- Open Access
- Total Downloads : 1687
- Authors : S. Esakkiraj, S. Chidambaram
- Paper ID : IJERTV2IS1304
- Volume & Issue : Volume 02, Issue 01 (January 2013)
- Published (First Online): 30-01-2013
- ISSN (Online) : 2278-0181
- Publisher Name : IJERT
- License: This work is licensed under a Creative Commons Attribution 4.0 International License
A Predictive Approach for Fraud Detection Using Hidden Markov Model
S. Esakkiraj
PG scholar, Department of IT,
National Engineering College, Kovilpatti, Tamilnadu, India
-
Chidambaram
Asst.Professor, Department of IT, National Engineering College, Kovilpatti, Tamilnadu, India
Abstract
Today world online banking service is the most popular and provides a fast and easy way to make transactions. As increasing online transaction, the number of fraud transaction is also increased by various thefts. In this paper, we design a model with sequence of operations in online transaction by using hidden markov model (HMM) and decides whether the user act as a normal user or fraud user. The HMM is initially trained with customers last few transactions. In the trained system, the new transaction is evaluated with transition and observation probability. Depends upon the observation probability, system finds the acceptance probability and decides the transaction will be declined or not. Normally existing fraud detection system for online banking will detect the fraudulent transaction after completion of the transaction. It is additional burden to find fraudulent after transactions. This causes the economic loss and makes the bank name as unsecured. Our model predicts the fraudulent during the transaction time and prevents the money transfer. The main objective is to ensure that the genuine transactions should not be rejected.
Index Terms
Online banking clustering-Hidden Markov Model-Fraud detection
-
Introduction
Data mining is a powerful tool to help organizations to extract hidden predictive information from large databases. Now days, various data mining tools allowing business to make proactive, knowledge driven decisions. There are different stages of data mining techniques to complete the process of data mining and the organization gains its full benefits. The clustering is one of the data mining techniques for dividing a dataset into groups. The member in each group has similarities and other groups are different as possible. Related records are grouped together on basis of having similar values for attributes. There are various algorithms used for clustering the records, calculating the measure and reassigning records until calculated measures dont change, that is stable segments.
Net banking is a process over the internet to make the banking process effectively. The bank automatically updates the
customer accounts and records automatically. E-commerce applications are now widely used
by people and also various companies offer their services through these applications for improving their business.
-
Various Fraud Techniques
There are various ways that fraudsters execute an online fraud. By using various technologies they can do fraudulent activities.
-
Identity Theft
The most widely defined online banking fraud is the identity theft; gets the most attention from the customers. Identity theft can be difficult to find victims. To predict the theft, take months or even years to correct the fault. It is one of the easiest methods to get the card holders information.
-
Phishing
It is one of the threats involves using bogus emails or websites. The word "phishing" means from combining the words "password" and "fishing". Fraudulent send emails that appear to be from the customer's bank that direct customers to a fake website. This website impersonates the bank's website and prompts customers for their account access data.
-
Trojan horse
It is one of the computer virus type software program stored on the customer's PC. Trojans records the keyboard driver and keystrokes. Once a Trojan detects that the customer opens an online banking website, it captures login name and password, and sends it to the criminal.
-
Internal Fraud
Banking sector allows their employees to access customer data. The data is the same information needed to access online banking to customer accounts. So that an employee can easily commit fraud. Instead of this, financial
institutions should require a password or PIN for net banking, and the password or PIN should be stored in the format of encrypted.
-
-
Literature review
Abhinav Srivastava et al describe the Credit card fraud detection method by using Hidden Morkov Model (HMM), [7]. In this paper, they model the sequence of operations in credit card transaction processing using a Hidden Markov Model (HMM) and show how it can be used for the detection of frauds. An HMM is initially trained with the normal behavior of a cardholder.
Sushmito Ghosh and Douglas L.Reilly et al describes the Credit card fraud detection With Neural Network, [11].In this paper they using data from a credit card issuer, a neural network based fraud detection system was trained on a large sample of labeled credit card account transactions and tested on a holdout data set that consisted of all account activity over a subsequent two-month period of time. The neural network was trained on examples of fraud due to lost cards, stolen cards, application fraud, counterfeit fraud, mail-order fraud and NRI (non-received issue) fraud. The network detected significantly more fraud accounts (an order of magnitude more) with significantly fewer false positives (reduced by a factor of 20) over rule based fraud detection procedures.
