Detecting unusual user behaviour to identify hijacked internet auctions accounts

Abstract

For over 15 years auction services have grown rapidly, constituting a major part of e-commerce worldwide. Unfortunately, they also provide opportunities for criminals to distribute illicit goods, launder money or commit other types of fraud. This calls for methods to mitigate this threat. The following paper discusses the methods of identifying the accounts of users participating in internet auctions that have been hijacked (taken over) by malicious individuals and utilised for fraudulent purposes. Two primary methods are described, monitoring users' activities (e.g. the number of auctions created over time) with EWMA and clustering similar auction categories into groups for the purpose of assessing users' sellers profiles and detecting their sudden changes. These methods, utilised together allow for real-time detection of suspicious accounts. The proposed models are validated on real data gathered from an auction web site. © 2012 IFIP International Federation for Information Processing.