Explainable artificial intelligence (XAI) methods are portrayed as a remedy for debugging and trusting statistical and deep learning models, as well as interpreting their predictions. However, recent advances in adversarial machine learning (AdvML) highlight the limitations and vulnerabilities of state-of-the-art explanation methods, putting their security and trustworthiness into question. The possibility of manipulating, fooling or fairwashing evidence of the model's reasoning has detrimental consequences when applied in high-stakes decision-making and knowledge discovery. This survey provides a comprehensive overview of research concerning adversarial attacks on explanations of machine learning models, as well as fairness metrics. We introduce a unified notation and taxonomy of methods facilitating a common ground for researchers and practitioners from the intersecting research fields of AdvML and XAI. We discuss how to defend against attacks and design robust interpretation methods. We contribute a list of existing insecurities in XAI and outline the emerging research directions in adversarial XAI (AdvXAI). Future work should address improving explanation methods and evaluation protocols to take into account the reported safety issues.

翻译：可解释人工智能（XAI）方法被描述为调试和信任统计及深度学习模型、解释其预测的补救措施。然而，近来对抗性机器学习（AdvML）的进展凸显了最先进解释方法的局限性和脆弱性，使其安全性和可信度受到质疑。当应用于高风险决策和知识发现时，操纵、欺骗或粉饰模型推理证据的可能性会产生有害后果。本综述全面概述了针对机器学习模型解释及公平性度量的对抗性攻击研究。我们引入统一的符号表示和方法分类法，为AdvML和XAI交叉领域的研究人员和从业者建立共同基础。我们讨论了如何防御攻击并设计鲁棒的解释方法。我们列出了XAI中现存的不安全性，并概述了对抗性XAI（AdvXAI）的新兴研究方向。未来工作应致力于改进解释方法和评估协议，以考虑所报告的安全问题。