nach oben

World Wide Web

Erschienen in:

20.04.2020

Decision-based evasion attacks on tree ensemble classifiers

verfasst von: Fuyong Zhang, Yi Wang, Shigang Liu, Hua Wang

Erschienen in: World Wide Web | Ausgabe 5/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Learning-based classifiers are found to be susceptible to adversarial examples. Recent studies suggested that ensemble classifiers tend to be more robust than single classifiers against evasion attacks. In this paper, we argue that this is not necessarily the case. In particular, we show that a discrete-valued random forest classifier can be easily evaded by adversarial inputs manipulated based only on the model decision outputs. The proposed evasion algorithm is gradient free and can be fast implemented. Our evaluation results demonstrate that random forests can be even more vulnerable than SVMs, either single or ensemble, to evasion attacks under both white-box and the more realistic black-box settings.

Vorheriger Artikel End-to-end relation extraction based on bootstrapped multi-level distant supervision

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

http://pdfrate.com/

http://www.gurobi.com

Androutsopoulos, I., Paliouras, G., Michelakis, E: Learning to Filter Unsolicited Commercial E-mail. “DEMOKRITOS” National Center for Scientific Research (2004)

Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: International Conference on Machine Learning, pp 274–283 (2018)

Biggio, B., Roli, F.: Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recogn. 84, 317–331 (2018)CrossRef

Biggio, B., Fumera, G., Roli, F.: Multiple classifier systems for robust classifier design in adversarial environments. Int. J. Mach. Learn. Cybern. 1(1-4), 27–41 (2010)CrossRef

Biggio, B., Corona, I., Maiorca, D., Nelson, B., ŠrndiĆ, N., Laskov, P., Giacinto, G., Roli, F.: Evasion attacks against machine learning at test time. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pp 387–402 (2013)

Brendel, W., Rauber, J., Bethge, M.: Decision-Based Adversarial Attacks: Reliable Attacks against Black-Box Machine Learning Models. In: International Conference on Learning Representations (2018)

Calzavara, S., Lucchese, C., Tolomei, G., Abebe, S.A., Orlando, S.: Treant:, Training evasion-aware decision trees. arXiv:1907.01197 (2019)

Carlini, N., Wagner, D.: Towards Evaluating the Robustness of Neural Networks. In: IEEE Symposium on Security and Privacy, pp 39–57 (2017)

Carlini, N., Athalye, A., Papernot, N., Brendel, W., Rauber, J., Tsipras, D., Goodfellow, I., Madry, A.: On evaluating adversarial robustness. arXiv:1902.06705 (2019)

10.

Chang, C.C., Lin, C.J.: Libsvm: a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2(3), 1–27 (2011)CrossRef

11.

Cheng, M., Le, T., Chen, P.Y., Zhang, H., Yi, J., Hsieh, C.J.: Query-efficient hard-label black-box attack: an optimization-based approach. In: International Conference on Learning Representation (2019)

12.

Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: International Conference on Learning Representations (2015)

13.

Ho, T.K.: The random subspace method for constructing decision forests. IEEE Trans. Pattern Anal. Mach. Intell. 20(8), 832–844 (1998)CrossRef

14.

Ho, T.K.: A data complexity analysis of comparative advantages of decision forest constructors. Pattern Analysis & Applications 5(2), 102–112 (2002)MathSciNetCrossRef

15.

Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.: Adversarial machine learning. In: ACM Workshop on Security and Artificial Intelligence, pp 43–58 (2011)

16.

Ilyas, A., Engstrom, L., Athalye, A., Lin, J.: Black-Box Adversarial Attacks with Limited Queries and Information. In: International Conference on Machine Learning, pp 2137–2146 (2018)

17.

Kantchelian, A., Tygar, J., Joseph, A.: Evasion and hardening of tree ensemble classifiers. In: International Conference on Machine Learning, pp 2387–2396 (2016)

18.

Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale. In: International Conference on Learning Representations (2017)

19.

LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)CrossRef

20.

Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: Deepfool: a Simple and Accurate Method to Fool Deep Neural Networks. In: IEEE Conference on Computer Vision and Pattern Recognition, pp 2574–2582 (2016)

21.

Mujtaba, G., Shuib, L., Raj, R.G., Majeed, N., Al-Garadi, M.A.: Email classification research trends: review and open issues. IEEE Access 5, 9044–9064 (2017)CrossRef

22.

Papernot, N., McDaniel, P., Sinha, A., Wellman, M.: Towards the science of security and privacy in machine learning. arXiv:1611.03814 (2016)

23.

Smutz, C., Stavrou, A.: When a tree falls: using diversity in ensemble classifiers to identify evasion in malware detectors. In: Network and Distributed System Security Symposium (2016)

24.

Šrndic, N., Laskov, P.: Practical evasion of a learning-based classifier: a case study. In: IEEE Symposium on Security and Privacy, pp 197–211 (2014)

25.

Wu, L., Zhu, Z., Tai, C., et al.: Understanding and enhancing the transferability of adversarial examples. arXiv:1802.09707 (2018)

26.

Zhang, F., Chan, P.P., Biggio, B., Yeung, D.S., Roli, F.: Adversarial feature selection against evasion attacks. IEEE Trans. Cybern. 46(3), 766–777 (2016)CrossRef

27.

Zhang, F.Y., Wang, Y., Wang, H.: Gradient Correlation: are ensemble classifiers more robust against evasion attacks in practical settings?. In: International Conference on Web Information Systems Engineering. pp. 96–110 (2018)

28.

Zhou, Z.H.: Ensemble methods: foundations and algorithms. CRC Press, Boca Raton (2012)CrossRef

Titel: Decision-based evasion attacks on tree ensemble classifiers
verfasst von: Fuyong Zhang
Yi Wang
Shigang Liu
Hua Wang
Publikationsdatum: 20.04.2020
Verlag: Springer US
Erschienen in: World Wide Web / Ausgabe 5/2020
Print ISSN: 1386-145X
Elektronische ISSN: 1573-1413
DOI: https://doi.org/10.1007/s11280-020-00813-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 5/2020

Knowledge graph construction from multiple online encyclopedias

Fine-grained emotion classification of Chinese microblogs based on graph convolution networks

End-to-end relation extraction based on bootstrapped multi-level distant supervision

Decentralized Knowledge Acquisition for Mobile Internet Applications

Embedding geographic information for anomalous trajectory detection

Preface to the special issue on web information systems engineering (WISE 2018)

Premium Partner