1

I'm trying to attack my random forest classifier.

clf = RandomForestClassifier(max_features="sqrt", n_estimators=500, n_jobs=-1, verbose=1, warm_start=True)
clf.fit(X_train, y_train)

After this definition I do my predictions and after that I did the code below:

from keras import backend
from cleverhans.utils_keras import KerasModelWrapper
from cleverhans.attacks import FastGradientMethod
sess =  backend.get_session()

wrap = KerasModelWrapper(clf)
fgsm = FastGradientMethod(wrap, sess=sess)
fgsm_params = {'eps': 0.15,
               'clip_min': 0.,
               'clip_max': 1.}

adv_x = fgsm.generate_np(X_test, **fgsm_params) 
adv_x.shape

And at --> 10 adv_x = fgsm.generate_np(X_test, **fgsm_params) I get an attribute error.

AttributeError: 'RandomForestClassifier' object has no attribute 'layers'

I mean, my classifier does not have layers but how can I do this fgsm attack? Is there a way to add randomforestclassifier to sequential model to have layers? Or is there another way to attack?

Jeredriq Demas
  • 616
  • 1
  • 9
  • 36
  • 1
    I think KerasModelWrapper should get a Sequential keras model, not scikit-learn model. – ipramusinto Oct 31 '18 at 15:13
  • @bakka I agree with you, but do you know any way to get scikit-learn model to wrapped up and act like Sequential keras model? – Jeredriq Demas Nov 01 '18 at 05:54
  • Good luck and have fun writing your very own keras layer: https://keras.io/layers/writing-your-own-keras-layers/ for code examples keras' source code for layers: https://github.com/keras-team/keras/blob/master/keras/layers/core.py – Mete Han Kahraman Nov 01 '18 at 08:50
  • Is there an example specifically for a sklearn model? Random forest would be better ofc. And are you sure is there any other easier way? – Jeredriq Demas Nov 01 '18 at 13:27
  • @MeteHanKahraman and can I directly put RandomForest from sklearn into the build definition? – Jeredriq Demas Nov 01 '18 at 14:00
  • No. you can't just put 'RandomForestClassifier' from scikit-learn in there. RandomForests are trainable therefore you need to properly implement it using tensor operations. For your non-trainable custom layers you can use Lambda layers. There is also this page : https://keras.io/scikit-learn-api/ that is worth looking at. – Mete Han Kahraman Nov 02 '18 at 08:34
  • I tried that too but didnt work sadly. I'll try black-box testing using cleverhans so I can keep scikit-learn RandomForestClassifier. If you answer the question I'd accept it because you still showed a way to solve the question – Jeredriq Demas Nov 02 '18 at 10:12
  • Blackbox testing using cleverhans seems to be the best solution. This guy made it so kudos to him: https://github.com/frankyjuang/Adversarial-Learning – Jeredriq Demas Nov 15 '18 at 11:01

1 Answers1

1

You will not be able to run the FGSM attack on a sklearn model because CleverHans would not be able to compute the gradients needed to find the direction in which to perturb the input to find an adversarial example. To compute these gradients, a symbolic definition of the model is needed, which requires the model to be defined using TensorFlow (either directly or through a high-level abstraction like Keras).

If you'd like to use a sklearn model, you can however wrap it as a CleverHans model and use only gradient-free attacks such as SPSA.

Nicolas Papernot
  • 351
  • 1
  • 2
  • Thanks for your answer, I'm also the guy at this question https://stackoverflow.com/questions/53473184 in which I ask Random Forest (tf) with CleverHans – Jeredriq Demas Nov 27 '18 at 11:32