PDF Editor
PDF Converter
Image Converter
Video Converter
Audio Converter
File Compressor
content based classification of fraudulent webshops

Content-based Classification of Fraudulent Webshops Mick Cox & - PowerPoint PPT Presentation

Apr 07, 2024 •369 likes •707 views

Content-based Classification of Fraudulent Webshops Mick Cox & Sjors Haanen RP30 July 5 th 2018 The .nl Top Level Domain (TLD) > 5.8 million registered domain names (Q1 2018) 1 10 th largest TLD (Q4 2017) 2 Good reputation for

  1. Content-based Classification of Fraudulent Webshops Mick Cox & Sjors Haanen RP30 July 5 th 2018

  2. The .nl Top Level Domain (TLD) > 5.8 million registered domain names (Q1 2018) 1 ● 10 th largest TLD (Q4 2017) 2 ● Good reputation for e-commerce 3 ● ● Maintained by SIDN Source: www.verisign.com/assets/domain-name-report-Q42017.pdf 2

  3. Problem statement Fraudulent webshops: - Luxury goods, high discounts - Payment by credit card - Risk: money scams, identity & credit card theft - Spoof and Concocted sites 3

  4. Examples: Spoof & Concocted Source: www.fjallraven-kanken.nl Source: www.autorijschoolmathieu.nl 4

  5. Operators - Many websites, same operator: - Same technology - Similar translation mistakes - Possibly 'fraudulent webshop as a service' - Likely foreign actors: Hosting: often geolocated in Russia 4 - - WHOIS - Code comments 5

  6. Prior work 2016: SIDN Labs: nDEWS 4 - 2017: Sahoo et al.: survey on malicious URL detection 5 - 2018: Consumentenbond: identified 2000 fraudulent webshops 6 - 2018: CrimeBusterBot classifier uses different sources 7 - - 2018 (ongoing): Classification on DNS and network data (Thijs Brands, TUDelft) 6

  7. Motivation Keeping .nl clean is in the interest of: - SIDN - the registrants - the end user SIDN dataset: a crawl of the .nl TLD (June 2018) is used to perform a classification. 7

  8. Research Question Is it possible to reliably classify fraudulent webshops in the .nl TLD, based on web content? 8

  9. Datasets Fraudulent webshops (' nep ', 3634 observations): - Consumentenbond - CrimeBusterBot - SIDN dataset General websites (' web ', 3650 observations): - Random sample SIDN dataset Both manually sanitized 9

  10. Approach - Possible biased dataset. Is it representative? - Matching technical implementations is circumventable Our approach: Target the prerequisites to build fraudulent webshops FRAUDULENT FEATURE CLASSIFICATION EVALUATION WEBSHOP ENGINEERING PREREQUISITES Method 10

  11. Prerequisites Fraudulent webshop prerequisites - Customer attraction - SEO score - Scalability FRAUDULENT FEATURE CLASSIFICATION EVALUATION WEBSHOP ENGINEERING PREREQUISITES Method 11

  12. Customer attraction - Popular brands - Attractive discounts - High stock, many sizes - Social media buttons - Webshop logo Source: www.hopefulfishing.nl 12

  13. SEO score - Dependant on visibility in search engines - Using recently expired Dutch domain names - Registration likely by drop catchers - Intel on SEO by third parties (majestic.com) Example domain names: - autorijschoolmathieu.nl - bestratingengroendienstverlening.nl - stichtingmali.nl - blaasorkestdacapo.nl - psycholoog-ermelo.nl 13

  14. Scalability Scalability strategy: replication - Simple, generic webshops - No time to tweak each webshop - High risk of takedowns / short lived - Evade manual work, automate everything - Operators may control many webshops (also in other TLDs) Trompetforum.nl kraamcentrumdebakermat.nl condoomshopthofje.nl 14 seks-therapeut.nl

  15. Feature Engineering Model characteristics in measurable features FRAUDULENT FEATURE CLASSIFICATION EVALUATION WEBSHOP ENGINEERING PREREQUISITES Method 15

  16. Meta tags Meta Description Meta Keywords 16

  17. Social media linking Possibly fraudulent Genuine: 17

  18. Social media linking Social Media Links Social Media Deep Links 18 18

  19. Web analytics Analytics Integration Source: Wappalyzer.com 19

  20. Domain/title string distance Syntactical difference www.autorijschoolmathieu.nl Damesschoenen van aQa COGNAC (A3433-Z23A25) / Van Mierlo Schoenen Edit distance Levenshtein distance: 60 Jaccard distance: 20 www.rabobank.nl Rabobank - Particulieren Levenshtein distance: 20 Jaccard distance: 20 20 Jaccard distance

