Abstract
The significant growth of banking fraud, fueled by the underground economy of malware, has raised the need for effective detection systems. Therefore, in the last few years, banks have upgraded their security to protect transactions from fraud. State-of-the-art solutions detect fraud as deviations from customers’ spending habits. To the best of our knowledge, almost all existing approaches do not provide an in-depth model’s granularity and security analysis against elusive attacks.
In this article, we examine Banksealer, a decision support system for banking fraud analysis that evaluates the influence on detection performance of the granularity at which spending habits are modeled and its security against evasive attacks. First, we compare user-centric modeling, which builds a model for each user, with system-centric modeling, which builds a model for the entire system, from the point of view of detection performance. Then, we assess the robustness of Banksealer against malicious attackers that are aware of the structure of the models in use. To this end, we design and implement a proof-of-concept attack tool that performs mimicry attacks, emulating a sophisticated attacker that cloaks frauds to avoid detection. We experimentally confirm the feasibility of such attacks, their cost, and the effort required by an attacker in order to perform them. In addition, we discuss possible countermeasures.
We provide a comprehensive evaluation on a large real-world dataset obtained from one of the largest Italian banks.
- 2017. Kaspersky Security Bulletin 2016. Technical Report. Kaspersky Lab. https://goo.gl/W9dfol.Google Scholar
- Vasilis Aggelis. 2006. Offline Internet banking fraud detection. In ARES. IEEE Computer Society, 904--905. Google ScholarDigital Library
- A. S. Bekirev, V. V. Klimov, M. V. Kuzin, and B. A. Shchukin. 2015. Payment card fraud detection using neural network committee and clustering. Optical Memory and Neural Networks 24, 3, 193--200. Google ScholarDigital Library
- R. J. Bolton and D. J. Hand. 2001. Peer Group Analysis. Technical Report. Imperial College, London, UK.Google Scholar
- Richard J. Bolton and David J. Hand. 2002. Statistical fraud detection: A review. Statistical Science 17, 3 (2002), 235--249. http://www.jstor.org/stable/3182781.Google ScholarCross Ref
- Richard J. Bolton, David J. Hand, and H David J. 2001. Unsupervised profiling methods for fraud detection. Proceedings of Credit Scoring and Credit Control VII. 5--7. http://www.bibsonomy.org/bibtex/2eb55731e5bbb9ea94065cf91d0721733/jamesh.Google Scholar
- Danilo Bruschi, Lorenzo Cavallaro, and Andrea Lanzi. 2007. An efficient technique for preventing mimicry and impossible paths execution attacks. In IPCCC. IEEE Computer Society.Google Scholar
- Danilo Bruschi, Lorenzo Cavallaro, and Andrea Lanzi. 2007. Static analysis on x86 executables for preventing automatic mimicry attacks. In Proceedings of the 4th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA’07). Google ScholarDigital Library
- Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2012. A quantitative study of accuracy in system call-based malware detection. In Proceedings of the 2012 International Symposium on Software Testing and Analysis. ACM, 122--132. Google ScholarDigital Library
- Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, and Stefano Zanero. 2014. BankSealer: An online banking fraud analysis and decision support system. In ICT Systems Security and Privacy Protection, Nora Cuppens-Boulahia, Frèdèric Cuppens, Sushil Jajodia, Anas Abou El Kalam, and Thierry Sans (Eds.). IFIP Advances in Information and Communication Technology, Vol. 428. Springer, Berlin, 380--394.Google Scholar
- Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, and Stefano Zanero. 2015. BankSealer: A decision support system for online banking fraud analysis and investigation. Computers 8 Security 53, 175--186. http://www.bibsonomy.org/bibtex/2c5b7dd7fcf065b657bfba6911b1e5d11/dblp. Google ScholarDigital Library
- Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly detection: A survey. ACM Computing Surveys 41, 3, Article 15, 58 pages. Google ScholarDigital Library
- Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, and Federico Maggi. ShieldFS: A self-healing, ransomware-aware filesystem. In Proceedings of the 32nd Annual Computer Security Applications Conference. ACM. Google ScholarDigital Library
- David Emm, Roman Unuchek, Maria Garnaeva, Anton Ivanov, Denis Makrushin, and Fedor Sinitsyn. 2016. IT THREAT EVOLUTION IN Q2 2016. Technical Report. Kaspersky Lab, Moscow, Russia.Google Scholar