Sunil S Mhamane et al describes the Use of Hidden Markov Model as Internet Banking Fraud Detection, [1]. In this paper they explained about how Fraud is detected using Hidden Markov Model also care has been taken to prevent genuine Transaction should not be rejected by making use of one time password which is generated by server and sent to Personal Mobile of Customer.
Raghavendra Patidar and Lokesh Sharma describe the Credit Card Fraud Detection Using Neural Network [5]. In this paper they will try to detect fraudulent transaction through the neural network along with the genetic algorithm. As they explains artificial neural network when trained properly can work as a human brain, though it is impossible for the artificial neural network to imitate the human brain to the extent at which brain work, yet neural network and brain, depend for there working on the neurons, which is the small functional unit in brain as well as ANN.
Peter Burns, Anne Stanley describes theFraud Management in the Credit Card Industry, [10]. In this paper they explain the Internet and the anonymity associated with card not present transactions present unique fraud management challenges. Authentication of the cardholder is a fundamental requirement in managing fraud on the Internet and there are no universally accepted solutions. As a result, credit card fraud on the Internet is substantially greater than in the physical, or even, phone environments.
Sung-Bae Cho and Hyuk-Jang Park describes the Efficient anomaly detection by modeling privilege flows using
hidden Markov model, [13].In this paper Anomaly detection techniques have been devised to address the limitations of misuse detection approaches for intrusion detection with the model of normal behaviors. A hidden Markov model (HMM) is a useful tool to model sequence information, an optimal modeling technique to minimize false-positive error while maximizing detection rate.
Pankaj Richhariya describes A Survey on Financial Fraud Detection Methodologies, [2].The paper details as follows. Owing to levitate and rapid escalation of E-Commerce, casesof financial fraud allied with it are also intensifying and which results in trouncing of billions of dollars worldwide each year.
-
Clustering Procedure and Its Types
Clustering is a process of data into groups of similar objects. Various clustering methods available to group the dataset and each of them may give different grouping results. The choice of a particular method will depend on the type of output desired.
Hierarchical Agglomerative methods Partitioning Methods
The Single Link Method (SLINK)
The Complete Link Method (CLINK) The Group Average Method.
-
Hierarchical Agglomerative methods
The hierarchical agglomerative clustering methods are most commonly used. The steps of an hierarchical agglomerative clustering by the following steps,
-
Find the two closest objects and merge them into a cluster
-
Find and merge the next two closest points, where a point is either an individual object or a cluster of objects.
-
If more than one cluster remains , return to step 2
-
-
Partitioning Methods
The partitioning methods has a set of M clusters, each object belonging to one cluster. Each cluster may be represented by a centroid or a cluster representative; this is some sort of summary description of all the objects contained in a cluster.
The partition method creates a partitioned dataset as follows:
-
Make the first object the centroid for the first cluster.
-
For the next object, calculate the similarity, S, with each existing cluster centroid, using some similarity coefficient.
-
If the highest calculated S is greater than some specified threshold value, add the object to the corresponding cluster and re determine the centroid; otherwise, use the object to initiate a new cluster. If any objects remain to be clustered, return to step 2.
-
-
The Single Link Method (SLINK)
The single link method is the well known of the hierarchical methods and operates by combining, at each step, the two most similar objects, which are not yet in the same cluster. The name single link thus refers to the joining of pairs of clusters by the single shortest distance between them.
-
The Complete Link Method (CLINK)
The complete link method is most likely to the single link method except that it uses the least similar pair between two clusters to define the similarity between objects (so that every cluster object is more like the furthest member of its own cluster than the furthest item in any other cluster ). This method is characterized by small, tightly bound clusters.
-
-
K-Means Clustering Technique
-
K-Means clustering is a simple and efficient method to cluster the data. Initially, we determine the number of cluster K, and centroid values. We can take any random objects as the initial centroids or the first K objects can also serve as the initial centroids. Then the K means algorithm will do the three steps below [16].
This technique is a nonhierarchical method initially takes the number of objects equal to the final required number of clusters. In this step itself the final k number of clusters is chosen such that the points are mutually farthest apart. Next, it examines each object in the population and assigns it to one of the clusters depending on the Euclidean distance. The centroid's position is recalculated every time an object is added to the cluster and this continues until all the objects are grouped into the final required number of clusters.
Iterate until stable (= no object move group):
-
Place K points into the space represented by the objects that are being clustered. These points represent initial group centroids.
-
Assign each object to the group that has the closest centroid.
-
When all objects have been assigned, recalculate the positions of the K centroids.
-
Repeat Steps 2 and 3 until the centroids no longer move. This produces a separation of the objects into groups from which the metric to be minimized can be calculated.
