SHLIME: Foiling adversarial attacks fooling SHAP and LIME
This addresses the problem of ensuring transparency in machine learning for users deploying high-stakes models, but it is incremental as it builds on prior work to evaluate robustness improvements.
The paper tackled the vulnerability of post hoc explanation methods like LIME and SHAP to adversarial manipulation that can conceal biases, and found that certain ensemble configurations substantially improve bias detection in high-stakes systems.
Post hoc explanation methods, such as LIME and SHAP, provide interpretable insights into black-box classifiers and are increasingly used to assess model biases and generalizability. However, these methods are vulnerable to adversarial manipulation, potentially concealing harmful biases. Building on the work of Slack et al. (2020), we investigate the susceptibility of LIME and SHAP to biased models and evaluate strategies for improving robustness. We first replicate the original COMPAS experiment to validate prior findings and establish a baseline. We then introduce a modular testing framework enabling systematic evaluation of augmented and ensemble explanation approaches across classifiers of varying performance. Using this framework, we assess multiple LIME/SHAP ensemble configurations on out-of-distribution models, comparing their resistance to bias concealment against the original methods. Our results identify configurations that substantially improve bias detection, highlighting their potential for enhancing transparency in the deployment of high-stakes machine learning systems.