BadLink: Combining Graph and Information-Theoretical Features for Online Fraud Group Detection
This addresses fraud detection for Internet businesses, but it appears incremental as it builds on existing group-based methodologies with new feature combinations.
The paper tackled online fraud group detection by combining graph-based and information-theoretical features into metrics, resulting in a framework called BadLink that demonstrated state-of-the-art performance on real production data, even against sophisticated camouflage.
Frauds severely hurt many kinds of Internet businesses. Group-based fraud detection is a popular methodology to catch fraudsters who unavoidably exhibit synchronized behaviors. We combine both graph-based features (e.g. cluster density) and information-theoretical features (e.g. probability for the similarity) of fraud groups into two intuitive metrics. Based on these metrics, we build an extensible fraud detection framework, BadLink, to support multimodal datasets with different data types and distributions in a scalable way. Experiments on real production workload, as well as extensive comparison with existing solutions demonstrate the state-of-the-art performance of BadLink, even with sophisticated camouflage traffic.