scispace - formally typeset
Search or ask a question
Book ChapterDOI

An Integrated Intrusion Detection System for Credit Card Fraud Detection

01 Jan 2012-pp 55-60
TL;DR: An IDS combining three approaches such as anomaly, misuse and decision making model to produce better detection accuracy and a decreased false positive rate is proposed.
Abstract: Computer security is one of the key areas where lot of research is being done. Many intrusion detection techniques are proposed to ensure the network security, protect network resources and network infrastructures. Intrusion detection systems (IDS) attempt to detect attacks by gathering network data and analyze the information from various areas to identify the possible intrusions. This paper proposes an IDS combining three approaches such as anomaly, misuse and decision making model to produce better detection accuracy and a decreased false positive rate. The integrated IDS can be built to detect the attacks in credit card system using Hidden Markov approach in the anomaly detection module. The credit card holder’s behaviours are taken as attributes and the anomalous transactions are found by the spending profile of the user. The transactions that are considered to be anomalous or abnormal are then sent to the misuse detection system. Here, the transactions are compared with predefined attack types and then sent to the decision making model to classify it as known/unknown type of attack. Finally, the decision-making module is used to integrate the detected results and report the types of attacks in credit card system. As abnormal transactions are analyzed carefully in each of the module, the fraud rate is reduced and system is immune to attacks.
Citations
More filters
Journal ArticleDOI
TL;DR: There are issues and challenges that hinder the performance of FDSs, such as concept drift, supports real time detection, skewed distribution, large amount of data etc, which are provided in this survey paper.

403 citations


Cites methods or result from "An Integrated Intrusion Detection S..."

  • ...Recently, fraud detection integrates anomaly based detection approach and misuse based detection approach by using data mining techniques (Allen, 2000; Sasirekha et al., 2012)....

    [...]

  • ...Recently, fraud detection integrates anomaly based detection approach and misuse based detection approach by using data mining techniques [Allen 2000] [Sasirekha et al. 2012]....

    [...]

  • ...Similar to detection approaches in Intrusion detection system (IDS), FDS also uses misuse and anomaly based approaches to detect fraud (Fawcett and Provost, 1997; Sasirekha et al., 2012)....

    [...]

  • ...Similar to detection approaches in Intrusion detection system (IDS), FDS also uses misuse and anomaly based approaches to detect fraud [Fawcett and Provost 1997; Sasirekha et al. 2012]....

    [...]

Journal ArticleDOI
TL;DR: A deep learning-based method is proposed for the detection of financial fraud based on the Long Short-Term Memory (LSTM) technique, aimed at enhancing the current detection techniques as well as enhancing the detection accuracy in the light of big data.
Abstract: As the use of the internet is growing exponentially, more and more businesses such as the financial sector are operationalizing their services online. Consequently, financial frauds are increasing ...

22 citations

Proceedings ArticleDOI
27 May 2018
TL;DR: The systematic quantitative literature review methodology was used to review the research studies in the field of fraud detection research within the last decade using machine learning techniques, and their strengths and weaknesses were shown.
Abstract: The area of fraud detection1 has been traditionally correlated with data mining and text mining. Even before the "big data" phenomena started in 2008, text mining and data mining were used as instruments of fraud detection. However, the limited technological capabilities of the pre-big data technologies made it very difficult for researchers to run fraud detection algorithms on large amounts of data. This paper reviews the existing research done in fraud detection across different areas with the aim of investigating the machine learning techniques used and find out their strengths and weaknesses. It used the systematic quantitative literature review methodology to review the research studies in the field of fraud detection research within the last decade using machine learning techniques. Various combinations of keywords were used to identify the pertinent articles and were retrieved from ACM Digital Library, IEEE Xplorer Digital Library, Science Direct, Springer Link, etc. This search used a sample of 80 relevant articles (peer-reviewed journals articles and conference papers). The most used machine learning techniques were identified, and their strengths and weaknesses. Finally, the conclusion, limitations and future work have been shown.

