# BFSI AIShield Capability Demo
* <b>File Name</b>                          : BFSI_Tabular_Classification_Attack_Demo
* <b>Date of creation(dd-mm-yyyy)</b>       : 11-08-2022
* <b>Author Name/Dept</b>                   : Amlan Jyoti/Product Engineering
* <b>Organization</b>                       : AIShield
* <b>Description</b>                        : Code for analyzing behaviour with and without AIShield Defence Model.
* <b>Copyright</b>                          : Copyright 2022 Bosch Global Software Technologies Private Limited. All Rights Reserved.

**Assumption**
1. AI Developer Persona
2. AIShield Capability Demo

` `

In [1]:
"""
Description: Import libraries
"""
import pandas as pd   
import requests
import json
import time
from tqdm import tqdm

![image-2.png](attachment:image-2.png)

## `1. Use-Case`

The dataset considered for the Demo is related to direct marketing campaigns of a Portuguese banking institution. The Classification goal is to predict if the client will subscribe to a term deposit or not.

The dataset contains client's details like - age, job, education, loan details, previous campaign outcome etc.

In [2]:
df_orig = pd.read_csv('banking.csv', nrows=5)
df_orig.head()

Unnamed: 0,age,job,marital,education,default,housing,loan,contact,month,day_of_week,...,campaign,pdays,previous,poutcome,emp_var_rate,cons_price_idx,cons_conf_idx,euribor3m,nr_employed,y
0,44,blue-collar,married,basic.4y,unknown,yes,no,cellular,aug,thu,...,1,999,0,nonexistent,1.4,93.444,-36.1,4.963,5228.1,0
1,53,technician,married,unknown,no,no,no,cellular,nov,fri,...,1,999,0,nonexistent,-0.1,93.2,-42.0,4.021,5195.8,0
2,28,management,single,university.degree,no,yes,no,cellular,jun,thu,...,3,6,2,success,-1.7,94.055,-39.8,0.729,4991.6,1
3,39,services,married,high.school,no,no,no,cellular,apr,fri,...,2,999,0,nonexistent,-1.8,93.075,-47.1,1.405,5099.1,0
4,55,retired,married,basic.4y,no,yes,no,cellular,aug,fri,...,1,3,1,success,-2.9,92.201,-31.4,0.869,5076.2,1


![image-2.png](attachment:image-2.png)

## `2.1 User Persona`

![image.png](attachment:image.png)

## `2.2 Data Samples`

#### `Actual Data`

In [3]:
df_orig = pd.read_csv('banking.csv', nrows=6)
df_orig.index = ['original_data_1','original_data_2','original_data_3', 'original_data_4','original_data_5','original_data_6']
df_orig.head(6)

Unnamed: 0,age,job,marital,education,default,housing,loan,contact,month,day_of_week,...,campaign,pdays,previous,poutcome,emp_var_rate,cons_price_idx,cons_conf_idx,euribor3m,nr_employed,y
original_data_1,44,blue-collar,married,basic.4y,unknown,yes,no,cellular,aug,thu,...,1,999,0,nonexistent,1.4,93.444,-36.1,4.963,5228.1,0
original_data_2,53,technician,married,unknown,no,no,no,cellular,nov,fri,...,1,999,0,nonexistent,-0.1,93.2,-42.0,4.021,5195.8,0
original_data_3,28,management,single,university.degree,no,yes,no,cellular,jun,thu,...,3,6,2,success,-1.7,94.055,-39.8,0.729,4991.6,1
original_data_4,39,services,married,high.school,no,no,no,cellular,apr,fri,...,2,999,0,nonexistent,-1.8,93.075,-47.1,1.405,5099.1,0
original_data_5,55,retired,married,basic.4y,no,yes,no,cellular,aug,fri,...,1,3,1,success,-2.9,92.201,-31.4,0.869,5076.2,1
original_data_6,30,management,divorced,basic.4y,no,yes,no,cellular,jul,tue,...,8,999,0,nonexistent,1.4,93.918,-42.7,4.961,5228.1,0


