Adversarially Robust Decision Tree Relabeling

None, None; None, None

Adversarially Robust Decision Tree Relabeling

Conference Paper (2023)

Author(s)

Daniël Vos (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Sicco Verwer (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Research Group

Cyber Security

Decision trees Adversarial examples Pruning

DOI related publication

https://doi.org/10.1007/978-3-031-26409-2_13 Final published version

To reference this document use

https://resolver.tudelft.nl/uuid:77ce9829-e274-474f-a8b5-aa147f87ea76

More Info

expand_more

Publication Year

2023

Language

English

Research Group

Cyber Security

Bibliographical Note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Pages (from-to)

203-218

Publisher

Springer

ISBN (print)

9783031264085

Event

22nd Joint European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, ECML PKDD 2022 (2022-09-19 - 2022-09-23), Grenoble, France

Downloads counter

294

Collections

Institutional Repository

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Decision trees are popular models for their interpretation properties and their success in ensemble models for structured data. However, common decision tree learning algorithms produce models that suffer from adversarial examples. Recent work on robust decision tree learning mitigates this issue by taking adversarial perturbations into account during training. While these methods generate robust shallow trees, their relative quality reduces when training deeper trees due the methods being greedy. In this work we propose robust relabeling, a post-learning procedure that optimally changes the prediction labels of decision tree leaves to maximize adversarial robustness. We show this can be achieved in polynomial time in terms of the number of samples and leaves. Our results on 10 datasets show a significant improvement in adversarial accuracy both for single decision trees and tree ensembles. Decision trees and random forests trained with a state-of-the-art robust learning algorithm also benefited from robust relabeling.

Files

978_3_031_26409_2_13.pdf

(pdf | 1.9 Mb)

- Embargo expired in 18-09-2023

License info not available