English

SHLIME: Foiling adversarial attacks fooling SHAP and LIME

Machine Learning 2025-08-18 v1 Cryptography and Security

Abstract

Post hoc explanation methods, such as LIME and SHAP, provide interpretable insights into black-box classifiers and are increasingly used to assess model biases and generalizability. However, these methods are vulnerable to adversarial manipulation, potentially concealing harmful biases. Building on the work of Slack et al. (2020), we investigate the susceptibility of LIME and SHAP to biased models and evaluate strategies for improving robustness. We first replicate the original COMPAS experiment to validate prior findings and establish a baseline. We then introduce a modular testing framework enabling systematic evaluation of augmented and ensemble explanation approaches across classifiers of varying performance. Using this framework, we assess multiple LIME/SHAP ensemble configurations on out-of-distribution models, comparing their resistance to bias concealment against the original methods. Our results identify configurations that substantially improve bias detection, highlighting their potential for enhancing transparency in the deployment of high-stakes machine learning systems.

Keywords

Cite

@article{arxiv.2508.11053,
  title  = {SHLIME: Foiling adversarial attacks fooling SHAP and LIME},
  author = {Sam Chauhan and Estelle Duguet and Karthik Ramakrishnan and Hugh Van Deventer and Jack Kruger and Ranjan Subbaraman},
  journal= {arXiv preprint arXiv:2508.11053},
  year   = {2025}
}

Comments

7 pages, 7 figures

R2 v1 2026-07-01T04:50:44.846Z