Advertisement

A Survey on Application of Big Data in Fin Tech Banking Security and Privacy

  • Mahdi Amrollahi
  • Ali Dehghantanha
  • Reza M. PariziEmail author
Chapter
  • 41 Downloads

Abstract

In the present era of information age, with all of the possibilities that information technology has brought to the people, the possibility to take advantage of technology and even criminal acts has been provided. Every day at least one news headlines in the world of malware, viruses, cyber warfare and cyber theft and espionage information is published. Internet banking, Fin Tech banking or FinTech banking has attracted the attention of banks, securities, insurance companies in developing nations since the late 1990s and the rapid and significant growth in electronic sectors and commerce it’s obvious that electronic (online Internet) banking and payments are likely to advance or rapidly increased. Cyber-threats have been successfully targeting the financial sector worldwide and security of FinTech banking.

To be protected from all threats in cyberspace should develop a comprehensive security program that should be used to achieve this goal, the types of crime and cyber wars are known and adopted strategies to overcome them in FinTech-banking as big data media. Big data, both in the real world and in cyberspace, is the most significant challenges in managing large volumes of information.

In this paper, while introducing and identifying FinTech banking malware, botnets and spyware, as the newest Internet threats are considered and their different performance is explained. This malware consists of a network of infected computers connected to the Internet that could be controlled remotely. Many researchers have been done in this area and many methods have been proposed to identify them on the network. However, there is no way to be able to fully carry out raids completely and accurately so far. The way that independent from botnet structure, communicating protocol and acceptable detection rate would be the most suitable criteria. This document presents a review of the work related to FinTech banking cyber security concerns and detection methods.

