FAIR-TAT: Improving Model Fairness Using Targeted Adversarial Training

• URL: http://arxiv.org/abs/2410.23142v1
• Date: Wed, 30 Oct 2024 15:58:03 GMT
• Title: FAIR-TAT: Improving Model Fairness Using Targeted Adversarial Training
• Authors: Tejaswini Medi, Steffen Jung, Margret Keuper,
• Abstract summary: We introduce a novel approach called Fair Targeted Adversarial Training (FAIR-TAT) We show that using targeted adversarial attacks for adversarial training (instead of untargeted attacks) can allow for more favorable trade-offs with respect to adversarial fairness.
• Score: 16.10247754923311
• License:
• Abstract: Deep neural networks are susceptible to adversarial attacks and common corruptions, which undermine their robustness. In order to enhance model resilience against such challenges, Adversarial Training (AT) has emerged as a prominent solution. Nevertheless, adversarial robustness is often attained at the expense of model fairness during AT, i.e., disparity in class-wise robustness of the model. While distinctive classes become more robust towards such adversaries, hard to detect classes suffer. Recently, research has focused on improving model fairness specifically for perturbed images, overlooking the accuracy of the most likely non-perturbed data. Additionally, despite their robustness against the adversaries encountered during model training, state-of-the-art adversarial trained models have difficulty maintaining robustness and fairness when confronted with diverse adversarial threats or common corruptions. In this work, we address the above concerns by introducing a novel approach called Fair Targeted Adversarial Training (FAIR-TAT). We show that using targeted adversarial attacks for adversarial training (instead of untargeted attacks) can allow for more favorable trade-offs with respect to adversarial fairness. Empirical results validate the efficacy of our approach.

Related papers

• Enhancing Adversarial Robustness via Uncertainty-Aware Distributional Adversarial Training [43.766504246864045]
  We propose a novel uncertainty-aware distributional adversarial training method. Our approach achieves state-of-the-art adversarial robustness and maintains natural performance.
  arXiv  Detail & Related papers  (2024-11-05T07:26:24Z)
• Towards Adversarial Robustness via Debiased High-Confidence Logit Alignment [24.577363665112706]
  Recent adversarial training techniques have utilized inverse adversarial attacks to generate high-confidence examples. Our investigation reveals that high-confidence outputs under inverse adversarial attacks are correlated with biased feature activation. We propose Debiased High-Confidence Adversarial Training (DHAT) to address this bias. DHAT achieves state-of-the-art performance and exhibits robust generalization capabilities across various vision datasets.
  arXiv  Detail & Related papers  (2024-08-12T11:56:06Z)
• DAFA: Distance-Aware Fair Adversarial Training [34.94780532071229]
  Under adversarial attacks, the majority of the model's predictions for samples from the worst class are biased towards classes similar to the worst class. We introduce the Distance-Aware Fair Adversarial training (DAFA) methodology, which addresses robust fairness by taking into account the similarities between classes.
  arXiv  Detail & Related papers  (2024-01-23T07:15:47Z)
• Improving Adversarial Robustness with Self-Paced Hard-Class Pair Reweighting [5.084323778393556]
  adversarial training with untargeted attacks is one of the most recognized methods. We find that the naturally imbalanced inter-class semantic similarity makes those hard-class pairs to become the virtual targets of each other. We propose to upweight hard-class pair loss in model optimization, which prompts learning discriminative features from hard classes.
  arXiv  Detail & Related papers  (2022-10-26T22:51:36Z)
• Improving Robust Fairness via Balance Adversarial Training [51.67643171193376]
  Adversarial training (AT) methods are effective against adversarial attacks, yet they introduce severe disparity of accuracy and robustness between different classes. We propose Adversarial Training (BAT) to address the robust fairness problem.
  arXiv  Detail & Related papers  (2022-09-15T14:44:48Z)
• Latent Boundary-guided Adversarial Training [61.43040235982727]
  Adrial training is proved to be the most effective strategy that injects adversarial examples into model training. We propose a novel adversarial training framework called LAtent bounDary-guided aDvErsarial tRaining.
  arXiv  Detail & Related papers  (2022-06-08T07:40:55Z)
• Enhancing Adversarial Training with Feature Separability [52.39305978984573]
  We introduce a new concept of adversarial training graph (ATG) with which the proposed adversarial training with feature separability (ATFS) enables to boost the intra-class feature similarity and increase inter-class feature variance. Through comprehensive experiments, we demonstrate that the proposed ATFS framework significantly improves both clean and robust performance.
  arXiv  Detail & Related papers  (2022-05-02T04:04:23Z)
• Certified Federated Adversarial Training [3.474871319204387]
  We tackle the scenario of securing FL systems conducting adversarial training when a quorum of workers could be completely malicious. We model an attacker who poisons the model to insert a weakness into the adversarial training such that the model displays apparent adversarial robustness. We show that this defence can preserve adversarial robustness even against an adaptive attacker.
  arXiv  Detail & Related papers  (2021-12-20T13:40:20Z)
• Analysis and Applications of Class-wise Robustness in Adversarial Training [92.08430396614273]
  Adversarial training is one of the most effective approaches to improve model robustness against adversarial examples. Previous works mainly focus on the overall robustness of the model, and the in-depth analysis on the role of each class involved in adversarial training is still missing. We provide a detailed diagnosis of adversarial training on six benchmark datasets, i.e., MNIST, CIFAR-10, CIFAR-100, SVHN, STL-10 and ImageNet. We observe that the stronger attack methods in adversarial learning achieve performance improvement mainly from a more successful attack on the vulnerable classes.
  arXiv  Detail & Related papers  (2021-05-29T07:28:35Z)
• Robust Pre-Training by Adversarial Contrastive Learning [120.33706897927391]
  Recent work has shown that, when integrated with adversarial training, self-supervised pre-training can lead to state-of-the-art robustness. We improve robustness-aware self-supervised pre-training by learning representations consistent under both data augmentations and adversarial perturbations.
  arXiv  Detail & Related papers  (2020-10-26T04:44:43Z)
• Stylized Adversarial Defense [105.88250594033053]
  adversarial training creates perturbation patterns and includes them in the training set to robustify the model. We propose to exploit additional information from the feature space to craft stronger adversaries. Our adversarial training approach demonstrates strong robustness compared to state-of-the-art defenses.
  arXiv  Detail & Related papers  (2020-07-29T08:38:10Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.