Machine learning in clinical settings must balance predictive accuracy, interpretability, and privacy. Models such as logistic regression (LR) offer transparency, while neural networks (NNs) provide greater predictive power; yet both remain vulnerable to privacy attacks. We empirically assess these risks by designing attacks that identify which public datasets were used to train a model under varying levels of adversarial access, applying them to LORIS, a publicly available LR model for immunotherapy response prediction, as well as to additional shallow NN models trained for the same task. Our results show that both models leak significant training-set information, with LRs proving particularly vulnerable in white-box scenarios. Moreover, we observe that common practices such as cross-validation in LRs exacerbate these risks. To mitigate these vulnerabilities, we propose a quantum-inspired defense based on tensorizing discretized models into tensor trains (TTs), which fully obfuscates parameters while preserving accuracy, reducing white-box attacks to random guessing and degrading black-box attacks comparably to Differential Privacy. TT models retain LR interpretability and extend it through efficient computation of marginal and conditional distributions, while also enabling this higher level of interpretability for NNs. Our results demonstrate that tensorization is widely applicable and establishes a practical foundation for private, interpretable, and effective clinical prediction.

翻译：临床环境中的机器学习必须在预测准确性、可解释性和隐私保护之间取得平衡。逻辑回归（LR）等模型具有透明度，而神经网络（NNs）则提供更强的预测能力；然而两者都容易受到隐私攻击。我们通过设计攻击来实证评估这些风险，这些攻击能够识别在不同对抗访问级别下训练模型所使用的公共数据集，并将其应用于LORIS（一个公开可用的用于免疫治疗反应预测的LR模型）以及为同一任务训练的其他浅层NN模型。我们的结果表明，两种模型都泄露了显著的训练集信息，其中LR在白盒场景下尤其脆弱。此外，我们观察到LR中常见的实践（如交叉验证）会加剧这些风险。为了缓解这些漏洞，我们提出一种量子启发的防御方法，其核心是将离散化模型张量化成张量链（TTs）。该方法在保持精度的同时完全混淆参数，使白盒攻击退化为随机猜测，并使黑盒攻击的效果降低到与差分隐私相当的程度。TT模型保留了LR的可解释性，并通过高效计算边缘分布和条件分布进一步扩展了这种可解释性，同时也为NNs实现了这种更高层次的可解释性。我们的结果表明，张量化方法具有广泛适用性，并为构建隐私保护、可解释且高效的临床预测模型奠定了实用基础。