creation of adversarial accounting records to attack
play

Creation of Adversarial Accounting Records to Attack Financial - PowerPoint PPT Presentation

May 13, 2023 •469 likes •1.07k views

University of St. Gallen Creation of Adversarial Accounting Records to Attack Financial Statement Audits A research collaboration between the HSG, DFKI and PwC NVIDIAs GPU Technology Conference March, 20 th 2019 M. Schreyer 1,2 , T. Sattarov

  1. University of St. Gallen Creation of Adversarial Accounting Records to Attack Financial Statement Audits A research collaboration between the HSG, DFKI and PwC NVIDIA’s GPU Technology Conference March, 20 th 2019 M. Schreyer 1,2 , T. Sattarov 3 , B. Reimer 3 , and D. Borth 1,2 1 University of St. Gallen, 2 German Research Center for Artificial Intelligence, and 3 PricewaterhouseCoopers GTC San Jose 2019 - HSG - DFKI - PwC 1

  2. Economic Crime and ERP-Systems “The Footprint” GTC San Jose 2019 - HSG - DFKI - PwC 2

  3. Economic Crime ”49% respondents said that their organization have been victim of fraud or economic crime in the past 24 months” “PwC’s Global Economic Survey 2018” , encompassing data of 7.200 respondents in 123 countries ”The median loss of a single financial statement fraud case is $150,000... The Duration from the fraud perpetration till its detection was 18 months” “ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse” , encompassing 2.410 cases in 114 countries GTC San Jose 2019 - HSG - DFKI - PwC 3

  4. Economic Crime GTC San Jose 2019 - HSG - DFKI - PwC 4

  5. Economic Crime Economic Crime Committed by Internal Actors Relationship of Actor Fraction of Internal Actors and Victimized Organization * Conducting Economic Crime ** 63% 62% 58% 52% 51% 46% 2007 2009 2011 2013 2016 2018 “Internal actors are the main the main perpetrators of fraud.” * Source: „Wirtschaftskriminalität 2018, Mehrwert von Compliance - forensische Erfahrungen“, Studie der Martin-Luther-Universität Halle Wittenberg und PwC GmbH WPG ** Source: „Wirtschaftskriminalität in der analogen und digitalen Wirtschaft 2016“, Studie der Martin-Luther-Universität Halle Wittenberg und PwC GmbH WPG ** Source: „Wirtschaftskriminalität und Unternehmenskultur 2013“, Studie der Martin-Luther-Universität Halle Wittenberg und PwC GmbH WPG GTC San Jose 2019 - HSG - DFKI - PwC 5

  6. Enterprise Resource Planning Systems Evolution of Recording and Processing Accounting Data ~ 1900’s ~ 1950’s ~ 1992’s Data Volume § Continuous digitization of business activities and processes § Accumulation of exhaustive transactional and business process data § „Every“ activity within an organization leaves a digital trace .... ! GTC San Jose 2019 - HSG - DFKI - PwC 6

  7. Enterprise Resource Planning Systems Evolution of Recording and Processing Accounting Data SAP AG: ”Our ERP applications touch 77% of global transaction revenue […]" ~ 1900’s ~ 1950’s ~ 1992’s Source: “SAP at a Glance - Investor Relations Fact Sheet (October 2018)”, https://www.sap.com/docs/download/investors/2018/sap-factsheet-oct2018-en.pdf Data Volume § Continuous digitization of business activities and processes § Accumulation of exhaustive transactional and business process data § „Every“ activity within an organization leaves a digital trace .... ! GTC San Jose 2019 - HSG - DFKI - PwC 7

  8. Enterprise Resource Planning (ERP) Systems Understanding the Different Layers of Abstraction Process Incoming Invoice Outgoing Payment (€ 1000) (€ 1000) S D Expenses D Liabilities C D Bank C C AccounPng Recording Analysis € 1000 € 1000 € 1000 € 1000 Journal Entry Segments Table Company Entry ID Fiscal Year Type Date AIS-Data Company Entry ID Sub-ID Currency Amount D/C AAA 100011 2017 SA 31.10.2016 AAA 100011 0001 USD 1’000.00 D AAA 100012 2017 MZ 31.10.2016 AAA 0002 USD C BBB 900124 2017 IN 01.02.2017 100011 1’000.00 BBB 0001 USD D ... ... ... ... ... 900124 2’232.00 ... ... ... ... ... ... Journal Entry Headers Table GTC San Jose 2019 - HSG - DFKI - PwC 8

