Ziqi Liu,Chaochao Chen,Xinxing Yang,Jun Zhou,Xiaolong Li,Le Song

DOI: https://doi.org/10.1145/3269206.3272010

2018-01-01

Abstract:We present, GEM, the first heterogeneous graph neural network approach for detecting malicious accounts at Alipay, one of the world's leading mobile cashless payment platform. Our approach, inspired from a connected subgraph approach, adaptively learns discriminative embeddings from heterogeneous account-device graphs based on two fundamental weaknesses of attackers, i.e. device aggregation and activity aggregation. For the heterogeneous graph consists of various types of nodes, we propose an attention mechanism to learn the importance of different types of nodes, while using the sum operator for modeling the aggregation patterns of nodes in each type. Experiments show that our approaches consistently perform promising results compared with competitive methods over time.

Anting Zhang,Bin Wu,Yinsheng Li

DOI: https://doi.org/10.1109/ICEBE52470.2021.00033

2021-01-01

Abstract:Financial frauds by organized communities are becoming popular while financial requirements are too complicated for individuals to be provided. In this paper, a heterogeneous transaction graph is constructed based on interrelated fraudulent community risk factors. A heterogeneous subgraph embedding method is designed to identify fraud patterns. The fraudulent communities can be identified with node selection and community expansion algorithms. Based on the proposed graph and method, a fraudulent community detection and risk visualization system has been developed. The system provides a comprehensive view, in which the business information, associated information, and risk visualization are provided to improve risk identification and understanding experience. A number of critical technical indicators have been designed, among which are integrity, intuitiveness, practicality and authenticity. The experiments at the technical indicators have been conducted and discussed.

Junjie Wang,Shuigeng Zhou,Jihong Guan

DOI: https://doi.org/10.1016/j.neucom.2011.11.022

IF: 6

2012-01-01

Neurocomputing

Abstract:In financial markets, abnormal trading behaviors pose a serious challenge to market surveillance and risk management. What is worse, there is an increasing emergence of abnormal trading events that some experienced traders constitute a collusive clique and collaborate to manipulate some instruments, thus mislead other investors by applying similar trading behaviors for maximizing their personal benefits. In this paper, a method is proposed to detect the hidden collusive cliques involved in an instrument of future markets by first calculating the correlation coefficient between any two eligible unified aggregated time series of signed order volume, and then combining the connected components from multiple sparsified weighted graphs constructed by using the correlation matrices where each correlation coefficient is over a user-specified threshold. Experiments conducted on real order data from the Shanghai Futures Exchange show that the proposed method can effectively detect suspect collusive cliques. A tool based on the proposed method has been deployed in the exchange as a pilot application for futures market surveillance and risk management.

Junjie Wang,Shuigeng Zhou,Jihong Guan

DOI: https://doi.org/10.48550/arXiv.1110.1522

2011-10-07

Abstract:In financial markets, abnormal trading behaviors pose a serious challenge to market surveillance and risk management. What is worse, there is an increasing emergence of abnormal trading events that some experienced traders constitute a collusive clique and collaborate to manipulate some instruments, thus mislead other investors by applying similar trading behaviors for maximizing their personal benefits. In this paper, a method is proposed to detect the hidden collusive cliques involved in an instrument of future markets by first calculating the correlation coefficient between any two eligible unified aggregated time series of signed order volume, and then combining the connected components from multiple sparsified weighted graphs constructed by using the correlation matrices where each correlation coefficient is over a user-specified threshold. Experiments conducted on real order data from the Shanghai Futures Exchange show that the proposed method can effectively detect suspect collusive cliques. A tool based on the proposed method has been deployed in the exchange as a pilot application for futures market surveillance and risk management.

