Fraud Detection System
Computer and Information Science; Vol. 7, No. 2; 2014
ISSN 1913-8989
E-ISSN 1913-8997
Published by Canadian Center of Science and Education
A Fraud Detection System Based on Anomaly Intrusion Detection
Systems for E-Commerce Applications
Daniel Massa1 & Raul Valverde2
1
Information Technology and Services, Betsson, Malta
2
John Molson School of Business, Concordia University, Montreal, Canada
Correspondence: Raul Valverde, John Molson School of Business, Concordia University, Montreal, QC., H3G
1M8, Canada. Tel: 1-514-848-2424 ext. 2968. E-mail: rvalverde@jmsb.concordia.ca
Received: March 25, 2014 doi:10.5539/cis.v7n2p117 Accepted: April 14, 2014
Online Published: April 28, 2014
URL: http://dx.doi.org/10.5539/cis.v7n2p117
Abstract
The concept of exchanging goods and services over the Internet has seen an exponential growth in popularity over the years. The Internet has been a major breakthrough of online transactions, leaping over the hurdles of currencies and geographic locations. However, the anonymous nature of the Internet does not promote an idealistic environment for transactions to occur. The increase in online transactions has been added with an equal increase in the number of attacks against security of online systems.
Auction sites and e-commerce web applications have seen an increase in fraudulent transactions. Some of these fraudulent transactions that are executed in e-commerce applications happen due to successful computer intrusions on these web sites. Although a lot of awareness has been raised about these facts, there has not yet been an effective solution to adequately address the problem of application-based attacks in e-commerce.
This paper proposes a fraud detection system that uses different anomaly detection techniques to predict computer intrusion attacks in e-commerce web applications. The system analyses queries that are generated when requesting server-side code on an e-commerce site, and create models for different features when
ISSN 1913-8989
E-ISSN 1913-8997
Published by Canadian Center of Science and Education
A Fraud Detection System Based on Anomaly Intrusion Detection
Systems for E-Commerce Applications
Daniel Massa1 & Raul Valverde2
1
Information Technology and Services, Betsson, Malta
2
John Molson School of Business, Concordia University, Montreal, Canada
Correspondence: Raul Valverde, John Molson School of Business, Concordia University, Montreal, QC., H3G
1M8, Canada. Tel: 1-514-848-2424 ext. 2968. E-mail: rvalverde@jmsb.concordia.ca
Received: March 25, 2014 doi:10.5539/cis.v7n2p117 Accepted: April 14, 2014
Online Published: April 28, 2014
URL: http://dx.doi.org/10.5539/cis.v7n2p117
Abstract
The concept of exchanging goods and services over the Internet has seen an exponential growth in popularity over the years. The Internet has been a major breakthrough of online transactions, leaping over the hurdles of currencies and geographic locations. However, the anonymous nature of the Internet does not promote an idealistic environment for transactions to occur. The increase in online transactions has been added with an equal increase in the number of attacks against security of online systems.
Auction sites and e-commerce web applications have seen an increase in fraudulent transactions. Some of these fraudulent transactions that are executed in e-commerce applications happen due to successful computer intrusions on these web sites. Although a lot of awareness has been raised about these facts, there has not yet been an effective solution to adequately address the problem of application-based attacks in e-commerce.
This paper proposes a fraud detection system that uses different anomaly detection techniques to predict computer intrusion attacks in e-commerce web applications. The system analyses queries that are generated when requesting server-side code on an e-commerce site, and create models for different features when
References: Almadhoob, A., & Valverde, R. (2014). A cybercrime prevention in the kingdom of Bahrain via IT security audit plans Barfar, A., & Mohammadi, S. (2007). Honeypots: intrusion deception. ISSA Journal, 28-31. Berendt, B., Mobasher, B., & Spiliopoulou, M. (2002) Web Usage Mining for E-Business Applications., ECML/PKDD-2002 15, 2011, Bhattacharyya, S., Jha, S., Tharakunnel, K., & Westland, J. C. (2011). Data mining for credit card fraud: A comparative study Bhowmik, R. (2011). Detecting Auto Insurance Fraud by Data Mining Techniques. Journal of Emerging Trends in Computing and Information Sciences, 2(4), 156-162. Bolton, R. J., & Hand, D. J. (2002). Statistical fraud detection: A review. Statistical Science, 235-249. Brause, R., Langsdorf, T., & Hepp, M. (1999). Neural Data Mining for Credit Card Fraud Detection. Chang, S. S., & Chiang, M. S. (2005). An e-intelligence approach to e-commerce intrusion detection. Granular Computing, 2005 IEEE International Conference on (p Corona, I., & Giacinto, G. (2010). Detection of Server-side Web Attacks. In T. Diethe, N. Cristianini, & J. Dawes, R. (2011) OWASP WebScarab Project. Retrieved December https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project 16, 2011, Coding and Computing, 2000. Proceedings. International Conference on (p. 302). Gaarudapuram, S. R. (2008) Data processing for anomaly detection in web-based applications, Dissertation (MA), Oregon State University HooBieNet. (2002). Brutus - The Remote Password Cracker. Retrieved December 18, 2011, from http://www.hoobie.net/brutus/ Ingham, K. (2006) HTTP-delivered attacks against web servers. Retrieved December 14, 2011, from http://www.i-pi.com/HTTP-attacks-JoCN-2006/ Jaquith, A. (2002). The Security of Applications: Not All Are Created Equal, @Stake, Inc. Retrieved July 27, 2011, from http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf Katzgrau, K. (2008). KLogger. Retrieved September 15, 2011, from http://codefury.net/projects/klogger/ Kruegel, C., Vigna, G., & Robertson, W Meyer, R. (2008). Detecting Attacks on Web Applications from Log Files. Information Security Reading Room. 25, 2011, Mookhey, K. K. (2010). Common Security Vulnerabilities in e-commerce Systems. Symantec. Retrieved July 26, from http://www.symantec.com/connect/articles/common-security-vulnerabilities-e-commerce-systems MySQL. (2012). MySQL The world 's most popular open source database. Homepage of MySQL. Retrieved January 26, from http://www.mysql.com/ OsCommerce. (2012). Welcome to osCommerce! Homepage of osCommerce. Retrieved January 26, 2012, from http://www.oscommerce.com/ OWASP. (2008). OWASP Testing Guide (3rd ed.). OWASP Foundation. Penya, Y. K., Ruiz-Agúndez, I., & Bringas, P. G. (2011). Integral Misuse and Anomaly Detection and Prevention System PHP. (2012). PHP: Hypertext Preprocessor. Homepage of PHP. Retrieved January 26, 2012, from http://www.php.net/ Phua, C., Lee, V. C. S., Smith-Miles, K., & Gayler, R. W. (2010). A Comprehensive Survey of Data Mining-based Fraud Detection Research RSnake. (2011b). XSS (Cross Site Scripting) Cheat Sheet. Retrieved December 19, 2011, from http://ha.ckers.org/xss.html Stephens, J., & Valverde, R. (2013). Security of E-Procurement Transactions in Supply Chain Reengineering. Tan, H. S. (2002). E-fraud: current trends and international developments. Journal of Financial Crime, 9(4), 347-354 Tarjan, R. (1972). Depth-first search and linear graph algorithms. SIAM journal on computing, 1(2), 146-160. Networking, Sensing and Control, 2004 IEEE International Conference on (p. 749).