Decision-based evasion attacks on tree ensemble classifiers

  • PDF / 1,979,471 Bytes
  • 21 Pages / 439.642 x 666.49 pts Page_size
  • 31 Downloads / 195 Views

DOWNLOAD

REPORT

Decision-based evasion attacks on tree ensemble classifiers Fuyong Zhang1 · Yi Wang1

· Shigang Liu2 · Hua Wang3

Received: 26 March 2019 / Revised: 7 February 2020 / Accepted: 30 March 2020 / © Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract Learning-based classifiers are found to be susceptible to adversarial examples. Recent studies suggested that ensemble classifiers tend to be more robust than single classifiers against evasion attacks. In this paper, we argue that this is not necessarily the case. In particular, we show that a discrete-valued random forest classifier can be easily evaded by adversarial inputs manipulated based only on the model decision outputs. The proposed evasion algorithm is gradient free and can be fast implemented. Our evaluation results demonstrate that random forests can be even more vulnerable than SVMs, either single or ensemble, to evasion attacks under both white-box and the more realistic black-box settings. Keywords Adversarial machine learning · Tree ensemble classifiers · Evasion attacks.

1 Introduction Learning-based classifiers are leveraged to ensure system security such as biometric authentication, malware detection, and spam email filtering. In those applications, a discriminative This article belongs to the Topical Collection: Special Issue on Web Information Systems Engineering 2018 Guest Editors: Hakim Hacid, Wojciech Cellary, Hua Wang and Yanchun Zhang  Yi Wang

[email protected] Fuyong Zhang [email protected] Shigang Liu [email protected] Hua Wang [email protected] 1

Dongguan University of Technology, Dongguan, Guangdong, China

2

Swinburne University of Technology, Hawthorn, VIC 3122, Australia

3

Institute for Sustainable Industries & Liveable Cities, VU Research, Victoria University, Footscray, Australia

World Wide Web

probabilistic model is typically trained to maximize the conditional probability p(y|x) of the output labels y given a multi-variable input x. To prevent overfitting and ameliorate complex trade-offs among weights, an ensemble approach, instead of a single complex model, can be adopted by constructing a multitude of weaker classifiers and aggregating their results to produce the predicted labels yˆ [28]. In particular, decision trees are commonly used in ensemble methods to facilitate stochastic discrimination by combining “bagging” and random selection of features. They are among those most widely deployed techniques in real-world systems, especially in data mining and security applications, due to their flexibility, resilience and interpretability along with competitive performance. Despite their success in application deployment, decision tree ensemble classifiers have received limited attention to their own security aspects. Unlike operating in static environments, recent studies have shown that adversarial machine learning can compromise conventional classifiers [5]. In the adversarial setting, intelligent attackers may access the learning-based classifiers and adapt their attacks to the system accor

Data Loading...

Recommend Documents
Predicting Energy Demands Constructed on Ensemble of Classifiers

198 49 31MB

Assessing Adaptive Attacks Against Trained JavaScript Classifiers

172 98 34MB

A Homogeneous-Heterogeneous Ensemble of Classifiers

151 57 73MB

Certifying Decision Trees Against Evasion Attacks by Program Analysis

188 92 39MB

Decision Tree and Ensemble Learning Based on Ant Colony Optimization

200 24 5MB

Ensemble of Binary Classifiers Combined Using Recurrent Correlation Associative Memories

170 103 64MB

Classification of Diffuse Lung Diseases Using Heterogeneous Ensemble Classifiers

186 60 8MB

Pattern Recognition of Time-Varying Signals Using Ensemble Classifiers

165 27 295KB

Multiclass Ensemble of One-against-all SVM Classifiers

178 78 53MB

A Scalable Mixture Model Based Defense Against Data Poisoning Attacks on Classifiers

200 38 35MB

The classification of imbalanced large data sets based on MapReduce and ensemble of ELM classifiers

177 62 1MB

Resilient Machine Learning (rML) Ensemble Against Adversarial Machine Learning Attacks

189 50 35MB