Trading and Market Microstructure,Neural and Evolutionary Computing

Hang Yin,Zitao Zhang,Zhurong Wang,Yilmazcan Ozyurt,Weiming Liang,Wenyu Dong,Yang Zhao,Yinan Shan

DOI: https://doi.org/10.48550/arXiv.2210.06968

IF: 5.414

2022-10-13

Machine Learning

Abstract:In e-commerce industry, graph neural network methods are the new trends for transaction risk modeling.The power of graph algorithms lie in the capability to catch transaction linking network information, which is very hard to be captured by other algorithms.However, in most existing approaches, transaction or user connections are defined by hard link strategies on shared properties, such as same credit card, same device, same ip address, same shipping address, etc. Those types of strategies will result in sparse linkages by entities with strong identification characteristics (ie. device) and over-linkages by entities that could be widely shared (ie. ip address), making it more difficult to learn useful information from graph. To address aforementioned problems, we present a novel behavioral biometric based method to establish transaction linkings based on user behavioral similarities, then train an unsupervised GNN to extract embedding features for downstream fraud prediction tasks. To our knowledge, this is the first time similarity based soft link has been used in graph embedding applications. To speed up similarity calculation, we apply an in-house GPU based HDBSCAN clustering method to remove highly concentrated and isolated nodes before graph construction. Our experiments show that embedding features learned from similarity based behavioral graph have achieved significant performance increase to the baseline fraud detection model in various business scenarios. In new guest buyer transaction scenario, this segment is a challenge for traditional method, we can make precision increase from 0.82 to 0.86 at the same recall of 0.27, which means we can decrease false positive rate using this method.

Jinbo Chao,Chunhui Zhao,Fuzhi Zhang

DOI: https://doi.org/10.1155/2022/4354086

IF: 1.968

2022-01-11

Security and Communication Networks

Abstract:Information security is one of the key issues in e-commerce Internet of Things (IoT) platform research. The collusive spamming groups on e-commerce platforms can write a large number of fake reviews over a period of time for the evaluated products, which seriously affect the purchase decision behaviors of consumers and destroy the fair competition environment among merchants. To address this problem, we propose a network embedding based approach to detect collusive spamming groups. First, we use the idea of a meta-graph to construct a heterogeneous information network based on the user review dataset. Second, we exploit the modified DeepWalk algorithm to learn the low-dimensional vector representations of user nodes in the heterogeneous information network and employ the clustering methods to obtain candidate spamming groups. Finally, we leverage an indicator weighting strategy to calculate the spamming score of each candidate group, and the top-k groups with high spamming scores are considered to be the collusive spamming groups. The experimental results on two real-world review datasets show that the overall detection performance of the proposed approach is much better than that of baseline methods.

computer science, information systems,telecommunications

Shunyu Yao,Dan Liu,Zhifei Guo,Zhiyuan Zhang,Jie Hu

DOI: https://doi.org/10.3390/electronics13234742

IF: 2.9

2024-11-30

Electronics

Abstract:With the rapid development of e-commerce, malicious accounts have become a threat, especially in the business field. Therefore, how to efficiently detect malicious accounts has become one an important issue requiring resolution. Present research on malicious detection mainly uses the basic statistics of the original data to build models, and ignores malicious activities in the business field. To address the context-independent nature of business activities and their lack of social structure, this study constructs an online model for detecting malicious accounts in the business field based on a stacking ensemble strategy with BiGRU-Conv1D-Capsule, XGBoost, and LightGBM as individual learners and AdaBoost as a meta-learner. Experimental results show that the stacking ensemble model constructed in this study has better predictive power than the typical shallow learning and baseline deep learning models. In addition to the basic feature, the behavior sequence of users is also applied in the proposed model. Overall, our experiments based on a real dataset from a financial platform show that the TPR, AUC, and F1 of the stacking ensemble model can reach 0.8258, 0.9860, and 0.8922 respectively, which outperforms all baseline models.

engineering, electrical & electronic,computer science, information systems,physics, applied

