Search-Based Adversarial Testing and Improvement of Constrained Credit Scoring Systems
Credit scoring systems are critical FinTech applications that concern the analysis of the creditworthiness of a person or organization. While decisions were previously based on human expertise, they are now increasingly relying on data analysis and machine learning. In this paper, we assess the ability of state-of-the-art adversarial machine learning to craft attacks on a real-world credit scoring system. Interestingly, we find that, while these techniques can generate large numbers of adversarial data, these are practically useless as they all violate domain-specific constraints. In other words, the generated examples are all false positives as they cannot occur in practice. To circumvent this limitation, we propose CoEvA2, a search-based method that generates valid adversarial examples (satisfying the domain constraints). CoEvA2 utilizes multi-objective search in order to simultaneously handle constraints, perform the attack and maximize the overdraft amount requested. We evaluate CoEvA2 on a major bank's real-world system by checking its ability to craft valid attacks. CoEvA2 generates thousands of valid adversarial examples, revealing a high risk for the banking system.
Fortunately, by improving the system through adversarial training (based on the produced examples), we increase its robustness and make our attack fail.
Conference DayTue 10 NovDisplayed time zone: (UTC) Coordinated Universal Time change
08:30 - 09:00
|An Evaluation of Methods to Port Legacy Code to SGX Enclaves|
Kripa ShankerIndian Institute of Science, Bangalore, Arun JosephIndian Institute of Science, India, Vinod GanapathyIndian Institute of Science, IndiaDOI Pre-print File Attached
|How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring Approach|
|Improving Cybersecurity Hygiene through JIT Patching|
|Search-Based Adversarial Testing and Improvement of Constrained Credit Scoring Systems|
Salah GhamiziUniversity of Luxembourg, Luxembourg, Maxime CordyUniversity of Luxembourg, Luxembourg, Martin GubriUniversity of Luxembourg, Luxembourg, Mike PapadakisUniversity of Luxembourg, Luxembourg, Andrey BoystovUniversity of Luxembourg, Luxembourg, Yves Le TraonUniversity of Luxembourg, Luxembourg, Anne GoujonBGL BNP Paribas, LuxembourgDOI Pre-print
|SinkFinder: Harvesting Hundreds of Unknown Interesting Function Pairs with Just One Seed|
Pan BianRenmin University of China, China, Bin LiangRenmin University of China, China, Jianjun HuangRenmin University of China, China, Wenchang ShiRenmin University of China, China, Xidong WangRenmin University of China, China, Jian ZhangInstitute of Software at Chinese Academy of Sciences, ChinaDOI
|Taking the Middle Path: Learning About Security Through Online Social Interaction|
|Conversations on Security|
Frederico AraujoIBM T.J. Watson Research Center, New York, USA, Kripa ShankerIndian Institute of Science, Bangalore, Pan BianRenmin University of China, China, Salah GhamiziSntT - University of Luxembourg, Tamara LopezThe Open University, Chaima AbidUniversity of Michigan, M: Ben HermannTechnical University Dortmund