Skip to yearly menu bar Skip to main content


Poster

Faster Repeated Evasion Attacks in Tree Ensembles

Lorenzo Cascioli · Laurens Devos · Ondrej Kuzelka · Jesse Davis

[ ]
Fri 13 Dec 11 a.m. PST — 2 p.m. PST

Abstract:

Tree ensembles are one of the most widely used model classes. However, these models are susceptible to adversarial examples, i.e., slightly perturbed examples that elicit a misprediction. There has been significant research on designing approaches to construct such examples for tree ensembles. But this is a computationally challenging problem that often must be solved a large number of times (e.g., for all examples in a training set). This is compounded by the fact that current approaches attempt to find such examples from scratch. In contrast, we exploit the fact that multiple similar problems are being solved. Specifically, our approach exploits the insight that adversarial examples for tree ensembles tend to perturb a consistent but relatively small set of features. We show that we can quickly identify this set of features and use this knowledge to speedup constructing adversarial examples.

Live content is unavailable. Log in and register to view live content