Privacy-Preserving Model and Preprocessing Verification for Machine Learning

TL;DR

This paper introduces a privacy-preserving verification framework for machine learning models trained on sensitive data, combining Local Differential Privacy with model explanations to detect preprocessing errors without compromising privacy.

Contribution

It integrates LDP with model explanation techniques like LIME and SHAP for privacy-preserving verification of ML models, addressing both binary and multi-class classification tasks.

Findings

Effective detection of preprocessing errors across datasets

Binary classification verification is highly accurate

Threshold-based methods perform well in multi-class tasks

Abstract

This paper presents a framework for privacy-preserving verification of machine learning models, focusing on models trained on sensitive data. Integrating Local Differential Privacy (LDP) with model explanations from LIME and SHAP, our framework enables robust verification without compromising individual privacy. It addresses two key tasks: binary classification, to verify if a target model was trained correctly by applying the appropriate preprocessing steps, and multi-class classification, to identify specific preprocessing errors. Evaluations on three real-world datasets-Diabetes, Adult, and Student Record-demonstrate that while the ML-based approach is particularly effective in binary tasks, the threshold-based method performs comparably in multi-class tasks. Results indicate that although verification accuracy varies across datasets and noise levels, the framework provides effective detection of preprocessing errors, strong privacy guarantees, and practical applicability for safeguarding sensitive data.