Treant: Training Evasion-Aware Decision Trees
| Autor: | Stefano Calzavara, Seyum Assefa Abebe, Gabriele Tolomei, Salvatore Orlando, Claudio Lucchese |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2019 |
| Předmět: |
FOS: Computer and information sciences
Computer Science - Machine Learning Computer Science - Cryptography and Security Computer Networks and Communications Computer science Robust learning media_common.quotation_subject Decision tree Evasion (network security) Decision tree ensembles Machine Learning (stat.ML) 02 engineering and technology Adversarial machine learning Machine learning computer.software_genre Machine Learning (cs.LG) Statistics - Machine Learning 020204 information systems 0202 electrical engineering electronic engineering information engineering Function (engineering) media_common Soundness Settore INF/01 - Informatica business.industry Decision tree learning Computer Science Applications Tree (data structure) Threat model Key (cryptography) 020201 artificial intelligence & image processing Artificial intelligence business Cryptography and Security (cs.CR) computer Information Systems |
| Popis: | Despite its success and popularity, machine learning is now recognized as vulnerable to evasion attacks, i.e., carefully crafted perturbations of test inputs designed to force prediction errors. In this paper we focus on evasion attacks against decision tree ensembles, which are among the most successful predictive models for dealing with non-perceptual problems. Even though they are powerful and interpretable, decision tree ensembles have received only limited attention by the security and machine learning communities so far, leading to a sub-optimal state of the art for adversarial learning techniques. We thus propose Treant, a novel decision tree learning algorithm that, on the basis of a formal threat model, minimizes an evasion-aware loss function at each step of the tree construction. Treant is based on two key technical ingredients: robust splitting and attack invariance, which jointly guarantee the soundness of the learning process. Experimental results on three publicly available datasets show that Treant is able to generate decision tree ensembles that are at the same time accurate and nearly insensitive to evasion attacks, outperforming state-of-the-art adversarial learning techniques. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|