{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T02:45:18Z","timestamp":1774838718394,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,6,11]],"date-time":"2020-06-11T00:00:00Z","timestamp":1591833600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,6,11]]},"DOI":"10.1145\/3385412.3385975","type":"proceedings-article","created":{"date-parts":[[2020,6,7]],"date-time":"2020-06-07T01:40:10Z","timestamp":1591494010000},"page":"1083-1097","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Proving data-poisoning robustness in decision trees"],"prefix":"10.1145","author":[{"given":"Samuel","family":"Drews","sequence":"first","affiliation":[{"name":"University of Wisconsin-Madison, USA"}]},{"given":"Aws","family":"Albarghouthi","sequence":"additional","affiliation":[{"name":"University of Wisconsin-Madison, USA"}]},{"given":"Loris","family":"D'Antoni","sequence":"additional","affiliation":[{"name":"University of Wisconsin-Madison, USA"}]}],"member":"320","published-online":{"date-parts":[[2020,6,11]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.5555\/3016100.3016102"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314614"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/3042573.3042761"},{"key":"e_1_3_2_1_4_1","volume-title":"Classification and regression trees","author":"Breiman Leo","unstructured":"Leo Breiman. 2017. Classification and regression trees. Routledge."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939785"},{"key":"e_1_3_2_1_7_1","volume-title":"Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526","author":"Chen Xinyun","year":"2017","unstructured":"Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/512950.512973"},{"key":"e_1_3_2_1_9_1","unstructured":"Ilias. Diakonikolas Gautam. Kamath Daniel. Kane Jerry. Li Ankur. Moitra and Alistair. Stewart. 2019."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1137\/17M1126680"},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the 36th International Conference on Machine Learning, ICML 2019","volume":"97","author":"Diakonikolas Ilias","year":"2019","unstructured":"Ilias Diakonikolas, Gautam Kamath, Daniel Kane, Jerry Li, Jacob Steinhardt, and Alistair Stewart. 2019. Sever: A Robust Meta-Algorithm for Stochastic Optimization. In Proceedings of the 36th International Conference on Machine Learning, ICML 2019, 9-15 June 2019, Long Beach, California, USA (Proceedings of Machine Learning Research), Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.), Vol. 97. PMLR, 1596\u20131606. http:\/\/proceedings.mlr.press\/v97\/diakonikolas19a.html"},{"key":"e_1_3_2_1_12_1","volume-title":"Kane","author":"Diakonikolas Ilias","year":"2019","unstructured":"Ilias Diakonikolas and Daniel M. Kane. 2019. Recent Advances in Algorithmic High-Dimensional Robust Statistics. CoRR abs\/1911.05911 (2019). arXiv: 1911.05911 http:\/\/arxiv.org\/abs\/1911.05911"},{"key":"e_1_3_2_1_13_1","volume-title":"Proving Data-Poisoning Robustness in Decision Trees. CoRR abs\/1912.00981","author":"Drews Samuel","year":"2019","unstructured":"Samuel Drews, Aws Albarghouthi, and Loris D\u2019Antoni. 2019. Proving Data-Poisoning Robustness in Decision Trees. CoRR abs\/1912.00981 (2019). arXiv: 1912.00981 http:\/\/arxiv.org\/abs\/1912.00981"},{"key":"e_1_3_2_1_14_1","unstructured":"Dheeru Dua and Casey Graff. 2017. UCI Machine Learning Repository. http:\/\/archive.ics.uci.edu\/ml"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74958-5_15"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00058"},{"key":"e_1_3_2_1_17_1","unstructured":"00058"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63387-9_5"},{"key":"e_1_3_2_1_19_1","volume-title":"Curie: A method for protecting SVM Classifier from Poisoning Attack. CoRR abs\/1606.01584","author":"Laishram Ricky","year":"2016","unstructured":"Ricky Laishram and Vir Virander Phoha. 2016. Curie: A method for protecting SVM Classifier from Poisoning Attack. CoRR abs\/1606.01584 (2016). arXiv: 1606.01584 http:\/\/arxiv.org\/abs\/1606.01584"},{"key":"e_1_3_2_1_20_1","unstructured":"Yann LeCun Corinna Cortes and Christopher J. C. Burges. [n.d.]. The MNIST Database of handwritten digits. http:\/\/yann.lecun.com\/exdb\/ mnist"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/775047.775131"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/2886521.2886721"},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan","author":"Mirman Matthew","year":"2018","unstructured":"Matthew Mirman, Timon Gehr, and Martin T. Vechev. 