WANG Yihan,TANG Chen,ZHANG Lan

DOI: https://doi.org/10.11772/j.issn.1001-9081.2022040546

2023-01-01

Journal of Computer Applications

Abstract:In view of the huge risks brought by transaction fraud, handover irregularities and other issues in bulk stock online trading, a long-term traceable online trading mechanism was proposed to achieve more reliable bulk stock trading, in order to realize the authenticity and anti-tampering of information and the credibility and anti-fraud of process. Firstly, combined with blockchain, an online trading framework based on the idea of "application-verification-record" was proposed, and the smart contracts were used for multi-party supervision and detailed records for each stage of the trading process.Secondly, to guarantee the authenticity of commodity information, for bulk stock with texture features on its appearance, the commodity fingerprints of the bulk stock were extracted and verified based on the Local Binary Pattern（LBP） algorithm.Finally, to ensure the credibility of the handover process, a standardized handover method of commodities was proposed on the basis of environmental fingerprints. The above trading framework, commodity appearance fingerprint extraction and verification algorithm, and standardized commodity handover method were used jointly to constitute the online trading mechanism. The analysis results show that the proposed trading framework can avoid most of the frauds from the perspectives of user selection and process specification and can identify single-party and two-party frauds occurring in the transactions.The experiment results based on the real log image data show that the proposed commodity appearance fingerprint extraction and verification algorithm can judge different images of the same commodity with 94. 00% accuracy and distinguish images of different commodities with 78. 30% accuracy. The system performance test shows that the delay of each stage of the proposed trading mechanism is within an acceptable range, and meets the requirements of online trading.

Jiajun Zhou,Xuanze Chen,Shengbo Gong,Chenkai Hu,Chengxiang Jin,Shanqing Yu,Qi Xuan

2024-07-02

Abstract:Ethereum has become one of the primary global platforms for cryptocurrency, playing an important role in promoting the diversification of the financial ecosystem. However, the relative lag in regulation has led to a proliferation of malicious activities in Ethereum, posing a serious threat to fund security. Existing regulatory methods usually detect malicious accounts through feature engineering or large-scale transaction graph mining. However, due to the immense scale of transaction data and malicious attacks, these methods suffer from inefficiency and low robustness during data processing and anomaly detection. In this regard, we propose an Ethereum Transaction Graph Compression method named TGC4Eth, which assists malicious account detection by lightweighting both features and topology of the transaction graph. At the feature level, we select transaction features based on their low importance to improve the robustness of the subsequent detection models against feature evasion attacks; at the topology level, we employ focusing and coarsening processes to compress the structure of the transaction graph, thereby improving both data processing and inference efficiency of detection models. Extensive experiments demonstrate that TGC4Eth significantly improves the computational efficiency of existing detection models while preserving the connectivity of the transaction graph. Furthermore, TGC4Eth enables existing detection models to maintain stable performance and exhibit high robustness against feature evasion attacks.

Cryptography and Security,Social and Information Networks

Jianke Yu,Hanchen Wang,Xiaoyang Wang,Zhao Li,Lu Qin,Wenjie Zhang,Jian Liao,Ying Zhang

DOI: https://doi.org/10.1145/3580305.3599836

2023-01-01

Abstract:Along with the rapid technological and commercial innovation on the e-commerce platforms, there are an increasing number of frauds that bring great harm to these platforms. Many frauds are conducted by organized groups of fraudsters for higher efficiency and lower costs, which are also known as group-based frauds. Despite the high concealment and strong destructiveness of group-based fraud, there is no existing research work that can thoroughly exploit the information within the transaction networks of e-commerce platforms for group-based fraud detection. In this work, we analyze and summarize the characteristics of group-based frauds, based on which we propose a novel end-to-end semi-supervised Group-based Fraud Detection Network (GFDN) to support such fraud detection in real-world applications. Experimental results on large-scale e-commerce datasets from Taobao and Bitcoin trading datasets show the superior effectiveness and efficiency of our proposed model for group-based fraud detection on bipartite graphs.

