Transaction Mining for Fraud Detection in ERP Systems |
Khan, Roheena
(Information Security Institute Queensland University of Technology)
Corney, Malcolm (Information Security Institute Queensland University of Technology) Clark, Andrew (Information Security Institute Queensland University of Technology) Mohay, George (Information Security Institute Queensland University of Technology) |
1 | Best, P. J., Rikhardsson, P., and Toleman, M. (2009), Continuous fraud detection in enterprise systems through audit trail analysis, The Journal of Digital Forensics, Security and Law, 4(1), 39-60. |
2 | Bingi, P., Sharma, M. K. and Godla, J. K. (1999), Critical issues affecting an ERP implementation, Information Systems Management, 16(3), 7-14. DOI ScienceOn |
3 | Bolton, R. and Hand, D. (2002), Statistical fraud detection: A review, Statistical Science, 17(3), 235-249. DOI |
4 | Cahill, M., Lambert, D., Pinheiro, J. and Sun, D. (2002), Detecting fraud in the real world, In J. Abello, P. Pardalos and M. Resende (ed), Handbook of Massive Datasets (Netherlands: Kluwer Academic Publishers), chapter 26, 911-929. |
5 | Cohen, W. (1995), Fast effective rule induction, Proceedings of 12th International Conference on Machine Learning, San Francisco, CA, 115-123. |
6 | Cortes, C., Pregibon, D. and Volinsky, C. (2003), Computational methods for dynamic graphs, Journal of Computational and Graphical Statistics, 12(4), 950- 970. DOI ScienceOn |
7 | ACFE. (2006), ACFE report to the nation, http://www. acfe.com/documents/2006-rttn.pdf. |
8 | ACFE. (2008), ACFE report to the nation, http://www. acfe.com/documents/2008-rttn.pdf. |
9 | Albrecht, W. S., Albrecht, C. C., Albrecht, C. O., and Zimbelman, M. F. (2009), Fraud Examination, So uth-Western Cengage Learning, Mason, OH. |
10 | Vaidya, J., Atluri, V., Guo, Q. and Adam, N. (2008), Migrating to optimal RBAC with minimal perturbation, Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, 11-20. |
11 | Vaidya, J., Atluri, V. and Warner, J. (2006), RoleMiner: Mining roles using subset enumeration, Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, 144-153. |
12 | Valdes, A. and Anderson, D. (1994), Statistical methods for computer usage anomaly detection using NID ES (Next-Generation Intrusion Detection Expert System), Proceedings of RSSC'94, 3rd International Workshop on Rough Sets and Soft Computing, San Jose, CA, 104-111. |
13 | Schlegelmilch, J. and Steffens, U. (2005), Role mining with ORCA, Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, 168-176. |
14 | Wells, J. T. (2008), Principles of Fraud Examination, John Wiley, Hoboken, N.J. |
15 | Zhang, D., Ramamohanarao, K. and Ebringer, T. (2007), Role engineering using graph optimization, Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, 139-144. |
16 | Schaad, A., Moffett, J. and Jacob, J. (2001), The rolebased access control system of a European bank: a case study and discussion, Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, Chantilly, VA, 3-9. |
17 | Shin, D., Ahn, G.-J., Cho, S., and Jin, S. (2003), On modeling system-centric information for role engineering, Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, 169-178. |
18 | Srinidhi, B. (1994), The influence of segregation of duties on internal control judgments, Journal of Accounting, Auditing and Finance, 9(3), 423-444. DOI |
19 | Major, J. A. and Riedinger, D. R. (1992), EFD: a hybrid knowledge/statistical-based system for the detection of fraud, International Journal of Intelligent Systems, 7(7), 687-703. DOI |
20 | Standards Australia (2008), Australian Standard AS 8001-2008 Fraud and Corruption Control, http:// www.saiglobal.com/PDFTemp/Previews/OSH/AS/ AS8000/8000/8001-2008.pdf. |
21 | Martin, K., Dalia, S. and Gerhard, S. (2003), Role mining- revealing business roles for security administration using data mining technology, Proceedings of the 8th ACM symposium on Access control models and technologies, Como, Italy. |
22 | McCue, C. (2007), Data Mining and Predictive Analysis: Intelligence Gathering and Crime Analysis, Butterworth-Heinemann, Boston. |
23 | Mohay, G. M., Anderson, A., Collie, B. and Vel, O. d. (2003), Computer and Intrusion Forensics, Artech House, Massachusetts, USA. |
24 | Oh, S. H. and Lee, W. (2003), An anomaly intrusion detection method by clustering normal user behavior, Computers and Security, 22(7), 596-612. DOI ScienceOn |
25 | Phua, C., Lee, V., Smith, K. and Gayler, R. (2005), A comprehensive survey of data mining-based fraud detection research, http://search.informit.com.au.ez p01.library.qut.edu.au/search; res = CINCH; search = DN = 56589. |
26 | Quinlan, J. R. (1993), C4.5: Programs for Machine Learning, Morgan Kaufmann Publishers, San mateo, CA. |
27 | SAP. (2007), Course ADM940, ABAP AS Authorization Concept-SAP NetWeaver, SAP AG. |
28 | Ryan, J., Lin, M., and Miikkulainen, R. (1998), Intrusion detection with neural networks, Proceedings of the 1997 conference on Advances in neural information processing systems Denver, Colorado, 72-79. |