#### `Attack data`

In [4]:
df_attack = pd.read_csv('attack_data.csv')
df_attack.index = ['original_data_1','original_data_2','attack_data_1(extraction)','attack_data_2(extraction)','attack_data_3(evasion)','attack_data_4(evasion)']
df_attack.head(6)

Unnamed: 0,age,job,marital,education,default,housing,loan,contact,month,day_of_week,duration,campaign,pdays,previous,poutcome,emp_var_rate,cons_price_idx,cons_conf_idx,euribor3m,nr_employed
original_data_1,40.0,blue-collar,single,basic.4y,no,yes,no,cellular,jul,thu,217.0,3.0,999.0,0.0,nonexistent,1.4,93.918,-42.7,4.968,5228.1
original_data_2,38.0,technician,single,professional.course,no,yes,no,cellular,jun,mon,737.0,6.0,999.0,0.0,nonexistent,-1.7,94.055,-39.8,0.754,4991.6
attack_data_1(extraction),57.0,admin.,divorced,basic.6y,no,no,no,cellular,sep,tue,473.0,1.0,3.0,5.0,success,-1.1,94.199,-37.5,0.877,4963.6
attack_data_2(extraction),98.0,unknown,unknown,basic.4y,yes,no,yes,cellular,sep,thu,1380.0,8.0,1133.0,0.0,failure,-1.412589,93.182393,-42.670327,3.009737,5123.342889
attack_data_3(evasion),41.0,blue-collar,married,basic.4y,no,unknown,no,cellular,dec,thu,1626.0,3.0,997.0,0.0,nonexistent,1.283037,93.909149,-42.646926,5.012649,5224.209564
attack_data_4(evasion),39.0,technician,single,professional.course,no,yes,no,cellular,jun,fri,44.0,7.0,999.0,0.0,failure,-1.657349,94.016239,-40.213552,0.737731,4997.683489


`    `

### `Representative sample data after preprocessing`

`Actual data`

In [5]:
actual_data = {}
actual_data['original_data_1'] = '0.34567901234567905,0.3636363636363637,0.3333333333333333,0.2,0.5,0.0,0.0,0.0,0.1111111111111111,1.0,0.022366815778771858,0.01818181818181818,1.0,0.0,0.5,1.0,0.4844115354637495,0.6150627615062758,0.9816368170482884,1.0'
actual_data['original_data_2'] = "0.16049382716049382,0.0,0.6666666666666666,0.2,0.0,0.0,0.0,0.0,0.6666666666666666,1.0,0.14192761285075234,0.01818181818181818,1.0,0.14285714285714285,0.0,0.33333333333333337,0.269680436476996,0.19246861924686165,0.1466787576513262,0.512287334593573"
actual_data['original_data_3'] = "0.2716049382716049,0.8181818181818182,0.6666666666666666,0.6000000000000001,0.0,1.0,0.0,0.0,0.7777777777777777,1.0,0.03660024400162668,0.0,1.0,0.14285714285714285,0.0,0.6875,0.3893219017926697,0.3682008368200835,0.7902969848107007,0.8778827977315693"
actual_data['original_data_4'] = "0.1728395061728395,0.3636363636363637,0.6666666666666666,0.8,0.0,1.0,0.0,0.0,0.7777777777777777,0.75,0.02623017486783245,0.01818181818181818,1.0,0.0,0.5,0.6875,0.3893219017926697,0.3682008368200835,0.7977782815688055,0.8778827977315693"
actual_data['original_data_5'] = "0.4567901234567901,0.6363636363636364,0.3333333333333333,0.0,0.0,1.0,1.0,0.0,0.1111111111111111,1.0,0.0508336722244815,0.01818181818181818,1.0,0.0,0.5,1.0,0.4844115354637495,0.6150627615062758,0.9818635230106552,1.0"
actual_data['original_data_6'] = "0.1851851851851852,0.0,0.3333333333333333,0.8,0.0,0.0,0.0,0.0,0.4444444444444444,0.75,0.12118747458316388,0.0,1.0,0.0,0.5,0.10416666666666674,0.2969602494154273,0.41841004184100417,0.14237134436635684,0.4257088846880883"
actual_data_df = pd.DataFrame.from_dict(actual_data, orient='index')
actual_data_df = pd.concat([actual_data_df[0].str.split(',', expand=True)], axis=1)
col_names = ['feature_'+str(i) for i in range(0,20)]
actual_data_df.set_axis(col_names, axis=1, inplace=True)
actual_data_df.head(10)