  21. Domain/title similarity Semantic difference - Calculate similarity score - Using word2vec word embeddings - Model pretrained on SoNaR 500 and Wikipedia (NL) corpus 8 Segmentation Algorithm 1. Split domain in all possible substrings 2. Filter stop words 3. Filter to dictionary 4. Take longest subword - Filter all subwords not element of longest subword - Recursive step 21

  22. t to tor tori autorijs torij autorijsc torijs autorijsch torijsc autorijscho torijsch autorijschoo torijscho autorijschool torijschoo autorijschoolm torijschool Domain/title similarity contd. autorijschoolma torijschoolm autorijschoolmat torijschoolma autorijschoolmath torijschoolmat autorijschoolmathi torijschoolmath Damesschoenen van aQa COGNAC autorijschoolmathie torijschoolmathi (A3433-Z23A25) / Van Mierlo autorijschoolmathieu torijschoolmathie Schoenen torijschoolmathieu {'rijs', 'auto', 'mathieu', {'Mierlo', 'Van', 'COGNAC', 'u', 'eu', 'mat', 'ijs', 'Schoenen', 'autorijschool', 'rij', 'Damesschoenen', 'van', 'ij', 'school, 'rijschool'} 'aQa', 'A3433', 'Z23A25'} {'Mierlo', 'Damesschoenen', {'mathieu','autorijschool'} 'Schoenen', 'COGNAC'} sonar: 0.30163282278907727 wiki: 0.21168016747044305 22

  23. Domain/title similarity contd. Similarity on Sonar Corpus Similarity on Wikipedia Corpus 23

  24. Feature overview Table 1: Overview of used features Fraudulent webshop prerequisites Feature Customer attraction Currency symbol count Image Count SEO Meta Description / Keyword: token count Domain label / title edit distance Domain label / title similarity CSS & Javascript includes: count Scalability Meta Open Graph Web analytics Anchor tags (internal/external) Pattern match: Phone / Address / Postcode / Place / IBAN Lexical Diversity (Total/Unique) 24 Social Media links & deeplinks

  25. Classification Experiment 1: Labeled dataset Experiment 2: .nl zone - 10-fold cross validation - 4.9 million valid page sources - 3000 train/ 300 test - Seven different algorithms - AdaBoost Algorithm - Confidence score FRAUDULENT FEATURE CLASSIFICATION EVALUATION WEBSHOP ENGINEERING PREREQUISITES Method 25

  26. Results (experiment 1) Table 3: Most informative features Rank Feature Weight 1 analytics 0.1207 2 currencycnt 0.1048 Table 2: Averages on AdaBoost 10 fold cross validation using 6600 observations: 3 distance_edit 0.0986 even class, default parameters 4 sm_deep_link 0.0779 Average AdaBoost 5 links_external 0.0615 Accuracy 0.9934 Recall 0.9909 6 scriptscnt 0.0600 7 links_hash 0.0538 Precision 0.9941 8 lexunq 0.0421 F 1 Score 0.9915 9 lt_sim_wiki 0.0420 10 distance_jaccard 0.0419 26

  27. Results (experiment 2) Table 4: Classification SIDN dataset* Classified fraudulent (positive) Classified normal (negative) Pct positive Majority vote (4/7) 73,519 4,839,753 ~1.496% Unanimous vote (7/7) 1522 4,911,750 ~0.03% Table 5: Precision True positive False Positive Precision Majority vote (sampled 5000) 4 60 ~6.667% Unanimous vote (7/7) 1303 219 85.61% * Domains with included page source in the SIDN dataset 27

  28. Evaluation Discussion, Future Work & Conclusion BUSINESS FEATURE CLASSIFICATION EVALUATION MODEL ENGINEERING Method 28

  29. Discussion & Future Work Yes, content-based classification of fraudulent webshops is possible. - Results labeled set are high. Unlabeled still shows false positives - Did we correct our initial dataset? - Only classified index pages - Algorithm selection, tuning and data preprocessing - Combine results with other perspectives - Other applications of semantic similarity? - Many features still left undiscovered - Payment processing - Translated text recognition - NLP on Dutch grammar 29

