Cyber Security Seminar by Daniël Vos MSc - Adversarially Robust Decision Tree Relabeling

22 November 2022 12:00 till 12:45 - Location: meetingroom C , 02. 260 / ECHO-2nd floor or zoom | Add to my calendar

Please join in meetingroom C , 02. 260 / ECHO-2nd floor or through zoom:

Join Zoom Meeting
https://tudelft.zoom.us/j/99508787078?pwd=YTN1QlYrOUlKdTRiQXdZT0hNcitNUT09

Meeting ID: 995 0878 7078
Passcode: 244123

Adversarially Robust Decision Tree Relabeling

Machine learning has been incredibly successful at a wide range of tasks which has motivated research into its security applications. However, in such adversarial settings, machine learning models are often trivially evaded by attackers that change their malware or behavior. Moreover, models such as neural networks and gradient boosting ensembles (e.g. xgboost) are generally impossible to understand which limits their verifiability. All in all, this results in rule-based systems still being the conventional approach for malware or intrusion detection.

In this talk, I will present a method for improving the adversarial robustness of interpretable machine learning models: decision trees. While there exist specialized methods for training robust decision trees they are hard to extend to realistic threat models. I will present ‘robust relabeling’, a post-processing method that improves their robustness against arbitrary user-defined perturbations. Experiments show that this approach is as effective as current specialized methods but can be easily extended to complicated attacks.

Short bio

Daniël Vos is a Ph.D. student at the TU Delft cybersecurity group working under the supervision of Dr. Sicco Verwer. He is especially interested in interpretability and the influence of adversaries on machine learning which he combines in algorithms that leverage discrete optimization techniques.