Embedding and Synthesis of Knowledge in Tree Ensemble Classifiers

by   Wei Huang, et al.

This paper studies the embedding and synthesis of knowledge in tree ensemble classifiers. We focus on knowledge expressible with a generic form of Boolean formulas, and show that a typical security attack, i.e., backdoor attack, is expressible with this knowledge expression. For the embedding, it is required to be preservative (i.e., the original performance of the classifier is preserved), verifiable (i.e., the knowledge can be attested), and stealthy (i.e., the embedding cannot be easily detected). To facilitate this, we propose two novel, and very effective, embedding algorithms, one of which is for black-box setting and the other for white-box setting. The embedding can be done in PTIME. Beyond the embedding, we develop an algorithm to synthesise the embedded knowledge, by reducing the problem to be solvable with an SMT (satisfiability modulo theories) solver. While this novel algorithmcan successfully synthesise knowledge, the reduction leads to an NP computation. Therefore, if applying embedding as security attack and synthesis as defence, our results suggest acomplexity gap (P vs. NP) between security attack and security defence when working with machine learning models. We apply our algorithms to a diverse set of datasets to validate our conclusion empirically.


page 1

page 10


A cryptographic approach to black box adversarial machine learning

We propose an ensemble technique for converting any classifier into a co...

A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models

With the great success of graph embedding model on both academic and ind...

Satisfiability and Synthesis Modulo Oracles

In classic program synthesis algorithms, such as counterexample-guided i...

Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge

With the success of the graph embedding model in both academic and indus...

Efficient Algorithms for Quantitative Attack Tree Analysis

Numerous analysis methods for quantitative attack tree analysis have bee...

Efficient and Generic Algorithms for Quantitative Attack Tree Analysis

Numerous analysis methods for quantitative attack tree analysis have bee...

Beyond Model Extraction: Imitation Attack for Black-Box NLP APIs

Machine-learning-as-a-service (MLaaS) has attracted millions of users to...

Code Repositories


Concolic Testing for Deep Neural Networks

view repo

Please sign up or login with your details

Forgot password? Click here to reset