Go to ICLR 2026 Conference homepageIntrinsic Explanation of Random Subspace Method for Enhanced Security Applications
Keywords: Feature attribution, Certified Robustness, Jailbreak Attack
TL;DR: A faithful and certifiably robust feature attribution method for random subspace methods
Abstract: Random subspace method has wide security applications such as providing certified defenses against adversarial and backdoor attacks, and building robustly aligned LLM against jailbreaking attacks. However, the explanation of random subspace methods lacks sufficient exploration. Existing state-of-the-art feature attribution methods, such as Shapley value and LIME are computationally impractical and lack robustness guarantees when applied to random subspace methods. In this work, we propose EnsembleSHAP, an intrinsically faithful and robust feature attribution for random subspace methods that reuses its computational byproducts. Specifically, our feature attribution method is 1) computationally efficient, 2) maintains essential properties of effective feature attribution (such as local accuracy), and 3) offers guaranteed robustness against attacks on feature attribution methods. To the best of our knowledge, this is the first work to establish provable robustness against explanation-preserving attacks. We also perform comprehensive evaluations for our explanation’s effectiveness when faced with different empirical attacks, including backdoor attacks, adversarial attacks, and jailbreak attacks.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 21019
Loading