Keywords

Cyber security FinTech banking malware Big data Detection Spyware 

References

  1. 1.
    L.X. Yang, P. Li, X. Yang, Y.Y. Tang, Security evaluation of the cyber networks under advanced persistent threats. IEEE Access 5, 20111–20123 (2017)CrossRefGoogle Scholar
  2. 2.
    N. Boel, T. Olovsson, in Security and Privacy for Big Data: A Systematic Literature Review. IEEE International Conference on Big Data (2016), pp. 3693–3702Google Scholar
  3. 3.
    CALUPTIX, Top 5 Cyber Attack Types in 2016 So Far (2016), https://www.calyptix.com/top-threats/top-5-cyber-attack-types-in-2016-so-far. Caluptix Security
  4. 4.
    J. Lee, K. Jeong, H. Lee, in Detecting Metamorphic Malwares Using Code Graphs. ACM Symposium on Applied Computing (2010), pp. 1970–1977Google Scholar
  5. 5.
    M. Garnaeva, V. Chebyshev, D. Makrushinand, A. Ivanov, IT Threat Evolution in Q1 2015. Malware report, Kaspersky (2015)Google Scholar
  6. 6.
    V.S. Sathyanarayan, P. Kohli, B. Bruhadeshwar, in Signature Generation and Detection of Malware Families. Australasian Conference on Information Security and Privacy (2008), pp. 336–349Google Scholar
  7. 7.
    S. Morgan, Herjavec Group, 2019 Official Annual Cybercrime Report, Steve Morgan, Editor-in-Chief Cybersecurity Ventures (2019), https://www.HerjavecGroupherjavecgroup.com/wp-content/uploads/2018/12/CV-HG-2019-Official-Annual-Cybercrime-Report.pdf
  8. 8.
    T. Morris, S. Pan, J. Lewis, J. Moorhead, B. Reaves, N. Younan, R. King, M. Freund, V. Madani, in Cyber Security Testing of Substation Phasor Measurement Units and Phasor Data Concentrators. Proceedings of Cyber Security and Information Intelligence Research Workshop (CSIIRW) (2011), pp. 12–14Google Scholar
  9. 9.
    S. Mohammadi, H. Mirvaziri, M.G. Ahsaee, H. Karimipour, Cyber intrusion detection by combined feature selection algorithm. J. Inf. Secur. Appl. 44, 80–88 (2019)Google Scholar
  10. 10.
    E. Modiri Dovom, A. Azmoodeh, A. Dehghantanha, D. Ellison, R. Modiri, H. Karimipour, Fuzzy pattern tree for edge malware detection and categorization in IoT. J. Syst. Archit. 97, 1–7 (2019)CrossRefGoogle Scholar
  11. 11.
    C. Tankard, Big data security. Netw. Secur. 7, 5–8 (2012)Google Scholar
  12. 12.
    C. Everett, Big data–the future of cyber security or its latest threat? Comput. Fraud Secur. 9, 14–17 (2015)CrossRefGoogle Scholar
  13. 13.
    H. Karimipour, A. Dehghantanha, R.M. Parizi, K.R. Choo, H. Leung, A deep and scalable unsupervised machine learning system for cyber-attack detection in large-scale smart grids. IEEE Access 7, 2169–3536 (2019)CrossRefGoogle Scholar
  14. 14.
    B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi, The cousins of Stuxnet: Duqu, Flame, and Gauss. Future Internet 4, 971–1003 (2012)CrossRefGoogle Scholar
  15. 15.
    B. Bencsáth, G. Pék, L. Buttyán, M. Felegyhazi, in Duqu: Analysis, Detection, and Lessons Learned. ACM European Workshop on System Security (EuroSec) (2012)Google Scholar
  16. 16.
    M. Garnaeva, V. Chebyshev, D. Makrushin, R. Unuchek, A. Ivanov, Kaspersky Security Bulletin, Overall statistics for 2014 (2014). https://securelist.com/kaspersky-security-bulletin-2014-overall-statistics-for-2014/68010/68010/
  17. 17.
    Kaspersky Cyber Threat Real-Time Map. https://cybermap.kaspersky.com
  18. 18.
    M. Nadir Bin Ali, M. Emran Hossain, M. Masud Parvez, Design and implementation of a secure campus network. Int. J. Emerg. Technol. Adv. Eng. 5(7) (2015)Google Scholar
  19. 19.
    H. Darabian, S. Homayon, A. Dehghantanha, S. Hashemi, H. Karimipour, Deep learning and machine learning for detecting cryptomining malware: a study on static and dynamic analysis. IEEE Access, 1–13 (2019)Google Scholar
  20. 20.
    Lockheed Martin Corporation, Guide to Cyber security for Financial Services Firms. An eBook by: Lockheed Martin Corporation (2015), http://www.cutoday.info/content/download/26039/218761/version/1/file/Lockheed+Martin+Guide+to+Cybersecurity.pdf
  21. 21.
    AMT - Banking Malware Detector, Minded Security (2017), https://www.mindedsecurity.com/index.php/products/amt-banking-malwaredetector
  22. 22.
    J. Kałużny, M. Olejarka, Script-Based Malware Detection in Online Banking Security Overview (Black Hat Asia, 2015)Google Scholar
  23. 23.
    N. Idika, A. Mathur, A Survey of Malware Detection Techniques (Purdue University, 2007), p. 48Google Scholar
  24. 24.
    M. Behradfar, H. Haddadpajouh, A. Azmoodeh, A. Dehghantanha, H. Karimipour, in RAT Hunter: Building Robust Model for Hunting RAT Based on Optimum Features. 29th Annual International Conference on Computer Science and Software Engineering, Toronto, Canada (2019), pp. 1–10Google Scholar
  25. 25.
    A. Duane, P. Finnegan, in Managing Email Usage: A Cross Case Analysis of Experiences with Electronic Monitoring and Control. 6th International Conference on Electronic commerce (2004), pp. 229–238Google Scholar
  26. 26.
    J.H. Gottschalk, The risks associated with the business use of email. Intellect. Prop. Technol. Law J. 17(7), 16 (2005)Google Scholar
  27. 27.
    T. Micro, Email Reputation Services (2007). Retrieved from: www: https://ers.trendmicro.comGoogle Scholar
  28. 28.
