Faster Repeated Evasion Attacks in Tree Ensembles
About
Tree ensembles are one of the most widely used model classes. However, these models are susceptible to adversarial examples, i.e., slightly perturbed examples that elicit a misprediction. There has been significant research on designing approaches to construct such examples for tree ensembles. But this is a computationally challenging problem that often must be solved a large number of times (e.g., for all examples in a training set). This is compounded by the fact that current approaches attempt to find such examples from scratch. In contrast, we exploit the fact that multiple similar problems are being solved. Specifically, our approach exploits the insight that adversarial examples for tree ensembles tend to perturb a consistent but relatively small set of features. We show that we can quickly identify this set of features and use this knowledge to speedup constructing adversarial examples.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Evasion attack verification | covtype 10,000 examples (test) | Speedup25.4 | 8 | |
| Evasion attack verification | fMNIST (test) | Speedup7.6 | 8 | |
| Evasion attack verification | higgs 10,000 examples (test) | Speedup13.7 | 8 | |
| Evasion attack verification | miniboone 10,000 examples (test) | Speedup19.2 | 8 | |
| Evasion attack verification | mnist 10,000 examples (test) | Speedup9.8 | 8 | |
| Evasion attack verification | prostate 10,000 examples (test) | Speedup25.2 | 8 | |
| Evasion attack verification | roadsafety 10,000 examples (test) | Speedup35.9 | 8 | |
| Evasion attack verification | sensorless 10,000 examples (test) | Speedup5.4 | 8 | |
| Evasion attack verification | vehicle 10,000 examples (test) | Speedup19.9 | 8 | |
| Evasion attack verification | webspam 10,000 examples (test) | Speedup12.2 | 8 |