Payment-Guard: Detecting fraudulent in-app purchases in iOS system
Introduction
With the popularity of mobile terminal devices, people are getting used to surf the Internet by using mobile applications (Apps) gradually. Among Apps, “in-app purchase” has been proved to be a successful business model. Users can purchase virtual goods in App for getting better service. Such “in-app purchase” model helps business entities make more profit, and meanwhile provides users with more choices while using Apps. As a result, this model has been adopted by massive for-profit Apps. However it faces a serious threat in iOS system: attackers leverage the payment vulnerabilities in Apple payment system to conduct fraudulent purchasing, and even worse, some attackers send spams or advertise on major e-commence websites to solicit customers and sell purchasing service. In order to compete with regular purchasing, these attackers often charge buyers with much less than the price tagged in Apps. Such activities have caused tremendous financial loss to business entities and damaged the companies’ capability of maintaining and upgrading Apps.
It therefore becomes of critical importance for App operator to detect fraudulent in-app purchases, which are carried out by attackers through leveraging vulnerabilities in Apple payment system. In the following discussions, we term such purchases as malicious purchases. Effective detection enables App operator to take mitigation action to minimize loss, such as canceling transactions, confiscating virtual goods, shutting down accounts, banning certain IPs from purchasing and so on. However, identifying malicious purchases faces several challenges. First, in most Apps, the categories of virtual goods are limited, e.g., some Apps require users to recharge their accounts for virtual coins first, and exchange these virtual coins for goods. In these Apps’ in-app purchases, virtual coin is the only type of virtual good, which brings difficulty in identifying malicious purchase through analyzing goods types. Second, committing fraudulent purchasing doesn’t generate malicious contents, (such as spams in spam detection and fishing URLs), attackers may spam or post advertisements on e-commerce websites, but these contents can’t be correlated with concrete purchasing transactions easily. Above challenges make the detection of malicious in-app purchases intrinsically different from other traditional attack detection. It’s extremely hard to directly employ existing methods to solve the problem.
In order to detect purchase records which correspond to fraudulent in-app purchases effectively, we design a system namely Payment-Guard. Payment-Guard utilizes a collection of features to depict the profile of a purchase. These features can be divided into four subsets and correspondingly depict purchase’s characteristics from four perspectives, including i) the behavioral characteristics of the user account, ii) the behavioral characteristics of the device on which this purchase happened, iii) the behavioral characteristics of IP address from which this purchase happened, and iv) the union behavioral characteristics of App account, device and IP. Payment-Guard integrates these four aspects of features and leverages a statistical binary classifier to differentiate between malicious purchases and benign purchases. Payment-Guard represents an effort to systematically detect fraudulent in-app purchases in iOS system with high accuracy. For evaluating our system, we have conducted comprehensive experiments on data collected from Tencent ”Honor of Kings”, a famous MOBA game in China with a giant body of over 200 million registered players. The game supports players recharge for their accounts by in-app purchase. Experimental results show that Payment-Guard can accomplish a high true positive rate with a low false positive rate. The contributions of this paper are summarized as follows:
- •
To the best of our knowledge, this paper represents the first effort to deeply analyze the behaviors of account, device and IP in fraudulent in-app purchases.
- •
We have deliberately designed several features that are significantly distinguishable between malicious and benign in-app purchases, and proposed a system that can detect malicious purchases accurately.
- •
We have conducted comprehensive experiments on real-world data collected from Tencent “Honor of Kings”, a famous MOBA game in China, to evaluate the effectiveness of designed features and proposed system. Experimental results show that our system can accomplish a high true positive rate of 92.2% at a low false positive rate of 2%.
The rest of this paper is organized as follows. Section 2 introduces the related work. Section 3 briefly discusses the background of in-app purchase and the threats it faces in iOS system. Section 4 describes how data was collected and labeled. We present the system design in Section 5 and evaluate results in Section 6. The discussion is provided in Section 7 and Section 8 concludes.
