Fraud Formalization and Detection - PowerPoint PPT Presentation

About This Presentation
Title:

Fraud Formalization and Detection

Description:

Impersonator: an illegitimate user who steals resources from the victims by ' ... The higher the rating is, the more satisfied the user is. ... – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 23
Provided by: yuhui8
Category:

less

Transcript and Presenter's Notes

Title: Fraud Formalization and Detection


1
Fraud Formalization and Detection
  • Bharat Bhargava, Yuhui Zhong, Yunhua Lu
  • Center for Education and Research in Information
    Assurance and Security
  • and
  • Department of Computer Sciences
  • Purdue University,
  • W. Lafayette, IN, USA
  • bb, zhong, luy_at_cs.purdue.edu

2
Introduction
  • Fraudsters can be classified into impersonators
    and swindlers
  • Impersonator an illegitimate user who steals
    resources from the victims by taking over''
    their accounts
  • Swindler a legitimate user who intentionally
    harms the system or other users by deception

3
Introduction
  • Fraud prevention
  • Cryptographic technologies prevent frauds caused
    by impersonators
  • Separation of duty and dual-log bookkeeping
    prevent frauds conducted by swindlers
  • Fraud detection
  • Existing research efforts identifying frauds
    caused by impersonators
  • This paper detecting frauds conducted by
    swindlers

4
Related Work
  • Fraud detection techniques
  • Most fraud detection techniques address
    impersonator issues
  • An adaptive fraud rule-based detection framework
    (T. Fawcett and F. Provost)
  • neural network technique based on unsupervised
    learning for fraud detection (P. Burge and J.
    Shawe-Taylor)
  • Generation and selection rule set should combine
    both user-level and behavior-level attributes (S.
    Rosset)

5
Evaluation criteria
  • Receiver Operating Characteristics
  • A ROC graph shows the relationship between True
    Positive rate and False positive rate
  • Accuracy
  • the number of detected fraud over the total
    number of classified frauds
  • Fraud coverage
  • the number of detected frauds over the total
    number of frauds
  • False alarm rate
  • Percentage of false alarm in alarm set
  • Fraud detection rate
  • Loss by detected fraud over the total loss due to
    fraud
  • Cost-based metric
  • If the loss resulting from a fraud is smaller
    than the investigation cost, this fraud is
    ignored

6
Formal Definitions
  • A swindler is an entity that has no intention to
    keep his commitment in cooperation.
  • Commitment conjunction of expressions describing
    an entitys promise in a process of cooperation
  • Example (Received_by04/01) ? (Prize1000) ?
    (QualityA) ? ReturnIfAnyQualityProblem
  • Outcome conjunction of expressions describing
    the actual results of a cooperation
  • Example (Received_by04/05) ? (Prize1000) ?
    (QualityB) ? ReturnIfAnyQualityProblem

7
Formal Definitions
  • Intention-testifying
  • Predicate P P in an outcome ? entity making the
    promise is a swindler.
  • Attribute variable V V's expected value is more
    desirable than the actual value ? the entity is a
    swindler.
  • Intention-dependent indicates an possibility
  • Predicate P P in an outcome ? entity making the
    promise may be a swindler.
  • Attribute variable V V's expected value is more
    desirable than the actual value ? the entity may
    be a swindler.
  • An intention-testifying variable or predicate is
    intention-dependent. The opposite direction is
    not necessarily true.

8
Model deceiving intentions
  • Satisfaction rating
  • Associate with the actual value of each
    intention-dependent variable in an outcome.
  • Range from 0,1. The higher the rating is, the
    more satisfied the user is.
  • Relate to deceiving intention and unpredicted
    factors
  • Modeled by using random variable with normal
    distribution
  • mean function fm(n) determines the mean value of
    the normal distribution at the the nth rating

9
Model deceiving intentions (Contd)
  • Uncovered deceiving intention
  • The satisfaction ratings are stably low.
  • The ratings vary in a small range over time.

10
Model deceiving intentions (Contd)
  • Trapping intention
  • The rating sequence can be divided into two
    phases preparing and trapping.
  • A swindler behaves well to achieve a trustworthy
    image before he conducts frauds.

11
Model deceiving intentions (Contd)
  • Illusive intention
  • A smart swindler attempts to cover the bad
    effects by intentionally doing something good
    after misbehaviors.
  • The process of preparing and trapping are
    repeated.

12
Architecture for Swindler Detection
13
Architecture for Swindler Detection
  • Profile-based anomaly detector
  • Monitor suspicious actions based upon the
    established patterns of an entity
  • State transition analysis
  • Provide state description when an activity
    results in entering a dangerous state
  • Deceiving intention predictor
  • Discover deceiving intention based on
    satisfaction ratings.
  • Decision making

14
Profile-based anomaly detector
15
Profile-based anomaly detector
  • Rule generation and weighting
  • Generate fraud rules and weights associated with
    the rules
  • User profiling
  • Variable selection
  • Data filtering
  • Online detection
  • Retrieve rules upon an activity occurs
  • Retrieve current and history behavior patterns
  • Calculate deviation of two patterns

16
Deceiving intention predictor
  • Kernel of the predictor DIP algorithm
  • Belief of deceiving intention as the
    complementary of trust belief
  • Trust belief is evaluated based on the
    satisfaction sequence.
  • Trust belief formation satisfies
  • Time dependent
  • Trustee dependent
  • Easy-destruction-hard-construction property

17
(No Transcript)
18
Experimental study
  • Goal Investigate DIPs capability of discovering
    deceiving intentions
  • Initial values for parameters
  • Construction factor (Wc) 0.05
  • Destruction factor (Wd) 0.1
  • Penalty ratios for construction factor (r1) 0.9
  • Penalty ratios for destruction factor (r2) 0.1
  • Penalty ratios for supervision-period (r3) 2
  • Threshold for a foul event (fThreshold) 0.18

19
Discover swindler with uncovered deceiving
intention
  • trust values are close to the minimum rating of
    interactions that is 0.1
  • Deceiving intention belief is around 0.9

20
Discover swindler with trapping intention
  • DIP responds to the sharp drop quickly
  • It takes 6 interactions for DI-confidence
    increasing from 0.2239 to 0.7592 after the sharp
    drop

21
Discover swindler with illusive intention
  • DIP is able to catch this smart swindler in the
    sense that the belief in deceiving intention
    eventually increases to about 0.9
  • The swindler's effort to cover a fraud with good
    behaviors has less and less effect with the
    number of frauds.

22
Conclusion
  • Define concepts relevant to frauds conducted by
    swindlers
  • Model three deceiving intentions
  • Propose an approach for swindler detection and an
    architecture realizing the approach
  • Develop a deceiving intention prediction
    algorithm
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Fraud Formalization and Detection" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!