EXTENT-2015: Machine Learning to Protect Online Banking Systems

5206c19df417b8876825b5561344c1a0?s=47 Exactpro
November 12, 2015

EXTENT-2015: Machine Learning to Protect Online Banking Systems

Machine Learning to Protect Online Banking Systems
Arseniy Reutov, Positive Technologies
11 November 2015
Trading Technology Trends & Quality Assurance Conference in St. Petersburg

5206c19df417b8876825b5561344c1a0?s=128

Exactpro

November 12, 2015
Tweet

Transcript

  1. None
  2. Machine Learning to Protect Online Banking Systems Arseny Reutov ExTENT

    Conf’15
  3. About me ― PT Application Firewall™ Research and Development Team

    Lead ― Web Application Security Researcher ― Positive Hack Days Conference Organizer areutov@ptsecurity.com http://raz0r.name
  4. Agenda ― Online banking security & fraud ― Machine learning

    & algorithms classification ― Injection Detection ― L7 DDoS Detection ― Fraud Detection
  5. OLB Security Online banking vulnerabilities in 2014: Authentication, Authorization and

    Android (http://blog.ptsecurity.com/2015/05/online-banking- vulnerabilities-in-2014.html): ― 28 systems for personal (77%) and commercial (23%) online banking were investigated; ― two thirds of the systems (67%) were developed by banks themselves using Java, C#, and PHP; ― the rest were implemented on platforms of well-known vendors.
  6. None
  7. OLB Fraud Losses from online banking fraud rose by 48%

    in 2014 compared with 2013 as consumers increasingly conducted their financial affairs on the internet. http://www.bbc.com/news/business-32083781 Online bank fraud soars with conmen on the rise New figures show £60.4m lost last year, up from £40.9m in 2013 http://www.telegraph.co.uk/finance/11499356/Online-bank- fraud-soars-with-conmen-on-the-rise.html
  8. Machine learning

  9. Machine Learning Types Labels in dataset: ― Supervised ― Unsupervised

    Samples availability: ― Batch learning ― Online learning Task: ― Classification ― Regression ― Clustering
  10. Case: Injection SQL Injection: id=42’ or 1=1-- - Shell Command

    Injection: 192.168.10.1 && cat /etc/passwd LDAP Injection: admin)|((userpassword=*) XPath Injection: user’ or name()=‘admin’ or ‘x’=‘y Shellshock: test () { :; }; rm –rf /
  11. Hidden Markov Models

  12. Case: L7 DDoS Common Protection: ― Redirects ― Special Cookie

    ― JavaScript ― CAPTCHA
  13. Local Outlier Factor

  14. Case: Fraud ― Untrusted user sign up: Login: cxzxc13 IP:

    37.130.227.133 Email: qwerty11@bk.ru Phone: 8-800-123-45-67
  15. Case: Fraud ― Untrusted user sign up: Login: cxzxc13 <-

    no vowels IP: 37.130.227.133 <- TOR IP address Email: qwerty11@bk.ru <- free mail Phone: 8-800-123-45-67 <- fake phone
  16. Case: Fraud ― Legitimate user Time Page 21:58:06 Login.aspx 21:58:07

    HomePage.aspx 21:58:15 BalanceCheck.aspx 21:58:27 PayForm.aspx 21:59:22 PayConfirm.aspx 21:59:27 Print.aspx 21:59:32 HomePage.aspx
  17. Case: Fraud ― Suspicious user Time Page 21:55:42 Login.aspx 21:55:43

    BalanceCheck.aspx 21:55:43 PayForm.aspx 21:55:44 PayConfirm.aspx 21:55:45 HomePage.aspx
  18. Case: Fraud Features: {dayOfMonth, timeOfDay, browserVersion, latitude, longitude, suspiciousLogin, isTOR,

    hasFreeMail, hasFakePhone, averagePageTime…} Dataset: {3, 17, 41, 55, 45, 0,0,0, 67…} {16, 15, 42, 59, 30, 0,0,0, 92…} {12, 16, 41, 55, 45, 0,0,0, 74…}
  19. Support Vector Machine

  20. Conclusion Machine learning can be useful for OLB security &

    fraud detection: ― Choose the algorithm that suits your needs ― Extract relevant features ― Fine tune algorithm parameters ― Train on solid data set ― Cross-validate!
  21. None