Start
Initialize KValue
Initialize KValue
Centroid
Centroid
Distance Object to Centroids
Distance Object to Centroids
Groping Based On Minimum Distance
Groping Based On Minimum Distance
No Object No Move Group
Yes End
Fig 1: Block diagram of K-Means clustering Process
Login
Start Transaction
Start Transaction
Verification
Verification
Continue the Transaction
Continue the Transaction
Fraud
Check No
Yes
Decline Transaction
Decline Transaction
Stop
Stop
Fig 2. Block diagram of the predictive model
-
Hidden Markov Model Approach
A hidden Markov model (HMM) is a statistical model with set of states and each state is linked with a probability distribution. Transitions among these states are governed by a set of probabilities called transition probabilities. In a Markov process, the state is directly visible to the observer. In a hidden Markov model, the state is not directly visible.
In a particular state a possible outcome can be generated which is associated symbol of observation of probability distribution. It is only the outcome; so that the model named as Hidden Markov Model. Hence, Hidden Markov Model is a correct solution for detecting fraud transaction through online process.
The main feature of the HMM-based model is reducing in False Positive (FP) transactions predict as fraud by a fraud detection system even though they are really genuine customer. [7]In this prediction process, HMM consider mainly three price value ranges such as 1) Low (l), 2) Medium (m), 3) High (h).
-
Proposed System
-
Purpose
In this paper we focuses on
To Design the predictive model for the fraud detection using HMM.
Analyze the performance of the model.
-
Module Description
This application consists of the following modules: Phase 1: Database development
Phase 2: Cluster Formation Phase 3: Fraud detection
-
Database development
Create an application for online ticket reservation. The application that contains mainly home page and reservation page. Home page provides the user to know about the train schedule, Trains between the stations and special train details by separate hyper links. It also validates the user by verifying user name and password and allows registering a new user by registration form. All these information displayed by different web pages. After entering username and password details in the home page the server validates the information and redirect to reservation page. The reservation page that contains the reservation form with details such as train number, class, amount, and passenger details (name, age, sex, mobile number). After filling the reservation form the user selects the bank to pay the amount through online (The user must have the internet banking facility and have the valid username and password provided by the bank). Finally select the pay option which directs into bank website. In bank home page validates the username and password by checking in the bank database. If the information provided by the user is correct then it directs final validation page for pin verification. After the pin verification it moves to the fraud check module.
-
Cluster formation
The second module of the project to cluster the customer accounts into low, high, middle depending upon the spending profile of the customer. The clustering process based on the K-means clustering
RAW DATA
K-MEANS CLUSTERING ALGORITHM
CLUSTERS OF DATA
RAW DATA
K-MEANS CLUSTERING ALGORITHM
CLUSTERS OF DATA
Fig 3. Block diagram for clustering process
Euclidean Distance is the most common use of distance. I most cases will refer to Euclidean distance. Euclidean distance or simply 'distance' examines the root of square differences between coordinates of a pair of objects.
k
k
dij = n =1 (xik-xjk) 2
dij = Distance between coordinates
-
Fraud detection
To implement the fraud detection by using the Hidden Morkov Model (HMM). we uses the states and transition probability between them. The outcome of the HMM will be the observation symbols (Oi).The observation symbols are the low, high, medium depends on the transaction amount. It can be determined by clustering process.
After the HMM parameters are learned, we take the symbols from a cardholders training data and form an initial
sequence of symbols. Let O1,O2, . . .OR be one such sequence of length R. This recorded sequence is formed from the cardholders transactions up to time t. We input this sequence to the HMM and compute the probability of acceptance by the HMM. Let the probability be 1, which can be written as follows 1= P (O1,O2,O3, . . .OR |)
Let OR+1 be the symbol generated by a new transaction at time t+1. To form another sequence of length R, we drop O1 and append OR+1 in that sequence, generating O1,O2,O3 . .
.OR,OR+1 as the new sequence. We input this new sequence to the HMM and calculate the probability of acceptance by the HMM. Let the new probability be 2= P(O2,O3,O4 . . .OR+1 |) Let =1-2 If value is greater than threshold value then the transaction could be a fraud with low probability. If the transaction be a fraud then the model asks the user to answer the security questions (after ten transactions).The customer answers were checked by the FDS (Fraud Detection System) and decides whether the user be the genuine user or the fraud user. If the customer be a genuine the ticket will reserved otherwise the transaction will be declined.
