Attack-Resistant Uniform Fairness for Linear and Smooth Contextual Bandits

Modern systems, such as digital platforms and service systems, increasingly rely on contextual bandits for online decision-making; however, their deployment can inadvertently create unfair exposure among arms, undermining long-term platform sustainability and supplier trust. This paper studies the contextual bandit problem under a uniform $(1-δ)$-fairness constraint, and addresses its unique vulnerabilities to strategic manipulation. The fairness constraint ensures that preferential treatment is strictly justified by an arm’s actual reward across all contexts and time horizons, using uniformity to prevent statistical loopholes. We develop novel algorithms that achieve (nearly) minimax-optimal regret for both linear and smooth reward functions, while maintaining strong $(1-\tilde{O}(1/T))$-fairness guarantees, and further characterize the theoretically inherent yet asymptotically marginal “price of fairness”. However, we reveal that such merit-based fairness becomes uniquely susceptible to signal manipulation. We show that an adversary with a minimal $\tilde{O}(1)$ budget can not only degrade overall performance as in traditional attacks, but also selectively induce insidious fairness-specific failures while leaving conspicuous regret measures largely unaffected. To counter this, we design robust variants incorporating corruption-adaptive exploration and error-compensated thresholding. Our approach yields the first minimax-optimal regret bounds under $C$-budgeted attack while preserving $(1-\tilde{O}(1/T))$-fairness. Numerical experiments and a real-world case demonstrate that our algorithms sustain both fairness and efficiency.

💡 Research Summary

The paper tackles a pressing issue in modern digital platforms that rely on contextual bandits for allocating exposure among competing items (e.g., advertisers, creators, workers). While traditional bandit algorithms aim solely at maximizing cumulative reward, they often create “poverty traps” where high‑quality items receive insufficient exposure due to early‑stage noise or insufficient exploration. This leads to item‑level unfairness that can erode supplier trust and long‑term ecosystem health.

To address this, the authors introduce a rigorous uniform (1‑δ)‑fairness definition. Unlike average‑based fairness notions, this criterion requires that, with probability at least 1‑δ, an arm is favored over another only if its true expected reward is higher, and this must hold simultaneously for every context and every round. The definition eliminates statistical loopholes that could hide systematic bias in particular regions of the context space.

The technical contributions are fourfold. First, for linear reward models (reward = θ_a·x_t), they augment a LinUCB‑style algorithm with a fairness verification step and a carefully calibrated exploration schedule that minimizes a “confusion zone” where fairness judgments are ambiguous. The resulting algorithm achieves minimax‑optimal regret O(√(dT log T)) while guaranteeing (1‑O(1/T)) uniform fairness.

Second, for β‑smooth Hölder reward classes (β ≥ 1), they extend the Adaptive Binning Strategy (ABSE) to handle the fairness constraint. Their smooth‑bandit algorithm attains the known minimax regret O(T^{(d+β)/(d+2β)} polylog T) and the same uniform fairness guarantee. In both settings they quantify the price of fairness: the regret lower bound increases only by logarithmic factors compared to the unconstrained case, showing that fairness can be achieved with negligible efficiency loss.

Third, the paper uncovers a novel vulnerability: because fairness decisions rely on observed reward signals, an adversary with a tiny total corruption budget (≈ O(1)) can manipulate those signals to break fairness without noticeably affecting overall regret. Two attack modes are described: (a) an “invisible fairness attack” that subtly skews reward estimates so that a high‑quality arm is systematically under‑exposed while total regret remains almost unchanged; (b) a “destructive attack” that drives the algorithm into a permanent failure state, incurring linear regret O(T) and persistent unfairness.

Fourth, the authors propose robust, corruption‑adaptive algorithms that preserve uniform fairness under a C‑budget of adversarial corruption. They introduce an epoch‑based exploration scheme that adapts to estimated corruption levels and an error‑compensated thresholding rule that safely discounts potentially corrupted observations. In the linear case, the regret penalty is additive O(C); in the smooth case, they derive a multiplicative coupling between C and T (e.g., when C = O(T^{β/(2β+d)}), the regret remains near‑optimal). Crucially, the robust algorithms still satisfy (1‑O(1/T)) uniform fairness.

Empirical evaluation on synthetic data and real‑world advertising/recommendation logs demonstrates that the proposed methods dramatically reduce fairness violations compared to standard UCB/LinUCB baselines, while incurring only marginal regret overhead. Even when attacks are designed to keep regret low, the algorithms successfully prevent the hidden erosion of fairness.

Overall, the paper delivers a unified theoretical framework and practical algorithms that simultaneously guarantee uniform item‑level fairness, near‑optimal learning efficiency, and robustness to strategic signal manipulation in both linear and smooth contextual bandit settings. This work bridges a critical gap between fairness and security in sequential decision‑making systems, offering actionable insights for the design of trustworthy digital marketplaces.