Deep learning models have recently become popular for detecting malicious user activity sessions in computing platforms. In many real-world scenarios, only a few labeled malicious and a large amount of normal sessions are available. These few labeled malicious sessions usually do not cover the entire diversity of all possible malicious sessions. In many scenarios, possible malicious sessions can be highly diverse. As a consequence, learned session representations of deep learning models can become ineffective in achieving a good generalization performance for unseen malicious sessions. To tackle this open-set fraud detection challenge, we propose a robust supervised contrastive learning based framework called ConRo, which specifically operates in the scenario where only a few malicious sessions having limited diversity is available. ConRo applies an effective data augmentation strategy to generate diverse potential malicious sessions. By employing these generated and available training set sessions, ConRo derives separable representations w.r.t open-set fraud detection task by leveraging supervised contrastive learning. We empirically evaluate our ConRo framework and other state-of-the-art baselines on benchmark datasets. Our ConRo framework demonstrates noticeable performance improvement over state-of-the-art baselines.

翻译：深度学习模型近年来在计算平台中检测恶意用户行为会话方面逐渐普及。实际场景中往往仅能获取少量标注为恶意的会话与大量正常会话，这些标注为恶意的会话通常无法覆盖所有可能恶意会话的全部多样性。在许多场景中，潜在恶意会话可能具有高度多样性，导致深度学习模型习得的会话表征难以对未见过的恶意会话实现良好的泛化性能。针对这一开放集欺诈检测挑战，我们提出一种名为ConRo的鲁棒监督对比学习框架，专门适用于仅有少量且多样性有限的恶意会话可用的场景。ConRo采用有效的数据增强策略生成多样化的潜在恶意会话，通过利用这些生成的会话与现有训练集会话，结合监督对比学习推导出针对开放集欺诈检测任务的可分离表征。我们在基准数据集上对ConRo框架及其他前沿基线方法进行了实证评估，结果表明ConRo框架相较现有最优基线方法具有显著的性能提升。