Distributed detection of anomalous internet sessions

Financial service providers are moving many services online reducing their costs and facilitating customers¿ interaction. Unfortunately criminals have quickly found several ways to avoid most security measures applied to browsers and banking sites. The use of highly dangerous malware has become the most significant threat and traditional signature-detection methods are nowadays easily circumvented due to the amount of new samples and the use of sophisticated evasion techniques. Antivirus vendors and malware experts are pushed to seek for new methodologies to improve the identification and understanding of malicious applications behavior and their targets. Financial institutions are now playing an important role by deploying their own detection tools against malware that specifically affect their customers. However, most detection approaches tend to base on sequence of bytes in order to create new signatures. This thesis approach is based on new sources of information: the web logs generated from each banking session, the normal browser execution and customers mobile phone behavior. The thesis can be divided in four parts: The first part involves the introduction of the thesis along with the presentation of the problems and the methodology used to perform the experimentation. The second part describes our contributions to the research, which are based in two areas: *Server side: Weblogs analysis. We first focus on the real time detection of anomalies through the analysis of web logs and the challenges introduced due to the amount of information generated daily. We propose different techniques to detect multiple threats by deploying per user and global models in a graph based environment that will allow increase performance of a set of highly related data. *Customer side: Browser analysis. We deal with the detection of malicious behaviors from the other side of a banking session: the browser. Malware samples must interact with the browser in order to retrieve or add information. Such relation interferes with the normal behavior of the browser. We propose to develop models capable of detecting unusual patterns of function calls in order to detect if a given sample is targeting an specific financial entity. In the third part, we propose to adapt our approaches to mobile phones and Critical Infrastructures environments. The latest online banking attack techniques circumvent protection schemes such password verification systems send via SMS. Man in the Mobile attacks are capable of compromising mobile devices and gaining access to SMS traffic. Once the Transaction Authentication Number is obtained, criminals are free to make fraudulent transfers. We propose to model the behavior of the applications related messaging services to automatically detect suspicious actions. Real time detection of unwanted SMS forwarding can improve the effectiveness of second channel authentication and build on detection techniques applied to browsers and Web servers. Finally, we describe possible adaptations of our techniques to another area outside the scope of online banking: critical infrastructures, an environment with similar features since the applications involved can also be profiled. Just as financial entities, critical infrastructures are experiencing an increase in the number of cyber attacks, but the sophistication of the malware samples utilized forces to new detection approaches. The aim of the last proposal is to demonstrate the validity of out approach in different scenarios. Conclusions. Finally, we conclude with a summary of our findings and the directions for future work

Web sessions anomaly detection in dynamic environments

This paper presents a proposal for discovering anomalies in e-banking Web sessions by implementing different datamining techniques in a a graph-based environment. Online banking is a good example of how millions of costumers rely on virtual channels for business transactions. Nevertheless, due to multiple scandals regarding security flaws, it becomes complicated moving a business from a physical scenario to the digital world. Therefore, security applications become highly necessary. Monitoring systems like HIDS intend to create a more reliable scenario for companies but because of the number of sessions linked to e-banking Web servers it is barely impossible to detect fraud in real time. We propose a novel method for detecting anomalies in e-banking services by integrating efficient clustering systems based in sequence alignment and graph mining

Web sessions anomaly detection in dynamic environments

This paper presents a proposal for discovering anomalies in e-banking Web sessions by implementing different datamining techniques in a a graph-based environment. Online banking is a good example of how millions of costumers rely on virtual channels for business transactions. Nevertheless, due to multiple scandals regarding security flaws, it becomes complicated moving a business from a physical scenario to the digital world. Therefore, security applications become highly necessary. Monitoring systems like HIDS intend to create a more reliable scenario for companies but because of the number of sessions linked to e-banking Web servers it is barely impossible to detect fraud in real time. We propose a novel method for detecting anomalies in e-banking services by integrating efficient clustering systems based in sequence alignment and graph mining.Postprint (published version

Web sessions anomaly detection in dynamic environments

This paper presents a proposal for discovering anomalies in e-banking Web sessions by implementing different datamining techniques in a a graph-based environment. Online banking is a good example of how millions of costumers rely on virtual channels for business transactions. Nevertheless, due to multiple scandals regarding security flaws, it becomes complicated moving a business from a physical scenario to the digital world. Therefore, security applications become highly necessary. Monitoring systems like HIDS intend to create a more reliable scenario for companies but because of the number of sessions linked to e-banking Web servers it is barely impossible to detect fraud in real time. We propose a novel method for detecting anomalies in e-banking services by integrating efficient clustering systems based in sequence alignment and graph mining

IT or not to be: the impact of Moodle in the education of developing countries

E-learning environments, such as Moodle, provide a technology that fosters the improvement of the educational system in developed countries, where education is traditionally performed with relatively high standards of quality. A large number of case studies and research have been conducted to demonstrate how e-learning technologies can be applied to improve both training and learning processes. However, these technologies have not been proved efficient when applied to developing countries. The challenges that must be addressed in developing countries, both technological and societal, are much more complex and the possible solution margins are more constrained than those existing in the context where these technologies have been created. In this paper we show how Moodle can be used to improve the quality of education in developing countries and, even more important, how can be used to turn the educational system more sustainable and effective in the long-term. We describe our experience in implementing a programming course in Moodle for the Higher School of Informatics at the Université Polytechnique de Bobo-Dioulasso, in Burkina Faso (West Africa), joining efforts with local professors in designing and implementing the learning system. The case example has been designed having in mind a number of contextual problems: lack of lecturers, excessive teaching hours per lecturer, massive classes, and curricula organization and stability, among others. We finally discuss how the teaching effort is reduced, the students’ knowledge and capacity improves, and the institutional academic model can be guaranteed with the proposal. For this reason, we claim that information technologies in developing countries are a cost-effective way to guarantee the objectives originally defined in the academic curricula and, therefore, deal with the problem of the education.Peer Reviewe

IT or not to be: the impact of Moodle in the education of developing countries

E-learning environments, such as Moodle, provide a technology that fosters the improvement of the educational system in developed countries, where education is traditionally performed with relatively high standards of quality. A large number of case studies and research have been conducted to demonstrate how e-learning technologies can be applied to improve both training and learning processes. However, these technologies have not been proved efficient when applied to developing countries. The challenges that must be addressed in developing countries, both technological and societal, are much more complex and the possible solution margins are more constrained than those existing in the context where these technologies have been created. In this paper we show how Moodle can be used to improve the quality of education in developing countries and, even more important, how can be used to turn the educational system more sustainable and effective in the long-term. We describe our experience in implementing a programming course in Moodle for the Higher School of Informatics at the Université Polytechnique de Bobo-Dioulasso, in Burkina Faso (West Africa), joining efforts with local professors in designing and implementing the learning system. The case example has been designed having in mind a number of contextual problems: lack of lecturers, excessive teaching hours per lecturer, massive classes, and curricula organization and stability, among others. We finally discuss how the teaching effort is reduced, the students’ knowledge and capacity improves, and the institutional academic model can be guaranteed with the proposal. For this reason, we claim that information technologies in developing countries are a cost-effective way to guarantee the objectives originally defined in the academic curricula and, therefore, deal with the problem of the education.Peer Reviewe