Beyond Robustness: Resilience Verification of Tree-Based Classifiers

TL;DR

This paper introduces the concept of resilience as a new measure for evaluating the security of tree-based classifiers against adversarial attacks, and presents a verification method combining robustness and stability analysis.

Contribution

It proposes a novel resilience measure and a formal, data-independent stability analysis for decision trees, enhancing security assessment of tree-based models.

Findings

Resilience verification is practical and effective.

The method improves security assessment of decision tree models.

Experimental results validate the approach on public datasets.

Abstract

In this paper we criticize the robustness measure traditionally employed to assess the performance of machine learning models deployed in adversarial settings. To mitigate the limitations of robustness, we introduce a new measure called resilience and we focus on its verification. In particular, we discuss how resilience can be verified by combining a traditional robustness verification technique with a data-independent stability analysis, which identifies a subset of the feature space where the model does not change its predictions despite adversarial manipulations. We then introduce a formally sound data-independent stability analysis for decision trees and decision tree ensembles, which we experimentally assess on public datasets and we leverage for resilience verification. Our results show that resilience verification is useful and feasible in practice, yielding a more reliable security assessment of both standard and robust decision tree models.