Modelling fraud detection by attack trees and Choquet integral

Modelling an attack tree is basically a matter of associating a logical ÒndÓand a logical ÒrÓ but in most of real world applications related to fraud management the Ònd/orÓlogic is not adequate to effectively represent the relationship between a parent node and its children, most of all when information about attributes is associated to the nodes and the main problem to solve is how to promulgate attribute values up the tree through recursive aggregation operations occurring at the Ònd/orÓnodes. OWA-based aggregations have been introduced to generalize ÒndÓand ÒrÓoperators starting from the observation that in between the extremes Òor allÓ(and) and Òor anyÓ(or), terms (quantifiers) like ÒeveralÓ ÒostÓ ÒewÓ ÒomeÓ etc. can be introduced to represent the different weights associated to the nodes in the aggregation. The aggregation process taking place at an OWA node depends on the ordered position of the child nodes but it doesnÕ take care of the possible interactions between the nodes. In this paper, we propose to overcome this drawback introducing the Choquet integral whose distinguished feature is to be able to take into account the interaction between nodes. At first, the attack tree is valuated recursively through a bottom-up algorithm whose complexity is linear versus the number of nodes and exponential for every node. Then, the algorithm is extended assuming that the attribute values in the leaves are unimodal LR fuzzy numbers and the calculation of Choquet integral is carried out using the alpha-cuts.Fraud detection; attack tree; ordered weighted averaging (OWA) operator; Choquet integral; fuzzy numbers.

Imprecise linear filtering: a second step

International audienceLinear digital signal processing consists in convo- luting the input sampled signal with the discrete version of the impulse response of a filter designed by an expert. More than often, a unique impulse re- sponse does not represent the complete knowledge of the expert who should have proposed more than one appropriate filter. In a recent paper, we have proposed an extension of the finite impulse response filtering that able to represent the fact that the fil- ter is imprecisely known. This extension leads to compute an interval-valued filtered signal. In this paper, we propose a natural follow-up of this work by considering interval-valued input signals and re- placing the Choquet integral by the Šipoš integral

Fraud detection in the banking sector : a multi-agent approach

Fraud is an increasing phenomenon as shown in many surveys carried out by leading international consulting companies in the last years. Despite the evolution of electronic payments and hacking techniques there is still a strong human component in fraud schemes. Conflict of interest in particular is the main contributing factor to the success of internal fraud. In such cases anomaly detection tools are not always the best instruments, since the fraud schemes are based on faking documents in a context dominated by lack of controls, and the perpetrators are those ones who should control possible irregularities. In the banking sector audit team experts can count only on their experience, whistle blowing and the reports sent by their inspectors. The Fraud Interactive Decision Expert System (FIDES), which is the core of this research, is a multi-agent system built to support auditors in evaluating suspicious behaviours and to speed up the evaluation process in order to detect or prevent fraud schemes. The system combines Think-map, Delphi method and Attack trees and it has been built around audit team experts and their needs. The output of FIDES is an attack tree, a tree-based diagram to ”systematically categorize the different ways in which a system can be attacked”. Once the attack tree is built, auditors can choose the path they perceive as more suitable and decide whether or not to start the investigation. The system is meant for use in the future to retrieve old cases in order to match them with new ones and find similarities. The retrieving features of the system will be useful to simplify the risk management phase, since similar countermeasures adopted for past cases might be useful for present ones. Even though FIDES has been built with the banking sector in mind, it can be applied in all those organisations, like insurance companies or public organizations, where anti-fraud activity is based on a central anti-fraud unit and a reporting system