Robust Ranking Explanations
This work addresses the need for trustworthy AI by improving the robustness of explanations for human users, though it is incremental as it builds on existing defense methods.
The paper tackles the problem of making top salient features in machine learning model explanations robust to adversarial attacks, and demonstrates that their R2ET algorithm achieves higher explanation robustness across various network architectures and data modalities while maintaining accuracy.
Robust explanations of machine learning models are critical to establish human trust in the models. Due to limited cognition capability, most humans can only interpret the top few salient features. It is critical to make top salient features robust to adversarial attacks, especially those against the more vulnerable gradient-based explanations. Existing defense measures robustness using $\ell_p$-norms, which have weaker protection power. We define explanation thickness for measuring salient features ranking stability, and derive tractable surrogate bounds of the thickness to design the \textit{R2ET} algorithm to efficiently maximize the thickness and anchor top salient features. Theoretically, we prove a connection between R2ET and adversarial training. Experiments with a wide spectrum of network architectures and data modalities, including brain networks, demonstrate that R2ET attains higher explanation robustness under stealthy attacks while retaining accuracy.