Accurate, Explainable, and Private Models: Providing Recourse While Minimizing Training Data Leakage
Keywords: algorithmic recourse, adversarial machine learning, privacy, explainability
TL;DR: This work presents two novel methods, Differentially Private Model (DPM) and Laplace Recourse (LR), to generate differentially private recourse that protects against membership inference attacks leveraging explainability.
Abstract: Machine learning models are increasingly utilized across impactful domains to predict individual outcomes. As such, many models provide algorithmic recourse to individuals who receive negative outcomes. However, recourse can be leveraged by adversaries to disclose private information. This work presents the first attempt at mitigating such attacks. We present two novel methods to generate differentially private recourse: Differentially Private Model ($\texttt{DPM}$) and Laplace Recourse ($\texttt{LR}$). Using logistic regression classifiers and real world and synthetic datasets, we find that $\texttt{DPM}$ and $\texttt{LR}$ perform well in reducing what an adversary can infer, especially at low $\texttt{FPR}$. When training dataset size is large enough, we find particular success in preventing privacy leakage while maintaining model and recourse accuracy with our novel $\texttt{LR}$ method.
Supplementary Material: zip
Submission Number: 74
Loading