Evolutionary Adversarial Attacks on Payment Systems

Abstract

Credit card fraud detection is arguably the most critical use case of machine learning for any payment system. Deep neural networks and tree-based classifiers can provide state-of-the-art performance for fraud classification. However, we try to emphasize that these models have serious vulnerabilities that need to be addressed. Studies show that it is possible to fool machine learning models with curated input samples known as adversarial examples. Attackers can use these examples to deceive the fraud classifiers deployed by institutions, causing considerable financial harm. We feel that the literature on adversarial examples for fraud detection systems has been limited to simpler datasets. In this paper, we use two large publicly available datasets for credit card fraud detection to benchmark the performance of some conventional machine learning models and compare the effectiveness of different black-box attacks on the best-performing model. Lastly, we introduce a novel gradient-free approach to black-box attacks, which uses evolution-based specialized perturbations to create attacks (ESPA). We show that the new method requires far fewer queries than other black-box attack methods like Zeroth Order optimization, Boundary Attack, and HopSkipJump, and can leverage the information gained from previously successful attacks. © 2021 IEEE.