Adversarially Robust Decision Tree Relabeling

Vos, Daniël; Verwer, Sicco

doi:10.1007/978-3-031-26409-2_13

Cited by 4 publications

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The first is a pre-processing procedure that partitions the features between the trees in the ensemble in such a way that it becomes impossible to ever trick the majority of the trees (Calzavara et al, 2021). The second is a post-processing procedure that relabels the leaves of the ensemble to make it more difficult to find neighboring leaves that predict different classes (Vos and Verwer, 2023). Chen et al (2019a), Verwer (2021), andChen et al (2021) propose changes to the splitting procedure.…”

Section: Improving Robustnessmentioning

confidence: 99%

Decision trees: from efficient prediction to responsible AI

Blockeel¹,

Devos²,

Frénay‬³

et al. 2023

Front. Artif. Intell.

View full text Add to dashboard Cite

This article provides a birds-eye view on the role of decision trees in machine learning and data science over roughly four decades. It sketches the evolution of decision tree research over the years, describes the broader context in which the research is situated, and summarizes strengths and weaknesses of decision trees in this context. The main goal of the article is to clarify the broad relevance to machine learning and artificial intelligence, both practical and theoretical, that decision trees still have today.

show abstract

Section: Improving Robustnessmentioning

confidence: 99%

Decision trees: from efficient prediction to responsible AI

Blockeel¹,

Devos²,

Frénay‬³

et al. 2023

Front. Artif. Intell.

View full text Add to dashboard Cite

show abstract

“…They provide intuitive insights into how a model arrives at its conclusions, making them valuable for both analysis and application. However, DT models are susceptible to adversarial examples (Vos and Verwer 2021;Chen et al 2019), where small, carefully crafted perturbations can lead to significant misclassifications. Moreover, DT models can be exploited in both white-box and blackbox settings where the attacker either has full knowledge or no knowledge of the models parameters (Chen et al 2019).…”

Section: Introductionmentioning

confidence: 99%

“…Although many works have suggested ways for making DT models robust against adversarial attacks (Vos and Verwer 2022b;Ranzato and Zanella 2021;Calzavara et al 2020;Yang et al 2020;Guo et al 2022;Vos and Verwer 2022a) all of these solutions modify the model or the training process. This is a disadvantage for several reasons: (1) changing model parameters or the values of the node's threshold in case of DT, often harm a model's performance on clean data (Andriushchenko and Hein 2019;Chen et al 2019;Vos and Verwer 2021), (2) these defences cannot be applied to deployed models, and (3) some of these methods cannot be applied to every kind of DT which limits a developer's options. This holds particular significance for mission-critical systems.…”

Section: Introductionmentioning

confidence: 99%

TTTS: Tree Test Time Simulation for Enhancing Decision Tree Robustness against Adversarial Examples

Cohen,

Arbili,

Mirsky

et al. 2024

AAAI

View full text Add to dashboard Cite

Decision trees are widely used for addressing learning tasks involving tabular data. Yet, they are susceptible to adversarial attacks. In this paper, we present Tree Test Time Simulation (TTTS), a novel inference-time methodology that incorporates Monte Carlo simulations into decision trees to enhance their robustness. TTTS introduces a probabilistic modification to the decision path, without altering the underlying tree structure. Our comprehensive empirical analysis of 50 datasets yields promising results. Without the presence of any attacks, TTTS has successfully improved model performance from an AUC of 0.714 to 0.773. Under the challenging conditions of white-box attacks, TTTS demonstrated its robustness by boosting performance from an AUC of 0.337 to 0.680. Even when subjected to black-box attacks, TTTS maintains high accuracy and enhances the model's performance from an AUC of 0.628 to 0.719. Compared to defenses such as Feature Squeezing, TTTS proves to be much more effective. We also found that TTTS exhibits similar robustness in decision forest settings across different attacks.

show abstract

“…First, verification techniques attempt to ascertain how robust a learned ensemble is to adversarial examples [9,12,34] by empirically determining how much an example would have to be perturbed (according to some norm) for its predicted label to change. Second, the problem can be addressed at training time by trying to learn a more robust model by adding adversarial examples to the training set [23], pruning the training data [49], changing aspects of the learner such as the splitting criteria [1,7,8,44] or the objective [21], relabeling the values in the leaves [45], using constraint solvers to learn optimal trees [46], or interleaving learning and verification [35].…”

Section: Introductionmentioning

confidence: 99%

Detecting Evasion Attacks in Deployed Tree Ensembles

Devos,

Perini,

Meert

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Tree ensembles are powerful models that are widely used. However, they are susceptible to evasion attacks where an adversary purposely constructs an adversarial example in order to elicit a misprediction from the model. This can degrade performance and erode a user's trust in the model. Typically, approaches try to alleviate this problem by verifying how robust a learned ensemble is or robustifying the learning process. We take an alternative approach and attempt to detect adversarial examples in a post-deployment setting. We present a novel method for this task that works by analyzing an unseen example's output configuration, which is the set of leaves activated by the example in the ensemble's constituent trees. Our approach works with any additive tree ensemble and does not require training a separate model. We evaluate our approach on three different tree ensemble learners. We empirically show that our method is currently the best adversarial detection method for tree ensembles.

show abstract

Adversarially Robust Decision Tree Relabeling

Cited by 4 publications

References 11 publications

Decision trees: from efficient prediction to responsible AI

Decision trees: from efficient prediction to responsible AI

TTTS: Tree Test Time Simulation for Enhancing Decision Tree Robustness against Adversarial Examples

Detecting Evasion Attacks in Deployed Tree Ensembles

Contact Info

Product

Resources

About