incidentresponsesim an agent based simulation tool for
play

IncidentResponseSim: An Agent-Based Simulation Tool for Risk - PowerPoint PPT Presentation

Nov 21, 2022 •190 likes •552 views

KTH ROYAL INSTITUTE OF TECHNOLOGY IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud Dan Gorton Center for Safety Research Department of Transport Science Outline Background Scenarios Directions for

  1. KTH ROYAL INSTITUTE OF TECHNOLOGY IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud Dan Gorton Center for Safety Research Department of Transport Science

  2. Outline Background Scenarios Directions for future research

  3. Background The incident response process of online banking, and the incident response tree (IRT) tool

  4. Online Banking and Fraud 1 (2) ” Online banking (OLB) is an electronic payment system that enables customers of a financial institution to conduct financial transactions on a website operated by the institution” [Wikipedia] An online bank may have several ”channels” providing different means for login, and a different set of online services depending on the level of security provided by the channel. The size of online banking fraud is ”channel” specific and depends on many parameters, including … • The number of customers • Countermeasures • Transaction limit • Distribution of wealth on customer accounts

  5. Online Banking and Fraud 2 (2) Fig. Overview of electronic payment system [Julisch]. Detection Prevention Response (e.g., real time or batch fraud (e.g., authentication + IDS) (e.g., automatic or manual) detection ) Front End Security Measures Back End Security Measures

  6. Threats Impersonation • Phishing, Man-in-the-middle, Man-in-the-browser, etc. Deception • Attacks where the customer performs the transaction on behalf of the attacker Server side attacks • Attacks directed at the online bank servers Ref: [Julisch]

  7. Countermeasures … Updating prevention to include additional authentication methods, e.g., out-of-band authentication or adding control questions to customer support personnel Updating detection using more aggressive intrusion and fraud detection Blocking fraudulent transactions before clearing them Closing down one or more channels Closing down certain services (e.g., wire transfers) within specific online channels Restricting functionality within services Restricting the possibility to add new beneficiary accounts Blacklisting fraudulent accounts (known money mules) Grey listing potentially fraudulent accounts, to initiate manual review before allowing transactions to clear Letting the fraud response team contact the customer for extra verification …

  8. The Incident Response Process of Online Banking On a high level • Event driven • Risks are evaluated against the current production environment • Shortage of time • Large scale incidents will typically activate crisis management teams On a low level • The fraud response team works with each separate incident • Limited time for documentation There is a need for a “quick” tool, which is “easy to grasp” for higher management

  9. Existing Visual tools for Cyber Security Attack Trees • A methodical way or describing threats against, and countermeasures protecting a system [Schneier] Protection Trees • An explicit protection tree that mitigates the attack steps modeled in the corresponding attack tree [Edge] Problem : “Fault tree” models fail to capture the chronological ordering of events [Pat-Cornell] Solution : Event trees have been used for cyber threats [Ezell] Problem : Critique; huge problem with under-reporting [GAO] Solution : Make sure under-reporting is a limited problem [Gorton] Idea : Fraud is an area where under-reporting may be a minor problem, because ”the customers want their money back”

  10. Incident Response Tree (IRT) Prevention Detection Response

  11. Just Register the Frequencies…

  12. Frequencies, C1 to C4 Ref: [Gorton]

  13. Conditional Probabilities of Prevention P p , Detection P D , and Response P R The conditional probabilities change during the attack, up or down, depending on the effectiveness of the countermeasures against the threat at hand Ref: [Gorton]

  14. Relative frequencies, RF C1 to RF C4 RF C1 = P IE (1 – P P ) (1 – P D ) RF C2 = P IE (1 – P P ) P D (1 – PR) RF C3 = P IE (1 – P P ) P D P R RF C4 = P IE P P RF Fraud = RF C1 + RF C2 = P IE (1 – P P ) (1 – P D P R ) Ref: [Gorton]

  15. Quality assurance Use statistics for thresholds: • Threshold for monthly reporting • Threshold for weekly reporting • Threshold for daily reporting • Threshold for minor countermeasures • Threshold for major countermeasures

