Next Article in Journal
Comparing Extraction Techniques and Varieties in Grape Stems: A Chemical Assessment of Antioxidant Phenolics
Next Article in Special Issue
CCNETS: A Modular Causal Learning Framework for Pattern Recognition in Imbalanced Datasets
Previous Article in Journal
Deep Learning for Building Attribute Classification from Street-View Images for Seismic Exposure Modeling
Previous Article in Special Issue
A Lightweight Training Approach for MITM Detection in IoT Networks: Time-Window Selection and Generalization
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

BI-GBDT: A Graph-Free Behavioral Interaction-Aware Gradient Boosting Framework for Fraud Detection in Large-Scale Payment Systems

by
Mustafa Berk Keles
* and
Mehmet Gokturk
Department of Computer Engineering, Gebze Technical University, Kocaeli 41400, Turkey
*
Author to whom correspondence should be addressed.
Appl. Sci. 2026, 16(2), 876; https://doi.org/10.3390/app16020876
Submission received: 20 December 2025 / Revised: 7 January 2026 / Accepted: 13 January 2026 / Published: 14 January 2026
(This article belongs to the Special Issue Machine Learning and Its Application for Anomaly Detection)

Abstract

Detecting fraudulent and anomalous transactions in large-scale digital payment systems is significantly challenging due to severe class imbalance and the fact that transactional risk is tightly coupled to the historical interactions and behaviors of transacting parties. In this study, a scalable Behavioral Interaction-Aware Gradient Boosting (BI-GBDT) framework is proposed for anomaly detection in tabular transaction data to overcome these challenges. The methodology models sending and receiving behaviors separately through direction-specific clustering based on transaction frequency and amount. Each transaction is characterized by cluster-pair prevalence ratios, which capture the population-level prevalence of sender–receiver interaction patterns. To handle extreme class imbalance, all transactions are clustered, and a cluster-level risk score is computed as the ratio of anomalous transactions to the total number of transactions within each cluster. This score is incorporated as a feature, serving as a behavioral risk prior highlighting concentrated anomaly. These interaction-aware features are integrated into a GBDT in a big data environment. Experiments were conducted on a large masked real-world payment dataset spanning six months and containing more than 456 million transactions, with the prediction task defined as binary classification between fraudulent and non-fraudulent transactions. Unlike standard GBDT models trained only on transactional attributes and graph-based approaches, BI-GBDT captures sender–receiver interaction patterns in a graph-free manner and outperforms a baseline GBDT, reducing the false positive rate from 37.0% to 4.3%, increasing recall from 52.3% to 72.0%, and improving accuracy from 63.0% to 95.7%.

