Security evaluation of a banking fraud analysis system

Michele Carminati, Mario Polino, Andrea Continella, Andrea Lanzi, Federico Maggi, Stefano Zanero

Research output: Contribution to journalArticleAcademicpeer-review

5 Citations (Scopus)

Abstract

The significant growth of banking fraud, fueled by the underground economy of malware, has raised the need for effective detection systems. Therefore, in the last few years, banks have upgraded their security to protect transactions from fraud. State-of-the-art solutions detect fraud as deviations from customers' spending habits. To the best of our knowledge, almost all existing approaches do not provide an in-depth model's granularity and security analysis against elusive attacks. In this article, we examine Banksealer, a decision support system for banking fraud analysis that evaluates the influence on detection performance of the granularity at which spending habits are modeled and its security against evasive attacks. First, we compare user-centric modeling, which builds a model for each user, with system-centric modeling, which builds a model for the entire system, from the point of view of detection performance. Then, we assess the robustness of Banksealer against malicious attackers that are aware of the structure of the models in use. To this end, we design and implement a proof-of-concept attack tool that performs mimicry attacks, emulating a sophisticated attacker that cloaks frauds to avoid detection. We experimentally confirm the feasibility of such attacks, their cost, and the effort required by an attacker in order to perform them. In addition, we discuss possible countermeasures. We provide a comprehensive evaluation on a large real-world dataset obtained from one of the largest Italian banks.

Original languageEnglish
Article number11
JournalACM Transactions on Privacy and Security
Volume21
Issue number3
DOIs
Publication statusPublished - Jun 2018
Externally publishedYes

Keywords

  • Fraud and anomaly detection
  • Mimicry attack
  • Online banking
  • Spending pattern granularity analysis
  • Cybersecurity

Fingerprint Dive into the research topics of 'Security evaluation of a banking fraud analysis system'. Together they form a unique fingerprint.

Cite this