  30. Conclusion Our contributions - Shown that content-based classification can be done - Introduced semantic similarity to represent website content - Resulting classification as a basis for future work 30

  31. References I 1 - SIDN Labs (2018). ".nl stats and data". https://stats.sidnlabs.nl/en/registration.html 2 - Verisign Inc. (2018). "The Domain Name Industry Brief". https://www.verisign.com/assets/domain-name-report-Q42017.pdf 3 - United Nations Conference on Trade and Development (2017). "UNCTAD B2C E-COMMERCE INDEX". http://unctad.org/en/PublicationsLibrary/tn_unctad_ict4d09_en.pdf 4 - Moura, G.C. M., Müller, M., Wullink, M, Hesselman, C. (2016). "nDEWS: a new domains early warning system for TLDs" In: IEEE/IFIP International Workshop on Analytics for Network and Service Management (AnNet 2016), co-located with IEEE/IFIP Network Operations and Management Symposium (NOMS 2016). Istanbul, Turkey, May 2016. 31

  32. References II 5 - Sahoo, Doyen and Liu, Chenghao and Hoi, Steven CH (2017). "Malicious URL detection using machine learning: A survey" arXiv preprint arXiv:1701.07179. 6 - Consumentenbond (2018). "Consumentenbond laat 850 foute webwinkels offline halen" https://www.consumentenbond.nl/nieuws/2018/consumentenbond-laat-850-foute-webwinkels-offline-halen 7 - Richard Garsthagen (2018). "CrimeBusterBot". https://github.com/AnykeyNL/CrimeBusterBot 8 - Stephan Tulkens and Chris Emmery and Walter Daelemans (2016). "Evaluating Unsupervised Dutch Word Embeddings as a Linguistic Resource". https://github.com/clips/dutchembeddings 32

Recommend

Counterfighting Counterfeit Detecting and taking down fraudulent webshops at a ccTLD Thymen Wabeke

Counterfighting Counterfeit Detecting and taking down fraudulent webshops at a ccTLD Thymen Wabeke

Counterfighting Counterfeit Detecting and taking down fraudulent webshops at a ccTLD Thymen Wabeke , Giovane C. M. Moura, Nanneke Franken, and Cristian Hesselman {firstname}.{lastname}@sidn.nl nederlandwebshop.nl Counterfeit webshops scam,

592 views • 21 slides
Fraudulent Conveyance Exposure Fraudulent Conveyance Exposure for Intercompany Loans and Guarantees

Fraudulent Conveyance Exposure Fraudulent Conveyance Exposure for Intercompany Loans and Guarantees

Presenting a live 90 minute webinar with interactive Q&A Fraudulent Conveyance Exposure Fraudulent Conveyance Exposure for Intercompany Loans and Guarantees Navigating the Bankruptcy and Insolvency Risks of Intercorporate Obligations TUES

800 views • 48 slides
State Law Fraudulent Transfer Claims: State Law Fraudulent Transfer Claims: Reversion to Individual

State Law Fraudulent Transfer Claims: State Law Fraudulent Transfer Claims: Reversion to Individual

Presenting a live 75 minute webinar with interactive Q&A State Law Fraudulent Transfer Claims: State Law Fraudulent Transfer Claims: Reversion to Individual Creditors Bringing and Defending Claims Abandoned by the Trustee or Estate THURS

491 views • 37 slides
Tronox v. Kerr-McGee: Game Changing Ruling on Fraudulent Transfer and Spin-Offs to Shed Legacy

Tronox v. Kerr-McGee: Game Changing Ruling on Fraudulent Transfer and Spin-Offs to Shed Legacy

Presenting a 90-Minute Encore Presentation of the Teleconference with Live, Interactive Q&A Tronox v. Kerr-McGee: Game Changing Ruling on Fraudulent Transfer and Spin-Offs to Shed Legacy Liabilities Navigating Complex Issues of Fraudulent

918 views • 78 slides
Wren Alexander, LLC: Of Tax Liens and Fraudulent Transfers committees.abi.org

Wren Alexander, LLC: Of Tax Liens and Fraudulent Transfers committees.abi.org

Wren Alexander, LLC: Of Tax Liens and Fraudulent Transfers committees.abi.org /committees/bankruptcy-taxation/posts/2014/wren-alexander-llc-of-tax-liens-and-fraudulent- transfers David N. Crapo Gibbons P.C.; Newark, New Jersey A 30-year

