On the interplay of Explainability, Privacy and Predictive Performance with Explanation-assisted Model Extraction
Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:H2GSWZE3record.jsonopen to challenge →
read the original abstract
Machine Learning as a Service (MLaaS) has gained important attraction as a means for deploying powerful predictive models, offering ease of use that enables organizations to leverage advanced analytics without substantial investments in specialized infrastructure or expertise. However, MLaaS platforms must be safeguarded against security and privacy attacks, such as model extraction (MEA) attacks. The increasing integration of explainable AI (XAI) within MLaaS has introduced an additional privacy challenge, as attackers can exploit model explanations particularly counterfactual explanations (CFs) to facilitate MEA. In this paper, we investigate the trade offs among model performance, privacy, and explainability when employing Differential Privacy (DP), a promising technique for mitigating CF facilitated MEA. We evaluate two distinct DP strategies: implemented during the classification model training and at the explainer during CF generation.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
RECAST: Model Reconstruction via Counterfactual-Aware Wasserstein Geometry under Limited Data
RECAST reconstructs black-box models under limited data by treating counterfactuals as class samples within a Wasserstein geometry framework to preserve surrogate fidelity without online access.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.