@misc{carlini2022membership, title={Membership Inference Attacks From First Principles}, author={Nicholas Carlini and Steve Chien and Milad Nasr and Shuang Song and Andreas Terzis and Florian Tramer}, year={2022}, eprint={2112.03570}, archivePrefix={arXiv}, primaryClass={cs.CR} } @inproceedings{salem2023sok, title={SoK: Let the privacy games begin! A unified treatment of data inference privacy in machine learning}, author={Salem, Ahmed and Cherubin, Giovanni and Evans, David and K{\"o}pf, Boris and Paverd, Andrew and Suri, Anshuman and Tople, Shruti and Zanella-B{\'e}guelin, Santiago}, booktitle={2023 IEEE Symposium on Security and Privacy (SP)}, pages={327--345}, year={2023}, organization={IEEE} } @inproceedings{ijcai2022p766, title = {Differential Privacy and Fairness in Decisions and Learning Tasks: A Survey}, author = {Fioretto, Ferdinando and Tran, Cuong and Van Hentenryck, Pascal and Zhu, Keyu}, booktitle = {Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence, {IJCAI-22}}, publisher = {International Joint Conferences on Artificial Intelligence Organization}, editor = {Lud De Raedt}, pages = {5470--5477}, year = {2022}, month = {7}, note = {Survey Track}, doi = {10.24963/ijcai.2022/766}, url = {https://doi.org/10.24963/ijcai.2022/766}, } @article{accfairtradeoff, author = {Pinzon, Carlos and Palamidessi, Catuscia and Piantanida, Pablo and Valencia, Frank}, year = {2023}, month = {05}, pages = {1-30}, title = {On the incompatibility of accuracy and equal opportunity}, journal = {Machine Learning}, doi = {10.1007/s10994-023-06331-y} } @article{rodolfa2021empirical, title={Empirical observation of negligible fairness--accuracy trade-offs in machine learning for public policy}, author={Rodolfa, Kit T and Lamba, Hemank and Ghani, Rayid}, journal={Nature Machine Intelligence}, volume={3}, number={10}, pages={896--904}, year={2021}, publisher={Nature Publishing Group UK London} } @article{zhai2022understanding, title={Understanding why generalized reweighting does not improve over ERM}, author={Zhai, Runtian and Dan, Chen and Kolter, Zico and Ravikumar, Pradeep}, booktitle={International Conference on Learning Representation}, year={2023} } @article{ veldanda2022fairness, title={Fairness via In-Processing in the Over-parameterized Regime: A Cautionary Tale with MinDiff Loss}, author={Akshaj Kumar Veldanda and Ivan Brugere and Jiahao Chen and Sanghamitra Dutta and Alan Mishler and Siddharth Garg}, journal={Transactions on Machine Learning Research}, issn={2835-8856}, year={2023}, url={https://openreview.net/forum?id=f4VyYhkRvi}, note={} } % general % url = {https://arxiv.org/abs/2206.10923}, @misc{arxivmichael, doi = {10.48550/ARXIV.2206.10923}, author = {Maheshwari, Gaurav and Perrot, Michaël}, title = {FairGrad: Fairness Aware Gradient Descent}, publisher = {arXiv}, year = {2022}, } @InProceedings{classIMb1, title = {Class-Imbalanced Semi-Supervised Learning with Adaptive Thresholding}, author = {Guo, Lan-Zhe and Li, Yu-Feng}, booktitle = {Proceedings of the 39th International Conference on Machine Learning}, pages = {8082--8094}, year = {2022}, editor = {Chaudhuri, Kamalika and Jegelka, Stefanie and Song, Le and Szepesvari, Csaba and Niu, Gang and Sabato, Sivan}, volume = {162}, series = {Proceedings of Machine Learning Research}, month = {17--23 Jul}, publisher = {PMLR}, pdf = {https://proceedings.mlr.press/v162/guo22e/guo22e.pdf}, url = {https://proceedings.mlr.press/v162/guo22e.html} } @article{classIMb2, title={Deep learning model calibration for improving performance in class-imbalanced medical image classification tasks}, author={Sivaramakrishnan Rajaraman and Prasanth Ganesan and Sameer K. Antani}, journal={PLoS ONE}, year={2021}, volume={17}, url={https://api.semanticscholar.org/CorpusID:238259577} } @misc{classIMb3, author = {Jason Brownlee}, title = {{A} {G}entle {I}ntroduction to {T}hreshold-{M}oving for {I}mbalanced {C}lassification - {M}achine{L}earning{M}astery.com --- machinelearningmastery.com}, year = {}, note = {[Accessed 31-08-2023]}, } %issn = {0022-0000}, %url = {https://www.sciencedirect.com/science/article/pii/S002200009791504X}, @article{saddlepointsolve, title = {A Decision-Theoretic Generalization of On-Line Learning and an Application to Boosting}, journal = {Journal of Computer and System Sciences}, volume = {55}, number = {1}, pages = {119-139}, year = {1997}, doi = {10.1006/jcss.1997.1504}, author = {Yoav Freund and Robert E Schapire} } %isbn = {1595933832}, %address = {New York, NY, USA}, @inproceedings{curves, author = {Davis, Jesse and Goadrich, Mark}, title = {The Relationship between Precision-Recall and ROC Curves}, year = {2006}, publisher = {Association for Computing Machinery}, doi = {10.1145/1143844.1143874}, booktitle = {International Conference on Machine Learning}, pages = {233–240}, location = {Pittsburgh, Pennsylvania, USA}, series = {ICML '06} } @inproceedings{cormode, author = {Cormode, Graham}, title = {Personal Privacy vs Population Privacy: Learning to Attack Anonymization}, year = {2011}, publisher = {Association for Computing Machinery}, doi = {10.1145/2020408.2020598}, booktitle = {ACM SIGKDD International Conference on Knowledge Discovery and Data Mining}, pages = {1253–1261}, location = {San Diego, California, USA}, series = {KDD '11} } %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, %issn = {0360-0300}, %url = {https://doi.org/10.1145/3457607}, @article{surveyfair, author = {Mehrabi, Ninareh and Morstatter, Fred and Saxena, Nripsuta and Lerman, Kristina and Galstyan, Aram}, title = {A Survey on Bias and Fairness in Machine Learning}, year = {2021}, volume = {54}, number = {6}, doi = {10.1145/3457607}, journal = {ACM Comput. Surv.}, month = {jul}, articleno = {115}, numpages = {35}, } @article{attinfSocial1, author = {Gong, Neil Zhenqiang and Talwalkar, Ameet and Mackey, Lester and Huang, Ling and Shin, Eui Chul Richard and Stefanov, Emil and Shi, Elaine (Runting) and Song, Dawn}, title = {Joint Link Prediction and Attribute Inference Using a Social-Attribute Network}, year = {2014}, publisher = {Association for Computing Machinery}, volume = {5}, number = {2}, doi = {10.1145/2594455}, journal = {ACM Trans. Intell. Syst. Technol.}, } %address = {New York, NY, USA}, %issn = {2471-2566}, %url = {https://doi.org/10.1145/3154793}, %numpages = {30}, %%month = {jan}, @article{attinfSocial2, author = {Gong, Neil Zhenqiang and Liu, Bin}, title = {Attribute Inference Attacks in Online Social Networks}, year = {2018}, publisher = {Association for Computing Machinery}, volume = {21}, number = {1}, doi = {10.1145/3154793}, journal = {ACM Trans. Priv. Secur.}, articleno = {3}, } %isbn = {978-1-931971-32-4}, %address = {Austin, TX}, %url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/gong}, %publisher = {USENIX Association}, %month = aug, @inproceedings {attinfSocial3, author = {Neil Zhenqiang Gong and Bin Liu}, title = {You Are Who You Know and How You Behave: Attribute Inference Attacks via Users{\textquoteright} Social Friends and Behaviors}, booktitle = {USENIX Security Symposium }, year = {2016}, pages = {979--995}, } %URL = {https://hal.inria.fr/hal-00748162}, %ADDRESS = {San Diego, United States}, %MONTH = Feb, @inproceedings{attinfSocial4, TITLE = {{You Are What You Like! Information Leakage Through Users' Interests}}, YEAR = {2012}, AUTHOR = {Chaabane, Abdelberi and Acs, Gergely and Kaafar, Mohamed Ali}, BOOKTITLE = {Network and Distributed System Security Symposium}, PAGES = {1-14}, } @inproceedings{attinfSocial5, author={Elena Zheleva and Lise Getoor}, title={To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles}, year={2009}, BOOKTITLE = {International Conference on World Wide Web}, pages={531-540}, doi={10.1145/1526709.1526781}, } %isbn = {9781450349130}, %publisher = {International World Wide Web Conferences Steering Committee}, %address = {Republic and Canton of Geneva, CHE}, %url = {https://doi.org/10.1145/3038912.3052695}, @inproceedings{attinfSocial6, author = {Jia, Jinyuan and Wang, Binghui and Zhang, Le and Gong, Neil Zhenqiang}, title = {AttriInfer: Inferring User Attributes in Online Social Networks Using Markov Random Fields}, year = {2017}, doi = {10.1145/3038912.3052695}, booktitle = {nternational Conference on World Wide Web}, pages = {1561–1569}, location = {Perth, Australia}, series = {WWW '17} } %isbn = {9781450382878}, %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, @inbook{dysan, author = {Boutet, Antoine and Frindel, Carole and Gambs, S\'{e}bastien and Jourdan, Th\'{e}o and Ngueveu, Rosin Claude}, title = {DySan: Dynamically Sanitizing Motion Sensor Data Against Sensitive Inferences through Adversarial Networks}, year = {2021}, doi = {10.1145/3433210.3453095}, booktitle = {ACM Asia Conference on Computer and Communications Security}, pages = {672–686}, serie = {ASIA CCS '21} } @inproceedings{attprivacy, author = {Zhang, Wanrong and Ohrimenko, Olga and Cummings, Rachel}, title = {Attribute Privacy: Framework and Mechanisms}, year = {2022}, isbn = {9781450393522}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3531146.3533139}, doi = {10.1145/3531146.3533139}, booktitle = {Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency}, pages = {757–766}, numpages = {10}, keywords = {Pufferfish privacy, attribute privacy, formal privacy frameworks, privacy-preserving mechanisms}, series = {FAccT '22} } %differential privacy and fairness @inproceedings{dispvuln, author = {Mohammad Yaghini and Bogdan Kulynych and Carmela Troncoso}, title = {Disparate Vulnerability: on the Unfairness of Privacy Attacks Against Machine Learning}, year = {2022}, booktitle = {Privacy Enhancing Technologies Symposium} } %isbn = {9781450391405}, %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, @inproceedings{GongMIAUnfair, author = {Zhong, Da