Measuring Equality in Machine Learning Security Defenses: A Case Study in Speech Recognition
| dc.contributor.author | Richards, Luke E. | |
| dc.contributor.author | Raff, Edward | |
| dc.contributor.author | Matuszek, Cynthia | |
| dc.date.accessioned | 2023-03-22T23:06:54Z | |
| dc.date.available | 2023-03-22T23:06:54Z | |
| dc.date.issued | 2023-02-17 | |
| dc.description.abstract | Over the past decade, the machine learning security community has developed a myriad of defenses for evasion attacks. An understudied question in that community is: for whom do these defenses defend? This work considers common approaches to defending learned systems and how security defenses result in performance inequities across different sub-populations. We outline appropriate parity metrics for analysis and begin to answer this question through empirical results of the fairness implications of machine learning security methods. We find that many methods that have been proposed can cause direct harm, like false rejection and unequal benefits from robustness training. The framework we propose for measuring defense equality can be applied to robustly trained models, preprocessing-based defenses, and rejection methods. We identify a set of datasets with a user-centered application and a reasonable computational cost suitable for case studies in measuring the equality of defenses. In our case study of speech command recognition, we show how such adversarial training and augmentation have non-equal but complex protections for social subgroups across gender, accent, and age in relation to user coverage. We present a comparison of equality between two rejection-based defenses: randomized smoothing and neural rejection, finding randomized smoothing more equitable due to the sampling mechanism for minority groups. This represents the first work examining the disparity in the adversarial robustness in the speech domain and the fairness evaluation of rejection-based defenses. | en_US |
| dc.description.sponsorship | We acknowledge that this work relies on the availability of labels for subgroups that can be difficult to obtain in all domains. We also recognize the limitations of such a case study in speech command recognition to not apply directly to other domains. Future work must find benchmarks to address this problem. We hope that by introducing these metrics in this domain and conducting case studies, we can provide awareness of the problem and spur work to address the development and research of equal defenses in machine learning security | en_US |
| dc.description.uri | https://arxiv.org/abs/2302.08973 | en_US |
| dc.format.extent | 21 pages | en_US |
| dc.genre | journal articles | en_US |
| dc.genre | preprints | en_US |
| dc.identifier | doi:10.13016/m2u5lz-ufzv | |
| dc.identifier.uri | https://doi.org/10.48550/arXiv.2302.08973 | |
| dc.identifier.uri | http://hdl.handle.net/11603/27040 | |
| dc.language.iso | en_US | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | en_US |
| dc.rights | Attribution 4.0 International (CC BY 4.0) | * |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | * |
| dc.title | Measuring Equality in Machine Learning Security Defenses: A Case Study in Speech Recognition | en_US |
| dc.type | Text | en_US |
| dcterms.creator | https://orcid.org/0000-0002-9900-1972 | en_US |
| dcterms.creator | https://orcid.org/0000-0003-1383-8120 | en_US |