(De-)Randomized Smoothing for Decision Stump Ensembles

METADATA ONLY

Author / Producer

Horváth, Miklós Z. Fischer, Marc

Date

2022

Publication Type

Conference Paper

ETH Bibliography

yes

Citations

Altmetric
METADATA ONLY

Data

Rights / License

Abstract

Tree-based models are used in many high-stakes application domains such as finance and medicine, where robustness and interpretability are of utmost importance. Yet, methods for improving and certifying their robustness are severely under-explored, in contrast to those focusing on neural networks. Targeting this important challenge, we propose deterministic smoothing for decision stump ensembles. Whereas most prior work on randomized smoothing focuses on evaluating arbitrary base models approximately under input randomization, the key insight of our work is that decision stump ensembles enable exact yet effiient evaluation via dynamic programming. Importantly, we obtain deterministic robustness certificates, even jointly over numerical and categorical features, a setting ubiquitous in the real world. Further, we derive an MLE-optimal training method for smoothed decision stumps under randomization and propose two boosting approaches to improve their provable robustness. An extensive experimental evaluation on computer vision and tabular data tasks shows that our approach yields signficantly higher certified accuracies than the state-of-the-art for tree-based models. We release all code and trained models at https://github.com/eth-sri/drs.

Permanent link

http://hdl.handle.net/20.500.11850/592014

Publication status

published

External links

https://proceedings.neurips.cc/paper_files/paper/2022/hash/146b4bab3f8536a07905f25d367b4924-Abstract-Conference.html north_east
https://nips.cc/virtual/2022/poster/53021 north_east

Editor

Koyejo, Sanmi north_east Mohamed, Shakir north_east Agarwal, Alekh north_east

Book title

Advances in Neural Information Processing Systems 35

Journal / series

Volume

Pages / Article No.

3066 - 3081

Publisher

Curran

Event

36th Annual Conference on Neural Information Processing Systems (NeurIPS 2022)

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

Adversarial Robustness; Certified Robustness; Randomized Smoothing

Organisational unit

03948 - Vechev, Martin / Vechev, Martin check_circle

Notes

Poster presentation on November 30, 2022.

Funding

Related publications and datasets

Is supplemented by: https://github.com/eth-sri/drs

More

Show all metadata