Machine learning for detecting fraud in an API

Sánchez Espunyes, Anna

January 2022

An Application Programming Interface (API) provides developers with a high-level framework that abstracts the underlying implementation of services. Using an API reduces the time developers spent on implementation, and it encourages collaboration and innovation from third-party developers. Making an API public has a risk: developers might use it inappropriately. Most APIs have a policy that states which behaviors are considered fraudulent. Detecting applications that fraudulently use an API is a challenging problem: it is unfeasible to review all applications that make requests. API providers aim to implement an automatic tool that accurately detects suspicious applications from all the requesting applications. In this thesis, we study the possibility of using machine learning techniques to detect fraud in Web APIs. We experiment with supervised learning methods (random forests and gradient boosting), clustering methods such as Density-Based Spatial Clustering of Applications with Noise (DBSCAN), and ensemble methods that combine the predictions of supervised learning methods and clustering methods. The dataset available contains data gathered when a developer creates an application and data collected when the application starts making HTTP requests. We derive a meaningful representation from the most important textual fields of the dataset using Sentence-BERT (S-BERT). Furthermore, we experiment with the predictive importance of the S-BERT embeddings. The method that achieves the best performance in the test set is an ensemble method that combines the results from the gradient boosting classifier and DBSCAN. Furthermore, this method performs better when using the S-BERT embeddings of the textual data of the applications, achieving an f1-score of 0.9896. / Ett API (Application Program Interface) ger utvecklare ett högnivåramverk som abstraherar den underliggande implementationen av tjänster. Användning av ett API reducerar tiden utvecklare lägger på implementation, och uppmuntrar samarbete med och innovation av tredjeparts-utvecklare. Att göra ett API publikt har ett risk: utvecklare kan utnyttja den på olämpliga sätt. De flesta API:erna har ett policy som beskriver beteenden som räknas som bedrägliga. Upptäckandet av applikationer som använder ett API på ett bedrägligt sätt är ett icke-trivialt problem, det är omöjligt att undersöka alla applikationer som skickar begäran till API:et. API leverantörerna siktar ständigt på att skapa ett automatiskt verktyg för att exakt upptäcka applikationer misstänkta för bedrägeri. I denna avhandling undersöks möjligheten av användning av maskininlärning för att upptäcka bedrägeri i Web API. Vi experimenterar med övervakad inlärningsmetoder (random forests och gradient boosting), klustring metoder som Density-Based Spatial Clustering of Applications with Noise (DBSCAN) och ensemble metoder som kombinerar prediktionerna av övervakad inlärningsmetoder och klustring metoder. Det tillgängliga datasetet innehåller data samlat när en utvecklare skapar en applikation och när den börjar skicka HTTP begäran. Vi härleder en meningsfull representation från de viktigaste textfälten i datasetet med hjälp av Sentence-BERT (SBERT). Dessutom experimenterar vi med den prediktiva betydelsen av S-BERT-inbäddningarna. Metoden som uppfyller den bästa prestandan i testsetet är ett ensemble metod som kombinerade resultaten från gradient boosting klassificeraren och DBSCAN. Denna metod presterar även bättre vid användning av S-BERT-inbäddnignarna av applikationernas textdata och därav uppnår ett f1-score på 0.9896.

