This document summarizes a presentation on explanation in machine learning. It discusses two types of explanations: saliency maps and similar examples. Saliency maps highlight important regions of an input that influenced a prediction. Similar examples provide instances from a database that are similar to the input. The document notes that the reliability of explanations has become a key concern, as explanations may not be valid or could be used maliciously. It reviews research evaluating the faithfulness and plausibility of explanations, and proposes tests like parameter randomization to evaluate faithfulness. The talk concludes that generating fake explanations could allow unfair models to appear fair, highlighting a risk of "fairwashing" that more research is needed to address.
ゼロから始める深層強化学習(NLP2018講演資料)/ Introduction of Deep Reinforcement LearningPreferred Networks
Introduction of Deep Reinforcement Learning, which was presented at domestic NLP conference.
言語処理学会第24回年次大会(NLP2018) での講演資料です。
http://www.anlp.jp/nlp2018/#tutorial
ゼロから始める深層強化学習(NLP2018講演資料)/ Introduction of Deep Reinforcement LearningPreferred Networks
Introduction of Deep Reinforcement Learning, which was presented at domestic NLP conference.
言語処理学会第24回年次大会(NLP2018) での講演資料です。
http://www.anlp.jp/nlp2018/#tutorial
Graph theory could potentially make a big impact on how we conduct businesses. Imagine the case where you wish to maximize the reach of your promotion via leveraging your customers' influence, to advocate your products and bring their friends on board. The same logic of harnessing one's networks can be applied to purchase recommendation, customer behavior, and fraud detection.
Running analyses on large graphs was not trivial for many companies - until recently. The field has made significant steps in the last five years and scalable graph computations are now the norm. You can now run graph computations out-of-core (no memory constraints) and in parallel (multiple machines), especially in Spark which is spreading like wildfire.
A lot of people are familiar with graphX, a pretty solid implementation of scalable graphs in Spark. GraphX is pretty interesting but the project seems to be orphaned. The good news is, there is now an alternative: Graphframes. They are a new data structure that takes the best parts of dataframes and graphs
In this talk, I will be explaining how to use Graphframes from Python, a new data structure in Spark 2.0 that takes the best parts of dataframes and graphs, with an example using personalized pagerank for recommendations.
Graph theory could potentially make a big impact on how we conduct businesses. Imagine the case where you wish to maximize the reach of your promotion via leveraging your customers' influence, to advocate your products and bring their friends on board. The same logic of harnessing one's networks can be applied to purchase recommendation, customer behavior, and fraud detection.
Running analyses on large graphs was not trivial for many companies - until recently. The field has made significant steps in the last five years and scalable graph computations are now the norm. You can now run graph computations out-of-core (no memory constraints) and in parallel (multiple machines), especially in Spark which is spreading like wildfire.
A lot of people are familiar with graphX, a pretty solid implementation of scalable graphs in Spark. GraphX is pretty interesting but the project seems to be orphaned. The good news is, there is now an alternative: Graphframes. They are a new data structure that takes the best parts of dataframes and graphs
In this talk, I will be explaining how to use Graphframes from Python, a new data structure in Spark 2.0 that takes the best parts of dataframes and graphs, with an example using personalized pagerank for recommendations.
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...Daniel Zivkovic
Serverless Toronto's 6th-anniversary event helps IT pros understand and prepare for the #GenAI tsunami ahead. You'll gain situational awareness of the LLM Landscape, receive condensed insights, and actionable advice about RAG in 2024 from Google AI Lead Mark Ryan and LlamaIndex creator Jerry Liu. We chose #RAG (Retrieval-Augmented Generation) because it is the predominant paradigm for building #LLM (Large Language Model) applications in enterprises today - and that's where the jobs will be shifting. Here is the recording: https://youtu.be/P5xd1ZjD-Os?si=iq8xibj5pJsJ62oW
DutchMLSchool. Logistic Regression, Deepnets, Time SeriesBigML, Inc
DutchMLSchool. Logistic Regression, Deepnets, and Time Series (Supervised Learning II) - Main Conference: Introduction to Machine Learning.
