Elsevier

Neurocomputing

Volume 422, 21 January 2021, Pages 263-276
Neurocomputing

Payment-Guard: Detecting fraudulent in-app purchases in iOS system

https://doi.org/10.1016/j.neucom.2020.10.007Get rights and content

Abstract

As a successful business model, “in-app purchase” has been adopted by massive applications (Apps) gradually. Users can purchase various virtual goods in different kinds of Apps, such as the license to download movies or songs. In-app purchase helps App operators gain huge income, and meanwhile provides users with flexibility in using Apps. Recently, iOS Apps have suffered the attack of fraudulent purchase. Attackers leverage the vulnerabilities in iOS payment system to purchase virtual goods at zero or low cost. More seriously, unscrupulous attackers solicit customers publicly and provide purchasing services, which has caused huge financial loss to business entities. It becomes of great importance to detect the fraudulent in-app purchases in iOS Apps, and then take measures such as confiscating goods to minimize profit loss. In this paper, we propose a system called Payment-Guard to achieve this objective, which designs various features to characterize a purchase from four perspectives including App account behavior, device behavior, IP behavior and union behavior of (App account, device, IP), then conducts detection based on the features. We perform comprehensive experiments based on data collected from “Honor of Kings” App, which is one of the most famous MOBA games in China and allows players to recharge App accounts for virtual currency. Experimental results demonstrated that Payment-Guard can detect 92.2% malicious in-app purchases and with only 2% false positive rate.

Introduction

With the popularity of mobile terminal devices, people are getting used to surf the Internet by using mobile applications (Apps) gradually. Among Apps, “in-app purchase” has been proved to be a successful business model. Users can purchase virtual goods in App for getting better service. Such “in-app purchase” model helps business entities make more profit, and meanwhile provides users with more choices while using Apps. As a result, this model has been adopted by massive for-profit Apps. However it faces a serious threat in iOS system: attackers leverage the payment vulnerabilities in Apple payment system to conduct fraudulent purchasing, and even worse, some attackers send spams or advertise on major e-commence websites to solicit customers and sell purchasing service. In order to compete with regular purchasing, these attackers often charge buyers with much less than the price tagged in Apps. Such activities have caused tremendous financial loss to business entities and damaged the companies’ capability of maintaining and upgrading Apps.

It therefore becomes of critical importance for App operator to detect fraudulent in-app purchases, which are carried out by attackers through leveraging vulnerabilities in Apple payment system. In the following discussions, we term such purchases as malicious purchases. Effective detection enables App operator to take mitigation action to minimize loss, such as canceling transactions, confiscating virtual goods, shutting down accounts, banning certain IPs from purchasing and so on. However, identifying malicious purchases faces several challenges. First, in most Apps, the categories of virtual goods are limited, e.g., some Apps require users to recharge their accounts for virtual coins first, and exchange these virtual coins for goods. In these Apps’ in-app purchases, virtual coin is the only type of virtual good, which brings difficulty in identifying malicious purchase through analyzing goods types. Second, committing fraudulent purchasing doesn’t generate malicious contents, (such as spams in spam detection and fishing URLs), attackers may spam or post advertisements on e-commerce websites, but these contents can’t be correlated with concrete purchasing transactions easily. Above challenges make the detection of malicious in-app purchases intrinsically different from other traditional attack detection. It’s extremely hard to directly employ existing methods to solve the problem.

In order to detect purchase records which correspond to fraudulent in-app purchases effectively, we design a system namely Payment-Guard. Payment-Guard utilizes a collection of features to depict the profile of a purchase. These features can be divided into four subsets and correspondingly depict purchase’s characteristics from four perspectives, including i) the behavioral characteristics of the user account, ii) the behavioral characteristics of the device on which this purchase happened, iii) the behavioral characteristics of IP address from which this purchase happened, and iv) the union behavioral characteristics of App account, device and IP. Payment-Guard integrates these four aspects of features and leverages a statistical binary classifier to differentiate between malicious purchases and benign purchases. Payment-Guard represents an effort to systematically detect fraudulent in-app purchases in iOS system with high accuracy. For evaluating our system, we have conducted comprehensive experiments on data collected from Tencent ”Honor of Kings”, a famous MOBA game in China with a giant body of over 200 million registered players. The game supports players recharge for their accounts by in-app purchase. Experimental results show that Payment-Guard can accomplish a high true positive rate with a low false positive rate. The contributions of this paper are summarized as follows:

  • To the best of our knowledge, this paper represents the first effort to deeply analyze the behaviors of account, device and IP in fraudulent in-app purchases.

