{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T21:37:56Z","timestamp":1769981876699,"version":"3.49.0"},"reference-count":47,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2018,4,16]],"date-time":"2018-04-16T00:00:00Z","timestamp":1523836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Lombardy region and Secure Network S.r.l"},{"name":"European Union H2020 Programme","award":["700326"],"award-info":[{"award-number":["700326"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2018,8,31]]},"abstract":"<jats:p>The significant growth of banking fraud, fueled by the underground economy of malware, has raised the need for effective detection systems. Therefore, in the last few years, banks have upgraded their security to protect transactions from fraud. State-of-the-art solutions detect fraud as deviations from customers\u2019 spending habits. To the best of our knowledge, almost all existing approaches do not provide an in-depth model\u2019s granularity and security analysis against elusive attacks.<\/jats:p>\n          <jats:p>In this article, we examine Banksealer, a decision support system for banking fraud analysis that evaluates the influence on detection performance of the granularity at which spending habits are modeled and its security against evasive attacks. First, we compare user-centric modeling, which builds a model for each user, with system-centric modeling, which builds a model for the entire system, from the point of view of detection performance. Then, we assess the robustness of Banksealer against malicious attackers that are aware of the structure of the models in use. To this end, we design and implement a proof-of-concept attack tool that performs mimicry attacks, emulating a sophisticated attacker that cloaks frauds to avoid detection. We experimentally confirm the feasibility of such attacks, their cost, and the effort required by an attacker in order to perform them. In addition, we discuss possible countermeasures.<\/jats:p>\n          <jats:p>We provide a comprehensive evaluation on a large real-world dataset obtained from one of the largest Italian banks.<\/jats:p>","DOI":"10.1145\/3178370","type":"journal-article","created":{"date-parts":[[2018,4,18]],"date-time":"2018-04-18T17:21:50Z","timestamp":1524072110000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":30,"title":["Security Evaluation of a Banking Fraud Analysis System"],"prefix":"10.1145","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8284-6074","authenticated-orcid":false,"given":"Michele","family":"Carminati","sequence":"first","affiliation":[{"name":"Politecnico di Milano, Via Ponzio, Milan (MI)"}]},{"given":"Mario","family":"Polino","sequence":"additional","affiliation":[{"name":"Politecnico di Milano, Via Ponzio, Milan (MI)"}]},{"given":"Andrea","family":"Continella","sequence":"additional","affiliation":[{"name":"Politecnico di Milano, Via Ponzio, Milan (MI)"}]},{"given":"Andrea","family":"Lanzi","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli studi di Milano, Via Comelico, Milan (MI)"}]},{"given":"Federico","family":"Maggi","sequence":"additional","affiliation":[{"name":"Politecnico di Milano, Trend Micro Inc., Via Ponzio, Milan (MI)"}]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[{"name":"Politecnico di Milano, Via Ponzio, Milan (MI)"}]}],"member":"320","published-online":{"date-parts":[[2018,4,16]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Kaspersky Security Bulletin","year":"2016","unstructured":"2017. Kaspersky Security Bulletin 2016 . Technical Report. Kaspersky Lab . https:\/\/goo.gl\/W9dfol. 2017. Kaspersky Security Bulletin 2016. Technical Report. Kaspersky Lab. https:\/\/goo.gl\/W9dfol."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2006.89"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.3103\/S1060992X15030030"},{"key":"e_1_2_1_4_1","unstructured":"R. J. Bolton and D. J. Hand. 2001. Peer Group Analysis. Technical Report. Imperial College London UK.  R. J. Bolton and D. J. Hand. 2001. Peer Group Analysis. Technical Report. Imperial College London UK."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1214\/ss\/1042727940"},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of Credit Scoring and Credit Control VII. 5--7. http:\/\/www.bibsonomy.org\/bibtex\/2eb55731e5bbb9ea94065cf91d0721733\/jamesh.","author":"Bolton Richard J.","year":"2001","unstructured":"Richard J. Bolton , David J. Hand , and H David J. 2001 . Unsupervised profiling methods for fraud detection . Proceedings of Credit Scoring and Credit Control VII. 5--7. http:\/\/www.bibsonomy.org\/bibtex\/2eb55731e5bbb9ea94065cf91d0721733\/jamesh. Richard J. Bolton, David J. Hand, and H David J. 2001. Unsupervised profiling methods for fraud detection. Proceedings of Credit Scoring and Credit Control VII. 5--7. http:\/\/www.bibsonomy.org\/bibtex\/2eb55731e5bbb9ea94065cf91d0721733\/jamesh."