detecting client side e banking fraud using a heuristic
play

Detecting client-side e-banking fraud using a heuristic model Tim - PowerPoint PPT Presentation

Aug 26, 2023 •156 likes •373 views

Detecting client-side e-banking fraud using a heuristic model Tim Timmermans Jurgen Kloosterman tim.timmermans@os3.nl jurgen.kloosterman@os3.nl University of Amsterdam July 4, 2013 Tim Timmermans, Jurgen Kloosterman Research project 2. (1

  1. Detecting client-side e-banking fraud using a heuristic model Tim Timmermans Jurgen Kloosterman tim.timmermans@os3.nl jurgen.kloosterman@os3.nl University of Amsterdam July 4, 2013 Tim Timmermans, Jurgen Kloosterman Research project 2. (1 of 21)

  2. Introduction E-banking malware; Man-in-the-browser attack; ”Owns” the browser; Not possible to detect malware with web techniques, i.e JavaScript. Tim Timmermans, Jurgen Kloosterman Research project 2. (2 of 21)

  3. Normal banking web page Figure 1: Normal banking web page Tim Timmermans, Jurgen Kloosterman Research project 2. (3 of 21)

  4. Malicious banking web page Figure 2: Malicious banking web page Tim Timmermans, Jurgen Kloosterman Research project 2. (4 of 21)

  5. Research question To what extend is it possible to detect maliciously injected code into a web page using a heuristic model in order to counteract fraud and what is the performance of such technique in terms of accuracy and execution time? Tim Timmermans, Jurgen Kloosterman Research project 2. (5 of 21)

  6. Current Solutions Pattern recognition; Cannot detect injections from unknown malware. Tim Timmermans, Jurgen Kloosterman Research project 2. (6 of 21)

  7. Related Work CaffeineMonkey: a method to analyse and detect malicious JavaScript (Feinstein et. al.); Prophiler: a filter to examine millions of web pages for malicious content (Canali, Davide, et al.); Zozzle: a low-overhead solution that applies Bayesian analysis to detect JavaScript malware in the browser (Curtsinger, Charlie, et al.). Tim Timmermans, Jurgen Kloosterman Research project 2. (7 of 21)

  8. Approach (1) Supervised machine learning; Labeling of benign and malicious pages Server-side detection mechanism; Goal : detect injections from unknown malware and difficult to bypass. Tim Timmermans, Jurgen Kloosterman Research project 2. (8 of 21)

  9. Approach (2) Figure 3: Normal interaction with an e-banking web site. Tim Timmermans, Jurgen Kloosterman Research project 2. (9 of 21)

  10. Approach (3) Figure 4: Overview of fraud detection implementation. Tim Timmermans, Jurgen Kloosterman Research project 2. (10 of 21)

  11. Model overview Figure 5: Overview of the fraud detection model. Tim Timmermans, Jurgen Kloosterman Research project 2. (11 of 21)

  12. Method: feature extraction Brief selection of features that are identified: iframes; inline styles; hidden elements; input fields; (obfuscated) Javascript; Figure 6: Feature extraction external Javascript, component stylesheets and images. A total of 26 relevant features are identified from HTML, Javascript and URLs Tim Timmermans, Jurgen Kloosterman Research project 2. (12 of 21)

  13. Method: preprocessor Transforms the feature data to a vector as input for the classifier; Assigns a maliciousness score based on the extracted URL features. Figure 7: Preprocessor component Tim Timmermans, Jurgen Kloosterman Research project 2. (13 of 21)

  14. Method: classifier Na¨ ıve Bayes learning algorithm Two components Trainer; Classification. Figure 8: Classifier components Tim Timmermans, Jurgen Kloosterman Research project 2. (14 of 21)

  15. Classifier: trainer Train the classifier on manual labeled malicious and benign pages. Figure 9: Classifier - trainer component Tim Timmermans, Jurgen Kloosterman Research project 2. (15 of 21)

  16. Classifier: classification Classifies an unknown page against the training set using the Bayes’ theorem; Result consists of a probability between 0 and 100% for each class. Figure 10: Classifier - classification component Tim Timmermans, Jurgen Kloosterman Research project 2. (16 of 21)

  17. Results: performance Mean execution time to classify an unknown page: 0.176 seconds. Figure 11: Execution time performance Tim Timmermans, Jurgen Kloosterman Research project 2. (17 of 21)

  18. Results: accuracy 90% accuracy reached with ∼ 32.000 instances in the training set. Figure 12: Accuracy measurements Tim Timmermans, Jurgen Kloosterman Research project 2. (18 of 21)