- Debin Gao, Michael K. Reiter, and Dawn Xiaodong Song. 2004. Gray-box extraction of execution graphs for anomaly detection. In ACM Conference on Computer and Communications Security, Vijayalakshmi Atluri, Birgit Pfitzmann, and Patrick Drew McDaniel (Eds.). ACM, 318--329. http://dblp.uni-trier.de/db/conf/ccs/ccs2004p.html#GaoRS04; Google ScholarDigital Library
- Sushmito Ghosh and Douglas L. Reilly. 1994. Credit card fraud detection with a neural-network. In Proceedings of the 27th Hawaii International Conference on System Sciences. Vol. 3. IEEE, 621--630.Google Scholar
- Jonathon T. Giffin, Somesh Jha, and Barton P. Miller. 2006. Automated discovery of mimicry attacks. In Recent Advances in Intrusion Detection, Diego Zamboni and Christopher Kruegel (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 41--60. Google ScholarDigital Library
- Markus Goldstein and Andreas Dengel. 2012. Histogram-based outlier score (HBOS): A fast unsupervised anomaly detection algorithm. KI-2012: Poster and Demo Track 59--63.Google Scholar
- J. Han and M. Kamber. 2006. Data Mining: Concepts and Techniques. Elsevier Science 8 Technology, New York, NY. 2006296324 Google ScholarDigital Library
- Simon Hawkins, Hongxing He, Graham Williams, and Rohan Baxter. 2002. Outlier Detection Using Replicator Neural Networks. Springer, Berlin, 170--180.Google ScholarDigital Library
- Zengyou He, Xiaofei Xu, and Shengchun Deng. 2003. Discovering cluster-based local outliers. Pattern Recognition Letters 24, 9–10, 1641--1650. http://www.bibsonomy.org/bibtex/2403221ef09246e30ce4edc87ddb60bc4/dblp. Google ScholarDigital Library
- H. G. Kayacik and A. N. Zincir-Heywood. Mimicry attacks demystified: What can attackers do to evade detection? In 6th Annual Conference on Privacy, Security and Trust. Google ScholarDigital Library
- S. Kovach and W. V. Ruggiero. 2011. Online banking fraud detection based on local and global behavior. In Proceedings of the 5th International Conference on Digital Society (ICDS’11), Guadeloupe, France, 166--171.Google Scholar
- Christopher Kruegel, Engin Kirda, Darren Mutz, William K. Robertson, and Giovanni Vigna. 2005. Automating mimicry attacks using static binary analysis. In USENIX Security Symposium, Patrick McDaniel (Ed.). USENIX Association. http://dblp.uni-trier.de/db/conf/uss/uss2005.html#KruegelKMRV05; https://www.usenix.org/conference/14th-usenix-security-symposium/automating-mimicry-attacks-using-static-binary-analysis. Google ScholarDigital Library
- Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2010. Accessminer: Using system-centric models for malware protection. In Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM. Google ScholarDigital Library
- John Zhong Lei and Ali A. Ghorbani. 2012. Improved competitive learning neural networks for network intrusion and fraud detection. Neurocomputing 75, 1, 135--145. Google ScholarDigital Library
- Prasanta C. Mahalanobis. 1936. On the generalized distance in statistics. In Proceedings of the National Institute of Science of India. 49--55.Google Scholar
- Oarabile Maruatona. 2013. Internet Banking Fraud Detection Using Prudent Analysis. Ph.D. Dissertation. University of Sydney, Australia.Google Scholar
- S. S. Mhamane and L. M. R. J. Lobo. 2012. Internet banking fraud detection using HMM. In 3rd International Conference on Computing Communication Networking Technologies (ICCCNT’12). 1--4.Google ScholarCross Ref
- Chetan Parampalli, R. Sekar, and Rob Johnson. 2008. A practical mimicry attack against powerful system-call monitors. In ASIACCS, Masayuki Abe and Virgil D. Gligor (Eds.). ACM, 156--167. http://dblp.uni-trier.de/db/conf/ccs/asiaccs2008.html#ParampalliSJ08; Google ScholarDigital Library
- Raghavendra Patidar, Lokesh Sharma, and others. 2011. Credit card fraud detection using neural network. International Journal of Soft Computing and Engineering 1, 32–38.Google Scholar
- Clifton Phua, Vincent Lee, Kate Smith, and Ross Gayler. 2010. A comprehensive survey of data mining-based fraud detection research. arXiv preprint arXiv:1009.6119.Google Scholar
- Akara Prayote. 2007. Knowledge Based Anomaly Detection. Ph.D. Dissertation. University of New South Wales, Sydney, Australia.Google Scholar
- S. Benson Edwin Raj and A. Annie Portia. 2011. Analysis on credit card fraud detection methods. In International Conference on Computer, Communication and Electrical Technology (ICCCET’11). IEEE, 152--156.Google Scholar
