What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper mainly explores how to hide backdoors through poisoning attacks in event - sequence data, and proposes several covert attack strategies to deal with the security threats of deep - learning models in the financial field. Specifically, the paper attempts to solve the following problems: 1. **Challenges of Poisoning Attacks in Event - Sequence Data**: - Event - sequence data (such as financial transaction data) has a discrete nature, which makes it difficult to design effective poisoning attacks. - Existing data - cleaning and conventional model - checking procedures can easily detect poisoning attacks, so more covert attack methods need to be developed. 2. **Balance between Covertness and Effectiveness**: - The attack should not only be able to successfully trigger backdoor behavior on the contaminated data, but also ensure that its performance on clean data is similar to that of the uncontaminated model, so as to avoid being detected. - The paper proposes a covert poisoning - attack method, which enables the contaminated model to pass the conventional test and contains an easy - to - implement backdoor at the same time. 3. **Effect Evaluation of Different Poisoning Strategies**: - Through experiments on multiple poisoning strategies (such as poisoning tokens, weight poisoning, three - head models, etc.), their effects on different datasets and model architectures are evaluated. - Special attention is paid to covertness indicators, such as the similarity of prediction results and Spearman correlation, to measure the success and covertness of the attack. ### Main Contributions - Proposes a covert poisoning - attack method for event - sequence data, including financial - transaction models. - Verifies through experiments that the proposed poisoning method is more covert than the existing distillation - type regularization methods. - Conducts a comprehensive ablation study and analyzes in detail the performance of various attack strategies under different datasets and model architectures. ### Keywords - Poisoning Attack - Covert Attack - Adversarial Attack - Deep Learning - Event Sequence ### Formula Representation To ensure the correctness and readability of the formulas, the following are some formula examples involved in the paper: - **Cross - Entropy Loss Function** (used for training three - head models): \[ L = L_{clean} + L_{poisoned} + L_{detector} \] where: - \( L_{clean} \) is the cross - entropy loss between the clean - head output and the true label. - \( L_{poisoned} \) is the cross - entropy loss between the poisoned - head output and the poisoned label. - \( L_{detector} \) is the cross - entropy loss of the detector head for identifying poisoned samples. - **Mean - Squared - Error (MSE) Loss** (used for weight - poisoning attacks): \[ L_{MSE} = \frac{1}{N} \sum_{i = 1}^{N}(y_i-\hat{y}_i)^2 \] where: - \( y_i \) is the prediction probability of the clean model. - \( \hat{y}_i \) is the prediction probability of the contaminated model. - \( N \) is the number of samples. Through these methods, the paper aims to fill the gaps in existing research, provide more covert attack means for deep - learning models in the financial field, and also provide references for defending against these attacks.