2018. Differentiable Abstract Interpretation for Provably Robust Neural Networks. In Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan, Stockholm, Sweden, July 10-15, 2018 (Proceedings of Machine Learning Research), Jennifer G. Dy and Andreas Krause (Eds.), Vol. 80. PMLR, 3575\u20133583. http:\/\/proceedings.mlr.press\/v80\/mirman18b.html"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666661"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/11551188_11"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0020-7373(87)80053-6"},{"key":"e_1_3_2_1_27_1","volume-title":"Induction of decision trees. Machine learning 1, 1","author":"Quinlan J. Ross","year":"1986","unstructured":"J. Ross Quinlan. 1986. Induction of decision trees. Machine learning 1, 1 (1986), 81\u2013106."},{"key":"e_1_3_2_1_28_1","volume-title":"Programs for machine learning. The Morgan Kaufmann Series in Machine Learning","author":"Quinlan J Ross","year":"1993","unstructured":"J Ross Quinlan. 1993. C4.5: Programs for machine learning. The Morgan Kaufmann Series in Machine Learning, San Mateo, CA: Morgan Kaufmann,| c1993 (1993)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i04.5998"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290354"},{"key":"e_1_3_2_1_31_1","volume-title":"Pang Wei W Koh, and Percy S Liang","author":"Steinhardt Jacob","year":"2017","unstructured":"Jacob Steinhardt, Pang Wei W Koh, and Percy S Liang. 2017. Certified defenses for data poisoning attacks. In Advances in neural information processing systems. 3517\u20133529."},{"key":"e_1_3_2_1_32_1","volume-title":"2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, April 14-16, 2014, Conference Track Proceedings.","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian J. Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In 2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, April 14-16, 2014, Conference Track Proceedings."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF00993473"},{"key":"e_1_3_2_1_34_1","volume-title":"27th {USENIX} Security Symposium ({USENIX} Security 18). 1599\u20131614.","author":"Wang Shiqi","unstructured":"Shiqi Wang, Kexin Pei, Justin Whitehouse, Junfeng Yang, and Suman Jana. 2018. Formal security analysis of neural networks using symbolic intervals. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 1599\u20131614."},{"key":"e_1_3_2_1_35_1","volume-title":"UK Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan","author":"Wang Yizhen","year":"2018","unstructured":"Yizhen Wang, Somesh Jha, and Kamalika Chaudhuri. 2018. Analyzing the Robustness of Nearest Neighbors to Adversarial Examples. In Proving Data-Poisoning Robustness in Decision Trees PLDI \u201920, June 15\u201320, 2020, London, UK Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan, Stockholm, Sweden, July 10-15, 2018."},{"key":"e_1_3_2_1_36_1","unstructured":"5120\u20135129."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan","author":"Wong Eric","year":"2018","unstructured":"Eric Wong and J. Zico Kolter. 2018. Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope. In Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan, Stockholm, Sweden, July 10-15, 2018 (Proceedings of Machine Learning Research), Jennifer G. Dy and Andreas Krause (Eds.), Vol. 80. PMLR, 5283\u20135292. http:\/\/proceedings.mlr. press\/v80\/wong18a.html"},{"key":"e_1_3_2_1_38_1","volume-title":"International Conference on Machine Learning. 1689\u2013 1698","author":"Xiao Huang","year":"2015","unstructured":"Huang Xiao, Battista Biggio, Gavin Brown, Giorgio Fumera, Claudia Eckert, and Fabio Roli. 2015. Is feature selection secure against training data poisoning?. In International Conference on Machine Learning. 1689\u2013 1698."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2014.08.081"}],"event":{"name":"PLDI '20: 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation","location":"London UK","acronym":"PLDI '20","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages"]},"container-title":["Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3385412.3385975","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3385412.3385975","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:41:14Z","timestamp":1750200074000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3385412.3385975"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,11]]},"references-count":39,"alternative-id":["10.1145\/3385412.3385975","10.1145\/3385412"],"URL":"https:\/\/doi.org\/10.1145\/3385412.3385975","relation":{},"subject":[],"published":{"date-parts":[[2020,6,11]]},"assertion":[{"value":"2020-06-11","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}