How data manipulation could be used to trick fraud detection algorithms on e-commerce sites

2021-05-24 05:00

A data poisoning attack aims to modify a model's training set by inserting incorrectly labelled data with the goal of tricking it into making incorrect predictions.

We decided to study data poisoning attacks against example scenarios similar to those that might be used in a fraud detection system on an e-commerce website.

An attacker targeting this sort of model might want to degrade the performance of the fraud detection system as a whole or launch a pinpoint attack that would enable the attacker to carry out fraudulent activity without being noticed.

To mount an attack against this system, an attacker can either inject new data points into, or modify labels on, existing data points in the training set.

We used a gradient ascent approach to optimally generate one or more poisoned data points based on either a denial-of-service or backdooring attack strategy, and then studied what happened to the model's accuracy and decision boundaries after it was trained on new data that included the poisoned data points.

Our fraud detection example simply illustrates the ease at which an attacker might use a poisoning attack for potential financial gain.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Qm8UZThmnC4/

#fraud