Abstract: Tracing and locating the geographical location of users (Geolocation) is used extensively in todays Internet. Whenever we, e.g., request a page from google we are - unless there was a specific configuration made - automatically forwarded to the page with the relevant language and amongst others, dependent on our location identified, specific commercials are presented. Especially within the area of Network Security, Geolocation has a significant impact. Because of the way the Internet works, attacks can be executed from almost everywhere. Therefore, for an attribution, knowledge of the origination of an attack - and thus Geolocation - is mandatory in order to be able to trace back an attacker. In addition, Geolocation can also be used very successfully to increase the security of a network during operation (i.e. before an intrusion actually has taken place). Similar to greylisting in emails, Geolocation allows to (i) correlate attacks detected with new connections and (ii) as a consequence to classify traffic a priori as more suspicious (thus particularly allowing to inspect this traffic in more detail). Although numerous techniques for Geolocation are existing, each strategy is subject to certain restrictions. Following the ideas of Endo et al., this publication tries to overcome these shortcomings with a combined solution of different methods to allow improved and optimized Geolocation. Thus, we present our architecture for improved Geolocation, by designing a new algorithm, which combines several Geolocation techniques to increase the accuracy.
Abstract: Nowaday-s, many organizations use systems that
support business process as a whole or partially. However, in some
application domains, like software development and health care
processes, a normative Process Aware System (PAS) is not suitable,
because a flexible support is needed to respond rapidly to new
process models. On the other hand, a flexible Process Aware System
may be vulnerable to undesirable and fraudulent executions, which
imposes a tradeoff between flexibility and security. In order to make
this tradeoff available, a genetic-based anomaly detection model for
logs of Process Aware Systems is presented in this paper. The
detection of an anomalous trace is based on discovering an
appropriate process model by using genetic process mining and
detecting traces that do not fit the appropriate model as anomalous
trace; therefore, when used in PAS, this model is an automated
solution that can support coexistence of flexibility and security.
Abstract: Today, money laundering (ML) poses a serious threat
not only to financial institutions but also to the nation. This criminal
activity is becoming more and more sophisticated and seems to have
moved from the cliché of drug trafficking to financing terrorism and
surely not forgetting personal gain. Most international financial
institutions have been implementing anti-money laundering solutions
(AML) to fight investment fraud. However, traditional investigative
techniques consume numerous man-hours. Recently, data mining
approaches have been developed and are considered as well-suited
techniques for detecting ML activities. Within the scope of a
collaboration project for the purpose of developing a new solution for
the AML Units in an international investment bank, we proposed a
data mining-based solution for AML. In this paper, we present a
heuristics approach to improve the performance for this solution. We
also show some preliminary results associated with this method on
analysing transaction datasets.
Abstract: In this report we present a rule-based approach to
detect anomalous telephone calls. The method described here uses
subscriber usage CDR (call detail record) data sampled over two
observation periods: study period and test period. The study period
contains call records of customers- non-anomalous behaviour.
Customers are first grouped according to their similar usage
behaviour (like, average number of local calls per week, etc). For
customers in each group, we develop a probabilistic model to describe
their usage. Next, we use maximum likelihood estimation (MLE) to
estimate the parameters of the calling behaviour. Then we determine
thresholds by calculating acceptable change within a group. MLE is
used on the data in the test period to estimate the parameters of the
calling behaviour. These parameters are compared against thresholds.
Any deviation beyond the threshold is used to raise an alarm. This
method has the advantage of identifying local anomalies as compared
to techniques which identify global anomalies. The method is tested
for 90 days of study data and 10 days of test data of telecom
customers. For medium to large deviations in the data in test window,
the method is able to identify 90% of anomalous usage with less than
1% false alarm rate.
Abstract: Frauds in insurance industry are one of the major
sources of operational risk of insurance companies and constitute a
significant portion of their losses. Every reasonable company on the
market aims for improving their processes of uncovering frauds and
invests their resources to reduce them. This article is addressing fraud
management area from the view of extension of existing Business
Intelligence solution. We describe the frame of such solution and
would like to share with readers all benefits brought to insurance
companies by adopting this approach in their fight against insurance
frauds.
