Private and interpretable clinical prediction with quantum-inspired tensor train models
Jos\'e Ram\'on Pareja Monturiol, Juliette Sinnott, Roger G. Melko, Mohammad Kohandel
TL;DR
This paper introduces a quantum-inspired tensor train approach to enhance privacy and interpretability in clinical prediction models, effectively reducing information leakage and maintaining accuracy.
Contribution
It proposes a novel tensorization method that obfuscates model parameters, improving privacy while preserving interpretability and predictive performance in clinical models.
Findings
Both logistic regression and neural networks leak training data information.
Tensor train models significantly reduce privacy vulnerabilities.
Tensorization maintains model accuracy and interpretability.
Abstract
Machine learning in clinical settings must balance predictive accuracy, interpretability, and privacy. Models such as logistic regression (LR) offer transparency, while neural networks (NNs) provide greater predictive power; yet both remain vulnerable to privacy attacks. We empirically assess these risks by designing attacks that identify which public datasets were used to train a model under varying levels of adversarial access, applying them to LORIS, a publicly available LR model for immunotherapy response prediction, as well as to additional shallow NN models trained for the same task. Our results show that both models leak significant training-set information, with LRs proving particularly vulnerable in white-box scenarios. Moreover, we observe that common practices such as cross-validation in LRs exacerbate these risks. To mitigate these vulnerabilities, we propose a…
Peer Reviews
Decision·Submitted to ICLR 2026
* Sec 3.3 Experimental Setup provides a detailed overview of the datasets, models, and implementation details. Suggested improvement under “Weaknesses”. * Feature sensitivity analysis is interesting and supports model interpretability, which aligns with the problem motivation and justification for focusing on LR models within this work. * Preliminary exploration seems potentially promising. (Reviewer believes more is needed, please refer to `Weaknesses`.)
* At a high-level, the problem this work centers upon seems important for the application area in question (logistic regression for immunotherapy response prediction). However, it’s unclear how broadly applicable the proposed approach (quantum-inspired defense using tensor train models) is for other tasks or domains. The paper currently reads, at least to this reviewer, as being better suited for a more targeted audience or venue than the broader ML community reflected at ICLR. * The scoping
- The paper tackles a critical and timely issue at the intersection of clinical machine learning, privacy, and interpretability. Protecting sensitive medical data while maintaining transparent model behavior is a fundamental challenge for real-world deployment, and this work contributes a novel and practical perspective on it. - The experimental setup is creative and insightful. The authors not only design realistic membership inference attacks but also demonstrate how such attacks can be applie
- The paper's primary contributions, including both the attack analysis and the proposed defense, are validated *exclusively* on Logistic Regression (LR) models. While the authors claim the tensorization method can be "applied to arbitrary models" because it only requires black-box access, this crucial claim is entirely unsubstantiated by the experiments. It remains unknown how effective this defense would be for more complex, non-linear models (e.g., deep neural networks). - The Tensor Train (T
The privacy concern in medical AI models is an important concern. The paper makes clear observations on the privacy risk of LR models and the potential privacy benefit of using TT. The experimental results suppor the main claims.
While demonstrating the privacy risk in a real-world immunotherapy prediction model is a notable contribution, the observation is not necessarily new or surprising from the technical point of view. Membership inference attacks have been shown for many types of models including more complex deep-learning models. It is relatively well-known that LR models are even more vulnerable given their simplicity and linear nature. In that sense, while the observation on the vulnerabiltiy adds another datapo
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Explainable Artificial Intelligence (XAI) · Privacy-Preserving Technologies in Data