Unnamed: 0,feature_0,feature_1,feature_2,feature_3,feature_4,feature_5,feature_6,feature_7,feature_8,feature_9,feature_10,feature_11,feature_12,feature_13,feature_14,feature_15,feature_16,feature_17,feature_18,feature_19
original_data_1,0.345679012345679,0.3636363636363637,0.3333333333333333,0.2,0.5,0.0,0.0,0.0,0.1111111111111111,1.0,0.0223668157787718,0.0181818181818181,1.0,0.0,0.5,1.0,0.4844115354637495,0.6150627615062758,0.9816368170482884,1.0
original_data_2,0.1604938271604938,0.0,0.6666666666666666,0.2,0.0,0.0,0.0,0.0,0.6666666666666666,1.0,0.1419276128507523,0.0181818181818181,1.0,0.1428571428571428,0.0,0.3333333333333333,0.269680436476996,0.1924686192468616,0.1466787576513262,0.512287334593573
original_data_3,0.2716049382716049,0.8181818181818182,0.6666666666666666,0.6000000000000001,0.0,1.0,0.0,0.0,0.7777777777777777,1.0,0.0366002440016266,0.0,1.0,0.1428571428571428,0.0,0.6875,0.3893219017926697,0.3682008368200835,0.7902969848107007,0.8778827977315693
original_data_4,0.1728395061728395,0.3636363636363637,0.6666666666666666,0.8,0.0,1.0,0.0,0.0,0.7777777777777777,0.75,0.0262301748678324,0.0181818181818181,1.0,0.0,0.5,0.6875,0.3893219017926697,0.3682008368200835,0.7977782815688055,0.8778827977315693
original_data_5,0.4567901234567901,0.6363636363636364,0.3333333333333333,0.0,0.0,1.0,1.0,0.0,0.1111111111111111,1.0,0.0508336722244815,0.0181818181818181,1.0,0.0,0.5,1.0,0.4844115354637495,0.6150627615062758,0.9818635230106552,1.0
original_data_6,0.1851851851851852,0.0,0.3333333333333333,0.8,0.0,0.0,0.0,0.0,0.4444444444444444,0.75,0.1211874745831638,0.0,1.0,0.0,0.5,0.1041666666666667,0.2969602494154273,0.4184100418410041,0.1423713443663568,0.4257088846880883


