Fairness Increases Adversarial Vulnerability

• URL: http://arxiv.org/abs/2211.11835v2
• Date: Wed, 23 Nov 2022 01:46:22 GMT
• Title: Fairness Increases Adversarial Vulnerability
• Authors: Cuong Tran, Keyu Zhu, Ferdinando Fioretto, Pascal Van Hentenryck
• Abstract summary: This paper shows the existence of a dichotomy between fairness and robustness, and analyzes when achieving fairness decreases the model robustness to adversarial samples. Experiments on non-linear models and different architectures validate the theoretical findings in multiple vision domains. The paper proposes a simple, yet effective, solution to construct models achieving good tradeoffs between fairness and robustness.
• Score: 50.90773979394264
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The remarkable performance of deep learning models and their applications in consequential domains (e.g., facial recognition) introduces important challenges at the intersection of equity and security. Fairness and robustness are two desired notions often required in learning models. Fairness ensures that models do not disproportionately harm (or benefit) some groups over others, while robustness measures the models' resilience against small input perturbations. This paper shows the existence of a dichotomy between fairness and robustness, and analyzes when achieving fairness decreases the model robustness to adversarial samples. The reported analysis sheds light on the factors causing such contrasting behavior, suggesting that distance to the decision boundary across groups as a key explainer for this behavior. Extensive experiments on non-linear models and different architectures validate the theoretical findings in multiple vision domains. Finally, the paper proposes a simple, yet effective, solution to construct models achieving good tradeoffs between fairness and robustness.

Related papers

• Evaluating the Adversarial Robustness of Semantic Segmentation: Trying Harder Pays Off [0.6554326244334868]
  We argue that a good approximation of the sensitivity to adversarial perturbations requires significantly more effort than what is currently considered satisfactory. We propose new attacks and combine them with the strongest attacks available in the literature. Our results also demonstrate that a diverse set of strong attacks is necessary, because different models are often vulnerable to different attacks.
  arXiv  Detail & Related papers  (2024-07-12T10:32:53Z)
• The Risk of Federated Learning to Skew Fine-Tuning Features and Underperform Out-of-Distribution Robustness [50.52507648690234]
  Federated learning has the risk of skewing fine-tuning features and compromising the robustness of the model. We introduce three robustness indicators and conduct experiments across diverse robust datasets. Our approach markedly enhances the robustness across diverse scenarios, encompassing various parameter-efficient fine-tuning methods.
  arXiv  Detail & Related papers  (2024-01-25T09:18:51Z)
• On the Trade-offs between Adversarial Robustness and Actionable Explanations [32.05150063480917]
  We make one of the first attempts at studying the impact of adversarially robust models on actionable explanations. We derive theoretical bounds on the differences between the cost and the validity of recourses generated by state-of-the-art algorithms. Our results show that adversarially robust models significantly increase the cost and reduce the validity of the resulting recourses.
  arXiv  Detail & Related papers  (2023-09-28T13:59:50Z)
• Interpretable Computer Vision Models through Adversarial Training: Unveiling the Robustness-Interpretability Connection [0.0]
  Interpretability is as essential as robustness when we deploy the models to the real world. Standard models, compared to robust are more susceptible to adversarial attacks, and their learned representations are less meaningful to humans.
  arXiv  Detail & Related papers  (2023-07-04T13:51:55Z)
• DualFair: Fair Representation Learning at Both Group and Individual Levels via Contrastive Self-supervision [73.80009454050858]
  This work presents a self-supervised model, called DualFair, that can debias sensitive attributes like gender and race from learned representations. Our model jointly optimize for two fairness criteria - group fairness and counterfactual fairness.
  arXiv  Detail & Related papers  (2023-03-15T07:13:54Z)
• Exploring the Trade-off between Plausibility, Change Intensity and Adversarial Power in Counterfactual Explanations using Multi-objective Optimization [73.89239820192894]
  We argue that automated counterfactual generation should regard several aspects of the produced adversarial instances. We present a novel framework for the generation of counterfactual examples.
  arXiv  Detail & Related papers  (2022-05-20T15:02:53Z)
• Fair SA: Sensitivity Analysis for Fairness in Face Recognition [1.7149364927872013]
  We propose a new fairness evaluation based on robustness in the form of a generic framework. We analyze the performance of common face recognition models and empirically show that certain subgroups are at a disadvantage when images are perturbed.
  arXiv  Detail & Related papers  (2022-02-08T01:16:09Z)
• Clustering Effect of (Linearized) Adversarial Robust Models [60.25668525218051]
  We propose a novel understanding of adversarial robustness and apply it on more tasks including domain adaption and robustness boosting. Experimental evaluations demonstrate the rationality and superiority of our proposed clustering strategy.
  arXiv  Detail & Related papers  (2021-11-25T05:51:03Z)
• Enhancing Model Robustness and Fairness with Causality: A Regularization Approach [15.981724441808147]
  Recent work has raised concerns on the risk of spurious correlations and unintended biases in machine learning models. We propose a simple and intuitive regularization approach to integrate causal knowledge during model training. We build a predictive model that relies more on causal features and less on non-causal features.
  arXiv  Detail & Related papers  (2021-10-03T02:49:33Z)
• Harnessing Perceptual Adversarial Patches for Crowd Counting [92.79051296850405]
  Crowd counting is vulnerable to adversarial examples in the physical world. This paper proposes the Perceptual Adrial Patch (PAP) generation framework to learn the shared perceptual features between models.
  arXiv  Detail & Related papers  (2021-09-16T13:51:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.