Presentation is loading. Please wait.

Presentation is loading. Please wait.

September 2003 Fraud Formalization and Detection Bharat Bhargava, Yuhui Zhong, Yunhua Lu Center for Education and Research in Information Assurance and.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "September 2003 Fraud Formalization and Detection Bharat Bhargava, Yuhui Zhong, Yunhua Lu Center for Education and Research in Information Assurance and."— Presentation transcript:

1 September 2003 Fraud Formalization and Detection Bharat Bhargava, Yuhui Zhong, Yunhua Lu Center for Education and Research in Information Assurance and Security and Department of Computer Sciences Purdue University, W. Lafayette, IN, USA {bb, zhong, luy}@cs.purdue.edu

2 2 Introduction Fraudsters can be classified into impersonators and swindlers Impersonator: an illegitimate user who steals resources from the victims by “taking over'' their accounts Swindler: a legitimate user who intentionally harms the system or other users by deception

3 3 Introduction Fraud prevention –Cryptographic technologies: prevent frauds caused by impersonators –Separation of duty and dual-log bookkeeping: prevent frauds conducted by swindlers Fraud detection –Existing research efforts: identifying frauds caused by impersonators –This paper: detecting frauds conducted by swindlers

4 4 Related Work Fraud detection techniques –Most fraud detection techniques address impersonator issues –An adaptive fraud rule-based detection framework (T. Fawcett and F. Provost) –neural network technique based on unsupervised learning for fraud detection (P. Burge and J. Shawe-Taylor) –Generation and selection rule set should combine both user-level and behavior-level attributes (S. Rosset)

5 5 Evaluation criteria Receiver Operating Characteristics –A ROC graph shows the relationship between True Positive rate and False positive rate Accuracy –the number of detected fraud over the total number of classified frauds Fraud coverage –the number of detected frauds over the total number of frauds False alarm rate –Percentage of false alarm in alarm set Fraud detection rate –Loss by detected fraud over the total loss due to fraud Cost-based metric –If the loss resulting from a fraud is smaller than the investigation cost, this fraud is ignored

6 6 Formal Definitions A swindler is an entity that has no intention to keep his commitment in cooperation. Commitment: conjunction of expressions describing an entity’s promise in a process of cooperation –Example: (Received_by=04/01)  (Prize=$1000)  (Quality=“A”)  ReturnIfAnyQualityProblem Outcome: conjunction of expressions describing the actual results of a cooperation –Example: (Received_by=04/05)  (Prize=$1000)  (Quality=“B”)  ¬ReturnIfAnyQualityProblem

7 7 Formal Definitions Intention-testifying: –Predicate P: ¬P in an outcome  entity making the promise is a swindler. –Attribute variable V: V's expected value is more desirable than the actual value  the entity is a swindler. Intention-dependent indicates an possibility –Predicate P: ¬P in an outcome  entity making the promise may be a swindler. –Attribute variable V: V's expected value is more desirable than the actual value  the entity may be a swindler. An intention-testifying variable or predicate is intention-dependent. The opposite direction is not necessarily true.

8 8 Model deceiving intentions Satisfaction rating –Associate with the actual value of each intention-dependent variable in an outcome. –Range from [0,1]. The higher the rating is, the more satisfied the user is. –Relate to deceiving intention and unpredicted factors –Modeled by using random variable with normal distribution –mean function fm(n) determines the mean value of the normal distribution at the the nth rating

9 9 Model deceiving intentions (Cont’d) Uncovered deceiving intention –The satisfaction ratings are stably low. –The ratings vary in a small range over time.

10 10 Model deceiving intentions (Cont’d) Trapping intention –The rating sequence can be divided into two phases: preparing and trapping. –A swindler behaves well to achieve a trustworthy image before he conducts frauds.

11 11 Model deceiving intentions (Cont’d) Illusive intention –A smart swindler attempts to cover the bad effects by intentionally doing something good after misbehaviors. –The process of preparing and trapping are repeated.

