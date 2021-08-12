Join us on Zoom: https://ucsc.zoom.us/j/2543447990 / Passcode: 779440

Description: Integration of machine learning models into our everyday lives can be seen in almost every aspect of our interaction with machines. These models need to go through thorough scrutiny, especially in terms of several crucial social challenges namely data accessibility and integrity, privacy, safety, algorithmic bias, the explainability of outcomes, and transparency. One such challenge that directly impacts the model's performance is robustness against ill-intended "adversaries'' trying to sabotage the system. Recent studies showed that models are susceptible to carefully crafted imperceptible perturbations known as "adversarial examples" generated by an adversary. In this scenario, the most effective solution to handle such perturbations is adversarial training, where an "adversary" simulates such examples and adds them into the training data, whom we call an "ethical adversary." An ethical adversary is equipped with the knowledge and techniques of an adversary but works towards improving the system's performance. In this study, we leverage the strength of an ethical adversary to address various social challenges for building trustworthy and reliable machine learning models.

First, we defend against an oracle attacker in a stochastic multi-armed bandit by assuming the presence of an ethical adversary who can estimate the strength of an external oracle attacker. We discuss robust algorithms for stochastic multi-armed bandit problems with adversarially corrupted rewards. We consider a novel setup of stochastic bandits where the corruptions are sporadic and adaptive to the learner's arm selection strategy with no upper limit on the total budget constraint. We then present two robust algorithms \textbf{Sample Dropout-UCB} ({\algLUCB}) and \textbf{Sample Dropout-\eps} ({\algLEgreedy}) to defend against {\attack}. The core idea of our algorithms is that with an accurate estimation of the strength of {\attack} and by using reward dropout during sample mean estimation can tolerate a significant amount of quantified corruption. Motivated by this, we propose to utilize the techniques of an ethical adversary to address other social challenges, including but not limited to bias and explainability in terms of actionable recourse for large-scale real work deployment of machine learning models. In this direction, we identify adversarial attack bias in the form of class accuracy disparity with adversarial examples. Attack bias gets exacerbated with increasing perturbation strength. We also propose bias correcting objective function to counter this phenomenon. We extend our analysis to a multi-class classification task and present empirical results on the real-world dataset.

We propose to extend adversarial techniques to improve explainability via actionable recourse. We plan to build a framework connecting actionable recourse and adversarial machine learning.