Forecasting financial failures
New research prevents fraud and cash catastrophes through collaboration of financial institutions
We all depend on the continuous and reliable flow of water, transportation, or electricity, which are defined as 'critical systems.' But what about the flow of financial transactions? By nature, all financial institutions are connected, with transactions taking place between banks, countries, branches or different banks—leaving them especially vulnerable to attacks.
Increasingly sophisticated intrusions into corporate computer systems have cost companies worldwide more than $20 billion each year, according to some estimates. Many attackers are moving their focus to online gambling sites, e-commerce sites, and banks. Although banks are expected to report any attacks to the controllers, these statistics often remain confidential to prevent damage to the bank's reputation.
Denial of service attacks are just one type of 'cyberhack' that has been known to paralyze banks for an entire day by sending millions of requests at one time. Man in the middle attacks are another ploy, where the hacker 'eavesdrops' when the victim visits a sensitive web site and then grabs information such as usernames, or passwords being entered in the browser. These types of indirect attacks can be motivated by anything from greed to politics or even simple vandalism. In fact, the number of occurrences where hackers get inside the bank's firewall to execute illegal transactions is growing daily.
Joining forces to combat fraud
A consortium of research, academic, and industrial partners has joined forces to combat these cyber terrorists on their own turf. Named CoMiFin – short for Communication Middleware for Monitoring Financial Critical Infrastructure – this group of partners is convinced that a cooperative approach can counter fraud attacks far more effectively than any single organization. The consortium includes universities, research institutes, and an industry coordinator from Italy. Two major partners are the Italian Ministry of Finance and a private bank controller from Norway. Additional input and feedback is provided by the Financial Advisory Board that was created by the consortium.
"A single bank can invest huge amounts of money in secure software, but it will never be as effective in preventing and identifying fraud as having the banks share information on attacks being launched," explained Eliezer Dekel, manager of distributed middleware at IBM Research – Haifa and the IBM representative in the CoMiFin consortium. "The same attacker will generally go after several banks. If the banks share knowledge about their black lists, who attacked them, and the means used—it becomes much easier to uncover plans for attacks before they succeed and block the intruder."
CoMiFin partners have built a platform for sharing information between the banks in order to identify both attacks and attackers. The project built a semantic room – a distributed abstract model in which the banks agree upon how much information they are willing to share. Depending on the semantic room selected, the bank can share more or less information. The technology also includes anonymization techniques that remove personal details from the information to protect clients' privacy. As part of the CoMiFin initiative, IBM researchers in Haifa are also developing new ways for fighting botnets attacks and to identify distributed denial of service attacks and man in the middle attacks.
Take for example, the case where a hacker is trying to break into the bank's firewall. Each firewall uses a specific port for entry, and once this port is known to the intruder they can get inside the bank's system. Attackers use port scanning techniques, where they try to enter the bank web site with different port numbers. Some eventually succeed and gain entry to the bank. Sophisticated port scanning is performed to appear as an innocent mistake to a single bank. When the banks share information, they can clearly identify it as suspicious activity. CoMiFin system will detect a drastic increase in activity from a specific source and will add that address to a 'black list', noting the problem. This information is disseminated to the member banks who can block the source before damage occurs.
Building a platform to share information
The techniques used involve sharing massive amounts of information—much of which is irrelevant. A smart system had to be developed to extract the important pieces and analyze them to identify potential threats.
IBM researchers have developed a real-time, in-memory map reduce technology that also knows how to utilize Hadoop for historical data analytics. Hadoop, is an open source software that provides new ways of handling massive data sets. Hadoop implements a computational paradigm named Map Reduce where the application is divided into many small fragments of work, each of which can be executed or re-executed on any node in the cluster. The in-memory map reduce developed as part of the project helps query the massive amounts of data and reduce the information so it includes only what is of value to the fraud prevention system.
Extending the cooperation
The consortium partners are also conducting a project with Sandia labs in the US, and have received financing to being international cooperation with financial institutions in the US. The projects will research questions such as "how many banks have to share information to the fraud prevention relevant" or "what minimal information needs to be shared to impact the bank's security".
The partners are in the middle of writing a book that documents the knowledge gained, and are looking into applying their research advances to financial services providers like SWIFT. As was mentioned earlier, in addition to the partners themselves, a number of banks have joined the effort as part of a financial advisory board offering feedback. These board members include the UBS bank and SWIFT.
The system prototype has been running for a number of months and will soon graduate into a full fledged system.
"The ComiFin research proves that although many cyber hacks go undetected because they fall beneath the radar, they can be prevented and caught through collaboration and sharing of information," concludes Dekel.