Verifiable Learning for Robust Tree Ensembles

被引:0
|
作者
Calzavara, Stefano [1 ]
Cazzaro, Lorenzo [1 ]
Pibiri, Giulio Ermanno [1 ]
Prezza, Nicola [1 ]
机构
[1] Univ Ca Foscari Venezia, Venice, Italy
关键词
Machine Learning and Security; Robustness; Verification and Program Analysis for Machine Learning Models;
D O I
10.1145/3576915.3623100
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Verifying the robustness of machine learning models against evasion attacks at test time is an important research problem. Unfortunately, prior work established that this problem is NP-hard for decision tree ensembles, hence bound to be intractable for specific inputs. In this paper, we identify a restricted class of decision tree ensembles, called large-spread ensembles, which admit a security verification algorithm running in polynomial time. We then propose a new approach called verifiable learning, which advocates the training of such restricted model classes which are amenable for efficient verification. We show the benefits of this idea by designing a new training algorithm that automatically learns a large-spread decision tree ensemble from labelled data, thus enabling its security verification in polynomial time. Experimental results on public datasets confirm that large-spread ensembles trained using our algorithm can be verified in a matter of seconds, using standard commercial hardware. Moreover, large-spread ensembles are more robust than traditional ensembles against evasion attacks, at the cost of an acceptable loss of accuracy in the non-adversarial setting.
引用
收藏
页码:1850 / 1864
页数:15
相关论文
共 50 条
  • [1] Robust and Verifiable Privacy Federated Learning
    Lu, Zhi
    Lu, Songfeng
    Tang, Xueming
    Wu, Junjun
    [J]. IEEE Transactions on Artificial Intelligence, 2024, 5 (04): : 1895 - 1908
  • [2] Robust Counterfactual Explanations for Tree-Based Ensembles
    Dutta, Sanghamitra
    Long, Jason
    Mishra, Saumitra
    Tilli, Cecilia
    Magazzeni, Daniele
    [J]. INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 162, 2022,
  • [3] Feature partitioning for robust tree ensembles and their certification in adversarial scenarios
    Calzavara, Stefano
    Lucchese, Claudio
    Marcuzzi, Federico
    Orlando, Salvatore
    [J]. EURASIP JOURNAL ON INFORMATION SECURITY, 2021, 2021 (01)
  • [4] Algorithm of Neural Network Ensembles and Robust Learning
    Qian, Hai
    Fan, Youping
    [J]. ADVANCES IN NEURAL NETWORKS - ISNN 2009, PT 1, PROCEEDINGS, 2009, 5551 : 813 - 818
  • [5] Feature partitioning for robust tree ensembles and their certification in adversarial scenarios
    Stefano Calzavara
    Claudio Lucchese
    Federico Marcuzzi
    Salvatore Orlando
    [J]. EURASIP Journal on Information Security, 2021
  • [6] Cost-Aware Robust Tree Ensembles for Security Applications
    Chen, Yizheng
    Wang, Shiqi
    Jiang, Weifan
    Cidon, Asaf
    Jana, Suman
    [J]. PROCEEDINGS OF THE 30TH USENIX SECURITY SYMPOSIUM, 2021, : 2291 - 2308
  • [7] Interpretable, Verifiable, and Robust Reinforcement Learning via Program Synthesis
    Bastani, Osbert
    Inala, Jeevana Priya
    Solar-Lezama, Armando
    [J]. XXAI - BEYOND EXPLAINABLE AI: International Workshop, Held in Conjunction with ICML 2020, July 18, 2020, Vienna, Austria, Revised and Extended Papers, 2022, 13200 : 207 - 228
  • [8] PLANET: Massively Parallel Learning of Tree Ensembles with MapReduce
    Panda, Biswanath
    Herbach, Joshua S.
    Basu, Sugato
    Bayardo, Roberto J.
    [J]. PROCEEDINGS OF THE VLDB ENDOWMENT, 2009, 2 (02): : 1426 - 1437
  • [9] Adaptive Rotation Forests: Decision Tree Ensembles for Sequential Learning
    Sugawara, Yu
    Oyama, Satoshi
    Kurihara, Masahito
    [J]. 2021 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN, AND CYBERNETICS (SMC), 2021, : 613 - 618
  • [10] Flexible Modeling and Multitask Learning using Differentiable Tree Ensembles
    Ibrahim, Shibal
    Hazimeh, Hussein
    Mazumder, Rahul
    [J]. PROCEEDINGS OF THE 28TH ACM SIGKDD CONFERENCE ON KNOWLEDGE DISCOVERY AND DATA MINING, KDD 2022, 2022, : 666 - 675