Kai Lei,Qiuai Fu,Jiake Ni,Feiyang Wang,Min Yang,Kuai Xu

DOI: https://doi.org/10.1109/ICDCS.2019.00066

2019-01-01

Abstract:The last decade has witnessed the explosive growth of malicious Internet domains which serve as the fundamental infrastructure for establishing advanced persistent threat command and control communication channels or hosting phishing Web sites. Given the big data nature of Internet traffic data and the ability of algorithmically generating domains and acquiring and registering the domains in a near-automated fashion, detecting malicious domains in real-time is a daunting task for security analysts and network operators. In this paper, we introduce bipartite graphs to capture the interactions between end hosts and domains, identify associated IP addresses of domains, and characterize time-series patterns of DNS queries for domains, and explore one-mode projections of these bipartite graphs for modeling the behavioral, IP-structural, and temporal similarities between domains. We employ graph embedding technique to automatically learn dynamic and discriminative feature representations for over 10,000 labeled domains, and develop an SVM-based classification algorithm for predicting malicious or benign domains. Our model makes the progress towards adapting to the changing and evolving strategies of malicious domains. The experimental results have shown that our proposed algorithm achieves an area under the curve (AUC) of 0.94 based on k-fold cross-validation. To the best of our knowledge, this is the first effort to apply the combination of behavioral modeling and graph embedding for effectively and accurately detecting malicious domains.

Xuxu Zheng,Chen Feng,Zhiyi Yin,Jinli Zhang,Huawei Shen

DOI: https://doi.org/10.3390/electronics12143070

IF: 2.9

2023-07-15

Electronics

Abstract:Detecting fraudulent users in social networks could reduce online fraud and telecommunication fraud cases, which is essential to protect the lives and properties of internet users and maintain social harmony and stability. We study how to detect fraudulent users by using heterogeneous graph representation learning and propose a heterogeneous graph representation learning algorithm to learn user node embeddings to reduce human intervention. The experimental results show promising results. This article investigates how to use better heterogeneous graph representation learning to detect fraudulent users in social networks and improve detection accuracy.

engineering, electrical & electronic,computer science, information systems,physics, applied

Wenkai Li,Zhijie Liu,Xiaoqi Li,Sen Nie

2024-10-28

Abstract:The web3 applications have recently been growing, especially on the Ethereum platform, starting to become the target of scammers. The web3 scams, imitating the services provided by legitimate platforms, mimic regular activity to deceive users. The current phishing account detection tools utilize graph learning or sampling algorithms to obtain graph features. However, large-scale transaction networks with temporal attributes conform to a power-law distribution, posing challenges in detecting web3 scams. In this paper, we present ScamSweeper, a novel framework to identify web3 scams on Ethereum. Furthermore, we collect a large-scale transaction dataset consisting of web3 scams, phishing, and normal accounts. Our experiments indicate that ScamSweeper exceeds the state-of-the-art in detecting web3 scams.

Cryptography and Security

Zequan Xu,Lianyun Li,Hui Li,Qihang Sun,Shaofeng Hu,Rongrong Ji

DOI: https://doi.org/10.1145/3539597.3570466

2022-12-06

Abstract:Nowadays, Multi-purpose Messaging Mobile App (MMMA) has become increasingly prevalent. MMMAs attract fraudsters and some cybercriminals provide support for frauds via black market accounts (BMAs). Compared to fraudsters, BMAs are not directly involved in frauds and are more difficult to detect. This paper illustrates our BMA detection system SGRL (Self-supervised Graph Representation Learning) used in WeChat, a representative MMMA with over a billion users. We tailor Graph Neural Network and Graph Self-supervised Learning in SGRL for BMA detection. The workflow of SGRL contains a pretraining phase that utilizes structural information, node attribute information and available human knowledge, and a lightweight detection phase. In offline experiments, SGRL outperforms state-of-the-art methods by 16.06%-58.17% on offline evaluation measures. We deploy SGRL in the online environment to detect BMAs on the billion-scale WeChat graph, and it exceeds the alternative by 7.27% on the online evaluation measure. In conclusion, SGRL can alleviate label reliance, generalize well to unseen data, and effectively detect BMAs in WeChat.

