Malicious bots pose a growing threat to e-commerce platforms by scraping data, hoarding inventory, and perpetrating fraud. Traditional bot mitigation techniques, including IP blacklists and CAPTCHA-based challenges, are increasingly ineffective or intrusive, as modern bots leverage proxies, botnets, and AI-assisted evasion strategies. This work proposes a non-intrusive graph-based bot detection framework for e-commerce that models user session behavior through a graph representation and applies an inductive graph neural network for classification. The approach captures both relational structure and behavioral semantics, enabling accurate identification of subtle automated activity that evades feature-based methods. Experiments on real-world e-commerce traffic demonstrate that the proposed inductive graph model outperforms a strong session-level multilayer perceptron baseline in terms of AUC and F1 score. Additional adversarial perturbation and cold-start simulations show that the model remains robust under moderate graph modifications and generalizes effectively to previously unseen sessions and URLs. The proposed framework is deployment-friendly, integrates with existing systems without client-side instrumentation, and supports real-time inference and incremental updates, making it suitable for practical e-commerce security deployments.

翻译：恶意僵尸程序通过数据爬取、库存囤积及欺诈行为，对电子商务平台构成日益严重的威胁。传统的僵尸程序防御技术（包括IP黑名单和基于CAPTCHA的验证）因现代僵尸程序利用代理服务器、僵尸网络及人工智能辅助的规避策略而逐渐失效或显得侵入性过强。本研究提出一种面向电子商务的非侵入式图结构僵尸程序检测框架，该框架通过图表示对用户会话行为进行建模，并应用归纳式图神经网络进行分类。该方法同时捕捉关系结构与行为语义，能够准确识别规避基于特征检测方法的隐蔽自动化活动。在真实电商流量数据上的实验表明，所提出的归纳式图模型在AUC和F1分数指标上均优于强基准的会话级多层感知机模型。额外的对抗性扰动与冷启动模拟实验证明，该模型在适度图结构修改下仍保持鲁棒性，并能有效泛化至先前未见的会话与URL。所提框架具备部署友好性，无需客户端插装即可与现有系统集成，支持实时推理与增量更新，适用于实际的电子商务安全部署场景。