Adoption of New Technology for Identifying Money Laundering : An Exploration of Artificial Intelligence’s Usability in Banks to Combat Money Laundering and Terrorist Financing / Anta ny teknik för identifiering av penningtvätt : Utforskning av AI:s användbarhet i banker för bekämpning av penningtvätt och finansiering av terrorism

Hagopian, Patrik, Persson, Axel

January 2024

As money laundering is a global threat, with approximately US$800 billion to US$2 trillion being laundered yearly, it is important to come up with new and stronger solutions to combat illicit activities. Among the most exploited entities for money laundering are financial institutions, and more specifically banks. Therefore, the purpose of this thesis has been to investigate the usability of Artificial Intelligence (AI) as a decision-maker in the Anti-Money Laundering (AML) department to combat money laundering and terrorist financing. Moreover, the main research question was to explore the usability of AI as a decision-maker within AML operations. To enable this, an important aspect was to understand what regulatory and compliance requirements are demanded on AI from the AML departments. Thereafter, it was necessary to understand AI’s technical functionalities to facilitate the department’s daily operations. The literature review presented the fundamentals of AML and their precautionary actions. Furthermore, in the second phase of the literature review, the fundamentals of AI were investigated. Lastly, a combination of the topics of AML and AI were reviewed to identify techniques that the AML department can implement. Moreover, the methodology of the thesis consisted of a qualitative research design with an inductive approach. In the findings, a framework was constructed from the obtained results (second order themes). Subsequently, those themes were further developed into aggregated dimensions, which were extensively elaborated on in the conclusion. Thereafter, the dimensions were categorized into either the compliance criteria or the functional criteria. Also, the dimensions were presented in the order of priority based on how critical they are. To answer the main research question, AI is usable in the AML department as a decision-maker when considering the aggregated dimensions. Essentially, AI can successfully be implemented into the AML department’s daily operations when all the dimensions are achieved. / Då penningtvätt är ett globalt hot, där det uppskattas att det årligen tvättas 800 miljarder till 2 biljoner amerikanska dollar, är det viktigt att komma med nya och motståndskraftigare lösningar som bekämpar illegala verksamheter. Finansiella institutioner är bland de mest utsatta enheterna för penningtvätt, däribland banker som är mest exponerade. Därför var syftet med masterexamensarbetet att undersöka användbarheten av artificiell intelligens (AI) som beslutsfattare på avdelningen som bekämpar penningtvätt och finansiering av terrorism. Vidare var huvudfrågeställningen att utforska användbarheten av AI som beslutsfattare inom arbetsuppgifterna för avdelningen som bekämpar penningtvätt. För att möjliggöra detta var en viktig aspekt att förstå vilka lagstadgade- och efterlevnadskrav som ställdes på AI från avdelningen som bekämpar penningtvätt. Därefter måste man förstå AI:s tekniska funktioner för att underlätta avdelningens dagliga verksamhet. I litteraturstudien presenterades de grundläggande faktorerna för bekämpning av penningtvätt och deras försiktighetsåtgärder. Vidare i den andra fasen av litteraturstudien undersöktes de grundläggande faktorerna för AI. Slutligen granskades litteratur som behandlade en kombination av ämnena bekämpning av penningtvätt och AI för att identifiera tekniker som avdelningen för bekämpning av penningtvätt kan implementera. Dessutom bestod masterexamensarbetet av en kvalitativ forskningsdesign med en induktiv forskningsprocess. I resultatdelen framställdes ett ramverk utifrån de erhållna resultaten (andra ordningens teman). Därefter utvecklades dessa teman vidare till aggregerade dimensioner, som beskrevs utförligt i slutsatsen. Därpå blev dimensionerna kategoriserade i antingen efterlevnadskriterier eller funktionella kriterier. Dimensionerna presenterades även i prioritetsordning baserat på deras kritiska innebörd. Studien föreslog att AI är användbart på avdelningen som bekämpar penningtvätt som beslutsfattare när de aggregerade dimensionerna tas i beaktning. I huvudsak kan AI framgångsrikt implementeras i avdelningens dagliga verksamhet för att bekämpa penningtvätt när alla dimensioner har uppnåtts.

