Abstract
Fraud is a widespread international problem for enterprises. Organizations increasingly use self-learning classifiers to detect fraud. Such classifiers need training data to successfully distinguish normal from fraudulent behavior. However, data containing authentic fraud scenarios is often not available for researchers. Therefore, we have implemented a data generation tool, which simulates fraudulent and non-fraudulent user behavior within the purchase-to-pay business process of an ERP system. We identified fraud scenarios from literature and implemented them as automated routines using SAP’s programming language ABAP. The data generated can be used to train fraud detection classifiers as well as to benchmark existing ones.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ACFE: Report to the Nations on Occupational Fraud and Abuse (Association of Certified Fraud Examiners). Report, Austin, USA (2014)
Phua, C., Lee, V., Smith, K., Gayer, R.: A comprehensive survey of data mining-based fraud detection research. In: Intelligent Computation Technology and Automation (ICICTA), pp. 1–14. IEEE Press, Changsha, China (2010)
Barse, E.L., Kvarnström, H., Jonsson E.: Synthesizing test data for fraud detection systems. In: 19th Annual Computer Security Applications Conference (ACSAC), pp. 384–394. IEEE Press, Las Vegas, Nevada (2003)
Yannikos, Y., Franke, F., Winter, C., Schneider, M.: 3LSPG: forensic tool evaluation by three layer stochastic process-based generation of data. In: Sako, H., Franke, K.Y., Saitoh, S. (eds.) IWCF 2010. LNCS, vol. 6540, pp. 200–211. Springer, Heidelberg (2011)
Luell, J.: Employee fraud detection under real world conditions. In: Faculty of Economics, Doctoral dissertation, University of Zurich: Zurich, (2010)
Islam, A.K., Corney, M., Mohay, G., Clark, A., Bracher, S., Raub, T., Flegel, U.: Fraud detection in ERP systems using scenario matching. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 112–123. Springer, Heidelberg (2010)
Hevner, A.R., March, S., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)
Webster, J., Watson, R.: Analysing the past to prepare for the future: writing a literature review. MIS Q. 26(2), xiii–xxiii (2002)
Lundin, E., Kvarnström, H., Jonsson, E.: A synthetic fraud data generation methodology. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 265–277. Springer, Heidelberg (2002)
Chinchani, R., Muthukrishnan, A., Chandrasekaran, M., Upadhyaya, S.: RACOON: rapidly generating user command data for anomaly detection from customizable template. In: 20th Annual Computer Security Applications Conference, pp. 189–202. Tucson, Arizona (2004)
Greenberg, S.: Using Unix: Collected Traces of 168 Users. Department of Computer Science, University of Calgary, Calgary (1988)
Masquerading User Data. http://www.schonlau.net/intrusion.html
Griffin, R.: Using big data to combat enterprise fraud. Financ. Exec. Int. 28(10), 44–47 (2012)
Mercuri, R.T.: On auditing audit trails. Commun. ACM 46(1), 17–20 (2003)
Maxion, R.A., Tan, K.M.C.: Benchmarking anomaly-based detection systems. In: International Conference on Dependable Systems and Networks (DSN), New York, pp 623–630 (2000)
Hall, J.A.: Accounting Information Systems. Cengage Learning, Mason (2011)
Porter, M.E.: Competitive Advantage: Creating and Sustaining Superior Performance. Free Press, New York (1998)
Bönner, A., Riedl, M., Wenig, S.: Digitale SAP-Massendatenanalyse. Erich Schmidt Verlag, Berlin (2011)
SAP TERP10: SAP ERP - Integration von Geschäftsprozessen. SAP AG, o.O. (2012)
SAP Freigabeverfahren. http://help.sap.com/erp2005_ehp_05/helpdata/de/75/ee14a355c811d189900000e8322d00/content.htm
Vendor Account Clearing in SAP. http://stabnet.blogspot.de/2012/05/vendor-account-clearing-in-sap-t-code-f.html
SAP Kundenkontrakt. http://help.sap.com/saphelp_erp60_sp/helpdata/de/dd/55fd53545a11d1a7020000e829fd11/content.htm
SAP Enhancements. http://help.sap.com/saphelp_nw70/helpdata/EN/bf/ec079f5db911d295ae0000e82de14a/frameset.htm
SAP Jobeinplanung. http://help.sap.com/saphelp_erp60_sp/helpdata/de/ef/2c513897110872e10000009b38f889/content.htm
Wegelin, M., Englbrecht, M.: SAP-Schnittstellenprogrammierung. Galileo Press, Bonn (2009)
SAP Hintergrundverarbeitung. https://help.sap.com/saphelp_nw70/helpdata/de/ed/a9bb3f8e236d3fe10000000a114084/content.htm
Batch Input – BDC. http://wiki.scn.sap.com/wiki/display/ABAP/Batch+Input+-+BDC
IDES - das SAP Modellunternehmen. https://help.sap.com/saphelp_46c/helpdata/de/af/fc4f35dfe82578e10000009b38f839/frameset.htm
Jonsson, E., Lundin, E., Kvarnström H.: Combining fraud and intrusion detection - meeting new requirements. In: 5th Nordic Workshop on Secure IT-Systems (NORDSEC), p.o.S. Reykjavik, Iceland (2000)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Baader, G., Meyer, R., Wagner, C., Krcmar, H. (2016). Specification and Implementation of a Data Generator to Simulate Fraudulent User Behavior. In: Abramowicz, W., Alt, R., Franczyk, B. (eds) Business Information Systems. BIS 2016. Lecture Notes in Business Information Processing, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-319-39426-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-39426-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-39425-1
Online ISBN: 978-3-319-39426-8
eBook Packages: Business and ManagementBusiness and Management (R0)