Skip to main content
SpringerLink
Log in

Fraud and financial crime detection model using malware forensics

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Recently various electronic financial services are provided by development of electronic devices and communication technology. By diversified electronic financial services and channels, users of none face-to-face electronic financial transaction services continuously increase. At the same time, under financial security environment, leakage threats of inside information and security threats against financial transaction users steadily increase. Accordingly, in this paper, based on framework standards of financial transaction detection and response, digital forensics techniques that has been used to analyze system intrusion incidents traditionally is used to detect anomaly transactions that may occur in the user terminal environment during electronic financial transactions. Particularly, for the method to analyze user terminals, automated malware forensics techniques that is used as supporting tool for malware code detection and analysis is used, and for the method to detect anomaly prior behaviors and transaction patterns of users, moving average based on the statistical basis is applied. In addition, the risk point calculation model is proposed by scoring anomaly transaction cases in the detection step by items. This model logs calculated risk point results as well as maintains incident accountability, which can be utilized as basic data for establishing security incident response and security policies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

  2. Pharming is a hacker’s attack intended to redirect a website’s traffic to another, bogus site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.

  3. Moving average is one of the methods to determine the trend value. For time series of X 1, X 2,…X t , and moving average \( \overline{{{X_{\mathrm{m}}}}} \) in the period range of m at the time t is derived as follows. \( {{{\overline{X_m}}={{{\left( {{X_t}+{X_{t+1 }}+\ldots +{X_{{t+\left( {m-1} \right)}}}} \right)}} \left/ {m} \right.}}} \), (t = 1, 2,…, (t − m)). When new series of \( \overline{{{X_{m+1 }}}},\overline{{{X_{m+2 }}}} \) are made in this way, the change in current time series represents an even trend.

References

  1. Ahnlab (2011) 3.4 DDoS analysis report

  2. http://en.wikipedia.org/wiki/Netstat

  3. Hwan LY, Ryeol RH, Sung CK, Wook PC, Hyung PW, Ho KK (2012) A study on malware detection system model based on correlation analysis using live response techniques. Inf Sci Appl (ICISA), 2012 International Conference, pp 1–6. 5

  4. IETF, Brezinski D (2002) Guidelines for evidence collection and archiving, IETF RFC 3227

  5. INCA-CERT (2012) Internet banking malware, Google Code spread through the attempt to bypass the Google Code hosting, http://erteam.tistory.com/313

  6. Jang DH (2007) ARP spoofing attack and countermeasures. Hanseo University

  7. NIST, Kent K, Chevalier S, Grance T, Dang H (2006) Guide to integrating forensic techniques into incident response, NIST SP 800–86

  8. Park HH, Park DW (2006) A study on new treatment way of a malicious code to use a DLL injection technique. J Korea Soc Comput Inf 11(5):251–258

    Google Scholar 

  9. Telecommunications Technology Association (TTA) (2011) Fraud detection and response framework in electronic financial transaction system, TTAK.KO-12.0178

  10. The American Bankers Association (ABA) (2011) Survey: online banking surges, mobile lags. http://www.americanbanker.com/issues/176_175/online-banking-surges-1042001–1.html?zkPrintable=true

Download references

Acknowledgments

This work is supported by the Korea Information Security Agency (H2101-12-1001).

Author information

Authors and Affiliations

  1. Korea University, 145 Anam-dong 5-ga, Seongbuk-gu, Seoul, Korea

    Ae Chan Kim & Dong Hoon Lee

  2. Department of Computer Engineering, Catholic University of Pusan, #57, Oryundae-ro, Geumjeong-gu, Busan, 609-757, Korea

    Seongkon Kim

  3. Department of Cyber Security, Far East University, Wangjang-ri, Gamgok-myeon, Eumseong-gun, Chungbuk, 369-700, Korea

    Won Hyung Park

Authors
  1. Ae Chan Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seongkon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Won Hyung Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dong Hoon Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Won Hyung Park.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kim, A.C., Kim, S., Park, W.H. et al. Fraud and financial crime detection model using malware forensics. Multimed Tools Appl 68, 479–496 (2014). https://doi.org/10.1007/s11042-013-1410-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-013-1410-3

Keywords

Search

Navigation