Social and Information Networks,Artificial Intelligence

Jianke Yu,Hanchen Wang,Xiaoyang Wang,Zhao Li,Lu Qin,Wenjie Zhang,Jian Liao,Ying Zhang,Bailin Yang

DOI: https://doi.org/10.1109/tkde.2024.3485127

IF: 9.235

2024-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Along with the rapid technological and commercial innovation on e-commerce platforms, an increasing number of frauds cause great harm to these platforms. Many frauds are conducted by organized groups of fraudsters for higher efficiency and lower costs, also known as group-based frauds. Despite the high concealment and strong destructiveness of group-based fraud, no existing research can thoroughly exploit the information within the transaction networks of e-commerce platforms for group-based fraud detection. In this work, we analyze and summarize the characteristics of group-based frauds. Based on this, we propose a novel end-to-end semi-supervised Group-based Fraud Detection Network (GFDN) to support such fraud detection in real-world applications. In addition, we introduce a module named Temporal Group Dynamics Analyzer (TGDA) that strengthens the ability to analyze temporal information on group fraudulent activity. Based on this, we built an enhanced model named TGFDN. Experimental results on large-scale e-commerce datasets from Taobao and Bitcoin trading datasets show our proposed model's superior effectiveness and efficiency for group-based fraud detection on bipartite graphs.

Zheng Che,Meng Shen,Zhehui Tan,Hanbiao Du,Liehuang Zhu,Wei Wang,Ting Chen,Qinglin Zhao,Yong Xie

2024-10-31

Abstract:With the rapid evolution of Web3.0, cryptocurrency has become a cornerstone of decentralized finance. While these digital assets enable efficient and borderless financial transactions, their pseudonymous nature has also attracted malicious activities such as money laundering, fraud, and other financial crimes. Effective detection of malicious transactions is crucial to maintaining the security and integrity of the Web 3.0 ecosystem. Existing malicious transaction detection methods rely on large amounts of labeled data and suffer from low generalization. Label-efficient and generalizable malicious transaction detection remains a challenging task. In this paper, we propose ShadowEyes, a novel malicious transaction detection method. Specifically, we first propose a generalized graph structure named TxGraph as a representation of malicious transaction, which captures the interaction features of each malicious account and its neighbors. Then we carefully design a data augmentation method tailored to simulate the evolution of malicious transactions to generate positive pairs. To alleviate account label scarcity, we further design a graph contrastive mechanism, which enables ShadowEyes to learn discriminative features effectively from unlabeled data, thereby enhancing its detection capabilities in real-world scenarios. We conduct extensive experiments using public datasets to evaluate the performance of ShadowEyes. The results demonstrate that it outperforms state-of-the-art (SOTA) methods in four typical scenarios. Specifically, in the zero-shot learning scenario, it can achieve an F1 score of 76.98% for identifying gambling transactions, surpassing the SOTA method by12.05%. In the scenario of across-platform malicious transaction detection, ShadowEyes maintains an F1 score of around 90%, which is 10% higher than the SOTA method.

Cryptography and Security

Cen Chen,Chen Liang,Jianbin Lin,Li Wang,Ziqi Liu,Xinxing Yang,Xiukun Wang,Jun Zhou,Yang Shuang,Yuan Qi

DOI: https://doi.org/10.48550/arXiv.2003.02833

2020-03-12

Abstract:The insurance industry has been creating innovative products around the emerging online shopping activities. Such e-commerce insurance is designed to protect buyers from potential risks such as impulse purchases and counterfeits. Fraudulent claims towards online insurance typically involve multiple parties such as buyers, sellers, and express companies, and they could lead to heavy financial losses. In order to uncover the relations behind organized fraudsters and detect fraudulent claims, we developed a large-scale insurance fraud detection system, i.e., InfDetect, which provides interfaces for commonly used graphs, standard data processing procedures, and a uniform graph learning platform. InfDetect is able to process big graphs containing up to 100 millions of nodes and billions of edges. In this paper, we investigate different graphs to facilitate fraudster mining, such as a device-sharing graph, a transaction graph, a friendship graph, and a buyer-seller graph. These graphs are fed to a uniform graph learning platform containing supervised and unsupervised graph learning algorithms. Cases on widely applied e-commerce insurance are described to demonstrate the usage and capability of our system. InfDetect has successfully detected thousands of fraudulent claims and saved over tens of thousands of dollars daily.

