Identification of Suspicious, Unknown Event Patterns in an Event Cloud PowerPoint PPT Presentation

presentation player overlay
1 / 21
About This Presentation
Transcript and Presenter's Notes

Title: Identification of Suspicious, Unknown Event Patterns in an Event Cloud


1
Identification of Suspicious, Unknown Event
Patterns in an Event Cloud
DEBS 2007 June 20-22, 2007 Toronto
Alexander Widder, CITT Rainer von Ammon,
CITT Philippe Schaeffer, TÜV Rheinland Christian
Wolff, University of Regensburg
2
Table of Contents
  • Used fraud management methods and event patterns
  • Unknown event patterns
  • Possible detection methods
  • Discriminant analysis approach
  • Next steps

3
Used Fraud Management Methods
CyberSource. Third Annual UK Online Fraud Report.
http//www.cybersource.co.uk/resources/fraud_repo
rt_2007, downloaded 2007-02-07.
4
Simple event patterns already exist for fraud
detection from vendors like AptSoft
Examples for used patterns
AptSoft Corporation. CEP Solution.
http//www.aptsoft.com, downloaded 2006-12-22.
5
Characteristics of Unknown Event Patterns
  • Hypothesis The fraud patterns change permantly!
    Which kinds of patterns are possible in the
    future?
  • Problem How to define these fraud patterns and
    the relationships between the occuring events?

6
Principal Scenario
On suspicious pattern ALERT
CEP Engine
Possible Detection Methods??
Monitor
Event cloud of a bank
7
Deterministic Approaches
Processes with stringent causal chains.
Reference Earman, J. A Primer on Determinism,
Springer-Verlag, Dordrecht, 1986.
8
Probabilistic Approaches
Processes that are not stringent causal.
Reference Alon, N., Joel, H., and Spencer, J.
The Probabilistic Method, Wiley InterScience,
New York, 2000.
9
Cluster Analysis
Data analysis to recognize groups of objects
which belong together, out of a basic quantity of
objects.
Reference Romesburg, C. Cluster Analysis for
Researchers, Lulu Press, Morrisville,
2004.
10
Discriminant Analysis
Analysis of the difference between certain
groups of objects.
Reference Mardia, K.V., Kent, J. T., and Bibby,
J. M. Multivariate Analysis, Academic Press,
San Diego, San Francisco, New York, Boston,
London, Sidney, Tokyo, 1979.
11
Fuzzy Set Theory
Method that differs not only between 0 and 1,
such as a computer system, but also defines the
gradual assessment of membership.
Reference Gottwald S. A Treatise on Many-Valued
Logics, Research Studies Press LTD, Baldock,
Hertfordshire, 2001.
12
Bayesian Belief Networks
Represent conclusions on the base of unsure
knowledge.
Reference Jensen F. Bayesian Networks and
Decision Graphs, New York, 2001.
13
Dempster Shafer Method
Combines information from different sources to a
total conclusion.
Reference Shafer G. A Mathematical Theory of
Evidence, Princeton University Press, 1976.
14
Hidden Markov Model
Stochastic model that is described by two random
processes.
Reference Rabiner L. A Tutorial on Hidden
Markov Models and Selected Applications in Speech
Recognition, 1989.
15
Discriminant Analysis Approach Process
  1. Determining attributes of events of interest for
    the specific use case.
  2. Computing a discriminant function on the base of
    predefined historic fraud events by using a
    linear system of equations.
  3. Computing the critical discriminant value of the
    discriminant function.
  4. Computing the discriminant value of a new
    occurring event by inserting its attributes in
    the discriminant function.
  5. Allocating the event to a specific group of
    events by comparing the discriminant value of the
    event with the critical discriminant value of the
    function.

16
Discriminant Analysis Approach Goals
  1. Creating more discriminant functions and critical
    discriminant values to compare a new occurring
    event with in order to obtain more accurate
    groups of events and to classify events more
    exactly.
  2. At the end, a possible group should be so much
    detailed that it represents an unknown event
    pattern itself.

17
Principal Architecture with included Discriminant
Analysis
18
Tibcos CEP Reference Architecture enhanced with
Discriminant Analysis
Discriminant Analysis
Bass, T. Fraud Detection and Event Processing for
Predictive Business. http//www.tibco.com/
resources/mk/fraud_detection_i
n_cep_wp.pdf, downloaded 2007-01-31.
19
Discriminant Analysis Approach Open Questions
  1. Which types of events are created, e.g. by a
    credit card transaction and which of them are
    important to detect fraud?
  2. Which attributes of the event types are relevant
    to differenciate the groups of events for
    specific use cases just as credit card fraud
    detection?
  3. In which way can the relevant string attributes
    be mapped to metric values?

20
Next Steps
  1. Finishing the realisation of a prototype for the
    discriminant analysis approach based on a CEP
    engine.
  2. Examining the further mentioned algorithms,
    probably at first neuronal networks.
  3. Comparing the performance of the different
    algorithms.
  4. Combining the different solutions to a more
    performant solution.

21
Thank you for your Attention!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2026 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "Identification of Suspicious, Unknown Event Patterns in an Event Cloud" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!