Minimizing risk with fairness constraints is one of the popular approaches to learning a fair classifier. Recent works showed that this approach yields an unfair classifier if the training set is corrupted. In this work, we study the minimum amount of data corruption required for a successful flipping attack. First, we find lower/upper bounds on this quantity and show that these bounds are tight when the target model is the unique unconstrained risk minimizer. Second, we propose a computationally efficient data poisoning attack algorithm that can compromise the performance of fair learning algorithms.
|Title of host publication||2022 IEEE International Symposium on Information Theory, ISIT 2022|
|Publisher||Institute of Electrical and Electronics Engineers Inc.|
|Number of pages||6|
|Publication status||Published - 2022|
|Event||2022 IEEE International Symposium on Information Theory, ISIT 2022 - Espoo, Finland|
Duration: 2022 Jun 26 → 2022 Jul 1
|Name||IEEE International Symposium on Information Theory - Proceedings|
|Conference||2022 IEEE International Symposium on Information Theory, ISIT 2022|
|Period||22/6/26 → 22/7/1|
Bibliographical noteFunding Information:
VIII. ACKNOWLEDGEMENTS This work was supported in part by NSF Award DMS-2023239, NSF/Intel Partnership on Machine Learning for Wireless Networking Program under Grant No. CNS-2003129, and the Understanding and Reducing Inequalities Initiative of the University of Wisconsin-Madison, Office of the Vice Chancellor for Research and Graduate Education with funding from the Wisconsin Alumni Research Foundation.
© 2022 IEEE.
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Information Systems
- Modelling and Simulation
- Applied Mathematics