Abstract
ERP systems generally implement controls to prevent certain common kinds of fraud. In addition however, there is an imperative need for detection of more sophisticated patterns of fraudulent activity as evidenced by the legal requirement for company audits and the common incidence of fraud. This paper describes the design and implementation of a framework for detecting patterns of fraudulent activity in ERP systems. We include the description of six fraud scenarios and the process of specifying and detecting the occurrence of those scenarios in ERP user log data using the prototype software which we have developed. The test results for detecting these scenarios in log data have been verified and confirm the success of our approach which can be generalized to ERP systems in general.
Chapter PDF
Similar content being viewed by others
References
Mohay, G., Anderson, A., Collie, B., De Vel, O., McKemmish, R.: Computer and Intrusion Forensics. Artech House (2003)
Coderre, D.G.: Fraud Detection: Using Data Analysis Techniques to Detect Fraud. Global Audit Publications, Canada (1999)
Porras, P.A., Kemmerer, R.A.: Penetration State Transition Analysis: A Rule-Based Intrusion Detection Approach. In: Computer Security Applications Conference (1992)
Michel, C., Mé, L.: ADeLe: an Attack Description Language for Knowledge-Based Intrusion Detection. In: ICIS, pp. 353–368. Kluwer, Dordrecht (2001)
Cuppens, F., Ortalo, R.: LAMBDA: A Language to Model a Database for Detection of Attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)
Pouzol, J., Ducasé, M.: From Declarative Signatures to Misuse IDS. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 1–21. Springer, Heidelberg (2001)
Meier, M.: A Model for the Semantics of Attack Signatures in Misuse Detection Systems. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 158–169. Springer, Heidelberg (2004)
Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. In: IEEE Symposium on Security and Privacy, p. 16. IEEE Computer Society, Washington (1993)
Vigna, G., Kemmerer, R.A.: NetSTAT: A Network-Based Intrusion Detection Approach. In: 14th ACSAC, p. 25. IEEE Computer Society, Washington (1998)
Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: National Information Systems Security Conference, NIST/National Computer Security Center, pp. 353–365 (1997)
Cheung, S., Lindqvist, U., Fong, M.W.: Modeling Multistep Cyber Attacks for Scenario Recognition. In: DARPA Information Survivability Conference and Exposition (DISCEX III), pp. 284–292 (2003)
Yang, J., Ning, P., Wang, X.S., Jajodia, S.: CARDS: A Distributed System for Detecting Coordinated Attacks. In: IFIP TC11 16th Annual Working Conference on Information Security, pp. 171–180 (2000)
Eckmann, S.T., Vigna, G., Kemmerer, R.A.: STATL: An Attack language for State-based Intrusion Detection. In: ACM Workshop on Intrusion Detection Systems (2000)
Meier, M., Schmerl, S., Koenig, H.: Improving the Efficiency of Misuse Detection. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 188–205. Springer, Heidelberg (2005)
Schmerl, S., Koenig, H., Flegel, U., Meier, M.: Simplifying Signature Engineering by Reuse. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 436–450. Springer, Heidelberg (2006)
Abbott, J., Bell, J., Clark, A., de Vel, O., Mohay, G.: Automated Recognition of Event Scenarios for Digital Forensics. In: ACM Symposium on Applied Computing, pp. 293–300. ACM, New York (2006)
Flegel, U.: Privacy-Respecting Intrusion Detection. In: Advances in Information Security, vol. 35, p. 307. Springer, Heidelberg (2007)
Zimmer, D.: A Meta-Model for the Definition of the Semantics of Complex Events in Active Database Management Systems. PhD Thesis, University of Paderborn (1998)
Lundin, E., Kvarnstrom, H., Jonsson, E.: A synthetic fraud data generation methodology. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 265–277. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Islam, A.K. et al. (2010). Fraud Detection in ERP Systems Using Scenario Matching. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds) Security and Privacy – Silver Linings in the Cloud. SEC 2010. IFIP Advances in Information and Communication Technology, vol 330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15257-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-15257-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15256-6
Online ISBN: 978-3-642-15257-3
eBook Packages: Computer ScienceComputer Science (R0)