Differentiable Language Model Adversarial Attacks on Categorical Sequence Classifiers

Fursov, I.; Zaytsev, A.; Kluchnikov, N.; Kravchenko, A.; Burnaev, E.

doi:10.48550/arxiv.2006.11078

Cited by 1 publication

(2 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Adversarial attacks and defences from them are of crucial importance in financial applications [28]. The literature of adversarial attacks on transaction records includes [8,9]. However, the authors do not consider the peculiarities of transaction records data and apply general approaches to adversarial attacks on discrete sequence data.…”

Section: Related Workmentioning

confidence: 99%

“…However, FGSM-based attacks provide better performance scores than SamplingFool-based ones due to the random search for adversarial examples in the second case. It can be useful to unite these approaches to create a generative model that can generate sequences of transaction records that are both realistic and adversarial [8]. Also, more realistic concatenation of tokens to the end of a sequence results in lower performance scores.…”

Section: Overall Attack Qualitymentioning

confidence: 99%

See 1 more Smart Citation

Adversarial Attacks on Deep Models for Financial Transaction Records

Fursov¹,

Morozov²,

Kaploukhaya³

et al. 2021

Preprint

View full text Add to dashboard Cite

Machine learning models using transaction records as inputs are popular among financial institutions. The most efficient models use deep-learning architectures similar to those in the NLP community, posing a challenge due to their tremendous number of parameters and limited robustness. In particular, deep-learning models are vulnerable to adversarial attacks: a little change in the input harms the model's output.In this work, we examine adversarial attacks on transaction records data and defences from these attacks. The transaction records data have a different structure than the canonical NLP or time series data, as neighbouring records are less connected than words in sentences, and each record consists of both discrete merchant code and continuous transaction amount. We consider a black-box attack scenario, where the attack doesn't know the true decision model, and pay special attention to adding transaction tokens to the end of a sequence. These limitations provide more realistic scenario, previously unexplored in NLP world.The proposed adversarial attacks and the respective defences demonstrate remarkable performance using relevant datasets from the financial industry. Our results show that a couple of generated transactions are sufficient to fool a deep-learning model. Further, we improve model robustness via adversarial training or separate adversarial examples detection. This work shows that embedding protection from adversarial attacks improves model robustness, allowing a wider adoption of deep models for transaction records in banking and finance.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Overall Attack Qualitymentioning

confidence: 99%