Early detection of fraud storms in the cloud

Hani Neuvirth; Yehuda Finkelstein; Amit Hilbuch; Shai Nahum; Daniel Alon; Elad Yom-Tov

doi:10.1007/978-3-319-23461-8_4

Early detection of fraud storms in the cloud

Hani Neuvirth
, Yehuda Finkelstein
, Amit Hilbuch
, Shai Nahum
, Daniel Alon
, Elad Yom-Tov

Microsoft USA

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Cloud computing resources are sometimes hijacked for fraudulent use. While some fraudulent use manifests as a small-scale resource consumption, a more serious type of fraud is that of fraud storms, which are events of large-scale fraudulent use. These events begin when fraudulent users discover new vulnerabilities in the sign up process, which they then exploit in mass. The ability to perform early detection of these storms is a critical component of any cloud-based public computing system. In this work we analyze telemetry data from Microsoft Azure to detect fraud storms and raise early alerts on sudden increases in fraudulent use. The use of machine learning approaches to identify such anomalous events involves two inherent challenges: the scarcity of these events, and at the same time, the high frequency of anomalous events in cloud systems. We compare the performance of a supervised approach to the one achieved by an unsupervised, multivariate anomaly detection framework. We further evaluate the system performance taking into account practical considerations of robustness in the presence of missing values, and minimization of the model’s data collection period. This paper describes the system, as well as the underlying machine learning algorithms applied. A beta version of the system is deployed and used to continuously control fraud levels in Azure.

Original language	English
Title of host publication	Machine Learning and Knowledge Discovery in Databases - European Conference, ECML PKDD 2015, Proceedings
Editors	Albert Bifet, Albert Bifet, Albert Bifet, Albert Bifet, Michael May, Michael May, Michael May, Michael May, Bianca Zadrozny, Bianca Zadrozny, Bianca Zadrozny, Bianca Zadrozny, Ricard Gavalda, Ricard Gavalda, Ricard Gavalda, Ricard Gavalda, Dino Pedreschi, Dino Pedreschi, Dino Pedreschi, Dino Pedreschi, Francesco Bonchi, Francesco Bonchi, Francesco Bonchi, Francesco Bonchi, Jaime Cardoso, Jaime Cardoso, Jaime Cardoso, Jaime Cardoso, Myra Spiliopoulou, Myra Spiliopoulou, Myra Spiliopoulou, Myra Spiliopoulou
Publisher	Springer Verlag
Pages	53-67
Number of pages	15
ISBN (Print)	9783319234601, 9783319234601, 9783319234601, 9783319234601
DOIs	https://doi.org/10.1007/978-3-319-23461-8_4
State	Published - 2015
Externally published	Yes
Event	15th Joint European Conference on Machine Learning and Knowledge Discovery in Databases, ECML PKDD 2015 - Porto, Portugal Duration: 7 Sep 2015 → 11 Sep 2015

Publication series

Name	Lecture Notes in Computer Science
Volume	9286
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	15th Joint European Conference on Machine Learning and Knowledge Discovery in Databases, ECML PKDD 2015
Country/Territory	Portugal
City	Porto
Period	7/09/15 → 11/09/15

Bibliographical note

Publisher Copyright:
© Springer International Publishing Switzerland 2015.

Access to Document

10.1007/978-3-319-23461-8_4

Cite this

Neuvirth, H., Finkelstein, Y., Hilbuch, A., Nahum, S., Alon, D., & Yom-Tov, E. (2015). Early detection of fraud storms in the cloud. In A. Bifet, A. Bifet, A. Bifet, A. Bifet, M. May, M. May, M. May, M. May, B. Zadrozny, B. Zadrozny, B. Zadrozny, B. Zadrozny, R. Gavalda, R. Gavalda, R. Gavalda, R. Gavalda, D. Pedreschi, D. Pedreschi, D. Pedreschi, D. Pedreschi, F. Bonchi, F. Bonchi, F. Bonchi, F. Bonchi, J. Cardoso, J. Cardoso, J. Cardoso, J. Cardoso, M. Spiliopoulou, M. Spiliopoulou, M. Spiliopoulou, ... M. Spiliopoulou (Eds.), Machine Learning and Knowledge Discovery in Databases - European Conference, ECML PKDD 2015, Proceedings (pp. 53-67). Article A4 (Lecture Notes in Computer Science; Vol. 9286). Springer Verlag. https://doi.org/10.1007/978-3-319-23461-8_4

Neuvirth, Hani ; Finkelstein, Yehuda ; Hilbuch, Amit et al. / Early detection of fraud storms in the cloud. Machine Learning and Knowledge Discovery in Databases - European Conference, ECML PKDD 2015, Proceedings. editor / Albert Bifet ; Albert Bifet ; Albert Bifet ; Albert Bifet ; Michael May ; Michael May ; Michael May ; Michael May ; Bianca Zadrozny ; Bianca Zadrozny ; Bianca Zadrozny ; Bianca Zadrozny ; Ricard Gavalda ; Ricard Gavalda ; Ricard Gavalda ; Ricard Gavalda ; Dino Pedreschi ; Dino Pedreschi ; Dino Pedreschi ; Dino Pedreschi ; Francesco Bonchi ; Francesco Bonchi ; Francesco Bonchi ; Francesco Bonchi ; Jaime Cardoso ; Jaime Cardoso ; Jaime Cardoso ; Jaime Cardoso ; Myra Spiliopoulou ; Myra Spiliopoulou ; Myra Spiliopoulou ; Myra Spiliopoulou. Springer Verlag, 2015. pp. 53-67 (Lecture Notes in Computer Science).