Section snippets
Related work
Since “in-app purchase” becomes a popular business model adopted by massive Apps and important means of App profit, detecting fraudulent in-app purchases becomes of critical importance. Researchers have done numerous studies on fraud detection including credit card fraud [1], [2], [3], [4], telecommunication fraud [5], [6], healthcare insurance fraud [7], automobile insurance fraud [8], [9], online auction fraud [10] and more. Among which, with the rapid growth of e-payment, credit card fraud
Background
In recent years, the transaction behavior of purchasing virtual goods in Apps has become more prevalent. Customers can purchase a variety of services within Apps, such as purchasing a license to download an App, recharging a game account for virtual currency, and more. In iOS system, typically, users use their own Apple Store accounts to pay for the purchases of virtual goods. A user can also pay for other people’s purchases in various ways, such as logging into their App accounts and using his
Data
We collected labeled data from iOS platform of Tencent “Honor of Kings” Game. The “Honor of Kings” is a mobile game operated and run on the Android, iOS and NS platforms developed by Tencent. The game provides a variety of heroes, skins and props. These heroes, skins and props basically support the purchase by coupons in addition to the activity limit. The coupons are virtual currency in the game. Take the iOS platform as an example, the coupons need to be recharged through the Apple Store.
System design
Payment-Guard consists of two phases, namely training classifier and recognition. In phase one, Payment-Guard trains a statistical classifier based on pre-labeled malicious purchases and benign purchases. In recognition phase, an unknown purchase record is firstly converted to a feature vector, then analyzed by formerly trained classifier. As a variety of classifiers have demonstrated their powerful classification capabilities in various scenarios, designing distinguishable features for
Evaluation
We performed comprehensive experiments to validate Payment-Guard’s effectiveness in detecting malicious in-app purchase in iOS system. Firstly, we give an insight into the correlation among constructed features, and validate that these features have low redundancy. Next we verify Payment-Guard can detect malicious in-app purchases with a high TPR and a low FPR, which indicates we can detect majority of malicious in-app purchases with low misjudgement rate of benign purchases. Then, we analyzed
Discussion
Our detection system works relying on the effectiveness of features, if attackers have found out the design of the features and attempt to change behavior for evading detection, the detection accuracy of our system may decrease. In fact, this is a general challenge faced by all detection systems based on feature engineering. However, in scenario of in-app purchase, attackers have much difficulty in changing behavior, for the proposed features have caught malicious purchases’ intrinsic
Conclusion
This paper designs a system, Payment-Guard, to automatically detect fraudulent in-app purchases in iOS system. Payment-Guard integrates four aspects of features corresponding to App account behavior, device behavior, IP behavior and (App account, device, IP) union behavior to characterize a purchase. The experimental results based on labeled data collected from Tencent “Honor of Kings” one of the most famous mobile games in China has proved the powerful detection ability of Payment-Guard, which
CRediT authorship contribution statement
Yadong Zhou: Conceptualization, Methodology, Writing - original draft. Tianyi Yue: Methodology, Data curation. Xiaoming Liu: Conceptualization, Supervision, Writing - review & editing. Chao Shen: Supervision. Lingling Tong: Investigation. Zhihao Ding: Validation.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgment
The research presented in this paper is supported in part by the National Key Research and Development Program of China (no. 2018YFB0803501), Tencent Technology (Shenzhen) Company Ltd., the National Natural Science Foundation of China (61572397, 61833015, U1766215, U1736205, U1936110, 61902308), State Grid R&D Program (5226SX1800FC), Initiative Postdocs Supporting Program (BX20190275, BX20200270), China Postdoctoral Science Foundation (2019M663723) and the Fundamental Research Funds for the
Yadong Zhou is an Associate Professor of School of Automation Science and Engineering at Xi’an Jiaotong University. He received his B.S. and Ph.D. degrees in Control Science and Engineering from Xi’an Jiaotong University, China, in 2004 and 2011, respectively. He was a postdoctoral researcher at The Chinese University of Hong Kong in 2014. His research focuses on Data Driven Network Security, Network Science and its Applications.
References (31)
- et al.
Employing transaction aggregation strategy to detect credit card fraud
Expert Systems with Applications
(2012) - et al.