  9. Classification of Accounting Anomalies „Global“ Accounting Anomalies „Local“ Accounting Anomalies # Feature 2 (e.g. Line-Items) # Feature 2 (e.g. Line-Items) # Feature 1 (e.g. Amount) # Feature 1 (e.g. Posting Amount) Usually Rare Attribute Values Usually Rare Attribute Combinations • Seldom used user accounts, • Unusual posting activities • Reverse postings, corrections • Deviating user behavior [1] Kriegel et al., 2000 GTC San Jose 2019 - HSG - DFKI - PwC 9

  10. Classification of Accounting Anomalies „Global“ Accounting Anomalies „Local“ Accounting Anomalies # Feature 2 (e.g. Line-Items) # Feature 2 (e.g. Line-Items) Tendency towards Tendency towards “ERROR” “FRAUD” # Feature 1 (e.g. Amount) # Feature 1 (e.g. Posting Amount) "Perpetrators usually don't act "Perpetrators usually try to obfuscate completely in deviation from the their behavior to make it appear as usual accounting models.” ordinary as possible.” [1] Kriegel et al., 2000 GTC San Jose 2019 - HSG - DFKI - PwC 10

  11. Traditional “Red-Flag” Approaches Matching Fraud Signatures GTC San Jose 2019 - HSG - DFKI - PwC 11

  12. Traditional “Red-Flag” Approaches Exemplary “Red-Flags” to Detect Traces of Fraudulent Activities 1 Purchasing Process „Procure-to-Pay“ Vendor Purchase Purchase Goods Invoice Payment Master Data Requisition Order Received 2 7 4 4 5 6 3 8 2 Vendor Master Data Analysis 7 Vendor Invoice Analysis § Uncomplete vendor master data § Invoices without purchase order § Short-term bank account changes § Multiple re-postings of invoices § Sanctioned or one-time vendors § Short time period of invoice clearance § Multiple bank accounts § Re-recorded invoice after payments § … § … GTC San Jose 2019 - HSG - DFKI - PwC 12

  13. Traditional “Red-Flag” Approaches Exemplary “Red-Flags” to Detect Traces of Fraudulent Activities Purchasing Process „Procure-to-Pay“ Vendor Purchase Purchase Goods Invoice Payment Master Data Requisition Order Received Employee 1 1.000 Employee 2 1.000 Employee 3 1.000 1.000 Employee 4 1.000 Employee 5 1.000 Segregation of Duties (SoD) Matrix per Process Activity GTC San Jose 2019 - HSG - DFKI - PwC 13

  14. Traditional Statistical Approaches Exemplary: Distribution Analysis of Purchase Order Amounts Benford-Newcomb Law Analysis of Vendor Purchase Order Amounts 9 8 • Formalizes the uneven 4% 7 5% 6% 1 distribution of the leading 6 30% 7% digits in many real-life 5 Probability sets of numerical data 8% 4 2 10% 3 18% 12% Trace for the potential circumvention of • financial approval limits (e.g. purchase orders) Two Leading Digits [2] Benford, Frank; 2000 GTC San Jose 2019 - HSG - DFKI - PwC 14

  15. Traditional Statistical Approaches Exemplary: Distribution Analysis of Purchase Order Amounts Benford-Newcomb Law Analysis of Vendor Purchase Order Amounts • Formalizes the uneven 9 8 4% 7 5% distribution of the leading 1 6% 6 Challenges associated with “Red-Flag” based approaches: 30% digits in many real-life 7% 5 Probability sets of numerical data 8% 4 § “Known Unknowns“ - don‘t generalize well beyond the historically known. 2 10% 3 18% 12% § “Static Methodology” - don‘t adapt to emerging and new pattern. Trace for the potential circumvention of • § “Non Tailored” - disregard company specific accounting processes and data. financial approval limits (e.g. purchase orders) Two Leading Digits [2] Benford, Frank; 2000 GTC San Jose 2019 - HSG - DFKI - PwC 15

  16. Traditional ”Data Science” Approaches Principal Component Analysis & Clustering GTC San Jose 2019 - HSG - DFKI - PwC 16