},{"key":"e_1_2_1_7_1","volume-title":"An efficient technique for preventing mimicry and impossible paths execution attacks","author":"Bruschi Danilo","unstructured":"Danilo Bruschi , Lorenzo Cavallaro , and Andrea Lanzi . 2007. An efficient technique for preventing mimicry and impossible paths execution attacks . In IPCCC. IEEE Computer Society . Danilo Bruschi, Lorenzo Cavallaro, and Andrea Lanzi. 2007. An efficient technique for preventing mimicry and impossible paths execution attacks. In IPCCC. IEEE Computer Society."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73614-1_13"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336768"},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Michele Carminati Roberto Caron Federico Maggi Ilenia Epifani and Stefano Zanero. 2014. BankSealer: An online banking fraud analysis and decision support system. In ICT Systems Security and Privacy Protection Nora Cuppens-Boulahia Fr\u00e8d\u00e8ric Cuppens Sushil Jajodia Anas Abou El Kalam and Thierry Sans (Eds.). IFIP Advances in Information and Communication Technology Vol. 428. Springer Berlin 380--394.  Michele Carminati Roberto Caron Federico Maggi Ilenia Epifani and Stefano Zanero. 2014. BankSealer: An online banking fraud analysis and decision support system. In ICT Systems Security and Privacy Protection Nora Cuppens-Boulahia Fr\u00e8d\u00e8ric Cuppens Sushil Jajodia Anas Abou El Kalam and Thierry Sans (Eds.). IFIP Advances in Information and Communication Technology Vol. 428. Springer Berlin 380--394.","DOI":"10.1007\/978-3-642-55415-5_32"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.04.002"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1541880.1541882"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991110"},{"key":"e_1_2_1_14_1","volume-title":"IT THREAT EVOLUTION IN Q2","author":"Emm David","year":"2016","unstructured":"David Emm , Roman Unuchek , Maria Garnaeva , Anton Ivanov , Denis Makrushin , and Fedor Sinitsyn . 2016. IT THREAT EVOLUTION IN Q2 2016 . Technical Report. Kaspersky Lab, Moscow, Russia . David Emm, Roman Unuchek, Maria Garnaeva, Anton Ivanov, Denis Makrushin, and Fedor Sinitsyn. 2016. IT THREAT EVOLUTION IN Q2 2016. Technical Report. Kaspersky Lab, Moscow, Russia."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030126"},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the 27th Hawaii International Conference on System Sciences.","volume":"3","author":"Ghosh Sushmito","unstructured":"Sushmito Ghosh and Douglas L. Reilly . 1994. Credit card fraud detection with a neural-network . In Proceedings of the 27th Hawaii International Conference on System Sciences. Vol. 3 . IEEE, 621--630. Sushmito Ghosh and Douglas L. Reilly. 1994. Credit card fraud detection with a neural-network. In Proceedings of the 27th Hawaii International Conference on System Sciences. Vol. 3. IEEE, 621--630."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_3"},{"key":"e_1_2_1_18_1","unstructured":"Markus Goldstein and Andreas Dengel. 2012. Histogram-based outlier score (HBOS): A fast unsupervised anomaly detection algorithm. KI-2012: Poster and Demo Track 59--63.  Markus Goldstein and Andreas Dengel. 2012. Histogram-based outlier score (HBOS): A fast unsupervised anomaly detection algorithm. KI-2012: Poster and Demo Track 59--63."},{"key":"e_1_2_1_19_1","volume-title":"Data Mining: Concepts and Techniques","author":"Han J.","year":"2006","unstructured":"J. Han and M. Kamber . 2006 . Data Mining: Concepts and Techniques . Elsevier Science 8 Technology, New York, NY. 2006296324 J. Han and M. Kamber. 2006. Data Mining: Concepts and Techniques. Elsevier Science 8 Technology, New York, NY. 2006296324"},{"key":"e_1_2_1_20_1","volume-title":"Outlier Detection Using Replicator Neural Networks","author":"Hawkins Simon","unstructured":"Simon Hawkins , Hongxing He , Graham Williams , and Rohan Baxter . 2002. Outlier Detection Using Replicator Neural Networks . Springer , Berlin , 170--180. Simon Hawkins, Hongxing He, Graham Williams, and Rohan Baxter. 2002. Outlier Detection Using Replicator Neural Networks. Springer, Berlin, 170--180."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-8655(03)00003-5"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2008.25"},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the 5th International Conference on Digital Society (ICDS\u201911)","author":"Kovach S.","unstructured":"S. Kovach and W. V. Ruggiero . 