`Attack data`

In [6]:
"""
Define data - mix of actual and attack data
"""
attack_data = {}
attack_data['original_data_1'] = "0.2839506172839506, 0.09090909090909091, 0.6666666666666666, 0.0, 0.0, 1.0, 0.0, 0.0, 0.3333333333333333, 0.5, 0.044123627490849936, 0.047619047619047616, 1.0, 0.0, 0.5, 1.0, 0.6691348402182271, 0.3389121338912131, 0.9825436408977557, 1.0"
attack_data['original_data_2'] = "0.25925925925925924, 0.8181818181818182, 0.6666666666666666, 0.8, 0.0, 1.0, 0.0, 0.0, 0.4444444444444444, 0.25, 0.14985766571777145, 0.11904761904761904, 1.0, 0.0, 0.5, 0.3541666666666667, 0.7225253312548645, 0.4602510460251046, 0.027204715484017233, 0.10586011342154933"
attack_data['attack_data_1(extraction)'] = "0.4938271604938272,0.0,0.0,0.2,0.0,0.0,0.0,0.0,1.0,0.75,0.096177307848719,0.0,0.003003003003003003,0.7142857142857142,1.0,0.4791666666666667,0.7786438035853394,0.5564853556485354,0.055089548855134896,0.0"
attack_data['attack_data_2(extraction)'] = "1,1,1,0,1,0,1,0,1,0.5125469824946632,0.28063214655669677,0.15774156968661596,1.1340883079303063,0.017303723860023025,0,0.41404392991963623,0.38246023014655084,0.34015370076028767,0.5385936331334208,0.6039428687072782"
attack_data['attack_data_3(evasion)'] = "0.293157066055179, 0.11891758867447381, 0.6385109657329875, 0.049848171667896964, 0.011256969610728576, 0.9614376606431434, 0.02345435165363252, 0.0, 0.3159161351646869, 0.5188458308646899, 0.3305605090798102, 0.04150419416026545, 0.9975088537151447, 0.0, 0.503376351584349, 0.9756326586204929, 0.6656854481477109, 0.34113279230983634, 0.9926659079976888, 0.9852913583943675"
attack_data['attack_data_4(evasion)'] = "0.27545673529732195, 0.8268372544636541, 0.6756514818674823, 0.7856564633253071, 0.011771780546922562, 1.0, 0.000983481260547774, 0.0065371045176302505, 0.45117440375908174, 0.24809088910067367, 0.008904426969164603, 0.1406056964495336, 1.0, 0.00446761214738552, 0.4880333475593437, 0.36305236042119354, 0.7074198347736222, 0.44294761328888577, 0.02351644426848171, 0.12886007318892118"
data_df = pd.DataFrame.from_dict(attack_data, orient='index')
data_df = pd.concat([data_df[0].str.split(',', expand=True)], axis=1)
col_names = ['feature_'+str(i) for i in range(0,20)]
data_df.set_axis(col_names, axis=1, inplace=True)
data_df.head(10)

Unnamed: 0,feature_0,feature_1,feature_2,feature_3,feature_4,feature_5,feature_6,feature_7,feature_8,feature_9,feature_10,feature_11,feature_12,feature_13,feature_14,feature_15,feature_16,feature_17,feature_18,feature_19
original_data_1,0.2839506172839506,0.0909090909090909,0.6666666666666666,0.0,0.0,1.0,0.0,0.0,0.3333333333333333,0.5,0.0441236274908499,0.0476190476190476,1.0,0.0,0.5,1.0,0.6691348402182271,0.3389121338912131,0.9825436408977556,1.0
original_data_2,0.2592592592592592,0.8181818181818182,0.6666666666666666,0.8,0.0,1.0,0.0,0.0,0.4444444444444444,0.25,0.1498576657177714,0.119047619047619,1.0,0.0,0.5,0.3541666666666667,0.7225253312548645,0.4602510460251046,0.0272047154840172,0.1058601134215493
attack_data_1(extraction),0.4938271604938272,0.0,0.0,0.2,0.0,0.0,0.0,0.0,1.0,0.75,0.096177307848719,0.0,0.003003003003003,0.7142857142857142,1.0,0.4791666666666667,0.7786438035853394,0.5564853556485354,0.0550895488551348,0.0
attack_data_2(extraction),1.0,1.0,1.0,0.0,1.0,0.0,1.0,0.0,1.0,0.5125469824946632,0.2806321465566967,0.1577415696866159,1.1340883079303063,0.017303723860023,0.0,0.4140439299196362,0.3824602301465508,0.3401537007602876,0.5385936331334208,0.6039428687072782
attack_data_3(evasion),0.293157066055179,0.1189175886744738,0.6385109657329875,0.0498481716678969,0.0112569696107285,0.9614376606431434,0.0234543516536325,0.0,0.3159161351646869,0.5188458308646899,0.3305605090798102,0.0415041941602654,0.9975088537151447,0.0,0.503376351584349,0.9756326586204928,0.6656854481477109,0.3411327923098363,0.9926659079976888,0.9852913583943675
attack_data_4(evasion),0.2754567352973219,0.8268372544636541,0.6756514818674823,0.7856564633253071,0.0117717805469225,1.0,0.0009834812605477,0.0065371045176302,0.4511744037590817,0.2480908891006736,0.0089044269691646,0.1406056964495336,1.0,0.0044676121473855,0.4880333475593437,0.3630523604211935,0.7074198347736222,0.4429476132888857,0.0235164442684817,0.1288600731889211