29 | Sandhu, R., Bhamidipati, V. and Munawer, Q. (1999), The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security, 2(1), 105-135. DOI |
30 | Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996), Role-based access control models, Computer, 29(2), 38-47. DOI ScienceOn |
31 | Kumar, S. and Spafford, E. (1994), A pattern matching model for misuse intrusion detection, Proceedings of the Seventeenth National Computer Security Conference, New Orleans, LA, 11-21. |
32 | Lane, T. and Brodley, C. E. (2003), An empirical study of two approaches to sequence learning for anomaly detection, Machine Learning, 51(1), 73-107. DOI ScienceOn |
33 | Lee, W. and Stolfo, S. J. (1998), Data mining appro-aches for intrusion detection, Proceedings of the Seventh USENIX Security Symposium, San Antonio, TX, 79- 93. |
34 | Khan, R. Q., Corney, M. W., Clark, A. J., and Mohay, G. M. (2009), A role mining inspired approach to representing user behaviour in ERP systems, Proceedings of the 10th Asia Pacific Industrial Engineering and Management Systems Conference, Kitakyushu, Fukuoka, 2541-2552. |
35 | Little, A. G. and Best, P. J. (2003), A framework for separation of duties in an SAP R/3 environment, Managerial Auditing Journal, 18(5), 419-430. DOI ScienceOn |
36 | Lu, F., Boritz, J., and Covvey, D. (2006), Adaptive fraud detection using Benford's law, In (ed), Advances in Artificial Intelligence: Proceedings of the 19th Conference of the Canadian Society for Computational Studies of Intelligence, chapter 30, 347-358. |
37 | Ju, W.-H. and Vardi, Y. (2001), A hybrid high-order markov chain model for computer intrusion detection, Journal of Computational and Graphical Statistics, 10(2), 277-295. DOI ScienceOn |
38 | KPMG. (2006), KPMG 2006 fraud survey, www.kpmg.com.au. |
39 | Kuhlmann, M., Shohat, D. and Schimpf, G. (2003), Role mining-revealing business roles for security administration using data mining technology, Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, 179- 186. |
40 | Kruegel, C. and Vigna, G. (2003), Anomaly detection of web-based attacks, Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, 251-261. |
41 | Kuhn, D. R. (1997), Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the 2nd ACM workshop on Role Based Access Control, Fairfax, VA, 23-30. |
42 | Haelst, W. and Jansen, K. (1997), Control and audit of SAP R/3 logical access security, Information Systems Audit and Control Journal, 3(1), 37-44. |
43 | Haixun, W., Hao, H., Jun, Y., Philip, S. Y. and Jeffrey Xu, Y. (2006), Dual labeling: Answering graph reachability queries in constant time, Proceedings of the 22nd IEEE International Conference on Data Engineering, Atlanta, Georgia, 75-87. |
44 | Hassibi, K. (2000), Detecting payment card fraud with neural networks, In P. J. G. Lisboa, A.Vellido and B.Edisbury (ed), Business Applications of Neural Networks (Singapore: World Scientific), chapter 9, 141-157. |
45 | Cox, K. C., Eick, S. G. and Wills, G. J. (1997), Visual data mining: recognizing telephone calling fraud, Data Mining and Knowledge Discovery, 1(2), 225- 31. DOI ScienceOn |
46 | Huang, S.-M., Hsieh, P.-G., Tsao, H.-H. and Hsu, P.-Y. (2008), A structural study of internal control for ERP system environments: A perspective from the Sarbanes-Oxley Act, International Journal of Management and Enterprise Development, 5(1), 102- 121. DOI ScienceOn |
47 | Ilgun, K., Kemmerer, R. A. and Porras, P. A. (1995), State transition analysis: a rule-based intrusion detection approach, IEEE Transactions on Software Engineering, 21(3), 181-99. DOI ScienceOn |
48 | Cox, E. (1995), A fuzzy system for detecting anomalous behaviour in healthcare provider claims, In S. Goonatilake and P.Treleaven (ed), Intelligent Systems for Finance and Business (New York: John Wiley and Sons Ltd), chapter 7, 111-134. |
49 | Coyne, E. J. (1996), Role-engineering, Proceedings of the 1st ACM Workshop on Role-based Access Control, New York, NY, 4-5. |
50 | Coyne, E. J. and Davis, J. M. (2007), Role Engineering for Enterprise Security Management, Artech House, USA. |
51 | Ghosh, S. and Reilly, D. L. (1994), Credit card fraud detection with a neural-network, Proceedings of the Twenty-Seventh Hawaii International Conference on System Sciences, Wailea, HI, 621-630. |
52 | Denning, D. E. (1987), An intrusion-detection model, IEEE Transactions on Software Engineering, 13(2), 222-232. |
53 | Dorronsoro, J. R., Ginel, F., Sgnchez, C. and Cruz, C. S. (1997), Neural fraud detection in credit card operations, IEEE Transactions on Neural Networks, 8(4), 827-34. DOI ScienceOn |
54 | Eberle, W. and Holder, L. (2009), Graph-based approaches to insider threat detection, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research, Washington, DC, 237-241. |
55 | Albrecht, W. S., Albrecht, C. O., and Albrecht, C. C. (2006), Fraud Examination, Thomson, Mason. |
56 | Arens, A. A. and Loebbecke, J. K. (2000), Auditing: An Integrated Approach, Prentice-Hall, Upper Saddle River, N. J. |