Backdoor attacks on DNN and GBDT -- A Case Study from the insurance domain

Robin Kühlem,Daniel Otten,Daniel Ludwig,Anselm Hudde,Alexander Rosenbaum,Andreas Mauthe
2024-12-11
Abstract:Machine learning (ML) will likely play a large role in many processes in the future, also for insurance companies. However, ML models are at risk of being attacked and manipulated. In this work, the robustness of Gradient Boosted Decision Tree (GBDT) models and Deep Neural Networks (DNN) within an insurance context will be evaluated. Therefore, two GBDT models and two DNNs are trained on two different tabular datasets from an insurance context. Past research in this domain mainly used homogenous data and there are comparably few insights regarding heterogenous tabular data. The ML tasks performed on the datasets are claim prediction (regression) and fraud detection (binary classification). For the backdoor attacks different samples containing a specific pattern were crafted and added to the training data. It is shown, that this type of attack can be highly successful, even with a few added samples. The backdoor attacks worked well on the models trained on one dataset but poorly on the models trained on the other. In real-world scenarios the attacker will have to face several obstacles but as attacks can work with very few added samples this risk should be evaluated.
Machine Learning
What problem does this paper attempt to address?
### What problem does this paper attempt to solve? This paper aims to evaluate the robustness of deep neural network (DNN) and gradient - boosted decision tree (GBDT) models in the insurance field, especially their vulnerability to backdoor attacks. Specifically: 1. **Research background**: - With the development of machine learning (ML) technology, insurance companies are increasingly relying on these technologies in many business processes. However, ML models are vulnerable to attacks and manipulation. - In particular, backdoor attacks can, by adding samples with specific patterns to the training data, make the model produce the expected wrong output for inputs containing specific triggers during testing without affecting the overall performance of the model. 2. **Research objectives**: - Evaluate the sensitivity of DNN and GBDT models to backdoor attacks when processing heterogeneous tabular data from the insurance field. - Verify the performance of different types of ML models in the face of backdoor attacks through experiments to understand the potential risks of these attacks in practical applications. 3. **Research methods**: - Use two different datasets in the insurance field for experiments: one for health insurance claim prediction (regression task), and the other for auto insurance fraud detection (binary classification task). - Train two GBDT models and two DNN models respectively on these two datasets, and add malicious samples with specific patterns to the training data to simulate backdoor attacks. - Analyze the performance of these models after being subjected to backdoor attacks, especially the differences on different datasets. 4. **Research significance**: - Through this research, we can better understand the security issues of ML models when processing heterogeneous tabular data, especially in the application of the insurance industry. - Provide insights on how to evaluate and mitigate the security risks of ML models, helping insurance companies and other relevant institutions take appropriate protective measures to ensure the trustworthiness and security of AI systems. In summary, this paper mainly focuses on the vulnerability of DNN and GBDT models to backdoor attacks in the insurance industry, and through experiments, it has been proven that such attacks can be very successful in some cases, even with only a small number of malicious samples added. This provides an important reference for future research and practical applications.