-02-16T04:33:00Z) - Hyper-parameter Tuning for Fair Classification without Sensitive Attribute Access [12.447577504758485]
We propose a framework to train fair classifiers without access to sensitive attributes on either training or validation data.
We show theoretically and empirically that these proxy labels can be used to maximize fairness under average accuracy constraints.
arXiv Detail & Related papers (2023-02-02T19:45:50Z) - Fairness via Adversarial Attribute Neighbourhood Robust Learning [49.93775302674591]
We propose a principled underlineRobust underlineAdversarial underlineAttribute underlineNeighbourhood (RAAN) loss to debias the classification head.
arXiv Detail & Related papers (2022-10-12T23:39:28Z) - Semi-FairVAE: Semi-supervised Fair Representation Learning with
Adversarial Variational Autoencoder [92.67156911466397]
We propose a semi-supervised fair representation learning approach based on adversarial variational autoencoder.
We use a bias-aware model to capture inherent bias information on sensitive attribute.
We also use a bias-free model to learn debiased fair representations by using adversarial learning to remove bias information from them.
arXiv Detail & Related papers (2022-04-01T15:57:47Z) - Measuring Fairness Under Unawareness of Sensitive Attributes: A
Quantification-Based Approach [131.20444904674494]
We tackle the problem of measuring group fairness under unawareness of sensitive attributes.
We show that quantification approaches are particularly suited to tackle the fairness-under-unawareness problem.
arXiv Detail & Related papers (2021-09-17T13:45:46Z) - Black-box Model Inversion Attribute Inference Attacks on Classification
Models [32.757792981935815]
We focus on one kind of model inversion attacks, where the adversary knows non-sensitive attributes about instances in the training data.
We devise two novel model inversion attribute inference attacks -- confidence modeling-based attack and confidence score-based attack.
We evaluate our attacks on two types of machine learning models, decision tree and deep neural network, trained with two real datasets.
arXiv Detail & Related papers (2020-12-07T01:14:19Z) - Differentially Private and Fair Deep Learning: A Lagrangian Dual
Approach [54.32266555843765]
This paper studies a model that protects the privacy of the individuals sensitive information while also allowing it to learn non-discriminatory predictors.
The method relies on the notion of differential privacy and the use of Lagrangian duality to design neural networks that can accommodate fairness constraints.
arXiv Detail & Related papers (2020-09-26T10:50:33Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.