-
-
-
Experimental Results
AMOUNT
AMOUNT
By using the net beans IDE we can create the JSP web pages and for clustering customer profile we use the weka data mining tool. Create the web pages for the bank customer entry and validate the user by the pin verification page. After the system has to be trained, every transaction sequence compared with the previous transaction sequence and the model predicts whether the user be the genuine or fraud..
TRANSACTIONS
2500
2000
1500
1000
500
0
1 23 45 67 89 111 133 155 177 199 221 243
NO OF TRANSACTIONS
TRANSACTIONS
2500
2000
1500
1000
500
0
1 23 45 67 89 111 133 155 177 199 221 243
NO OF TRANSACTIONS
Fig 4.Customer transactions
Initially train the system with 10 transactions of each customer.Fig 4 displays the transactions
Cluster the customer profiles into low, high, middle as cluster0, cluster1 and cluster2 by using weka.
In weka tool load the dataset and cluster the datas as follows in fig 5.
Fig 5.Cluster assignments
Performance of the model depicted as number of true positive (represent as 1) rate and number of false positive rate (represent as 0) as in Fig 6
ACCURACY
1.2
POSITIVE RATES
POSITIVE RATES
1
0.8
0.6
0.4
0.2
0
0 100 200 300 400
NO OF TRANSACTIONS
Fig 6.Performance chart
8. Conclusion
In this paper different steps of online transaction processing are represented as the underlying stochastic process of an HMM. Here for clustering process transaction amount as single attribute and in HMM it also the observation symbols, whereas the types of item have been considered to be states of the HMM. This project focuses a method for predicting the fraud users while the transaction taking place. It has also been explained how the HMM can detect whether an incoming transaction is fraudulent or not. As future work, some effective classification algorithms instead of using clustering which can perform well for the prediction.
References
[1]. Sunil S Mhamane and L.M.R.J Lobo Use of Hidden Markov Model as Internet Banking Fraud Detection International Journal of Computer Applications (09758887) Volume 45 No.21, May 2012
[2]. Pankaj Richhariya et al A Survey on Financial Fraud Detection Methodologies BITS,Bhopal, International Journal of Computer Applications (0975 8887)Volume 45 No.22, May 2012
[3]. Anshul Singh and Devesh Narayan A Survey on Hidden Markov Model for CreditCard Fraud Detection International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 8958,Volume-1, Issue-3, February 2012
[4]. SHAILESH S. DHOK Credit Card Fraud Detection Using Hidden Markov Model International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231- 2307, Volume-2, Issue-1, March 2012 [5]. Raghavendra Patidar and Lokesh Sharma, Credit Card Fraud Detection Using Neural Network International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Volume-1, Issue-NCAI2011, June 2011 [6]. V.Dheepa and Dr. R.Dhanapal, Analysis of Credit Card Fraud Detection Methods, International Journal of Recent Trends in Engineering, Vol 2, No. 3, November 2009 [7]. Abhinav Srivastava, Amlan Kundu, Shamik Sural and Arun K. Majumdar, Credit Card Fraud Detection Using Hidden Markov Model, IEEE transactions on dependable and secure computing, vol. 5, no. 1, January-march 2008. [8]. Clifton Phua1, Vincent Lee, Kate Smith& Ross Gayler School of Business Systems, Faculty of Information Technology, Monash University, Wellington Road, Clayton, Victoria 3800, Australia, A Comprehensive Survey of Data Mining-based Fraud Detection Research (2007). [9]. Peter Burns and Anne Stanley, Fraud Management in the Credit Card Industry Federal Reserve Bank of Philadelphia April 2002 [10].S. Ghosh and D.L. Reilly, Credit Card Fraud Detection with a Neural-Network, Proc. 27th Hawaii Intl Conf. System Sciences: Information Systems: Decision Support and Knowledge-Based Systems, vol. 3, pp. 621-630, 1994. [11].Sung-Bae Cho and and Hyuk-Jang Park ,Efficient anomaly detection by modeling privilege flows using hidden Markov model Department of Computer Science, Yonsei University,134 Shinchon- dong,Sudaemoon-ku,Seoul 120-749, Korea. [12].Falaki Sand Alese B. K. An Update Research On Credit Card On-Line Transactions Department of Computer Science,Federal University of Technology, Akure, Ondo State, Nigeria. [13].WEKA Software, The University of Waikato.http://www.cs.waikato.ac.nz/ml/weka/ [14].Sapna Jain and et al , k-means clustering using wekainterface, Proceedings of the 4th National Conference; Computing For Nation Development, February 25 26, 2010