DutchMLSchool: 1st edition of the Machine Learning Summer School in The Netherlands.
Building Large-scale Real-world Recommender Systems - Recsys2012 tutorialXavier Amatriain
There is more to recommendation algorithms than rating prediction. And, there is more to recommender systems than algorithms. In this tutorial, given at the 2012 ACM Recommender Systems Conference in Dublin, I review things such as different interaction and user feedback mechanisms, offline experimentation and AB testing, or software architectures for Recommender Systems.
Picked-up lists of GAN variants which provided insights to the community. (GANs-Improved GANs-DCGAN-Unrolled GAN-InfoGAN-f-GAN-EBGAN-WGAN)
After short introduction to GANs, we look through the remaining difficulties of standard GANs and their temporary solutions (Improved GANs). By following the slides, we can see the other solutions which tried to resolve the problems in various ways, e.g. careful architecture selection (DCGAN), slight change in update (Unrolled GAN), additional constraint (InfoGAN), generalization of the loss function using various divergence (f-GAN), providing new framework of energy based model (EBGAN), another step of generalization of the loss function (WGAN).
Deep dive into the mathematics and algorithms of neural nets. Covers the sigmoid activation function, cross-entropy loss function, gradient descent and the derivatives used in back propagation.
Keynote at the European Semantic Web Conference (ESWC 2006). The talk tries to figure out what the main scientific challenges are in Semantic Web research.
This talk was also recorded on video, and is available on-line at http://videolectures.net/eswc06_harmelen_wswnj/
Introductory presentation to Explainable AI, defending its main motivations and importance. We describe briefly the main techniques available in March 2020 and share many references to allow the reader to continue his/her studies.
Convex Hull Approximation of Nearly Optimal Lasso SolutionsSatoshi Hara
Satoshi Hara, Takanori Maehara. Convex Hull Approximation of Nearly Optimal Lasso Solutions. In Proceedings of 16th Pacific Rim International Conference on Artificial Intelligence, Part II, pages 350--363, 2019.
Theoretical Linear Convergence of Unfolded ISTA and its Practical Weights and...Satoshi Hara
【NeurIPS 2018 読み会 in 京都】
Theoretical Linear Convergence of Unfolded ISTA and its Practical Weights and Thresholds
https://papers.nips.cc/paper/8120-theoretical-linear-convergence-of-unfolded-ista-and-its-practical-weights-and-thresholds
* Satoshi Hara and Kohei Hayashi. Making Tree Ensembles Interpretable: A Bayesian Model Selection Approach. AISTATS'18 (to appear).
arXiv ver.: https://arxiv.org/abs/1606.09066#
* GitHub
https://github.com/sato9hara/defragTrees
ERATO感謝祭 Season IV
【参考】Satoshi Hara and Takanori Maehara. Enumerate Lasso Solutions for Feature Selection. In Proceedings of the 31st AAAI Conference on Artificial Intelligence (AAAI'17), pages 1985--1991, 2017.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Explanation in Machine Learning and Its Reliability
1. NeurIPS Meetup Japan 2021, Satoshi Hara
Explanation in ML
and Its Reliability
Satoshi Hara
Osaka University
1
NeurIPS Meetup Japan 2021
2. NeurIPS Meetup Japan 2021, Satoshi Hara
“Explanation” in ML
◼ Most of ML models are highly complex, or “black-box”.
◼ “Explanation in ML”: Obtain some useful information
from the model (in addition to prediction).
2
Preliminary
You are
sick.
Why?
Your XX
score is
too high.
You are
sick.
Why?
???
I don’t
know.
…
XX score is
too high.
Oh…
3. NeurIPS Meetup Japan 2021, Satoshi Hara
[Typical Explanation 1] Saliency Map
◼ Generate heatmaps where the model has focused on
when making predictions.
3
Preliminary
The outline of zebra
seems to be relevant.
4. NeurIPS Meetup Japan 2021, Satoshi Hara
[Typical Explanation 2] Similar Examples
◼ Provide some similar examples to the input of interest.
4
These images look similar.
The prediction “Lapwing” will
be correct.