Cryptography and Security,Machine Learning

Liang Zhao,Wei Li,Ruihan Bao,Keiko Harimoto,Yunfang Wu,Xu Sun

DOI: https://doi.org/10.24963/ijcai.2021/518

2021-01-01

Abstract:Trading volume movement prediction is the key in a variety of financial applications. Despite its importance, there is few research on this topic because of its requirement for comprehensive understanding of information from different sources. For instance, the relation between multiple stocks, recent transaction data and suddenly released events are all essential for understanding trading market. However, most of the previous methods only take the fluctuation information of the past few weeks into consideration, thus yielding poor performance. To handle this issue, we propose a graphbased approach that can incorporate multi-view information, i.e., long-term stock trend, short-term fluctuation and sudden events information jointly into a temporal heterogeneous graph. Besides, our method is equipped with deep canonical analysis to highlight the correlations between different perspectives of fluctuation for better prediction. Experiment results show that our method outperforms strong baselines by a large margin.

Jintao Wen,Xianghong Tang,Jianguang Lu

DOI: https://doi.org/10.1038/s41598-024-67550-4

IF: 4.6

2024-07-18

Scientific Reports

Abstract:Fraud seriously threatens individual interests and social stability, so fraud detection has attracted much attention in recent years. In scenarios such as social media, fraudsters typically hide among numerous benign users, constituting only a small minority and often forming "small gangs". Due to the scarcity of fraudsters, the conventional graph neural network might overlook or obscure critical fraud information, leading to insufficient representation of fraud characteristics. To address these issues, the tran-smote on graphs (GTS) method for fraud detection is proposed by this study. Structural features of each type of node are deeply mined using a subgraph neural network extractor, these features are integrated with attribute features using transformer technology, and the node's information representation is enriched, thereby addressing the issue of inadequate feature representation. Additionally, this approach involves setting a feature embedding space to generate new nodes representing minority classes, and an edge generator is used to provide relevant connection information for these new nodes, alleviating the class imbalance problem. The results from experiments on two real datasets demonstrate that the proposed GTS, performs better than the current state-of-the-art baseline.

multidisciplinary sciences

Da Sun Handason Tam,Wing Cheong Lau,Bin Hu,Qiu Fang Ying,Dah Ming Chiu,Hong Liu

DOI: https://doi.org/10.48550/arXiv.1906.05546

2019-06-13

Abstract:Rapid and massive adoption of mobile/ online payment services has brought new challenges to the service providers as well as regulators in safeguarding the proper uses such services/ systems. In this paper, we leverage recent advances in deep-neural-network-based graph representation learning to detect abnormal/ suspicious financial transactions in real-world e-payment networks. In particular, we propose an end-to-end Graph Convolution Network (GCN)-based algorithm to learn the embeddings of the nodes and edges of a large-scale time-evolving graph. In the context of e-payment transaction graphs, the resultant node and edge embeddings can effectively characterize the user-background as well as the financial transaction patterns of individual account holders. As such, we can use the graph embedding results to drive downstream graph mining tasks such as node-classification to identify illicit accounts within the payment networks. Our algorithm outperforms state-of-the-art schemes including GraphSAGE, Gradient Boosting Decision Tree and Random Forest to deliver considerably higher accuracy (94.62% and 86.98% respectively) in classifying user accounts within 2 practical e-payment transaction datasets. It also achieves outstanding accuracy (97.43%) for another biomedical entity identification task while using only edge-related information.

Social and Information Networks,Machine Learning