This is the graded finale for Adversarial Machine Learning & Model Robustness in Trading, and it runs across everything the course built. You started by adopting the security mindset: a market is not a benign sampler of i.i.d. draws — it is full of counterparties who profit when your model is wrong, so you must reason in threat models (who attacks, what they know, what they can change) and accept that robust is not the same as accurate. Reflexivity and the Adaptive Markets view mean the very act of trading on an edge can destroy it. From there you met adversarial examples — the smallest input nudge that flips a decision — formalized by FGSM, where the perturbation is , and its iterated cousin PGD; you saw that a linear model’s worst-case loss shifts by , so high-norm weights are fragile, and that is best read as an attacker’s trading budget. You studied training-time attacks — data poisoning, backdoors that fire on a trigger, and spoofing/layering that is simultaneously an adversarial input and a poisoning of your features — plus confidentiality attacks: model extraction (cloning your model from its fills) and membership inference (detecting your training set, amplified by overfitting). You built the language of distribution shift — covariate, label, and concept drift — and learned why live strategies decay (overfitting, alpha crowding, reflexivity), monitored with PSI and CUSUM. Finally you stocked the robustness toolkit — adversarial training as a game, distributionally robust optimization over an ambiguity set, regularization that bounds sensitivity, ensembling that cuts variance toward , and conformal prediction whose coverage guarantee leans on exchangeability — and you learned to stress-test honestly: worst-case rather than average, alert to gradient masking, red-teamed, and reported on a deflated scorecard. No hints are shown, each answer locks the moment you submit, and your score stays hidden until the very end.
Course Recap
Big picture
Adversarial ML & Robustness in Trading — the whole arc
- Adversarial ML & Robustness
- 1 · Markets are adversarial
- Security mindset + threat models (who, knowledge, capability)
- Robust is not the same as accurate
- Reflexivity & Adaptive Markets: trading erodes the edge
- 2 · Adversarial examples (FGSM/PGD)
- FGSM: one signed-gradient step of size epsilon
- PGD: iterated, projected — a stronger attack
- Linearity & L1 norm fragility; epsilon as a trading budget
- 3 · Poisoning & backdoors
- Availability poisoning degrades; targeted poisoning aims
- Backdoors fire on a trigger, clean otherwise
- Spoofing/layering = adversarial input AND poisoning
- 4 · Extraction & inference
- Model extraction: clone a surrogate from your fills
- Membership inference: detect training data
- Overfitting widens the leak; black-box is enough
- 5 · Drift & alpha decay
- Covariate vs label vs concept drift
- Overfitting, crowding (~50% post-publication decay), reflexivity
- PSI bands + CUSUM detection; retrain-window bias/variance
- 6 · Adversarial stress evaluation
- Worst-case, not i.i.d. averages; min-max training
- DRO ambiguity set; regularization bounds sensitivity
- Gradient masking tells; deflate for defenses tried
- 1 · Markets are adversarial
One run, one shot
This is a graded, irreversible exam. There are 24 questions, shown one at a time. The instant you submit a question it locks — there is no Back button, no retry, and no Restart. A wrong answer simply fails that question and the exam moves on; you cannot revisit it. Your running score is hidden until the final screen. The pass mark is 70%. Read every option before you commit, because once you submit you own the answer.
Adopting the 'security mindset' for a trading model means assuming which of the following about the environment your model operates in?
Select an answer to continue.
Where this leaves you on the quant ladder
Pass or fail, you now carry the habit that separates a survivable trading model from a fragile one: assuming the world is adversarial and building accordingly. You can write down a threat model, craft and recognize FGSM/PGD attacks, read as a real trading budget, spot poisoning, backdoors, spoofing, extraction, and membership leaks, and tell covariate, label, and concept drift apart well enough to know which monitor will actually catch the one that kills you. You can reach for adversarial training, DRO, sensitivity-bounding regularization, diverse ensembles, or conformal sets — and, just as importantly, you know where each guarantee quietly fails. Most of all, you can stress-test honestly: worst-case rather than average, alert to gradient masking, and deflated for everything you tried. That is the discipline that lets you ship models into a market full of counterparties who would love nothing more than to be on the other side of your mistakes.