Saved in:
Bibliographic Details
Main Authors: Riya, Farhin Farhad, Hoque, Shahinul, Sun, Jinyuan Stella, Kotevska, Olivera
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2511.13535
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912716085526528
author Riya, Farhin Farhad
Hoque, Shahinul
Sun, Jinyuan Stella
Kotevska, Olivera
author_facet Riya, Farhin Farhad
Hoque, Shahinul
Sun, Jinyuan Stella
Kotevska, Olivera
contents As machine learning models are increasingly deployed in safety-critical domains, visual explanation techniques have become essential tools for supporting transparency. In this work, we reveal a new class of attacks that compromise model interpretability without affecting accuracy. Specifically, we show that small color perturbations applied by adversarial clients in a federated learning setting can shift a model's saliency maps away from semantically meaningful regions while keeping the prediction unchanged. The proposed saliency-aware attack framework, called Chromatic Perturbation Module, systematically crafts adversarial examples by altering the color contrast between foreground and background in a way that disrupts explanation fidelity. These perturbations accumulate across training rounds, poisoning the global model's internal feature attributions in a stealthy and persistent manner. Our findings challenge a common assumption in model auditing that correct predictions imply faithful explanations and demonstrate that interpretability itself can be an attack surface. We evaluate this vulnerability across multiple datasets and show that standard training pipelines are insufficient to detect or mitigate explanation degradation, especially in the federated learning setting, where subtle color perturbations are harder to discern. Our attack reduces peak activation overlap in Grad-CAM explanations by up to 35% while preserving classification accuracy above 96% on all evaluated datasets.
format Preprint
id arxiv_https___arxiv_org_abs_2511_13535
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Accuracy is Not Enough: Poisoning Interpretability in Federated Learning via Color Skew
Riya, Farhin Farhad
Hoque, Shahinul
Sun, Jinyuan Stella
Kotevska, Olivera
Computer Vision and Pattern Recognition
As machine learning models are increasingly deployed in safety-critical domains, visual explanation techniques have become essential tools for supporting transparency. In this work, we reveal a new class of attacks that compromise model interpretability without affecting accuracy. Specifically, we show that small color perturbations applied by adversarial clients in a federated learning setting can shift a model's saliency maps away from semantically meaningful regions while keeping the prediction unchanged. The proposed saliency-aware attack framework, called Chromatic Perturbation Module, systematically crafts adversarial examples by altering the color contrast between foreground and background in a way that disrupts explanation fidelity. These perturbations accumulate across training rounds, poisoning the global model's internal feature attributions in a stealthy and persistent manner. Our findings challenge a common assumption in model auditing that correct predictions imply faithful explanations and demonstrate that interpretability itself can be an attack surface. We evaluate this vulnerability across multiple datasets and show that standard training pipelines are insufficient to detect or mitigate explanation degradation, especially in the federated learning setting, where subtle color perturbations are harder to discern. Our attack reduces peak activation overlap in Grad-CAM explanations by up to 35% while preserving classification accuracy above 96% on all evaluated datasets.
title Accuracy is Not Enough: Poisoning Interpretability in Federated Learning via Color Skew
topic Computer Vision and Pattern Recognition
url https://arxiv.org/abs/2511.13535