Lapwing
Database
Provide some similar examples
Input
Prediction
Lapwing
Preliminary
5. NeurIPS Meetup Japan 2021, Satoshi Hara
History of “Explanation”
◼ History of Saliency Map
5
Dawn
2014 2016 2018 2020
2015 2017 2019
Exponential Growth of
Saliency Map Algos
Attack & Manipulation
Sanity Check
[Adebayo+,2018]
GuidedBP
[Springenberg+,2014]
DeepLIFT
[Shrikumar+,2017]
Grad-CAM
[Selvaraju+,2017]
ROAR
[Hooker+,2019]
MoRF/Deletion Metric
[Bach+,2015; Vitali+,2018]
LeRF/Insertion Metric
[Arras+,2017; Vitali+,2018]
Sensitivity
[Kindermans+,2017]
Evaluation Methods
Saliency
[Simonyan+,2014]
IntGrad
[Sundararajan+,2017]
SHAP
[Lundberg+,2017]
LIME
[Ribeiro+,2016]
LRP
[Bach+,2015]
Fairwashing
[Aivodji+,2019]
SmoothGrad
[Smilkov+,2017]
DeepTaylor
[Montavon+,2017]
Occlusion
[Zeiler+,2014]
CAM
[Zhou+,2016]
Manipulation
[Domobrowski+,2019]
The papers on “Explanation”
increased exponentially.
2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008
800
700
600
500
400
300
200
100
0
Searched
“Interpretable Machine Learning”
and
“Explainable AI”
on Web of Science
Preliminary
6. NeurIPS Meetup Japan 2021, Satoshi Hara
History of “Explanation”
◼ History of Saliency Map
6
Dawn
2014 2016 2018 2020
2015 2017 2019
Exponential Growth of
Saliency Map Algos
Attack & Manipulation
Sanity Check
[Adebayo+,2018]
GuidedBP
[Springenberg+,2014]
DeepLIFT
[Shrikumar+,2017]
Grad-CAM
[Selvaraju+,2017]
ROAR
[Hooker+,2019]
MoRF/Deletion Metric
[Bach+,2015; Vitali+,2018]
LeRF/Insertion Metric
[Arras+,2017; Vitali+,2018]
Sensitivity
[Kindermans+,2017]
Evaluation Methods
Saliency
[Simonyan+,2014]
IntGrad
[Sundararajan+,2017]
SHAP
[Lundberg+,2017]
LIME
[Ribeiro+,2016]
LRP
[Bach+,2015]
Fairwashing
[Aivodji+,2019]
SmoothGrad
[Smilkov+,2017]
DeepTaylor
[Montavon+,2017]
Occlusion
[Zeiler+,2014]
CAM
[Zhou+,2016]
Manipulation
[Domobrowski+,2019]
The papers on “Explanation”
increased exponentially.
800
700
600
500
400
300
200
100
0
Searched
“Interpretable Machine Learning”
and
“Explainable AI”
on Web of Science
Reliability of “Explanation” has raised
as a crucial concern.
Are the “Explanation” truly valid?
With “Explanation”, how malicious
we can be?
Preliminary
2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008
7. NeurIPS Meetup Japan 2021, Satoshi Hara
Technical / Social Reliability of “Explanation”
Technical Reliability “Is the explanation valid?”
What we care:
• Do the algorithms output valid “Explanation”?
Research Question:
• How can we evaluate the validity of “Explanation”?
Social Reliability “Does explanation harm the society?”
What we care:
• What will happen if we introduce “Explanation” to society?
Research Question:
• Are there any malicious use cases of “Explanation”?
7
Technical Reliability
8. NeurIPS Meetup Japan 2021, Satoshi Hara
Faithfulness & Plausibility of “Explanation”
◼ Faithfulness [Lakkaraju+’19; Jacovi+’20]
• Does “Explanation” reflect the model’s reasoning process?
- Our interest is “How and why the model predicted that way.”
• Any “Explanation” irrelevant to the reasoning process is invalid.
- e.g. “Explanation” outputs something independent of the model.
◼ Plausibility [Lage+’19; Strout+’19]
• Does “Explanation” make sense to the users?
• Any “Explanation” unacceptable by the users is not ideal.
