Using Randomness to Improve Robustness of Tree-based Models Against Evasion Attacks

Thumbnail Image

Files

Using Randomness to Improve Robustness of Tree-based Models Against Evasion Attacks.pdf (713.14 KB)

Links to Files

https://dl.acm.org/doi/10.1145/3309182.3309186

Permanent Link

https://doi.org/10.1145/3309182.3309186
 http://hdl.handle.net/11603/29599

Collections

UMBC Information Systems Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

https://orcid.org/0000-0002-4113-764X
 https://orcid.org/0000-0002-6984-7248

Date

2019-03-13

Type of Work

conference papers and proceedings
preprints
Text

Department

Program

Citation of Original Publication

Yang, Fan, Zhiyuan Chen, and Aryya Gangopadhyay. “Using Randomness to Improve Robustness of Tree-Based Models Against Evasion Attacks.” In Proceedings of the ACM International Workshop on Security and Privacy Analytics, 25–35. IWSPA ’19. New York, NY, USA: Association for Computing Machinery, 2019. https://doi.org/10.1145/3309182.3309186.

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

Evasion attacks
Machine learning
Adversarial learning
Intrusion detection
Spam filtering

Abstract

Machine learning models have been widely used in security applications. However, it is well-known that adversaries can adapt their attacks to evade detection. There has been some work on making machine learning models more robust to such attacks. However, one simple but promising approach called randomization is under-explored. In addition, most existing works focus on models with differentiable error functions while tree-based models do not have such error functions but are quite popular because they are easy to interpret. This paper proposes a novel randomization-based approach to improve robustness of tree-based models against evasion attacks. The proposed approach incorporates randomization into both model training time and model application time (meaning when the model is used to detect attacks). We also apply this approach to random forest, an existing ML method which already has incorporated randomness at training time but still often fails to generate robust models. We proposed a novel weighted-random-forest method to generate more robust models and a clustering method to add randomness at model application time. Experiments on intrusion detection and spam filtering data show that our approach further improves robustness of random-forest method.