We consider counterfactual explanations for private support vector machines (SVM), where the privacy mechanism that publicly releases the classifier guarantees differential privacy. While privacy preservation is essential when dealing with sensitive data, there is a consequent degradation in the classification accuracy due to the introduced perturbations in the classifier weights. For such classifiers, counterfactual explanations need to be robust against the uncertainties in the SVM weights in order to ensure, with high confidence, that the classification of the data instance to be explained is different than its explanation. We model the uncertainties in the SVM weights through a random vector, and formulate the explanation problem as an optimization problem with probabilistic constraint. Subsequently, we characterize the problem's deterministic equivalent and study its solution. For linear SVMs, the problem is a convex second-order cone program. For non-linear SVMs, the problem is non-convex. Thus, we propose a sub-optimal solution that is based on the bisection method. The results show that, contrary to non-robust explanations, the quality of explanations from the robust solution degrades with increasing privacy in order to guarantee a prespecified confidence level for correct classifications.
翻译:我们考虑私人支持矢量机器(SVM)的反事实解释,因为公开释放分类器的隐私机制保障了有差异的隐私。在处理敏感数据时,隐私保护至关重要,但由于在分类器重量中引入了扰动,因此分类精确度也因此降低。对于这种分类器,反事实解释需要针对SVM重量的不确定性作出有力解释,以便非常有信心地确保解释的数据实例的分类与其解释不同。我们通过随机矢量来模拟SVM重量的不确定性,并将解释问题表述为概率限制的优化问题。随后,我们将问题的确定等值定性,并研究其解决方案。对于线性 SVMS来说,问题是一个共性第二阶调的锥形程序。对于非线性 SVMS,问题在于非线性 SVMs。因此,我们建议一个以两节方法为基础的亚优性解决方案。结果显示,与非破裂的解释相反,从稳健的解决方案分类中找到质量,以不断提高的保密程度,从而保证准确的保密程度。