Skip to main content
SpringerLink
Log in

IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud

  • Conference paper
Secure IT Systems (NordSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9417))

Included in the following conference series:

Abstract

IncidentResponseSim is a multi-agent-based simulation tool supporting risk management of online financial services, by performing a risk assessment of the quality of current countermeasures, in the light of the current and emerging threat environment. In this article, we present a set of simulations using incident response trees in combination with a quantitative model for estimating the direct economic consequences. The simulations generate expected fraud, and conditional fraud value at risk, given a specific fraud scenario. Additionally, we present how different trojan strategies result in different conditional fraud value at risk, given the underlying distribution of wealth in the online channel, and different levels of daily transaction limits. Furthermore, we show how these measures can be used together with return on security investment calculations to support decisions about future security investments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ENISA: Methodologies for the identification of critical infrastructure assets (2015)

    Google Scholar 

  2. ECB: Recommendations for the Security of Internet Payments (2013)

    Google Scholar 

  3. ENISA: ENISA Threat Landscape (2014)

    Google Scholar 

  4. FFIEC: Supplement to Authentication in an Internet Banking Environment (2011)

    Google Scholar 

  5. Schneier, B.: Secrets & Lies: Digital Security in a Networked World, pp. 318–333. John Wiley & Sons, New York (2000)

    Google Scholar 

  6. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Edge, K.S., Dalton II, G.C., Raines, R.A., Mills, R.F.: Using attack and protection trees to analyze threats and defenses to homeland security. In: MILCOM. IEEE (2006)

    Google Scholar 

  8. Edge, K.S., Raines, R.A., Grimaila, M., Baldwin, R., Bennington, R., Reuter, C.: The use of protection trees to analyze security for an online banking system. In: The Proceedings of the 40th Hawaii International Conference on System Sciences (2006)

    Google Scholar 

  9. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Pat-Cornell, M.E.: Fault trees vs. event trees in reliability analysis. Journal of Risk Analysis 4(3), 177–186 (1984)

    Article  Google Scholar 

  11. Gorton, D.: Using Incident Response Trees as a Tool for Risk Management of Online Financial Services. Journal of Risk Analysis 34(9), 1763–1774 (2014)

    Article  Google Scholar 

  12. Gorton, D.: Modeling fraud prevention of online services using incident response trees and value at risk. In: The Proceedings of the International Conference on Availability, Reliability and Security (ARES) (2015)

    Google Scholar 

  13. Wikipedia: Online banking. http://en.wikipedia.org/wiki/Online_banking (Accessed: August 30, 2015)

  14. Julisch, K.: Risk-Based Payment Fraud Detection. Research Report, IBM Research, Zurich (2010)

    Google Scholar 

  15. Kaspersky: The Great Bank Robbery: Carbanak cybergang steals \({{{\$}}}1\text{bn}\) from 100 financial institutions worldwide. http://www.kaspersky.com/about/news/virus/2015/Carbanak-cybergang-steals-1-bn-USD-from-100-financial-institutions-worldwide (Accessed: August 30, 2015)

  16. Florncio, D., Cormac, H.: Phishing and money mules. In: IEEE International Workshop on Information Forensics and Security, pp. 1–5 (2010)

    Google Scholar 

  17. Bank For International Settlements: An Explanatory Note on the Basel II IRB Risk Weight Function (2005)

    Google Scholar 

  18. Wikipedia: Agent-based Models. http://en.wikipedia.org/wiki/Agent-based_model (Accessed: August 30, 2015)

  19. Luke, S., Cioffi-Revilla, C., Panait, L., Sullivan, K., Balan, G.: MASON: A Multiagent Simulation Environment. Simulation, 517–527 (2005)

    Google Scholar 

  20. Lopez-Rojas, E.A., Gorton, D., Axelsson, S.: Using the RetSim Simulator for Fraud Detection Research. Int. Journal of Simulation and Process Modeling, 144–155 (2015)

    Google Scholar 

  21. Lopez-Rojas, E.A., Axelsson, S.: BankSim: a bank payment simulation for fraud detection research. In: The 26th European Modeling and Simulation Symposium (EMSS), pp. 144–152 (2014)

    Google Scholar 

  22. ENISA: Introduction to Return on Security Investment (2012)

    Google Scholar 

  23. PandaLabs: PandaLabs Annual Report 2012 Summary (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Safety Research, Department of Transport Science, KTH Royal Institute of Technology, Stockholm, Sweden

    Dan Gorton

Authors
  1. Dan Gorton
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. KTH Royal Institute of Technology , Stockholm, Sweden

    Sonja Buchegger  & Mads Dam  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Gorton, D. (2015). IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud. In: Buchegger, S., Dam, M. (eds) Secure IT Systems. NordSec 2015. Lecture Notes in Computer Science, vol 9417. Springer, Cham. https://doi.org/10.1007/978-3-319-26502-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26502-5_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26501-8

  • Online ISBN: 978-3-319-26502-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation