Adversarial Attacks on Deep Models for Financial Transaction Records

TL;DR

This paper investigates adversarial attacks on deep learning models for financial transaction records, demonstrating vulnerabilities and proposing defenses like adversarial training to enhance model robustness in banking applications.

Contribution

It introduces novel adversarial attack methods tailored for transaction data and evaluates defense strategies, improving robustness of financial deep models against such attacks.

Findings

Few generated transactions can fool models

Adversarial training enhances robustness

Embedding protection improves model security

Abstract

Machine learning models using transaction records as inputs are popular among financial institutions. The most efficient models use deep-learning architectures similar to those in the NLP community, posing a challenge due to their tremendous number of parameters and limited robustness. In particular, deep-learning models are vulnerable to adversarial attacks: a little change in the input harms the model's output. In this work, we examine adversarial attacks on transaction records data and defences from these attacks. The transaction records data have a different structure than the canonical NLP or time series data, as neighbouring records are less connected than words in sentences, and each record consists of both discrete merchant code and continuous transaction amount. We consider a black-box attack scenario, where the attack doesn't know the true decision model, and pay special attention to adding transaction tokens to the end of a sequence. These limitations provide more realistic scenario, previously unexplored in NLP world. The proposed adversarial attacks and the respective defences demonstrate remarkable performance using relevant datasets from the financial industry. Our results show that a couple of generated transactions are sufficient to fool a deep-learning model. Further, we improve model robustness via adversarial training or separate adversarial examples detection. This work shows that embedding protection from adversarial attacks improves model robustness, allowing a wider adoption of deep models for transaction records in banking and finance.