Final Year Project

Today almost all anomaly detection systems (anti-virus solutions, intruder detection systems) are programmed to recognize known signatures of anomalies. But people have managed to discover new approaches (signatures) to execute the same attack and also to execute new attacks, which cannot be detected using previously mentioned anomaly detection systems. This situation leads the research community to discover anomaly detection systems which are capable of handling the undiscovered paths mentioned above. My Contribution would be towards finding novel solution to this problem.

Human immune system is the best known natural anomaly detection system which consists of several techniques to protect the body from foreign invaders such as virus, bacteria, fungi etc... The system has several features like distributed, autonomous, adaptive and also has the capability of identifying new threats and act upon it, which motivated the research community to apply its model to arising problems in computing world. The basic approach of immune system would be to detect all abnormalities by examining the normal behavior.

I have selected the stock exchange fraud detection as the problem domain because it is highly dynamic and randomized environment in which people have managed to execute various techniques to earn money using inappropriate ways. Few of such known frauds are,

Insider trading

Pump and dump

Making the close

Front running

The main attribute of all these frauds are that when someone carry out such a fraud, price and volume data stream reflect an abnormal behavior and the executing person shows an abnormal behavior with respect to its peer group. My objective would be to introduce a novel concept to detect the anomalies which reflect through abnormal behaviors of price/volume data and involving parties.

The proposed solution is enriched with techniques used by immune system model such as danger signal, negative selection, clonal selection and immune network theory which ultimately avoid the drawbacks of currently available anomaly detection systems. It doesn’t have a separate learning phrase and capable of identifying the abnormalities by examining features of the given data stream rather that globally assigns boundary values for anomaly detection. Here is a brief description about main steps of proposed solution.

Danger signal
Proposed solution is act upon a danger signal which will be generated by examining the price/volume data stream. System will identify the sudden increases and decreases as danger which will ultimately cause to reduce the false positive and false negative alarm rate.

Creating scenarios
If there is no any suspected party, the probability that case of being a fraud is very low, so in this step system try to identify “is their any suspected parties” and their relationship by examining the behavior of individuals against its peer group.

Memory
System will maintain a memory which consists of identified fraud scenarios in order to mount quick response on up coming fraud scenarios. Maintaining memory is done by measuring the activating frequency of stored scenarios.