and Sun, Haipei and Xu, Jun and Gong, Neil and Wang, Wendy Hui}, title = {Understanding Disparate Effects of Membership Inference Attacks and Their Countermeasures}, year = {2022}, doi = {10.1145/3488932.3501279}, booktitle = {ACM on Asia Conference on Computer and Communications Security}, pages = {959–974}, location = {Nagasaki, Japan}, series = {ASIA CCS '22} } %sbn = {9781450311151}, %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, %url = {https://doi.org/10.1145/2090236.2090255}, @inproceedings{indivfairness, author = {Dwork, Cynthia and Hardt, Moritz and Pitassi, Toniann and Reingold, Omer and Zemel, Richard}, title = {Fairness through Awareness}, year = {2012}, doi = {10.1145/2090236.2090255}, booktitle = {Innovations in Theoretical Computer Science Conference}, pages = {214–226}, location = {Cambridge, Massachusetts}, series = {ITCS '12} } @inproceedings{outIndist, author = {Dwork, Cynthia and Kim, Michael P. and Reingold, Omer and Rothblum, Guy N. and Yona, Gal}, title = {Outcome indistinguishability}, year = {2021}, isbn = {9781450380539}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3406325.3451064}, doi = {10.1145/3406325.3451064}, booktitle = {Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing}, pages = {1095–1108}, numpages = {14}, keywords = {Prediction, Fairness, Computational Indistinguishability}, location = {Virtual, Italy}, series = {STOC 2021} } %isbn = {9781450369367}, %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, %url = {https://doi.org/10.1145/3351095.3372872}, @inproceedings{dpfair, author = {Pujol, David and McKenna, Ryan and Kuppam, Satya and Hay, Michael and Machanavajjhala, Ashwin and Miklau, Gerome}, title = {Fair Decision Making Using Privacy-Protected Data}, year = {2020}, doi = {10.1145/3351095.3372872}, booktitle = {Conference on Fairness, Accountability, and Transparency}, pages = {189–199}, location = {Barcelona, Spain}, series = {FAT* '20} } %url={https://ojs.aaai.org/index.php/AAAI/article/view/17193}, %month={May}, @article{fairprivatelagrangian, title={Differentially Private and Fair Deep Learning: A Lagrangian Dual Approach}, volume={35}, number={11}, journal={AAAI Conference on Artificial Intelligence}, author={Tran, Cuong and Fioretto, Ferdinando and Van Hentenryck, Pascal}, year={2021}, pages={9932-9939} } %editor = {Chaudhuri, Kamalika and Salakhutdinov, Ruslan}, %series = {Proceedings of Machine Learning Research}, %month = {09--15 Jun}, %publisher = {PMLR}, %pdf = {http://proceedings.mlr.press/v97/jagielski19a/jagielski19a.pdf}, %url = {https://proceedings.mlr.press/v97/jagielski19a.html} @InProceedings{dpfairlearn, title = {Differentially Private Fair Learning}, author = {Jagielski, Matthew and Kearns, Michael and Mao, Jieming and Oprea, Alina and Roth, Aaron and -Malvajerdi, Saeed Sharifi and Ullman, Jonathan}, booktitle = {International Conference on Machine Learning}, pages = {3000--3008}, year = {2019}, volume = {97}, } @incollection{dpaccdisp, title = {Differential Privacy Has Disparate Impact on Model Accuracy}, author = {Bagdasaryan, Eugene and Poursaeed, Omid and Shmatikov, Vitaly}, booktitle = {Advances in Neural Information Processing Systems}, pages = {15479--15488}, year = {2019}} %isbn = {978-1-939133-06-9}, %address = {Santa Clara, CA}, %url = {https://www.usenix.org/conference/usenixsecurity19/presentation/jayaraman}, %publisher = {USENIX Association}, %month = aug, @inproceedings {dpVacc, author = {Bargav Jayaraman and David Evans}, title = {Evaluating Differentially Private Machine Learning in Practice}, booktitle = {USENIX Security Symposium}, year = {2019}, pages = {1895--1912}, } %isbn = {9781450367110}, %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, %url = {https://doi.org/10.1145/3314183.3323847}, @inproceedings{cummings, author = {Cummings, Rachel and Gupta, Varun and Kimpara, Dhamma and Morgenstern, Jamie}, title = {On the Compatibility of Privacy and Fairness}, year = {2019}, doi = {10.1145/3314183.3323847}, booktitle = {Conference on User Modeling, Adaptation and Personalization}, pages = {309–315}, location = {Larnaca, Cyprus}, series = {UMAP'19 Adjunct} } @techreport{ec2019ethics, address = {Brussels}, author = {{High-Level Expert Group on AI}}, institution = {European Commission}, language = {eng}, month = apr, title = {Ethics guidelines for trustworthy AI}, type = {Report}, url = {https://ec.europa.eu/digital-single-market/en/news/ethics-guidelines-trustworthy-ai}, year = {2019} } @inproceedings{nist, title={A Taxonomy and Terminology of Adversarial Machine Learning}, author={Elham Tabassi and Kevin J. Burns and M. Hadjimichael and Andres Molina-Markham and Julian Sexton}, url = {https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8269-draft.pdf}, year={2019}, booktitle = {NIST Interagency/Internal Report} } @inproceedings{dpia, title={Art. 35 {GDPR} Data protection impact