AI

AML

Decision-Maker

Compliance

Anomaly Detection

Transaction Monitoring

Alert Classification

Machine Learning

Black box

XAI

AI

bekämpning av penningtvätt

beslutsfattare

efterlevnad

detektering av avvikelser

transaktionsmonitorering

varningsklassificering

maskininlärning

svart låda

förklarbar AI

Other Engineering and Technologies

Annan teknik

Economics and Business

Ekonomi och näringsliv

Malicious Intent Detection Framework for Social Networks

Fausak, Andrew Raymond

05 1900

Many, if not all people have online social accounts (OSAs) on an online community (OC) such as Facebook (Meta), Twitter (X), Instagram (Meta), Mastodon, Nostr. OCs enable quick and easy interaction with friends, family, and even online communities to share information about. There is also a dark side to Ocs, where users with malicious intent join OC platforms with the purpose of criminal activities such as spreading fake news/information, cyberbullying, propaganda, phishing, stealing, and unjust enrichment. These criminal activities are especially concerning when harming minors. Detection and mitigation are needed to protect and help OCs and stop these criminals from harming others. Many solutions exist; however, they are typically focused on a single category of malicious intent detection rather than an all-encompassing solution. To answer this challenge, we propose the first steps of a framework for analyzing and identifying malicious intent in OCs that we refer to as malicious mntent detection framework (MIDF). MIDF is an extensible proof-of-concept that uses machine learning techniques to enable detection and mitigation. The framework will first be used to detect malicious users using solely relationships and then can be leveraged to create a suite of malicious intent vector detection models, including phishing, propaganda, scams, cyberbullying, racism, spam, and bots for open-source online social networks, such as Mastodon, and Nostr.

Artificial Intelligence (AI)

Machine Learning (ML)

Deep Learning (DL)

Natural Language Processing (NLP)

Cybersecurity

Malicious Intent Detection

Anomaly Detection

Threat Intelligence

Behavior Analysis

Text Classification

Sentiment Analysis

Predictive Modeling

Neural Networks

Supervised Learning

Unsupervised Learning

Reinforcement Learning

Data Mining

Feature Extraction

Algorithmic Bias

Ethics in AI

Cyber Threats

Intrusion Detection Systems (IDS)

