Table of Contents
Fetching ...

Non-Intrusive Graph-Based Bot Detection for E-Commerce Using Inductive Graph Neural Networks

Sichen Zhao, Zhiming Xue, Yalun Qi, Xianling Zeng, Zihan Yu

TL;DR

This paper tackles non-intrusive bot detection for e-commerce by modeling user sessions and page interactions as a bipartite graph and applying an inductive GraphSAGE network to classify sessions as bots. It demonstrates that leveraging graph structure and page semantics yields superior detection over feature-only baselines, with strong robustness to adversarial perturbations and effective cold-start generalization. The approach is deployment-friendly, enabling real-time scoring and incremental updates without client-side instrumentation. Collectively, the work advances practical, scalable, and explainable bot detection in online retail, offering substantial security benefits while preserving user experience.

Abstract

Malicious bots pose a growing threat to e-commerce platforms by scraping data, hoarding inventory, and perpetrating fraud. Traditional bot mitigation techniques, including IP blacklists and CAPTCHA-based challenges, are increasingly ineffective or intrusive, as modern bots leverage proxies, botnets, and AI-assisted evasion strategies. This work proposes a non-intrusive graph-based bot detection framework for e-commerce that models user session behavior through a graph representation and applies an inductive graph neural network for classification. The approach captures both relational structure and behavioral semantics, enabling accurate identification of subtle automated activity that evades feature-based methods. Experiments on real-world e-commerce traffic demonstrate that the proposed inductive graph model outperforms a strong session-level multilayer perceptron baseline in terms of AUC and F1 score. Additional adversarial perturbation and cold-start simulations show that the model remains robust under moderate graph modifications and generalizes effectively to previously unseen sessions and URLs. The proposed framework is deployment-friendly, integrates with existing systems without client-side instrumentation, and supports real-time inference and incremental updates, making it suitable for practical e-commerce security deployments.

Non-Intrusive Graph-Based Bot Detection for E-Commerce Using Inductive Graph Neural Networks

TL;DR

This paper tackles non-intrusive bot detection for e-commerce by modeling user sessions and page interactions as a bipartite graph and applying an inductive GraphSAGE network to classify sessions as bots. It demonstrates that leveraging graph structure and page semantics yields superior detection over feature-only baselines, with strong robustness to adversarial perturbations and effective cold-start generalization. The approach is deployment-friendly, enabling real-time scoring and incremental updates without client-side instrumentation. Collectively, the work advances practical, scalable, and explainable bot detection in online retail, offering substantial security benefits while preserving user experience.

Abstract

Malicious bots pose a growing threat to e-commerce platforms by scraping data, hoarding inventory, and perpetrating fraud. Traditional bot mitigation techniques, including IP blacklists and CAPTCHA-based challenges, are increasingly ineffective or intrusive, as modern bots leverage proxies, botnets, and AI-assisted evasion strategies. This work proposes a non-intrusive graph-based bot detection framework for e-commerce that models user session behavior through a graph representation and applies an inductive graph neural network for classification. The approach captures both relational structure and behavioral semantics, enabling accurate identification of subtle automated activity that evades feature-based methods. Experiments on real-world e-commerce traffic demonstrate that the proposed inductive graph model outperforms a strong session-level multilayer perceptron baseline in terms of AUC and F1 score. Additional adversarial perturbation and cold-start simulations show that the model remains robust under moderate graph modifications and generalizes effectively to previously unseen sessions and URLs. The proposed framework is deployment-friendly, integrates with existing systems without client-side instrumentation, and supports real-time inference and incremental updates, making it suitable for practical e-commerce security deployments.
Paper Structure (23 sections, 2 equations, 6 figures, 2 tables)

This paper contains 23 sections, 2 equations, 6 figures, 2 tables.

Figures (6)

  • Figure 1: Overall Architecture. The proposed framework transforms raw logs into behavioral features, constructs a filtered bipartite interaction graph, and utilizes an inductive GraphSAGE model for real-time bot detection.
  • Figure 2: Illustration of the bipartite session--URL interaction graph used in this work. Nodes represent sessions and accessed URLs, and edges indicate page visits.
  • Figure 3: Graph refinement process. (a) Raw graphs are dominated by static resource hubs (e.g., CSS). (b) Filtering yields meaningful clusters.
  • Figure 4: Distribution of representative session-level behavioral features for human and bot sessions. Although individual features exhibit partial overlap, the distributions reveal systematic differences, motivating the use of relational graph modeling.
  • Figure 5: Fold-level AUC comparison across five cross-validation splits. Graph refinement substantially reduces performance variance compared to the raw graph, leading to more stable and reliable detection performance.
  • ...and 1 more figures