  19. Results: model validation Experiment to validate the developed model: 1 Train classifier on page adapter by Zeus malware; 2 Classify a page adapted by Citadel malware. Result: classified as malicious with a probability of 100%. Tim Timmermans, Jurgen Kloosterman Research project 2. (19 of 21)

  20. Conclusion Classifier reaches an accuracy of 90% given the used dataset (needs validation with more complete set); The developed model is able to counteract fraud, caused by (unknown) malware; Classification process of a web page is performed with a mean of 0.176 seconds; Improvement of the model may lower impact on resources and optimizing executing time. Tim Timmermans, Jurgen Kloosterman Research project 2. (20 of 21)

  21. References Feinstein, Ben, Daniel Peck, and I. SecureWorks. ”Caffeine monkey: Automated collection, detection and analysis of malicious javascript.” Black Hat USA 2007 (2007). Canali, Davide, et al. ”Prophiler: a fast filter for the large-scale detection of malicious web pages.” Proceedings of the 20th international conference on World wide web. ACM, 2011. Curtsinger, Charlie, et al. ”ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection.” USENIX Security Symposium. 2011. Tim Timmermans, Jurgen Kloosterman Research project 2. (21 of 21)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Insider Fraud Laura Hutton SAS detecting the invisible The new fraud landscape & the rise

Insider Fraud Laura Hutton SAS detecting the invisible The new fraud landscape & the rise

Insider Fraud Laura Hutton SAS detecting the invisible The new fraud landscape & the rise of the insider How to rob a bank How to detect fraudulent staff Fraud is a global problem Typical organisations lose 5% of revenues Source:

503 views • 34 slides
Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud in an Electronic Voting Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An Analysis of the Unlimited Reelection Vote in Venezuela Election Forensics Previous Research Ines

686 views • 45 slides
Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO

Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO

Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO State Banking Operations Fraud Brandon Watson, Banking Director Unclaimed Property Fraud Brenda Williams, Deputy Treasurer, Unclaimed

678 views • 28 slides
Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

CSE 127: Computer Security Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side web applications (from vulnerable/untrusted components) Modern web sites are complicated Many acting parties on a site

867 views • 62 slides
HoneySpider Network 2.0 detecting client-side attacks the easy way Pawe Pawli nski CERT

HoneySpider Network 2.0 detecting client-side attacks the easy way Pawe Pawli nski CERT

HoneySpider Network 2.0 detecting client-side attacks the easy way Pawe Pawli nski CERT Polska / NASK 24th Annual FIRST Conference 21 June 2012 Pawe Pawli nski (CERT Polska / NASK) HoneySpider Network 2.0 FIRST 2012 1 / 23

280 views • 27 slides
A Primer on Detecting, Preventing, and Investigating Nonprofit Fraud, Embezzlement, and

A Primer on Detecting, Preventing, and Investigating Nonprofit Fraud, Embezzlement, and

nonprofit alert FEBRUARY 19, 2015 A Primer on Detecting, Preventing, and Investigating Nonprofit Fraud, Embezzlement, and Charitable Diversion Increasing Scrutiny of Nonprofit Fraud, Embezzlement, and Charitable Diversion CALIFORNIA DELAWARE

287 views • 9 slides
CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side

CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side

CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side Server Side Web Server Web Browser Web Technologies Content Resources Presentation management Client Side Processing Multimedia The evolution of

1.24k views • 23 slides
No Please, After You: Detecting Fraud in Affiliate Marketing Networks Peter Snyder

No Please, After You: Detecting Fraud in Affiliate Marketing Networks Peter Snyder

No Please, After You: Detecting Fraud in Affiliate Marketing Networks Peter Snyder <psnyde2@uic.edu> and Chris Kanich <ckanich@uic.edu> University of Illinois at Chicago Overview 1. Problem Area: affiliate marketing 2. Data Set :

671 views • 37 slides
CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser after page is sent back from server often this code manipulates the page or responds to user actions What is JavaScript? a lightweight

643 views • 29 slides
Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser Cookies The big picture key/value pairs data Client Side Server Side HTTP request

783 views • 13 slides
Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

CSE 127: Computer Security Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side web applications (from vulnerable/untrusted components) Modern web sites are complicated Modern web sites are

709 views • 57 slides
DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side

DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side

DEFCON DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side Exploitation Script Based Attack Powershell,Jscript,Vbscript Vbscript:still people use IE, you can call wmic and powershell script to execute.

