1 research outputs found
On -norm Robustness of Ensemble Stumps and Trees
Recent papers have demonstrated that ensemble stumps and trees could be
vulnerable to small input perturbations, so robustness verification and defense
for those models have become an important research problem. However, due to the
structure of decision trees, where each node makes decision purely based on one
feature value, all the previous works only consider the norm
perturbation. To study robustness with respect to a general norm
perturbation, one has to consider the correlation between perturbations on
different features, which has not been handled by previous algorithms. In this
paper, we study the problem of robustness verification and certified defense
with respect to general norm perturbations for ensemble decision
stumps and trees. For robustness verification of ensemble stumps, we prove that
complete verification is NP-complete for while polynomial
time algorithms exist for or . For we develop
an efficient dynamic programming based algorithm for sound verification of
ensemble stumps. For ensemble trees, we generalize the previous multi-level
robustness verification algorithm to norm. We demonstrate the first
certified defense method for training ensemble stumps and trees with respect to
norm perturbations, and verify its effectiveness empirically on real
datasets.Comment: ICML 202