AAU Student Projects is unavailable between June 15th 1.30pm and 17th 1.30pm due to planned system maintenance. The projects cannot be downloaded during this period.
AAU Student Projects - visit Aalborg University's student projects portal
An executive master's programme thesis from Aalborg University
Book cover


Security and Robustness of Automated Credit Decision Algorithms

Authors

;

Term

4. semester

Education

Cyber Security, Master

Publication year

2026

Submitted on

Pages

66

Abstract

Automated credit scoring systems are often judged mainly by predictive accuracy. This thesis asks a practical question: do model decisions remain stable when applicants slightly adjust self-reported financial information? We study the robustness of two widely used but fundamentally different models, Logistic Regression and XGBoost. Both are tested under bounded, realistic changes to three self-reportable features (income, debt ratio, and credit utilization) using single-feature and multi-feature budget attacks (B = 0.05 to 0.30), which limit how much the inputs can be modified. In addition to standard performance metrics, we use formal robustness measures, including flip rate, average flip rate, and robustness score, to quantify how often decisions change under these attacks. The results show an inverse relationship between accuracy and robustness: XGBoost achieves higher predictive performance but is significantly less robust than Logistic Regression. Simple adversarial retraining reduces vulnerability but does not remove it. Overall, the study demonstrates that high accuracy does not guarantee robust decisions. Financial institutions should weigh both accuracy and robustness when selecting models for automated credit scoring, especially in settings where applicants may have incentives to adjust their information to obtain a favorable outcome.

Automatiserede kreditvurderingssystemer vurderes ofte primært på, hvor præcist de forudsiger. Denne afhandling stiller et praktisk spørgsmål: forbliver modellernes beslutninger stabile, når ansøgere let justerer selvrapporterede finansielle oplysninger? Vi undersøger robustheden af to udbredte, men grundlæggende forskellige modeller: logistisk regression og XGBoost. Begge testes under begrænsede og realistiske ændringer af tre selvrapporterede variable (indkomst, gældsgrad og kreditudnyttelse) ved hjælp af enkelt- og flerfunktions budgetangreb (B = 0,05 til 0,30), som begrænser, hvor meget input kan ændres. Ud over standardmålinger anvender vi formelle robusthedsmetrikker: flip rate, gennemsnitlig flip rate og robusthedsscore, til at kvantificere, hvor ofte beslutninger ændrer sig under disse angreb. Resultaterne viser en omvendt sammenhæng mellem nøjagtighed og robusthed: XGBoost opnår højere prædiktiv ydeevne, men er markant mindre robust end logistisk regression. Enkel adversarial retraining (modtræning) reducerer sårbarheden, men fjerner den ikke. Overordnet understreger studiet, at høj nøjagtighed ikke garanterer robuste beslutninger. Finansielle institutioner bør afveje både nøjagtighed og robusthed, især hvor ansøgere kan have incitament til at tilpasse oplysninger for at få en positiv afgørelse.

[This apstract has been rewritten with the help of AI based on the project's original abstract]

Keywords

Credit Risk Prediction ; Adversarial Machine Learning ; Robustness Evaluation ; Automated Credit Scoring ; Trustworthy Artificial Intelligence

Documents

Download PDF
View record in AAU Student Projects