assessment}, url={https://gdpr-info.eu/art-35-gdpr/}, author={European Union Law}, year={2018}, booktitle={General Data Protection Regulation (GDPR)} } @article{ico, title={{AI} auditing and impact assessment: according to the UK information commissioner’s office}, ISSN={2730-5953, 2730-5961}, url={http://link.springer.com/10.1007/s43681-021-00039-2}, DOI={10.1007/s43681-021-00039-2}, journal={AI and Ethics}, author={Kazim, Emre and Denny, Danielle Mendes Thame and Koshiyama, Adriano}, year={2021}, month={Feb} } @inproceedings{whitehouse, title={Guidance for Regulation of Artificial Intelligence Applications}, url={https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf}, author={White House}, year = {2020}, booktitle={Memorandum For The Heads Of Executive Departments And Agencies} } %metrics @INPROCEEDINGS{memprivNattpriv, author={Zhao, Benjamin Zi Hao and Agrawal, Aviral and Coburn, Catisha and Asghar, Hassan Jameel and Bhaskar, Raghav and Kaafar, Mohamed Ali and Webb, Darren and Dickinson, Peter}, booktitle={IEEE European Symposium on Security and Privacy}, title={On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models}, year={2021}, pages={232-251}, doi={10.1109/EuroSP51992.2021.00025} } @article{duddu2023sok, title={SoK: Unintended Interactions among Machine Learning Defenses and Risks}, author={Duddu, Vasisht and Szyller, Sebastian and Asokan, N}, journal={arXiv preprint arXiv:2312.04542}, year={2023} } @inproceedings{suri2023dissecting, title={Dissecting distribution inference}, author={Suri, Anshuman and Lu, Yifu and Chen, Yanjin and Evans, David}, booktitle={2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)}, pages={150--164}, year={2023}, organization={IEEE} } @article{de2020overview, title={An overview of privacy in machine learning}, author={De Cristofaro, Emiliano}, journal={arXiv preprint arXiv:2005.08679}, year={2020} } @article{pate2021fairness, title={A Fairness Analysis on Private Aggregation of Teacher Ensembles}, author={Tran, Cuong and Dinh, My H and Beiter, Kyle and Fioretto, Ferdinando}, journal={arXiv preprint arXiv:2109.08630}, year={2021} } @article{fioretto2022differential, title={Differential Privacy and Fairness in Decisions and Learning Tasks: A Survey}, author={Fioretto, Ferdinando and Tran, Cuong and Van Hentenryck, Pascal and Zhu, Keyu}, journal={arXiv preprint arXiv:2202.08187}, year={2022} } % attribute inference attacks in ML %publisher = "Institute of Electrical and Electronics Engineers (IEEE)", %address = "United States", @inproceedings{zhao2021infeasibility, title = "On the (in)feasibility of attribute inference attacks on machine learning models", author = "Zhao, {Benjamin Zi Hao} and Aviral Agrawal and Catisha Coburn and Asghar, {Hassan Jameel} and Raghav Bhaskar and Kaafar, {Mohamed Ali} and Darren Webb and Peter Dickinson", year = "2021", doi = "10.1109/EuroSP51992.2021.00025", pages = "232--251", booktitle = "IEEE European Symposium on Security and Privacy", serie = {EuroS&P '2021}, } %isbn = {978-1-939133-31-1}, %address = {Boston, MA}, %url = {https://www.usenix.org/conference/usenixsecurity22/presentation/mehnaz}, %publisher = {USENIX Association}, %month = aug, @inproceedings{MehnazAttInf, author = {Shagufta Mehnaz and Sayanton V. Dibbo and Ehsanul Kabir and Ninghui Li and Elisa Bertino}, title = {Are Your Sensitive Attributes Private? Novel Model Inversion Attribute Inference Attacks on Classification Models}, booktitle = {USENIX Security Symposium}, year = {2022}, pages = {4579--4596}, } %isbn = {9781450338325}, %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, %%url = {https://doi.org/10.1145/2810103.2813677}, @inproceedings{fredrikson1, author = {Fredrikson, Matt and Jha, Somesh and Ristenpart, Thomas}, title = {Model Inversion Attacks That Exploit Confidence Information and Basic Countermeasures}, year = {2015}, doi = {10.1145/2810103.2813677}, booktitle = {ACM SIGSAC Conference on Computer and Communications Security}, pages = {1322–1333}, location = {Denver, Colorado, USA}, series = {CCS '15} } %isbn = {9781931971157}, @inproceedings{fredrikson2, author = {Fredrikson, Matthew and Lantz, Eric and Jha, Somesh and Lin, Simon and Page, David and Ristenpart, Thomas}, title = {Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing}, year = {2014}, booktitle = {USENIX Conference on Security Symposium}, pages = {17–32}, location = {San Diego, CA}, series = {SEC'14} } @inproceedings{Song2020Overlearning, title={Overlearning Reveals Sensitive Attributes}, author={Congzheng Song and Vitaly Shmatikov}, booktitle={International Conference on Learning Representations}, year={2020} } %isbn = {9781450384544}, %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, %url = {https://doi.org/10.1145/3460120.3484533}, @inproceedings{malekzadeh2021honestbutcurious, author = {Malekzadeh, Mohammad and Borovykh, Anastasia and G\"{u}nd\"{u}z, Deniz}, title = {Honest-but-Curious Nets: Sensitive Attributes of Private Inputs Can Be Secretly Coded into the Classifiers' Outputs}, year = {2021}, doi = {10.1145/3460120.3484533}, booktitle = {ACM SIGSAC Conference on Computer and Communications Security}, pages = {825–844}, location = {Virtual Event, Republic of Korea}, series = {CCS '21} } @article{jayaraman2022attribute, title={Are Attribute Inference Attacks Just Imputation?