2011. Online banking fraud detection based on local and global behavior . In Proceedings of the 5th International Conference on Digital Society (ICDS\u201911) , Guadeloupe, France, 166--171. S. Kovach and W. V. Ruggiero. 2011. Online banking fraud detection based on local and global behavior. In Proceedings of the 5th International Conference on Digital Society (ICDS\u201911), Guadeloupe, France, 166--171."},{"key":"e_1_2_1_24_1","volume-title":"USENIX Security Symposium, Patrick McDaniel (Ed.). USENIX Association. http:\/\/dblp.uni-trier.de\/db\/conf\/uss\/uss2005","author":"Kruegel Christopher","year":"2005","unstructured":"Christopher Kruegel , Engin Kirda , Darren Mutz , William K. Robertson , and Giovanni Vigna . 2005 . Automating mimicry attacks using static binary analysis . In USENIX Security Symposium, Patrick McDaniel (Ed.). USENIX Association. http:\/\/dblp.uni-trier.de\/db\/conf\/uss\/uss2005 .html#KruegelKMRV05; https:\/\/www.usenix.org\/conference\/14th-usenix-security-symposium\/automating-mimicry-attacks-using-static-binary-analysis. Christopher Kruegel, Engin Kirda, Darren Mutz, William K. Robertson, and Giovanni Vigna. 2005. Automating mimicry attacks using static binary analysis. In USENIX Security Symposium, Patrick McDaniel (Ed.). USENIX Association. http:\/\/dblp.uni-trier.de\/db\/conf\/uss\/uss2005.html#KruegelKMRV05; https:\/\/www.usenix.org\/conference\/14th-usenix-security-symposium\/automating-mimicry-attacks-using-static-binary-analysis."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866353"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2011.02.021"},{"key":"e_1_2_1_27_1","volume-title":"Proceedings of the National Institute of Science of India. 49--55","author":"Mahalanobis Prasanta C.","year":"1936","unstructured":"Prasanta C. Mahalanobis . 1936 . On the generalized distance in statistics . In Proceedings of the National Institute of Science of India. 49--55 . Prasanta C. Mahalanobis. 1936. On the generalized distance in statistics. In Proceedings of the National Institute of Science of India. 49--55."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCNT.2012.6395910"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368334"},{"key":"e_1_2_1_31_1","first-page":"32","article-title":"Credit card fraud detection using neural network","volume":"1","author":"Patidar Raghavendra","year":"2011","unstructured":"Raghavendra Patidar , Lokesh Sharma , and others. 2011 . Credit card fraud detection using neural network . International Journal of Soft Computing and Engineering 1 , 32 \u2013 38 . Raghavendra Patidar, Lokesh Sharma, and others. 2011. Credit card fraud detection using neural network. International Journal of Soft Computing and Engineering 1, 32\u201338.","journal-title":"International Journal of Soft Computing and Engineering"},{"key":"e_1_2_1_32_1","unstructured":"Clifton Phua Vincent Lee Kate Smith and Ross Gayler. 2010. A comprehensive survey of data mining-based fraud detection research. arXiv preprint arXiv:1009.6119.  Clifton Phua Vincent Lee Kate Smith and Ross Gayler. 2010. A comprehensive survey of data mining-based fraud detection research. arXiv preprint arXiv:1009.6119."},{"key":"e_1_2_1_34_1","volume-title":"International Conference on Computer, Communication and Electrical Technology (ICCCET\u201911)","author":"Raj S. Benson Edwin","unstructured":"S. Benson Edwin Raj and A. Annie Portia . 2011. Analysis on credit card fraud detection methods . In International Conference on Computer, Communication and Electrical Technology (ICCCET\u201911) . IEEE, 152--156. S. Benson Edwin Raj and A. Annie Portia. 2011. Analysis on credit card fraud detection methods. In International Conference on Computer, Communication and Electrical Technology (ICCCET\u201911). IEEE, 152--156."},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2013.05.021"},{"key":"e_1_2_1_36_1","volume-title":"Nonlinear Principal Component Analysis: Neural Network Models and Applications","author":"Scholz Matthias","unstructured":"Matthias Scholz , Martin Fraunholz , and Joachim Selbig . 2008. Nonlinear Principal Component Analysis: Neural Network Models and Applications . Springer , Berlin , 44--67. Matthias Scholz, Martin Fraunholz, and Joachim Selbig. 2008. Nonlinear Principal Component Analysis: Neural Network Models and Applications. Springer, Berlin, 44--67."},{"key":"e_1_2_1_37_1","unstructured":"Matthias Scholz and Ricardo Vigario. 2002. Nonlinear PCA: a new hierarchical approach. ESANN. 439--444.  