Accurate, Explainable, and Private Models: Providing Recourse While Minimizing Training Data Leakage

Catherine Huang; Chelse Swoopes; Christina Xiao; Jiaqi Ma; Himabindu Lakkaraju

Accurate, Explainable, and Private Models: Providing Recourse While Minimizing Training Data Leakage

Catherine Huang, Chelse Swoopes, Christina Xiao, Jiaqi Ma, Himabindu Lakkaraju

Published: 20 Jun 2023, Last Modified: 07 Aug 2023AdvML-Frontiers 2023EveryoneRevisionsBibTeX

Keywords: algorithmic recourse, adversarial machine learning, privacy, explainability

TL;DR: This work presents two novel methods, Differentially Private Model (DPM) and Laplace Recourse (LR), to generate differentially private recourse that protects against membership inference attacks leveraging explainability.

Abstract: Machine learning models are increasingly utilized across impactful domains to predict individual outcomes. As such, many models provide algorithmic recourse to individuals who receive negative outcomes. However, recourse can be leveraged by adversaries to disclose private information. This work presents the first attempt at mitigating such attacks. We present two novel methods to generate differentially private recourse: Differentially Private Model ($\texttt{DPM}$) and Laplace Recourse ($\texttt{LR}$). Using logistic regression classifiers and real world and synthetic datasets, we find that $\texttt{DPM}$ and $\texttt{LR}$ perform well in reducing what an adversary can infer, especially at low $\texttt{FPR}$. When training dataset size is large enough, we find particular success in preventing privacy leakage while maintaining model and recourse accuracy with our novel $\texttt{LR}$ method.

Supplementary Material: zip

Submission Number: 74

Loading