Quantitative Evaluation of the Expected Antagonism of Explainability and Privacy: Unterschied zwischen den Versionen

Aus IPD-Institutsseminar
Zur Navigation springen Zur Suche springen
Zeile 2: Zeile 2:
 
|vortragender=Martin Lange
 
|vortragender=Martin Lange
 
|email=martin.lange@student.kit.edu
 
|email=martin.lange@student.kit.edu
|vortragstyp=Proposal
+
|vortragstyp=Bachelorarbeit
 
|betreuer=Clemens Müssener
 
|betreuer=Clemens Müssener
 
|termin=Institutsseminar/2021-06-11
 
|termin=Institutsseminar/2021-06-11
|kurzfassung=Explainers for machine learning models help humans and models work together. They build trust in a model's decision by giving further insight into the decision making process. However, it is unclear whether this insight can also expose private information. The question of my thesis is whether there exists a conflict of objectives between explainability and privacy and how to measure the effects of this conflict.
+
|kurzfassung=Explainable artificial intelligence (XAI) offers a reasoning behind a model's behavior.
 
+
For many explainers this proposed reasoning gives us more information about
I propose two different possible types of attack that can be applied against explainers: model extraction and information about the training data. Differential privacy is introduced as a way to measure the privacy breach of these attacks. Finally, three specific use cases are presented where explainers can realistically be abused to breach differential privacy.
+
the inner workings of the model or even about the training data. Since data privacy is  
 +
becoming an important issue the question arises whether explainers can leak private data.
 +
It is unclear what private data can be obtained from different kinds of explanation.
 +
In this thesis I adapt three privacy attacks in machine learning to the field of XAI:
 +
model extraction, membership inference and training data extraction.  
 +
The different kinds of explainers are sorted into these categories argumentatively and I present specific use cases how an attacker can obtain private data from an
 +
explanation. I demonstrate membership inference and training data extraction for two specific explainers in experiments. Thus, privacy can be breached with the help of explainers.
 
}}
 
}}

Version vom 10. August 2021, 12:15 Uhr

Vortragende(r) Martin Lange
Vortragstyp Bachelorarbeit
Betreuer(in) Clemens Müssener
Termin Fr 11. Juni 2021
Vortragsmodus
Kurzfassung Explainable artificial intelligence (XAI) offers a reasoning behind a model's behavior.

For many explainers this proposed reasoning gives us more information about the inner workings of the model or even about the training data. Since data privacy is becoming an important issue the question arises whether explainers can leak private data. It is unclear what private data can be obtained from different kinds of explanation. In this thesis I adapt three privacy attacks in machine learning to the field of XAI: model extraction, membership inference and training data extraction. The different kinds of explainers are sorted into these categories argumentatively and I present specific use cases how an attacker can obtain private data from an explanation. I demonstrate membership inference and training data extraction for two specific explainers in experiments. Thus, privacy can be breached with the help of explainers.