16 citations

Journal ArticleDOI
TL;DR: Experimental results show that the proposed Multi-class Subspace Modeling (MSM) classification framework outperforms those compared classifiers in 10 data sets, among which 8 of them hold a confidence level of significance higher than 99.5%.
Abstract: Aiming to build a satisfactory supervised classifier, this paper proposes a Multi-class Subspace Modeling (MSM) classification framework. The framework consists of three parts, namely Principal Component Classifier Training Array, Principal Component Classifier Testing Array, and Label Coordinator. The role of Principal Component Classifier Training Array is to get a set of optimized parameters and principal components from each subspace-based training classifier and pass them to the corresponding subspace-based testing classifier in Principal Component Classifier Testing Array. In each subspace-based training classifier, the instances are projected from the original space into the principal component (PC) subspace, where a PC selection method is developed and applied to construct the PC subspace. In Principal Component Classifier Testing Array, each subspace-based testing classifier will utilize the parameters and PCs from its corresponding subspace-based training classifier to determine whether to assign its class label to the instances. Since one instance may be assigned zero or more than one label by the Principal Component Classifier Testing Array, the Label Coordinator is designed to coordinate the final class label of an instance according to its Attaching Proportion (AP) values towards multiple classes. To evaluate the classification accuracy, 10 rounds of 3-fold cross-validation are conducted and many popular classification algorithms (like SVM, Decision Trees, Multi-layer Perceptron, Logistic, etc.) are served as comparative peers. Experimental results show that our proposed MSM classification framework outperforms those compared classifiers in 10 data sets, among which 8 of them hold a confidence level of significance higher than 99.5%. In addition, our framework shows its ability of handling imbalanced data set. Finally, a demo is built to display the accuracy and detailed information of the classification.

10 citations


Cites background from "An Integrated Intrusion Detection S..."

  • ...Its application areas include network intrusion detection [32], stock market analysis [36], as well as the others [10, 41, 44]....

    [...]

Journal ArticleDOI
TL;DR: This work aims to review current work related to fraud detection that uses the fraud triangle in addition to machine learning and deep learning techniques, and provides evidence that fraud is an area of active investigation.
Abstract: Fraud entails deception in order to obtain illegal gains; thus, it is mainly evidenced within financial institutions and is a matter of general interest. The problem is particularly complex, since perpetrators of fraud could belong to any position, from top managers to payroll employees. Fraud detection has traditionally been performed by auditors, who mainly employ manual techniques. These could take too long to process fraud-related evidence. Data mining, machine learning, and, as of recently, deep learning strategies are being used to automate this type of processing. Many related techniques have been developed to analyze, detect, and prevent fraud-related behavior, with the fraud triangle associated with the classic auditing model being one of the most important of these. This work aims to review current work related to fraud detection that uses the fraud triangle in addition to machine learning and deep learning techniques. We used the Kitchenham methodology to analyze the research works related to fraud detection from the last decade. This review provides evidence that fraud is an area of active investigation. Several works related to fraud detection using machine learning techniques were identified without the evidence that they incorporated the fraud triangle as a method for more efficient analysis.

10 citations

References
More filters
Journal ArticleDOI
Lawrence R. Rabiner1
01 Feb 1989
TL;DR: In this paper, the authors provide an overview of the basic theory of hidden Markov models (HMMs) as originated by L.E. Baum and T. Petrie (1966) and give practical details on methods of implementation of the theory along with a description of selected applications of HMMs to distinct problems in speech recognition.
Abstract: This tutorial provides an overview of the basic theory of hidden Markov models (HMMs) as originated by L.E. Baum and T. Petrie (1966) and gives practical details on methods of implementation of the theory along with a description of selected applications of the theory to distinct problems in speech recognition. Results from a number of original sources are combined to provide a single source of acquiring the background required to pursue further this area of research. The author first reviews the theory of discrete Markov chains and shows how the concept of hidden states, where the observation is a probabilistic function of the state, can be used effectively. The theory is illustrated with two simple examples, namely coin-tossing, and the classic balls-in-urns system. Three fundamental problems of HMMs are noted and several practical techniques for solving these problems are given. The various types of HMMs that have been studied, including ergodic as well as left-right models, are described. >