1. Introduction

Anomaly detection has become a critical requirement in modern digital payment infrastructures, especially in domains where rare anomaly events can cause disproportionate damage, such as cybersecurity, finance, industrial monitoring, and healthcare [1,2,3]. In large-scale payment systems, financial institutions process millions of money transfers per day, while fraudulent or anomalous transactions remain extremely rare and continuously evolving [4,5]. This combination of massive transaction volume, severe class imbalance, and strict latency requirements makes real-time fraud detection a challenging anomaly detection problem. Missed fraudulent events may lead to direct financial losses. Excessive false positives can overload analysts and disrupt legitimate transactions. In large-scale payment systems, even small increases in the false positive rate may result in high operational costs [5].
Traditional transaction screening has relied on manually crafted rule sets and scorecards [6], which are interpretable but struggle to adapt to new fraud patterns. Supervised machine learning methods such as logistic regression, random forests, and gradient boosting decision trees (GBDT) have therefore been widely adopted for fraud detection on tabular transaction data [7,8,9]. These models can handle heterogeneous features and support high-throughput deployment. However, they often rely on aggregate account statistics or simple transactional variables in real-world fraud detection settings [6,7,8,9]. This limits their ability to capture sender–receiver interaction structure and may lead to overfitting the majority class, causing rare or emerging fraud behaviors to be missed.
To better exploit relational information, recent work has explored graph-based representations of financial transaction networks and graph neural networks or random-walk-based embeddings for fraud detection [10,11,12,13]. While graph-based methods can effectively propagate risk signals across neighborhoods, their applicability to high-volume, real-time systems is constrained. In real-world financial institutions maintaining a large and continuously evolving transaction graph in production is often operationally challenging because it requires substantial computational resources and complex infrastructure for graph construction, storage, and real-time processing [14]. Furthermore, integrating such graph-based pipelines into existing Spark-based batch and streaming architectures commonly used in large-scale payment systems can introduce additional latency and system complexity. Financial institutions therefore need methods that remain compatible with tabular, feature-based infrastructures while still being sensitive to interaction patterns.
These challenges are addressed in this work by proposing a scalable, graph-free Behavioral Interaction-Aware Gradient Boosting (BI-GBDT) framework for anomaly detection in large-scale payment systems. Accounts are profiled with direction-specific behavioral clustering for send and receive channels along frequency and amount axes. For each transaction, cluster-pair prevalence ratios that quantify how typical the sender–receiver behavioral pairing is in the population are derived. Standard-score (z-score) deviations of the transaction amount relative to both parties’ historical distributions are computed. Furthermore, a robust mechanism is introduced to address the severe class imbalance. All transactions are clustered with gaussian mixture model (GMM). Then, a cluster-level risk measure is derived by computing the rate of labeled fraud transactions relative to the total number of transactions within each cluster. This risk score is then used as a supplementary feature, effectively establishing a behavioral risk prior that signals areas of heightened anomaly concentration. Finally, these newly generated behavioral metrics, interaction prevalence indicators, and localized anomaly signals are combined with traditional transactional attributes. This comprehensive feature set is then incorporated into a class-weighted Gradient Boosting Decision Tree (GBDT) model, optimized for a big data environment via a distributed PySpark and Spark MLlib deployment. The main contributions of this paper are as follows:
  • Graph-Free Interaction Features: A novel feature engineering approach that captures sender-receiver relationships using direction-specific clustering, eliminating the need for an explicit graph.
  • Scalable BI-GBDT with Imbalance Handling: The proposed BI-GBDT framework integrates new behavioral metrics and a cluster-level risk prior to robustly address severe class imbalance within a scalable, Spark-compatible GBDT model.
  • Proven Superiority on Real Data: Empirical evaluation on large-scale real-world masked dataset demonstrates significant improvements in recall and false positive rate reduction compared to baseline models.
The remainder of this paper is organized as follows. Section 2 reviews related work on anomaly detection and fraud detection in financial transaction systems. Section 3 presents the proposed BI-GBDT framework. Section 4 describes the experimental setup and reports the results. Section 5 discusses practical considerations and limitations, and Section 6 concludes the paper.

2. Related Work

Fraud and anomaly detection in financial transaction systems has been widely studied with a variety of rule-based, machine learning, and graph-based methods. Early work focused on static expert rules and scorecards, while more recent approaches leverage supervised and unsupervised learning to cope with evolving attack patterns and large-scale data streams [1,2,3,4]. The main work in this area can be summarized into the following three aspects: (i) rule-based and classical machine learning approaches on tabular features, (ii) graph-based and interaction-aware anomaly detection methods, (iii) imbalanced learning techniques tailored to rare-event detection, and (iv) other methods.

2.1. Rule-Based and Classical Machine Learning Approaches

Traditional transaction monitoring in banks has long relied on manually crafted rules, threshold-based alerts, and heuristic scoring models [5,6]. These systems are interpretable and easy to align with regulatory requirements, but they require frequent manual tuning and are slow to adapt to new fraud strategies. To improve detection performance, many studies have applied supervised machine learning models such as logistic regression, random forests, and gradient boosting decision trees (GBDTs) to tabular transaction data [7,8,9,10]. Typical feature sets combine customer demographics, aggregate account statistics, and simple transactional variables such as amount, channel, and time of day [11]. Some works further incorporate hand-crafted risk scores or aggregated behavior profiles to enhance discrimination under class imbalance [12,13]. However, many operational detection pipelines model each transaction as an independent sample. This design choice limits the extent to which sender–receiver interaction structure is exploited and can reduce sensitivity to rare or emerging behaviors that appear primarily through unusual counterparty combinations [14].

2.2. Graph-Based and Interaction-Aware Anomaly Detection

To extract relational information effectively, some researchers have proposed graph-based representations of financial transaction networks, where accounts or cards are nodes and transfers are edges [15,16,17,18]. Graph neural networks, random-walk embeddings, and message-passing architectures have been used to propagate risk scores across neighborhoods and capture higher-order interaction patterns that are difficult to encode with simple tabular features [19,20,21]. These methods often achieve strong detection performance on benchmark datasets and internal transaction logs, especially for collusive or mule-account fraud. Nonetheless, maintaining a large, continually evolving transaction graph in production is operationally demanding. Graph construction, stateful neighborhood aggregation, and consistency management in streaming environments introduce additional latency and complexity, and many graph-based solutions are not directly compatible with existing Spark-based batch and streaming pipelines widely used in financial institutions [22]. Consequently, there is growing interest in interaction-aware methods that approximate relational signals while remaining deployable within standard feature-based machine learning infrastructures.

