Analysis and Consideration of Detection Methods to Prevent Fraudulent Access by Utilizing Attribute Information and the Access Log History

Abstract

Fraudulent access by way of nInternet banking, credit cards and e-commerce are a serious problem. Fraudsters intend to steal credentials and log in to these websites in many ways such as phishing, malware infection, list based attack etc. There are products and services to prevent fraudulent access like fraud detection software and multi-factor authentication, however these have issues such as installation costs, detection accuracy and operation cost. Some security vendors provide client-side software to prevent fraud, but it is usually difficult for the companies to compel their end-users to install additional software because it may cause trouble and decrease usability. Regarding these issues we are researching an effective fraud detection method using server-side log information. In this paper, we show results from analyzing the attacker device attribute information and the environmental differences between genuine users and fraudsters based on the access log history from actual services and found that the attacker's environment changes year by year. We also discuss the effectiveness of the fraud detection methods described in previous research and effective detection methods utilizing real-world data.