Security Evaluation of a Banking Fraud Analysis System

Carminati, Michele; Polino, Mario; Continella, Andrea; Lanzi, Andrea; Maggi, Federico; Zanero, Stefano

doi:10.1145/3178370

Cited by 30 publications

(13 citation statements)

References 34 publications

(58 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…BankSealer [15], [16] works in an unsupervised setting, extracting local, global, and temporal profiles [17] for each user to capture their behaviors. The same authors also study the security of fraud detection systems against mimicry and adversarial attacks [18], [19].…”

Section: A Unsupervised Learningmentioning

confidence: 99%

See 1 more Smart Citation

Amaretto: An Active Learning Framework for Money Laundering Detection

et al. 2022

View full text Add to dashboard Cite

Monitoring financial transactions is a critical Anti-Money Laundering (AML) obligation for financial institutions. In recent years, machine learning-based transaction monitoring systems have successfully complemented traditional rule-based systems to reduce the high number of false positives and the effort needed to review all the alerts manually. Unfortunately, machine learning-based solutions also have disadvantages: while unsupervised models can detect novel fraudulent patterns, they are usually characterized by a high number of false alarms; supervised models, instead, usually offers a higher detection rate but require a large amount of labeled data to achieve such performance. In this paper, we present Amaretto, an active learning framework for money laundering detection that combines unsupervised and supervised learning techniques to support the transaction monitoring processes by improving the detection performance and reducing the fraud management costs. Amaretto exploits novel selection strategies to target a subset of transactions for investigation, making more efficient use of the feedback provided by the analyst. We perform the experimental evaluation on a synthetic dataset provided by the industrial partner, which simulates the profiles of clients trading in international capital markets. We show that Amaretto outperforms state-of-the-art solutions by reducing money laundering risk and improving detection performance. In particular, we compare state-of-the-art unsupervised and supervised techniques commonly used in the AML domain with the ones implemented in this work. We show that the Isolation and Random Forests of Amaretto perform best in the task under analysis, with an AUROC of 0.9 for the first (20% better on average) and a detection rate of 0.793 for the second (30% better on average). In addition, both methods are characterized by a lower costs computed in terms of the daily number of transactions to be examined and the number of false positives and negatives. Finally, we compare Amaretto against a state-of-the-art active learning fraud detection system, achieving better detection performances and lower costs in all the scenarios under analysis. Worth mentioning, Amaretto improves the detection rate up to 50% and reduces the overall cost by 20% in the most realistic scenario under analysis.

show abstract

Section: A Unsupervised Learningmentioning

confidence: 99%

“…Financial datasets are known to be extremely unbalanced, usually containing from 0.1% to 1% [18] of anomalous transactions. This information was also confirmed by the domain experts we interviewed.…”

Section: A Synthetic Anomalies Overviewmentioning

confidence: 99%

Amaretto: An Active Learning Framework for Money Laundering Detection

et al. 2022

View full text Add to dashboard Cite

show abstract

“…The result of an anomaly detection algorithm can be a label or a score; semi-supervised and unsupervised methods generally output a score that can be transformed into a label using a threshold [7]. Histogram and kernel-based approaches are the most common unsupervised anomaly detection methods, especially in network security and fraud detection domains [9][10][11][12][13]. In addition, the data to be processed in these domains is usually very large.…”

Section: Introductionmentioning

confidence: 99%

The Adjusted Histogram-Based Outlier Score - Ahbos

BİNZAT

Yildiztepe

2023

Mugla Journal of Science and Technology

View full text Add to dashboard Cite

Histogram is a commonly used tool for visualizing data distribution. It has also been used in semi-supervised and unsupervised anomaly detection tasks. The Histogram-based outlier score (HBOS) is a fast unsupervised anomaly detection algorithm that has become more popular because of the rapid increase in the amount of data collected in recent decades. HBOS can be computed using either static or dynamic bin-width histograms. When a histogram contains large gaps, the dynamic bin-width approach is preferred over the static bin-width approach. These gaps in a histogram usually occur as a result of various distributions in real data. When working with a static bin-width histogram, gaps can be utilized to acquire better distinction between outliers and inliers. In this study, we propose an adjusted version of the HBOS named Adjusted HBOS (AHBOS), which considers neighboring bins prior to density estimation. Results from a simulation study and real data application indicate that AHBOS yields a better performance not only in the simulated data but also for various types of real data.

show abstract

“…As discussed in [1], one of the most difficult issues researcher faces is because of the limited availability of malicious samples (owing to obvious privacy concerns). Therefore, abnormal detection is of the essence to resolve security issues of online banking.…”

Section: Introductionmentioning

confidence: 99%

“…Therefore, abnormal detection is of the essence to resolve security issues of online banking. However, there are remaining issues of abnormal detection as described in [1], one of which is how to calculate the distance between data samples.…”

Section: Introductionmentioning

confidence: 99%

Abnormal Detection of User Behavior in Online Banking

2019

Proceedings of 2019 the 9th International Workshop on Computer Science and Engineering

View full text Add to dashboard Cite

Abnormal detection is very important in online banking security. One of the most difficult issues in abnormal detection is how to calculate the distance between data samples. After the analysis of user behavior of online banking, we propose a mixed method based on Euclidean distance and cosine similarity, to measure the similarity among user behaviors. This paper develops an approach to catch similar behaviors to the abnormal behaviors in online banking transactions, by using the mixed similarity measurement. Experiment results show that our method can improve the performance of abnormal detection on the underground dataset, comparing to Euclidean distance and cosine similarity.

show abstract

Security Evaluation of a Banking Fraud Analysis System

Cited by 30 publications

References 34 publications

Amaretto: An Active Learning Framework for Money Laundering Detection

Amaretto: An Active Learning Framework for Money Laundering Detection

The Adjusted Histogram-Based Outlier Score - Ahbos

Abnormal Detection of User Behavior in Online Banking

Contact Info

Product

Resources

About