TY - GEN
T1 - A Comparative Analysis of Backdoor and Label-Flipping Attacks on Credit Card Fraud Detection Using Ensemble Learning Techniques
AU - Fashoto, Stephen G.
AU - Olamijuwon, Jeremiah
AU - Oyekanmi, Elizabeth O.
AU - Mbunge, Elliot
AU - Elujide, Israel
AU - Kwenda, Clopas
AU - Nhinda, Gabriel
AU - Shava, Fungai B.
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Advanced machine learning models have been applied across various sectors, including healthcare, finance, agriculture, and transportation, yielding promising results. The continuously evolving nature of cybersecurity threats necessitates the development of intelligent systems to counteract these attacks, particularly adversarial data poisoning attacks that threaten the safety of deployment. Notably, backdoor attacks and labelflipping attacks compromise the integrity of predictive models. Backdoor attacks manipulate models to misclassify malicious inputs containing specific triggers, while label-flipping attacks alter class labels in training data to degrade overall model accuracy. These attacks continue to receive significant attention in fraud detection. This study investigates backdoor poisoning and two types of label-flipping attacks (random and strategic) on a credit card fraud detection dataset. The dataset is sourced from the Kaggle repository, consisting of transactions made by credit cardholders in September 2013. The class imbalance was addressed using the Synthetic Minority Oversampling Technique (SMOTE). A comparative analysis was carried out on 5 % of the fraudulent training data and 15% of the non-fraudulent training data poisoned using random label-flipping attacks, strategic labelflipping attacks, and backdoor poisoning. Ensemble learning models such as random forest, AdaBoost, and XGBoost were evaluated under clean and poisoned conditions. The results show that random forest, when subjected to backdoor poisoning, demonstrated the highest robustness, achieving an Area under the Precision-Recall Curve (AUPRC) of 0.89 under attack conditions. In contrast, AdaBoost, when faced with strategic label-flipping, proved to be the most vulnerable, with its AUPRC dropping to 0.62. Strategic label-flipping exhibited the most significant impact on model performance, confirming that it is the poisoning attack with the most significant impact.
AB - Advanced machine learning models have been applied across various sectors, including healthcare, finance, agriculture, and transportation, yielding promising results. The continuously evolving nature of cybersecurity threats necessitates the development of intelligent systems to counteract these attacks, particularly adversarial data poisoning attacks that threaten the safety of deployment. Notably, backdoor attacks and labelflipping attacks compromise the integrity of predictive models. Backdoor attacks manipulate models to misclassify malicious inputs containing specific triggers, while label-flipping attacks alter class labels in training data to degrade overall model accuracy. These attacks continue to receive significant attention in fraud detection. This study investigates backdoor poisoning and two types of label-flipping attacks (random and strategic) on a credit card fraud detection dataset. The dataset is sourced from the Kaggle repository, consisting of transactions made by credit cardholders in September 2013. The class imbalance was addressed using the Synthetic Minority Oversampling Technique (SMOTE). A comparative analysis was carried out on 5 % of the fraudulent training data and 15% of the non-fraudulent training data poisoned using random label-flipping attacks, strategic labelflipping attacks, and backdoor poisoning. Ensemble learning models such as random forest, AdaBoost, and XGBoost were evaluated under clean and poisoned conditions. The results show that random forest, when subjected to backdoor poisoning, demonstrated the highest robustness, achieving an Area under the Precision-Recall Curve (AUPRC) of 0.89 under attack conditions. In contrast, AdaBoost, when faced with strategic label-flipping, proved to be the most vulnerable, with its AUPRC dropping to 0.62. Strategic label-flipping exhibited the most significant impact on model performance, confirming that it is the poisoning attack with the most significant impact.
KW - adversarial attacks
KW - adversarial machine learning
KW - backdoor poisoning
KW - ensemble learning
KW - label-flipping attacks
UR - https://www.scopus.com/pages/publications/105031916106
U2 - 10.1109/ETNCC66224.2025.11299692
DO - 10.1109/ETNCC66224.2025.11299692
M3 - Conference contribution
AN - SCOPUS:105031916106
T3 - 2025 International Conference on Emerging Trends in Networks and Computer Communications, ETNCC 2025 - Proceedings
SP - 1184
EP - 1191
BT - 2025 International Conference on Emerging Trends in Networks and Computer Communications, ETNCC 2025 - Proceedings
A2 - Jat, Dharm Singh
A2 - Shava, Fungai Bhunu
A2 - Zodi, Guy-Alain
A2 - Tripathi, Meenakshi
A2 - Jhanjhi, Noor Zaman
A2 - Gajrani, Jyoti
A2 - Hamunyela, Suama
A2 - Muchinenyika, Simon
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th International Conference on Emerging Trends in Networks and Computer Communications, ETNCC 2025
Y2 - 5 August 2025 through 7 August 2025
ER -