Smoothed Geometry for Robust Attribution

TL;DR

This paper introduces geometric regularization and stochastic smoothing techniques to enhance the robustness of feature attribution methods in deep neural networks against adversarial attacks, ensuring more trustworthy explanations.

Contribution

It proposes novel regularization and smoothing methods that improve attribution robustness by promoting Lipschitz continuity and smooth geometry in DNNs.

Findings

Regularization improves attribution stability against attacks.

Stochastic smoothing enhances robustness without retraining.

Methods are effective on large-scale image models.

Abstract

Feature attributions are a popular tool for explaining the behavior of Deep Neural Networks (DNNs), but have recently been shown to be vulnerable to attacks that produce divergent explanations for nearby inputs. This lack of robustness is especially problematic in high-stakes applications where adversarially-manipulated explanations could impair safety and trustworthiness. Building on a geometric understanding of these attacks presented in recent work, we identify Lipschitz continuity conditions on models' gradient that lead to robust gradient-based attributions, and observe that smoothness may also be related to the ability of an attack to transfer across multiple attribution methods. To mitigate these attacks in practice, we propose an inexpensive regularization method that promotes these conditions in DNNs, as well as a stochastic smoothing technique that does not require re-training. Our experiments on a range of image models demonstrate that both of these mitigations consistently improve attribution robustness, and confirm the role that smooth geometry plays in these attacks on real, large-scale models.