}, author={Jayaraman, Bargav and Evans, David}, journal={arXiv preprint arXiv:2209.01292}, year={2022} } @inproceedings{yeom, author={Yeom, Samuel and Giacomelli, Irene and Fredrikson, Matt and Jha, Somesh}, booktitle={IEEE Computer Security Foundations Symposium}, title={Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting}, year={2018}, pages={268-282}, doi={10.1109/CSF.2018.00027} } @inproceedings{Mahajan2020DoesLS, title={Does Learning Stable Features Provide Privacy Benefits for Machine Learning Models?}, author={Divyat Mahajan, Shruti Tople, Amit Sharma}, booktitle = {NeurIPS PPML Workshop}, year={2020} } @inproceedings{Malekzadeh_2021, doi = {10.1145/3460120.3484533}, url = {https://doi.org/10.1145%2F3460120.3484533}, year = 2021, month = {nov}, publisher = {{ACM}}, author = {Mohammad Malekzadeh and Anastasia Borovykh and Deniz Gündüz}, title = {Honest-but-Curious Nets: Sensitive Attributes of Private Inputs Can Be Secretly Coded into the Classifiers{\textquotesingle} Outputs}, booktitle = {Proceedings of the 2021 {ACM} {SIGSAC} Conference on Computer and Communications Security}} @INPROCEEDINGS{meminf, author={Shokri, Reza and Stronati, Marco and Song, Congzheng and Shmatikov, Vitaly}, booktitle={2017 IEEE Symposium on Security and Privacy (SP)}, title={Membership Inference Attacks Against Machine Learning Models}, year={2017}, pages={3-18}, doi={10.1109/SP.2017.41}} @article{chang2021privacy, title={On the Privacy Risks of Algorithmic Fairness}, author={Hongyang Chang and R. Shokri}, journal={{2021 }IEEE European Symposium on Security and Privacy}, year={2021}, pages={292-303} } @article{duddu2022inferring, title={Inferring Sensitive Attributes from Model Explanations}, author={Duddu, Vasisht and Boutet, Antoine}, journal={arXiv preprint arXiv:2208.09967}, year={2022} } %editor = {H. Larochelle and M. Ranzato and R. Hadsell and M. F. Balcan and H. Lin}, %publisher = {Curran Associates, Inc.}, %url = {https://proceedings.neurips.cc/paper/2020/file/6b8b8e3bd6ad94b985c1b1f1b7a94cb2-Paper.pdf}, @inproceedings{NEURIPS2020_6b8b8e3b, author = {Zhao, Han and Chi, Jianfeng and Tian, Yuan and Gordon, Geoffrey J}, booktitle = {Advances in Neural Information Processing Systems}, pages = {9485--9496}, title = {Trade-offs and Guarantees of Adversarial Representation Learning for Information Obfuscation}, volume = {33}, year = {2020} } @ARTICLE{8515092, author={S. A. {Osia} and A. {Taheri} and A. S. {Shamsabadi} and K. {Katevas} and H. {Haddadi} and H. R. {Rabiee}}, journal={IEEE Transactions on Knowledge and Data Engineering}, title={Deep Private-Feature Extraction}, year={2020}, volume={32}, number={1}, pages={54-66}, } %eprint = {1707.00075} @article{advfair, author = {Alex Beutel and Jilin Chen and Zhe Zhao and Ed H. Chi}, title = {Data Decisions and Theoretical Implications when Adversarially Learning Fair Representations}, year = {2017}, publisher = {arXiv}, doi = {10.48550/ARXIV.1707.00075}, } %property inference attack @article{propinf, title={Dataset-Level Attribute Leakage in Collaborative Learning}, author={Zhang, Wanrong and Tople, Shruti and Ohrimenko, Olga}, journal={arXiv:2006.07267}, year={2020} } %month = sep, @article{propinf2, author = {Ateniese, Giuseppe and Mancini, Luigi V. and Spognardi, Angelo and Villani, Antonio and Vitali, Domenico and Felici, Giovanni}, title = {Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers}, year = {2015}, volume = {10}, number = {3}, journal = {Int. J. Secur. Netw.}, pages = {137–150} } %isbn = {9781450356930}, %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, %url = {https://doi.org/10.1145/3243734.3243834}, @inproceedings{propinf3, author = {Ganju, Karan and Wang, Qi and Yang, Wei and Gunter, Carl A. and Borisov, Nikita}, title = {Property Inference Attacks on Fully Connected Neural Networks Using Permutation Invariant Representations}, year = {2018}, doi = {10.1145/3243734.3243834}, booktitle = {ACM SIGSAC Conference on Computer and Communications Security}, pages = {619–633}, location = {Toronto, Canada}, series = {CCS '18} } @article{propinf4, title={Formalizing and Estimating Distribution Inference Risks}, author={Suri, Anshuman and Evans, David}, journal={Proceedings on Privacy Enhancing Technologies}, year={2022} } @inproceedings{fedinference, author={L. {Melis} and C. {Song} and E. {De Cristofaro} and V. {Shmatikov}}, booktitle={IEEE Symposium on Security and Privacy}, title={Exploiting Unintended Feature Leakage in Collaborative