Selective Graph Attention Networks for Account Takeover Detection

Account takeover (ATO) is a type of fraud where a fraudster gains unauthorized access of a legitimate user's account through phishing, malware, bought credentials from dark web etc. The sophisticated evasion of detection by fraudsters and the requirement of friction-free experience by customers call for a new detection technique. Rather than using statistical features from behavior sequence in most of existing solutions, we represent account/context with graph node embedding and extract inherent sequential patterns with Recurrent Neural Networks (RNNs). Instead of using plain RNN by state-of-art fraud detection models, we further propose a selective graph attention mechanism within sequence (GAS), attending to relevant steps only to assist learning longer dependencies. The proposed selective graph attention mechanism is applicable to general graph structures. Experiments on a real dataset from Alibaba Group are conducted to compare the proposed model to several state-of-the-art approaches. The results demonstrate the effectiveness of the proposed graph attention mechanism. A real case study is also presented to further explain how proposed GAS works.

[1]  Fenglong Ma,et al.  Dipole: Diagnosis Prediction in Healthcare via Attention-based Bidirectional Recurrent Neural Networks , 2017, KDD.

[2]  Max Welling,et al.  Semi-Supervised Classification with Graph Convolutional Networks , 2016, ICLR.

[3]  Jimeng Sun,et al.  RETAIN: An Interpretable Predictive Model for Healthcare using Reverse Time Attention Mechanism , 2016, NIPS.

[4]  Wei Xu,et al.  Session-Based Fraud Detection in Online E-Commerce Transactions Using Recurrent Neural Networks , 2017, ECML/PKDD.

[5]  Joan Bruna,et al.  Spectral Networks and Locally Connected Networks on Graphs , 2013, ICLR.

[6]  Jingsha He,et al.  Access control to web pages based on user browsing behavior , 2017, 2017 IEEE 9th International Conference on Communication Software and Networks (ICCSN).

[7]  Diyi Yang,et al.  Hierarchical Attention Networks for Document Classification , 2016, NAACL.

[8]  Pietro Liò,et al.  Graph Attention Networks , 2017, ICLR.

[9]  Salvatore J. Stolfo,et al.  A Network Access Control Mechanism Based on Behavior Profiles , 2009, 2009 Annual Computer Security Applications Conference.

[10]  Rachel Greenstadt,et al.  Using Machine Learning for Behavior-Based Access Control: Scalable Anomaly Detection on TCP Connections and HTTP Requests , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[11]  Alán Aspuru-Guzik,et al.  Convolutional Networks on Graphs for Learning Molecular Fingerprints , 2015, NIPS.

[12]  Huy Kang Kim,et al.  Crime scene re-investigation: a postmortem analysis of game account stealers' behaviors , 2017, 2017 15th Annual Workshop on Network and Systems Support for Games (NetGames).

[13]  Lukasz Kaiser,et al.  Attention is All you Need , 2017, NIPS.