21,819 citations

Journal ArticleDOI
TL;DR: This survey tries to provide a structured and comprehensive overview of the research on anomaly detection by grouping existing techniques into different categories based on the underlying approach adopted by each technique.
Abstract: Anomaly detection is an important problem that has been researched within diverse research areas and application domains. Many anomaly detection techniques have been specifically developed for certain application domains, while others are more generic. This survey tries to provide a structured and comprehensive overview of the research on anomaly detection. We have grouped existing techniques into different categories based on the underlying approach adopted by each technique. For each category we have identified key assumptions, which are used by the techniques to differentiate between normal and anomalous behavior. When applying a given technique to a particular domain, these assumptions can be used as guidelines to assess the effectiveness of the technique in that domain. For each category, we provide a basic anomaly detection technique, and then show how the different existing techniques in that category are variants of the basic technique. This template provides an easier and more succinct understanding of the techniques belonging to each category. Further, for each category, we identify the advantages and disadvantages of the techniques in that category. We also provide a discussion on the computational complexity of the techniques since it is an important issue in real application domains. We hope that this survey will provide a better understanding of the different directions in which research has been done on this topic, and how techniques developed in one area can be applied in domains for which they were not intended to begin with.

9,627 citations

Book ChapterDOI
15 Sep 2004
TL;DR: A payload-based anomaly detector, called PAYL, for intrusion detection that demonstrates the surprising effectiveness of the method on the 1999 DARPA IDS dataset and a live dataset the authors collected on the Columbia CS department network.
Abstract: We present a payload-based anomaly detector, we call PAYL, for intrusion detection. PAYL models the normal application payload of network traffic in a fully automatic, unsupervised and very effecient fashion. We first compute during a training phase a profile byte frequency distribution and their standard deviation of the application payload flowing to a single host and port. We then use Mahalanobis distance during the detection phase to calculate the similarity of new data against the pre-computed profile. The detector compares this measure against a threshold and generates an alert when the distance of the new input exceeds this threshold. We demonstrate the surprising effectiveness of the method on the 1999 DARPA IDS dataset and a live dataset we collected on the Columbia CS department network. In once case nearly 100% accuracy is achieved with 0.1% false positive rate for port 80 traffic.

943 citations

Proceedings ArticleDOI
01 Jan 2000
TL;DR: There is clear evidence that state-of-the-art commercial fraud detection systems can be substantially improved in stopping losses due to fraud by combining multiple models of fraudulent transaction shared among banks.
Abstract: We describe the results achieved using the JAM distributed data mining system for the real world problem of fraud detection in financial information systems. For this domain we provide clear evidence that state-of-the-art commercial fraud detection systems can be substantially improved in stopping losses due to fraud by combining multiple models of fraudulent transaction shared among banks. We demonstrate that the traditional statistical metrics used to train and evaluate the performance of learning systems (ie. statistical accuracy or ROC analysis) are misleading and perhaps inappropriate for this application. Cost-based metrics are more relevant in certain domains, and defining such metrics poses significant and interesting research questions both in evaluating systems and alternative models, and in formalizing the problems to which one may wish to apply data mining technologies. This paper also demonstrates how the techniques developed for fraud detection can be generalized and applied to the important area of intrusion detection in networked information systems. We report the outcome of recent evaluations of our system applied to tcpdump network intrusion data specifically with respect to statistical accuracy. This work involved building additional components of JAM that we have come to call, MADAM ID (Mining Audit Data for Automated Models for Intrusion Detection). However, taking the next step to define cost-based models for intrusion detection poses interesting new research questions. We describe our initial ideas about how to evaluate intrusion detection systems using cost models learned during our work on fraud detection.

604 citations


"An Integrated Intrusion Detection S..." refers methods in this paper

  • ...[11] [12] developed a credit card fraud detection system (FDS) using meta learning techniques to study models of fraudulent credit card transactions....

    [...]

Journal ArticleDOI
TL;DR: This paper model the sequence of operations in credit card transaction processing using a hidden Markov model (HMM) and shows how it can be used for the detection of frauds and compares it with other techniques available in the literature.
Abstract: Due to a rapid advancement in the electronic commerce technology, the use of credit cards has dramatically increased. As credit card becomes the most popular mode of payment for both online as well as regular purchase, cases of fraud associated with it are also rising. In this paper, we model the sequence of operations in credit card transaction processing using a hidden Markov model (HMM) and show how it can be used for the detection of frauds. An HMM is initially trained with the normal behavior of a cardholder. If an incoming credit card transaction is not accepted by the trained HMM with sufficiently high probability, it is considered to be fraudulent. At the same time, we try to ensure that genuine transactions are not rejected. We present detailed experimental results to show the effectiveness of our approach and compare it with other techniques available in the literature.

430 citations


"An Integrated Intrusion Detection S..." refers methods in this paper

  • ...Using the HMM [2], the user is grouped based on his spending profile....

    [...]