Hierarchical Approach to Explaining Poisoned AI Models
Primary Area: visualization or interpretation of learned representations
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Keywords: visualization or interpretation of learned representations, poisoned AI models, explainable AI
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.
TL;DR: a hierarchical approach to explaining poisoned artificial intelligence (AI) models
Abstract: This work presents a hierarchical approach to explaining poisoned artificial intelligence (AI) models. The motivation comes from the use of AI models in security and safety critical applications, for instance, the use of AI models for classification of road traffic signs in self-driving cars. Training images of traffic signs can be poisoned by adversaries to encode malicious triggers that change trained AI model prediction from a correct traffic sign to another traffic sign in a presence of such a physically realizable trigger (e.g., sticky note or Instagram filter).
We address the lack of AI model explainability by (a) designing utilization measurements of trained AI models and (b) explaining how training data are encoded in AI models based on those measurements at three hierarchical levels. The three levels are defined at graph node (computation unit), subgraph, and graph representations of poisoned and clean AI models from the TrojAI Challenge.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 4405
Loading