* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download No Slide Title
Survey
Document related concepts
Complement system wikipedia , lookup
Adoptive cell transfer wikipedia , lookup
Sociality and disease transmission wikipedia , lookup
DNA vaccination wikipedia , lookup
Autoimmunity wikipedia , lookup
Polyclonal B cell response wikipedia , lookup
Social immunity wikipedia , lookup
Immunosuppressive drug wikipedia , lookup
Adaptive immune system wikipedia , lookup
Molecular mimicry wikipedia , lookup
Immune system wikipedia , lookup
Cancer immunotherapy wikipedia , lookup
X-linked severe combined immunodeficiency wikipedia , lookup
Innate immune system wikipedia , lookup
Transcript
CIFD: Computational Immunology for Fraud Detection Dr Richard Overill Department of Computer Science & International Centre for Security Analysis, King’s College London Computational Immunology for Fraud Detection • DTI LINK project funded under Phase 1 of the Management of Information programme • Application of adaptive, self-learning technologies with low overheads (CI) to fraud detection in the financial sector • Partners (with King’s College London): – Anite Government Systems Ltd. (developer) – The Post Office (end user) Natural Immune Systems • are multi-layered (“defence in depth”) • consist of several sub-systems: – innate immune system (scavenger cells which ingest debris and pathogens – acquired immune system (white blood cells which co-operate to detect and eliminate pathogens / antigens) Acquired Immune System • Detector cells generated in bone marrow (B-cells), and in lymph system but matured in thymus gland (T-cells). • Self-binding T-cell detectors destroyed by censoring (negative selection) in thymus. • B- & remaining T-detectors released to bind to and destroy foreign (non-self) antigens. Digital Immune Systems I • Train with known normal behaviour (“self”) • Generate database(s) of self-signatures. • Generate a (random) initial population of detectors and screen it against database(s). • Challenge the detectors with possibly anomalous behaviour (may contain some “foreign” activity). Digital Immune Systems II • An (approximate) match between a detector and an activity trace indicates a possible anomaly. • React to (warn of) the possible anomaly. • Evolve the population of detectors to reflect successful and consistently unsuccessful detectors (cloning / killing). Digital Immune Systems III • Can be host-based or network-based: • Host-based systems monitor behaviour or processes on servers or other network hosts. • Network-based systems are of 2 types: – statistical traffic analysis using e.g. IP source & destination addresses and IP port / service. – Promiscuous mode ‘sniffing’ of IP packets for anomalous behaviour. Application to CIFD • Build a database(s) of normal transactions and sequences of transactions. • Look for anomalous and hence potentially fraudulent patterns of behaviour in actual transactions and transaction sequences, using the detector matching criteria. • Adapt the detector population. Advantages of CI • Redundancy: collective behaviour of many detectors should lead to emergent properties of robustness and fault tolerance - no centralised or hierarchical control, no SPoF. • Memory of previous encounters can be built in, e.g. as long-lived successful detectors. • Various adaptive learning strategies can be tried out, e.g. affinity maturation, niching. Disadvantages of CI • Subject to compromise in similar ways to the human immune system, i.e. – subversion via ‘auto-immune’ reaction (cf. rheumatoid arthritis) where the system is induced to misidentify “self” as “foreign”. – subversion via ‘immune deficiency’ response (cf. HIV-AIDS) where the system’s response is suppressed - misidentifying “foreign” as “self”. – subversion by concealing “foreign” behaviour in “self” disguise (“Wolf in sheep’s clothing” or T.H.) Previous Applications of CI • Computational Immunology (aka Artificial Immune Systems, AIS, in the USA) has already been used successfully for: – detecting the activity of computer viruses and other malicious software (IBM TJW Res Cen.) – detecting attempted intrusions into computers and networks (New Mexico & Memphis Univs) Thank you! Any Questions? Contact: Tel: 020 7848 2833 Fax: 020 7848 2913 Email: [email protected]