pith. sign in

arxiv: 1509.07892 · v2 · pith:GOAKAR65new · submitted 2015-09-25 · 💻 cs.LG · cs.CR· stat.ML

Evasion and Hardening of Tree Ensemble Classifiers

classification 💻 cs.LG cs.CRstat.ML
keywords treealgorithmboostedinstanceboostingclassifierensemblesevading
0
0 comments X
read the original abstract

Classifier evasion consists in finding for a given instance $x$ the nearest instance $x'$ such that the classifier predictions of $x$ and $x'$ are different. We present two novel algorithms for systematically computing evasions for tree ensembles such as boosted trees and random forests. Our first algorithm uses a Mixed Integer Linear Program solver and finds the optimal evading instance under an expressive set of constraints. Our second algorithm trades off optimality for speed by using symbolic prediction, a novel algorithm for fast finite differences on tree ensembles. On a digit recognition task, we demonstrate that both gradient boosted trees and random forests are extremely susceptible to evasions. Finally, we harden a boosted tree model without loss of predictive accuracy by augmenting the training set of each boosting round with evading instances, a technique we call adversarial boosting.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.