Abstract: e-mail has become an important means of electronic
communication but the viability of its usage is marred by Unsolicited
Bulk e-mail (UBE) messages. UBE consists of many types
like pornographic, virus infected and 'cry-for-help' messages as well
as fake and fraudulent offers for jobs, winnings and medicines. UBE
poses technical and socio-economic challenges to usage of e-mails.
To meet this challenge and combat this menace, we need to
understand UBE. Towards this end, the current paper presents a
content-based textual analysis of more than 2700 body enhancement
medicinal UBE. Technically, this is an application of Text Parsing
and Tokenization for an un-structured textual document and we
approach it using Bag Of Words (BOW) and Vector Space Document
Model techniques. We have attempted to identify the most
frequently occurring lexis in the UBE documents that advertise
various products for body enhancement. The analysis of such top
100 lexis is also presented. We exhibit the relationship between
occurrence of a word from the identified lexis-set in the given UBE
and the probability that the given UBE will be the one advertising for
fake medicinal product. To the best of our knowledge and survey of
related literature, this is the first formal attempt for identification of
most frequently occurring lexis in such UBE by its textual analysis.
Finally, this is a sincere attempt to bring about alertness against and
mitigate the threat of such luring but fake UBE.
Abstract: This paper presents a procedure for estimating VAR
using Sequential Discounting VAR (SDVAR) algorithm for online
model learning to detect fraudulent acts using the telecommunications
call detailed records (CDR). The volatility of the VAR is observed
allowing for non-linearity, outliers and change points based on the
works of [1]. This paper extends their procedure from univariate
to multivariate time series. A simulation and a case study for
detecting telecommunications fraud using CDR illustrate the use of
the algorithm in the bivariate setting.
Abstract: Cooperative organizations in Malaysia are going
through a phase of rapid growth. They are seen by the government as
another crucial vehicle to drive and boost up the country-s
economical development and growth. Hence, the issue of cooperative
governance is of great importance. Unlike literatures on corporate
governance for public listed companies-, literatures on governance
for social enterprises, in particular the cooperative organizations are
still at the early stage in Malaysia and very scant in number. This
paper will look into current practices as well as issues and challenges
related to cooperative governance. The need for a better solution
towards forming best practices of cooperative governance framework
appears imperative in deterring cases of mismanagement and fraud.
Abstract: This paper aims to (1) analyze the profiles of
transgressors (detected evaders); (2) examine reason(s) that triggered a
tax audit, causes of tax evasion, audit timeframe and tax penalty
charged; and (3) to assess if tax auditors followed the guidelines as
stated in the 'Tax Audit Framework' when conducting tax audits. In
2011, the Inland Revenue Board Malaysia (IRBM) had audited and
finalized 557 company cases. With official permission, data of all the
557 cases were obtained from the IRBM. Of these, a total of 421 cases
with complete information were analyzed. About 58.1% was small and
medium corporations and from the construction industry (32.8%). The
selection for tax audit was based on risk analysis (66.8%), information
from third party (11.1%), and firm with low profitability or fluctuating
profit pattern (7.8%). The three persistent causes of tax evasion by
firms were over claimed expenses (46.8%), fraudulent reporting of
income (38.5%) and overstating purchases (10.5%). These findings
are consistent with past literature. Results showed that tax auditors
took six to 18 months to close audit cases. More than half of tax
evaders were fined 45% on additional tax raised during audit for the
first offence. The study found tax auditors did follow the guidelines in
the 'Tax Audit Framework' in audit selection, settlement and penalty
imposition.
Abstract: This paper explores the effectiveness of machine
learning techniques in detecting firms that issue fraudulent financial
statements (FFS) and deals with the identification of factors
associated to FFS. To this end, a number of experiments have been
conducted using representative learning algorithms, which were
trained using a data set of 164 fraud and non-fraud Greek firms in the
recent period 2001-2002. The decision of which particular method to
choose is a complicated problem. A good alternative to choosing
only one method is to create a hybrid forecasting system
incorporating a number of possible solution methods as components
(an ensemble of classifiers). For this purpose, we have implemented
a hybrid decision support system that combines the representative
algorithms using a stacking variant methodology and achieves better
performance than any examined simple and ensemble method. To
sum up, this study indicates that the investigation of financial
information can be used in the identification of FFS and underline the
importance of financial ratios.