  16. Expected loss from fraud (EF) "𝐹𝑀 = 𝑄𝐸 ∙ 𝐹𝐵𝐸 ∙ 𝑀𝐻𝐸 ” Credit Risk Approach [BIS]: • Probability of default (PD) • Exposure at default (EAD) • Loss given default (LGD) 𝑂 (𝐹𝐵𝐺 𝑗 ∙ 𝑀𝐻𝐺 𝑗 ) 𝐹𝐺 = 𝑄𝐺 ∙ 𝑗=1 Expected Fraud: • Probability of fraud (PF) # 𝑔𝑠𝑏𝑣𝑒 – 𝑄𝐺 = # 𝑑𝑣𝑡𝑢𝑝𝑛𝑓𝑠𝑡 • Exposure at fraud (EAF) – 𝐹𝐵𝐺 𝑗 = min(𝑈𝑠𝑏𝑜𝑡𝑏𝑑𝑢𝑗𝑝𝑜 𝑀𝑗𝑛𝑗𝑢, 𝐵𝑑𝑑𝑝𝑣𝑜𝑢 𝐶𝑏𝑚𝑏𝑜𝑑𝑓) • Loss given fraud (LGF) – 𝑀𝐻𝐺 𝑗 = 𝑇𝑢𝑝𝑚𝑓𝑜 𝐵𝑛𝑝𝑣𝑜𝑢 𝐹𝐵𝐺

  17. Conditional fraud value at risk Credit Risk Approach [BIS] Online Fraud Approach VaR at 95 th percentile VaR at 99.75 th percentile • • – – Once every 20 years Once every 400 years • Simple Random Sampling of • Unexpected Losses (UL) Fraud Losses (FL) • UL = VaR - EL 𝐽 – 𝐺𝑀 𝑙 = 𝑗=1 (𝐹𝐵𝐺 𝑗 ∙ 𝑀𝐻𝐺 𝑗 )

  18. IncidentResponseSim – Simplified Model

  19. IncidentResponseSim – GUI

  21. IncidentResponseSim – Customer Inspector

  22. IncidentResponseSim – Example output

  23. Simulations Scenarios for IRT and the design of new methods for calculating the number of defrauded customers

  24. Current Situation In the following examples, we will use the following fictional statistics to describe the current situation. We assume that: • Probability of initiating event, P IE = 1 • Conditional probability of prevention, P P = 0.8 • Conditional probability of detection, P D = 0.9 • Conditional probability of response, P R = 0.9

  25. Current Situation We assume: • 100,000 customers • A maximum transaction limit of 30,000 • Fraud may not continue over several days • Account balance drawn from an up-scaled Beta (below) • Stolen amount drawn from a truncated Normal

  26. IncidentResponseSim – SRS of Defrauded Customers (current situation) Output from IncidentResponseSim (999 iterations): Number of Defrauded Customers Bootstrap Mean: 38,10 Number of Defrauded Customers Bootstrap Std: 6,07 Number of Defrauded Customers Bootstrap 95%: 48,00 Number of Defrauded Customers Bootstrap Min: 22 Number of Defrauded Customers Bootstrap Max: 62

  27. IncidentResponseSim – SRS of Direct Economic Consequences (current situation) Output from IncidentResponseSim (999 iterations): EF Mean: 941 425,53 SEK EF Std: 62 547,99 SEK EF SE Mean: 9 028,02 SEK EF 95% (Fraud VaR): 1 042 430,61 SEK EF Min: 765 797,88 SEK EF Max: 1 110 622,08 SEK

  28. Scenario 1 – Newly entered markets Threat Environment A Threat Environment B Existing Online Bank New Online Bank Assume that we want to keep the number of fraud victims the same, and that we use the probability of a customer being infected as a proxy: A : “reference risk of infection” vs B : e.g. 2.75 times as high risk of infection PandaLabs

  29. Results from IncidentResponseSim SRS of Defrauded Customers: DC Mean: 104,58 DC Std: 10.186893976135476 DC 95% (Fraud VaR): 121.0 DC Min: 76.0 DC Max: 143.0 SRS of Direct Economic Consequences: EF Mean: 2 379 053,07 SEK EF Std: 97 137,15 SEK EF SE Mean: 8 830,65 SEK EF 95% (Fraud VaR): 2 545 100,11 SEK EF Min: 2 049 829,33 SEK EF Max: 2 679 394,95 SEK

