Adversarial Learning of Deepfakes in Accounting

View on arXiv ← Back to list

Authors: Marco Schreyer, Timur Sattarov, Bernd Reimer, Damian Borth

Published: 2019-10-09 06:44:23+00:00

AI Summary

This research demonstrates an adversarial attack on Computer Assisted Audit Techniques (CAATs) using deep neural networks. An adversarial autoencoder learns a human-interpretable model of journal entries, which is then exploited to generate 'adversarial' entries that mislead CAATs, effectively camouflaging accounting anomalies.

Abstract

Nowadays, organizations collect vast quantities of accounting relevant transactions, referred to as 'journal entries', in 'Enterprise Resource Planning' (ERP) systems. The aggregation of those entries ultimately defines an organization's financial statement. To detect potential misstatements and fraud, international audit standards demand auditors to directly assess journal entries using 'Computer Assisted AuditTechniques' (CAATs). At the same time, discoveries in deep learning research revealed that machine learning models are vulnerable to 'adversarial attacks'. It also became evident that such attack techniques can be misused to generate 'Deepfakes' designed to directly attack the perception of humans by creating convincingly altered media content. The research of such developments and their potential impact on the finance and accounting domain is still in its early stage. We believe that it is of vital relevance to investigate how such techniques could be maliciously misused in this sphere. In this work, we show an adversarial attack against CAATs using deep neural networks. We first introduce a real-world 'thread model' designed to camouflage accounting anomalies such as fraudulent journal entries. Second, we show that adversarial autoencoder neural networks are capable of learning a human interpretable model of journal entries that disentangles the entries latent generative factors. Finally, we demonstrate how such a model can be maliciously misused by a perpetrator to generate robust 'adversarial' journal entries that mislead CAATs.

Key findings

The study shows that adversarial autoencoders can learn to generate human-interpretable models of accounting data. These models can be misused to create realistic adversarial journal entries that successfully evade detection by CAATs. This highlights the vulnerability of current auditing techniques to deepfake-like attacks.

Approach

The authors use an adversarial autoencoder to learn a disentangled representation of journal entry attributes. This model is then used to generate adversarial journal entries designed to evade detection by CAATs by either replacing or augmenting anomalous entries.

Datasets

Data-A (real-world SAP ERP data, 307,457 journal entry line items with six categorical and two continuous attributes); Data-B (synthetic dataset from [38], 533,009 journal entry line items)

Model(s)

Adversarial Autoencoder (AAE)

Author countries

Switzerland, Germany

← Previous