changed if man file

_posts/2024-10-07-ifman.md

@@ -67,7 +67,7 @@ settings, as shown in the table below.</li>
 
 <div class='l-body' align="center">
 <img class="img-fluid rounded z-depth-1" src="{{ site.baseurl }}/assets/img/2024-10-ifman/baselinevsours.png">
-<figcaption style="text-align: center; margin-top: 10px; margin-bottom: 10px;"> Success Rates of the Baseline vs. our Single-Target Attack for Data Valuation. $k$ is the ranking, as in top- $k$. ${\small \Delta_{\rm acc}}:= \small \rm TestAcc(\theta^*) - \small \rm TestAcc(\theta^\prime)$ represents drop in test accuracy for manipulated model $\theta^\prime$. Two success rates are reported : (1) when $\small \Delta_{\rm acc} \leq 3\%$ (2) the best success rate irrespective of accuracy drop. (\%) represents model accuracy. (-) means a model with non-zero success rate could not be found & hence accuracy can't be stated. Our attack has a significantly higher success rate as compared to the baseline with a much smaller accuracy drop under all settings.</figcaption>
+<figcaption style="text-align: center; margin-top: 10px; margin-bottom: 10px;"> Success Rates of the Baseline vs. our Single-Target Attack for Data Valuation. $k$ is the ranking, as in top- $k$. ${\small \Delta_{\rm acc}}:= \small \rm TestAcc(\theta^*) - \small \rm TestAcc(\theta^\prime)$ represents drop in test accuracy for manipulated model $\theta^\prime$. Two success rates are reported : (1) when $\small \Delta_{\rm acc} \leq 3\%$ (2) the best success rate irrespective of accuracy drop. ($\%$) represents model accuracy. (-) means a model with non-zero success rate could not be found & hence accuracy can't be stated. Our attack has a significantly higher success rate as compared to the baseline with a much smaller accuracy drop under all settings.</figcaption>
 </div>
 
 
@@ -118,7 +118,7 @@ We propose an untargeted attack for this use-case : scale the base model by a po
 
 All our experiments are on logistic regression models trained on standard fairness datasets. We measure fairness with demographic parity <d-cite key="dwork2012fairness"></d-cite>, which is a standard fairness metric.
 
-As can be seen from our results in the figure below, the scaling attack works surprisingly well across all datasets -- downstream models achieved after our attack are considerably less fair (higher DP gap) than the models without attack, achieving a maximum difference of 16\% in the DP gap. Simultaneously, downstream models post-attack maintain similar test accuracies to downstream models without attack. Since the process to achieve the downstream model involves a lot of steps, including solving a non-convex optimization problem to find training data weights and then retraining a model, we sometimes do not see a smooth monotonic trend in fairness metric values w.r.t. scaling coefficients. However, this does not matter much from the attacker's perspective as all the attacker needs is one scaling coefficient which meets the attack success criteria.
+As can be seen from our results in the figure below, the scaling attack works surprisingly well across all datasets -- downstream models achieved after our attack are considerably less fair (higher DP gap) than the models without attack, achieving a maximum difference of 16$\%$ in the DP gap. Simultaneously, downstream models post-attack maintain similar test accuracies to downstream models without attack. Since the process to achieve the downstream model involves a lot of steps, including solving a non-convex optimization problem to find training data weights and then retraining a model, we sometimes do not see a smooth monotonic trend in fairness metric values w.r.t. scaling coefficients. However, this does not matter much from the attacker's perspective as all the attacker needs is one scaling coefficient which meets the attack success criteria.
 
 <div class='l-body' align="center">
 <img class="img-fluid rounded z-depth-1" src="{{ site.baseurl }}/assets/img/2024-10-ifman/fairness.png">