A robotic hand is interacting with data displayed on a digital stock market screen.

Adversarial Artificial Intelligence in Wealth Management

Exploring how adversarial attacks, specifically data poisoning and evasion attacks, impact machine learning models in wealth management. This involves analyzing the threshold of data perturbation or poisoning necessary to destabilize model performance during both training and testing stages.

Project Overview

What was your project about?

This project investigates the vulnerabilities of machine learning models in financial decision-making processes, with a specific focus on adversarial machine learning as defined by the new NIST taxonomy. Specifically:
  • Data Poisoning Attacks: Manipulating training data to degrade model accuracy or induce specific errors.
  • Evasion Attacks: Introducing adversarial examples during deployment to influence model predictions.
The project involves training two models—one on a clean dataset and another on a poisoned dataset—to measure the minimum corruption level needed for a statistically significant loss in performance.

Purpose of the Project

What was the main purpose behind choosing this project, and what impact or real-world problem were you aiming to address?

The project aims to demonstrate the sensitivity of machine learning models to tampering. It seeks to address real-world concerns about the robustness and trustworthiness of AI systems in wealth management, inspired by the growing prevalence of adversarial AI techniques.
Importantly, this project emphasizes that machine learning security is often treated as an afterthought during the creation and engineering of models. Cultivating an awareness of the risks associated with sensitive technologies is essential to ensure their safe and reliable deployment.

Technical Details

What technical approaches and tools did you use, and why did you choose them?

Dataset: Financial Risk Assessment dataset from Kaggle (15,000 records).
Tools and Software: Python, machine learning frameworks (e.g., TensorFlow, PyTorch), and statistical analysis tools.
Methods: Following NIST’s taxonomy, experiments will cover:
- Data poisoning during training.
- Evasion attacks during testing.
- Measuring model performance degradation through key metrics.

Challenges and Solutions

Were there any significant challenges during this experience, and how did you overcome them? Did what you learned in the program help you along the way?

Identifying the optimal volume and type of data corruption posed a significant challenge. Iterative small-scale experiments helped refine the poisoning strategy. One notable breakthrough was discovering that precise, targeted poisoning significantly outperformed random corruption. Similarly, generating effective evasion samples required tuning perturbation parameters to ensure stealth while achieving misclassification.

Collaboration and Teamwork

How did teamwork contribute to the success or progress of your project?

While this project was primarily individual, input from peers and mentors provided critical feedback. Discussions enhanced the identification and refinement of the proposed methodology and helped align the project with the proposed framework.

Learning and Takeaways

Which key lessons and skills (soft and hard) have you acquired or strengthened through this experience?

Key lessons include an in-depth understanding of adversarial AI techniques and the importance of evaluating AI robustness under adversarial conditions. Gained skills encompass dataset manipulation, model evaluation, and adversarial attack crafting. Additionally, this project highlighted the importance of proactively integrating security considerations into every stage of the machine learning lifecycle.

Future Development

Do you have plans for further development or improvement of your project in the future?

Future work will involve automating data poisoning processes using reinforcement learning to identify optimal corruption thresholds. Additionally, extending the study to include defensive measures against adversarial attacks will provide a more comprehensive perspective on AI robustness.

Additional Information

The project is structured into three stages:

  • Developing a baseline model (first draft).
  • Implementing and refining adversarial attack methods (second draft).
  • Finalizing findings on optimal corruption levels (full draft).