` `

![image-2.png](attachment:image-2.png)

## `3. Deployment without AIShield Defense`

In [7]:
"""
Description: API URL
""" 
url= "https://v737ltmyj0.execute-api.eu-central-1.amazonaws.com/test/test"

In [8]:
"""
Description: API call without AIShield integrated
"""
def call_bank_api(url, token_key, attack_data): 
    results = {}
    headers={'Cache-Control': 'no-cache', 'jwt_token': token_key}
    for input_type, data in tqdm(attack_data.items()): 
        try:
            api_res = {}
            payload = {'data': data}
            request = requests.request(method="POST", url=url, json=payload, headers=headers)
            response = json.loads(request.text)
            api_status_cd = request.status_code
            api_res['status_code'] = api_status_cd
            if api_status_cd == 200:
                api_res['status'] = 'allow'
                api_res.update(response['result'])
            else:
                api_res['status'] = 'deny'
                api_res['message'] = response['Message']

            results[input_type] = api_res

        except Exception as e:
            print('error {}'.format(e))
            
    return results

#### User - 1 (Genuine User)

In [9]:
user1_token_key = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTIzNDU2Nzg5LCJuYW1lIjoiSm9zZXBoIn0.OpOSSw7e485LOP5PrzScxHb7SR6sAOMRckfFwi4rp7o'

In [10]:
results = call_bank_api(url, user1_token_key, actual_data)
df = pd.DataFrame.from_dict(results, orient='index' )
df.head(10)

100%|██████████| 6/6 [00:09<00:00,  1.58s/it]


Unnamed: 0,status_code,status,original_model_output
original_data_1,200,allow,Will Not Subscribe
original_data_2,200,allow,Will Not Subscribe
original_data_3,200,allow,Will Not Subscribe
original_data_4,200,allow,Will Not Subscribe
original_data_5,200,allow,Will Not Subscribe
original_data_6,200,allow,Will Subscribe


#### User - 2 (Attacker)

In [11]:
user2_token_key = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTIzNDU2Nzg5LCJuYW1lIjoiSm9zZXBoIn0.OpOSSw7e485LOP5PrzScxHb7SR6sAOMRckfFwi4rp2q'

In [12]:
results = call_bank_api(url, user2_token_key, attack_data)
df = pd.DataFrame.from_dict(results, orient='index' )
df['expected_model_output'] = ['Will Not Subscribe','Will Subscribe','Will Subscribe','Will Not Subscribe','Will Not Subscribe','Will Subscribe']
df.head(10)

100%|██████████| 6/6 [00:08<00:00,  1.36s/it]


Unnamed: 0,status_code,status,original_model_output,expected_model_output
original_data_1,200,allow,Will Not Subscribe,Will Not Subscribe
original_data_2,200,allow,Will Subscribe,Will Subscribe
attack_data_1(extraction),200,allow,Will Subscribe,Will Subscribe
attack_data_2(extraction),200,allow,Will Not Subscribe,Will Not Subscribe
attack_data_3(evasion),200,allow,Will Subscribe,Will Not Subscribe
attack_data_4(evasion),200,allow,Will Not Subscribe,Will Subscribe


` `

![image-4.png](attachment:image-4.png)

![image-3.png](attachment:image-3.png)

## `4. Deployment with AIShield Defense`

In [13]:
"""
Description: API URL
""" 
url= "https://v737ltmyj0.execute-api.eu-central-1.amazonaws.com/test/test-secured"

In [14]:
"""
Description: API without AIShield integrated
"""
def call_bank_withais_api(url, token_key, attack_data):
    results = {}
    headers={'Cache-Control': 'no-cache', 'jwt_token': token_key}
    for input_type, data in tqdm(attack_data.items()): 
        try:
            api_res = {}
            payload = {'data': data}
            request = requests.request(method="POST", url=url, json=payload, headers=headers)
            response = json.loads(request.text)
            api_status_cd = request.status_code
            api_res['status_code'] = api_status_cd
            if api_status_cd == 200:
                api_res['status'] = 'allow'
                api_res.update(response['result'])
            else:
                api_res['status'] = 'deny'
                api_res['message'] = response['Message']

            results[input_type] = api_res

        except Exception as e:
            print('error {}'.format(e))
    return results

