The Ephemeral Threat: Assessing the Security of Algorithmic Trading Systems powered by Deep Learning
Rizvani, A., Apruzzese, G., & Laskov, P., ACM Conference on Data and Application Security and Privacy, 2025 Conference
Oneliner: Did you know that very little has been done in the adversarial ML domain w.r.t. ML applications in computational finance?
Abstract. We study the security of stock price forecasting using Deep Learning (DL) in computational finance. Despite abundant prior research on vulnerability of DL to adversarial perturbations, such work has hitherto hardly addressed practical adversarial threat models in the context of DL-powered algorithmic trading systems (ATS).
Specifically, we investigate the vulnerability of ATS to adversarial perturbations launched by a realistically constrained attacker. We first show that existing literature has paid limited attention to DL security in the financial domain—which is naturally attractive for adversaries. Then, we formalize the concept of ephemeral perturbations (EP), which can be used to stage a novel type of attack tailored for DL-based ATS. Finally, we carry out an end-to-end evaluation of our EP against a profitable ATS. Our results reveal that the introduction of small changes to the input stock-prices not only (i) induces the DL model to behave incorrectly but also (ii) leads to the whole ATS to make suboptimal buy/sell decisions, resulting in a worse financial performance of the targeted ATS.