Learning}, year={2019}, pages={691-706} } @INPROCEEDINGS {ferryExploit, author = {J. Ferry and U. Aivodji and S. Gambs and M. Huguet and M. Siala}, booktitle = {2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)}, title = {Exploiting Fairness to Enhance Sensitive Attributes Reconstruction}, year = {2023}, volume = {}, issn = {}, pages = {18-41}, keywords = {training;measurement;learning systems;privacy;pipelines;training data;machine learning}, doi = {10.1109/SaTML54575.2023.00012}, url = {https://doi.ieeecomputersociety.org/10.1109/SaTML54575.2023.00012}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, month = {feb} } % defences against attribute inference attacks @inproceedings{10.5555/3042817.3042973, author = {Zemel, Richard and Wu, Yu and Swersky, Kevin and Pitassi, Toniann and Dwork, Cynthia}, title = {Learning Fair Representations}, year = {2013}, booktitle = {International Conference on Machine Learning}, serie = {ICML '13}, } %month = jan, @article{10.5555/3122009.3208010, author = {Hamm, Jihun}, title = {Minimax Filter: Learning to Preserve Privacy from Inference Attacks}, year = {2017}, volume = {18}, number = {1}, journal = {J. Mach. Learn. Res.}, pages = {4704–4734} } @inproceedings{10.5555/3327546.3327583, author = {Moyer, Daniel and Gao, Shuyang and Brekelmans, Rob and Steeg, Greg Ver and Galstyan, Aram}, title = {Invariant Representations without Adversarial Training}, year = {2018}, booktitle = {Advances in Neural Information Processing Systems} } @inproceedings{10.5555/3294771.3294827, author = {Xie, Qizhe and Dai, Zihang and Du, Yulun and Hovy, Eduard and Neubig, Graham}, title = {Controllable Invariance through Adversarial Feature Learning}, year = {2017}, booktitle = {Advances in Neural Information Processing Systems} } @InProceedings{pmlr-v80-madras18a, title = {Learning Adversarially Fair and Transferable Representations}, author = {Madras, David and Creager, Elliot and Pitassi, Toniann and Zemel, Richard}, pages = {3384--3393}, year = {2018}, volume = {80}, booktitle = {Proceedings of Machine Learning Research}, } @inproceedings{censoringadv, title = "Censoring Representations with an Adversary", author = "Harrison Edwards and Amos Storkey", year = "2016", booktitle = {International Conference on Learning Representations} } @inproceedings{NIPS2017_48ab2f9b, author = {Louppe, Gilles and Kagan, Michael and Cranmer, Kyle}, booktitle = {Advances in Neural Information Processing Systems}, editor = {I. Guyon and U. Von Luxburg and S. Bengio and H. Wallach and R. Fergus and S. Vishwanathan and R. Garnett}, pages = {}, publisher = {Curran Associates, Inc.}, title = {Learning to Pivot with Adversarial Networks}, url = {https://proceedings.neurips.cc/paper_files/paper/2017/file/48ab2f9b45957ab574cf005eb8a76760-Paper.pdf}, volume = {30}, year = {2017} } %isbn = {9781450360128}, %publisher = {Association for Computing Machinery}, %address = {New York, NY, USA}, %url = {https://doi.org/10.1145/3278721.3278779}, @inproceedings{debiase, author = {Zhang, Brian Hu and Lemoine, Blake and Mitchell, Margaret}, title = {Mitigating Unwanted Biases with Adversarial Learning}, year = {2018}, doi = {10.1145/3278721.3278779}, booktitle = {AAAI/ACM Conference on AI, Ethics, and Society}, pages = {335–340}, location = {New Orleans, LA, USA}, series = {AIES '18} } %month = {10}, %pages = {}, @article{preprocessing, author = {Kamiran, Faisal and Calders, Toon}, year = {2011}, title = {Data Pre-Processing Techniques for Classification without Discrimination}, volume = {33}, journal = {Knowledge and Information Systems}, doi = {10.1007/s10115-011-0463-8} } %series = {Proceedings of Machine Learning Research}, %month = {10--15 Jul}, %publisher = {PMLR}, %pdf = {http://proceedings.mlr.press/v80/agarwal18a/agarwal18a.pdf}, %url = {https://proceedings.mlr.press/v80/agarwal18a.html}, @InProceedings{reductions, title = {A Reductions Approach to Fair Classification}, author = {Agarwal, Alekh and Beygelzimer, Alina and Dudik, Miroslav and Langford, John and Wallach, Hanna}, booktitle = {International Conference on Machine Learning}, pages = {60--69}, year = {2018}, volume = {80}, } @article{kifer2014pufferfish, author = {Kifer, Daniel and Machanavajjhala, Ashwin}, title = {Pufferfish: A framework for mathematical privacy definitions}, year = {2014}, issue_date = {January 2014}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {39}, number = {1}, issn = {0362-5915}, url = {https://doi.org/10.1145/2514689}, doi = {10.1145/2514689}, journal = {ACM Trans. Database Syst.}, month = {jan}, articleno = {3}, numpages = {36}, keywords = {Privacy, differential privacy} } @inproceedings{song2017pufferfish, title={Pufferfish privacy mechanisms for correlated data}, author={Song, Shuang and Wang, Yizhen and Chaudhuri, Kamalika}, booktitle={Proceedings of the 2017 ACM International Conference on Management of Data}, pages={1291--1306}, year={2017} } @article{grinsztajn2022tree, title={Why do tree-based models still outperform deep learning on typical tabular data?