Assessing Evasion Attacks on Tree-Based Machine Learning Models: Supervised vs. Unsupervised Approaches

Outlet Title

2025 IEEE International Conference on Consumer Electronics (ICCE)

Authors

Carson Koball, Dakota State UniversityFollow
Yong Wang, Dakota State UniversityFollow
Varghese Vaidyan, Dakota State UniversityFollow
John Hastings, Dakota State UniversityFollow

Document Type

Conference Proceeding

Publication Date

2025

Abstract

An evasion attack is a type of attack where an attacker maliciously modifies queries to a machine learning model to cause it to return incorrect or altered predictions. This paper presents and evaluates three evasion attack algorithms that target tree-based learners, including decision trees, random forests, adaptive boosting ensembles, and isolation forests. We evaluate these three attack algorithms using the RT-IoT2022 network traffic dataset. The evaluation results indicate that the presented evasion attacks are effective across all four target models. We also compare the three algorithms using perturbation measurements. Our study shows that the perturbations generated for the isolation forest model were significantly larger than those generated for the other supervised classifiers, despite the use of similar attack algorithms across the ensemble models. To the best of our knowledge, this is the first study to present an effective evasion attack against the isolation forest algorithm.

Recommended Citation

Koball, Carson; Wang, Yong; Vaidyan, Varghese; and Hastings, John, "Assessing Evasion Attacks on Tree-Based Machine Learning Models: Supervised vs. Unsupervised Approaches" (2025). Research & Publications. 139.
https://scholar.dsu.edu/ccspapers/139