@inproceedings{4faa5cbc4f1a425d8b9acd8a17e7cafe,

title = "Early detection of fraud storms in the cloud",

abstract = "Cloud computing resources are sometimes hijacked for fraudulent use. While some fraudulent use manifests as a small-scale resource consumption, a more serious type of fraud is that of fraud storms, which are events of large-scale fraudulent use. These events begin when fraudulent users discover new vulnerabilities in the sign up process, which they then exploit in mass. The ability to perform early detection of these storms is a critical component of any cloud-based public computing system. In this work we analyze telemetry data from Microsoft Azure to detect fraud storms and raise early alerts on sudden increases in fraudulent use. The use of machine learning approaches to identify such anomalous events involves two inherent challenges: the scarcity of these events, and at the same time, the high frequency of anomalous events in cloud systems. We compare the performance of a supervised approach to the one achieved by an unsupervised, multivariate anomaly detection framework. We further evaluate the system performance taking into account practical considerations of robustness in the presence of missing values, and minimization of the model{\textquoteright}s data collection period. This paper describes the system, as well as the underlying machine learning algorithms applied. A beta version of the system is deployed and used to continuously control fraud levels in Azure.",

author = "Hani Neuvirth and Yehuda Finkelstein and Amit Hilbuch and Shai Nahum and Daniel Alon and Elad Yom-Tov",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 15th Joint European Conference on Machine Learning and Knowledge Discovery in Databases, ECML PKDD 2015 ; Conference date: 07-09-2015 Through 11-09-2015",

year = "2015",

doi = "10.1007/978-3-319-23461-8\_4",

language = "אנגלית",

isbn = "9783319234601",

series = "Lecture Notes in Computer Science",

publisher = "Springer Verlag",

pages = "53--67",

editor = "Albert Bifet and Albert Bifet and Albert Bifet and Albert Bifet and Michael May and Michael May and Michael May and Michael May and Bianca Zadrozny and Bianca Zadrozny and Bianca Zadrozny and Bianca Zadrozny and Ricard Gavalda and Ricard Gavalda and Ricard Gavalda and Ricard Gavalda and Dino Pedreschi and Dino Pedreschi and Dino Pedreschi and Dino Pedreschi and Francesco Bonchi and Francesco Bonchi and Francesco Bonchi and Francesco Bonchi and Jaime Cardoso and Jaime Cardoso and Jaime Cardoso and Jaime Cardoso and Myra Spiliopoulou and Myra Spiliopoulou and Myra Spiliopoulou and Myra Spiliopoulou",

booktitle = "Machine Learning and Knowledge Discovery in Databases - European Conference, ECML PKDD 2015, Proceedings",

address = "גרמניה",

}

Neuvirth, H, Finkelstein, Y, Hilbuch, A, Nahum, S, Alon, D & Yom-Tov, E 2015, Early detection of fraud storms in the cloud. in A Bifet, A Bifet, A Bifet, A Bifet, M May, M May, M May, M May, B Zadrozny, B Zadrozny, B Zadrozny, B Zadrozny, R Gavalda, R Gavalda, R Gavalda, R Gavalda, D Pedreschi, D Pedreschi, D Pedreschi, D Pedreschi, F Bonchi, F Bonchi, F Bonchi, F Bonchi, J Cardoso, J Cardoso, J Cardoso, J Cardoso, M Spiliopoulou, M Spiliopoulou, M Spiliopoulou & M Spiliopoulou (eds), Machine Learning and Knowledge Discovery in Databases - European Conference, ECML PKDD 2015, Proceedings., A4, Lecture Notes in Computer Science, vol. 9286, Springer Verlag, pp. 53-67, 15th Joint European Conference on Machine Learning and Knowledge Discovery in Databases, ECML PKDD 2015, Porto, Portugal, 7/09/15. https://doi.org/10.1007/978-3-319-23461-8_4

