Quantifying probabilistic robustness of tree-based classifiers against natural distortions
Abstract: The concept of trustworthy AI has gained widespread attention lately. One of the aspects relevant to trustworthy AI is robustness of ML models. In this study, we show how to probabilistically quantify robustness against naturally occurring distortions of input data for tree-based classifiers under the assumption that the natural distortions can be described by multivariate probability distributions that can be transformed to multivariate normal distributions. The idea is to extract the decision rules of a trained tree-based classifier, separate the feature space into non-overlapping regions and determine the probability that a data sample with distortion returns its predicted label. The approach is based on the recently introduced measure of ``real-world-robustness'', which works for all black box classifiers, but is only an approximation, whereas our proposed method gives an exact measure.
Submission Length: Regular submission (no more than 12 pages of main content)
Previous TMLR Submission Url: https://openreview.net/forum?id=OZrV5j07UU&referrer=%5BTMLR%5D(%2Fgroup%3Fid%3DTMLR)
Changes Since Last Submission: Dear Editors-in-chief,
This is a resubmission of the paper named "Real-world-robustness of tree-based classifiers”, submitted to Transactions on Machine Learning Research, Submission Number 379. The original paper was rejected, and it was recommended that we prepare a significant revision in light of the action editors' comments.
Our new manuscript takes full account of the comments. Specifically, we
- changed the framing of our study. Instead of using the term “real-world-robustness”, we now use “probabilistic robustness”. This is reflected both in the title and throughout the manuscript.
- expanded the discussion of how our method differs from other previously published matters, including Weng et al. (2019) [1].
- make clear for which types of multivariate non-normal probability distributions our method works. This is now mentioned both in the abstract and the conclusion section, as well as discussed in detail in the methods section.
Please note that the numerical results for the experiment in Section 4.1 changed (Table 1) since we ran the experiments again to also correct the wording in Figure 4 on the x-axis from “Real-world-robustness" to “Probabilistic robustness”, but did not get the same results as before as we did not use a random seed initially. This does not change the conclusion from the experiments.
We included a version of our manuscript with tracked changes as Supplementary Material, where removed parts are crossed out and in red, while corrections are marked in blue, showing the difference to the original submission.
Kind regards,
The authors
[1] Weng, Lily, et al. "PROVEN: Verifying robustness of neural networks with a probabilistic approach." International Conference on Machine Learning. PMLR, 2019.
Assigned Action Editor: ~Krishnamurthy_Dvijotham2
Submission Number: 646
Loading