Exploring how adversarial attacks, specifically data poisoning and evasion attacks, impact machine learning models in wealth management. This involves analyzing the threshold of data perturbation or poisoning necessary to destabilize model performance during both training and testing stages.
Project Overview
Project Overview
This project investigates the vulnerabilities of machine learning models in financial decision-making processes, with a specific focus on adversarial machine learning as defined by the new NIST taxonomy. Specifically:
- Data Poisoning Attacks: Manipulating training data to degrade model accuracy or induce specific errors.
- Evasion Attacks: Introducing adversarial examples during deployment to influence model predictions.
The project involves training two models—one on a clean dataset and another on a poisoned dataset—to measure the minimum corruption level needed for a statistically significant loss in performance.
Purpose of the Project
Purpose of the Project
The project aims to demonstrate the sensitivity of machine learning models to tampering. It seeks to address real-world concerns about the robustness and trustworthiness of AI systems in wealth management, inspired by the growing prevalence of adversarial AI techniques.
Importantly, this project emphasizes that machine learning security is often treated as an afterthought during the creation and engineering of models. Cultivating an awareness of the risks associated with sensitive technologies is essential to ensure their safe and reliable deployment.
Technical Details
Technical Details
Dataset: Financial Risk Assessment dataset from Kaggle (15,000 records).
Tools and Software: Python, machine learning frameworks (e.g., TensorFlow, PyTorch), and statistical analysis tools.
Methods: Following NIST’s taxonomy, experiments will cover:
- Data poisoning during training.
- Evasion attacks during testing.
- Measuring model performance degradation through key metrics.
Challenges and Solutions
Challenges and Solutions
Identifying the optimal volume and type of data corruption posed a significant challenge. Iterative small-scale experiments helped refine the poisoning strategy. One notable breakthrough was discovering that precise, targeted poisoning significantly outperformed random corruption. Similarly, generating effective evasion samples required tuning perturbation parameters to ensure stealth while achieving misclassification.
Collaboration and Teamwork
Collaboration and Teamwork
While this project was primarily individual, input from peers and mentors provided critical feedback. Discussions enhanced the identification and refinement of the proposed methodology and helped align the project with the proposed framework.
Learning and Takeaways
Learning and Takeaways
Key lessons include an in-depth understanding of adversarial AI techniques and the importance of evaluating AI robustness under adversarial conditions. Gained skills encompass dataset manipulation, model evaluation, and adversarial attack crafting. Additionally, this project highlighted the importance of proactively integrating security considerations into every stage of the machine learning lifecycle.
Future Development
Future Development
Future work will involve automating data poisoning processes using reinforcement learning to identify optimal corruption thresholds. Additionally, extending the study to include defensive measures against adversarial attacks will provide a more comprehensive perspective on AI robustness.
Additional Information
Additional Information
The project is structured into three stages:
- Developing a baseline model (first draft).
- Implementing and refining adversarial attack methods (second draft).
- Finalizing findings on optimal corruption levels (full draft).