Abstract | ||
---|---|---|
Motivated by the recent discovery that the interpretation maps of CNNs could easily be manipulated by adversarial attacks against network interpretability, we study the problem of interpretation robustness from a new perspective of Rényi differential privacy (RDP). The advantages of our Rényi-Robust-Smooth (RDP-based interpretation method) are three-folds. First, it can offer provable and certifiable top-k robustness. That is, the top-k important attributions of the interpretation map are provably robust under any input perturbation with bounded ℓd-norm (for any d≥1, including d=∞). Second, our proposed method offers ∼12% better experimental robustness than existing approaches in terms of the top-k attributions. Remarkably, the accuracy of Rényi-Robust-Smooth also outperforms existing approaches. Third, our method can provide a smooth tradeoff between robustness and computational efficiency. Experimentally, its top-k attributions are twice more robust than existing approaches when the computational resources are highly constrained. |
Year | DOI | Venue |
---|---|---|
2022 | 10.1016/j.artint.2022.103787 | Artificial Intelligence |
Keywords | DocType | Volume |
Differential privacy,Machine learning,Robustness,Interpretation,Neural networks | Journal | 313 |
ISSN | Citations | PageRank |
0004-3702 | 0 | 0.34 |
References | Authors | |
0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ao Liu | 1 | 35 | 11.59 |
Xiaoyu Chen | 2 | 0 | 0.34 |
Sijia Liu | 3 | 181 | 42.37 |
Lirong Xia | 4 | 1034 | 86.84 |
Chuang Gan | 5 | 253 | 31.92 |