By Elton Alisson  |  Agência FAPESP – E-commerce companies whose online retail stores use customer recommendations to promote products and services are subject to fraudulent action by fake users. Through coordinated planning, these scammers can, for example, give a product a negative rating with the aim of dissuading new customers from buying it.

A group of researchers at the University of São Paulo’s Mathematics & Computer Science Institute (ICMC-USP) in São Carlos, Brazil, have developed software that promises more efficient detection of this type of action in online recommendation systems, technically known as fraudulent defamation.

The system is called ORFEL, short for Online Recommendation Fraud ExcLuder. It was developed during the master’s research of Gabriel Perri Gimenes and two FAPESP-supported research projects: “Similarity-aware relational division database operator” and “Analytic processing of large graphs”.

The results of the new method’s application are described in an article published in the journal Information Sciences.

“The algorithm detected more than 95% of potential attacks on online recommendation systems and did so more efficiently than one of the algorithms most widely used for this purpose,” Gimenes told Agência FAPESP.

Gimenes is currently doing PhD research with a scholarship from FAPESP. He said that the new method is designed to identify lockstep behavior in the recommendation systems used by online stores such as Google Play and Amazon.

These companies endeavor to grow their customer bases by using a recommendation system in which users post reviews of products or services they have bought and rate them, usually in a range of one to five stars. 

These recommendation systems are vulnerable to lockstep behavior, coordinated actions by groups of users with fake profiles who simultaneously give the same poor rating to a set of products with the aim of lowering their reputation.

“Suppose five users of an online app store give a low rating to an app at 10 p.m. on a certain day, and the same people post negative reviews of a different app one day later. These are indications of lockstep behavior,” Gimenes said.

The difficulty of identifying such attacks by multiple fake users interacting with several products at random times is that legitimate users rate millions of products per second and can mask the activities of fraudsters.

However, the attacks have a weakness, which is that they typically take the form of bursts and all happen at the same time.

To identify these behavior patterns, the algorithm developed by Gimenes in partnership with Robson Leonardo Ferreira Cordeiro and José Fernando Rodrigues Júnior, both professors at ICMC-USP, keeps track of user ratings in an online recommendation system to assess whether they are all posted at the same time and award identical scores.

If so, the software flags the behavior as suspicious so that it can be properly evaluated and potentially identified as fraudulent. 

If the suspicion is confirmed, the online store can ban the users who posted the fraudulent ratings and remove all of their interactions from its database.

“The idea is that an e-commerce company would look at the list of suspect users detected by the system and analyze the cases manually or using an automated tool to determine whether they constitute lockstep behavior, which is much more unusual and easier to detect than an individual attack on a product’s reputation,” Gimenes said.

Single computer

The new algorithm’s efficiency in detecting potential lockstep attacks was evaluated using synthetic data for user-product interactions in a hypothetical online recommendation system.

The researchers created artificial attacks on the system and ran ORFEL on a single computer to measure its detection capacity in comparison with an algorithm called CopyCatch.

Considered state of the art, CopyCatch was developed by US researchers and uses an approach similar to ORFEL’s to detect user collusion in interacting with Facebook, such as fraudulent “likes”. However, CopyCatch runs on computer clusters rather than a single computer.

The researchers’ performance analysis showed that even running on a single computer, ORFEL detected more than 95% of the simulated attacks and took about as long as CopyCatch took to execute the same task using 1,000 computers.

“We demonstrated that a combination of computational techniques, such as disk-based parallel processing and vertex-centric processing, can be an alternative to computer clusters to solve problems such as detecting fraudulent defamation,” Gimenes said.

According to the researchers, the algorithm can be used in other applications, such as characterizing illegitimate promotion of Facebook posts and pages or identifying cross-citations between scientific journals.

The article “ORFEL: Efficient detection of defamation or illegitimate promotion in online recommendation” (doi: 10.1016/j.ins.2016.09.006) by Gimenes et al. can be read by subscribers to Information Sciences at sciencedirect.com/science/article/pii/S0020025516307320.