Abstract: Secure electronic payment system is presented in this
paper. This electronic payment system is to be secure for clients such
as customers and shop owners. The security architecture of the
system is designed by RC5 encryption / decryption algorithm. This
eliminates the fraud that occurs today with stolen credit card
numbers. The symmetric key cryptosystem RC5 can protect
conventional transaction data such as account numbers, amount and
other information. This process can be done electronically using RC5
encryption / decryption program written by Microsoft Visual Basic
6.0. There is no danger of any data sent within the system being
intercepted, and replaced. The alternative is to use the existing
network, and to encrypt all data transmissions. The system with
encryption is acceptably secure, but that the level of encryption has
to be stepped up, as computing power increases. Results In order to
be secure the system the communication between modules is
encrypted using symmetric key cryptosystem RC5. The system will
use simple user name, password, user ID, user type and cipher
authentication mechanism for identification, when the user first
enters the system. It is the most common method of authentication in
most computer system.
Abstract: We identify clawback triggers from firms- proxy
statements (Form DEF 14A) and use the likelihood of restatements to
proxy for financial reporting quality. Based on a sample of 578 U.S.
firms that voluntarily adopt clawback provisions during 2003-2009,
when restatement-based triggers could be decomposed into two types:
fraud and unintentional error, and we do observe the evidence that
using fraud triggers is associated with high financial reporting quality.
The findings support that fraud triggers can enhance deterrent effect of
clawback provision by establishing a viable disincentive against fraud,
misconduct, and otherwise harmful acts. These results are robust to
controlling for the compensation components, to different sample
specifications and to a number of sensitivity.
Abstract: Phishing scheme is a new emerged security issue of
E-Commerce Crime in globalization. In this paper, the legal scaffold
of Malaysia, United States and United Kingdom are analyzed and
followed by discussion on critical issues that rose due to phishing
activities. The result revealed that inadequacy of current legal
framework is the main challenge to govern this epidemic. However,
lack of awareness among consumers, crisis on merchant-s
responsibility and lack of intrusion reports and incentive arrangement
contributes to phishing proliferating. Prevention is always better than
curb. By the end of this paper, some best practices for consumers and
corporations are suggested.
Abstract: Statistics indicate that more than 1000 phishing attacks are launched every month. With 57 million people hit by the fraud so far in America alone, how do we combat phishing?This publication aims to discuss strategies in the war against Phishing. This study is an examination of the analysis and critique found in the ways adopted at various levels to counter the crescendo of phishing attacks and new techniques being adopted for the same. An analysis of the measures taken up by the varied popular Mail servers and popular browsers is done under this study. This work intends to increase the understanding and awareness of the internet user across the globe and even discusses plausible countermeasures at the users as well as the developers end. This conceptual paper will contribute to future research on similar topics.
Abstract: In a recent year usage of VoIP subscription has increased tremendously as compare to Public Switching Telephone System(PSTN). A VoIP subscriber would like to know the exact tariffs of the calls made using VoIP. As the usage increases, the rate of fraud is also increases, causing users complain about excess billing. This in turn hampers the growth of VoIP .This paper describe the common frauds and attack on VoIP based system and make an attempt to solve the billing attack by creating secured channel between caller and callee.
Abstract: In this paper, a framework for the simplification and
standardization of metaheuristic related parameter-tuning by applying
a four phase methodology, utilizing Design of Experiments and
Artificial Neural Networks, is presented. Metaheuristics are multipurpose
problem solvers that are utilized on computational optimization
problems for which no efficient problem specific algorithm
exist. Their successful application to concrete problems requires the
finding of a good initial parameter setting, which is a tedious and
time consuming task. Recent research reveals the lack of approach
when it comes to this so called parameter-tuning process. In the
majority of publications, researchers do have a weak motivation for
their respective choices, if any. Because initial parameter settings
have a significant impact on the solutions quality, this course of
action could lead to suboptimal experimental results, and thereby
a fraudulent basis for the drawing of conclusions.
Abstract: e-mail has become an important means of electronic
communication but the viability of its usage is marred by Unsolicited
Bulk e-mail (UBE) messages. UBE consists of many types
like pornographic, virus infected and 'cry-for-help' messages as well
as fake and fraudulent offers for jobs, winnings and medicines. UBE
poses technical and socio-economic challenges to usage of e-mails.
