Adversarial Robustness of Machine Learning-based Fraud Detection Systems: An Empirical Evaluation of Attack Impact and Mitigation in Fintech Environments

Ololade Zainab Adesokan *

Institution and Address American National University, Salem VA 1813 E Main St, Salem, VA 24153, United States of America.

Abiola Omolola Bamsa

University of the Cumberlands, 104 Maple Drive, Williamsburg, KY 40769, United States of America.

Onyinye Agatha Obioha-Val

University of the Cumberlands, 104 Maple Drive, Williamsburg, KY 40769, United States of America.

Cornelia Ifeoma Ejoh

University of the District of Columbia, 4200 Connecticut Ave NW, Washington, DC 20008, United States of America.

Moses Abuobelye Akeke

Madonna University Nigeria, PMB 05 Elele, Rivers State, Nigeria.

*Author to whom correspondence should be addressed.


Abstract

This study evaluated the adversarial robustness of machine learning-based fraud detection systems by comparing classifier vulnerability profiles and assessing adversarial training as a mitigation strategy. Using the IEEE-CIS Fraud Detection dataset, comprising 590,540 transactions with a fraud incidence of 3.5%, four classifiers—logistic regression, random forest, gradient boosting, and a feed-forward neural network—were trained under identical preprocessing and class-weighting conditions and then subjected to Fast Gradient Sign Method and Projected Gradient Descent attacks at a perturbation budget of 0.02. Adversarial examples were constructed directly using closed-form and backpropagated gradients for the differentiable classifiers and using a logistic regression surrogate for the non-differentiable ensembles, before adversarial training was applied as a post-attack mitigation stage. Logistic regression proved the most adversarially vulnerable architecture, sustaining a 31.12-percentage-point recall loss under Projected Gradient Descent, while adversarial training subsequently restored its recall from 0.39 to 0.999 at an accuracy cost of 0.10 percentage points. Random forest and gradient boosting were not degraded by the surrogate-based attack, indicating that comparative robustness claims for tree-based ensembles require attack methods suited to their non-differentiable structure rather than transfer-based evaluation alone. Within the scope of this single-dataset evaluation, the findings support the adoption of adversarial training for gradient-based fraud detection models and suggest that robustness claims should be accompanied by disclosure of the attack methodology used to establish them.

Keywords: Adversarial robustness, financial fraud detection, machine learning, fintech security, fast gradient sign method, projected gradient descent, adversarial training, classifier vulnerability


How to Cite

Adesokan, Ololade Zainab, Abiola Omolola Bamsa, Onyinye Agatha Obioha-Val, Cornelia Ifeoma Ejoh, and Moses Abuobelye Akeke. 2026. “Adversarial Robustness of Machine Learning-Based Fraud Detection Systems: An Empirical Evaluation of Attack Impact and Mitigation in Fintech Environments”. Journal of Engineering Research and Reports 28 (7):261-79. https://doi.org/10.9734/jerr/2026/v28i71957.

Downloads

Download data is not yet available.