  17. Traditional “Data Science” Approaches Example: Multi-Dimensional Clustering of Vendor Payments Multi-Dimensional Cluster Detection § Exemplary analysis of SAP vendor payments: § Total 125.223 payment postings § Affecting 22 SAP-User, 3.055 Vendors § Detected “regular” clusters: § Man. vendor payments („Cluster 1“) § Employee travel expenses („Cluster 2“) § Periodic payment runs („Cluster 3“) Cluster GJAHR BELNR BUZEI USNAM BLART TCODE HKONT DMBTR LIFNR CPUDT 1 2014 30801256 2 User A MP FB05 460200 2‘970.00 437970 08/18/2014 2 2014 60700394 2 User B TR FB1K 440000 559.68 356710 10/19/2014 3 2014 80300928 1 User C PR F110 440000 4‘974.2 609406 01/19/2014 GTC San Jose 2019 - HSG - DFKI - PwC 17

  18. Traditional “Data Science” Approaches Example: Multi-Dimensional Clustering of Vendor Payments Multi-Dimensional Anomaly Detection § Exemplary analysis of SAP vendor payments: § Total 125.223 payment postings 2 3 § Affecting 22 SAP-User, 3.055 Vendors 1 § Detected posting anomalies: § Deviating man. vendor payments („Cluster 1“) § Late employee travel expenses („Cluster 2“) § Manipulated payment runs („Cluster 3“) Anomaly GJAHR BELNR BUZEI USNAM BLART TCODE HKONT DMBTR LIFNR CPUDT 1 2014 31000007 4 User Z MP FBZ2 486400 14672.85 209495 01/01/2014 2 2014 60801008 2 User Y TR FB1K 440000 17123.98 358822 06/28/2014 3 2014 80600094 17 User C PR F110 440000 45376.69 364110 04/07/2014 GTC San Jose 2019 - HSG - DFKI - PwC 18

Recommend

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks Yandong Li* 1 Lijun Li* 1 Liqiang Wang 1 Tong Zhang 2 Boqing Gong 3 *Equal Contribution 1 University of Central Florida 2 Hong

440 views • 11 slides
Overview What is Adversarial Attack? Why should we care? How does it work? Real

Overview What is Adversarial Attack? Why should we care? How does it work? Real

Adversarial Attacks on Phishing Detection Ryan Chang Overview What is Adversarial Attack? Why should we care? How does it work? Real World Demo on Phishing Detection Model How to defend? Adversarial Examples on

610 views • 26 slides
Introduction Attack Graphs Model Creation Analysis of Attack Graphs

Introduction Attack Graphs Model Creation Analysis of Attack Graphs

EVA Evolutionary Vulnerability Analyzer A Framework for Network Analysis and Risk Assessment Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield Introduction Attack Graphs Model Creation

684 views • 50 slides
Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine Learning in Real-World Computer Vision Systems Long Beach, CA, USA 1 Outline Background and Motivation Project-based Defense Mechanism

761 views • 72 slides
Adversarial camera stickers: A physical camera-based attack on deep learning systems Juncheng B.

Adversarial camera stickers: A physical camera-based attack on deep learning systems Juncheng B.

Adversarial camera stickers: A physical camera-based attack on deep learning systems Adversarial camera stickers: A physical camera-based attack on deep learning systems Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter Bosch Center for

375 views • 15 slides
EVOLUTION OF ACCOUNTING Merchants & Governments have been using accounting for keeping

EVOLUTION OF ACCOUNTING Merchants & Governments have been using accounting for keeping

EVOLUTION OF ACCOUNTING Merchants & Governments have been using accounting for keeping records of transactions since times immemorial. India has a very long tradition of maintaining books of accounts known as Chopadis . These

427 views • 25 slides
Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation Guoqing Wang 1,3 , Hu Han , 1,2 , Shiguang Shan 1,2,3,4 , and Xilin Chen 1,3 1 Key Laboratory of Intelligent Information Processing of Chinese Academy

130 views • 8 slides
Shallow Security: on the Creation of Adversarial Variants to Evade Machine Learning-Based

Shallow Security: on the Creation of Adversarial Variants to Evade Machine Learning-Based

REVERSING AND OFFENSIVE-ORIENTED TRENDS SYMPOSIUM 2019 (ROOTS) 28TH TO 29TH NOVEMBER 2019, VIENNA, AUSTRIA Shallow Security: on the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors Fabrcio Ceschin Marcus

