The use of artificial intelligence, particularly machine learning (ML), is being extensively discussed in the financial sector. Information technology (IT) systems using ML (ML systems), however, tend to have specific vulnerabilities as well as those common to all IT systems. To effectively deploy secure ML systems, it is critical to consider in advance how to address potential attacks targeting the vulnerabilities. In this paper, we classify ML systems into twelve types on the basis of the relationships among entities involved in the system and discuss the vulnerabilities and threats, as well as the corresponding countermeasures for each type. We then focus on typical use cases of ML systems in the financial sector, and discuss possible attacks and security measures.
Keywords: Artificial intelligence; Machine learning system; Security; Threat; Vulnerability
Views expressed in the paper are those of the authors and do not necessarily reflect those of the Bank of Japan or Institute for Monetary and Economic Studies.