You Don’t Need Robust Machine Learning to Manage Adversarial Attack Risks
DOI:
https://doi.org/10.1609/aies.v8i3.36698Abstract
The robustness of modern machine learning (ML) models has become an increasing concern within the community. The ability to subvert a model into making errant predictions using seemingly inconsequential changes to input is startling, as is our lack of success in building models robust to this concern. Existing research shows progress, but current mitigations come with a high cost and simultaneously reduce the model's accuracy. However, such trade-offs may not be necessary when other design choices could subvert the risk. In this article, we argue that a majority of real-world applications may not have any immediate need for models robust to adversarial machine learning (AML) by critically analyzing the literature, and our experience in designing around such constraints. This is done with an eye toward how one would then mitigate these attacks in practice, the risks for production deployment, and how those risks could be managed. In doing so we elucidate that many AML threats do not warrant the cost and trade-offs of robustness due to a low likelihood of attack or availability of superior non-ML mitigation. Our analysis also recommends cases where an actor should be concerned about AML to the degree where robust ML models are necessary for a complete deployment. Ultimately, we as a community need to better design benchmark threat modelsthat allow research to progress with more applicability to real-world use, as a direction separate from the value in understanding the abilities/limitations of models in a ``lab'' threat model.
Downloads
Published
2025-10-15
How to Cite
Raff, E., Benaroch, M., & Farris, A. L. (2025). You Don’t Need Robust Machine Learning to Manage Adversarial Attack Risks. Proceedings of the AAAI ACM Conference on AI, Ethics, and Society, 8(3), 2094–2106. https://doi.org/10.1609/aies.v8i3.36698
