Robustness Analysis Of Crisp And Fuzzy Decision Tree Under Adversarial Evasion Attack

Fuzzy logic is widely used in the fields of business,finance,pattern recognition et.al.because of its advantages in closer relation to people's ambiguity expressions and of solving nonlinear problems.In security-related applications,it is possible for attackers to purposefully modify test data to mislead the model,a process known as evasion attack.Evasion attack reduces the accuracy and reliability of the system and threatens personal privacy and property.However,there is a lack of discussion on the security of fuzzy systems in an adversarial environment.With the high interpretability of the decision trees(DT),DT is widely used in many security-related applications.This dissertation focuses on one of the most popular fuzzy systems,the Fuzzy decision tree(FDT).Considering the characteristics of fuzzy logic,this dissertation aims to study the robustness of crisp and fuzzy decision trees(CDT and FDT)under evasion attack and to explore the influence of data fuzziness on the robustness of decision tree models.The existing attack methods against machine learning models are difficult to apply to attack CDT and FDT because they rely on the model's gradient of the output with respect to the input.A general attack method to both CDT and FDT is proposed in this dissertation.Based on quantifying the influence of changing a feature on the decision results of DT,the most relevant feature subset is selected iteratively to manipulate the example.Then the effectiveness of our method is evaluated and compared with PPNT,which is a state-of-the-art attack method for CDT,and the attack methods based on a surrogate model.Finally,the differences in robustness between CDT and FDT under different attack methods are discussed.The experimental results suggest that the security of the decision tree can be improved by data fuzzy processing and using less fuzzy membership functions.In this dissertation,a method of attacking the fuzzy decision tree is proposed for the first time,which opens up a way to study the robustness of the fuzzy system in an adversarial environment,lays a foundation for an in-depth discussion on the security of the fuzzy system in the adversarial environment and promotes the development of adversarial learning and fuzzy system.At the same time,it is found that data fuzzification improves the robustness of the machine learning model,which provides a new idea for the design of defense methods against the machine learning model.