428 views • 15 slides
Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side

Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side

Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side Direct I/O for NFS Connectathon 1997 Disclaimer This is not a product announcement. 2 Client-Side Direct I/O for NFS Connectathon 1997

311 views • 16 slides
CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application Popular attacks Cross-site

266 views • 15 slides
Client Compliance Process Logging and Investigating Complaints of Client Fraud and Abuse Agenda

Client Compliance Process Logging and Investigating Complaints of Client Fraud and Abuse Agenda

Client Compliance Process Logging and Investigating Complaints of Client Fraud and Abuse Agenda Introduction to Client Compliance in the MI-WIC environment Introduction to MI-WIC Compliance C C Screens How to log, investigate,

628 views • 48 slides
Streamline Management & Prevent Fraud: Newer Banking Tools and Technology September 18/19

Streamline Management & Prevent Fraud: Newer Banking Tools and Technology September 18/19

Streamline Management & Prevent Fraud: Newer Banking Tools and Technology September 18/19 2014 Learning Center for Nonprofits Discussion Leaders: Kay Sohl Nikki Geiszler & Susan Thompson www.kaysohlconsulting.net Workshop

619 views • 35 slides
ProbabilisticModeling and JointDistributionModel Probabilistic Modeling / Joint

ProbabilisticModeling and JointDistributionModel Probabilistic Modeling / Joint

ProbabilisticModeling and JointDistributionModel Probabilistic Modeling / Joint Distribution Model 1 Haluk Madencioglu ElementsofProbabilityTheory Introduction Concernedwithanalysisofrandomphenomena

729 views • 41 slides
EnKF and filter divergence David Kelly Andrew Stuart Kody Law Courant Institute New York

EnKF and filter divergence David Kelly Andrew Stuart Kody Law Courant Institute New York

EnKF and filter divergence David Kelly Andrew Stuart Kody Law Courant Institute New York University New York, NY dtbkelly.com December 11, 2014 Applied and computational mathematics seminar, NIST . David Kelly (NYU) EnKF December 11, 2014

599 views • 59 slides
CITES-2019 Bayesian approach to the data assimilation problem based on the use of ensembles of

CITES-2019 Bayesian approach to the data assimilation problem based on the use of ensembles of

CITES-2019 Bayesian approach to the data assimilation problem based on the use of ensembles of forecasts and observations Ekaterina Klimova ICT SB RAS Introduction The task of data assimilation is usually understood as the time-sequential

508 views • 34 slides
Getting the most out of the ROOT tutorials Automated conversion from ROOT macros to Jupyter

Getting the most out of the ROOT tutorials Automated conversion from ROOT macros to Jupyter

Getting the most out of the ROOT tutorials Automated conversion from ROOT macros to Jupyter notebooks Pau Miquel, Summer 2016 Supervisors: Pere Mat, Danilo Piparo 1 / 24 Outline 1. Overview 2. ROOT Tutorials 3. Conversion a. Steps

746 views • 30 slides
On the use of Gaussian models on patches for image denoising Antoine Houdard Young Researchers

On the use of Gaussian models on patches for image denoising Antoine Houdard Young Researchers

On the use of Gaussian models on patches for image denoising Antoine Houdard Young Researchers in Imaging Seminars Institut Henri Poincar Wednesday, February 27th Digital photography: noise in images Different ISO settings with constant

1.43k views • 85 slides
Approximate Bayesian Computation Michael Gutmann https://sites.google.com/site/michaelgutmann

Approximate Bayesian Computation Michael Gutmann https://sites.google.com/site/michaelgutmann

Approximate Bayesian Computation Michael Gutmann https://sites.google.com/site/michaelgutmann University of Helsinki and Aalto University 1st December 2015 Content Two parts: 1. The basics of approximate Bayesian computation (ABC) 2. ABC

734 views • 47 slides
scientific ideas from Taiwan Y en - Ting Lin Institute of Astronomy & Astrophysics, Academia

scientific ideas from Taiwan Y en - Ting Lin Institute of Astronomy & Astrophysics, Academia

scientific ideas from Taiwan Y en - Ting Lin Institute of Astronomy & Astrophysics, Academia Sinica ( ASIAA ) presenting ideas from Lihwai Lin, Y ouichi Ohyama, Y u - Y en Chang, Ken Chen, Poshih Chiang ideas finding the oldest,

186 views • 16 slides
Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems

Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems

Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems Yu Wang, Zhenqi Huang, Sayan Mitra and Geir E. Dullerud September 25, 2014 General Question Trade-off between privacy and accuracy: a

587 views • 19 slides

More recommend