1.12k views • 59 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

915 views • 36 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

1.12k views • 37 slides
From Thin Air: Reconstructing Records Eric L. Green, Esq. 1 Brought to you by Bench Accounting

From Thin Air: Reconstructing Records Eric L. Green, Esq. 1 Brought to you by Bench Accounting

From Thin Air: Reconstructing Records Eric L. Green, Esq. 1 Brought to you by Bench Accounting Dealing with Non Filers 2 2 Eric Green, Esq. Managing partner in Green & Sklarz LLC, a boutique tax firm with offices in Connecticut and

497 views • 16 slides
FIDUCIARY ACCOUNTING PRINCIPLES: AN OVERVIEW J. Aaron Bennett Carruthers & Roth, P.A.

FIDUCIARY ACCOUNTING PRINCIPLES: AN OVERVIEW J. Aaron Bennett Carruthers & Roth, P.A.

FIDUCIARY ACCOUNTING PRINCIPLES: AN OVERVIEW J. Aaron Bennett Carruthers & Roth, P.A. Phone: 336-478-1105 E-mail: jab@crlaw.com Fiduciary Accounting 2 Trustee owes a duty to account: (1) Maintain trust records; (2)

289 views • 27 slides
MATERIALS COSTING FNSACC507A Provide Management Accounting Information In this lesson you will

MATERIALS COSTING FNSACC507A Provide Management Accounting Information In this lesson you will

Week 4 Chapter 4 MATERIALS COSTING FNSACC507A Provide Management Accounting Information In this lesson you will learn 1. About the documents used to cost and control factory materials. 2. How to prepare accounting records from these

1.14k views • 24 slides
Medical Organization Needs SOA Patients Service Oriented Architecture Finance Doctors Data

Medical Organization Needs SOA Patients Service Oriented Architecture Finance Doctors Data

Management of Patient Records Management of Medical Records Management of Services Price management Relations with Insurance Company Financial Management and Accounting Medical Supplies Management Auxiliary

952 views • 9 slides
Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs William Wang 10:30 11:00 Break - 11:00 12:15 Adversarial Examples Sameer Singh 12:15 12:30 Conclusions and Question Answering William

1.75k views • 105 slides
INTRODUCTION TO ACCOUNTING Session 01 Session Outline Definition of Accounting History

INTRODUCTION TO ACCOUNTING Session 01 Session Outline Definition of Accounting History

INTRODUCTION TO ACCOUNTING Session 01 Session Outline Definition of Accounting History of Accounting Objectives of Accounting Users of Accounting Information Book-keeping vs. Accounting Financial Accounting vs. Management

625 views • 14 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Records Retention Program Training Managing Records in Schools The Records Liaison What does

Records Retention Program Training Managing Records in Schools The Records Liaison What does

Records Retention Program Training Managing Records in Schools The Records Liaison What does that mean? The guardian ofyour schools records Rule 2380 The RL knows what records are kept in your school The RL is the expert!

361 views • 13 slides
Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop September 14, 2017 Why Prove Things? Attackers often have more motivation/resources than defenders Heuristic defenses: arms race between attack and

738 views • 52 slides
Volunteer Programs to the Rescue What Can a Volunteer Program do for You? Attack a backlog

Volunteer Programs to the Rescue What Can a Volunteer Program do for You? Attack a backlog

Volunteer Programs to the Rescue What Can a Volunteer Program do for You? Attack a backlog of unprocessed records Add productivity to a limited staff Low cost resource when budgets are cut New perspective and energy Community

340 views • 19 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
Preacher: Network Policy Checker for Adversarial Environments Kashyap Thimmaraju, Liron Schiff

Preacher: Network Policy Checker for Adversarial Environments Kashyap Thimmaraju, Liron Schiff

Preacher: Network Policy Checker for Adversarial Environments Kashyap Thimmaraju, Liron Schiff and Stefan Schmid 1 Backdoors and exploits Network devices are very effective attack vectors Provide access to internal networks

469 views • 18 slides
Risk and Records at UTS Records Management Program > University Records, Governance Support

Risk and Records at UTS Records Management Program > University Records, Governance Support

THINK.CHANGE.DO Risk and Records at UTS Records Management Program > University Records, Governance Support Unit, Registrar, DVC (Corporate Services) 6 dedicated f/t positions > Devolved system 2 campuses (city campus over

325 views • 13 slides
Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial

740 views • 9 slides

More recommend