I am new to this stuff and trying to attack Random Forest with Black Box FGSM (from clever hans)
But I'm not sure how to implement it. They've a blackbox example for Mnist data but I dont understand where should I put my random forest and where should I attack. Any help would be appreciated.
In the current tutorial, the black-box model is a neural network implemented with TensorFlow and its predictions (the labels) are used to train a substitute model (a copy of the black-box model). The substitute model is then used to craft adversarial examples that transfer to the black-box model.
In your case, you would have to replace bbox_val in
bbox_val = batch_eval(sess, [x], [bbox_preds], [x_sub_prev],
args=eval_params)[0]
by the predictions of your random forest on the numpy array of substitute training data x_sub_prev.
You can find more information about the attack implemented in this tutorial in the following paper: https://arxiv.org/abs/1602.02697