Skip to main content

Fraud Detection with Semi-supervised Learning

February 13, 2019 · One min read

Motivation

Leveraging user and device data during user login to fight against

ATO (account takeovers)
Botnet attacks

ATOs ranking from easy to hard to detect

from single IP
from IPs on the same device
from IPs across the world
from 100k IPs
attacks on specific accounts
phishing and malware

Solutions

Semi-supervised learning = unlabeled data + small amount of labeled data

Why? better learning accuracy than unsupervised learning + less time and costs than supervised learning

K-means: not good
DBSCAN: better. Use labels to
1. Tune hyperparameter
2. Constrain

Challenges

Manual feature selection
Feature evolution in adversarial environment
Scalability
No online DBSCAN

Architecture

Anti-fraud Query

Anti-fraud Featuring

Production Setup

Batch: 7 days worth of data, run DBSCAN hourly
Streaming: 60 minutes moving window, run streaming k-means
Used feedback signal success ratios to mark clusters as good, bad or unknown
Bad clusters: Always throw
Good clusters: Small % of attempts
Unknown clusters: X% of attempts

References:

https://www.slideshare.net/Hadoop_Summit/semisupervised-learning-in-an-adversarial-environment

Share on Twitter

Motivation
Solutions

About Tian Pan

Solutions architect and tech entrepreneur specializing in enterprise SaaS and Web3 platforms. Led development of high-throughput distributed systems handling millions of transactions. Full-stack expertise with a track record of architecting cloud-native solutions that scale seamlessly from startup to enterprise scale.

[object Object]

Stay up to date