  • We have deliberately designed several features that are significantly distinguishable between malicious and benign in-app purchases, and proposed a system that can detect malicious purchases accurately.

  • We have conducted comprehensive experiments on real-world data collected from Tencent “Honor of Kings”, a famous MOBA game in China, to evaluate the effectiveness of designed features and proposed system. Experimental results show that our system can accomplish a high true positive rate of 92.2% at a low false positive rate of 2%.

The rest of this paper is organized as follows. Section 2 introduces the related work. Section 3 briefly discusses the background of in-app purchase and the threats it faces in iOS system. Section 4 describes how data was collected and labeled. We present the system design in Section 5 and evaluate results in Section 6. The discussion is provided in Section 7 and Section 8 concludes.

Section snippets

Related work

Since “in-app purchase” becomes a popular business model adopted by massive Apps and important means of App profit, detecting fraudulent in-app purchases becomes of critical importance. Researchers have done numerous studies on fraud detection including credit card fraud [1], [2], [3], [4], telecommunication fraud [5], [6], healthcare insurance fraud [7], automobile insurance fraud [8], [9], online auction fraud [10] and more. Among which, with the rapid growth of e-payment, credit card fraud

Background

In recent years, the transaction behavior of purchasing virtual goods in Apps has become more prevalent. Customers can purchase a variety of services within Apps, such as purchasing a license to download an App, recharging a game account for virtual currency, and more. In iOS system, typically, users use their own Apple Store accounts to pay for the purchases of virtual goods. A user can also pay for other people’s purchases in various ways, such as logging into their App accounts and using his

Data

We collected labeled data from iOS platform of Tencent “Honor of Kings” Game. The “Honor of Kings” is a mobile game operated and run on the Android, iOS and NS platforms developed by Tencent. The game provides a variety of heroes, skins and props. These heroes, skins and props basically support the purchase by coupons in addition to the activity limit. The coupons are virtual currency in the game. Take the iOS platform as an example, the coupons need to be recharged through the Apple Store.

System design

Payment-Guard consists of two phases, namely training classifier and recognition. In phase one, Payment-Guard trains a statistical classifier based on pre-labeled malicious purchases and benign purchases. In recognition phase, an unknown purchase record is firstly converted to a feature vector, then analyzed by formerly trained classifier. As a variety of classifiers have demonstrated their powerful classification capabilities in various scenarios, designing distinguishable features for

Evaluation

We performed comprehensive experiments to validate Payment-Guard’s effectiveness in detecting malicious in-app purchase in iOS system. Firstly, we give an insight into the correlation among constructed features, and validate that these features have low redundancy. Next we verify Payment-Guard can detect malicious in-app purchases with a high TPR and a low FPR, which indicates we can detect majority of malicious in-app purchases with low misjudgement rate of benign purchases. Then, we analyzed

Discussion

Our detection system works relying on the effectiveness of features, if attackers have found out the design of the features and attempt to change behavior for evading detection, the detection accuracy of our system may decrease. In fact, this is a general challenge faced by all detection systems based on feature engineering. However, in scenario of in-app purchase, attackers have much difficulty in changing behavior, for the proposed features have caught malicious purchases’ intrinsic

Conclusion

This paper designs a system, Payment-Guard, to automatically detect fraudulent in-app purchases in iOS system. Payment-Guard integrates four aspects of features corresponding to App account behavior, device behavior, IP behavior and (App account, device, IP) union behavior to characterize a purchase. The experimental results based on labeled data collected from Tencent “Honor of Kings” one of the most famous mobile games in China has proved the powerful detection ability of Payment-Guard, which

CRediT authorship contribution statement

Yadong Zhou: Conceptualization, Methodology, Writing - original draft. Tianyi Yue: Methodology, Data curation. Xiaoming Liu: Conceptualization, Supervision, Writing - review & editing. Chao Shen: Supervision. Lingling Tong: Investigation. Zhihao Ding: Validation.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgment

