Impersonation fraud detection on building access control systems: An approach based on anomalous social and spatio-temporal behaviors

Anomaly-based impersonation detection consists in constructing typical profiles based on users' frequent behaviors and comparing them with new data. The underlying idea is that a very different behavior may indicate possible fraud, i.e., someone trying to impersonate the user. Most research in the area aims to use spatiotemporal data broadly available from ubiquitous location sensors, e.g., GPS, mobile telephony, beacons, and Physical Access Control Systems. Many studies achieved good performance in finding social bonds among users. Our previous work Silva and Sichman (2019) combined concepts from previous research and proposed using social groups to construct mobility profiles to enhance anomaly-detection. This paper extends our previous work and explores the feasibility of using spatiotemporal mobility profiles enriched with group patterns for fraud detection in Physical Access Control Systems. An empirical analysis is conducted using data from two real-world datasets, and results show that it is feasible to add companions activities information to mobility profiles to enhance anomaly-based impersonation attack detection.