2.3. Imbalanced Learning

Severe class imbalance is a defining characteristic of fraud and anomaly detection problems, where the proportion of fraudulent or abnormal events can be orders of magnitude smaller than the legitimate class [23]. Naïve classifiers tend to favor the majority class, yielding high overall accuracy but poor recall on rare events. To address this, a range of imbalanced learning techniques has been explored, including class-weighted loss functions, cost-sensitive learning, and decision threshold calibration to optimize precision–recall trade-offs under operational constraints [24,25,26]. Resampling strategies such as random under sampling, random oversampling, and synthetic minority oversampling (SMOTE) have also been applied to rebalance training data and improve minority-class sensitivity [27]. Empirical studies have shown that SMOTE-based rebalancing can be effective in highly imbalanced real-world detection tasks, particularly when combined with complementary modeling or generative mechanisms [28]. More advanced methods combine clustering-based under sampling with ensemble models to reduce noise and overfitting in rare-event scenarios [29].

2.4. Other Methods

Some anomaly detection methods that treat fraud as a generic outlier detection task, such as one-class support vector machines, Isolation Forest, and autoencoder-based reconstruction models, have been proposed to reduce reliance on labeled fraud examples [30,31,32]. These approaches can be effective when labeled anomalies are scarce, but they often ignore domain-specific structure, such as directional account behavior and sender–receiver interactions, and may struggle to scale to hundreds of millions of transactions under strict latency requirements. Moreover, many imbalanced learning and anomaly detection studies evaluate on relatively small or static datasets, leaving open questions about their performance and robustness in production-scale, streaming financial systems.
In summary, rule-based and classical tabular machine learning approaches offer practicality but underutilize interaction structure, graph-based models exploit relational information at the cost of substantial operational overhead, and existing imbalanced learning methods only partially address the challenges of rare-event detection on a very large scale. The BI-GBDT framework proposed in this paper aims to bridge these gaps by encoding sender–receiver relationships through direction-specific behavioral clustering and cluster-pair prevalence ratios in a graph-free manner and by combining these interaction-aware features with class-weighted learning to enable scalable anomaly detection on large-scale payment data within a standard Spark environment.

3. The Proposed Framework

The BI-GBDT is a multi-stage fraud detection framework developed specifically for highly imbalanced and large-scale transaction data, designed to encode rich domain-specific knowledge and address computational challenges. Rather than relying on a straightforward combination of existing techniques, the BI-GBDT systematically introduces novel mechanisms at each stage to capture three critical dimensions: account-level behavioral patterns and interaction prevalence, local anomaly signals, and a robust behavioral risk prior for imbalance handling.
As illustrated in Figure 1, the framework is organized into four main sequential modules that transform raw transaction data into a comprehensive feature set for final classification:
  • Interaction-Aware Feature Engineering: Focuses on deriving direction-specific account profiles and sender-receiver interaction prevalence indicators.
  • Local Anomaly Signals (Z-Scores): Measures the standard-score deviation of transaction amounts against historical distributions of both transacting parties.
  • Behavioral Risk Prior: Utilizes GMM clustering to establish a cluster-level risk measure, effectively creating a powerful imbalance-aware feature.
  • Class-Weighted GBDT Classification: Integrates the comprehensive feature set into a scalable, distributed GBDT model for final anomaly detection.
The pipeline follows a strictly sequential structure, as shown in Figure 1. Account-level transaction statistics are first computed and used for direction-specific clustering. Sender–receiver interaction patterns are then encoded using cluster-pair prevalence ratios and propagated to transaction-level records. Transaction-level deviation features and the Behavioral Risk Prior are subsequently derived and integrated into the final GBDT model. Fraud labels are used only during training for risk prior estimation and model optimization.
The complete execution order of these stages and the separation between training and test data are summarized in Algorithm 1.
Algorithm 1: BI-GBDT Feature Generation and Training Pipeline
Input: Transaction records D, fraud labels y (available for training data only)
Output: Trained class-weighted GBDT model
1. Split dataset
     Partition D into training set D t r a i n and test set D t e s t .
2. Account-level feature extraction
     Compute direction-specific account statistics for sending and receiving roles.
3. Directional behavioral clustering
     Learn GMM clusters on D t r a i n for frequency and amount-based features.
4. Cluster assignment
     Assign learned cluster labels to accounts in D t r a i n and D t e s t .
5. Interaction prevalence encoding
     Compute sender–receiver cluster-pair prevalence ratios.
6. Local deviation reference estimation
     Estimate reference distributions using D t r a i n .
7. Deviation feature computation
     Compute transaction-level z-scores for D t r a i n and D t e s t .
8. Behavioral Risk Prior estimation
     Estimate risk prior using D t r a i n and labels y.
9. Supervised model training
     Train class-weighted GBDT using D t r a i n and labels y.
10. Inference
     Apply the trained model to D t e s t to generate anomaly scores.
The proposed BI-GBDT framework prevents both data leakage and label leakage. Deterministic features are computed directly from transaction records and do not involve any model fitting or label information. Components that require data-driven estimation, including direction-specific clustering, reference distributions for local deviation signals, and the Behavioral Risk Prior, are learned exclusively on the training data. The learned parameters are then applied to the remaining records without incorporating any information from the test set. Fraud labels are used only during training for risk prior estimation and GBDT optimization and are never accessed during feature generation or inference on the test data.
The following sections detail each of these modules and their specific contributions to the overall BI-GBDT framework.

