Towards Robust Explanations for Deep Neural Networks
This work is significant for researchers and practitioners who rely on the trustworthiness of explanations for deep neural networks, by making them more resilient to adversarial manipulations.
This paper addresses the susceptibility of explanation methods for deep neural networks to manipulations. It proposes a theoretical framework to bound manipulability and introduces three techniques—weight decay, activation smoothing, and Hessian minimization—to enhance explanation robustness, confirming their effectiveness experimentally.
Explanation methods shed light on the decision process of black-box classifiers such as deep neural networks. But their usefulness can be compromised because they are susceptible to manipulations. With this work, we aim to enhance the resilience of explanations. We develop a unified theoretical framework for deriving bounds on the maximal manipulability of a model. Based on these theoretical insights, we present three different techniques to boost robustness against manipulation: training with weight decay, smoothing activation functions, and minimizing the Hessian of the network. Our experimental results confirm the effectiveness of these approaches.