On atypical database transactions: identification of probable frauds using machine learning for user profiling

The paper proposes a framework for deriving users' profiles of typical behaviour and detecting atypical transactions which may constitute fraudulent events or simply a change in user's behaviour. The anomaly detection problem is presented and previous attempts to address it are discussed. The proposed approach proves that individual user profiles can be constructed and provides an algorithm that derives user profiles and an algorithm to identify atypical transactions. Lower and upper bounds for the number of misclassifications are also provided. An evaluation of this approach is discussed and some issues for further research are outlined.

[1]  Biswanath Mukherjee,et al.  A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Kimon P. Valavanis,et al.  Error specification, monitoring and recovery in computer-integrated manufacturing: an analytic approach , 1996 .

[4]  Salvatore J. Stolfo,et al.  A Comparative Evaluation of Voting and Meta-learning on Partitioned Data , 1995, ICML.

[5]  Gene Tsudik,et al.  AudES - An Expert System for Security Auditing , 1990, IAAI.

[6]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[7]  K. A. Jackson,et al.  An expert system application for network intrusion detection , 1991 .

[8]  Eugene H. Spafford,et al.  Active Defense of a Computer System using Autonomous Agents , 1995 .

[9]  H. S. Teng,et al.  Adaptive real-time anomaly detection using inductively generated sequential patterns , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Teresa F. Lunt,et al.  Knowledge-based intrusion detection , 1989, [1989] Proceedings. The Annual AI Systems in Government Conference.

[11]  Sean W. Smith,et al.  Secure coprocessing applications and research issues , 1996 .

[12]  I. Kononenko,et al.  INDUCTION OF DECISION TREES USING RELIEFF , 1995 .

[13]  Salvatore J. Stolfo,et al.  Credit Card Fraud Detection Using Meta-Learning: Issues and Initial Results 1 , 1997 .

[14]  B. S. Duran,et al.  Cluster Analysis: A Survey , 1976 .

[15]  Jan Eric Larsson,et al.  A domain-specific software architecture for a class of intelligent patient monitoring agents , 1996, J. Exp. Theor. Artif. Intell..

[16]  Tom Fawcett,et al.  Combining Data Mining and Machine Learning for Effective User Profiling , 1996, KDD.

[17]  Salvatore J. Stolfo,et al.  JAM: Java Agents for Meta-Learning over Distributed Databases , 1997, KDD.