Popis: |
Mobile money helps people accumulate, send, and receive money using their mobile phones without having a bank account (i.e., in some African countries). Such technology is heavily and efficiently used in many areas where bank services are unavailable and/or in crisis (i.e., during the COVID-19 pandemic) when transportation and services are limited. However, malicious users such as scammers have leveraged social engineering techniques to abuse mobile money services through scams, and frauds, among others. Existing countermeasures, which are specific to mobile money security, mostly ignore the dynamic aspect of interactions between the malicious party and the victim. Considering the above insufficiency, this paper proposes a new approach to characterize mobile money phishing attacks based on reinforcement learning (RL) through $Q-$ learning and Markov decision processes (MDP) and on deep reinforcement learning (DRL) through DRL algorithms, namely, Deep Sarsa, Advantage Actor-Critic (A2C), Deep Deterministic Policy Gradient (DDPG), and Deep Q-learning (DQN). In fact, the proposed approach models the optimal sequences of attacker actions to achieve their goals through reinforcement learning and deep reinforcement methods. We experiment on real attack scenarios that have been encountered at Orange and MTN telecoms. Furthermore, we compared reinforcement learning and deep reinforcement learning algorithms to each other and thereby demonstrated the difference between them. This analysis showed a better performance in learning with RL. We also deduced that $Q-$ learning takes less execution time than CDM and therefore its learning quality is better for characterizing mobile money phishing attacks. Finally, we found that some deep reinforcement algorithms, such as Deep Sarsa and $A2C$ , can improve the characterization of scammer-victim interactions during mobile payments. |