- e.g. Entire program code; Very noisy saliency map.
8
Technical Reliability
9. NeurIPS Meetup Japan 2021, Satoshi Hara
Evaluation of “Explanation”
◼ Based on Faithfulness
• Sanity Checks for Saliency Maps, NeurIPS’18.
- Julius Adebayo, Justin Gilmer, Michael Muelly, Ian Goodfellow, Moritz Hardt, Been Kim
• An epoch-making paper by Google Brain.
• Evaluation of Faithfulness for saliency maps.
◼ Based on Plausibility
• Evaluation of Similarity-based Explanations, ICLR’21.
- Kazuaki Hanawa, Sho Yokoi, Satoshi Hara, Kentaro Inui
• Evaluation of Plausibility for similarity-based explanations.
9
10. NeurIPS Meetup Japan 2021, Satoshi Hara
Evaluation of Saliency Map
◼ Plausibility
• All the maps look more or less plausible.
• Gradient, IntegratedGrad are bit noisy.
◼ Faithfulness?
10
Technical Reliability
The outline of zebra
seems to be relevant.
11. NeurIPS Meetup Japan 2021, Satoshi Hara
Evaluation of Faithfulness is Not Possible.
◼ Faithfulness
• Does “Explanation” reflect the model’s reasoning process?
◼ Alternative: Sanity Check
• Check the necessary condition for faithful “Explanation”.
◼ Q. What is the necessary condition?
• “Explanation” is model-dependent.
- Any “Explanation” irrelevant to the reasoning process is invalid.
11
Unknown
→ We cannot compare with Ground Truth.
[Remark] Passing Sanity Check alone
does not guarantee faithfulness.
Technical Reliability
12. NeurIPS Meetup Japan 2021, Satoshi Hara
Model Parameter Randomization Test
◼ Compare “Explanation” of two models with different
reasoning processes.
• Faithful “Explanation” → Outputs are different.
• Non-Faithful “Explanation” → Outputs can be identical.
12
Satisfies the necessary condition.
Passed the sanity check.
Technical Reliability
[Assumption]
These models have
different reasoning
processes.
Model 1: Fully Trained Model 2: Randomly Initialized
Input “Explanation”
by Algo. 1
“Explanation”
by Algo. 2
“Explanation” by Algo. 1 are different.
“Explanation” by Algo. 2 are identical.
Violates the necessary condition.
Failed the sanity check.
13. NeurIPS Meetup Japan 2021, Satoshi Hara
Model Parameter Randomization Test
◼ Model 2: DNN with last few layers randomized.
• Saliency Maps of Guided Backprop and Guided GradCAM are
invariant against model randomization.
→ They violate the necessary condition for faithfulness.
13
Model
1
Model
2
[Ref] Sanity Checks for Saliency Maps
Technical Reliability
14. NeurIPS Meetup Japan 2021, Satoshi Hara
Evaluation of “Explanation”
◼ Based on Faithfulness
• Sanity Checks for Saliency Maps, NeurIPS’18.
- Julius Adebayo, Justin Gilmer, Michael Muelly, Ian Goodfellow, Moritz Hardt, Been Kim
• An epoch-making paper by Google Brain.
• Evaluation of Faithfulness for saliency maps.
◼ Based on Plausibility
• Evaluation of Similarity-based Explanations, ICLR’21.
- Kazuaki Hanawa, Sho Yokoi, Satoshi Hara, Kentaro Inui
• Evaluation of Plausibility for similarity-based explanations.
14
15. NeurIPS Meetup Japan 2021, Satoshi Hara
Evaluation of Similarity-based Explanation
◼ Faithfulness
• We can use Model Parameter Randomization Test.
◼ Plausibility?
15
These images look similar.
The prediction “Lapwing” will
be correct.
Lapwing
Database
Provide some similar examples
Input
Prediction
Lapwing
Technical Reliability
16. NeurIPS Meetup Japan 2021, Satoshi Hara
Plausibility in Similarity-based Explanation
◼ Example
• Explanation B won’t be acceptable by the users.
