Genetic Adversarial Training of Decision Trees
This work addresses the problem of improving the robustness and interpretability of decision trees for practitioners working with adversarial examples.
This paper introduces a genetic algorithm to train decision tree ensembles, optimizing for both accuracy and robustness against adversarial perturbations. The resulting models from their Meta-Silvae tool compete with and often improve upon state-of-the-art adversarial training for decision trees, while being more compact, interpretable, and efficient.
We put forward a novel learning methodology for ensembles of decision trees based on a genetic algorithm which is able to train a decision tree for maximizing both its accuracy and its robustness to adversarial perturbations. This learning algorithm internally leverages a complete formal verification technique for robustness properties of decision trees based on abstract interpretation, a well known static program analysis technique. We implemented this genetic adversarial training algorithm in a tool called Meta-Silvae (MS) and we experimentally evaluated it on some reference datasets used in adversarial training. The experimental results show that MS is able to train robust models that compete with and often improve on the current state-of-the-art of adversarial training of decision trees while being much more compact and therefore interpretable and efficient tree models.