Adversarial Robustness in One-Stage Learning-to-Defer
This addresses a critical security gap in hybrid decision-making systems for applications like healthcare or finance, though it is incremental by extending robustness analysis from two-stage to one-stage L2D.
The paper tackles the vulnerability of one-stage Learning-to-Defer (L2D) systems to adversarial perturbations, which can manipulate both predictions and deferral decisions, by introducing a framework with formal attacks, cost-sensitive adversarial losses, and theoretical guarantees, and shows improved robustness on benchmark datasets while maintaining clean performance.
Learning-to-Defer (L2D) enables hybrid decision-making by routing inputs either to a predictor or to external experts. While promising, L2D is highly vulnerable to adversarial perturbations, which can not only flip predictions but also manipulate deferral decisions. Prior robustness analyses focus solely on two-stage settings, leaving open the end-to-end (one-stage) case where predictor and allocation are trained jointly. We introduce the first framework for adversarial robustness in one-stage L2D, covering both classification and regression. Our approach formalizes attacks, proposes cost-sensitive adversarial surrogate losses, and establishes theoretical guarantees including $\mathcal{H}$, $(\mathcal{R }, \mathcal{F})$, and Bayes consistency. Experiments on benchmark datasets confirm that our methods improve robustness against untargeted and targeted attacks while preserving clean performance.