The research presented in this paper is supported in part by the National Key Research and Development Program of China (no. 2018YFB0803501), Tencent Technology (Shenzhen) Company Ltd., the National Natural Science Foundation of China (61572397, 61833015, U1766215, U1736205, U1936110, 61902308), State Grid R&D Program (5226SX1800FC), Initiative Postdocs Supporting Program (BX20190275, BX20200270), China Postdoctoral Science Foundation (2019M663723) and the Fundamental Research Funds for the

Yadong Zhou is an Associate Professor of School of Automation Science and Engineering at Xi’an Jiaotong University. He received his B.S. and Ph.D. degrees in Control Science and Engineering from Xi’an Jiaotong University, China, in 2004 and 2011, respectively. He was a postdoctoral researcher at The Chinese University of Hong Kong in 2014. His research focuses on Data Driven Network Security, Network Science and its Applications.

References (31)

  • P. Saravanan et al.

    Data mining approach for subscription-fraud detection in telecommunication sector

    Contemporary Engineering Sciences

    (2014)
  • Y.-H. Tsai et al.

    Using commonkads method to build prototype system in medical insurance fraud detection

    Journal of Networks

    (2014)
  • P. Gupta, A. Mundra, Online in-auction fraud detection using online hybrid model, in: International Conference on...
  • K. RamaKalyani et al.

    Fraud detection of credit card payment system by genetic algorithm

    International Journal of Scientific & Engineering Research

    (2012)
  • K. Fu, D. Cheng, Y. Tu, L. Zhang, Credit card fraud detection using convolutional neural networks, in: International...
  • Cited by (0)

    Yadong Zhou is an Associate Professor of School of Automation Science and Engineering at Xi’an Jiaotong University. He received his B.S. and Ph.D. degrees in Control Science and Engineering from Xi’an Jiaotong University, China, in 2004 and 2011, respectively. He was a postdoctoral researcher at The Chinese University of Hong Kong in 2014. His research focuses on Data Driven Network Security, Network Science and its Applications.

    Tianyi Yue received the B.S. degree in Automation from Xi’an Jiaotong University, China, in 2018. He is currently pursuing the master’s degree with the Department of Automation. His research focuses on Data Analysis and Mining.

    Xiaoming Liu received the B.S. degree in Automation from Xi’an Jiaotong University, China in 2012; and the PhD degree in Cyber Science and Engineering from Xi’an Jiaotong University, China in 2019. He was a research scholar in Georgia Institute of Technology from 2017 to 2018. He is currently an Assistant Professor in the School of Cyber Science and Engineering of Xi’an Jiaotong University. His research mainly focuses on Big Graph Mining, Large-Scale Heterogeneous Data Analysis and Mining, Machine Learning and its Applications.

    Chao Shen is a full Professor in the faculty of Electronic and Information Engineering, Xi’an Jiaotong University of China. He currently serves as Associate Dean of School of Cyber Science and Engineering of Xi’an Jiaotong University. He received the B.S. degrees in automatic control and the Ph.D. degree in system engineering from Xi’an Jiaotong University, Xi’an, China, in 2007 and 2014, respectively. He was a research scholar in Computer Science Department at Carnegie Mellon University from 2011 to 2013. He is currently the Director of the Xi’an Jiaotong University Cyber-Physical System Security and Privacy Lab, where he works with brilliant students and colleagues to build smart algorithms that enable cyber-physical and intelligent systems to have security and privacy guarantee, as well as to discover how to make the world safer and better. He has published more than 70 research papers in international referred journals and conferences at the intersection of computer and network security, big data analysis, machine learning and automatic control. His current research interests mainly include Data-Driven Network and System Security, AI Security, Cyber-Physical System Security. He currently serves as an Associate Editor for a number of journals, including IEEE Transactions on Dependable Secure Computing, Journal of Franklin Institute, Frontiers of Computer Science, and Engineering, etc.

    Lingling Tong is a senior engineer in the National Computer network Emergency Response technical Team of China. She received her Ph.D degree in Institute of Computing Technology, Chinese Academy of Science, Beijing, China, in 2012. Her research interests include Data Analysis and Mining, Multimedia Security, and Video Coding.

    Zhihao Ding received the B.S. degree in Automation from Northeastern University, China, in 2019. He is working towards the M.S. degree in Control Science and Engineering at Xi’an Jiaotong University. His research interests include Network Science and its Applications and Data Analysis and Mining.

    View full text