1 / 13

CIFD: Computational Immunology for Fraud Detection

CIFD: Computational Immunology for Fraud Detection. Dr Richard Overill Department of Computer Science & International Centre for Security Analysis, King’s College London. DTI LINK project funded under Phase 1 of the Management of Information programme

Download Presentation

CIFD: Computational Immunology for Fraud Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CIFD:Computational Immunology for Fraud Detection Dr Richard Overill Department of Computer Science & International Centre for Security Analysis, King’s College London

  2. DTI LINK project funded under Phase 1 of the Management of Information programme Application of adaptive, self-learning technologies with low overheads (CI) to fraud detection in the financial sector Partners (with King’s College London): Anite Government Systems Ltd. (developer) The Post Office (end user) Computational Immunology for Fraud Detection

  3. are multi-layered (“defence in depth”) consist of several sub-systems: innate immune system (scavenger cells which ingest debris and pathogens acquired immune system (white blood cells which co-operate to detect and eliminate pathogens / antigens) Natural Immune Systems

  4. Detector cells generated in bone marrow (B-cells), and in lymph system but matured in thymus gland (T-cells). Self-binding T-cell detectors destroyed by censoring (negative selection) in thymus. B- & remaining T-detectors released to bind to and destroy foreign (non-self) antigens. Acquired Immune System

  5. Train with known normal behaviour (“self”) Generate database(s) of self-signatures. Generate a (random) initial population of detectors and screen it against database(s). Challenge the detectors with possibly anomalous behaviour (may contain some “foreign” activity). Digital Immune Systems I

  6. An (approximate) match between a detector and an activity trace indicates a possible anomaly. React to (warn of) the possible anomaly. Evolve the population of detectors to reflect successful and consistently unsuccessful detectors (cloning / killing). Digital Immune Systems II

  7. Can be host-based or network-based: Host-based systems monitor behaviour or processes on servers or other network hosts. Network-based systems are of 2 types: statistical traffic analysis using e.g. IP source & destination addresses and IP port / service. Promiscuous mode ‘sniffing’ of IP packets for anomalous behaviour. Digital Immune Systems III

  8. Build a database(s) of normal transactions and sequences of transactions. Look for anomalous and hence potentially fraudulent patterns of behaviour in actual transactions and transaction sequences, using the detector matching criteria. Adapt the detector population. Application to CIFD

  9. Redundancy: collective behaviour of many detectors should lead to emergent properties of robustness and fault tolerance - no centralised or hierarchical control, no SPoF. Memory of previous encounters can be built in, e.g. as long-lived successful detectors. Various adaptive learning strategies can be tried out, e.g. affinity maturation, niching. Advantages of CI

  10. Subject to compromise in similar ways to the human immune system, i.e. subversion via ‘auto-immune’ reaction (cf. rheumatoid arthritis) where the system is induced to misidentify “self” as “foreign”. subversion via ‘immune deficiency’ response (cf. HIV-AIDS) where the system’s response is suppressed - misidentifying “foreign” as “self”. subversion by concealing “foreign” behaviour in “self” disguise (“Wolf in sheep’s clothing” or T.H.) Disadvantages of CI

  11. Computational Immunology (aka Artificial Immune Systems, AIS, in the USA) has already been used successfully for: detecting the activity of computer viruses and other malicious software (IBM TJW Res Cen.) detecting attempted intrusions into computers and networks (New Mexico & Memphis Univs) Previous Applicationsof CI

  12. Thank you!Any Questions?Contact:Tel: 020 7848 2833Fax: 020 7848 2913Email: richard@dcs.kcl.ac.uk

More Related