Fraud detection

Machine learning

Supervised learning

Sentence-BERT

Web API

Bedrägeriupptäckt

Maskininlärning

Övervakad inlärning

Sentence-BERT

Web API

Computer and Information Sciences

Data- och informationsvetenskap

Some Advances in Classifying and Modeling Complex Data

Zhang, Angang

16 December 2015

In statistical methodology of analyzing data, two of the most commonly used techniques are classification and regression modeling. As scientific technology progresses rapidly, complex data often occurs and requires novel classification and regression modeling methodologies according to the data structure. In this dissertation, I mainly focus on developing a few approaches for analyzing the data with complex structures. Classification problems commonly occur in many areas such as biomedical, marketing, sociology and image recognition. Among various classification methods, linear classifiers have been widely used because of computational advantages, ease of implementation and interpretation compared with non-linear classifiers. Specifically, linear discriminant analysis (LDA) is one of the most important methods in the family of linear classifiers. For high dimensional data with number of variables p larger than the number of observations n occurs more frequently, it calls for advanced classification techniques. In Chapter 2, I proposed a novel sparse LDA method which generalizes LDA through a regularized approach for the two-class classification problem. The proposed method can obtain an accurate classification accuracy with attractive computation, which is suitable for high dimensional data with p>n. In Chapter 3, I deal with the classification when the data complexity lies in the non-random missing responses in the training data set. Appropriate classification method needs to be developed accordingly. Specifically, I considered the "reject inference problem'' for the application of fraud detection for online business. For online business, to prevent fraud transactions, suspicious transactions are rejected with unknown fraud status, yielding a training data with selective missing response. A two-stage modeling approach using logistic regression is proposed to enhance the efficiency and accuracy of fraud detection. Besides the classification problem, data from designed experiments in scientific areas often have complex structures. Many experiments are conducted with multiple variance sources. To increase the accuracy of the statistical modeling, the model need to be able to accommodate more than one error terms. In Chapter 4, I propose a variance component mixed model for a nano material experiment data to address the between group, within group and within subject variance components into a single model. To adjust possible systematic error introduced during the experiment, adjustment terms can be added. Specifically a group adaptive forward and backward selection (GFoBa) procedure is designed to select the significant adjustment terms. / Ph. D.

A/B testing

fraud detection

linear classifier

misclassification error

net profit value

reject inference

sparse linear discriminant analysis

two-class classification

variance component mixed model.

Evaluating the effectiveness of Benford's law as an investigative tool for forensic accountants / Lizan Kellerman

Kellerman, Lizan

January 2014

“Some numbers really are more popular than others.” Mark J. Nigrini (1998a:15) The above idea appears to defy common sense. In a random sequence of numbers drawn from a company’s financial books, every digit from 1 to 9 seems to have a one-in-nine chance of being the leading digit when used in a series of numbers. But, according to a mathematical formula of over 60 years old making its way into the field of accounting, certain numbers are actually more popular than others (Nigrini, 1998a:15). Accounting numbers usually follow a mathematical law, named Benford’s Law, of which the result is so unpredictable that fraudsters and manipulators, as a rule, do not succeed in observing the Law. With this knowledge, the forensic accountant is empowered to detect irregularities, anomalies, errors or fraud that may be present in a financial data set. The main objective of this study was to evaluate the effectiveness of Benford’s Law as a tool for forensic accountants. The empirical research used data from Company X to test the hypothesis that, in the context of financial fraud investigations, a significant difference between the actual and expected frequencies of Benford’s Law could be an indication of an error, fraud or irregularity. The effectiveness of Benford’s Law was evaluated according to findings from the literature review and empirical study. The results indicated that a Benford’s Law analysis was efficient in identifying the target groups in the data set that needed further investigation as their numbers did not match Benford’s Law. / MCom (Forensic Accountancy), North-West University, Potchefstroom Campus, 2014

Analytical procedures

Benford’s Law

Data irregularities

Digital analysis

First digit distributions

First digit law

Fraud detection

Investigative accounting

Forensic accounting

Analitiese prosedures

Benford se wet

Data-onreëlmatighede

Digitale analise

Eerste-syfer-verdelings

Eerste-syfer-wet

Bedrog-opsporing

Forensiese rekeningkunde

Evaluating the effectiveness of Benford's law as an investigative tool for forensic accountants / Lizan Kellerman

