CyberWolf: assessing vulnerabilities of ICT-intensive financial markets
ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security
Article No.: 86, Pages 1 - 7
Abstract
The volume of transactions in financial markets is impressive: e.g., every four days an amount similar to the USA GDP flows through the Forex (foreign exchange, which is only one of the several financial markets). Currently, financial markets are ICT-driven, i.e., about 60% of transactions are automatically launched by computers and the annual impact of such transaction is greater than 30 times the world GDP. The growing complexity of financial instruments has led to an increase in the underlying technology, and consequently it opened the door to vulnerabilities in the security and control systems.
In this paper we illustrate CyberWolf, a novel attack that exploits a vulnerability of the financial market control system. The aim of the attack is creating the possibility of carrying out transactions of financial products at prices which differ significantly from their real value. In particular, CyberWolf exploits the delay of actions of market makers, who are the entities responsible for regulating the price of the financial instruments exchanged. Interestingly, the attack can be performed against big financial markets and by using a cheap setting; we show the feasibility of our attack against the Italian Stock Exchange (FTSE-MIB) by using only a laptop and a DSL internet connection. We consider the Italian Stock Exchange as a stress-test example for this kind of attack, because it is a liquid financial market (with just a few illiquid instruments) and has an effective regulator. Performing this attack on smaller and / or poorly regulated markets could lead to pathological situations that are not representative of a general case. The purpose of this paper is to highlight the possibility of fraudulent transactions, created by traders who by-pass the control of market regulator.
References
[1]
X. Chen, I. Bose, A. Leung, and C. Guo. Assessing the severity of phishing attacks: A hybrid data mining approach. <u>Decision Support Systems (Elsevier)</u>, 50(4):662--672, 2011.
[2]
M. Fan, J. Stallaert, and A. B. Whinston. The internet and the future of financial markets. <u>Commun. ACM</u>, 43(11):82--88, Nov. 2000.
[3]
A. Hovav and J. D'Arcy. The Impact of Denial-of-Service Attack Announcements on the Market Value of Firms. <u>Risk management and insurance review</u>, 6(2):79--121, 2003.
[4]
M. Huang, J. Liang, and Q. Nguyen. A Visualization Approach for Frauds Detection in Financial Market. <u>2009 13th International Conference Information Visualisation, Barcelona</u>, 2009.
[5]
L. Khansa and D. Liginlal. Predicting stock market returns from malicious attacks:A comparative analysis of vector autoregression and time-delayed neural networks. <u>Decision Support Systems</u>, 51(4):475--579, 2011.
[6]
S. D. Ledgerwood and P. Carpenter. A framework for the analysis of market manipulation. Review of Law Economics. <u>The Review of Law Economics</u>, 8(1):253--295, 2012.
[7]
E. J. Lee, K. S. Eom, and K. S. Park. Microstructure-based manipulation: Strategic behavior and performance of spoofing traders. <u>Journal of Financial</u>, 2013.
[8]
M. Li, D. Hu, C. Lal, M. Conti, and Z. Zhang. Blockchain-enabled Secure Energy Trading with Verifiable Fairness in Industrial Internet of Things. <u>IEEE Transaction on Industrial Informatics, in press</u>, 2020.
[9]
B. F. Mannix. Races, rushes, and runs: Taming the turbulence in financial trading. <u>SSRN 2275663</u>, 2013.
[10]
V. Mavroudis. Market Manipulation as a Security Problem: Attacks and Defenses. <u>EuroSec '19: Proceedings of the 12th European Workshop on Systems Security. </u>, 2019.
[11]
A. J. Menkveld and M. A. Zoican. Need for speed? Exchange latency and liquidity. <u>The Review of Financial Studies</u>, 30(4):1188--1228, 2017.
[12]
C. S. Merino, M. Sips, D. A. Keim, C. Panse, and R. Spence. Task-at-hand interface for change detection in stock market data. In <u>Proceedings of the Working Conference on Advanced Visual Interfaces</u>, AVI '06, page 420--427, New York, NY, USA, 2006. Association for Computing Machinery.
[13]
K. V. Nesbitt and S. Barrass. Finding trading patterns in stock market data. <u>IEEE Computer Graphics and Applications</u>, 24(5):45--55, 2004.
[14]
C. Spatt. Security market manipulation. <u>Annual review of financial economics</u>, 6(1):405--418, 2014.
[15]
S. Tan, W. Song, M. Steward, J. Yang, and L. Tong. Online Data Integrity Attacks Against Real-Time Electrical Market in Smart Grid . <u>IEEE Transactions on Smart Grid</u>, 9(1):313--322, 2018.
[16]
L. Xie, Y. Mo, and B. Sinopoli. False Data Injection Attacks in Electricity Markets. <u>2010 First IEEE International Conference on Smart Grid Communications, Gaithersburg, MD</u>, 2010.
[17]
Y. Yemini, A. Dailianas, D. Florissi, and G. Huberman. MarketNet: protecting access to information systems through financial market controls. <u>Decision Support Systems</u>, 28(1-2):205--216, 2000.
Index Terms
- CyberWolf: assessing vulnerabilities of ICT-intensive financial markets
Recommendations
Market Manipulation as a Security Problem: Attacks and Defenses
EuroSec '19: Proceedings of the 12th European Workshop on Systems SecurityOrder matching systems form the backbone of modern equity exchanges, used by millions of investors daily. Thus, their operation is strictly controlled through numerous regulatory directives to ensure that markets are fair and transparent. Despite these ...
Understanding Flash-Loan-based Wash Trading
AFT '22: Proceedings of the 4th ACM Conference on Advances in Financial TechnologiesFlash Loan, a popular lending service in the decentralized finance (DeFi) ecosystem, allows users to borrow a large number of virtual assets without any collateral. It can be leveraged to support many financial activities (such as arbitrage, ...
The Effect of Liquidity on the Spoofability of Financial Markets
ICAIF '24: Proceedings of the 5th ACM International Conference on AI in FinanceWe investigate the relationship between market liquidity and spoofing, a manipulative practice involving the submission of deceptive orders aimed at misleading other traders. Utilizing an agent-based market simulator, we model markets with varying levels ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2020
1073 pages
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 25 August 2020
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ARES 2020
ARES 2020: The 15th International Conference on Availability, Reliability and Security
August 25 - 28, 2020
Virtual Event, Ireland
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 36Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Reflects downloads up to 02 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in