### `Detect and Remediate`

#### User - 1 (Genuine User)

In [19]:
user1_token_key = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTIzNDU2Nzg5LCJuYW1lIjoiSm9zZXBoIn0.OpOSSw7e485LOP5PrzScxHb7SR6sAOMRckfFwi4rp7o'

In [20]:
results = call_bank_api(url, user1_token_key, actual_data)
df = pd.DataFrame.from_dict(results, orient='index' )
df.head(10)

100%|██████████| 6/6 [00:09<00:00,  1.62s/it]


Unnamed: 0,status_code,status,original_model_output,model_attack_detected,model_extraction_attack_probability,model_evasion_attack_probability
original_data_1,200,allow,Will Not Subscribe,False,0.066,0.168114
original_data_2,200,allow,Will Not Subscribe,False,0.140012,0.348081
original_data_3,200,allow,Will Not Subscribe,False,0.070913,0.165296
original_data_4,200,allow,Will Not Subscribe,False,0.026817,0.165537
original_data_5,200,allow,Will Not Subscribe,False,0.136126,0.173833
original_data_6,200,allow,Will Subscribe,False,0.115911,0.372237


#### User - 2 (Attacker)

In [27]:
user2_token_key = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTIzNDU2Nzg5LCJuYW1lIjoiSm9zZXBoIn0.OpOSSw7e485LOP5PrzScxHb7SR6sAOMRckfFwi4rp2q'
# user2_token_key = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTIzNDU2Nzg5LCJuYW1lIjoiSm9zZXBoIn0.OpOSSw7e485LOP5PrzScxHb7SR6sAOMRckfFwi4rp1p'

In [28]:
results = call_bank_withais_api(url, user2_token_key, attack_data)
df = pd.DataFrame.from_dict(results, orient='index' )
df.head(10)

100%|██████████| 6/6 [00:11<00:00,  1.91s/it]


Unnamed: 0,status_code,status,original_model_output,model_attack_detected,model_extraction_attack_probability,model_evasion_attack_probability,message
original_data_1,200,allow,Will Not Subscribe,False,0.041432,0.181262,
original_data_2,200,allow,Will Subscribe,False,0.384442,0.514711,
attack_data_1(extraction),200,allow,Will Subscribe,True,0.997225,0.621143,
attack_data_2(extraction),200,allow,Will Not Subscribe,True,0.993933,0.667226,
attack_data_3(evasion),200,allow,Will Subscribe,True,0.086529,0.765301,
attack_data_4(evasion),403,deny,,,,,User is not authorized to access this resource...


` `

### `Attack telemetry sent to Splunk (SIEM)`

Splunk Log Details
![Splunk_logDetails.PNG](attachment:Splunk_logDetails.PNG)

AIShield Splunk Dashboard
![AIShield_splunk_dashboard.PNG](attachment:AIShield_splunk_dashboard.PNG)

SplunkSecurityAlerts
![SplunkSecurityAlerts.PNG](attachment:SplunkSecurityAlerts.PNG)

` `

### `Attack telemetry sent to Microsoft Azure Sentinel (SIEM)`

<sentinel demo>

![image-2.png](attachment:image-2.png)

![image-2.png](attachment:image-2.png)

` `

### `Process of attack and defense generation`

![image-4.png](attachment:image-4.png)

### `Report`

![image.png](attachment:image.png)

## `Summary`

`Genuine User (Sending actual data)`

Without AIShield | With AIShield
-  |  - 
![image-7.png](attachment:image-7.png)  |  ![image-8.png](attachment:image-8.png)

`Attacker User (Sending attack data)`

Without AIShield | With AIShield
- | - 
![image-7.png](attachment:image-7.png) | ![image-8.png](attachment:image-8.png)

### `Appendix`

* Dynamo Table
![image.png](attachment:image.png)