Search-Based Adversarial Testing and Improvement of Constrained Credit Scoring Systems
Credit scoring systems are critical FinTech applications that concern the analysis of the creditworthiness of a person or organization. While decisions were previously based on human expertise, they are now increasingly relying on data analysis and machine learning. In this paper, we assess the ability of state-of-the-art adversarial machine learning to craft attacks on a real-world credit scoring system. Interestingly, we find that, while these techniques can generate large numbers of adversarial data, these are practically useless as they all violate domain-specific constraints. In other words, the generated examples are all false positives as they cannot occur in practice. To circumvent this limitation, we propose CoEvA2, a search-based method that generates valid adversarial examples (satisfying the domain constraints). CoEvA2 utilizes multi-objective search in order to simultaneously handle constraints, perform the attack and maximize the overdraft amount requested. We evaluate CoEvA2 on a major bank's real-world system by checking its ability to craft valid attacks. CoEvA2 generates thousands of valid adversarial examples, revealing a high risk for the banking system.
Fortunately, by improving the system through adversarial training (based on the produced examples), we increase its robustness and make our attack fail.
Tue 10 NovDisplayed time zone: (UTC) Coordinated Universal Time change
08:30 - 09:00 | |||
08:30 2mTalk | An Evaluation of Methods to Port Legacy Code to SGX Enclaves Research Papers Kripa Shanker Indian Institute of Science, Bangalore, Arun Joseph Indian Institute of Science, India, Vinod Ganapathy Indian Institute of Science, India DOI Pre-print File Attached | ||
08:33 1mTalk | How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring Approach Journal First Chaima Abid University of Michigan, Marouane Kessentini University of Michigan, Vahid Alizadeh DePaul University, Mouna Dhaouadi University of Michigan, Rick Kazman University of Hawai‘i at Mānoa | ||
08:35 1mTalk | Improving Cybersecurity Hygiene through JIT Patching Industry Papers DOI | ||
08:37 1mTalk | Search-Based Adversarial Testing and Improvement of Constrained Credit Scoring Systems Research Papers Salah Ghamizi University of Luxembourg, Luxembourg, Maxime Cordy University of Luxembourg, Luxembourg, Martin Gubri University of Luxembourg, Luxembourg, Mike Papadakis University of Luxembourg, Luxembourg, Andrey Boystov University of Luxembourg, Luxembourg, Yves Le Traon University of Luxembourg, Luxembourg, Anne Goujon BGL BNP Paribas, Luxembourg DOI Pre-print | ||
08:39 1mTalk | SinkFinder: Harvesting Hundreds of Unknown Interesting Function Pairs with Just One Seed Research Papers Pan Bian Renmin University of China, China, Bin Liang Renmin University of China, China, Jianjun Huang Renmin University of China, China, Wenchang Shi Renmin University of China, China, Xidong Wang Renmin University of China, China, Jian Zhang Institute of Software at Chinese Academy of Sciences, China DOI | ||
08:41 1mTalk | Taking the Middle Path: Learning About Security Through Online Social Interaction Journal First Tamara Lopez The Open University, Thein Tun , Arosha K Bandara The Open University, Mark Levine Lancaster University, Bashar Nuseibeh The Open University (UK) & Lero (Ireland), Helen Sharp The Open University | ||
08:43 17mTalk | Conversations on Security Research Papers Frederico Araujo IBM T.J. Watson Research Center, New York, USA, Kripa Shanker Indian Institute of Science, Bangalore, Pan Bian Renmin University of China, China, Salah Ghamizi SntT - University of Luxembourg, Tamara Lopez The Open University, Chaima Abid University of Michigan, M: Ben Hermann Technical University Dortmund | ||