Novel metrics and LSH algorithms for unsupervised, real-time anomaly detection in multi-aspect data streams

Given a vast online stream of transactions in e-markets, how can we detect fraudulent traders and suspicious behaviors in an unsupervised manner? Can we detect them in constant time and memory? Fraud detection in e-markets is increasingly challenging due to the scale and complexity of multi-aspect d...

Full description

Saved in:
Bibliographic Details
Published in:Engineering science and technology, an international journal Vol. 69; p. 102119
Main Authors: Khodabandehlou, Samira, Hashemi Golpayegani, Alireza
Format: Journal Article
Language:English
Published: Elsevier B.V 01.09.2025
Elsevier
Subjects:
Locality-sensitive hashing
Market manipulation detection
Multi-aspect data
Real-time anomaly detection
Stream mining
Unsupervised learning
Real-time anomaly detection
Stream mining
Market manipulation detection
Multi-aspect data
Locality-sensitive hashing
Unsupervised learning
ISSN:2215-0986, 2215-0986
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Given a vast online stream of transactions in e-markets, how can we detect fraudulent traders and suspicious behaviors in an unsupervised manner? Can we detect them in constant time and memory? Fraud detection in e-markets is increasingly challenging due to the scale and complexity of multi-aspect data streams. This study introduces SATrade, an unsupervised and scalable approach for real-time anomaly detection in big multi-aspect data streams. This approach proposes two novel Locality-Sensitive Hashing (LSH) functions: Gaussian projections to preserve numerical distances and collision-resistant linear hashing to prevent the increase in dimensionality of the categorical data. The main contributions include the Collusiveness metric, which detects group anomalies through statistical divergence analysis, and the RR-ISF, which prioritizes rare burst patterns. An exponential decay mechanism (λ) ensures adaptability to evolving fraud tactics without retraining, while PCA handles feature correlation. In extensive experiments on five real datasets, using both synthetic and real labels, SATrade achieved 99 % AUC, 93 % F-measure, and 0.2 ms/record latency, which is a significant improvement over the six baseline methods. The framework’s interpretability allows tracing anomalies to fraudulent behaviors like sudden order spikes. The constant memory consumption of 0.25 MB per record and linear scalability make SATrade suitable for high-frequency environments and online platforms.
ISSN:2215-0986
2215-0986
DOI:10.1016/j.jestch.2025.102119