Early detection of fraud storms in the cloud. / Neuvirth, Hani; Finkelstein, Yehuda; Hilbuch, Amit et al.
Machine Learning and Knowledge Discovery in Databases - European Conference, ECML PKDD 2015, Proceedings. ed. / Albert Bifet; Albert Bifet; Albert Bifet; Albert Bifet; Michael May; Michael May; Michael May; Michael May; Bianca Zadrozny; Bianca Zadrozny; Bianca Zadrozny; Bianca Zadrozny; Ricard Gavalda; Ricard Gavalda; Ricard Gavalda; Ricard Gavalda; Dino Pedreschi; Dino Pedreschi; Dino Pedreschi; Dino Pedreschi; Francesco Bonchi; Francesco Bonchi; Francesco Bonchi; Francesco Bonchi; Jaime Cardoso; Jaime Cardoso; Jaime Cardoso; Jaime Cardoso; Myra Spiliopoulou; Myra Spiliopoulou; Myra Spiliopoulou; Myra Spiliopoulou. Springer Verlag, 2015. p. 53-67 A4 (Lecture Notes in Computer Science; Vol. 9286).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Early detection of fraud storms in the cloud

AU - Neuvirth, Hani

AU - Finkelstein, Yehuda

AU - Hilbuch, Amit

AU - Nahum, Shai

AU - Alon, Daniel

AU - Yom-Tov, Elad

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Cloud computing resources are sometimes hijacked for fraudulent use. While some fraudulent use manifests as a small-scale resource consumption, a more serious type of fraud is that of fraud storms, which are events of large-scale fraudulent use. These events begin when fraudulent users discover new vulnerabilities in the sign up process, which they then exploit in mass. The ability to perform early detection of these storms is a critical component of any cloud-based public computing system. In this work we analyze telemetry data from Microsoft Azure to detect fraud storms and raise early alerts on sudden increases in fraudulent use. The use of machine learning approaches to identify such anomalous events involves two inherent challenges: the scarcity of these events, and at the same time, the high frequency of anomalous events in cloud systems. We compare the performance of a supervised approach to the one achieved by an unsupervised, multivariate anomaly detection framework. We further evaluate the system performance taking into account practical considerations of robustness in the presence of missing values, and minimization of the model’s data collection period. This paper describes the system, as well as the underlying machine learning algorithms applied. A beta version of the system is deployed and used to continuously control fraud levels in Azure.

AB - Cloud computing resources are sometimes hijacked for fraudulent use. While some fraudulent use manifests as a small-scale resource consumption, a more serious type of fraud is that of fraud storms, which are events of large-scale fraudulent use. These events begin when fraudulent users discover new vulnerabilities in the sign up process, which they then exploit in mass. The ability to perform early detection of these storms is a critical component of any cloud-based public computing system. In this work we analyze telemetry data from Microsoft Azure to detect fraud storms and raise early alerts on sudden increases in fraudulent use. The use of machine learning approaches to identify such anomalous events involves two inherent challenges: the scarcity of these events, and at the same time, the high frequency of anomalous events in cloud systems. We compare the performance of a supervised approach to the one achieved by an unsupervised, multivariate anomaly detection framework. We further evaluate the system performance taking into account practical considerations of robustness in the presence of missing values, and minimization of the model’s data collection period. This paper describes the system, as well as the underlying machine learning algorithms applied. A beta version of the system is deployed and used to continuously control fraud levels in Azure.

UR - https://www.scopus.com/pages/publications/84983762651

U2 - 10.1007/978-3-319-23461-8_4

DO - 10.1007/978-3-319-23461-8_4

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84983762651

SN - 9783319234601

T3 - Lecture Notes in Computer Science

SP - 53

EP - 67

BT - Machine Learning and Knowledge Discovery in Databases - European Conference, ECML PKDD 2015, Proceedings

A2 - Bifet, Albert

A2 - May, Michael

A2 - Zadrozny, Bianca

A2 - Gavalda, Ricard

A2 - Pedreschi, Dino

A2 - Bonchi, Francesco

A2 - Cardoso, Jaime

A2 - Spiliopoulou, Myra

PB - Springer Verlag

T2 - 15th Joint European Conference on Machine Learning and Knowledge Discovery in Databases, ECML PKDD 2015

Y2 - 7 September 2015 through 11 September 2015

ER -

Neuvirth H, Finkelstein Y, Hilbuch A, Nahum S, Alon D, Yom-Tov E. Early detection of fraud storms in the cloud. In Bifet A, Bifet A, Bifet A, Bifet A, May M, May M, May M, May M, Zadrozny B, Zadrozny B, Zadrozny B, Zadrozny B, Gavalda R, Gavalda R, Gavalda R, Gavalda R, Pedreschi D, Pedreschi D, Pedreschi D, Pedreschi D, Bonchi F, Bonchi F, Bonchi F, Bonchi F, Cardoso J, Cardoso J, Cardoso J, Cardoso J, Spiliopoulou M, Spiliopoulou M, Spiliopoulou M, Spiliopoulou M, editors, Machine Learning and Knowledge Discovery in Databases - European Conference, ECML PKDD 2015, Proceedings. Springer Verlag. 2015. p. 53-67. A4. (Lecture Notes in Computer Science). doi: 10.1007/978-3-319-23461-8_4

Early detection of fraud storms in the cloud

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this