Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
119 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Towards Fairness-Aware Adversarial Learning (2402.17729v2)

Published 27 Feb 2024 in cs.CV

Abstract: Although adversarial training (AT) has proven effective in enhancing the model's robustness, the recently revealed issue of fairness in robustness has not been well addressed, i.e. the robust accuracy varies significantly among different categories. In this paper, instead of uniformly evaluating the model's average class performance, we delve into the issue of robust fairness, by considering the worst-case distribution across various classes. We propose a novel learning paradigm, named Fairness-Aware Adversarial Learning (FAAL). As a generalization of conventional AT, we re-define the problem of adversarial training as a min-max-max framework, to ensure both robustness and fairness of the trained model. Specifically, by taking advantage of distributional robust optimization, our method aims to find the worst distribution among different categories, and the solution is guaranteed to obtain the upper bound performance with high probability. In particular, FAAL can fine-tune an unfair robust model to be fair within only two epochs, without compromising the overall clean and robust accuracies. Extensive experiments on various image datasets validate the superior performance and efficiency of the proposed FAAL compared to other state-of-the-art methods.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (45)
  1. A reductions approach to fair classification. In International Conference on Machine Learning, pages 60–69. PMLR, 2018.
  2. Robust optimization. Princeton university press, 2009.
  3. Robust solutions of optimization problems affected by uncertain probabilities. Management Science, 59(2):341–357, 2013.
  4. Holistic robust data-driven decisions. arXiv preprint arXiv:2207.09560, 2022.
  5. Certified robust neural networks: Generalization and corruption resistance. arXiv preprint arXiv:2303.02251, 2023.
  6. Robustness may be at odds with fairness: An empirical study on class-wise accuracy. In NeurIPS 2020 Workshop on Pre-registration in Machine Learning, pages 325–342. PMLR, 2021.
  7. Theory and applications of robust optimization. SIAM review, 53(3):464–501, 2011.
  8. A unified wasserstein distributional robustness framework for adversarial training. arXiv preprint arXiv:2202.13437, 2022.
  9. Learning imbalanced datasets with label-distribution-aware margin loss. Advances in neural information processing systems, 32, 2019.
  10. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp), pages 39–57. Ieee, 2017.
  11. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning, pages 2206–2216. PMLR, 2020.
  12. Statistics of robust optimization: A generalized empirical likelihood approach. Mathematics of Operations Research, 46(3):946–969, 2021.
  13. Improving fairness generalization through a sample-robust optimization method. Machine Learning, pages 1–62, 2022.
  14. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014.
  15. Fairness without demographics in repeated loss minimization. In International Conference on Machine Learning, pages 1929–1938. PMLR, 2018.
  16. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 770–778, 2016.
  17. Does distributionally robust supervised learning give robust classifiers? In International Conference on Machine Learning, pages 2029–2037. PMLR, 2018.
  18. A survey of safety and trustworthiness of deep neural networks: Verification, testing, adversarial attack and defence, and interpretability. Computer Science Review, 37:100270, 2020.
  19. A survey of safety and trustworthiness of large language models through the lens of verification and validation. arXiv preprint arXiv:2305.11391, 2023.
  20. Averaging weights leads to wider optima and better generalization. arXiv preprint arXiv:1803.05407, 2018.
  21. Enhancing adversarial training with second-order statistics of weights. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 15273–15283, 2022.
  22. Randomized adversarial training via taylor expansion. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 16447–16457, 2023.
  23. Re-weighting based group fairness regularization via classwise robust optimization. In The Eleventh International Conference on Learning Representations, 2022.
  24. Learning multiple layers of features from tiny images. 2009.
  25. Wat: improve the worst-class robustness in adversarial training. In Proceedings of the AAAI Conference on Artificial Intelligence, pages 14982–14990, 2023.
  26. Distributionally robust learning with stable adversarial training. IEEE Transactions on Knowledge and Data Engineering, 2022.
  27. On the tradeoff between robustness and fairness. In Advances in Neural Information Processing Systems, 2022.
  28. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083, 2017.
  29. Distributionally robust language modeling. arXiv preprint arXiv:1909.02060, 2019.
  30. Imagenet large scale visual recognition challenge. International journal of computer vision, 115:211–252, 2015.
  31. Distributionally robust neural networks for group shifts: On the importance of regularization for worst-case generalization. arXiv preprint arXiv:1911.08731, 2019.
  32. Certifying some distributional robustness with principled adversarial training. In International Conference on Learning Representations, 2018.
  33. Distributionally robust deep learning as a generalization of adversarial training. In NIPS workshop on Machine Learning and Computer Security, page 4, 2017.
  34. Improving robust fairness via balance adversarial training. arXiv preprint arXiv:2209.07534, 2022.
  35. Distributionally robust fair principal components via geodesic descents. In International Conference on Learning Representations, 2021.
  36. Dynamic efficient adversarial training guided by gradient magnitude. In Progress and Challenges in Building Trustworthy Embodied AI, 2022.
  37. Self-ensemble adversarial training for improved robustness. arXiv preprint arXiv:2203.09678, 2022.
  38. Improving adversarial robustness requires revisiting misclassified examples. In International conference on learning representations, 2019.
  39. Cfa: Class-wise calibrated fair adversarial training. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 8193–8201, 2023.
  40. Transformers: State-of-the-art natural language processing. In Proceedings of the 2020 conference on empirical methods in natural language processing: system demonstrations, pages 38–45, 2020.
  41. Adversarial weight perturbation helps robust generalization. Advances in Neural Information Processing Systems, 33:2958–2969, 2020.
  42. To be robust or to be fair: Towards fairness in adversarial training. In International Conference on Machine Learning, pages 11492–11501. PMLR, 2021.
  43. Wide residual networks. arXiv preprint arXiv:1605.07146, 2016.
  44. Theoretically principled trade-off between robustness and accuracy. In International conference on machine learning, pages 7472–7482. PMLR, 2019.
  45. Generalizing universal adversarial perturbations for deep neural networks. Machine Learning, 112(5):1597–1626, 2023.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (5)
  1. Yanghao Zhang (10 papers)
  2. Tianle Zhang (22 papers)
  3. Ronghui Mu (12 papers)
  4. Xiaowei Huang (121 papers)
  5. Wenjie Ruan (42 papers)
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now