Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

EXTENT-2015: Machine Learning to Protect Online Banking Systems

2,323 views

Published on

Machine Learning to Protect Online Banking Systems
Arseniy Reutov, Positive Technologies
11 November 2015
Trading Technology Trends & Quality Assurance Conference in St. Petersburg

Published in: Technology
  • Be the first to comment

  • Be the first to like this

EXTENT-2015: Machine Learning to Protect Online Banking Systems

  1. 1. Machine Learning to Protect Online Banking Systems Arseny Reutov ExTENT Conf’15
  2. 2. About me ― PT Application Firewall™ Research and Development Team Lead ― Web Application Security Researcher ― Positive Hack Days Conference Organizer areutov@ptsecurity.com http://raz0r.name
  3. 3. Agenda ― Online banking security & fraud ― Machine learning & algorithms classification ― Injection Detection ― L7 DDoS Detection ― Fraud Detection
  4. 4. OLB Security Online banking vulnerabilities in 2014: Authentication, Authorization and Android (http://blog.ptsecurity.com/2015/05/online-banking- vulnerabilities-in-2014.html): ― 28 systems for personal (77%) and commercial (23%) online banking were investigated; ― two thirds of the systems (67%) were developed by banks themselves using Java, C#, and PHP; ― the rest were implemented on platforms of well-known vendors.
  5. 5. OLB Fraud Losses from online banking fraud rose by 48% in 2014 compared with 2013 as consumers increasingly conducted their financial affairs on the internet. http://www.bbc.com/news/business-32083781 Online bank fraud soars with conmen on the rise New figures show £60.4m lost last year, up from £40.9m in 2013 http://www.telegraph.co.uk/finance/11499356/Online-bank- fraud-soars-with-conmen-on-the-rise.html
  6. 6. Machine learning
  7. 7. Machine Learning Types Labels in dataset: ― Supervised ― Unsupervised Samples availability: ― Batch learning ― Online learning Task: ― Classification ― Regression ― Clustering
  8. 8. Case: Injection SQL Injection: id=42’ or 1=1--- Shell Command Injection: 192.168.10.1 && cat /etc/passwd LDAP Injection: admin)|((userpassword=*) XPath Injection: user’ or name()=‘admin’or ‘x’=‘y Shellshock: test () { :; }; rm –rf /
  9. 9. Hidden Markov Models
  10. 10. Case: L7 DDoS Common Protection: ― Redirects ― Special Cookie ― JavaScript ― CAPTCHA
  11. 11. Local Outlier Factor
  12. 12. Case: Fraud ― Untrusted user sign up: Login: cxzxc13 IP: 37.130.227.133 Email: qwerty11@bk.ru Phone: 8-800-123-45-67
  13. 13. Case: Fraud ― Untrusted user sign up: Login: cxzxc13 <- no vowels IP: 37.130.227.133 <- TOR IP address Email: qwerty11@bk.ru <- free mail Phone: 8-800-123-45-67 <- fake phone
  14. 14. Case: Fraud ― Legitimate user Time Page 21:58:06 Login.aspx 21:58:07 HomePage.aspx 21:58:15 BalanceCheck.aspx 21:58:27 PayForm.aspx 21:59:22 PayConfirm.aspx 21:59:27 Print.aspx 21:59:32 HomePage.aspx
  15. 15. Case: Fraud ― Suspicious user Time Page 21:55:42 Login.aspx 21:55:43 BalanceCheck.aspx 21:55:43 PayForm.aspx 21:55:44 PayConfirm.aspx 21:55:45 HomePage.aspx
  16. 16. Case: Fraud Features: {dayOfMonth,timeOfDay, browserVersion, latitude, longitude, suspiciousLogin, isTOR, hasFreeMail, hasFakePhone, averagePageTime…} Dataset: {3, 17, 41, 55, 45, 0,0,0, 67…} {16, 15, 42, 59, 30, 0,0,0, 92…} {12, 16, 41, 55, 45, 0,0,0, 74…}
  17. 17. Support Vector Machine
  18. 18. Conclusion Machine learning can be useful for OLB security & fraud detection: ― Choose the algorithm that suits your needs ― Extract relevant features ― Fine tune algorithm parameters ― Train on solid data set ― Cross-validate!

×