Abstract
A fraudster can be an impersonator or a swindler. An impersonator is an illegitimate user who steals resources from the victims by “taking over†their accounts. A swindler is a legitimate user who intentionally harms the system or other users by deception. Previous research
efforts in fraud detection concentrate on identifying frauds caused by
impersonators. Detecting frauds conducted by swindlers is a challenging issue. We propose an architecture to catch swindlers. It consists of four components: profile-based anomaly detector, state transition analysis, deceiving intention predictor, and decision-making component. Profile-
based anomaly detector outputs fraud confidence indicating the possibil-
ity of fraud when there is a sharp deviation from usual patterns. State
transition analysis provides state description to users when an activity
results in entering a dangerous state leading to fraud. Deceiving inten-
tion predictor discovers malicious intentions. Three types of deceiving intentions, namely uncovered deceiving intention, trapping intention, and
illusive intention, are defined. A deceiving intention prediction algorithm is developed. A user-configurable risk evaluation function is used for decision making. A fraud alarm is raised when the expected risk is greater than the fraud investigation cost.