Kellerman, Lizan

January 2014

“Some numbers really are more popular than others.” Mark J. Nigrini (1998a:15) The above idea appears to defy common sense. In a random sequence of numbers drawn from a company’s financial books, every digit from 1 to 9 seems to have a one-in-nine chance of being the leading digit when used in a series of numbers. But, according to a mathematical formula of over 60 years old making its way into the field of accounting, certain numbers are actually more popular than others (Nigrini, 1998a:15). Accounting numbers usually follow a mathematical law, named Benford’s Law, of which the result is so unpredictable that fraudsters and manipulators, as a rule, do not succeed in observing the Law. With this knowledge, the forensic accountant is empowered to detect irregularities, anomalies, errors or fraud that may be present in a financial data set. The main objective of this study was to evaluate the effectiveness of Benford’s Law as a tool for forensic accountants. The empirical research used data from Company X to test the hypothesis that, in the context of financial fraud investigations, a significant difference between the actual and expected frequencies of Benford’s Law could be an indication of an error, fraud or irregularity. The effectiveness of Benford’s Law was evaluated according to findings from the literature review and empirical study. The results indicated that a Benford’s Law analysis was efficient in identifying the target groups in the data set that needed further investigation as their numbers did not match Benford’s Law. / MCom (Forensic Accountancy), North-West University, Potchefstroom Campus, 2014

Analytical procedures

Benford’s Law

Data irregularities

Digital analysis

First digit distributions

First digit law

Fraud detection

Investigative accounting

Forensic accounting

Analitiese prosedures

Benford se wet

Data-onreëlmatighede

Digitale analise

Eerste-syfer-verdelings

Eerste-syfer-wet

Bedrog-opsporing

Forensiese rekeningkunde

The best practices applied by forensic investigators in conducting lifestyle audits on white collar crime suspects

Gillespie, Roy Tamejen

05 1900

This research looks at the best practices applied by forensic investigators in conducting lifestyle audits on white collar crime suspects. The researcher explored, firstly, how a lifestyle audit relates to white collar crime investigations; secondly, the best practices in performing lifestyle audits on white collar crime suspects, and lastly, the various sources of information available to forensic investigators when conducting a lifestyle audit of a white collar crime suspect. As lifestyle audits will serve as an investigative tool in future forensic investigations into white collar crime, this study’s aim was to understand and create an awareness of the current best practices applied by forensic investigators within private sector forensic investigation practices while conducting lifestyle audits during white collar crime investigations. It also makes available research data regarding the concept of lifestyle audits in white collar crime investigations, the implementation of these audits, the benefits, and the best practices of these audits. The general purpose of this study was to provide practical recommendations on the best practices for lifestyle audits for forensic investigators within private sector. / Criminology / M. Tech. (Forensic Investigation)

