Adversarial Bias: Data Poisoning Attacks on Fairness

TL;DR

This paper reveals how simple adversarial data poisoning can severely compromise the fairness of machine learning models, demonstrating a practical attack method that outperforms existing techniques across various datasets and models.

Contribution

It introduces a theoretically grounded adversarial poisoning strategy that effectively induces unfairness in classifiers, highlighting a new vulnerability in AI fairness.

Findings

The attack significantly degrades fairness metrics across multiple models.

The method outperforms existing fairness attack techniques.

It maintains high model accuracy while increasing unfairness.

Abstract

With the growing adoption of AI and machine learning systems in real-world applications, ensuring their fairness has become increasingly critical. The majority of the work in algorithmic fairness focus on assessing and improving the fairness of machine learning systems. There is relatively little research on fairness vulnerability, i.e., how an AI system's fairness can be intentionally compromised. In this work, we first provide a theoretical analysis demonstrating that a simple adversarial poisoning strategy is sufficient to induce maximally unfair behavior in naive Bayes classifiers. Our key idea is to strategically inject a small fraction of carefully crafted adversarial data points into the training set, biasing the model's decision boundary to disproportionately affect a protected group while preserving generalizable performance. To illustrate the practical effectiveness of our method, we conduct experiments across several benchmark datasets and models. We find that our attack significantly outperforms existing methods in degrading fairness metrics across multiple models and datasets, often achieving substantially higher levels of unfairness with a comparable or only slightly worse impact on accuracy. Notably, our method proves effective on a wide range of models, in contrast to prior work, demonstrating a robust and potent approach to compromising the fairness of machine learning systems.