- Plausibility of Explanation A > Plausibility of Explanation B
16
Database
frog
Explanation A
Database
truck
Explanation B
frog
Input
Prediction
Technical Reliability
17. NeurIPS Meetup Japan 2021, Satoshi Hara
Evaluation of Plausibility is Not Possible.
◼ There is no universal criterion that determines the
acceptability of the users.
◼ Alternative: Sanity Check
• Check the necessary condition for faithful “Plausibility”.
◼ Q. What is the necessary condition?
• Obtained similar instance should belong to the same class.
17
is cat because a similar is cat.
is cat because a similar is dog.
Plausible
Non-Plausible
Identical Class Test
Technical Reliability
18. NeurIPS Meetup Japan 2021, Satoshi Hara
Identical Class Test
18
Input
Dot Last Layer
All Layers
Input
Cos Last Layer
All Layers
Input
L2 Dist. Last Layer
All Layers
Influence Function
Relative IF
Fisher Kernel
Dot
Cos
Parameter Grad.
Fraction of Test Instances Passed Identical Class Test
0 0.5 1.0 0 0.5 1.0
(Image Clf.)
CIFAR10
+ CNN
(Text Clf.)
AGNews
+ Bi-LSTM
Cosine similarity of the
parameter gradient
performed almost perfectly.
Technical Reliability
19. NeurIPS Meetup Japan 2021, Satoshi Hara
Cosine of Parameter Gradient
• GC 𝑧, 𝑧′ =
∇𝜃ℓ 𝑦,𝑓𝜃 𝑥 ,∇𝜃ℓ 𝑦′,𝑓𝜃 𝑥′
∇𝜃ℓ 𝑦,𝑓𝜃 𝑥 ∇𝜃ℓ 𝑦′,𝑓𝜃 𝑥′
19
Sussex spaniel beer bottle mobile house
Technical Reliability
20. NeurIPS Meetup Japan 2021, Satoshi Hara
Technical / Social Reliability of “Explanation”
Technical Reliability “Is the explanation valid?”
What we care:
• Do the algorithms output valid “Explanation”?
Research Question:
• How can we evaluate the validity of “Explanation”?
Social Reliability “Does explanation harm the society?”
What we care:
• What will happen if we introduce “Explanation” to society?
Research Question:
• Are there any malicious use cases of “Explanation”?
20
Social Reliability
21. NeurIPS Meetup Japan 2021, Satoshi Hara
Malicious Use Cases of “Explanation”
◼ Q. Are there malicious use cases of “Explanation”?
A. Some may try to deceive people
by providing fake explanations.
◼ Q. When and why fake explanations can be used?
A. Fake explanations can show models better,
e.g., by pretending as if the models are fair.
◼ Q. Why we need to research fake explanations?
Are you evil?
A. We need to know how malicious we can be with fake
explanations. Otherwise, we cannot defend against
possible maliciousness.
21
Social Reliability
22. NeurIPS Meetup Japan 2021, Satoshi Hara
Fake “Explanation” for Fairness
◼ Fairness in ML
• Models can be biased towards gender, race, etc.
• Ensuring fairness of the models is crucial nowadays.
◼ What if we cannot detect the use of unfair models?
• Some may use unfair models.
- Unfair models are typically more accurate than the fair ones.
22
Social Reliability
Our model is the most accurate one in this business field.
(because of the use of unfair yet accurate model)
Moreover, our model is fair without any bias.
(by showing fake explanation)
23. NeurIPS Meetup Japan 2021, Satoshi Hara
Fake “Explanation” for Fairness
◼ Fake “Explanation” by Surrogate Models
• Fairwashing: the risk of rationalization, ICML’19.
- Ulrich Aïvodji, Hiromi Arai, Olivier Fortineau, Sébastien Gambs, Satoshi Hara, Alain Tapp
• Characterizing the risk of fairwashing, NeurIPS’21.
- Ulrich Aïvodji, Hiromi Arai, Sébastien Gambs, Satoshi Hara
◼ Fake “Explanation” by Examples
• Faking Fairness via Stealthily Biased Sampling, AAAI’20.
- Kazuto Fukuchi, Satoshi Hara, Takanori Maehara
◼ Ref.