- Yusuf Sahin, Serol Bulkan, and Ekrem Duman. 2013. A cost-sensitive decision tree approach for fraud detection. Expert Systems with Applications 40, 15, 5916--5923. Google ScholarDigital Library
- Matthias Scholz, Martin Fraunholz, and Joachim Selbig. 2008. Nonlinear Principal Component Analysis: Neural Network Models and Applications. Springer, Berlin, 44--67.Google Scholar
- Matthias Scholz and Ricardo Vigario. 2002. Nonlinear PCA: a new hierarchical approach. ESANN. 439--444.Google Scholar
- K. R. Seeja and Masoumeh Zareapoor. 2014. FraudMiner: A novel credit card fraud detection model based on frequent itemset mining. The Scientific World Journal.Google Scholar
- Mei-Ling Shyu, Shu-Ching Chen, Kanoksri Sarinnapakorn, and Liwu Chang. 2003. A novel anomaly detection scheme based on principal component classifier. Miami Univ Coral Gables Fl Dept of Electrical and Computer Engineering.Google Scholar
- Anurag Srivastava, Eui-Hong Han, Vipin Kumar, and Vineet Singh. 1999. Parallel formulations of decision-tree classification algorithms. In High Performance Data Mining. Springer, 237--261. Google ScholarDigital Library
- Abhinav Srivastava, Amlan Kundu, Shamik Sural, and Arun Majumdar. 2008. Credit card fraud detection using hidden Markov model. IEEE Transactions on Dependable and Secure Computing 5, 1, 37--48. 1545-5971 Google ScholarDigital Library
- Kymie M. C. Tan, Kevin S. Killourhy, and Roy A. Maxion. 2002. Undermining an anomaly-based intrusion detection system using common exploits. In RAID. 54--73. http://dblp.uni-trier.de/db/conf/raid/raid2002.html#TanKM02; Google ScholarDigital Library
- Kymie M. C. Tan, John McHugh, and Kevin S. Killourhy. 2002. Hiding intrusions: From the abnormal to the normal and beyond. In Information Hiding, Lecture Notes in Computer Science, Fabien A. P. Petitcolas (Ed.), Vol. 2578. Springer, Berlin, 1--17. Google ScholarDigital Library
- Véronique Van Vlasselaer, Cristián Bravo, Olivier Caelen, Tina Eliassi-Rad, Leman Akoglu, Monique Snoeck, and Bart Baesens. 2015. APATE: A novel approach for automated credit card transaction fraud detection using network-based extensions. Decision Support Systems 75, 38--48. Google ScholarDigital Library
- K. Veeramachaneni, I. Arnaldo, V. Korrapati, C. Bassias, and K. Li. 2016. AI: Training a big data machine to defend. In IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity’16), IEEE International Conference on High Performance and Smart Computing (HPSC’16), and IEEE International Conference on Intelligent Data and Security (IDS’16). 49--54.Google Scholar
- David Wagner and Drew Dean. 2001. Intrusion detection via static analysis. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 156--168. Google ScholarDigital Library
- David Wagner and Paolo Soto. 2002. Mimicry attacks on host-based intrusion detection systems. In CCS’02. Google ScholarDigital Library
- Wei Wei, Jinjiu Li, Longbing Cao, Yuming Ou, and Jiahang Chen. 2013. Effective detection of sophisticated online banking fraud on extremely imbalanced data. World Wide Web 16, 4, 449--475. Google ScholarDigital Library
- Xiaojin Zhu, Andrew B. Goldberg, Ronald Brachman, and Thomas Dietterich. 2009. Introduction to Semi-Supervised Learning. Morgan and Claypool Publishers, San Francisco, CA. Google Scholar
Index Terms
- Security Evaluation of a Banking Fraud Analysis System
Recommendations
A practical mimicry attack against powerful system-call monitors
ASIACCS '08: Proceedings of the 2008 ACM symposium on Information, computer and communications securitySystem-call monitoring has become the basis for many host-based intrusion detection as well as policy enforcement techniques. Mimicry attacks attempt to evade system-call monitoring IDS by executing innocuous-looking sequences of system calls that ...
A biometrics-based solution to combat SIM swap fraud
iNetSec'10: Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network securityCybercriminals are constantly prowling the depths of cyberspace in search of victims to attack. The motives for their attacks vary: some cybercriminals deface government websites to make political statements; others spread malicious software to do large-...
Visual security is feeble for anti-phishing
ASID'09: Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communicationAddressing recent online banking threats, the banking industry offers us several solutions for our safety online banking experience, however those solutions may not finally secure the users under the rising threats. The main challenges are how to enable ...
Comments