Research on adversarial robustness is primarily focused on image and text data. Yet, many scenarios in which lack of robustness can result in serious risks, such as fraud detection, medical diagnosis, or recommender systems often do not rely on images or text but instead on tabular data. Adversarial robustness in tabular data poses two serious challenges. First, tabular datasets often contain categorical features, and therefore cannot be tackled directly with existing optimization procedures. Second, in the tabular domain, algorithms that are not based on deep networks are widely used and offer great performance, but algorithms to enhance robustness are tailored to neural networks (e.g. adversarial training). In this paper, we tackle both challenges. We present a method that allows us to train adversarially robust deep networks for tabular data and to transfer this robustness to other classifiers via universal robust embeddings tailored to categorical data. These embeddings, created using a bilevel alternating minimization framework, can be transferred to boosted trees or random forests making them robust without the need for adversarial training while preserving their high accuracy on tabular data. We show that our methods outperform existing techniques within a practical threat model suitable for tabular data.

翻译：对抗鲁棒性研究主要聚焦于图像和文本数据。然而，在欺诈检测、医疗诊断或推荐系统等缺乏鲁棒性可能引发严重风险的场景中，所处理的数据往往并非图像或文本，而是表格数据。表格数据的对抗鲁棒性面临两大挑战：首先，表格数据集通常包含类别特征，因此无法直接应用现有优化流程；其次，在表格数据领域，非深度网络算法（如梯度提升树、随机森林）广泛应用且性能优异，但增强鲁棒性的方法（如对抗训练）却专门针对神经网络设计。本文同时应对这两项挑战。我们提出一种方法，可针对表格数据训练具有对抗鲁棒性的深度网络，并通过面向类别数据的通用鲁棒嵌入将该鲁棒性迁移至其他分类器。这种基于双层交替最小化框架生成的嵌入可迁移至梯度提升树或随机森林，使其无需对抗训练即可获得鲁棒性，同时保持其在表格数据上的高精度。实验表明，在适用于表格数据的实用威胁模型下，我们的方法优于现有技术。