Specification and Implementation of a Data Generator to Simulate Fraudulent User Behavior

  • Galina Baader
  • Robert Meyer
  • Christoph Wagner
  • Helmut Krcmar
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 255)


Fraud is a widespread international problem for enterprises. Organizations increasingly use self-learning classifiers to detect fraud. Such classifiers need training data to successfully distinguish normal from fraudulent behavior. However, data containing authentic fraud scenarios is often not available for researchers. Therefore, we have implemented a data generation tool, which simulates fraudulent and non-fraudulent user behavior within the purchase-to-pay business process of an ERP system. We identified fraud scenarios from literature and implemented them as automated routines using SAP’s programming language ABAP. The data generated can be used to train fraud detection classifiers as well as to benchmark existing ones.


Data generation Fraud scenarios User simulation SAP ERP Purchase-to-pay process ABAP BAPI BDC 


  1. 1.
    ACFE: Report to the Nations on Occupational Fraud and Abuse (Association of Certified Fraud Examiners). Report, Austin, USA (2014)Google Scholar
  2. 2.
    Phua, C., Lee, V., Smith, K., Gayer, R.: A comprehensive survey of data mining-based fraud detection research. In: Intelligent Computation Technology and Automation (ICICTA), pp. 1–14. IEEE Press, Changsha, China (2010)Google Scholar
  3. 3.
    Barse, E.L., Kvarnström, H., Jonsson E.: Synthesizing test data for fraud detection systems. In: 19th Annual Computer Security Applications Conference (ACSAC), pp. 384–394. IEEE Press, Las Vegas, Nevada (2003)Google Scholar
  4. 4.
    Yannikos, Y., Franke, F., Winter, C., Schneider, M.: 3LSPG: forensic tool evaluation by three layer stochastic process-based generation of data. In: Sako, H., Franke, K.Y., Saitoh, S. (eds.) IWCF 2010. LNCS, vol. 6540, pp. 200–211. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Luell, J.: Employee fraud detection under real world conditions. In: Faculty of Economics, Doctoral dissertation, University of Zurich: Zurich, (2010)Google Scholar
  6. 6.
    Islam, A.K., Corney, M., Mohay, G., Clark, A., Bracher, S., Raub, T., Flegel, U.: Fraud detection in ERP systems using scenario matching. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 112–123. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Hevner, A.R., March, S., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)Google Scholar
  8. 8.
    Webster, J., Watson, R.: Analysing the past to prepare for the future: writing a literature review. MIS Q. 26(2), xiii–xxiii (2002)Google Scholar
  9. 9.
    Lundin, E., Kvarnström, H., Jonsson, E.: A synthetic fraud data generation methodology. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 265–277. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Chinchani, R., Muthukrishnan, A., Chandrasekaran, M., Upadhyaya, S.: RACOON: rapidly generating user command data for anomaly detection from customizable template. In: 20th Annual Computer Security Applications Conference, pp. 189–202. Tucson, Arizona (2004)Google Scholar
  11. 11.
    Greenberg, S.: Using Unix: Collected Traces of 168 Users. Department of Computer Science, University of Calgary, Calgary (1988)Google Scholar
  12. 12.
  13. 13.
    Griffin, R.: Using big data to combat enterprise fraud. Financ. Exec. Int. 28(10), 44–47 (2012)Google Scholar
  14. 14.
    Mercuri, R.T.: On auditing audit trails. Commun. ACM 46(1), 17–20 (2003)CrossRefGoogle Scholar
  15. 15.
    Maxion, R.A., Tan, K.M.C.: Benchmarking anomaly-based detection systems. In: International Conference on Dependable Systems and Networks (DSN), New York, pp 623–630 (2000)Google Scholar
  16. 16.
    Hall, J.A.: Accounting Information Systems. Cengage Learning, Mason (2011)Google Scholar
  17. 17.
    Porter, M.E.: Competitive Advantage: Creating and Sustaining Superior Performance. Free Press, New York (1998)CrossRefGoogle Scholar
  18. 18.
    Bönner, A., Riedl, M., Wenig, S.: Digitale SAP-Massendatenanalyse. Erich Schmidt Verlag, Berlin (2011)Google Scholar
  19. 19.
    SAP TERP10: SAP ERP - Integration von Geschäftsprozessen. SAP AG, o.O. (2012)Google Scholar
  20. 20.
  21. 21.
  22. 22.
  23. 23.
  24. 24.
  25. 25.
    Wegelin, M., Englbrecht, M.: SAP-Schnittstellenprogrammierung. Galileo Press, Bonn (2009)Google Scholar
  26. 26.
  27. 27.
  28. 28.
  29. 29.
    Jonsson, E., Lundin, E., Kvarnström H.: Combining fraud and intrusion detection - meeting new requirements. In: 5th Nordic Workshop on Secure IT-Systems (NORDSEC), p.o.S. Reykjavik, Iceland (2000)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Galina Baader
    • 1
  • Robert Meyer
    • 1
  • Christoph Wagner
    • 1
  • Helmut Krcmar
    • 1
  1. 1.TU Munich, Information SystemsMunichGermany

Personalised recommendations