Visualising network security attacks with multiple 3D visualisation and false alert classification

Musa, Shahrulniza

January 2008

Increasing numbers of alerts produced by network intrusion detection systems (NIDS) have burdened the job of security analysts especially in identifying and responding to them. The tasks of exploring and analysing large quantities of communication network security data are also difficult. This thesis studied the application of visualisation in combination with alerts classifier to make the exploring and understanding of network security alerts data faster and easier. The prototype software, NSAViz, has been developed to visualise and to provide an intuitive presentation of the network security alerts data using interactive 3D visuals with an integration of a false alert classifier. The needs analysis of this prototype was based on the suggested needs of network security analyst's tasks as seen in the literatures. The prototype software incorporates various projections of the alert data in 3D displays. The overview was plotted in a 3D plot named as "time series 3D AlertGraph" which was an extension of the 2D histographs into 3D. The 3D AlertGraph was effectively summarised the alerts data and gave the overview of the network security status. Filtering, drill-down and playback of the alerts at variable speed were incorporated to strengthen the analysis. Real-time visual observation was also included. To identify true alerts from all alerts represents the main task of the network security analyst. This prototype software was integrated with a false alert classifier using a classification tree based on C4.5 classification algorithm to classify the alerts into true and false. Users can add new samples and edit the existing classifier training sample. The classifier performance was measured using k-fold cross-validation technique. The results showed the classifier was able to remove noise in the visualisation, thus making the pattern of the true alerts to emerge. It also highlighted the true alerts in the visualisation. Finally, a user evaluation was conducted to find the usability problems in the tool and to measure its effectiveness. The feed backs showed the tools had successfully helped the task of the security analyst and increased the security awareness in their supervised network. From this research, the task of exploring and analysing a large amount of network security data becomes easier and the true attacks can be identified using the prototype visualisation tools. Visualisation techniques and false alert classification are helpful in exploring and analysing network security data.

005.8

Adoption of New Technology for Identifying Money Laundering : An Exploration of Artificial Intelligence’s Usability in Banks to Combat Money Laundering and Terrorist Financing / Anta ny teknik för identifiering av penningtvätt : Utforskning av AI:s användbarhet i banker för bekämpning av penningtvätt och finansiering av terrorism

Hagopian, Patrik, Persson, Axel

January 2024

As money laundering is a global threat, with approximately US$800 billion to US$2 trillion being laundered yearly, it is important to come up with new and stronger solutions to combat illicit activities. Among the most exploited entities for money laundering are financial institutions, and more specifically banks. Therefore, the purpose of this thesis has been to investigate the usability of Artificial Intelligence (AI) as a decision-maker in the Anti-Money Laundering (AML) department to combat money laundering and terrorist financing. Moreover, the main research question was to explore the usability of AI as a decision-maker within AML operations. To enable this, an important aspect was to understand what regulatory and compliance requirements are demanded on AI from the AML departments. Thereafter, it was necessary to understand AI’s technical functionalities to facilitate the department’s daily operations. The literature review presented the fundamentals of AML and their precautionary actions. Furthermore, in the second phase of the literature review, the fundamentals of AI were investigated. Lastly, a combination of the topics of AML and AI were reviewed to identify techniques that the AML department can implement. Moreover, the methodology of the thesis consisted of a qualitative research design with an inductive approach. In the findings, a framework was constructed from the obtained results (second order themes). Subsequently, those themes were further developed into aggregated dimensions, which were extensively elaborated on in the conclusion. Thereafter, the dimensions were categorized into either the compliance criteria or the functional criteria. Also, the dimensions were presented in the order of priority based on how critical they are. To answer the main research question, AI is usable in the AML department as a decision-maker when considering the aggregated dimensions. Essentially, AI can successfully be implemented into the AML department’s daily operations when all the dimensions are achieved. / Då penningtvätt är ett globalt hot, där det uppskattas att det årligen tvättas 800 miljarder till 2 biljoner amerikanska dollar, är det viktigt att komma med nya och motståndskraftigare lösningar som bekämpar illegala verksamheter. Finansiella institutioner är bland de mest utsatta enheterna för penningtvätt, däribland banker som är mest exponerade. Därför var syftet med masterexamensarbetet att undersöka användbarheten av artificiell intelligens (AI) som beslutsfattare på avdelningen som bekämpar penningtvätt och finansiering av terrorism. Vidare var huvudfrågeställningen att utforska användbarheten av AI som beslutsfattare inom arbetsuppgifterna för avdelningen som bekämpar penningtvätt. För att möjliggöra detta var en viktig aspekt att förstå vilka lagstadgade- och efterlevnadskrav som ställdes på AI från avdelningen som bekämpar penningtvätt. Därefter måste man förstå AI:s tekniska funktioner för att underlätta avdelningens dagliga verksamhet. I litteraturstudien presenterades de grundläggande faktorerna för bekämpning av penningtvätt och deras försiktighetsåtgärder. Vidare i den andra fasen av litteraturstudien undersöktes de grundläggande faktorerna för AI. Slutligen granskades litteratur som behandlade en kombination av ämnena bekämpning av penningtvätt och AI för att identifiera tekniker som avdelningen för bekämpning av penningtvätt kan implementera. Dessutom bestod masterexamensarbetet av en kvalitativ forskningsdesign med en induktiv forskningsprocess. I resultatdelen framställdes ett ramverk utifrån de erhållna resultaten (andra ordningens teman). Därefter utvecklades dessa teman vidare till aggregerade dimensioner, som beskrevs utförligt i slutsatsen. Därpå blev dimensionerna kategoriserade i antingen efterlevnadskriterier eller funktionella kriterier. Dimensionerna presenterades även i prioritetsordning baserat på deras kritiska innebörd. Studien föreslog att AI är användbart på avdelningen som bekämpar penningtvätt som beslutsfattare när de aggregerade dimensionerna tas i beaktning. I huvudsak kan AI framgångsrikt implementeras i avdelningens dagliga verksamhet för att bekämpa penningtvätt när alla dimensioner har uppnåtts.

AI

AML

Decision-Maker

Compliance

Anomaly Detection

Transaction Monitoring

Alert Classification

Machine Learning

Black box

XAI

AI

bekämpning av penningtvätt

beslutsfattare

efterlevnad

detektering av avvikelser

transaktionsmonitorering

varningsklassificering

maskininlärning

svart låda

förklarbar AI

Other Engineering and Technologies

Annan teknik

Economics and Business

Ekonomi och näringsliv