Tree ensembles are one of the most widely used model classes. However, these models are susceptible to adversarial examples, i.e., slightly perturbed examples that elicit a misprediction. There has been significant research on designing approaches to construct such examples for tree ensembles. But this is a computationally challenging problem that often must be solved a large number of times (e.g., for all examples in a training set). This is compounded by the fact that current approaches attempt to find such examples from scratch. In contrast, we exploit the fact that multiple similar problems are being solved. Specifically, our approach exploits the insight that adversarial examples for tree ensembles tend to perturb a consistent but relatively small set of features. We show that we can quickly identify this set of features and use this knowledge to speedup constructing adversarial examples.

翻译：树集成模型是最广泛使用的模型类别之一。然而，这类模型易受对抗样本的影响，即经过轻微扰动便能导致模型预测错误的样本。已有大量研究探索为树集成模型构建此类样本的方法。但这本质上是一个计算难题，且通常需要重复求解大量次数（例如针对训练集中的所有样本）。当前方法每次均需从零开始寻找此类样本，这进一步加剧了计算负担。与此相反，我们利用多个相似问题同时求解的特性。具体而言，我们的方法基于以下洞见：树集成模型的对抗样本倾向于扰动一组一致但规模较小的特征。我们证明了可以快速识别这组特征，并利用该知识加速对抗样本的构建过程。