Random Forest Black Box with CleverHans

283 views Asked by At

I am new to this stuff and trying to attack Random Forest with Black Box FGSM (from clever hans)

But I'm not sure how to implement it. They've a blackbox example for Mnist data but I dont understand where should I put my random forest and where should I attack. Any help would be appreciated.

1

There are 1 answers

7
Nicolas Papernot On BEST ANSWER

In the current tutorial, the black-box model is a neural network implemented with TensorFlow and its predictions (the labels) are used to train a substitute model (a copy of the black-box model). The substitute model is then used to craft adversarial examples that transfer to the black-box model.

In your case, you would have to replace bbox_val in

bbox_val = batch_eval(sess, [x], [bbox_preds], [x_sub_prev],
                        args=eval_params)[0]

by the predictions of your random forest on the numpy array of substitute training data x_sub_prev.

You can find more information about the attack implemented in this tutorial in the following paper: https://arxiv.org/abs/1602.02697