• It’s Too Easy to Hide Bias in Deep-Learning Systems,
IEEE Spectrum, 2021.
23
24. NeurIPS Meetup Japan 2021, Satoshi Hara
The risk of “Fairwashing”
◼ Explaining fairness
24
an honest explanation
Your loan application is rejected
because your gender is …
Unfair AI: reject applicants
based on their gender.
Social Reliability
25. NeurIPS Meetup Japan 2021, Satoshi Hara
The risk of “Fairwashing”
◼ Explaining fairness
25
a dishonest explanation
Your loan application is rejected
because your income is low.
Unfair AI: reject applicants
based on their gender.
Social Reliability
26. NeurIPS Meetup Japan 2021, Satoshi Hara
The risk of “Fairwashing”
◼ Explaining fairness
26
Unfair AI: reject applicants
based on their gender.
a dishonest explanation
Your loan application is rejected
because your income is low.
“Fairwashing”
Malicious decision-makers can disclose a fake
explanation to rationalize their unfair decisions.
“Fairwashing”
Social Reliability
27. NeurIPS Meetup Japan 2021, Satoshi Hara
The risk of “Fairwashing”
◼ Explaining fairness
27
Unfair AI: reject applicants
based on their gender.
a dishonest explanation
Your loan application is rejected
because your income is low.
This Study: LaundryML
Possible to systematically generate
fake explanations.
Raise the awareness of the risk of
“Fairwashing”.
“Fairwashing”
Malicious decision-makers can disclose a fake
explanation to rationalize their unfair decisions.
“Fairwashing”
Social Reliability
28. NeurIPS Meetup Japan 2021, Satoshi Hara
◼ The idea
Generate many explanations,
and pick one that is useful for “Fairwashing”.
◼ many explanations
• Use “Model Enumeration” [Hara & Maehara’17; Hara & Ishihata’18]
• Enumerate explanation models.
◼ pick one
• Use fairness metrices such as demographic parity (DP).
• Pick an explanation most faithful to the model, with DP less
than a threshold.
28
LaundryML
Systematically generating fake explanations
The idea
Social Reliability
29. NeurIPS Meetup Japan 2021, Satoshi Hara
Result
◼ “Fairwashing” for decisions on Adult dataset
• Feature importance by FairML on “gender” has dropped.
29
A naïve explanation A fake explanation
gender
gender
Social Reliability
30. NeurIPS Meetup Japan 2021, Satoshi Hara
Result
◼ “Fairwashing” for decisions on Adult dataset
• Feature importance by FairML on “gender” has dropped.
30
A naïve explanation A false explanation
gender
gender
If
else if
else if
else if
else if
else low-income
then high-income
then low-income
then low-income
then low-income
then high-income
capital gain > 7056
marital = single
education = HS-grad
occupation = other
occupation = white-colloar
Fake Explanation
Social Reliability
31. NeurIPS Meetup Japan 2021, Satoshi Hara
Fake “Explanation” for Fairness
◼ Fake “Explanation” by Surrogate Models
• Fairwashing: the risk of rationalization, ICML’19.
- Ulrich Aïvodji, Hiromi Arai, Olivier Fortineau, Sébastien Gambs, Satoshi Hara, Alain Tapp
• Characterizing the risk of fairwashing, NeurIPS’21.
- Ulrich Aïvodji, Hiromi Arai, Sébastien Gambs, Satoshi Hara
◼ Fake “Explanation” by Examples
• Faking Fairness via Stealthily Biased Sampling, AAAI’20.
- Kazuto Fukuchi, Satoshi Hara, Takanori Maehara
◼ Ref.
• It’s Too Easy to Hide Bias in Deep-Learning Systems,
IEEE Spectrum, 2021.
31
32. NeurIPS Meetup Japan 2021, Satoshi Hara
Fairness Metrics
◼ Quantifying fairness of the models
• Several metrics + toolboxes
- FairML, AI Fairness 360 [Bellamy+’19], Aequitas [Saleiro+’18]
32
AI Fairness 360
Social Reliability
33. NeurIPS Meetup Japan 2021, Satoshi Hara
Fake Fairness Metrics
33
Malicious Party
Unfair Model
Service
Fairness Metric
as Evidence
Is this a fake
metric.
