Models That Are Interpretable But Not Transparent
This addresses the problem of model security for designers in sensitive domains, though it is incremental as it builds on existing interpretable models.
The paper tackles the tension between needing interpretable models for high-stakes applications and protecting proprietary decision boundaries from attackers, proposing FaithfulDefense to generate completely faithful explanations that minimize boundary revelation.
Faithful explanations are essential for machine learning models in high-stakes applications. Inherently interpretable models are well-suited for these applications because they naturally provide faithful explanations by revealing their decision logic. However, model designers often need to keep these models proprietary to maintain their value. This creates a tension: we need models that are interpretable--allowing human decision-makers to understand and justify predictions, but not transparent, so that the model's decision boundary is not easily replicated by attackers. Shielding the model's decision boundary is particularly challenging alongside the requirement of completely faithful explanations, since such explanations reveal the true logic of the model for an entire subspace around each query point. This work provides an approach, FaithfulDefense, that creates model explanations for logical models that are completely faithful, yet reveal as little as possible about the decision boundary. FaithfulDefense is based on a maximum set cover formulation, and we provide multiple formulations for it, taking advantage of submodularity.