Affiliations: [a]
Indraprastha Institute of Information Technology, Delhi, India
| [b] Scientific Analysis Group, Delhi, India
| [c]
Institute for Systems Studies and Analyses, Delhi, India
| [d]
Aurel Vlaicu University of Arad, Arad, Romania
Correspondence:
[*]
Corresponding author. Vasisht Duddu, Indraprastha Institute of Information Technology, Delhi, India. E-mail: [email protected].
Abstract: Applications using Artificial Intelligence techniques demand a thorough assessment of different aspects of trust, namely, data and model privacy, reliability, robustness against adversarial attacks, fairness, and interpretability. While each of these aspects has been extensively studied in isolation, an understanding of the trade-offs between different aspects of trust is lacking. In this work, the trade-off between fault tolerance, privacy, and adversarial robustness is evaluated for Deep Neural Networks, by considering two adversarial settings under security and a privacy threat model. Specifically, this work studies the impact of training the model with input noise (Adversarial Robustness) and gradient noise (Differential Privacy) on Neural Network’s fault tolerance. While adding noise to inputs, gradients or weights enhances fault tolerance, it is observed that adversarial robustness lowers fault tolerance due to increased overfitting. On the other hand, (εdp, δdp)-Differentially Private models enhance the fault tolerance, measured using generalisation error, which theoretically has an upper bound of eεdp - 1 + δdp. This novel study of the trade-offs between different aspects of trust is pivotal for training trustworthy Machine Learning models.
