Data cleaning is crucial but often laborious in most machine learning (ML) applications. However, task-agnostic data cleaning is sometimes unnecessary if certain inconsistencies in the dirty data will not affect the prediction of ML models to the test points. A test point is certifiably robust for an ML classifier if the prediction remains the same regardless of which (among exponentially many) cleaned dataset it is trained on. In this paper, we study certifiable robustness for the Naive Bayes classifier (NBC) on dirty datasets with missing values. We present (i) a linear time algorithm in the number of entries in the dataset that decides whether a test point is certifiably robust for NBC, (ii) an algorithm that counts for each label, the number of cleaned datasets on which the NBC can be trained to predict that label, and (iii) an efficient optimal algorithm that poisons a clean dataset by inserting the minimum number of missing values such that a test point is not certifiably robust for NBC. We prove that (iv) poisoning a clean dataset such that multiple test points become certifiably non-robust is NP-hard for any dataset with at least three features. Our experiments demonstrate that our algorithms for the decision and data poisoning problems achieve up to $19.5\times$ and $3.06\times$ speed-up over the baseline algorithms across different real-world datasets.

翻译：数据清洗在大多数机器学习应用中至关重要，但通常耗时费力。然而，对于任务无关的数据清洗，若脏数据中的某些不一致性不会影响ML模型对测试点的预测，则有时并非必要。若一个测试点无论基于哪个（指数级数量的）清洗后数据集进行训练，其预测结果均保持不变，则该测试点对ML分类器具有可认证鲁棒性。本文研究了含缺失值脏数据集上朴素贝叶斯分类器的可认证鲁棒性。我们提出了：(i) 一种基于数据集条目数的线性时间算法，用于判定测试点对NBC是否可认证鲁棒；(ii) 一种计数算法，可统计每个标签对应的、能使NBC训练后预测该标签的清洗后数据集数量；(iii) 一种高效最优算法，通过插入最少缺失值污染干净数据集，使得测试点对NBC不可认证鲁棒。我们证明：(iv) 对于至少包含三个特征的任意数据集，污染干净数据集使得多个测试点同时变得不可认证鲁棒是NP-hard问题。实验表明，在多个真实数据集上，我们的决策与数据污染算法相较于基线算法分别实现了最高$19.5\times$和$3.06\times$的加速比。