}, author={Grinsztajn, L{\'e}o and Oyallon, Edouard and Varoquaux, Ga{\"e}l}, journal={Advances in neural information processing systems}, volume={35}, pages={507--520}, year={2022} } @inproceedings {attriguard, author = {Jinyuan Jia and Neil Zhenqiang Gong}, title = {AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning}, booktitle = {USENIX Security}, year = {2018}, pages = {513--529}, } % fairness metrics @article{fairmetric, author = {Muhammad Bilal Zafar and Isabel Valera and Manuel Gomez-Rodriguez and Krishna P. Gummadi}, title = {Fairness Constraints: A Flexible Approach for Fair Classification}, journal = {Journal of Machine Learning Research}, year = {2019}, volume = {20}, number = {75}, pages = {1-42} } @inproceedings{fairmetric2, author = {Hardt, Moritz and Price, Eric and Srebro, Nathan}, title = {Equality of Opportunity in Supervised Learning}, year = {2016}, booktitle = {Advances in Neural Information Processing Systems}, pages = {3323–3331} } @article{fairjustice, author = {Alikhademi, Kiana and Drobina, Emma and Prioleau, Diandra and Richardson, Brianna and Purves, Duncan and Gilbert, Juan E.}, title = {A Review of Predictive Policing from the Perspective of Fairness}, year = {2022}, issue_date = {Mar 2022}, publisher = {Kluwer Academic Publishers}, address = {USA}, volume = {30}, number = {1}, issn = {0924-8463}, url = {https://doi.org/10.1007/s10506-021-09286-4}, doi = {10.1007/s10506-021-09286-4}, journal = {Artif. Intell. Law}, month = {mar}, pages = {1–17}, numpages = {17}, keywords = {Predictive policing, Algorithmic fairness, Fairness, AI in criminal justice} } @article{folk, title={Retiring Adult: New Datasets for Fair Machine Learning}, author={Ding, Frances and Hardt, Moritz and Miller, John and Schmidt, Ludwig}, journal={Advances in Neural Information Processing Systems}, volume={34}, year={2021} } @inproceedings{ SDV, title={The Synthetic data vault}, author={Patki, Neha and Wedge, Roy and Veeramachaneni, Kalyan}, booktitle={IEEE International Conference on Data Science and Advanced Analytics (DSAA)}, year={2016}, pages={399-410}, doi={10.1109/DSAA.2016.49}, month={Oct} } @misc{dpbad, doi = {10.48550/ARXIV.1104.3913}, url = {https://arxiv.org/abs/1104.3913}, author = {Dwork, Cynthia and Hardt, Moritz and Pitassi, Toniann and Reingold, Omer and Zemel, Rich}, keywords = {Computational Complexity (cs.CC), Computers and Society (cs.CY), FOS: Computer and information sciences, FOS: Computer and information sciences}, title = {Fairness Through Awareness}, publisher = {arXiv}, year = {2011}, copyright = {arXiv.org perpetual, non-exclusive license} } @INPROCEEDINGS{fairlog, author={Radovanović, Sandro and Petrović, Andrija and Delibašić, Boris and Suknović, Milija}, booktitle={2020 International Conference on INnovations in Intelligent SysTems and Applications (INISTA)}, title={Enforcing fairness in logistic regression algorithm}, year={2020}, volume={}, number={}, pages={1-7}, doi={10.1109/INISTA49547.2020.9194676}} @misc{fairreg, title={Fair Regression: Quantitative Definitions and Reduction-based Algorithms}, author={Alekh Agarwal and Miroslav Dudík and Zhiwei Steven Wu}, year={2019}, eprint={1905.12843}, archivePrefix={arXiv}, primaryClass={cs.LG} } @InProceedings{fairaudit1, title = {Blind Justice: Fairness with Encrypted Sensitive Attributes}, author = {Kilbertus, Niki and Gascon, Adria and Kusner, Matt and Veale, Michael and Gummadi, Krishna and Weller, Adrian}, booktitle = {Proceedings of the 35th International Conference on Machine Learning}, pages = {2630--2639}, year = {2018}, editor = {Dy, Jennifer and Krause, Andreas}, volume = {80}, series = {Proceedings of Machine Learning Research}, month = {10--15 Jul}, publisher = {PMLR}, pdf = {http://proceedings.mlr.press/v80/kilbertus18a/kilbertus18a.pdf}, url = {https://proceedings.mlr.press/v80/kilbertus18a.html}, } @inproceedings{fairaudit2, author = {Park, Saerom and Kim, Seongmin and Lim, Yeon-sup}, title = {Fairness Audit of Machine Learning Models with Confidential Computing}, year = {2022}, isbn = {9781450390965}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3485447.3512244}, doi = {10.1145/3485447.3512244}, booktitle = {Proceedings of the ACM Web Conference 2022}, pages = {3488–3499}, numpages = {12}, keywords = {Confidential computing, Algorithmic audit, Security and privacy, Fairness}, location = {Virtual Event, Lyon, France}, series = {WWW '22} } @inproceedings{fairaudit3, author = {Segal, Shahar and Adi, Yossi and Pinkas, Benny and Baum, Carsten and Ganesh, Chaya and Keshet, Joseph}, title = {Fairness in the Eyes of the Data: Certifying Machine-Learning Models}, year = {2021}, isbn = {9781450384735}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3461702.3462554}, doi = {10.1145/3461702.3462554}, booktitle = {Proceedings of the 2021 AAAI/ACM Conference on AI, Ethics, and Society}, pages = {926–935}, numpages = {10}, keywords = {machine-learning, cryptography, privacy, fairness}, location = {Virtual Event, USA}, series = {AIES '21} } @article{yadav2024fairproof, title={FairProof: Confidential and Certifiable Fairness for Neural Networks}, author={Yadav, Chhavi and Chowdhury, Amrita Roy and Boneh, Dan and Chaudhuri, Kamalika}, journal={arXiv preprint arXiv:2402.12572}, year={2024} } @inproceedings{khedr2023certifair, title={Certifair: A framework for certified global fairness of neural networks}, author={Khedr, Haitham and Shoukry, Yasser}, booktitle={Proceedings of the AAAI Conference on Artificial Intelligence}, volume={37}, number={7}, pages={8237--8245}, year={2023} } @article{urban20, author = {Urban, Caterina and Christakis, Maria and W\"{u}stholz, Valentin and Zhang, Fuyuan}, title = {Perfectly parallel fairness certification of neural networks}, year = {2020}, issue_date = {November 2020}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {4}, number = {OOPSLA}, journal = {Proc. ACM Program. Lang.}, month = {nov}, articleno = {185}, numpages = {30}, keywords = {Static Analysis, Neural Networks, Fairness, Abstract Interpretation} } @inproceedings{ chugg2023auditing, title={Auditing Fairness by Betting}, author={Ben Chugg and Santiago Cortes-Gomez and Bryan Wilder and Aaditya Ramdas}, booktitle={Thirty-seventh Conference on Neural Information Processing Systems}, year={2023}, url={https://openreview.net/forum?id=EEVpt3dJQj} } @inproceedings{yan2022active, title={Active fairness auditing}, author={Yan, Tom and Zhang, Chicheng}, booktitle={International Conference on Machine Learning}, pages={24929--24962}, year={2022}, organization={PMLR} } @article{de2024fairness, title={Fairness Auditing with Multi-Agent Collaboration}, author={de Vos, Martijn and Dhasade, Akash and Bourr{\'e}e, Jade Garcia and Kermarrec, Anne-Marie and Merrer, Erwan Le and Rottembourg, Benoit and Tredan, Gilles}, journal={arXiv preprint arXiv:2402.08522}, year={2024} } @inproceedings{ghosh2022algorithmic, title={Algorithmic fairness verification with graphical models}, author={Ghosh, Bishwamittra and Basu, Debabrota and Meel, Kuldeep S}, booktitle={Proceedings of the AAAI Conference on Artificial Intelligence}, volume={36}, number={9}, pages={9539--9548}, year={2022} } @inproceedings{ghosh2023biased, title={“How Biased are Your Features?”: Computing Fairness Influence Functions with Global Sensitivity Analysis}, author={Ghosh, Bishwamittra and Basu, Debabrota and Meel, Kuldeep S}, booktitle={Proceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency}, pages={138--148}, year={2023} } @article{FairSquare, author = {Albarghouthi, Aws and D'Antoni, Loris and Drews, Samuel and Nori, Aditya V.}, title = {FairSquare: probabilistic verification of program fairness}, year = {2017}, issue_date = {October 2017}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {1}, number = {OOPSLA}, url = {https://doi.org/10.1145/3133904}, doi = {10.1145/3133904}, journal = {Proc. ACM Program. Lang.}, month = {oct}, articleno = {80}, numpages = {30}, keywords = {Algorithmic Fairness, Probabilistic Inference, Probabilistic Programming} } @article{saleiro2018aequitas, title={Aequitas: A bias and fairness audit toolkit}, author={Saleiro, Pedro and Kuester, Benedict and Hinkson, Loren and London, Jesse and Stevens, Abby and Anisfeld, Ari and Rodolfa, Kit T and Ghani, Rayid}, journal={arXiv preprint arXiv:1811.05577}, year={2018} } @article{bastani2019probabilistic, title={Probabilistic verification of fairness properties via concentration}, author={Bastani, Osbert and Zhang, Xin and Solar-Lezama, Armando}, journal={Proceedings of the ACM on Programming Languages}, volume={3}, number={OOPSLA}, pages={1--27}, year={2019}, publisher={ACM New York, NY, USA} } @article{adler2018auditing, title={Auditing black-box models for indirect influence}, author={Adler, Philip and Falk, Casey and Friedler, Sorelle A and Nix, Tionney and Rybeck, Gabriel and Scheidegger, Carlos and Smith, Brandon and Venkatasubramanian, Suresh}, journal={Knowledge and Information Systems}, volume={54}, pages={95--122}, year={2018}, publisher={Springer} } @inproceedings{black2020fliptest, title={Fliptest: fairness testing via optimal transport}, author={Black, Emily and Yeom, Samuel and Fredrikson, Matt}, booktitle={Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency}, pages={111--121}, year={2020} } @article{Justicia, title={Justicia: A Stochastic SAT Approach to Formally Verify Fairness}, volume={35}, url={https://ojs.aaai.org/index.php/AAAI/article/view/16925}, DOI={10.1609/aaai.v35i9.16925}, number={9}, journal={Proceedings of the AAAI Conference on Artificial Intelligence}, author={Ghosh, Bishwamittra and Basu, Debabrota and Meel, Kuldeep S.}, year={2021}, month={May}, pages={7554-7563} }