|Thesis abstract: |
nternet banking has become more and more prevalent in retail and business banking over the years. Unfortunately, this has led to an increase of online banking frauds perpetrated through cyber attacks, phishing scams and malware campaigns, resulting in a worldwide loss of billions of dollars each year. Internet banking frauds have very dynamic behaviors, are spread across different customer¿s profiles and dispersed in large and highly imbalanced datasets. As manual investigation of each reported alarm is labor-intensive, fraud-detection systems must be precise and detect fraud on the fly to avoid immediate financial impact. This raises the need for research advances in analysis and detection approaches on the one hand for online banking fraud and, on the other hand, on malware used to perpetrate these frauds.
We notice that the majority of the approaches for anomaly and fraud detection build black-box models that are not very useful in manual investigation, making the process slower. In addition, those based on baseline profiling are not adaptive to the changing nature of banking frauds, also due to cultural and behavioural diversities that vary from country to country. From our preliminary research on this field, supported by a leading national bank, we understood that instead of focusing on pure detection approaches, more research efforts are needed to support the investigation. Moreover, existing malware detection approaches are not robust against the mutant and evolving nature of modern malware used in banking frauds.
We aim at defining an effective online banking decision-support and fraud-analysis system able to automatically ranks frauds and anomalies in the online-banking ecosystem. Our research is inspired and rooted around the idea of constructing users profiles from historical data, in order to detect suspicious deviations. In parallel, we will strive to correlate frauds to malware campaigns, so as to provide a sound detection of the two key aspects, anomalous transaction and malware activity, of modern online frauds. We plan to evaluate our research results on both simulated and real-world data. This will in turn create, as an additional contribution, a ground truth of frauds useful to other research.
Thanks to our knowledge in financial malware and in collaboration with domain experts we believed that our research will be able to effectively mitigate the problem of online-banking frauds.