As the threat landscape becomes more and more complex, fraud and security teams find it more difficult to deal with the problem efficiently. It is important to partner with the right security vendor and make the most efficient use of the insights they provide to make accurate, real-time risk decisions..

The current threat landscape

I often see cheating teenagers wearing hoodies in their bedrooms, their eyes glued to their computer screens, and their fingers actively typing some complex sequence of script commands. And within minutes they cracked the code! My guess is that for those of us who grew up in the 1980s, the War Games movie has had an impact on us and the web security industry. In retrospect, watching that movie in my youth probably made me crave web security (of course it felt great at the time).

In my experience, the reality is different than the glamorous approach Hollywood gives you. We’re dealing with some script kids, but we’re dealing with most experienced developers who can replace engineer complex protection with trial and error. They have the resources:

  • They take advantage of the same cloud infrastructure that legal companies use and specialize in scaling and load balancing.
  • Some of them are skilled enough to present computer vision to solve challenges.
  • Some organizations have multiple developer staff and they provide 24/7 support.

Basically, fraudsters run their activities the same way they do legal business, and if the economy is on their side, the attacks will continue.

Subpar fraudsters easily find bad artists

Unfortunately for many businesses, their fraud protection measures are not equipped to differentiate between legitimate customers and bad performers, making customers’ digital accounts more vulnerable to exploitation.

The fraud detection product should be able to see traffic from multiple angles to cover the invasion surface as much as possible. For example, simple tricks, such as monitoring the speed of a client’s request, work with volumetric and simple attacks, but attackers have learned to avoid this by balancing their traffic with proxy services. Regulations can generally help detect signals related to fraudulent activity, but over the past few years more advanced fraudsters have improved their policies, making such regulations less effective, especially since they are not updated fast enough. The detection layer must consider multiple signals and have an algorithm to automatically detect discrepancies and score traffic accordingly.

Machine learning algorithms for rescue

Taking advantage of machine learning (ML) is definitely a way to speed up and automate investigations, to deal with constant changes in strategy and to reduce fraudulent activities. However, this is not as easy as it seems. Everyone can develop and deploy machine learning algorithms to detect discrepancies, but only a few can do so with a high level of accuracy, especially with a low false positive rate. Misleading searches typically leave the web security team unable to trust the results, apply no adequate mitigation, and ultimately allow the attacker to attack them.

It is difficult to develop an accurate machine learning model. If you choose a supervisory model to identify known bad or good activity, you will need accurately labeled data. This may seem easy to get, but unfortunately it is not always so:

  • The data can be labeled by some offline job that can view the client’s activity history and identify discrepancies through that lens.
  • Data can be labeled manually by groups of people but training a team to evaluate and label data in a consistent manner can be time consuming, costly and challenging.

In both cases, incorrect labeling can reduce the accuracy of the ML model. At Arkose Labs we take advantage of the feedback loop that results from challenging users. We also periodically look at specific traffic patterns and our knowledge of the Internet ecosystem, as well as specific legitimate user behavior. The combination of these many sources of truth helps us to maintain a high level of accuracy.

As an engineering principle and for better explanation, I like to keep things simple. That is why I prefer to use unsupervised or statistical models wherever possible. Many discrepancies can thus be detected with a good level of accuracy. As long as your understanding of the data and your assumptions are correct, the accuracy of the model results is often accurate and easy to manage.

Using the output of a fraud detection system

At Arkose Labs, we strive to make our investigations as transparent as possible and share all the evidence with our clients. Some believe in our decision and let us decide when to apply the challenge to reduce activity. Others prefer to use us as a source of intelligence and use our signals, a combination of risk scores and classifications as well as a list of discrepancies found. They typically take Arkose Lab data through their own machine learning model, which can combine input from other vendors and implement their own decision engine. The key to the success of such a model is to understand the output of each vendor and design and develop the most accurate model of how they are built and provide the best user experience.

The advantage of Arcos Lab

No matter which model you choose, Arkose Labs can help protect your critical endpoint and keep attackers at bay. The research team is constantly looking for innovative ways to process data and expand search accuracy. Book a demo For more details today.

*** This is a syndicated blog by Arcos Labs’ Security Bloggers Network, written by David Senecal. Read the original post here: