Stress-Testing ML Pipelines with Adversarial Data Corruption

TL;DR

This paper presents SAVAGE, a framework for systematically identifying worst-case structured data corruptions that can severely degrade machine learning pipeline performance, aiding robustness evaluation and resilient design.

Contribution

SAVAGE introduces a causally inspired, bi-level optimization approach to model and discover impactful data corruptions in ML pipelines, including non-differentiable components.

Findings

Small corruptions (around 5%) can significantly degrade performance.

Structured corruptions outperform random or manual errors in impact.

The framework invalidates assumptions of existing robustness techniques.

Abstract

Structured data-quality issues, such as missing values correlated with demographics, culturally biased labels, or systemic selection biases, routinely degrade the reliability of machine-learning pipelines. Regulators now increasingly demand evidence that high-stakes systems can withstand these realistic, interdependent errors, yet current robustness evaluations typically use random or overly simplistic corruptions, leaving worst-case scenarios unexplored. We introduce SAVAGE, a causally inspired framework that (i) formally models realistic data-quality issues through dependency graphs and flexible corruption templates, and (ii) systematically discovers corruption patterns that maximally degrade a target performance metric. SAVAGE employs a bi-level optimization approach to efficiently identify vulnerable data subpopulations and fine-tune corruption severity, treating the full ML pipeline, including preprocessing and potentially non-differentiable models, as a black box. Extensive experiments across multiple datasets and ML tasks (data cleaning, fairness-aware learning, uncertainty quantification) demonstrate that even a small fraction (around 5 %) of structured corruptions identified by SAVAGE severely impacts model performance, far exceeding random or manually crafted errors, and invalidating core assumptions of existing techniques. Thus, SAVAGE provides a practical tool for rigorous pipeline stress-testing, a benchmark for evaluating robustness methods, and actionable guidance for designing more resilient data workflows.