To meet this challenge and combat this menace, we need to
understand UBE. Towards this end, the current paper presents a
content-based textual analysis of nearly 3000 winnings-announcing
UBE. Technically, this is an application of Text Parsing and
Tokenization for an un-structured textual document and we approach
it using Bag Of Words (BOW) and Vector Space Document Model
techniques. We have attempted to identify the most frequently
occurring lexis in the winnings-announcing UBE documents. The
analysis of such top 100 lexis is also presented. We exhibit the
relationship between occurrence of a word from the identified lexisset
in the given UBE and the probability that the given UBE will be
the one announcing fake winnings. To the best of our knowledge and
survey of related literature, this is the first formal attempt for
identification of most frequently occurring lexis in winningsannouncing
UBE by its textual analysis. Finally, this is a sincere
attempt to bring about alertness against and mitigate the threat of
such luring but fake UBE.
Abstract: Internal controls of accounting are an essential
business function for a growth-oriented organization, and include the
elements of risk assessment, information communications and even
employees' roles and responsibilities. Internal controls of accounting
systems are designed to protect a company from fraud, abuse and
inaccurate data recording and help organizations keep track of
essential financial activities. Internal controls of accounting provide a
streamlined solution for organizing all accounting procedures and
ensuring that the accounting cycle is completed consistently and
successfully. Implementing a formal Accounting Procedures Manual
for the organization allows the financial department to facilitate
several processes and maintain rigorous standards. Internal controls
also allow organizations to keep detailed records, manage and
organize important financial transactions and set a high standard for
the organization's financial management structure and protocols. A
well-implemented system also reduces the risk of accounting errors
and abuse. A well-implemented controls system allows a company's
financial managers to regulate and streamline all functions of the
accounting department. Internal controls of accounting can be set up
for every area to track deposits, monitor check handling, keep track
of creditor accounts, and even assess budgets and financial statements
on an ongoing basis. Setting up an effective accounting system to
monitor accounting reports, analyze records and protect sensitive
financial information also can help a company set clear goals and
make accurate projections. Creating efficient accounting processes
allows an organization to set specific policies and protocols on
accounting procedures, and reach its financial objectives on a regular
basis. Internal accounting controls can help keep track of such areas
as cash-receipt recording, payroll management, appropriate recording
of grants and gifts, cash disbursements by authorized personnel, and
the recording of assets. These systems also can take into account any
government regulations and requirements for financial reporting.
Abstract: Economic crime (i.e. corporate fraud) has a
significant impact on business. This study analyzes the fraud cases
reported by the Malaysian Securities Commission. Frauds involving
market manipulation and/or illegal share trading are the most
common types of fraud reported over the 6 years analyzed. The
highest number of frauds reported involved investment and fund
holding companies. Alarmingly the results indicate quite a high
number of frauds cases are committed by management. The higher
number of Chinese perpetrators may be due to fact that they are the
dominant group in Malaysian business. The result also shows that
more than half of companies involved with fraud are privately held
companies in the investment/fund/finance sector. The results of this
study highlight general characteristic of perpetrators (person and
company) that commit fraud which could help the regulators in their
monitoring and enforcement activities. To investors, this would help
in analyzing their business investment or portfolio risk.
Abstract: Electronic commerce is growing rapidly with on-line
sales already heading for hundreds of billion dollars per year. Due to
the huge amount of money transferred everyday, an increased
security level is required. In this work we present the architecture of
an intelligent speaker verification system, which is able to accurately
verify the registered users of an e-commerce service using only their
voices as an input. According to the proposed architecture, a
transaction-based e-commerce application should be complemented
by a biometric server where customer-s unique set of speech models
(voiceprint) is stored. The verification procedure requests from the
user to pronounce a personalized sequence of digits and after
capturing speech and extracting voice features at the client side are
sent back to the biometric server. The biometric server uses pattern
recognition to decide whether the received features match the stored
voiceprint of the customer who claims to be, and accordingly grants
verification. The proposed architecture can provide e-commerce
applications with a higher degree of certainty regarding the identity
of a customer, and prevent impostors to execute fraudulent
transactions.