Robust Explanations for Private Support Vector Machines
This work is significant for users of differentially private SVMs who require reliable and robust counterfactual explanations, especially in sensitive data domains where both privacy and interpretability are crucial.
This paper addresses the challenge of generating robust counterfactual explanations for Support Vector Machines (SVMs) that have been trained with differential privacy, where the privacy mechanism introduces uncertainty in the classifier weights. The authors formulate this as an optimization problem with a probabilistic constraint and find that for linear SVMs, it is a convex second-order cone program, while for non-linear SVMs, they propose a sub-optimal bisection method. Their findings indicate that robust explanations degrade in quality with increasing privacy to maintain a specified confidence level, unlike non-robust explanations.
We consider counterfactual explanations for private support vector machines (SVM), where the privacy mechanism that publicly releases the classifier guarantees differential privacy. While privacy preservation is essential when dealing with sensitive data, there is a consequent degradation in the classification accuracy due to the introduced perturbations in the classifier weights. For such classifiers, counterfactual explanations need to be robust against the uncertainties in the SVM weights in order to ensure, with high confidence, that the classification of the data instance to be explained is different than its explanation. We model the uncertainties in the SVM weights through a random vector, and formulate the explanation problem as an optimization problem with probabilistic constraint. Subsequently, we characterize the problem's deterministic equivalent and study its solution. For linear SVMs, the problem is a convex second-order cone program. For non-linear SVMs, the problem is non-convex. Thus, we propose a sub-optimal solution that is based on the bisection method. The results show that, contrary to non-robust explanations, the quality of explanations from the robust solution degrades with increasing privacy in order to guarantee a prespecified confidence level for correct classifications.