199 views • 4 slides
Fraudulent Transfer Claw-Back Litigation Post Tribune, Lyondell and SemCrude Litigating Avoidance

Fraudulent Transfer Claw-Back Litigation Post Tribune, Lyondell and SemCrude Litigating Avoidance

Presenting a live 90-minute webinar with interactive Q&A Fraudulent Transfer Claw-Back Litigation Post Tribune, Lyondell and SemCrude Litigating Avoidance Actions Under the Bankruptcy Code and State Law Constructive Fraudulent Transfer

710 views • 36 slides
Fraudulent Transfer Claw-Back Litigation Post Tribune, Lyondell and SemGroup Litigating Avoidance

Fraudulent Transfer Claw-Back Litigation Post Tribune, Lyondell and SemGroup Litigating Avoidance

Presenting a live 90-minute webinar with interactive Q&A Fraudulent Transfer Claw-Back Litigation Post Tribune, Lyondell and SemGroup Litigating Avoidance Actions Under the Bankruptcy Code and State Law Constructive Fraudulent Transfer

1.13k views • 52 slides
The Current Law Relating to Fraudulent Claims and the Future: A Paler Shade of Grey? by Jeff

The Current Law Relating to Fraudulent Claims and the Future: A Paler Shade of Grey? by Jeff

The Current Law Relating to Fraudulent Claims and the Future: A Paler Shade of Grey? by Jeff Heasman CELTA, LL.B (Hons), LL.M @jhtrainingandconsulting @JHTCTweet Learning outcomes Identify the key elements of the fraudulent claims rule

468 views • 11 slides
Fraudulent Claims & Recoveries 14 November 2018 Risk & Insurance Alan Davies Claire

Fraudulent Claims & Recoveries 14 November 2018 Risk & Insurance Alan Davies Claire

Claims Case Studies: Product Liability, Fraudulent Claims & Recoveries 14 November 2018 Risk & Insurance Alan Davies Claire Collings Partner Senior Associate Reading Southampton Where do I live?! a case study on a fraudulent

838 views • 39 slides
Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using Graphs Graph classification Direct Product Kernel Predictive Toxicology example dataset Vertex classification Laplacian Kernel

608 views • 33 slides
Classification of Symmetry Classification of Symmetry Classification of Symmetry Classification

Classification of Symmetry Classification of Symmetry Classification of Symmetry Classification

Classification of Symmetry Classification of Symmetry Classification of Symmetry Classification of Symmetry Protected Topological Phases Protected Topological Phases Protected Topological Phases Protected Topological Phases in Interacting

494 views • 32 slides
(a) Quantitative classification (b) Qualitative classification (c) Area classification (d) Simple

(a) Quantitative classification (b) Qualitative classification (c) Area classification (d) Simple

MCQS OF PRESENTATION OF DATA MCQ No 2.1: When data are classified according to a single characteristic, it is called: (a) Quantitative classification (b) Qualitative classification (c) Area classification (d) Simple classification MCQ No 2.2:

536 views • 9 slides
Classification Image Classification Set of predefined categories [eg: table, apple, dog, giraffe]

Classification Image Classification Set of predefined categories [eg: table, apple, dog, giraffe]

Day 1 Lecture 2 Classification Image Classification Set of predefined categories [eg: table, apple, dog, giraffe] Binary classification [1, 0] DOG 2 Image Classification 3 Image Classification pipeline Dog 4 Slide credit: Jose M lvarez

341 views • 23 slides
Classification 1 Classification: Basic Concepts and Methods Classification: Basic Concepts

Classification 1 Classification: Basic Concepts and Methods Classification: Basic Concepts

Classification 1 Classification: Basic Concepts and Methods Classification: Basic Concepts Decision Tree Bayes Classification Methods Model Evaluation and Selection Ensemble Methods 2 Motivating Example Fruit

856 views • 66 slides
Library of Congress Classification: Module 1.3 1 Library of Congress Classification: Module 1.3

Library of Congress Classification: Module 1.3 1 Library of Congress Classification: Module 1.3

Library of Congress Classification: Module 1.3 1 Library of Congress Classification: Module 1.3 Before we begin our in-depth exploration of LC classification, we want to take a few minutes to introduce you to Classification Web. Classification

612 views • 35 slides
Classification K-nearest neighbor classification D istance functions Choice of k Choice of k

Classification K-nearest neighbor classification D istance functions Choice of k Choice of k

