Genetic Adversarial Training of Decision Trees
Francesco Ranzato, Marco Zanella
TL;DR
This paper introduces a genetic algorithm-based method for training decision trees that maximizes accuracy and robustness against adversarial attacks, using formal verification for robustness guarantees.
Contribution
It presents a novel genetic adversarial training approach for decision trees that incorporates formal robustness verification, improving model robustness and interpretability.
Findings
MS trains more robust decision trees than existing methods.
The models are more compact and interpretable.
Experimental results outperform current adversarial training techniques.
Abstract
We put forward a novel learning methodology for ensembles of decision trees based on a genetic algorithm which is able to train a decision tree for maximizing both its accuracy and its robustness to adversarial perturbations. This learning algorithm internally leverages a complete formal verification technique for robustness properties of decision trees based on abstract interpretation, a well known static program analysis technique. We implemented this genetic adversarial training algorithm in a tool called Meta-Silvae (MS) and we experimentally evaluated it on some reference datasets used in adversarial training. The experimental results show that MS is able to train robust models that compete with and often improve on the current state-of-the-art of adversarial training of decision trees while being much more compact and therefore interpretable and efficient tree models.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.