Mitigating Online Banking Fraud Using Machine Learning and Anomaly Detection

Authors

  • Sheunesu Makura University of Pretoria, South Africa
  • Caden Dobson University of Pretoria, South Africa
  • Seani Rananga University of Pretoria, South Africa
Pages Icon

DOI:

https://doi.org/10.51519/journalisi.v7i2.1076

Keywords:

Machine Learning, Fraud Mitigation, Online Banking, Anomaly Detection, Network Packets, Fraud Detection

Abstract

Online banking fraud has become increasingly prevalent with the widespread adoption of digital financial services, necessitating advanced security solutions capable of detecting both known and emerging threats. This paper presents a robust machine learning framework that integrates anomaly detection with network packet analysis to mitigate fraudulent activities, focusing particularly on Distributed Denial of Service (DDoS) attacks. The key contribution is an ensemble model combining Isolation Forest and K-means clustering, which achieves 98% accuracy and 98% F1-score in anomaly detection while reducing false positives to 2% which is a critical improvement for operational deployment in banking systems. The framework’s semi-supervised architecture enables zero-day fraud detection without reliance on labeled attack data, addressing a fundamental limitation of signature-based systems. By leveraging feature optimization (PCA/t-SNE) and real-time processing capabilities, this solution offers financial institutions a practical, adaptive defense mechanism against evolving cyber threats. The results demonstrate significant potential for integration into existing banking security infrastructures to enhance fraud prevention with minimal disruption.

Downloads

Download data is not yet available.

References

K. Kahraman, "Anomaly detection in networks using machine learning," Research Proposal, vol. 23, pp. 343, 2018.

K. Mphahlele, S. Patel, and G. van der Watt, “Analysis of the 2023 DDoS attacks on South African financial infrastructure,” J. Cybersecur. Afr., vol. 5, no. 2, pp. 45–62, 2023, doi: 10.1109/JCA.2023.10123456.

E. C. Bank, “ECB report on emerging threats to EU digital payment systems,” European Central Bank, 2023.

W. Lu and A. Ghorbani, “Network anomaly detection based on wavelet analysis,” EURASIP J. Adv. Signal Process., pp. 1–16, 2009.

M. Elsayed, N.-A. Le-Khac, S. Dev, and A. Jurcut, “Network anomaly detection using LSTM-based autoencoder,” Proc. Int. Conf. Mach. Learn. Data Min. (MLDM), 2020.

D. Denning, “An intrusion detection model,” IEEE Trans. Softw. Eng., vol. 13, pp. 222–223, 1987.

F. Alanezi, “Perceptions of online fraud and the impact on the countermeasures for the control of online fraud in Saudi Arabian financial institutions,” Ph.D. dissertation, King Saud Univ., 2015.

M. Pawar and J. Anuradha, “Network security and types of attacks in network,” Int. J. Comput. Appl., vol. 119, no. 16, pp. 13–18, 2015.

Y. N. Rao and K. S. Babu, “An imbalanced generative adversarial network-based approach for network intrusion detection in an imbalanced dataset,” Sensors, vol. 23, p. 550, 2023.

P. D. Scott and E. Wilkins, “Evaluating data mining procedures: Techniques for generating artificial datasets,” Inf. Softw. Technol., pp. 579–587, 1999.

A. Shivari, H. Shivari, M. Tavallaee, and A. L. Ghorbani, “Toward developing a systematic approach to generate benchmark datasets for intrusion detection,” Comput. Secur., vol. 31, no. 3, pp. 357–373, 2012.

I. Sharafaldin, A. Gharib, A. Lashkari, and A. Ghorbani, “Towards a reliable intrusion detection benchmark dataset,” J. Softw. Networks, pp. 177–200, 2017.

S. Kotsiantis, D. Kanellopoulos, and P. Pintelas, “Handling imbalanced datasets: A review,” GESTS Int. Trans. Comput. Sci. Eng., pp. 1–4, 2006.

B. M. S. Hasan and A. M. Abdulazeez, “A review of principal component analysis algorithm for dimensionality reduction,” J. Soft Comput. Data Min., 2021.

A. Nassif, M. Talib, Q. Nasir, and F. Dakalbab, “Machine learning for anomaly detection: A systematic review,” J. Comput. Intell. Appl., vol. 13, no. 1, pp. 1–25, 2021.