  30. Scenario 2 – Single point of failure Detection Prevention Response (e.g., fraud detection ) (e.g., Authentication + IDS) (e.g., real time, batch, manual) History: RF Fraud = 1(1-0.8)(1-0.9*0.9) = 0.038 Failed prevention: RF Fraud = 1(1- 0 )(1-0.9*0.9) = 0.19 Failed detection: RF Fraud = 1(1-0.8)(1- 0 *0.9) = 0.20 Failed response: RF Fraud = 1(1-0.8)(1-0.9* 0 ) = 0.20

  31. Scenario 3 – Emerging threats Threat Environment A Threat Environment B Existing Online Bank Assume a new threat, highly contagious, 2 * infection rate, and very effective at overcoming current preventive measures, P P_B = 0.6. SRS of Defrauded Customers: Number of Defrauded Customers Bootstrap Mean: 152,05 Number of Defrauded Customers Bootstrap Std: 11,72 Number of Defrauded Customers Bootstrap 95%: 171,00 SRS of Direct Economic Consequences: EF Mean: 3 352 588,36 SEK EF Std: 114 012,55 SEK EF 95% (Fraud VaR): 3 545 783,33 SEK

  32. Trojan Strategies vs Transaction Limits Max = min (Account Balance, Transaction Limit) Random = rnd (0, min (Account Balance, Transaction Limit)) Mean Transaction = 500 + rnd (0, 10 000)

  33. Return on Security Investment (ROSI) MLR = Monetary Loss Reduction COS = Cost of Solution 𝑆𝑃𝑇𝐽 = 𝑁𝑀𝑆 − 𝐷𝑃𝑇 𝐷𝑃𝑇 Action COS # Frauds COST MLR ROSI Do nothing 0 48 1,042,431 0 N/A Add +0.1 400,000 26 581,281 461,150 0.15 prevention Add +0.05 300,000 38 826,431 215,999 -0.28 detection Add +0.05 200,000 38 826,431 215,999 0.08 response

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

LABOUR FORCE MODELING BASED ON AGENT-BASED SIMULATION Mustafa DN Ph.D., Rtd. Captain (N)

LABOUR FORCE MODELING BASED ON AGENT-BASED SIMULATION Mustafa DN Ph.D., Rtd. Captain (N)

LABOUR FORCE MODELING BASED ON AGENT-BASED SIMULATION Mustafa DN Ph.D., Rtd. Captain (N) www.milsoft.com.tr Outline Project Goal System Design Modeling Approaches Agent-Based Simulation Simulation Tool Results

673 views • 25 slides
Agent-Based Modeling and Simulation Implementing a First Agent-Based Model Dr. Alejandro

Agent-Based Modeling and Simulation Implementing a First Agent-Based Model Dr. Alejandro

Agent-Based Modeling and Simulation Implementing a First Agent-Based Model Dr. Alejandro Guerra-Hernndez Universidad Veracruzana Centro de Investigacin en Inteligencia Artificial Sebastin Camacho No. 5, Xalapa, Ver., Mxico 91000

637 views • 36 slides
Agent-Based Modeling and Simulation Models, Agent-based Models and the Modeling Cycle Dr.

Agent-Based Modeling and Simulation Models, Agent-based Models and the Modeling Cycle Dr.

Agent-Based Modeling and Simulation Models, Agent-based Models and the Modeling Cycle Dr. Alejandro Guerra-Hernndez Universidad Veracruzana Centro de Investigacin en Inteligencia Artificial Sebastin Camacho No. 5, Xalapa, Ver., Mxico

694 views • 43 slides
Agent-Based Modeling and Simulation Agent-Based Modeling and Simulation of Collaborative Social

Agent-Based Modeling and Simulation Agent-Based Modeling and Simulation of Collaborative Social

Agent-Based Modeling and Simulation Agent-Based Modeling and Simulation of Collaborative Social Networks of Collaborative Social Networks Research in Progress Research in Progress Greg Madey Vincent Freeh Renee Tynan Computer Science

573 views • 35 slides
SIMULATION http://sim.sagepub.com Layered Intelligence for Agent-based Crowd Simulation

SIMULATION http://sim.sagepub.com Layered Intelligence for Agent-based Crowd Simulation

