Timezone: »

On Collective Robustness of Bagging Against Data Poisoning
Ruoxin Chen · Zenan Li · Jie Li · Junchi Yan · Chentao Wu

Tue Jul 19 08:45 AM -- 08:50 AM (PDT) @ Room 327 - 329

Bootstrap aggregating (bagging) is an effective ensemble protocol, which is believed can enhance robustness by its majority voting mechanism. Recent works further prove the sample-wise robustness certificates for certain forms of bagging (e.g. partition aggregation). Beyond these particular forms, in this paper, we propose the first collective certification for general bagging to compute the tight robustness against the global poisoning attack. Specifically, we compute the maximum number of simultaneously changed predictions via solving a binary integer linear programming (BILP) problem. Then we analyze the robustness of vanilla bagging and give the upper bound of the tolerable poison budget. Based on this analysis, we propose hash bagging to improve the robustness of vanilla bagging almost for free. This is achieved by modifying the random subsampling in vanilla bagging to a hash-based deterministic subsampling, as a way of controlling the influence scope for each poisoning sample universally. Our extensive experiments show the notable advantage in terms of applicability and robustness. Our code is available at https://github.com/Emiyalzn/ICML22-CRB.

Author Information

Ruoxin Chen (Shanghai Jiao Tong University)
Zenan Li (Shanghai Jiao Tong University)
Jie Li (Shanghai Jiao Tong University)
Junchi Yan (Shanghai Jiao Tong University)
Chentao Wu (Shanghai Jiao Tong University)

Related Events (a corresponding poster, oral, or spotlight)

More from the Same Authors