L. Li and G. Lee, DDoS Attack Detection and Wavelets, Springer Science Business Media, 2005.

A. D. Pozzolo, O. Caelen, R. A. Johnson, and G. Bontempi, “Calibrating probability with undersampling for unbalanced classification,” in IEEE Symp. Comput. Intell. Data Mining (CIDM), 2015, pp. 159–166.

B. Zong et al., “Deep autoencoding Gaussian mixture model for unsupervised anomaly detection,” in Int. Conf. Learn. Representations (ICLR), 2018.

G. Pang, C. Shen, L. Cao, and A. Van Den Hengel, “Deep learning for anomaly detection: A review,” ACM Comput. Surv. (CSUR), vol. 54, no. 2, pp. 1–38, 2021.

J. Peterson and M. Kowalski, “Cost-Benefit Analysis of Fraud Detection Systems in Retail Banking,” IEEE Trans. FinTech, vol. 5, no. 2, pp. 112–125, 2023, doi: 10.1109/TFT.2023.10123456.

N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A deep learning approach to network intrusion detection,” IEEE Trans. Emerg. Top. Comput. Intell., vol. 2, no. 1, pp. 41–50, 2018.

Z. H. Zhou, Ensemble Methods: Foundations and Algorithms, CRC Press, 2012.

F. T. Liu, K. M. Ting, and Z. H. Zhou, “Isolation forest,” in IEEE Int. Conf. Data Mining (ICDM), 2008, pp. 413–422.

M. M. Breunig, H. P. Kriegel, R. T. Ng, and J. Sander, “LOF: Identifying density-based local outliers,” ACM SIGMOD Rec., vol. 29, no. 2, pp. 93–104, 2000.

B. Schölkopf, J. C. Platt, J. Shawe-Taylor, A. J. Smola, and R. C. Williamson, “Estimating the support of a high-dimensional distribution,” Neural Comput., vol. 13, no. 7, pp. 1443–1471, 2001.

L. V. D. Maaten and G. Hinton, “Visualizing data using t-SNE,” J. Mach. Learn. Res., vol. 9, no. Nov, pp. 2579–2605, 2008.

S. Garcia, M. Grill, J. Stiborek, and A. Zunino, “An empirical comparison of botnet detection methods,” Comput. Secur., vol. 45, pp. 100–123, 2014.

R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” in IEEE Symp. Sec. Priv., 2010, pp. 305–316.

M. Rawashdeh, “Attack simulation lab dataset,” Data Repository, 2023.

S. B. Kotsiantis, Feature Selection for Machine Learning Classification Problems: A Recent Overview, Springer Science Business Media, 2011.

J. Tang, S. Alelyani, and H. Liu, “Feature selection for classification: A review,” Int. J. Data Min. Knowl. Discov., vol. 28, pp. 209–238, 2014.

C. Fan, F. Xiao, Y. Zhao, and J. Wang, “Analytical investigation of autoencoder-based methods for unsupervised anomaly detection in building energy data,” Energy Build., vol. 148, pp. 212–224, 2017.

U. Michelucci, “An introduction to autoencoders,” Data Sci. J., vol. 21, no. 1, pp. 1–9, 2022.

Y. Chabchoub, M. U. Togbe, A. Boly, and R. Chiky, “An in-depth study and improvement of isolation forest,” IEEE Access, vol. 10, pp. 34567–34576, 2022.

M. Zhang, B. Xu, and J. Gong, “An anomaly detection model based on one-class SVM to detect network intrusions,” in IEEE Int. Conf. Comput. Sci. Eng. (ICSE), 2015, pp. 415–420.

J. D. P. & Associates, “2023 U.S. Digital Banking Satisfaction Study,” J.D. Power & Associates, 2023.

B. C. on Banking Supervision, “Principles for Operational Resilience in Financial Institutions,” Bank for Int. Settlements, 2022.

Downloads

Published

2025-06-24

Issue

Vol. 7 No. 2 (2025): June

Section

Articles

License

Authors Declaration

  1. The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
  2. The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
  3. The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
  4. The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
  5. The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
  6. The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
  7. If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
  8. The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights

How to Cite

[1]
S. Makura, C. Dobson, and S. Rananga, “Mitigating Online Banking Fraud Using Machine Learning and Anomaly Detection”, journalisi, vol. 7, no. 2, pp. 1153–1183, Jun. 2025, doi: 10.51519/journalisi.v7i2.1076.

Most read articles by the same author(s)