    B. Schneier, Monitoring: network security for the 21st century. Comput. Secur. 20, 491–503 (2001). Retrieved from https://www.schneier.com/academic/paperfiles/paper-msm.pdf CrossRefGoogle Scholar
  29. 29.
    A.S. Ashoor, A. Shaker, S. Gore, in Difference Between Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). International Conference on Network Security and Applications (2011), pp. 497–501Google Scholar
  30. 30.
    Barracuda Networks Inc., Barracuda Email Security Gateway (2017). Retrieved from https://assets.barracuda.com/assets/docs/dms/Barracuda_Email_Security_Gateway_DS_US.pdf
  31. 31.
    J. Ma, L.K. Saul, S. Savage, G.M. Voelker, Beyond Blacklists: Learning Malicious Web Sites from Suspicious URLs (2009). Retrieved from http://cseweb.ucsd.edu/~saul/papers/kdd09_url.pdf
  32. 32.
    A. Zaharia, The Top 10 Most Dangerous Malware That Can Empty Your Bank Account (2016). Retrieved from https://heimdalsecurity.com/blog/topfinancial-malware/
  33. 33.
    Secure Works Counter Threat Unit TM, Banking Botnets Persist Despite Takedowns (2015). Retrieved from https://www.secureworks.com/research/banking-botnets-persist-despite-takedowns
  34. 34.
    M. Kjaersgaard, Everything You Need to Know About the Notorious Zeus Game Over Malware (2014). Retrieved from https://heimdalsecurity.com/blog/zeus-gameover/
  35. 35.
    L. Constantin, Banking Malware Monitors Victims by Hacking Webcams and Microphones (2012). Retrieved from https://www.pcworld.com/article/255979/banking_malware_monitors_victims_by_hijacking_webcams_and_microphones_researchers_say.html
  36. 36.
    A.K. Sood, R.J. Enbody, R. Bansal, Dissecting spy eye–understanding the design of third generation botnets. Comput. Netw. 57(2), 436–450 (2013)CrossRefGoogle Scholar
  37. 37.
    J. Milletary, Citadel trojan malware analysis. Luettu 13 (2014)Google Scholar
  38. 38.
    Unisys Stealth Solution Team, Zeus Malware: Threat Banking Industry (2010). Retrieved from http://botnetlegalnotice.com/citadel/files/Guerrino_Decl_Ex1.pdf
  39. 39.
    M. Christodorescu, S. Jha, S.A. Seshia, D. Song, R.E. Bryant, in Semantics-Aware Malware Detection. 2005 IEEE Symposium on Security and Privacy (S&P’05) (2005), pp. 32–46Google Scholar
  40. 40.
    Z. Bazrafshan, H. Hashemi, S.M. Hazrati Fard, A. Hamzeh, in A Survey on Heuristic Malware Detection Techniques. The 5th Conference on Information and Knowledge Technology, IEEE (2013), pp. 113–120Google Scholar
  41. 41.
    A. Namavarjahromi, J. Sakhnini, H. Karimipour, A. Dehghantanha, in A Deep Unsupervised Representation Learning Approach for Effective Control of Cyber-Physical Systems. 29th Annual International Conference on Computer Science and Software Engineering, Toronto, Canada (2019), pp. 1–10Google Scholar
  42. 42.
    M.R. Begli, F. Derakhshan, H. Karimipour, in A Layered Intrusion Detection System for Critical Infrastructure Using Machine Learning. IEEE International Conference on Smart Energy Grid Engineering (SEGE) (2019), pp. 1–5Google Scholar
  43. 43.
    S. Geris, H. Karimipour, in A Feature Selection-Based Approach for Joint Cyber-Attack Detection and State Estimation. IEEE International Conference on Smart Energy Grid Engineering (SEGE), Oshawa, Canada (2019), pp. 1–5Google Scholar
  44. 44.
    J. Sakhnini, A. Dehghantanha, H. Karimipour, in Smart Grid Cyber Attacks Detection Using Supervised Learning and Heuristic Feature Selection. IEEE International Conference on Smart Energy Grid Engineering (SEGE), Oshawa, Canada (2019), pp. 1–5Google Scholar
  45. 45.
    S. Mohammadi, V. Desai, H. Karimipour, in Multivariate Mutual Information-Based Feature Selection for Cyber Intrusion Detection. IEEE Electrical Power and Energy Conference (EPEC), Toronto, ON (2018), pp. 1–6Google Scholar
  46. 46.
    A. Patcha, J.M. Park, An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)CrossRefGoogle Scholar
  47. 47.
    S. Dubey, N. Tripathi, A survey on intrusion detection systems. Int. J. Sci. Res. Sci. Eng. Technol. 1, 29–40 (2015)Google Scholar
  48. 48.
    P.D. Kumar, A. Nema, R. Kumar, in Hybrid Analysis of Executables to Detect Security Vulnerabilities: Security Vulnerabilities. Proceedings of the 2nd India Software Engineering Conference ACM (2009), pp. 141–142Google Scholar
  49. 49.
    S. Choudhary, R. Saroha, M.S. Beniwal, How anti-virus software works? Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(4), 5–7 (2013)Google Scholar
  50. 50.
    Hooking the System Service Dispatch Table (2014), INFOSEC, http://resources.infosecinstitute.com/hooking-system-service-dispatch-table-ssdt
  51. 51.
    N. Grebennikov, Keyloggers: How they work and how to detect them, securelist (2007), https://securelist.com/analysis/publications/36138/keyloggers-how-they-work-and-how-to-detect-them-part-1
  52. 52.
  53. 53.
    I. Georgiev, D. Marc Eng, Schaaf, Cyber Security Fraud Prevention Using Data Analytics Developing a Layered Framework with Preconditions to Enable Fraud Identification in Bank Sector (2017). 10.13140/RG.2.2.21343.76965Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.School of Engineering, University of GuelphGuelphCanada
  2. 2.Cyber Science Lab, School of Computer Science, University of GuelphGuelphCanada
  3. 3.College of Computer and Software Engineering, Kennesaw State UniversityMariettaUSA

Personalised recommendations