CIFD: Computational Immunology for Fraud Detection - PowerPoint PPT Presentation

1 / 13
About This Presentation

CIFD: Computational Immunology for Fraud Detection


CIFD: Computational Immunology for Fraud Detection Dr Richard Overill Department of Computer Science & International Centre for Security Analysis, – PowerPoint PPT presentation

Number of Views:91
Avg rating:3.0/5.0
Slides: 14
Provided by: Cray71


Transcript and Presenter's Notes

Title: CIFD: Computational Immunology for Fraud Detection

CIFDComputational Immunology for Fraud Detection
Dr Richard Overill Department of Computer Science
International Centre for Security
Analysis, Kings College London
Computational Immunology for Fraud Detection
  • DTI LINK project funded under Phase 1 of the
    Management of Information programme
  • Application of adaptive, self-learning
    technologies with low overheads (CI) to fraud
    detection in the financial sector
  • Partners (with Kings College London)
  • Anite Government Systems Ltd. (developer)
  • The Post Office (end user)

Natural Immune Systems
  • are multi-layered (defence in depth)
  • consist of several sub-systems
  • innate immune system (scavenger cells which
    ingest debris and pathogens
  • acquired immune system (white blood cells which
    co-operate to detect and eliminate pathogens /

Acquired Immune System
  • Detector cells generated in bone marrow
    (B-cells), and in lymph system but matured in
    thymus gland (T-cells).
  • Self-binding T-cell detectors destroyed by
    censoring (negative selection) in thymus.
  • B- remaining T-detectors released to bind to
    and destroy foreign (non-self) antigens.

(No Transcript)
Digital Immune Systems I
  • Train with known normal behaviour (self)
  • Generate database(s) of self-signatures.
  • Generate a (random) initial population of
    detectors and screen it against database(s).
  • Challenge the detectors with possibly anomalous
    behaviour (may contain some foreign activity).

Digital Immune Systems II
  • An (approximate) match between a detector and an
    activity trace indicates a possible anomaly.
  • React to (warn of) the possible anomaly.
  • Evolve the population of detectors to reflect
    successful and consistently unsuccessful
    detectors (cloning / killing).

Digital Immune Systems III
  • Can be host-based or network-based
  • Host-based systems monitor behaviour or processes
    on servers or other network hosts.
  • Network-based systems are of 2 types
  • statistical traffic analysis using e.g. IP source
    destination addresses and IP port / service.
  • Promiscuous mode sniffing of IP packets for
    anomalous behaviour.

Application to CIFD
  • Build a database(s) of normal transactions and
    sequences of transactions.
  • Look for anomalous and hence potentially
    fraudulent patterns of behaviour in actual
    transactions and transaction sequences, using the
    detector matching criteria.
  • Adapt the detector population.

Advantages of CI
  • Redundancy collective behaviour of many
    detectors should lead to emergent properties of
    robustness and fault tolerance - no centralised
    or hierarchical control, no SPoF.
  • Memory of previous encounters can be built in,
    e.g. as long-lived successful detectors.
  • Various adaptive learning strategies can be tried
    out, e.g. affinity maturation, niching.

Disadvantages of CI
  • Subject to compromise in similar ways to the
    human immune system, i.e.
  • subversion via auto-immune reaction (cf.
    rheumatoid arthritis) where the system is induced
    to misidentify self as foreign.
  • subversion via immune deficiency response (cf.
    HIV-AIDS) where the systems response is
    suppressed - misidentifying foreign as self.
  • subversion by concealing foreign behaviour in
    self disguise (Wolf in sheeps clothing or

Previous Applicationsof CI
  • Computational Immunology (aka Artificial Immune
    Systems, AIS, in the USA) has already been used
    successfully for
  • detecting the activity of computer viruses and
    other malicious software (IBM TJW Res Cen.)
  • detecting attempted intrusions into computers and
    networks (New Mexico Memphis Univs)

Thank you!Any Questions?ContactTel 020
7848 2833Fax 020 7848 2913Email
Write a Comment
User Comments (0)