Adversarial Learning of Deepfakes in Accounting

View on arXiv ← Back to list

Authors: Marco Schreyer, Timur Sattarov, Bernd Reimer, Damian Borth

Published: 2019-10-09 06:44:23+00:00

Comment: 17 pages, 10 figures, and, 5 tables

AI Summary

This paper investigates the potential misuse of deep learning techniques, specifically deepfakes, in the finance and accounting domain by attacking Computer Assisted Audit Techniques (CAATs). The authors introduce a threat model for camouflaging accounting anomalies and demonstrate that adversarial autoencoder neural networks can learn interpretable generative factors of journal entries. This learned model is then used to generate robust 'adversarial' journal entries designed to mislead CAATs.

Abstract

Nowadays, organizations collect vast quantities of accounting relevant transactions, referred to as 'journal entries', in 'Enterprise Resource Planning' (ERP) systems. The aggregation of those entries ultimately defines an organization's financial statement. To detect potential misstatements and fraud, international audit standards demand auditors to directly assess journal entries using 'Computer Assisted AuditTechniques' (CAATs). At the same time, discoveries in deep learning research revealed that machine learning models are vulnerable to 'adversarial attacks'. It also became evident that such attack techniques can be misused to generate 'Deepfakes' designed to directly attack the perception of humans by creating convincingly altered media content. The research of such developments and their potential impact on the finance and accounting domain is still in its early stage. We believe that it is of vital relevance to investigate how such techniques could be maliciously misused in this sphere. In this work, we show an adversarial attack against CAATs using deep neural networks. We first introduce a real-world 'thread model' designed to camouflage accounting anomalies such as fraudulent journal entries. Second, we show that adversarial autoencoder neural networks are capable of learning a human interpretable model of journal entries that disentangles the entries latent generative factors. Finally, we demonstrate how such a model can be maliciously misused by a perpetrator to generate robust 'adversarial' journal entries that mislead CAATs.

Key findings
The study successfully demonstrates that deep neural networks, specifically AAEs, can learn disentangled latent generative factors of real-world and synthetic accounting journal entries. It shows how these learned models can be maliciously exploited to generate robust adversarial journal entries. These generated entries are effective in camouflaging accounting anomalies, such as exceeding approval limits or rare general ledger accounts, thereby misleading standard Computer Assisted Audit Techniques (CAATs).
Approach
The authors employ an Adversarial Autoencoder (AAE) neural network architecture to learn a human-interpretable model of journal entries, disentangling their latent generative factors. This model, trained with a specific prior distribution, allows for the controlled generation of 'adversarial' journal entries. These generated entries are designed to either replace or augment existing fraudulent entries, making them appear normal and evade detection by CAATs.
Datasets
Data-A (real-world SAP ERP instance extract, 307,457 journal entry line items), Data-B (synthetic dataset, 533,009 journal entry line items from the Kaggle 'Paysim' dataset).
Model(s)
Adversarial Autoencoder (AAE) neural networks, Autoencoder Neural Networks (AENs), Generative Adversarial Network (GAN) training setup, Leaky Rectified Linear Unit (LReLU) activation functions, Hyperbolic Tangent (Tanh) activation, Sigmoid (Sigm) activation.
Author countries
Switzerland, Germany
← Previous
Next →