Robust Optimal Classification Trees Against Adversarial Examples
Abstract
Decision trees are a popular choice of explainable model, but just like neural networks, they suffer from adversarial examples. Existing algorithms for fitting decision trees robust against adversarial examples are greedy heuristics and lack approximation guarantees. In this paper we propose ROCT, a collection of methods to train decision trees that are optimally robust against user-specified attack models. We show that the min-max optimization problem that arises in adversarial learning can be solved using a single minimization formulation for decision trees with 0-1 loss. We propose such formulations in Mixed-Integer Linear Programming and Maximum Satisfiability, which widely available solvers can optimize. We also present a method that determines the upper bound on adversarial accuracy for any model using bipartite matching. Our experimental results demonstrate that the existing heuristics achieve close to optimal scores while ROCT achieves state-of-the-art scores.
Cite
Text
Vos and Verwer. "Robust Optimal Classification Trees Against Adversarial Examples." AAAI Conference on Artificial Intelligence, 2022. doi:10.1609/AAAI.V36I8.20829Markdown
[Vos and Verwer. "Robust Optimal Classification Trees Against Adversarial Examples." AAAI Conference on Artificial Intelligence, 2022.](https://mlanthology.org/aaai/2022/vos2022aaai-robust/) doi:10.1609/AAAI.V36I8.20829BibTeX
@inproceedings{vos2022aaai-robust,
title = {{Robust Optimal Classification Trees Against Adversarial Examples}},
author = {Vos, Daniël and Verwer, Sicco},
booktitle = {AAAI Conference on Artificial Intelligence},
year = {2022},
pages = {8520-8528},
doi = {10.1609/AAAI.V36I8.20829},
url = {https://mlanthology.org/aaai/2022/vos2022aaai-robust/}
}