Breaking Fair Binary Classification with Optimal Flipping Attacks

Changhun Jo; Jy Yong Sohn; Kangwook Lee

doi:10.1109/ISIT50566.2022.9834475

Breaking Fair Binary Classification with Optimal Flipping Attacks

Changhun Jo, Jy Yong Sohn, Kangwook Lee

Department of Applied Statistics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Minimizing risk with fairness constraints is one of the popular approaches to learning a fair classifier. Recent works showed that this approach yields an unfair classifier if the training set is corrupted. In this work, we study the minimum amount of data corruption required for a successful flipping attack. First, we find lower/upper bounds on this quantity and show that these bounds are tight when the target model is the unique unconstrained risk minimizer. Second, we propose a computationally efficient data poisoning attack algorithm that can compromise the performance of fair learning algorithms.

Original language	English
Title of host publication	2022 IEEE International Symposium on Information Theory, ISIT 2022
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1453-1458
Number of pages	6
ISBN (Electronic)	9781665421591
DOIs	https://doi.org/10.1109/ISIT50566.2022.9834475
Publication status	Published - 2022
Event	2022 IEEE International Symposium on Information Theory, ISIT 2022 - Espoo, Finland Duration: 2022 Jun 26 → 2022 Jul 1

Publication series

Name	IEEE International Symposium on Information Theory - Proceedings
Volume	2022-June
ISSN (Print)	2157-8095

Conference

Conference	2022 IEEE International Symposium on Information Theory, ISIT 2022
Country/Territory	Finland
City	Espoo
Period	22/6/26 → 22/7/1

Bibliographical note

Funding Information:
VIII. ACKNOWLEDGEMENTS This work was supported in part by NSF Award DMS-2023239, NSF/Intel Partnership on Machine Learning for Wireless Networking Program under Grant No. CNS-2003129, and the Understanding and Reducing Inequalities Initiative of the University of Wisconsin-Madison, Office of the Vice Chancellor for Research and Graduate Education with funding from the Wisconsin Alumni Research Foundation.

Publisher Copyright:
© 2022 IEEE.

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Information Systems
Modelling and Simulation
Applied Mathematics

Access to Document

10.1109/ISIT50566.2022.9834475

Cite this

Jo, C., Sohn, J. Y., & Lee, K. (2022). Breaking Fair Binary Classification with Optimal Flipping Attacks. In 2022 IEEE International Symposium on Information Theory, ISIT 2022 (pp. 1453-1458). (IEEE International Symposium on Information Theory - Proceedings; Vol. 2022-June). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISIT50566.2022.9834475

@inproceedings{03eb476f1883422e9a7b985d2bfcbb26,

title = "Breaking Fair Binary Classification with Optimal Flipping Attacks",

abstract = "Minimizing risk with fairness constraints is one of the popular approaches to learning a fair classifier. Recent works showed that this approach yields an unfair classifier if the training set is corrupted. In this work, we study the minimum amount of data corruption required for a successful flipping attack. First, we find lower/upper bounds on this quantity and show that these bounds are tight when the target model is the unique unconstrained risk minimizer. Second, we propose a computationally efficient data poisoning attack algorithm that can compromise the performance of fair learning algorithms.",

author = "Changhun Jo and Sohn, {Jy Yong} and Kangwook Lee",

note = "Funding Information: VIII. ACKNOWLEDGEMENTS This work was supported in part by NSF Award DMS-2023239, NSF/Intel Partnership on Machine Learning for Wireless Networking Program under Grant No. CNS-2003129, and the Understanding and Reducing Inequalities Initiative of the University of Wisconsin-Madison, Office of the Vice Chancellor for Research and Graduate Education with funding from the Wisconsin Alumni Research Foundation. Publisher Copyright: {\textcopyright} 2022 IEEE.; 2022 IEEE International Symposium on Information Theory, ISIT 2022 ; Conference date: 26-06-2022 Through 01-07-2022",

year = "2022",

doi = "10.1109/ISIT50566.2022.9834475",

language = "English",

series = "IEEE International Symposium on Information Theory - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1453--1458",

booktitle = "2022 IEEE International Symposium on Information Theory, ISIT 2022",

address = "United States",

}

Jo, C, Sohn, JY & Lee, K 2022, Breaking Fair Binary Classification with Optimal Flipping Attacks. in 2022 IEEE International Symposium on Information Theory, ISIT 2022. IEEE International Symposium on Information Theory - Proceedings, vol. 2022-June, Institute of Electrical and Electronics Engineers Inc., pp. 1453-1458, 2022 IEEE International Symposium on Information Theory, ISIT 2022, Espoo, Finland, 22/6/26. https://doi.org/10.1109/ISIT50566.2022.9834475

Breaking Fair Binary Classification with Optimal Flipping Attacks. / Jo, Changhun; Sohn, Jy Yong; Lee, Kangwook.

2022 IEEE International Symposium on Information Theory, ISIT 2022. Institute of Electrical and Electronics Engineers Inc., 2022. p. 1453-1458 (IEEE International Symposium on Information Theory - Proceedings; Vol. 2022-June).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Breaking Fair Binary Classification with Optimal Flipping Attacks

AU - Jo, Changhun

AU - Sohn, Jy Yong

AU - Lee, Kangwook

N1 - Funding Information: VIII. ACKNOWLEDGEMENTS This work was supported in part by NSF Award DMS-2023239, NSF/Intel Partnership on Machine Learning for Wireless Networking Program under Grant No. CNS-2003129, and the Understanding and Reducing Inequalities Initiative of the University of Wisconsin-Madison, Office of the Vice Chancellor for Research and Graduate Education with funding from the Wisconsin Alumni Research Foundation. Publisher Copyright: © 2022 IEEE.

PY - 2022

Y1 - 2022

N2 - Minimizing risk with fairness constraints is one of the popular approaches to learning a fair classifier. Recent works showed that this approach yields an unfair classifier if the training set is corrupted. In this work, we study the minimum amount of data corruption required for a successful flipping attack. First, we find lower/upper bounds on this quantity and show that these bounds are tight when the target model is the unique unconstrained risk minimizer. Second, we propose a computationally efficient data poisoning attack algorithm that can compromise the performance of fair learning algorithms.

AB - Minimizing risk with fairness constraints is one of the popular approaches to learning a fair classifier. Recent works showed that this approach yields an unfair classifier if the training set is corrupted. In this work, we study the minimum amount of data corruption required for a successful flipping attack. First, we find lower/upper bounds on this quantity and show that these bounds are tight when the target model is the unique unconstrained risk minimizer. Second, we propose a computationally efficient data poisoning attack algorithm that can compromise the performance of fair learning algorithms.

UR - http://www.scopus.com/inward/record.url?scp=85136300070&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85136300070&partnerID=8YFLogxK

U2 - 10.1109/ISIT50566.2022.9834475

DO - 10.1109/ISIT50566.2022.9834475

M3 - Conference contribution

AN - SCOPUS:85136300070

T3 - IEEE International Symposium on Information Theory - Proceedings

SP - 1453

EP - 1458

BT - 2022 IEEE International Symposium on Information Theory, ISIT 2022

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2022 IEEE International Symposium on Information Theory, ISIT 2022

Y2 - 26 June 2022 through 1 July 2022

ER -

Breaking Fair Binary Classification with Optimal Flipping Attacks

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this