12 12 Architecture for Swindler Detection

13 13 Architecture for Swindler Detection Profile-based anomaly detector –Monitor suspicious actions based upon the established patterns of an entity State transition analysis –Provide state description when an activity results in entering a dangerous state Deceiving intention predictor –Discover deceiving intention based on satisfaction ratings. Decision making

14 14 Profile-based anomaly detector

15 15 Profile-based anomaly detector Rule generation and weighting –Generate fraud rules and weights associated with the rules User profiling –Variable selection –Data filtering Online detection –Retrieve rules upon an activity occurs –Retrieve current and history behavior patterns –Calculate deviation of two patterns

16 16 Deceiving intention predictor Kernel of the predictor: DIP algorithm Belief of deceiving intention as the complementary of trust belief Trust belief is evaluated based on the satisfaction sequence. Trust belief formation satisfies: –Time dependent –Trustee dependent –Easy-destruction-hard-construction property

17 17

18 18 Experimental study Goal: Investigate DIP’s capability of discovering deceiving intentions Initial values for parameters: –Construction factor (Wc): 0.05 –Destruction factor (Wd): 0.1 –Penalty ratios for construction factor (r1): 0.9 –Penalty ratios for destruction factor (r2): 0.1 –Penalty ratios for supervision-period (r3): 2 –Threshold for a foul event (fThreshold): 0.18

19 19 Discover swindler with uncovered deceiving intention trust values are close to the minimum rating of interactions that is 0.1 Deceiving intention belief is around 0.9

20 20 Discover swindler with trapping intention DIP responds to the sharp drop quickly It takes 6 interactions for DI- confidence increasing from 0.2239 to 0.7592 after the sharp drop

21 21 Discover swindler with illusive intention DIP is able to catch this smart swindler in the sense that the belief in deceiving intention eventually increases to about 0.9 The swindler's effort to cover a fraud with good behaviors has less and less effect with the number of frauds.

22 22 Conclusion Define concepts relevant to frauds conducted by swindlers Model three deceiving intentions Propose an approach for swindler detection and an architecture realizing the approach Develop a deceiving intention prediction algorithm

Download ppt "September 2003 Fraud Formalization and Detection Bharat Bhargava, Yuhui Zhong, Yunhua Lu Center for Education and Research in Information Assurance and."

Similar presentations

Applications of one-class classification

Applications of one-class classification
Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.

Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.
1 CS 6910: Advanced Computer and Information Security Lecture on 11/2/06 Trust in P2P Systems Ahmet Burak Can and Bharat Bhargava Center for Education.

1 CS 6910: Advanced Computer and Information Security Lecture on 11/2/06 Trust in P2P Systems Ahmet Burak Can and Bharat Bhargava Center for Education.
Defining Marketing Marketing

Defining Marketing Marketing
Introduction to Statistical Quality Control, 4th Edition Chapter 7 Process and Measurement System Capability Analysis.

Introduction to Statistical Quality Control, 4th Edition Chapter 7 Process and Measurement System Capability Analysis.
Dejan Lavbič University of Ljubljana, Faculty of Computer and Information Science, SLOVENIA.

Dejan Lavbič University of Ljubljana, Faculty of Computer and Information Science, SLOVENIA.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Continuous Audit at Insurance Companies

Continuous Audit at Insurance Companies
1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.

1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.
Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.

Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
1 Learning to Detect Objects in Images via a Sparse, Part-Based Representation S. Agarwal, A. Awan and D. Roth IEEE Transactions on Pattern Analysis and.

1 Learning to Detect Objects in Images via a Sparse, Part-Based Representation S. Agarwal, A. Awan and D. Roth IEEE Transactions on Pattern Analysis and.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
1 --- 6/16/2015 9:20:53 PM 9. Role-Based Access Control (RBAC) Role Classification Algorithm Prof. Bharat Bhargava Center for Education and Research in.

/16/2015 9:20:53 PM 9. Role-Based Access Control (RBAC) Role Classification Algorithm Prof. Bharat Bhargava Center for Education and Research in.
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering On-line Alert Systems for Production Plants A Conflict Based Approach.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering On-line Alert Systems for Production Plants A Conflict Based Approach.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.

1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
7-2 Estimating a Population Proportion

7-2 Estimating a Population Proportion
Chapter 5 Data mining : A Closer Look.

Chapter 5 Data mining : A Closer Look.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

Similar presentations

Ads by Google