Related papers: The Double-Edged Nature of the Rashomon Set for Trustworthy Machine Learning

The Double-Edged Nature of the Rashomon Set for Trustworthy Machine Learning

URL: http://arxiv.org/abs/2511.21799v1
Date: Wed, 26 Nov 2025 17:42:10 GMT
Title: The Double-Edged Nature of the Rashomon Set for Trustworthy Machine Learning
Authors: Ethan Hsu, Harry Chen, Chudi Zhong, Lesia Semenova,
Abstract summary: Real-world machine learning (ML) pipelines rarely produce a single model.<n>Instead, they produce a Rashomon set of many near-optimal ones.<n>We show that this multiplicity reshapes key aspects of trustworthiness.
Score: 6.797248285551603
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Real-world machine learning (ML) pipelines rarely produce a single model; instead, they produce a Rashomon set of many near-optimal ones. We show that this multiplicity reshapes key aspects of trustworthiness. At the individual-model level, sparse interpretable models tend to preserve privacy but are fragile to adversarial attacks. In contrast, the diversity within a large Rashomon set enables reactive robustness: even when an attack breaks one model, others often remain accurate. Rashomon sets are also stable under small distribution shifts. However, this same diversity increases information leakage, as disclosing more near-optimal models provides an attacker with progressively richer views of the training data. Through theoretical analysis and empirical studies of sparse decision trees and linear models, we characterize this robustness-privacy trade-off and highlight the dual role of Rashomon sets as both a resource and a risk for trustworthy ML.

Related papers

Reasoning with Sampling: Your Base Model is Smarter Than You Think [52.639108524651846]
We propose a simple iterative sampling algorithm leveraging the base models' own likelihoods.<n>We show that our algorithm offers substantial boosts in reasoning that nearly match and even outperform those from RL.<n>Our method does not require training, curated datasets, or a verifier.
arXiv Detail & Related papers (2025-10-16T17:18:11Z)
Unique Rashomon Sets for Robust Active Learning [0.0]
We introduce UNique Rashomon Ensembled Active Learning (UNREAL)<n>UNREAL selectively ensembles models from the Rashomon set, which is the set of nearly optimal models.<n>We show that UNREAL achieves faster theoretical convergence rates than traditional active learning approaches.
arXiv Detail & Related papers (2025-03-09T20:50:34Z)
Benchmarking Zero-Shot Robustness of Multimodal Foundation Models: A Pilot Study [61.65123150513683]
multimodal foundation models, such as CLIP, produce state-of-the-art zero-shot results. It is reported that these models close the robustness gap by matching the performance of supervised models trained on ImageNet. We show that CLIP leads to a significant robustness drop compared to supervised ImageNet models on our benchmark.
arXiv Detail & Related papers (2024-03-15T17:33:49Z)
Rethinking Robustness of Model Attributions [24.317595434521504]
We show that many attribution methods are fragile and have proposed improvements in either these methods or the model training. We observe two main causes for fragile attributions: first, the existing metrics of robustness over-penalize even reasonable local shifts in attribution. We propose simple ways to strengthen existing metrics and attribution methods that incorporate locality of pixels in robustness metrics and diversity of pixel locations in attributions.
arXiv Detail & Related papers (2023-12-16T20:20:38Z)
Evaluating Concurrent Robustness of Language Models Across Diverse Challenge Sets [46.19529338280716]
Language models, characterized by their black-box nature, often hallucinate and display sensitivity to input perturbations.<n>We introduce a methodology designed to examine how input perturbations affect language models across various scales.<n>We present three distinct fine-tuning strategies to address robustness against multiple perturbations.
arXiv Detail & Related papers (2023-11-15T02:59:10Z)
A Path to Simpler Models Starts With Noise [17.36067410506525]
The Rashomon set is the set of models that perform approximately equally well on a given dataset. An open question is why Rashomon ratios often tend to be large. We show that noisier datasets lead to larger Rashomon ratios through the way that practitioners train models.
arXiv Detail & Related papers (2023-10-30T16:52:57Z)
Distributionally Robust Models with Parametric Likelihood Ratios [123.05074253513935]
Three simple ideas allow us to train models with DRO using a broader class of parametric likelihood ratios. We find that models trained with the resulting parametric adversaries are consistently more robust to subpopulation shifts when compared to other DRO approaches.
arXiv Detail & Related papers (2022-04-13T12:43:12Z)
Clustering Effect of (Linearized) Adversarial Robust Models [60.25668525218051]
We propose a novel understanding of adversarial robustness and apply it on more tasks including domain adaption and robustness boosting. Experimental evaluations demonstrate the rationality and superiority of our proposed clustering strategy.
arXiv Detail & Related papers (2021-11-25T05:51:03Z)
Self-Damaging Contrastive Learning [92.34124578823977]
Unlabeled data in reality is commonly imbalanced and shows a long-tail distribution. This paper proposes a principled framework called Self-Damaging Contrastive Learning to automatically balance the representation learning without knowing the classes. Our experiments show that SDCLR significantly improves not only overall accuracies but also balancedness.
arXiv Detail & Related papers (2021-06-06T00:04:49Z)
"What's in the box?!": Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models [71.91835408379602]
adversarial examples have been long considered a real threat to machine learning models. We propose an alternative deployment-based defense paradigm that goes beyond the traditional white-box and black-box threat models.
arXiv Detail & Related papers (2021-02-09T20:07:13Z)
Revisiting Ensembles in an Adversarial Context: Improving Natural Accuracy [5.482532589225552]
There is still a significant gap in natural accuracy between robust and non-robust models. We consider a number of ensemble methods designed to mitigate this performance difference. We consider two schemes, one that combines predictions from several randomly robust models, and the other that fuses features from robust and standard models.
arXiv Detail & Related papers (2020-02-26T15:45:58Z)

This list is automatically generated from the titles and abstracts of the papers in this site.