Detecting Fraud on Vehicle Insurance System
Detecting Fraud on Vehicle Insurance System
Abstract:
Business processes and services can more flexibly be combined when based upon standards. However, such flexible compositions practically always contain vulnerabilities, which imperil the security and dependability of processes. Vulnerability management tools require patterns to find or monitor vulnerabilities. Such patterns have to be derived from vulnerability types. Existing analysis methods such as attack trees and FMEA result in such types yet require much experience and provide little guidance during the analysis. Our main contribution is ATLIST, a new vulnerability analysis method with improved transferability. Especially in service-oriented architectures, which employ a mix of established web technologies and SOA-specific standards, previously observed vulnerability types and variations thereof can be found. Therefore, we focus on the detection of known vulnerability types by leveraging previous vulnerability research. A further contribution in this respect is the, to the best of our knowledge, most comprehensive compilation of vulnerability information sources to date. We present the method to search for vulnerability types in SOA-based business processes and services. Also, we show how patterns can be derived from these types, so that tools can be employed. An additional contribution is a case study, in which we apply the new method to a SOA-based business process scenario.
Existing System:
Typically, vulnerability types have to be manually derived before tools can employ the corresponding vulnerability patterns for automated analyses. Fault/attack trees and FMEA are two prominent representatives of manual analysis methods. The strength of these methods is that they leave much room for the security expert to apply subjective skills and personal experience, enabling the discovery even of completely new types of vulnerabilities. Two decades ago, Neumann and Parker observed that most attacks use long-known techniques, and that the exploited vulnerabilities are reincarnated in new IT systems. One decade later, Arbaugh et al.analyzed CERT/CC incident data and found that most exploits happen through widely known vulnerabilities.
Disadvantages:
Creativity and experience is required to find and scrutinize the relevant chains of effects. Also, the selection of components to be included in the analysis is of the same high importance and
difficulty for both methods.
Proposed System:
Our recent analysis of several sources such as confirms that new types of vulnerabilities are very rare. Particularly in a SOA, where a mix of established web technologies and SOA-specific standards is employed, we expect that the majority of vulnerabilities will be of a previously observed type or a variation thereof. This presumption is maintained by, we propose ATLIST, a new vulnerability analysis method. The name stands for “attentive listener” as the method was developed during and for the analysis of SOA service orchestrations. ATLIST was designed to make use of the central SOA notions, namely re-usability, flexibility, and extensive use of standards. It facilitates the detection of known vulnerability types, and enables the derivation of vulnerability patterns for tool support. ATLIST is applicable to business processes composed of services as well as to single services.
Advantages:
ATLIST explicitly builds upon the vulnerability knowledge extracted from various sources, and that it focuses on known vulnerability types rather than completely new ones.
ATLIST offers better transferability than previous methods by guiding the analysis with a set of analysis elements. These elements are instantiated for the system at hand, so that an ATLIST tree can be build in a guided and repeatable manner.
System Requirements:
Hardware Requirements:
Processor : Intel Duel Core.
Hard Disk : 60 GB.
Floppy Drive : 1.44 Mb.
Monitor : LCD Colour.
Mouse : Optical Mouse.
RAM : 512 Mb.
Software Requirements:
Operating system : Windows XP.
Coding Language : ASP.Net with C#
Data Base : SQL Server 2005
Comments are closed.