Fraud

White Collar Crime

Crime investigation

Forensic investigation

Crime intelligence

Crime information

Net worth analysis

Lifestyle audit

Background check

Suspect profiling

Lifestyle profile

Sources of information

Fraud detection

363.25968

White collar crime investigation

Criminal investigation

Criminal behavior, Prediction of

Fraud investigation

International fraud: A management perspective

Albrecht, Chad Orsen

30 May 2008

L'objectiu de la meva tesi és tractar i entendre millor els múltiples aspectes de la corrupció i el frau internacionals des de la perspectiva del management. Amb aquesta finalitat, hi proporciono un compendi d'articles, tots els quals han estat publicats en journals amb revisors, o bé estan en procés de ser-ho. El primer article que presento en la meva tesi fou publicat al European Business Forum, una revista especialitzada patrocinada per la CEMS, que és llegida per més de 40.000 professionals dels negocis d'arreu d'Europa. Alguns dels diaris internacionals més importants, com ara el Times of London Newspaper, també citen aquest article a bastament. S'hi exposa per què i com es cometen els fraus. El segon article que comento a la tesi es troba actualment en fase de "revisió i reenviament" al Journal of Business Ethics. Es tracta d'un journal sobre factors d'impacte, inclòs a la llista dels 40 millors journals de management que publica el Financial Times. Aquest article tracta de com les persones fan servir el poder per reclutar altres persones per tal que participin en el frau d'estats financers. Aquest segon article també es va sotmetre a la revisió d'àrbitres a l'edició 2007 de la European Academy of Management Conference que tingué lloc a París, França. El tercer article que es presenta en la meva tesi fou publicat a The Journal of Digital Forensics, Security, and Law. També s'havia presentat prèviament a la XII Conferència Anual d'AMCIS amb revisors, que tingué lloc a Acapulco, Mèxic. La Conferència d'AMCIS és un dels principals congressos acadèmics que tracten dels camps relacionats amb els sistemes d'informació. Aquest tercer article analitza com els responsables de perpetrar el frau se serveixen dels principis i les estratègies de poder i negociació per enredar les persones per Internet perquè participin en projectes de frau. El quart article que comento fou publicat a l'Information Systems Security Journal. Aquest journal fa 17 anys que el publica Taylor and Francis Publishing -una de les principals editorials de journals acadèmics-, i és la publicació oficial de CISSP i SSCP. L'article analitza les tendències actuals en matèria de frau i la seva detecció. El cinquè article que es presenta fou publicat a la Corporate Finance Review. Aquest article tracta específicament del frau d'estats financers als Estats Units. També explica què pot fer Europa per aprendre dels errors comesos als Estats Units. La Corporate Finance Review és patrocinada per Thomson Education -una editorial líder en l'àmbit educatiu. Actualment, la revista es troba al 12è any de publicació. Finalment, el darrer article que presento a la tesi és un comentari que es va fer sobre el tema del frau entre dos professors americans i jo mateix. Aquest diàleg es va publicar al Journal of Management, Spirituality, and Religion. El comentari tractava el tema de la relació entre organitzacions imbuïdes en la religió i el frau. / El objetivo de mi tesis es tratar de entender mejor los múltiples aspectos de la corrupción y el fraude internacionales desde la perspectiva del management. Para ello, proporciono un compendio de artículos, todos ellos publicados en journals con revisores, o bien que se hallan en proceso de publicación. El primer artículo que presento en mi tesis fue publicado en el European Business Forum, una revista especializada patrocinada por la CEMS, que es leída por más de 40.000 profesionales de los negocios de toda Europa. Algunos de los diarios internacionales más importantes, como el Times of London Newspaper, también citan este artículo ampliamente. En él se expone por qué y cómo se cometen los fraudes. El segundo artículo que comento en mi tesis se halla actualmente en fase de "revisión y reenvío" al Journal of Business Ethics. Se trata de un journal sobre factores de impacto, incluido en la lista de los 40 mejores journals de management que publica el Financial Times. Dicho artículo trata de cómo las personas se sirven del poder para reclutar a otras personas para que participen en el fraude de estados financieros. Este segundo artículo también fue sometido a la revisión de árbitros en la edición 2007 de la European Academy of Management Conference celebrada en París, Francia. El tercer artículo que presento en mi tesis fue publicado en The Journal of Digital Forensics, Security, and Law. Asimismo, previamente se había presentado en la XII Conferencia Anual de AMCIS con revisores, celebrada en Acapulco, México. La Conferencia de AMCIS es uno de los principales congresos académicos que tratan de los campos relacionados con los sistemas de información. Este tercer artículo analiza cómo los responsables de perpetrar el fraude se sirven de los principios y estrategias de poder y negociación para enredar a persones por Internet para que participen en proyectos de fraude. El cuarto artículo que comento fue publicado en el Information Systems Security Journal. Este journal es publicado desde hace 17 años por Taylor and Francis Publishing -una de las principales editoriales de journals académicos-, y es la publicación oficial de CISSP y SSCP. En dicho artículo se analizan las tendencias actuales en materia de fraude y su detección. El quinto artículo que se presenta fue publicado en la Corporate Finance Review. Este artículo trata específicamente del fraude de estados financieros en Estados Unidos. També explica qué puede hacer Europa para aprender de los errores cometidos en Estados Unidos. La Corporate Finance Review cuenta con el patrocinio de Thomson Education -una editorial líder en el ámbito educativo. En la actualidad, la revista se halla en el 12.º año de publicación. Finalmente, el último artículo que presento en mi tesis es un comentario sobre el tema del fraude, realizado entre dos profesores americanos y yo mismo. Dicho diálogo fue publicado en el Journal of Management, Spirituality, and Religion. El comentario trataba del tema de la relación entre organizaciones imbuidas en la religión y el fraude. / The purpose of my dissertation is to address and better understand the many aspects of International Fraud and Corruption from a Management Perspective. In my dissertation, I provide a compendium of publications. Each publication was published, or is in the process of being published, in a peer-review journal. The first article that is presented in my dissertation was published in the European Business Forum, a CEMS sponsored journal that is read by more than 40,000 business professionals throughout Europe. Several major international newspapers, including the prestigious Times of London Newspaper, also quoted this article extensively. The article addresses why and how fraud are committed. The second article that is presented in my dissertation is currently under "revise and resubmit" status at the Journal of Business Ethics. This journal is an impact factor journal and is included on the Financial Times list of top 40 management journals. The article addresses how individuals use power to recruit other people to participate in financial statement fraud. This second article was also presented at the peer review 2007 European Academy of Management Conference in Paris, France. The third article that is presented in my dissertation was published in The Journal of Digital Forensics, Security, and Law. This article was also previously presented at the 12th annual peer-review AMCIS conference in Acapulco, Mexico. The AMCIS conference is one of the leading academic conferences within the information systems fields. This third article addresses how perpetrators use the principles and strategies of power and negotiation to con individuals via the Internet to participate in fraud schemes. The fourth article presented in my dissertation was published in Information Systems Security Journal. This journal is currently in its 17th year of publication and is published by Taylor and Francis Publishing - one of the leading publishers in academic journals. This journal is also the official publication of the CISSP and SSCP. The article deals with current trends in fraud and its detection. The fifth article that is presented in my dissertation was published in the journal Corporate Finance Review. This article specifically deals with financial statement fraud in the United States. The article further explains what Europe can do to learn from the mistakes of the United States. Thomson Education - a leader in educational publishing, is the sponsor of Corporate Finance Review. The journal is currently in its 12th year of publication. Finally, the last article presented in my dissertation is a commentary that took place on the subject of fraud between two American professors and myself. The dialogue was published in the Journal of Management, Spirituality, and Religion. The topic of the commentary was on the relationship between organizations embedded in religion and fraud.

