NICE: an algorithm for nearest instance counterfactual explanations

Abstract: In this paper we propose a new algorithm, named NICE, to generate counterfactual explanations for tabular data that specifically takes into account algorithmic requirements that often emerge in real-life deployments: (1) the ability to provide an explanation for all predictions, (2) being able to handle any classification model (also non-differentiable ones), (3) being efficient in run time, and (4) providing multiple counterfactual explanations with different characteristics. More specifically, our approach e… Show more

“…This privacy risk occurs when the counterfactual algorithm uses instance-based strategies to ind the counterfactual explanations. These counterfactuals correspond to the nearest unlike neighbor and are also called native counterfactuals [5,25]. Other counterfactual algorithms use perturbation where synthetic counterfactuals are generated by perturbing the factual instance and labelling it with the machine learning model, without reference to known cases in the training set [25].…”

“…Other counterfactual algorithms use perturbation where synthetic counterfactuals are generated by perturbing the factual instance and labelling it with the machine learning model, without reference to known cases in the training set [25]. We focus on counterfactual algorithms that return real instances: several algorithms do this, as this substantially decreases the run time while also increasing desirable properties of the explanations such as plausibility [5]. Plausibility measures how realistic the counterfactual explanation is with respect to the data manifold, which is a desirable property [22], and Brughmans et al [5] show that the techniques resulting in an actual instance have the best plausibility results.…”

“…We focus on counterfactual algorithms that return real instances: several algorithms do this, as this substantially decreases the run time while also increasing desirable properties of the explanations such as plausibility [5]. Plausibility measures how realistic the counterfactual explanation is with respect to the data manifold, which is a desirable property [22], and Brughmans et al [5] show that the techniques resulting in an actual instance have the best plausibility results. Furthermore, it is argued that counterfactual instances that are plausible, are more robust and therefore are less vulnerable to the uncertainty of the classiication model or changes over time [2,5,42].…”

“…Plausibility measures how realistic the counterfactual explanation is with respect to the data manifold, which is a desirable property [22], and Brughmans et al [5] show that the techniques resulting in an actual instance have the best plausibility results. Furthermore, it is argued that counterfactual instances that are plausible, are more robust and therefore are less vulnerable to the uncertainty of the classiication model or changes over time [2,5,42]. This shows that for some use cases it can be very useful to use real data points as counterfactuals instead of synthetic ones as for the latter the risk of generating implausible counterfactual explanations can be quite high [27].…”

“…This shows that for some use cases it can be very useful to use real data points as counterfactuals instead of synthetic ones as for the latter the risk of generating implausible counterfactual explanations can be quite high [27]. Algorithms that use these native counterfactual explanations include NICE (without optimization setting) [5], the WIT tool with NNCE [59], FACE [44] and certain settings of CBR [25]. Perturbation-based counterfactual algorithms experience diferent privacy risks such as membership inference attacks: Pawelczyk et al [43] use counterfactual distance-based attacks which leverage algorithmic recourse to determine if an instance belongs to the training data of the underlying model or not.…”

The Privacy Issue of Counterfactual Explanations: Explanation Linkage Attacks

“…This privacy risk occurs when the counterfactual algorithm uses instance-based strategies to ind the counterfactual explanations. These counterfactuals correspond to the nearest unlike neighbor and are also called native counterfactuals [5,25]. Other counterfactual algorithms use perturbation where synthetic counterfactuals are generated by perturbing the factual instance and labelling it with the machine learning model, without reference to known cases in the training set [25].…”

“…Other counterfactual algorithms use perturbation where synthetic counterfactuals are generated by perturbing the factual instance and labelling it with the machine learning model, without reference to known cases in the training set [25]. We focus on counterfactual algorithms that return real instances: several algorithms do this, as this substantially decreases the run time while also increasing desirable properties of the explanations such as plausibility [5]. Plausibility measures how realistic the counterfactual explanation is with respect to the data manifold, which is a desirable property [22], and Brughmans et al [5] show that the techniques resulting in an actual instance have the best plausibility results.…”

“…We focus on counterfactual algorithms that return real instances: several algorithms do this, as this substantially decreases the run time while also increasing desirable properties of the explanations such as plausibility [5]. Plausibility measures how realistic the counterfactual explanation is with respect to the data manifold, which is a desirable property [22], and Brughmans et al [5] show that the techniques resulting in an actual instance have the best plausibility results. Furthermore, it is argued that counterfactual instances that are plausible, are more robust and therefore are less vulnerable to the uncertainty of the classiication model or changes over time [2,5,42].…”

“…Plausibility measures how realistic the counterfactual explanation is with respect to the data manifold, which is a desirable property [22], and Brughmans et al [5] show that the techniques resulting in an actual instance have the best plausibility results. Furthermore, it is argued that counterfactual instances that are plausible, are more robust and therefore are less vulnerable to the uncertainty of the classiication model or changes over time [2,5,42]. This shows that for some use cases it can be very useful to use real data points as counterfactuals instead of synthetic ones as for the latter the risk of generating implausible counterfactual explanations can be quite high [27].…”

“…This shows that for some use cases it can be very useful to use real data points as counterfactuals instead of synthetic ones as for the latter the risk of generating implausible counterfactual explanations can be quite high [27]. Algorithms that use these native counterfactual explanations include NICE (without optimization setting) [5], the WIT tool with NNCE [59], FACE [44] and certain settings of CBR [25]. Perturbation-based counterfactual algorithms experience diferent privacy risks such as membership inference attacks: Pawelczyk et al [43] use counterfactual distance-based attacks which leverage algorithmic recourse to determine if an instance belongs to the training data of the underlying model or not.…”

The Privacy Issue of Counterfactual Explanations: Explanation Linkage Attacks

Even-Ifs from If-Onlys: Are the Best Semi-factual Explanations Found Using Counterfactuals as Guides?

CountARFactuals – Generating Plausible Model-Agnostic Counterfactual Explanations with Adversarial Random Forests