References & Citations
Computer Science > Cryptography and Security
Title: Cost-Aware Robust Tree Ensembles for Security Applications
(Submitted on 3 Dec 2019 (v1), last revised 23 Feb 2021 (this version, v5))
Abstract: There are various costs for attackers to manipulate the features of security classifiers. The costs are asymmetric across features and to the directions of changes, which cannot be precisely captured by existing cost models based on $L_p$-norm robustness. In this paper, we utilize such domain knowledge to increase the attack cost of evading classifiers, specifically, tree ensemble models that are widely used by security tasks. We propose a new cost modeling method to capture the feature manipulation cost as constraint, and then we integrate the cost-driven constraint into the node construction process to train robust tree ensembles. During the training process, we use the constraint to find data points that are likely to be perturbed given the feature manipulation cost, and we use a new robust training algorithm to optimize the quality of the trees. Our cost-aware training method can be applied to different types of tree ensembles, including gradient boosted decision trees and random forest models. Using Twitter spam detection as the case study, our evaluation results show that we can increase the attack cost by 10.6X compared to the baseline. Moreover, our robust training method using cost-driven constraint can achieve higher accuracy, lower false positive rate, and stronger cost-aware robustness than the state-of-the-art training method using $L_\infty$-norm cost model. Our code is available at this https URL
Submission history
From: Yizheng Chen [view email][v1] Tue, 3 Dec 2019 02:02:59 GMT (473kb,D)
[v2] Thu, 21 May 2020 22:06:14 GMT (373kb,D)
[v3] Sat, 30 May 2020 18:04:40 GMT (373kb,D)
[v4] Tue, 8 Dec 2020 15:38:15 GMT (901kb,D)
[v5] Tue, 23 Feb 2021 02:07:27 GMT (2284kb,D)
Link back to: arXiv, form interface, contact.