Table of Contents
Fetching ...

Deja Vu in Plots: Leveraging Cross-Session Evidence with Retrieval-Augmented LLMs for Live Streaming Risk Assessment

Yiran Qiao, Xiang Ao, Jing Chen, Yang Liu, Qiwei Zhong, Qing He

TL;DR

This work proposes CS-VAR, a lightweight, domain-specific model that performs fast session-level risk inference, guided during training by a Large Language Model that reasons over retrieved cross-session behavioral evidence and transfers its local-to-global insights to the small model.

Abstract

The rise of live streaming has transformed online interaction, enabling massive real-time engagement but also exposing platforms to complex risks such as scams and coordinated malicious behaviors. Detecting these risks is challenging because harmful actions often accumulate gradually and recur across seemingly unrelated streams. To address this, we propose CS-VAR (Cross-Session Evidence-Aware Retrieval-Augmented Detector) for live streaming risk assessment. In CS-VAR, a lightweight, domain-specific model performs fast session-level risk inference, guided during training by a Large Language Model (LLM) that reasons over retrieved cross-session behavioral evidence and transfers its local-to-global insights to the small model. This design enables the small model to recognize recurring patterns across streams, perform structured risk assessment, and maintain efficiency for real-time deployment. Extensive offline experiments on large-scale industrial datasets, combined with online validation, demonstrate the state-of-the-art performance of CS-VAR. Furthermore, CS-VAR provides interpretable, localized signals that effectively empower real-world moderation for live streaming.

Deja Vu in Plots: Leveraging Cross-Session Evidence with Retrieval-Augmented LLMs for Live Streaming Risk Assessment

TL;DR

This work proposes CS-VAR, a lightweight, domain-specific model that performs fast session-level risk inference, guided during training by a Large Language Model that reasons over retrieved cross-session behavioral evidence and transfers its local-to-global insights to the small model.

Abstract

The rise of live streaming has transformed online interaction, enabling massive real-time engagement but also exposing platforms to complex risks such as scams and coordinated malicious behaviors. Detecting these risks is challenging because harmful actions often accumulate gradually and recur across seemingly unrelated streams. To address this, we propose CS-VAR (Cross-Session Evidence-Aware Retrieval-Augmented Detector) for live streaming risk assessment. In CS-VAR, a lightweight, domain-specific model performs fast session-level risk inference, guided during training by a Large Language Model (LLM) that reasons over retrieved cross-session behavioral evidence and transfers its local-to-global insights to the small model. This design enables the small model to recognize recurring patterns across streams, perform structured risk assessment, and maintain efficiency for real-time deployment. Extensive offline experiments on large-scale industrial datasets, combined with online validation, demonstrate the state-of-the-art performance of CS-VAR. Furthermore, CS-VAR provides interpretable, localized signals that effectively empower real-world moderation for live streaming.
Paper Structure (24 sections, 16 equations, 4 figures, 5 tables)

This paper contains 24 sections, 16 equations, 4 figures, 5 tables.

Figures (4)

  • Figure 1: A toy example illustrating behavioral patch chains in two distinct scam scenarios (part-time job scam vs. cheap phone scam) involving hosts, representative shills, and victims-to-be. Despite the different surface contexts, both follow a nearly identical progression of patches, from promotion to rushing audience.
  • Figure 2: CS-VAR addresses live streaming risk detection by coupling lightweight PatchNet with retrieval-augmented LLM reasoning. (a) PatchNet highlights high-attention patches and (b) builds an index enriched with LLM-generated session-aware summaries. (c) Cross-session retrieval provides external reference signals, enabling the LLM to infer risks from patch to session level. (d) Distillation injects this reasoning chain into PatchNet, aligning patch evidence with overall session risk. (e) At deployment, PatchNet alone supports real-time, interpretable monitoring of live streams.
  • Figure 3: A case of a kitten adoption scam detected by CS-VAR. Left: User–timeslot patch grid heatmap showing risk scores across the session. Scores from CS-VAR's patch head as in Eq. \ref{['eq:patch loss']}. Right: The host promotes low-cost adoption and fan-group/assistant contact. Two viewers coordinate: one expresses interest then sends small gifts, another posts a testimonial claiming successful adoption.
  • Figure 4: t-SNE visualization of session representations learned by CS-VAR. We highlight two representative clusters: collusive fraud schemes (e.g., fake prize draws, low-cost jewelry/seafood sales, and deceptive part-time jobs) and illicit gambling promotion (e.g., blind-box betting, sports betting, and stone gambling).

Theorems & Definitions (5)

  • definition 1
  • definition 2
  • definition 3
  • definition 4
  • definition 5