# Treant: Training Evasion-Aware Decision Trees

**Authors:** Stefano Calzavara, Claudio Lucchese, Gabriele Tolomei, Seyum Assefa, Abebe, Salvatore Orlando

arXiv: 1907.01197 · 2019-07-04

## TL;DR

Treant is a new decision tree learning algorithm designed to be robust against evasion attacks, achieving high accuracy and attack resistance by incorporating a formal threat model and specialized training techniques.

## Contribution

It introduces a novel evasion-aware training method for decision trees, combining robust splitting and attack invariance to improve adversarial robustness.

## Key findings

- Outperforms state-of-the-art adversarial techniques on multiple datasets.
- Produces decision trees that are both accurate and resistant to evasion attacks.
- Demonstrates the effectiveness of formal threat models in decision tree training.

## Abstract

Despite its success and popularity, machine learning is now recognized as vulnerable to evasion attacks, i.e., carefully crafted perturbations of test inputs designed to force prediction errors. In this paper we focus on evasion attacks against decision tree ensembles, which are among the most successful predictive models for dealing with non-perceptual problems. Even though they are powerful and interpretable, decision tree ensembles have received only limited attention by the security and machine learning communities so far, leading to a sub-optimal state of the art for adversarial learning techniques. We thus propose Treant, a novel decision tree learning algorithm that, on the basis of a formal threat model, minimizes an evasion-aware loss function at each step of the tree construction. Treant is based on two key technical ingredients: robust splitting and attack invariance, which jointly guarantee the soundness of the learning process. Experimental results on three publicly available datasets show that Treant is able to generate decision tree ensembles that are at the same time accurate and nearly insensitive to evasion attacks, outperforming state-of-the-art adversarial learning techniques.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.01197/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/1907.01197/full.md

## References

36 references — full list in the complete paper: https://tomesphere.com/paper/1907.01197/full.md

---
Source: https://tomesphere.com/paper/1907.01197