利用深度學習建構使用者行為異常偵測模型--以電子商務為例

Abstract

當代電子商務蓬勃發展，尤其後疫情時代人們對於線上購物的需求有增無減；而在網購資訊流量大增的同時，包含了惡意攻擊、爬蟲比價和詐騙之資安威脅也日趨嚴重。特別是那些利用購物網內部的新型態商業邏輯與行銷活動的機制漏洞所造成的損害，其威脅正與日俱增，究其所以乃因為傳統的網路安全機制多是針對來自外部的攻擊而設計的防禦邊界，而較少涵蓋到已取得登入認證後的消費者由內部發起的不當行為所致。有鑒於此，本研究提出一種基於多重深度學習與可重構的時間序列模型框架，稱為EBBA（Event-Based Behavior Analysis），用於偵知網站內已經取得登入認證後的消費者的不當行為所引起的異常狀況。與傳統由人工設計的固有異常偵測模型相比，經由真實使用者行為日誌所訓練出的深度學習模型，能更好地適應現代電商日新月異的消費行為情境，並可作為整體安全架構的一個組成部分。本研究以Python構建一在Linux上的EBBA原型系統，具備可切換RNN（循環神經網路）和LSTM（長短期記憶）等各種深度學習模型，並透過2021年於臺灣名列前茅之電子商務服務站真實的使用者存取日誌進行半監管式訓練。初步實驗結果顯示，初步實驗結果表明，RNN和LSTM模型的預測正確率分別可達86.4%和92.2%，而錯放率則不高於0.0385%。

Attribute to the rapid development in electronic commerce (e-commerce) during the post-pandemic era, the threat of online misbehaviors including frauds, hoaxes, and scams by authenticated members of the e-commerce sites becomes much more serious, especially because conventional network security mechanisms are typically designed against attacks from outside the defense perimeters instead of the internal exploitations of system and regulation loopholes. To address such an increasing threat, this research proposed a reconfigurable framework with multiple deep-learning (DL) based time-series recognition models called EBBA (standing for Event-Based Behavior Analysis) to detect and examine the anomaly caused by the misbehaviors from authorized users who already obtained access rights of the e-commerce system. Compared with the traditional human-devised models, deep-learning models trained by real-world site access logs are better adaptive to the evolving contexts of modern e-commerce. As an integral part of the total security architecture, a prototype EBBA system on Linux with two switchable DL models, RNN (Recurrent Neural Networks) and LSTM (Long/Short Term Memory), was constructed in Python and trained in a semi-supervised manner, by real-world access logs from a tier-one Taiwan-based e-commerce site in 2021. Preliminary experimental results show that RNN and LSTM models achieved as high as 86.4% and 92.3% correctness ratios, and as low as zero and 0.0385% mis-granting ratios in prediction of online misbehavior occurrences, respectively.