fraud detection

financial statement fraud

frau

international corruption

detección del fraude

fraude de estados financieros

fraude

corrupción internacional

detecció del frau

frau

frau d'estats financers

corrupció internacional

Management Sciencees

334

336

339

Data Mining Meets HCI: Making Sense of Large Graphs

Chau, Dueng Horng

01 July 2012

We have entered the age of big data. Massive datasets are now common in science, government and enterprises. Yet, making sense of these data remains a fundamental challenge. Where do we start our analysis? Where to go next? How to visualize our findings? We answers these questions by bridging Data Mining and Human- Computer Interaction (HCI) to create tools for making sense of graphs with billions of nodes and edges, focusing on: (1) Attention Routing: we introduce this idea, based on anomaly detection, that automatically draws people’s attention to interesting areas of the graph to start their analyses. We present three examples: Polonium unearths malware from 37 billion machine-file relationships; NetProbe fingers bad guys who commit auction fraud. (2) Mixed-Initiative Sensemaking: we present two examples that combine machine inference and visualization to help users locate next areas of interest: Apolo guides users to explore large graphs by learning from few examples of user interest; Graphite finds interesting subgraphs, based on only fuzzy descriptions drawn graphically. (3) Scaling Up: we show how to enable interactive analytics of large graphs by leveraging Hadoop, staging of operations, and approximate computation. This thesis contributes to data mining, HCI, and importantly their intersection, including: interactive systems and algorithms that scale; theories that unify graph mining approaches; and paradigms that overcome fundamental challenges in visual analytics. Our work is making impact to academia and society: Polonium protects 120 million people worldwide from malware; NetProbe made headlines on CNN, WSJ and USA Today; Pegasus won an opensource software award; Apolo helps DARPA detect insider threats and prevent exfiltration. We hope our Big Data Mantra “Machine for Attention Routing, Human for Interaction” will inspire more innovations at the crossroad of data mining and HCI.

