|
Fraud detection with Complex Event Processing |
|
|
|
Tuesday, 27 May 2008 |
Opportunity and threats are two sides of the same bottom line. Threats
include frauds of all kinds, isolated and "wholesales" frauds. Fraud
detection is mostly about finding significant exceptions from normal
patterns. The data transformation in typical Business Intelligence data
warehouse need to be transformed for fraud detection algorithms. In
typical BI applications, data are gathered for predicting buying
patterns, converting patterns, or churning pattterns, i.e. what
campaigns produce the most conversions for certain market segments.
Here data are grouped into categories, or subgroups. A model can then
be used to predict the behaviors of the subgroup.
There are related Fraud metrics: detection, remedies, and preventions.
Fraud detection mainly uses statistical anomalies. Fraud prevention
employs "what-ifs" scenarios and anticipation of possible breaches.
Fraud detection and remedies shares similarities with information
security breach detection and remedies. For example, "honey-pots" are
used to lure potential violators. Fraud reduction metrics can guide the
process of selecting remedies and fraud detection methods. "No stone is
left unturned" is a useful notion in the process of forming possible
scenarios and eliminating non-useful hypotheses. On the Internet, not
only original IP addresses information are useful, but pattern
redirect, time of response can indicate suspicious activies.
Some possible technologies:
- Rule-based engines, i.e. Blade, Ilog
- Complex event processing, i.e. SqlStream, Coral8 (see a previous blog here)
- Neural nets.
- Tibco's SOA architecture using Joint Directors of Laboratories (JDL)
data fusion model
The JDL can use statistical and data mining techniques including
classification (trees), association, correlation, clustering to produce
normalized event streams. From this, scoreCards are produced to show
possible fraudulent activities. A rules-based system can be used to
classify kinds of frauds.
|