Backdoor attacks on DNN and GBDT -- A Case Study from the insurance domain

TL;DR

This study evaluates the vulnerability of GBDT and DNN models in insurance applications to backdoor attacks, demonstrating high success rates on certain datasets and highlighting the need for robustness assessments.

Contribution

It provides the first comparative analysis of backdoor attack effectiveness on GBDT and DNN models using heterogeneous insurance datasets.

Findings

Backdoor attacks can be highly successful with few added samples.

Attack success varies significantly between datasets.

Models trained on one dataset are more vulnerable than on another.

Abstract

Machine learning (ML) will likely play a large role in many processes in the future, also for insurance companies. However, ML models are at risk of being attacked and manipulated. In this work, the robustness of Gradient Boosted Decision Tree (GBDT) models and Deep Neural Networks (DNN) within an insurance context will be evaluated. Therefore, two GBDT models and two DNNs are trained on two different tabular datasets from an insurance context. Past research in this domain mainly used homogenous data and there are comparably few insights regarding heterogenous tabular data. The ML tasks performed on the datasets are claim prediction (regression) and fraud detection (binary classification). For the backdoor attacks different samples containing a specific pattern were crafted and added to the training data. It is shown, that this type of attack can be highly successful, even with a few added samples. The backdoor attacks worked well on the models trained on one dataset but poorly on the models trained on the other. In real-world scenarios the attacker will have to face several obstacles but as attacks can work with very few added samples this risk should be evaluated.