English

Cost-Aware Robust Tree Ensembles for Security Applications

Cryptography and Security 2021-02-24 v5 Machine Learning

Abstract

There are various costs for attackers to manipulate the features of security classifiers. The costs are asymmetric across features and to the directions of changes, which cannot be precisely captured by existing cost models based on LpL_p-norm robustness. In this paper, we utilize such domain knowledge to increase the attack cost of evading classifiers, specifically, tree ensemble models that are widely used by security tasks. We propose a new cost modeling method to capture the feature manipulation cost as constraint, and then we integrate the cost-driven constraint into the node construction process to train robust tree ensembles. During the training process, we use the constraint to find data points that are likely to be perturbed given the feature manipulation cost, and we use a new robust training algorithm to optimize the quality of the trees. Our cost-aware training method can be applied to different types of tree ensembles, including gradient boosted decision trees and random forest models. Using Twitter spam detection as the case study, our evaluation results show that we can increase the attack cost by 10.6X compared to the baseline. Moreover, our robust training method using cost-driven constraint can achieve higher accuracy, lower false positive rate, and stronger cost-aware robustness than the state-of-the-art training method using LL_\infty-norm cost model. Our code is available at https://github.com/surrealyz/growtrees.

Keywords

Cite

@article{arxiv.1912.01149,
  title  = {Cost-Aware Robust Tree Ensembles for Security Applications},
  author = {Yizheng Chen and Shiqi Wang and Weifan Jiang and Asaf Cidon and Suman Jana},
  journal= {arXiv preprint arXiv:1912.01149},
  year   = {2021}
}

Comments

USENIX Security 2021

R2 v1 2026-06-23T12:33:50.688Z