Graph Mining

Data Mining

Machine Learning

Human-Computer Interaction

HCI

Graphical Models

Inference

Big Data

Sensemaking

Visualization

eBay Auction Fraud Detection

Symantec Malware Detection

Belief Propagation

Random Walk

Guilt by Association

Polonium

NetProbe

Apolo

Feldspar

Graphite

The best practices applied by forensic investigators in conducting lifestyle audits on white collar crime suspects

Gillespie, Roy Tamejen

05 1900

This research looks at the best practices applied by forensic investigators in conducting lifestyle audits on white collar crime suspects. The researcher explored, firstly, how a lifestyle audit relates to white collar crime investigations; secondly, the best practices in performing lifestyle audits on white collar crime suspects, and lastly, the various sources of information available to forensic investigators when conducting a lifestyle audit of a white collar crime suspect. As lifestyle audits will serve as an investigative tool in future forensic investigations into white collar crime, this study’s aim was to understand and create an awareness of the current best practices applied by forensic investigators within private sector forensic investigation practices while conducting lifestyle audits during white collar crime investigations. It also makes available research data regarding the concept of lifestyle audits in white collar crime investigations, the implementation of these audits, the benefits, and the best practices of these audits. The general purpose of this study was to provide practical recommendations on the best practices for lifestyle audits for forensic investigators within private sector. / Criminology and Security Science / M. Tech. (Forensic Investigation)

Fraud

White Collar Crime

Crime investigation

Forensic investigation

Crime intelligence

Crime information

Net worth analysis

Lifestyle audit

Background check

Suspect profiling

Lifestyle profile

Sources of information

Fraud detection

363.25968

White collar crime investigation

Criminal investigation

Criminal behavior, Prediction of

Fraud investigation

Detecting financial reporting fraud : the impact and implications of management motivations for external auditors : evidence from the Egyptian context

Kassem, Rasha

January 2016

Financial reporting fraud is a concern for investors, regulators, external auditors, and the public. Although the responsibility for fraud detection lies upon management and those charged with governance, external auditors are likely to come under scrutiny if fraud scandals come to light. Despite the audit regulators efforts in fighting fraud, evidence from prior literature revealed that external auditors still need guidance in assessing and responding to fraud risks. Hence the current study aims at helping external auditors properly assess and respond to the risk of financial reporting fraud in an effort to increase the likelihood of detecting it. In order to achieve this, the current study sought to explore the significance of various fraud factors in assessing the risks of financial reporting fraud and examined how external auditors could assess these fraud factors. The current study also explored the likely motivations behind management fraud, the impact of management motivations on the financial statements, and how external auditors could assess the impact of management motivations. The data for the current study was collected from external auditors working at various audit firms in Egypt via the use of mixed research methods, namely through an online questionnaire and semi-structured interviews. The findings of the current study revealed that management motives are the most significant factor in assessing the risk of financial reporting fraud. Hence the current study suggests that external audit should be viewed in terms of management motivations rather than just the audit of financial statements figures and disclosures. The current study offers detailed guidance to external auditors in this area. The findings of the current study also revealed that management integrity is a significant factor in assessing the risk of financial reporting fraud and that rationalisation of fraud should be assessed as part of management integrity rather than a separate fraud risk factor. The current study found that fraud perpetrators capabilities are equally significant to the opportunity to commit fraud factor yet it is currently ignored by the audit standards and thus should be assessed as part of opportunity to commit fraud. The current study was the first to explore financial reporting fraud and the extent by which external auditors comply with ISA 240 in the Egyptian context. The current study offered recommendations to external auditors, audit firms, audit regulators, and the Egyptian government on how to combat financial reporting fraud. Potential areas for future research were also identified by the current study.

658.15

Možnosti počítačové detekce defraudací a anomálií v účetních datech / Methods of computer detection of fraud and anomalies in financial data

Spitz, Igor

January 2012

This thesis analyzes techniques of manipulation of accounting data for the purpose of fraud. It is further looking for methods, which could be capable of detecting these manipulations and it verifies the efficiency of the procedures already in use. A theoretical part studies method of financial analysis, statistical methods, Benford's tests, fuzzy matching and technologies of machine learning. Practical part verifies the methods of financial analysis, Benford's tests, algorithms for fuzzy matching and neural networks.