Leveraging deep learning with lda-based text analytics to detect automobile insurance fraud
Decision Support Systems
(2018) - et al.
A principle component analysis-based random forest with the potential nearest neighbor method for automobile insurance fraud identification
Applied Soft Computing
(2018) - et al.
Detecting credit card fraud by modified fisher discriminant analysis
Expert Systems with Applications
(2015) - et al.
Application of credit card fraud detection: Based on bagging ensemble classifier
Procedia Computer Science
(2015) - et al.
Account classification in online social networks with lbca and wavelets
Information Sciences
(2016) - et al.
Credit card fraud detection using hidden markov model
IEEE Transactions on Dependable and Secure Computing
(2008) - et al.
Artificial immune systems for the detection of credit card fraud: an architecture, prototype and preliminary results
Information Systems Journal
(2012) - et al.
Feature engineering strategies for credit card fraud detection
Expert Systems with Applications
(2016) - J. Lopes, O. Belo, C. Vieira, Applying user signatures on fraud detection in telecommunications networks, in:...
Data mining approach for subscription-fraud detection in telecommunication sector
Contemporary Engineering Sciences
Using commonkads method to build prototype system in medical insurance fraud detection
Journal of Networks
Fraud detection of credit card payment system by genetic algorithm
International Journal of Scientific & Engineering Research
Cited by (0)
Yadong Zhou is an Associate Professor of School of Automation Science and Engineering at Xi’an Jiaotong University. He received his B.S. and Ph.D. degrees in Control Science and Engineering from Xi’an Jiaotong University, China, in 2004 and 2011, respectively. He was a postdoctoral researcher at The Chinese University of Hong Kong in 2014. His research focuses on Data Driven Network Security, Network Science and its Applications.
Tianyi Yue received the B.S. degree in Automation from Xi’an Jiaotong University, China, in 2018. He is currently pursuing the master’s degree with the Department of Automation. His research focuses on Data Analysis and Mining.
Xiaoming Liu received the B.S. degree in Automation from Xi’an Jiaotong University, China in 2012; and the PhD degree in Cyber Science and Engineering from Xi’an Jiaotong University, China in 2019. He was a research scholar in Georgia Institute of Technology from 2017 to 2018. He is currently an Assistant Professor in the School of Cyber Science and Engineering of Xi’an Jiaotong University. His research mainly focuses on Big Graph Mining, Large-Scale Heterogeneous Data Analysis and Mining, Machine Learning and its Applications.
Chao Shen is a full Professor in the faculty of Electronic and Information Engineering, Xi’an Jiaotong University of China. He currently serves as Associate Dean of School of Cyber Science and Engineering of Xi’an Jiaotong University. He received the B.S. degrees in automatic control and the Ph.D. degree in system engineering from Xi’an Jiaotong University, Xi’an, China, in 2007 and 2014, respectively. He was a research scholar in Computer Science Department at Carnegie Mellon University from 2011 to 2013. He is currently the Director of the Xi’an Jiaotong University Cyber-Physical System Security and Privacy Lab, where he works with brilliant students and colleagues to build smart algorithms that enable cyber-physical and intelligent systems to have security and privacy guarantee, as well as to discover how to make the world safer and better. He has published more than 70 research papers in international referred journals and conferences at the intersection of computer and network security, big data analysis, machine learning and automatic control. His current research interests mainly include Data-Driven Network and System Security, AI Security, Cyber-Physical System Security. He currently serves as an Associate Editor for a number of journals, including IEEE Transactions on Dependable Secure Computing, Journal of Franklin Institute, Frontiers of Computer Science, and Engineering, etc.
Lingling Tong is a senior engineer in the National Computer network Emergency Response technical Team of China. She received her Ph.D degree in Institute of Computing Technology, Chinese Academy of Science, Beijing, China, in 2012. Her research interests include Data Analysis and Mining, Multimedia Security, and Video Coding.
Zhihao Ding received the B.S. degree in Automation from Northeastern University, China, in 2019. He is working towards the M.S. degree in Control Science and Engineering at Xi’an Jiaotong University. His research interests include Network Science and its Applications and Data Analysis and Mining.