ETD

Archivio digitale delle tesi discusse presso l'Università di Pisa

Tesi etd-02082021-114809


Tipo di tesi
Tesi di laurea magistrale
Autore
SABIU, FRANCESCO
URN
etd-02082021-114809
Titolo
Privacy risk analysis of LIME explanations
Dipartimento
INFORMATICA
Corso di studi
INFORMATICA
Relatori
relatore Monreale, Anna
relatore Dott.ssa Naretto, Francesca
Parole chiave
  • explainable ai
  • privacy
  • machine learning
Data inizio appello
05/03/2021
Consultabilità
Non consultabile
Data di rilascio
05/03/2091
Riassunto
The explainability of AI-based decisions is becoming a serious concern within the AI community.
AI explainers are implemented by means of transparent, human-understandable AI data-based models such as decision trees and association rules based classifiers. However, several privacy-related risks deriving from explanators have been demonstrated.
In this thesis, we study such risks and evaluate some privacy attacks that the adoption of explanation methods based on neighborhood generation can facilitate. For our experiments, we avail ourselves of several tabular datasets. We train ML models on them and we discuss how related explanators can be used to increase the attacker knowledge about the training data. In particular, we perform several experiments whose common pattern consists in (i) getting a local explanation of an instance by means of a Local Interpretable Model-Agnostic Explanator (LIME) in order to increase our knowledge about the neighborhood of a data point; (ii) using the explanator outcome in order to restrict the features domain on which perform a more accurate and focused membership inference attack. Our results highlight privacy risks arising from the explanation of ML outcomes, as well as the need to define mitigation strategies in order to avoid privacy threats.
File