Name
Abstract | ||
|---|---|---|
Despite its success and popularity, machine learning is now recognized as vulnerable toevasion attacks, i.e., carefully crafted perturbations of test inputs designed to force prediction errors. In this paper we focus on evasion attacks against decision tree ensembles, which are among the most successful predictive models for dealing with non-perceptual problems. Even though they are powerful and interpretable, decision tree ensembles have received only limited attention by the security and machine learning communities so far, leading to a sub-optimal state of the art for adversarial learning techniques. We thus proposeTreant, a novel decision tree learning algorithm that, on the basis of a formal threat model, minimizes an evasion-aware loss function at each step of the tree construction.Treantis based on two key technical ingredients:robust splittingandattack invariance, which jointly guarantee the soundness of the learning process. Experimental results on publicly available datasets show thatTreantis able to generate decision tree ensembles that are at the same time accurate and nearly insensitive to evasion attacks, outperforming state-of-the-art adversarial learning techniques. |
Year | DOI | Venue |
|---|---|---|
2020 | 10.1007/s10618-020-00694-9 | DATA MINING AND KNOWLEDGE DISCOVERY |
Keywords | DocType | Volume |
Adversarial machine learning,Robust learning,Decision tree ensembles | Journal | 34.0 |
Issue | ISSN | Citations |
SP5 | 1384-5810 | 1 |
PageRank | References | Authors |
0.37 | 29 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Stefano Calzavara | 1 | 204 | 19.81 |
| Claudio Lucchese | 2 | 1104 | 73.76 |
| Gabriele Tolomei | 3 | 183 | 12.16 |
| Abebe Seyum Assefa | 4 | 1 | 0.37 |
| Salvatore Orlando | 5 | 1595 | 202.29 |