Abstract
The objective of this chapter is to monitor database transactions and provide information accountability to databases. It provides a methodology to retrieve and standardize different audit logs in a uniform XML format which are extracted from different databases. The financial transactions obtained through audit logs are then analyzed with database forensic audit. The transactions are examined, detected, and classified as per regulations and well-defined RBI antimony laundering rules to obtain outliers and suspicious transactions within audit logs. Bayesian network is used in this research to represent rule-based outlier detection model which identifies the risk level of the suspicious transactions.
TopIntroduction
As per, FICCI- Federation of Indian Chambers of Commerce and Industry – Pinkerton India Risk Survey 2017, ‘Information & Cyber Insecurity’ has become more distinct due to the change that the nation which is undergoing towards digitization of various assets. It is said in the FICCI release, that the recent demonetization saw a spike in the number of people resorting to online platforms for financial transactions. This is posturing greater risks for users, including businesses, e-commerce etc. Also there is tremendous increase in subscribers to the Unique Identification Number (UIN) where personal information is stored as data which are linked to the banking details. The businesses are legally required to retain certain types of information and data in their databases for various periods of time as per requirements in every state and country; hence it becomes critical to stop deleting any form of electronic records that might be related to the case. This is giving opportunities to hackers to commit a breach. This may also lead to increase in existing risks in the cyber domain, such as money laundering and identity theft.
In developing countries, the security is becoming complicated with rapid expansion of access to the Internet, an unprecedented understanding of technology, increasing economic competition, and the push to achieve greater efficiencies. The technological advancement and the globalization of online banking provisions for finance and the payment systems have widened the scope of concealing illegal money and easy mobility of funds across the borders. These are known as suspicious activities or illegal transactions incorporating money laundering. In financial transactions, people hide their actions through a series of steps that make it look like money coming from illegal or unethical sources which was earned legitimately. Financial institutions are required to keep an eye on database transactions to detect the abnormality or any suspicious activity carried out if any. This will prevent such cases and submit the detailed reports to the regulatory bodies.
Indeed, in today’s business world, almost all applications use databases to manage data. Here the focus is on databases of banking transactions. Fraudulent banking activities are becoming more and more sophisticated which is threatening the security and trust of online banking business resulting as a major issue for handling financial crimes. It is now a global problem which can undermine the integrity and stability of financial markets and financial institutions. Moreover it is becoming challenging due to the Money Laundering practices carried over.
In view of this, the government act like Sarbanes-Oxley Audit Requirements (SOX) (“Sarbanes Oxley Audit Requirements”, 2018) has an immense impact on database auditing requirements. Consequently, the monitoring systems and log collection must provide an audit trail of all the activities and access to sensitive business information. As per Reserve Bank of India (RBI) (“Master Direction - Know Your Customer (KYC) Direction”, (2016)), the Banks and Financial institutions should exercise ongoing due diligence concerning every customer and carefully examine the transactions to ensure that they are consistent with the customer's profile and source of funds as per extant instructions. The Regulations of Reserve Bank of India for Anti-money Laundering (AML) defines the standard rules for suspecting the illegal transactions. The AML systems produce large volumes of work items, but very few results in quality investigations or actionable results. Effective and efficient detection of Anti Money Laundering is regarded as a major challenge to all the banks and is an increasing cause for concern. One way to ensure this is to keep end-to-end accountability of databases through continuous assurance technology and transaction monitoring with Digital forensics. This has motivated us to develop a methodology which monitors the database transactions and retain evidences to prove the transactions to be legitimate or suspicious. The suspicious transactions can then be used for investigations to reconstruct the illegal activity carried out in an organization. This can be achieved by incorporating information accountability in Database Management System.
Key Terms in this Chapter
ETL Process: ETL is a concept in data warehousing that deals with combining the data from various sources into data warehouse, data marts or relational database in order to analyze the data for patterns and insights. ETL takes the heterogeneous data and transforms it into a homogeneous data. ETL helps in programmatically analyzing heterogeneous data and derive business intelligence from it.
SAX Parser: SAX is a simple application program interface (API) for extensible markup language (XML). It is an event-based parser for parsing XML documents.
Suspicious Transactions: A suspicious transaction is one which on the grounds of digital evidences is suspected to involve activities like money laundering offences or a terrorist activity financing offence. The digital evidences are used to trace and proof unusual activity occurrence in accounts with respect to nature and value of transactions.
Database Forensics: Database forensics is a digital investigation process which deals with database contents and their related metadata to reveal malicious or suspicious activities carried onto or through database systems. It is a branch of digital forensics. It is a process which performs identification, artifact collection, analysis, documentation, and presentation of the suspected activities.
Digital Evidence: Digital evidence is any digital information which is received from computers, audio files, video recordings, digital images etc. The evidence obtained is essential in computer and cyber crimes. The digital evidences such as word processing documents, spreadsheets, internet browser histories, databases, the contents of computer memory and computer backup can be produced in Court of law. The authentic digital evidences are accepted for the cybercrime case.
Outliers: An outlier is said to be an observation that is distant from other observations. Outlier detection is very important concept in data mining for data analysis. The application of outlier detection mainly focuses on the idea of detecting the suspicious or outlier financial transactions.
Audit Logs: An audit log is a document that records an event in digital format. It records when and what resources were accessed. It particularly includes user login information, source addresses and a timestamp. It keeps the record of the sequence of activities that has taken place at any time with specific operations or event. Audit log is also known as an audit trail. Audit trails keep the accountability of the task or actions taken place in systems.
Chain of Custody: Chain of custody is a series of events viewed in sequence. It is a process to keep accountability of chain of actions and evidences revealed during a crime investigation. It keeps the chronological documentation or paper trail that records the sequence of physical or digital evidence. Evidence needs to follow a chain of custody which is the standard processes for collecting, documenting, and protecting evidence.
Bayesian Network: Bayesian network is one of the graphical methodologies to build and represent models for problem solving with given data or expert opinion. This is a type of probabilistic graphical model which can be used for a wide range of tasks including prediction, anomaly detection, diagnostics, reasoning, decision making under uncertainty etc.
XML: XML is an extensible markup language (XML) file format which is used to create common information format. It defines a set of rules for encoding documents in a format. It is both a human-readable and machine-readable format.