Automatic ATM Fraud Detection as a Sequence-based Anomaly Detection Problem

Maik Anderka, Timo Klerx, Steffen Priesterjahn, Hans Kleine Büning

Abstract

Because of the direct access to cash and customer data, automated teller machines (ATMs) are the target of manifold attacks and fraud. To counter this problem, modern ATMs utilize specialized hardware security systems that are designed to detect particular types of attacks and manipulation. However, such systems do not provide any protection against future attacks that are unknown at design time. In this paper, we propose an approach that is able to detect known as well as unknown attacks on ATMs and that does not require additional security hardware. The idea is to utilize automatic model generation techniques to learn patterns of normal behavior from the status information of standard devices comprised in an ATM; a significant deviation from the learned behavior is an indicator of a fraud attempt. We cast the identification of ATM fraud as a sequence-based anomaly detection problem, and we describe three specific methods that implement our approach. An empirical evaluation using a real-world data set that has been recorded on a public ATM within a time period of nine weeks shows promising results and underlines the practical applicability of the proposed approach.

References

  1. Aggarwal, C. (2013). Outlier Analysis. Springer.
  2. Budalakoti, S., Srivastava, A., Akella, R., and Turkov, E. (2006). Anomaly detection in large sets of highdimensional symbol sequences. Technical Report TM-2006-214553, NASA Ames Research Center.
  3. Cabrera, J., Lewis, L., and Mehra, R. (2001). Detection and classification of intrusions and faults using sequences of system calls. ACM SIGMOD Record, 30(4).
  4. Chandola, V., Banerjee, A., and Kumar, V. (2012). Anomaly detection for discrete sequences: A survey. IEEE Transactions on Knowledge and Data Engineering, 24(5).
  5. Chandola, V., Mithal, V., and Kumar, V. (2008). Comparative evaluation of anomaly detection techniques for sequence data. In Proceedings of the 8th IEEE Conference on Data Mining (ICDM'08). IEEE.
  6. Chapelle, O., Schölkopf, B., and Zien, A., editors (2006). Semi-Supervised Learning. MIT Press.
  7. Florez-Larrahondo, G., Bridges, S., and Vaughn, R. (2005). Efficient modeling of discrete events for anomaly detection using hidden Markov models. In Proceedings of the 8th Conference on Information Security (ISC'05). Springer.
  8. Ghosh, A., Schwartzbard, A., and Schatz, M. (1999). Learning program behavior profiles for intrusion detection. In Proceedings of the USENIX Workshop on Intrusion Detection and Network Monitoring (ID'99). USENIX Association.
  9. Hofmeyr, S., Forrest, S., and Somayaji, A. (1998). Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3).
  10. Juang, B. and Rabiner, L. (1990). The segmental K-means algorithm for estimating parameters of hidden Markov models. IEEE Transactions on Acoustics, Speech and Signal Processing, 38(9).
  11. Leung, K. and Leckie, C. (2005). Unsupervised anomaly detection in network intrusion detection using clusters. In Proceedings of the 28th Australasian Conference on Computer Science (ACSC'05). Australian Computer Society, Inc.
  12. Rabiner, L. (1989). A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE, 77(2).
  13. Tax, D. (2001). One-class Classification: Concept-learning in the Absence of Counter-examples. Ph.d. thesis, Delft University of Technology.
  14. Warrender, C., Forrest, S., and Pearlmutter, B. (1999). Detecting intrusions using system calls: Alternative data models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy (PS'99). IEEE.
  15. Zhang, J. and Zulkernine, M. (2006). Anomaly based network intrusion detection with unsupervised outlier detection. In IEEE International Conference on Communications (ICC'06). IEEE.
  16. Zhang, X., Fan, P., and Zhu, Z. (2003). A new anomaly detection method based on hierarchical HMM. In Proceedings of the 4th Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'03). IEEE.
Download


Paper Citation


in Harvard Style

Anderka M., Klerx T., Priesterjahn S. and Kleine Büning H. (2014). Automatic ATM Fraud Detection as a Sequence-based Anomaly Detection Problem . In Proceedings of the 3rd International Conference on Pattern Recognition Applications and Methods - Volume 1: ICPRAM, ISBN 978-989-758-018-5, pages 759-764. DOI: 10.5220/0004922307590764


in Bibtex Style

@conference{icpram14,
author={Maik Anderka and Timo Klerx and Steffen Priesterjahn and Hans Kleine Büning},
title={Automatic ATM Fraud Detection as a Sequence-based Anomaly Detection Problem},
booktitle={Proceedings of the 3rd International Conference on Pattern Recognition Applications and Methods - Volume 1: ICPRAM,},
year={2014},
pages={759-764},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004922307590764},
isbn={978-989-758-018-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Pattern Recognition Applications and Methods - Volume 1: ICPRAM,
TI - Automatic ATM Fraud Detection as a Sequence-based Anomaly Detection Problem
SN - 978-989-758-018-5
AU - Anderka M.
AU - Klerx T.
AU - Priesterjahn S.
AU - Kleine Büning H.
PY - 2014
SP - 759
EP - 764
DO - 10.5220/0004922307590764