当前位置: X-MOL 学术Artif. Intell. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Certifiably robust interpretation via Rényi differential privacy
Artificial Intelligence ( IF 14.4 ) Pub Date : 2022-09-21 , DOI: 10.1016/j.artint.2022.103787
Ao Liu, Xiaoyu Chen, Sijia Liu, Lirong Xia, Chuang Gan

Motivated by the recent discovery that the interpretation maps of CNNs could easily be manipulated by adversarial attacks against network interpretability, we study the problem of interpretation robustness from a new perspective of Rényi differential privacy (RDP). The advantages of our Rényi-Robust-Smooth (RDP-based interpretation method) are three-folds. First, it can offer provable and certifiable top-k robustness. That is, the top-k important attributions of the interpretation map are provably robust under any input perturbation with bounded d-norm (for any d1, including d=). Second, our proposed method offers ∼12% better experimental robustness than existing approaches in terms of the top-k attributions. Remarkably, the accuracy of Rényi-Robust-Smooth also outperforms existing approaches. Third, our method can provide a smooth tradeoff between robustness and computational efficiency. Experimentally, its top-k attributions are twice more robust than existing approaches when the computational resources are highly constrained.



中文翻译:

通过 Rényi 差分隐私进行可证明的稳健解释

受最近发现 CNN 的解释图很容易被针对网络可解释性的对抗性攻击操纵的启发,我们从 Rényi 差分隐私 (RDP) 的新角度研究解释鲁棒性问题。我们的 Rényi-Robust-Smooth(基于 RDP 的解释方法)的优势有三方面。首先,它可以提供可证明和可证明的 top- k稳健性。也就是说,解释图的前k个重要属性在任何有界的输入扰动下都被证明是稳健的d-规范(对于任何d1, 包含d=)。其次,就前k个属性而言,我们提出的方法比现有方法提供了 12% 更好的实验鲁棒性。值得注意的是,Rényi-Robust-Smooth 的准确性也优于现有方法。第三,我们的方法可以在鲁棒性和计算效率之间提供平滑的折衷。在实验上,当计算资源受到高度限制时,它的 top- k属性比现有方法的鲁棒性强两倍。

更新日期:2022-09-21
down
wechat
bug