TY - GEN
T1 - Learning Fair Robustness via Domain Mixup
AU - Zhong, Meiyu
AU - Tandon, Ravi
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Adversarial training is one of the predominant techniques for training classifiers that are robust to adversarial attacks. Recent work, however has found that adversarial training, which makes the overall classifier robust, it does not necessarily provide equal amount of robustness for all classes. In this paper, we propose the use of mixup for the problem of learning fair robust classifiers, which can provide similar robustness across all classes. Specifically, the idea is to mix inputs from the same classes and perform adversarial training on mixed up inputs. We present a theoretical analysis of this idea for the case of linear classifiers and show that mixup combined with adversarial training can provably reduce the class-wise robustness disparity. This method not only contributes to reducing the disparity in class-wise adversarial risk, but also the class-wise natural risk. Complementing our theoretical analysis, we also provide experimental results on both synthetic data and the real world dataset (CIFAR-10), which shows improvement in class wise disparities for both natural and adversarial risks.
AB - Adversarial training is one of the predominant techniques for training classifiers that are robust to adversarial attacks. Recent work, however has found that adversarial training, which makes the overall classifier robust, it does not necessarily provide equal amount of robustness for all classes. In this paper, we propose the use of mixup for the problem of learning fair robust classifiers, which can provide similar robustness across all classes. Specifically, the idea is to mix inputs from the same classes and perform adversarial training on mixed up inputs. We present a theoretical analysis of this idea for the case of linear classifiers and show that mixup combined with adversarial training can provably reduce the class-wise robustness disparity. This method not only contributes to reducing the disparity in class-wise adversarial risk, but also the class-wise natural risk. Complementing our theoretical analysis, we also provide experimental results on both synthetic data and the real world dataset (CIFAR-10), which shows improvement in class wise disparities for both natural and adversarial risks.
UR - https://www.scopus.com/pages/publications/105002681458
UR - https://www.scopus.com/pages/publications/105002681458#tab=citedBy
U2 - 10.1109/IEEECONF60004.2024.10943051
DO - 10.1109/IEEECONF60004.2024.10943051
M3 - Conference contribution
AN - SCOPUS:105002681458
T3 - Conference Record - Asilomar Conference on Signals, Systems and Computers
SP - 196
EP - 202
BT - Conference Record of the 58th Asilomar Conference on Signals, Systems and Computers, ACSSC 2024
A2 - Matthews, Michael B.
PB - IEEE Computer Society
T2 - 58th Asilomar Conference on Signals, Systems and Computers, ACSSC 2024
Y2 - 27 October 2024 through 30 October 2024
ER -