Integrity Authentication in Tree Models

TL;DR

This paper introduces a novel method for embedding signatures into tree models to verify their integrity, enabling detection of tampering with minimal impact on model accuracy and without requiring retraining.

Contribution

It is the first to propose a signature embedding technique for tree models that allows integrity verification through black-box queries without retraining.

Findings

High success rate of signature verification

Minimal prediction accuracy loss

No need for training data or retraining

Abstract

Tree models are very widely used in practice of machine learning and data mining. In this paper, we study the problem of model integrity authentication in tree models. In general, the task of model integrity authentication is the design \& implementation of mechanisms for checking/detecting whether the model deployed for the end-users has been tampered with or compromised, e.g., malicious modifications on the model. We propose an authentication framework that enables the model builders/distributors to embed a signature to the tree model and authenticate the existence of the signature by only making a small number of black-box queries to the model. To the best of our knowledge, this is the first study of signature embedding on tree models. Our proposed method simply locates a collection of leaves and modifies their prediction values, which does not require any training/testing data nor any re-training. The experiments on a large number of public classification datasets confirm that the proposed signature embedding process has a high success rate while only introducing a minimal prediction accuracy loss.