SIMULATION http://sim.sagepub.com Layered Intelligence for Agent-based Crowd Simulation Bikramjit Banerjee, Ahmed Abukmail and Landon Kraemer SIMULATION 2009; 85; 621 DOI: 10.1177/0037549709340659 The online version of this article can be

356 views • 14 slides
Agent- -Based Participatory Based Participatory Agent Simulation Activities for the Simulation

Agent- -Based Participatory Based Participatory Agent Simulation Activities for the Simulation

Agent- -Based Participatory Based Participatory Agent Simulation Activities for the Simulation Activities for the Emergence of Emergence of Complex Social Behaviors Complex Social Behaviors Stefano Cacciaguerra, Matteo Roffilli

508 views • 29 slides
[1] (jmc@uac.pt) Overview Aores Geographic Location Agent-Based Modelling Simulation

[1] (jmc@uac.pt) Overview Aores Geographic Location Agent-Based Modelling Simulation

Agent-Based Modelling Simulation (ABMS) Research Opportunities for Pest Control and Marine Resource Management in Aores Jos Cascalho [1] (jmc@uac.pt) Overview Aores Geographic Location Agent-Based Modelling Simulation ABMS

555 views • 18 slides
GAMA Gis & Agent-based Modeling Architecture Dr. Jacopo Pellegrino Introduction Gis

GAMA Gis & Agent-based Modeling Architecture Dr. Jacopo Pellegrino Introduction Gis

Simulation Models for Economics A.Y. 2014/2015 GAMA Gis & Agent-based Modeling Architecture Dr. Jacopo Pellegrino Introduction Gis & Agent-based Modeling Architecture Agent-based, spatially explicit, modeling and simulation

719 views • 22 slides
in Agent-Based Simulation: A Case Study of Soccer Penalty Tuong Vu (txv@cs.nott.ac.uk)

in Agent-Based Simulation: A Case Study of Soccer Penalty Tuong Vu (txv@cs.nott.ac.uk)

Comparison of Crisp and Fuzzy System in Agent-Based Simulation: A Case Study of Soccer Penalty Tuong Vu (txv@cs.nott.ac.uk) Peer-Olaf Siebers Christian Wagner Outline Agent-Based Simulation Case study of Soccer Penalty Crisp

316 views • 20 slides
Agent-Based Modelling and Simulation Romain Franceschini, Hans Vangheluwe MoSIS Introduction 2

Agent-Based Modelling and Simulation Romain Franceschini, Hans Vangheluwe MoSIS Introduction 2

Agent-Based Modelling and Simulation Romain Franceschini, Hans Vangheluwe MoSIS Introduction 2 Agent Paradigm The agent paradigm is a collection of concepts used to tackle behaviour of Distributed, Situated, Interacting, Autonomous and

843 views • 70 slides
Boxed Economy Simulation Platform Boxed Economy Simulation Platform for Agent- -Based Economic

Boxed Economy Simulation Platform Boxed Economy Simulation Platform for Agent- -Based Economic

Boxed Economy Simulation Platform Boxed Economy Simulation Platform for Agent- -Based Economic and Social Based Economic and Social for Agent Modeling Modeling Open and look inside the black box, and you can find another world Takashi

433 views • 17 slides
Agent-Based Modeling and Simulation Introduction to Reinforcement Learning Dr. Alejandro

Agent-Based Modeling and Simulation Introduction to Reinforcement Learning Dr. Alejandro

Agent-Based Modeling and Simulation Introduction to Reinforcement Learning Dr. Alejandro Guerra-Hernndez Universidad Veracruzana Centro de Investigacin en Inteligencia Artificial Sebastin Camacho No. 5, Xalapa, Ver., Mxico 91000

699 views • 58 slides
Agent-Based Modeling and Simulation Analyzing and Understanding ABMs Dr. Alejandro

Agent-Based Modeling and Simulation Analyzing and Understanding ABMs Dr. Alejandro

Agent-Based Modeling and Simulation Analyzing and Understanding ABMs Dr. Alejandro Guerra-Hernndez Universidad Veracruzana Centro de Investigacin en Inteligencia Artificial Sebastin Camacho No. 5, Xalapa, Ver., Mxico 91000

1.34k views • 61 slides
Using OpenStreetMap to model bicycle traffic in an agent- based transport simulation Dominik

Using OpenStreetMap to model bicycle traffic in an agent- based transport simulation Dominik

