Combatting financial fraud: a coevolutionary anomaly detection approach

A major difficulty for anomaly detection lies in discovering boundaries between normal and anomalous behavior, due to the deficiency of abnormal samples in the training phase. In this paper, a novel coevolutionary algorithm which attempts to simulate territory establishment in ecology is conceived to tackle anomaly detection problems. Two species in normal and abnormal behavior pattern space coevolve competitively and cooperatively. Competition prevents individuals in one species from invading the other's territory; cooperation aims to achieve complete pattern coverage by adjusting the evolutionary environment according to the pressure coming from neighbors. In a sense, we extend the definition of cooperative coevolution from "coupled fitness" to "interaction of the evolutionary environment". This coevolutionary algorithm, enhanced with features like niching inside of species, global and local fitness, and fuzzy sets, tries to balance overfitting and overgeneralization. This provides an accurate boundary definition. Experimental results on transactional data from a real financial institution show that this coevolutionary algorithm is more effective than the evolutionary algorithm in evolving normal or abnormal behavior patterns only.

[1]  Fernando Niño,et al.  A Framework for Evolving Multi-Shaped Detectors in Negative Selection , 2007, 2007 IEEE Symposium on Foundations of Computational Intelligence.

[2]  Fabio A. González,et al.  Anomaly Detection Using Real-Valued Negative Selection , 2003, Genetic Programming and Evolvable Machines.

[3]  Fabio A. González,et al.  An Evolutionary Approach to Generate Fuzzy Anomaly Signatures , 2003, IAW.

[4]  Pascal Bouvry,et al.  Immune anomaly detection enhanced with evolutionary paradigms , 2006, GECCO.

[5]  Fabio A. González,et al.  The Effect of Binary Matching Rules in Negative Selection , 2003, GECCO.

[6]  Dipankar Dasgupta,et al.  A General Framework for Evolving Multi-Shaped Detectors in Negative Selection , 2006 .

[7]  Alan S. Perelson,et al.  Using Genetic Algorithms to Explore Pattern Recognition in the Immune System , 1993, Evolutionary Computation.

[8]  Peter J. Bentley,et al.  Negative selection and niching by an artificial immune system for network intrusion detection , 1999 .

[9]  Marc Schoenauer,et al.  Polar IFS+Parisian Genetic Programming=Efficient IFS Inverse Problem Solving , 2000, Genetic Programming and Evolvable Machines.

[10]  Gilbert L. Peterson,et al.  An evolutionary algorithm to generate hyper-ellipsoid detectors for negative selection , 2005, GECCO '05.

[11]  Eldridge S. Adams,et al.  TERRITORY SIZE AND SHAPE IN FIRE ANTS: A MODEL BASED ON NEIGHBORHOOD INTERACTIONS , 1998 .

[12]  Zbigniew Michalewicz,et al.  Evolutionary Computation 1 , 2018 .

[13]  Stephanie Forrest,et al.  An immunological model of distributed detection and its application to computer security , 1999 .

[14]  Zhou Ji,et al.  A BOUNDARY-AWARE NEGATIVE SELECTION ALGORITHM , 2005 .

[15]  Enrique Dunn,et al.  Automated Photogrammetric Network Design Using the Parisian Approach , 2005, EvoWorkshops.

[16]  Peter J. Bentley,et al.  An evaluation of negative selection in an artificial immune system for network intrusion detection , 2001 .

[17]  Jun He,et al.  Evolving discrete-valued anomaly detectors for a network intrusion detection system using negative selection , 2006 .

[18]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[20]  H. Dai,et al.  Applying both positive and negative selection to supervised learning for anomaly detection , 2005, GECCO '05.

[21]  Pascal Bouvry,et al.  Coevolutionary-based Mechanisms for Network Anomaly Detection , 2007, J. Math. Model. Algorithms.

[22]  Zhou Ji,et al.  Real-Valued Negative Selection Algorithm with Variable-Sized Detectors , 2004, GECCO.