Phishing Detection

Social Engineering

Online Behavior Analysis

Artificial Intelligence

Computer Science

Statistics

A deep learning based anomaly detection pipeline for battery fleets

Khongbantabam, Nabakumar Singh

January 2021

This thesis proposes a deep learning anomaly detection pipeline to detect possible anomalies during the operation of a fleet of batteries and presents its development and evaluation. The pipeline employs sensors that connect to each battery in the fleet to remotely collect real-time measurements of their operating characteristics, such as voltage, current, and temperature. The deep learning based time-series anomaly detection model was developed using Variational Autoencoder (VAE) architecture that utilizes either Long Short-Term Memory (LSTM) or, its cousin, Gated Recurrent Unit (GRU) as the encoder and the decoder networks (LSTMVAE and GRUVAE). Both variants were evaluated against three well-known conventional anomaly detection algorithms Isolation Nearest Neighbour (iNNE), Isolation Forest (iForest), and kth Nearest Neighbour (k-NN) algorithms. All five models were trained using two variations in the training dataset (full-year dataset and partial recent dataset), producing a total of 10 different model variants. The models were trained using the unsupervised method and the results were evaluated using a test dataset consisting of a few known anomaly days in the past operation of the customer’s battery fleet. The results demonstrated that k-NN and GRUVAE performed close to each other, outperforming the rest of the models with a notable margin. LSTMVAE and iForest performed moderately, while the iNNE and iForest variant trained with the full dataset, performed the worst in the evaluation. A general observation also reveals that limiting the training dataset to only a recent period produces better results nearly consistently across all models. / Detta examensarbete föreslår en pipeline för djupinlärning av avvikelser för att upptäcka möjliga anomalier under driften av en flotta av batterier och presenterar dess utveckling och utvärdering. Rörledningen använder sensorer som ansluter till varje batteri i flottan för att på distans samla in realtidsmätningar av deras driftsegenskaper, såsom spänning, ström och temperatur. Den djupinlärningsbaserade tidsserieanomalidetekteringsmodellen utvecklades med VAE-arkitektur som använder antingen LSTM eller, dess kusin, GRU som kodare och avkodarnätverk (LSTMVAE och GRU) VAE). Båda varianterna utvärderades mot tre välkända konventionella anomalidetekteringsalgoritmer -iNNE, iForest och k-NN algoritmer. Alla fem modellerna tränades med hjälp av två varianter av träningsdatauppsättningen (helårsdatauppsättning och delvis färsk datauppsättning), vilket producerade totalt 10 olika modellvarianter. Modellerna tränades med den oövervakade metoden och resultaten utvärderades med hjälp av en testdatauppsättning bestående av några kända anomalidagar under tidigare drift av kundens batteriflotta. Resultaten visade att k-NN och GRUVAE presterade nära varandra och överträffade resten av modellerna med en anmärkningsvärd marginal. LSTMVAE och iForest presterade måttligt, medan varianten iNNE och iForest tränade med hela datasetet presterade sämst i utvärderingen. En allmän observation avslöjar också att en begränsning av träningsdatauppsättningen till endast en ny period ger bättre resultat nästan konsekvent över alla modeller.

Forklift batteries

Battery sensors

Data pipeline

Predictive maintenance

Anomaly detection

Deep learning

Battery failure prediction

Time-series

Variational autoencoder

Long short-term memory

LSTM

Gated recurrent unit

GRU

Isolation nearest neighbor

iNNE

Isolation forest

iForest

kth nearest neighbor

kNN.

Gaffeltruckbatterier

Batterisensorer

Datapipeline

Prediktivt underhåll

Avvikelsedetektering

Deep learning

Batterifelsprediktion

Tidsserier

Variationsautokodare

Långt korttidsminne

LSTM

Gated recurrent unit

GRU

Isolation närmaste granne

iNNE

Isolation skog

iForest

kth närmaste granne

kNN.

Computer and Information Sciences

Data- och informationsvetenskap

Anomaly Detection in RFID Networks

Alkadi, Alaa

01 January 2017

Available security standards for RFID networks (e.g. ISO/IEC 29167) are designed to secure individual tag-reader sessions and do not protect against active attacks that could also compromise the system as a whole (e.g. tag cloning or replay attacks). Proper traffic characterization models of the communication within an RFID network can lead to better understanding of operation under “normal” system state conditions and can consequently help identify security breaches not addressed by current standards. This study of RFID traffic characterization considers two piecewise-constant data smoothing techniques, namely Bayesian blocks and Knuth’s algorithms, over time-tagged events and compares them in the context of rate-based anomaly detection. This was accomplished using data from experimental RFID readings and comparing (1) the event counts versus time if using the smoothed curves versus empirical histograms of the raw data and (2) the threshold-dependent alert-rates based on inter-arrival times obtained if using the smoothed curves versus that of the raw data itself. Results indicate that both algorithms adequately model RFID traffic in which inter-event time statistics are stationary but that Bayesian blocks become superior for traffic in which such statistics experience abrupt changes.

Thesis

University of North Florida

UNF

RFID

RFID security

NFC

anomaly detection

security

Bayesian blocks

Bayesian statistics

Knuth

Knuth's rule

RFID traffic

piecewise constant models

security standards

RFID networks

ISO standards

IEC 29167 standards

tag-reader sessions

active attacks

tag cloning

replay attacks

piecewise linear models

RFID command arrivals

traffic characterization

intrusion detection

Radiofrequency identification

Bayes methods

Data models

mathematical model

telecommunication traffic

telecommunication security

Computational Engineering

Information Security

Theory and Algorithms