Adversarial Training for Tabular Data with Attack Propagation

Abstract: Adversarial attacks are a major concern in security-centered applications, where malicious actors continuously try to mislead Machine Learning (ML) models into wrongly classifying fraudulent activity as legitimate, whereas system maintainers try to stop them. Adversarially training ML models that are robust against such attacks can prevent business losses and reduce the work load of system maintainers. In such applications data is often tabular and the space available for attackers to manipulate undergoes complex feature engineering transformations, to provide useful signals for model training, to a space attackers cannot access. Thus, we propose a new form of adversarial training where attacks are propagated between the two spaces in the training loop. We then test this method empirically on a real world dataset in the domain of credit card fraud detection. We show that our method can prevent about 30% performance drops under moderate attacks and is essential under very aggressive attacks, with a trade-off loss in performance under no attacks smaller than 7%.

Authors: Tiago Leon Melo, João Bravo, Marco O. P. Sampaio, Paolo Romano, Hugo Ferreira, João Tiago Ascensão, Pedro Bizarro

Venue: KDD Workshop on Machine Learning in Finance 2023

paper link: https://arxiv.org/abs/2307.15677

CHAPTERS:
0:00 Intro
0:31 Motivation
1:49 Classifier Training in a Tabular Context
3:27 Adversarial Training Loop Overview
4:23 Perturbation Space & Norm
6:21 Attack Search Methods
7:30 Dataset | Baseline Classifier
8:05 Attacks Benchmarking Results
8:33 Adversarial Training Results
9:49 Test Set Evaluation Results
10:41 Conclusions