Using OpenStreetMap to model bicycle traffic in an agent- based transport simulation Dominik Ziemke and Simon Metzler State of the Map | Milano | 29 July 2018 Cycling Inexpensive Fast Healthy Quiet Energy-efficient

673 views • 42 slides
Agent-Based Modelling and Simulation with NetLogo Day 2: Session 5 Plotting and batch

Agent-Based Modelling and Simulation with NetLogo Day 2: Session 5 Plotting and batch

Agent-Based Modelling and Simulation with NetLogo Day 2: Session 5 Plotting and batch simulations Session 5 Outline Creating model reporters. Plotting on NetLogo. Model parameter space. Designing simulation experiments.

211 views • 17 slides
Agent-Based Modeling and Simulation Finite Markov Decision Processes Dr. Alejandro

Agent-Based Modeling and Simulation Finite Markov Decision Processes Dr. Alejandro

Agent-Based Modeling and Simulation Finite Markov Decision Processes Dr. Alejandro Guerra-Hernndez Universidad Veracruzana Centro de Investigacin en Inteligencia Artificial Sebastin Camacho No. 5, Xalapa, Ver., Mxico 91000

866 views • 58 slides
Progress on Parameter Synthesis for Markov Models Joost-Pieter Katoen Joint with: Christian

Progress on Parameter Synthesis for Markov Models Joost-Pieter Katoen Joint with: Christian

Progress on Parameter Synthesis for Markov Models Joost-Pieter Katoen Joint with: Christian Dehnert, Nils Jansen, Sebastian Junges, Tim Quatman, Erika brahm, Harold Bruintjes, Florian Corzilius, Ufuk Topcu, Murat Cubutceke, Ivan Papusha,

1.21k views • 103 slides
Graing Trees: a Fault Aack against the SPHINCS framework Laurent Castelnovi Ange

Graing Trees: a Fault Aack against the SPHINCS framework Laurent Castelnovi Ange

Introducon Hash-based signatures Graing trees Conclusion Graing Trees: a Fault Aack against the SPHINCS framework Laurent Castelnovi Ange Marnelli Thomas Prest Introducon Hash-based signatures Graing trees Conclusion

447 views • 21 slides
SWEN 256 Software Process & Project Management Problems that havent

SWEN 256 Software Process & Project Management Problems that havent

SWEN 256 Software Process & Project Management Problems that havent happened yet Characterized by: o Uncertainty (0 < probability < 1) o An associated loss (money, life, reputation, etc) o Manageable some action

413 views • 18 slides
SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille

SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille

SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille Mines-Telecom ludovic.apvrille@telecom-paristech.fr Yves Roudier yves.roudier@eurecom.fr GraMSec2015 Context: Security for Embedded Systems

470 views • 23 slides
Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI ICS, SAL, and Stateflow: 1 Introduction Weve distributed the PVS Verification

978 views • 45 slides
Diffusing Computation Using Spanning Tree Construction for Solving Leader Election Root is

Diffusing Computation Using Spanning Tree Construction for Solving Leader Election Root is

Diffusing Computation Using Spanning Tree Construction for Solving Leader Election Root is the leader In the presence of faults, There may be multiple trees Multiple leaders After recovery There is a unique tree

551 views • 22 slides
Towards Pareto-Optimal Parameter Synthesis for Monotonic Cost Functions FMCAD 2014, Lausanne B.

Towards Pareto-Optimal Parameter Synthesis for Monotonic Cost Functions FMCAD 2014, Lausanne B.

Towards Pareto-Optimal Parameter Synthesis for Monotonic Cost Functions FMCAD 2014, Lausanne B. Bittner, M. Bozzano, A. Cimatti, M. Gario, A. Griggio October 23, 2014 Motivations Parameters: variables with constant value, only partially

799 views • 33 slides
The Google Storage Stack (Chubby, GFS, BigTable) Dan Ports, CSEP 552 Today Three

The Google Storage Stack (Chubby, GFS, BigTable) Dan Ports, CSEP 552 Today Three

The Google Storage Stack (Chubby, GFS, BigTable) Dan Ports, CSEP 552 Today Three real-world systems from Google GFS: large-scale storage for bulk data BigTable: scalable storage of structured data Chubby: coordination to

821 views • 57 slides

More recommend