Malicious bots pose a growing threat to e-commerce platforms by scraping data, hoarding inventory, and perpetrating fraud. Traditional bot mitigation techniques, including IP blacklists and CAPTCHA-based challenges, are increasingly ineffective or intrusive, as modern bots leverage proxies, botnets, and AI-assisted evasion strategies. This work proposes a non-intrusive graph-based bot detection framework for e-commerce that models user session behavior through a graph representation and applies an inductive graph neural network for classification. The approach captures both relational structure and behavioral semantics, enabling accurate identification of subtle automated activity that evades feature-based methods. Experiments on real-world e-commerce traffic demonstrate that the proposed inductive graph model outperforms a strong session-level multilayer perceptron baseline in terms of AUC and F1 score. Additional adversarial perturbation and cold-start simulations show that the model remains robust under moderate graph modifications and generalizes effectively to previously unseen sessions and URLs. The proposed framework is deployment-friendly, integrates with existing systems without client-side instrumentation, and supports real-time inference and incremental updates, making it suitable for practical e-commerce security deployments.
翻译:恶意机器人通过数据爬取、库存囤积和欺诈行为对电商平台构成日益严重的威胁。传统机器人防御技术(包括IP黑名单和基于验证码的挑战)因现代机器人利用代理服务器、僵尸网络和人工智能辅助规避策略而逐渐失效或变得具有侵入性。本研究提出一种用于电商的非侵入式图结构机器人检测框架,该框架通过图表示对用户会话行为进行建模,并应用归纳式图神经网络进行分类。该方法同时捕捉关系结构和行为语义,能够准确识别规避基于特征方法的细微自动化活动。在真实电商流量上的实验表明,所提出的归纳图模型在AUC和F1分数方面优于强大的会话级多层感知机基线。额外的对抗性扰动和冷启动模拟显示,该模型在适度图修改下保持稳健,并能有效泛化到先前未见过的会话和URL。所提出的框架易于部署,无需客户端插装即可与现有系统集成,支持实时推理和增量更新,适用于实际的电商安全部署。