Replay Attack: A Prevalent Pattern of Fraudulent Online Transactions

The rapid advancement in the electronic commerce technology makes electronic transaction an indispensable part of our daily life. While, this way of transaction has always been facing security problems. Researchers persevere in looking for fraud transaction detection methodologies. A promising paradigm is to devise dedicated detectors for the typical patterns of fraudulent transactions. Unfortunately, this paradigm is really constrained by the lack of real electronic transaction data, especially real fraudulent samples. In this paper, by analyzing real B2C electronic transaction data provided by an Asian bank, from the perspective of transaction sequence, we discover a typical pattern of fraud transactions: Most of the fraud transactions are fast and repeated transactions between the same customer and the same vendor, and all the transaction amounts are nearly the same. We name this pattern Replay Attack. We prove the prominent existence of Replay Attack by comprehensive statistics, and we propose a novel fraud transaction detector, Replay Attack Killer (RAK). By experiment, we show that RAK can catch up to 92% fraud transactions in real time but only disturb less than 0.06% normal transactions.

[1]  Qinghong Yang,et al.  Based Big Data Analysis of Fraud Detection for Online Transaction Orders , 2014, CloudComp.

[2]  Gianluca Bontempi,et al.  Learned lessons in credit card fraud detection from a practitioner perspective , 2014, Expert Syst. Appl..

[3]  Djamila Aouada,et al.  Feature engineering strategies for credit card fraud detection , 2016, Expert Syst. Appl..

[4]  Yijing Li,et al.  Learning from class-imbalanced data: Review of methods and applications , 2017, Expert Syst. Appl..

[5]  Xinwen Fu,et al.  A New Replay Attack Against Anonymous Communication Networks , 2008, 2008 IEEE International Conference on Communications.

[6]  Taghi M. Khoshgoftaar,et al.  An Empirical Study of Learning from Imbalanced Data Using Random Forest , 2007 .

[7]  Zhao Li,et al.  Fraud Transaction Recognition: A Money Flow Network Approach , 2015, CIKM.

[8]  Siddhartha Bhattacharyya,et al.  Data mining for credit card fraud: A comparative study , 2011, Decis. Support Syst..

[9]  Niall M. Adams,et al.  Transaction aggregation as a strategy for credit card fraud detection , 2009, Data Mining and Knowledge Discovery.

[10]  Tom Fawcett,et al.  Adaptive Fraud Detection , 1997, Data Mining and Knowledge Discovery.

[11]  Adriano M. Pereira,et al.  A Fraud Detection Model Based on Feature Selection and Undersampling Applied to Web Payment Systems , 2015, WI-IAT.

[12]  David J. Hand,et al.  Statistical fraud detection: A review , 2002 .

[13]  Arti Mohanpurkar,et al.  Credit card fraud detection using Hidden Markov Model , 2011, 2011 World Congress on Information and Communication Technologies.

[14]  Ayahiko Niimi,et al.  Feature Selection in Large Scale Data Stream for Credit Card Fraud Detection , 2009 .

[15]  Vadlamani Ravi,et al.  Credit Card Fraud Detection using Big Data Analytics: Use of PSOAANN based One-Class Classification , 2016, ICIA.