Classification K-nearest neighbor classification D istance functions Choice of k Choice of k Leave-one-out cross validation K-fold cross validation Classification Error = Average classification error on K folds Linear Classification Linear

400 views • 22 slides
Spirits Discovery Journey Pamela Lawson April 2017 Background and Objectives IN SHORT:

Spirits Discovery Journey Pamela Lawson April 2017 Background and Objectives IN SHORT:

Spirits Discovery Journey Pamela Lawson April 2017 Background and Objectives IN SHORT: Thorough understanding of Spirits shoppers throughout their shopping journey. LCBO is eager to discover opportunities in influencing the shoppers

574 views • 33 slides
WOODEN TILES PRESENTATION Porcelanosa Pricing Sizes available : Maximum Retail Price

WOODEN TILES PRESENTATION Porcelanosa Pricing Sizes available : Maximum Retail Price

WOODEN TILES PRESENTATION Porcelanosa Pricing Sizes available : Maximum Retail Price 22 X 90 X 1.1 : Rs 763/ sft 14.3 X 90 X 1.1 : Rs 763/ sft 19.3 x 120 x1.1 : Rs 780/ sft 29.4 x 120 x1.1 : Rs 780/ sft 19.3 x

588 views • 39 slides
the exhalations of an ancient ent traditi dition, rediscovering the taste of auth thenticity

the exhalations of an ancient ent traditi dition, rediscovering the taste of auth thenticity

The story of rum is intimately linked to the history of Mauritius. And when you savour rum, you are delving into the very heart of the islands destiny, carried away on the exhalations of an ancient ent traditi dition, rediscovering the taste

286 views • 13 slides
W aste PPPs/ PFI s 1 London, 3 December 2008 www.pennon-group.co.uk Pennon Group Plc (

W aste PPPs/ PFI s 1 London, 3 December 2008 www.pennon-group.co.uk Pennon Group Plc (

W aste PPPs/ PFI s 1 London, 3 December 2008 www.pennon-group.co.uk Pennon Group Plc ( Pennon Group) Disclaim ers For the purposes of the following disclaimers, references to this "document" shall mean this presentation pack

591 views • 40 slides
2- Markets diagnostic 3- Brand DNA 4- Packaging by differenciation 5- The Promise 6- A brand

2- Markets diagnostic 3- Brand DNA 4- Packaging by differenciation 5- The Promise 6- A brand

1- Grandissime 2- Markets diagnostic 3- Brand DNA 4- Packaging by differenciation 5- The Promise 6- A brand definitely Digital 1 - GRANDISSIME GRANDISSIME is a new style of Negociant , designer of quality wines, from the

309 views • 10 slides
COMBINED SHAREHOLDERS MEETING JUNE 30, 2020 CONTENTS INTRODUCTION Page 3 CONSOLIDATED

COMBINED SHAREHOLDERS MEETING JUNE 30, 2020 CONTENTS INTRODUCTION Page 3 CONSOLIDATED

COMBINED SHAREHOLDERS MEETING JUNE 30, 2020 CONTENTS INTRODUCTION Page 3 CONSOLIDATED FINANCIAL STATEMENTS AS OF DECEMBER 31, 2019 Page 4 THE GROUP FACING COVID-19 Page 11 Q1 2020 REVENUE Page 12 DIVIDEND PROPOSAL IN RESPECT OF

424 views • 26 slides
Youth employment, SDGs and the way forward Bangkok, 16 June 2016 Matthieu Cognac Youth

Youth employment, SDGs and the way forward Bangkok, 16 June 2016 Matthieu Cognac Youth

Youth employment, SDGs and the way forward Bangkok, 16 June 2016 Matthieu Cognac Youth Employment Specialist Decent Work Technical Support Team for East and South-East Asia and the Pacific ILO-Bangkok The youth unemployment crisis Source:

691 views • 39 slides
WELCOME TO THE WORLD OF VITICULTURE AND WINE! HAMEAU DUBOUF IN FIGURES THE WINERY THE WINE

WELCOME TO THE WORLD OF VITICULTURE AND WINE! HAMEAU DUBOUF IN FIGURES THE WINERY THE WINE

wine and viticulture different sites, which grew from The Hameau Dubuf opened its doors in 1993. This wine theme park revealed its origins and the secrets of its vineyards and wine-making techniques. The Hameau Dubuf offers: 10,000m2 in

651 views • 54 slides

More recommend

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.