Matthias Scholz and Ricardo Vigario. 2002. Nonlinear PCA: a new hierarchical approach. ESANN. 439--444."},{"key":"e_1_2_1_38_1","doi-asserted-by":"crossref","unstructured":"K. R. Seeja and Masoumeh Zareapoor. 2014. FraudMiner: A novel credit card fraud detection model based on frequent itemset mining. The Scientific World Journal.  K. R. Seeja and Masoumeh Zareapoor. 2014. FraudMiner: A novel credit card fraud detection model based on frequent itemset mining. The Scientific World Journal.","DOI":"10.1155\/2014\/252797"},{"key":"e_1_2_1_39_1","unstructured":"Mei-Ling Shyu Shu-Ching Chen Kanoksri Sarinnapakorn and Liwu Chang. 2003. A novel anomaly detection scheme based on principal component classifier. Miami Univ Coral Gables Fl Dept of Electrical and Computer Engineering.  Mei-Ling Shyu Shu-Ching Chen Kanoksri Sarinnapakorn and Liwu Chang. 2003. A novel anomaly detection scheme based on principal component classifier. Miami Univ Coral Gables Fl Dept of Electrical and Computer Engineering."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1009832825273"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2007.70228"},{"key":"e_1_2_1_42_1","volume-title":"Maxion","author":"Tan Kymie M. C.","year":"2002","unstructured":"Kymie M. C. Tan , Kevin S. Killourhy , and Roy A . Maxion . 2002 . Undermining an anomaly-based intrusion detection system using common exploits. In RAID. 54--73. http:\/\/dblp.uni-trier.de\/db\/conf\/raid\/raid2002.html#TanKM02; Kymie M. C. Tan, Kevin S. Killourhy, and Roy A. Maxion. 2002. Undermining an anomaly-based intrusion detection system using common exploits. In RAID. 54--73. http:\/\/dblp.uni-trier.de\/db\/conf\/raid\/raid2002.html#TanKM02;"},{"key":"e_1_2_1_43_1","series-title":"Lecture Notes in Computer Science","volume-title":"Killourhy","author":"Tan Kymie M. C.","year":"2002","unstructured":"Kymie M. C. Tan , John McHugh , and Kevin S . Killourhy . 2002 . Hiding intrusions: From the abnormal to the normal and beyond. In Information Hiding, Lecture Notes in Computer Science , Fabien A. P. Petitcolas (Ed.), Vol. 2578 . Springer , Berlin, 1--17. Kymie M. C. Tan, John McHugh, and Kevin S. Killourhy. 2002. Hiding intrusions: From the abnormal to the normal and beyond. In Information Hiding, Lecture Notes in Computer Science, Fabien A. P. Petitcolas (Ed.), Vol. 2578. Springer, Berlin, 1--17."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2015.04.013"},{"key":"e_1_2_1_45_1","volume-title":"IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity\u201916)","author":"Veeramachaneni K.","unstructured":"K. Veeramachaneni , I. Arnaldo , V. Korrapati , C. Bassias , and K. Li . 2016. AI: Training a big data machine to defend . In IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity\u201916) , IEEE International Conference on High Performance and Smart Computing (HPSC\u201916), and IEEE International Conference on Intelligent Data and Security (IDS\u201916). 49--54. K. Veeramachaneni, I. Arnaldo, V. Korrapati, C. Bassias, and K. Li. 2016. AI: Training a big data machine to defend. In IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity\u201916), IEEE International Conference on High Performance and Smart Computing (HPSC\u201916), and IEEE International Conference on Intelligent Data and Security (IDS\u201916). 49--54."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.5555\/882495.884434"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11280-012-0178-0"},{"key":"e_1_2_1_49_1","volume-title":"Introduction to Semi-Supervised Learning","author":"Zhu Xiaojin","unstructured":"Xiaojin Zhu , Andrew B. Goldberg , Ronald Brachman , and Thomas Dietterich . 2009. Introduction to Semi-Supervised Learning . Morgan and Claypool Publishers , San Francisco, CA . Xiaojin Zhu, Andrew B. Goldberg, Ronald Brachman, and Thomas Dietterich. 2009. Introduction to Semi-Supervised Learning. Morgan and Claypool Publishers, San Francisco, CA."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3178370","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3178370","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:26:23Z","timestamp":1750213583000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3178370"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,4,16]]},"references-count":47,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2018,8,31]]}},"alternative-id":["10.1145\/3178370"],"URL":"https:\/\/doi.org\/10.1145\/3178370","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,4,16]]},"assertion":[{"value":"2017-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-04-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}