Projet de recherche doctoral numero :4502


Date depot: 1 janvier 1900
Titre: A Generic Framework for Functional Fraud Detection
Directeur de thèse: Pietro MICHIARDI (Eurecom)
Directeur de thèse: Maurizio FILIPPONE (Eurecom)
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Non defini

Resumé: The airline industry is exposed to numerous external factors such as the global economy, the exchange rate fluctuation and fuel costs. Besides these elements, fraud is a persistent threat that causes important financial losses. In 2008, for example, airlines lost around USD1.4 billion to fraud [1], representing 1.3% of the world total airline revenues. The average attack rate is about 1% - 1.5% of revenue. In some regions, including Middle East and Latin America, this rate even reaches 3% - 4% of the revenue. Among different kinds of frauds, the following are the most common in the airline industry: • Payment Frauds: these are the classical frauds, aiming at subverting payment systems, which can affect both end-users and service providers. For this family of frauds, known techniques from the vast literature of financial fraud detection can be applied, and are thus not the main focus of this Thesis proposal. • Booking Frauds: this family of frauds aim at misusing booking systems by altering passenger name records or related information. As the name implies, this kind of frauds targets a very specific kind of information, which could limit the applicability of detection techniques in a general context. As a consequence, also this kind of frauds will not be the main focus of this Thesis proposal. • Functional Frauds: this family of frauds are the most complex and general, as they derive from an improper use of the service APIs exposed by potentially all components of a system. For example, there can be frauds targeted at the authentication and security services, at corporate booking services, and even frauds originating from bot-traffic that strives at scraping financially sensitive data and sell them on the black market. Most of previous works dealing with fraud detection are rule based system. Typically, a static set a predefined rules is specified by an application expert, based on domain knowledge or information from what have been used to commit fraud in the past. The main drawbacks of the rule based approach is that the static rules requires a manual update. As soon as a business is able to figure out a new feature that will help catch future fraud attempts, someone has to take extra steps to create new rules.

Doctorant.e: Domingues Remi