Security Evaluation of a Banking Fraud Analysis System

The significant growth of banking fraud, fueled by the underground economy of malware, has raised the need for effective detection systems. Therefore, in the last few years, banks have upgraded their security to protect transactions from fraud. State-of-the-art solutions detect fraud as deviations from customers’ spending habits. To the best of our knowledge, almost all existing approaches do not provide an in-depth model’s granularity and security analysis against elusive attacks. In this article, we examine Banksealer, a decision support system for banking fraud analysis that evaluates the influence on detection performance of the granularity at which spending habits are modeled and its security against evasive attacks. First, we compare user-centric modeling, which builds a model for each user, with system-centric modeling, which builds a model for the entire system, from the point of view of detection performance. Then, we assess the robustness of Banksealer against malicious attackers that are aware of the structure of the models in use. To this end, we design and implement a proof-of-concept attack tool that performs mimicry attacks, emulating a sophisticated attacker that cloaks frauds to avoid detection. We experimentally confirm the feasibility of such attacks, their cost, and the effort required by an attacker in order to perform them. In addition, we discuss possible countermeasures. We provide a comprehensive evaluation on a large real-world dataset obtained from one of the largest Italian banks.

[1]  A. Nur Zincir-Heywood,et al.  Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection? , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[2]  Akara Prayote,et al.  Knowledge based anomaly detection , 2007 .

[3]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  Somesh Jha,et al.  Automated Discovery of Mimicry Attacks , 2006, RAID.

[5]  Ekrem Duman,et al.  A cost-sensitive decision tree approach for fraud detection , 2013, Expert Syst. Appl..

[6]  Alessandro Barenghi,et al.  ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.

[7]  Christopher Krügel,et al.  A quantitative study of accuracy in system call-based malware detection , 2012, ISSTA 2012.

[8]  Lorenzo Cavallaro,et al.  Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks , 2007, DIMVA.

[9]  Stefano Zanero,et al.  BankSealer: A decision support system for online banking fraud analysis and investigation , 2015, Comput. Secur..

[10]  Zengyou He,et al.  Discovering cluster-based local outliers , 2003, Pattern Recognit. Lett..

[11]  Christopher Krügel,et al.  AccessMiner: using system-centric models for malware protection , 2010, CCS '10.

[12]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[13]  Kymie M. C. Tan,et al.  Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits , 2002, RAID.

[14]  D. Hand,et al.  Peer Group Analysis - Local Anomaly Detection in Longitudinal Data , 2001 .

[15]  Xiaojin Zhu,et al.  Introduction to Semi-Supervised Learning , 2009, Synthesis Lectures on Artificial Intelligence and Machine Learning.

[16]  R. Sekar,et al.  A practical mimicry attack against powerful system-call monitors , 2008, ASIACCS '08.

[17]  Stephan Kovach,et al.  Online Banking Fraud Detection Based on Local and Global Behavior , 2011, ICDS 2011.

[18]  Christopher Krügel,et al.  Automating Mimicry Attacks Using Static Binary Analysis , 2005, USENIX Security Symposium.

[19]  P. Mahalanobis On the generalized distance in statistics , 1936 .

[20]  Kalyan Veeramachaneni,et al.  AI^2: Training a Big Data Machine to Defend , 2016, 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS).

[21]  Lorenzo Cavallaro,et al.  An Efficient Technique for Preventing Mimicry and Impossible Paths Execution Attacks , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[22]  David J. Hand,et al.  Statistical fraud detection: A review , 2002 .

[23]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[24]  Ricardo Vigário,et al.  Nonlinear PCA: a new hierarchical approach , 2002, ESANN.

[25]  Ali A. Ghorbani,et al.  Improved competitive learning neural networks for network intrusion and fraud detection , 2012, Neurocomputing.

[26]  Andreas Dengel,et al.  Histogram-based Outlier Score (HBOS): A fast Unsupervised Anomaly Detection Algorithm , 2012 .

[27]  Masoumeh Zareapoor,et al.  FraudMiner: A Novel Credit Card Fraud Detection Model Based on Frequent Itemset Mining , 2014, TheScientificWorldJournal.

[28]  Debin Gao,et al.  Gray-box extraction of execution graphs for anomaly detection , 2004, CCS '04.

[29]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[30]  Arti Mohanpurkar,et al.  Credit card fraud detection using Hidden Markov Model , 2011, 2011 World Congress on Information and Communication Technologies.

[31]  D. Hand,et al.  Unsupervised Profiling Methods for Fraud Detection , 2002 .

[32]  Monique Snoeck,et al.  APATE: A novel approach for automated credit card transaction fraud detection using network-based extensions , 2015, Decis. Support Syst..

[33]  Longbing Cao,et al.  Effective detection of sophisticated online banking fraud on extremely imbalanced data , 2012, World Wide Web.

[34]  Vasilis Aggelis Offline Internet banking fraud detection , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[35]  Kate Smith-Miles,et al.  A Comprehensive Survey of Data Mining-based Fraud Detection Research , 2010, ArXiv.

[36]  Stefano Zanero,et al.  BankSealer: An Online Banking Fraud Analysis and Decision Support System , 2014, SEC.

[37]  Douglas L. Reilly,et al.  Credit card fraud detection with a neural-network , 1994, 1994 Proceedings of the Twenty-Seventh Hawaii International Conference on System Sciences.

[38]  Hongxing He,et al.  Outlier Detection Using Replicator Neural Networks , 2002, DaWaK.

[39]  R. Suganya,et al.  Data Mining Concepts and Techniques , 2010 .

[40]  John McHugh,et al.  Hiding Intrusions: From the Abnormal to the Normal and Beyond , 2002, Information Hiding.

[41]  Matthias Scholz,et al.  Nonlinear Principal Component Analysis: Neural Network Models and Applications , 2008 .

[42]  Vipin Kumar,et al.  Parallel formulations of decision-tree classification algorithms , 1998, Proceedings. 1998 International Conference on Parallel Processing (Cat. No.98EX205).

[43]  Re nu,et al.  Analysis on Credit Card Fraud Detection Methods , 2014 .

[44]  Chang-Tien Lu,et al.  Credit Card Fraud Detection using Neural Network , 2017 .

[45]  M. V. Kuzin,et al.  Payment card fraud detection using neural network committee and clustering , 2015, Optical Memory and Neural Networks.

[46]  L. M. R. J. Lobo,et al.  Internet banking fraud detection using HMM , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).