Closed 3ntr0phy closed 3 years ago
beat-buesser
commented
3 years ago Hi @Jacoppy Thank you very much for using ART! I think that's a very interesting application. Are all the features of the malware classification binary? Is the classification target also binary?
3ntr0phy
commented
3 years ago Yes, the feature space is binary and also the classification target is binary.
3ntr0phy
commented
3 years ago The alternative would be to use another black box attack, e.g. https://arxiv.org/abs/1602.02697, but I haven't found implemented in art.
beat-buesser
commented
3 years ago Hi @Jacoppy Are you using a binary classifier with a single output neuron? If yes, ART is not yet able to support it, but we have plans to support single output neuron binary classifiers with ART 1.7 (#306). Until ART 1.7, there would be a workaround to use a binary classifier with 2 output neurons.
3ntr0phy
commented
3 years ago I am trying with different Sklearn classifiers, as :
XGBoostClassifier(model,nb_classes=2,nb_features=10000) scikitlearn.ScikitlearnRandomForestClassifier(model=model) scikitlearn.ScikitlearnGradientBoostingClassifier(model=model)
beat-buesser
commented
3 years ago Would you be able to share minimal example in a Google Colab notebook for testing?
Hello, I am trying to use Zoo attack for generate adversarial samples against RF and Gradient Boosting classifiers. While with Mnist toy dataset perfectly work, it seems to not change the accuracy at whole on my test set. The parameters of the attack are the following :
attack = ZooAttack( classifier=classifier, confidence=0.0, targeted=False, learning_rate=1e-1, max_iter=200, binary_search_steps=10, initial_const=1e-3, abort_early=True, use_resize=False, use_importance=False, nb_parallel=5, batch_size=1, variable_h=0.01, )The dataset relies on a binary feature space for malware classification. Any clarification would be helpful. Thank you!