No guarantee whether the metrics are
computed appropriately.
Impossible to determine fake or not.
Metric alone is not a valid evidence of fairness.
Social Reliability
34. NeurIPS Meetup Japan 2021, Satoshi Hara
Avoiding Fake Fairness Metrics
34
Malicious Party
Unfair Model
Service
Benchmark Data
as Evidence
Fairness metric computed
on the benchmark is fair!
The metric is reproducible
using the benchmark data.
We can avoid fake!
Social Reliability
35. NeurIPS Meetup Japan 2021, Satoshi Hara
(Failed) Avoiding Fake Fairness Metrics
35
Malicious Party
Unfair Model
Service
Benchmark Data
as Evidence
Fairness metric computed
on the benchmark is fair!
The metric is reproducible
using the benchmark data.
We can avoid fake!
The benchmark data can be fake.
Social Reliability
36. NeurIPS Meetup Japan 2021, Satoshi Hara
Generating Fake Benchmark
◼ Subsample the benchmark dataset 𝑆
from the original dataset 𝐷.
◼ “Ideal” Fake Benchmark Dataset 𝑆
• Fairness : Fairness metric computed on 𝑆 is fair.
• Stealthiness : The distribution of 𝑆 is close to 𝐷.
36
Benchmark
Fairness
Stealthiness
“Fair” Contingency Table
Original dataset
Social Reliability
37. NeurIPS Meetup Japan 2021, Satoshi Hara
参照用
データ
Goodness-of-Fit Test
Generating Fake Benchmark
◼ Optimization of 𝑆 as LP (Min-Cost Flow)
min𝑆𝑊 𝑆, 𝐷 , s. t. 𝐶 𝑆 = 𝐶𝑇
◼ Detection of fake benchmark using statistical test.
• Min. Distribution diff. ≈ small detection probability
• Rejecting 𝑝 𝑆 = 𝑝(𝐷′) with KS test is probability
at most 𝑂 𝑆 𝛼 × Distribution diff.
37
Stealthiness
(Min. Distribution diff.)
Fairness
(Constraint on Contingency Table)
Reference
Data
Social Reliability
38. NeurIPS Meetup Japan 2021, Satoshi Hara
Undetectability of Fake Benchmark
38
Positive Cases in Contingency Table Positive Cases in Contingency Table
Fairness
Metric
(DP)
Distribution
diff.
COMPAS
Positive Cases in Contingency Table Positive Cases in Contingency Table
Fairness
Metric
(DP)
Distribution
diff.
Adult
Random Sampling
Case-Control Sampling
Proposed Sampling
Random Sampling
Case-Control Sampling
Proposed Sampling
Proposed sampling resulted to
fairer metric.
(= achieved fake fairness)
Proposed sampling attained distribution
almost identical to the original distribution.
(= undetectable)
Social Reliability
39. NeurIPS Meetup Japan 2021, Satoshi Hara
Technical / Social Reliability of “Explanation”
Technical Reliability “Is the explanation valid?”
What we care:
• Do the algorithms output valid “Explanation”?
Research Question:
• How can we evaluate the validity of “Explanation”?
Social Reliability “Does explanation harm the society?”
What we care:
• What will happen if we introduce “Explanation” to society?
Research Question:
• Are there any malicious use cases of “Explanation”?
39
Summary
40. NeurIPS Meetup Japan 2021, Satoshi Hara
Technical / Social Reliability of “Explanation”
Technical Reliability “Is the explanation valid?”
What we care:
• Do the algorithms output valid “Explanation”?
Research Question:
• How can we evaluate the validity of “Explanation”?
Social Reliability “Does explanation harm the society?”
What we care:
• What will happen if we introduce “Explanation” to society?
Research Question:
• Are there any malicious use cases of “Explanation”?
40
Summary
How can we evaluate the validity of “Explanation”?
Which evaluation is good for which “Explanation”?
When “Explanation” can be used maliciously?
Can we detect malicious use cases?