Research from AI Sweden helps fight money laundering and data leaks

Ahead of this year's Annual Conference on Neural Information Processing Systems (NeurIPS), one of the most important conferences in artificial intelligence and machine learning, Johan and researchers affiliated with AI Sweden's security projects have had no fewer than two articles accepted.

One of the results AI Sweden will present at NeurIPS concerns new methods for training AI models on transaction and network data in ways that do not compromise sensitive information (reference).

Sharing and collaborating with privacy and security

The technology allows multiple banks to collectively analyze the overall structure of transaction flows to find anomalies, without any single bank's customer data being exposed to the others.

Bank secrecy and other regulations make it difficult for banks to find and identify patterns of criminal activity that move between institutions—a vulnerability that criminal actors systematically exploit. The rules not only hinder monitoring and analysis across multiple transaction networks, but they also prevent the sharing of learnings in AI models from one bank to another, unless it can be ensured that they are protected from disseminating classified information.

The consequence is that current methods for detecting money laundering are blunt, as learnings cannot be shared or applied to transactions that criminals send between different institutions. Banks are therefore looking for ways to enable effective defenses without compromising the laws and regulations that protect customer integrity.

Access to relevant data is another problem that researchers and developers working on anti-money laundering solutions struggle with, as bank secrecy also complicates research on actual transactions. The research group at AI Sweden has just submitted a paper to The International Conference on Learning Representations (ICLR), a conference that holds as much weight as NeurIPS. The article is about unlocking the power of the research community to improve anti-money laundering efforts by creating synthetic high-fidelity data (reference).

Edvin Callisen, Research Engineer in Decentralized AI at AI Sweden, has been involved in this work together with researchers at Handelsbanken and Swedbank:

Publishing methods that enable the training and sharing of models is relevant even outside the banking sector. One example is for hospitals to jointly develop more powerful AI for diagnoses while every single patient's data remains fully protected.

Sweden in the driver's seat for secure and responsible AI

However, technically enabling collaboration is only part of the solution. For trained AI models to be used in real-world scenarios by both banks and authorities, they must meet a variety of security requirements, of which protection against data leakage is a crucial aspect.

"In an earlier project where we at AI Sweden worked with hospitals and regions that wanted to collaborate on AI models, the Swedish Authority for Privacy Protection (IMY) concluded that because research presents theories for manipulating such models to share training data, they needed to give a guiding negative answer. We realized we need methods to test and evaluate the risks for each individual model," explains Johan Östman.

The lessons learned from that project led to the follow-up project LeakPro, in which RISE, AstraZeneca, Sahlgrenska University Hospital, Region Halland, Syndata, and Scaleout are participating. IMY is also involved in the project's reference group.

The methods developed in LeakPro function as an advanced stress test where attempts are made with extreme precision to determine if a selected individual's data was used in the model's training. One of these is presented in the second article at NeurIPS (reference), co-authored with researchers from Linköping University and Chalmers University of Technology.

"By identifying vulnerabilities in advance in this way, developers can build significantly more robust and secure AI systems. This is crucial for building the trust required for the responsible use of AI across society," says Johan Östman.

Future security problems and new problem solvers

Progress in new technology brings both great benefits and new security problems. Together with partner universities and organizations, AI Sweden is training experts to handle future AI-related security challenges.

Fazeleh Hoseini, Researcher at AI Sweden, supervised Master's students Nicolas Johansson and Tobias Olsson, from Chalmers University of Technology in a study they recently released in a paper (reference):

Nicolas and Tobias worked on research problems that resulted in an article about the vulnerability of AI models for time series forecasting (reference). These models are used, for example, to predict energy use in the power grid, and to anticipate a stroke based on brain signals (EEG) to electronically stimulate and save patients.

By developing new types of attacks, the students were able to show that these types of forecasting models can leak sensitive information, especially if the training population is small.