3.1. Interaction-Aware Feature Engineering

The first module of the BI-GBDT framework is dedicated to modeling account-level behavioral patterns and sender–receiver interactions in a scalable and graph-free manner. The objective of this module is to transform raw historical transaction activity into structured behavioral representations that reflect direction-specific dynamics and interaction typicality within the payment system. To achieve this, behavioral patterns are first learned independently for sending and receiving roles through unsupervised clustering, and subsequently combined to encode interaction prevalence. This two-step formulation enables the framework to capture relational signals between accounts without explicitly constructing a transaction graph, while preserving directionality and population-level behavioral context.

Directional Behavioral Clustering

In the first stage of the proposed framework, we construct compact, direction-aware behavioral descriptors for each account using unsupervised clustering. In alignment with the architecture illustrated in Figure 1, historical behavioral statistics are extracted separately for sending and receiving roles along two dimensions: transaction frequency and transaction amount. This role-based separation captures asymmetric behavioral dynamics, as accounts may exhibit substantially different patterns when sending versus receiving funds. For example, an account may act as a high-frequency sender while remaining a low-activity receiver. Along the frequency axis, the following statistical features are computed for each account:
  • Total number of transactions;
  • Number of distinct counterparties;
  • Unique transaction rate (the ratio of distinct counterparties to total transactions).
Along the amount axis, transaction value statistics are extracted:
  • Mean, standard deviation, minimum, and maximum transaction amounts.
To map these behavioral features into discrete behavioral profiles, we employ the Gaussian Mixture Model (GMM) due to its soft clustering capability and probabilistic interpretability. Unlike hard clustering approaches such as K-means, GMM assigns posterior membership probabilities, enabling smoother behavioral boundaries and capturing uncertainty in account behavior [33,34,35]. The GMM density function is defined as
p ( x ) = k   π k   N ( x   |   μ k ,   Σ k )
where π k is the mixing coefficient of component k   ( k   π k   =   1 ) , μ k and Σ k are the mean and covariance of the k-th Gaussian component, and N ( x   |   μ k ,   Σ k ) denotes the multivariate normal distribution. The parameters { π k ,   μ k ,   Σ k } are optimized via the Expectation-Maximization (EM) algorithm.
In the E-step of EM, we compute the posterior responsibility γnk that component k takes for data point xn:
γ n k   =   [ π k   N ( x n   |   μ k ,   Σ k ) ] / j   [ π j   N ( x n   |   μ j ,   Σ j ) ]
Let X x d represent a feature matrix for one of the four groups. For each matrix, clustering produces label assignments as follows:
C s f = G M M X s f , C r f = G M M X r f , C s a = G M M X s a , C r a = G M M X r a
Each account a is then assigned behavioral cluster labels from each result:
f r e q _ S e n d ( a ) = C s f a ,   f r e q _ R e c v ( a ) = C r f ( a ) , a m t _ S e n d ( a ) = C s a a ,   a m t _ R e c v ( a ) = C r a ( a )
These tags collectively define a direction-specific behavioral signature for each account, which is then used to derive sender–receiver interaction features in the next module.

3.2. Interaction Prevalence Encoding

In the second module of the BI-GBDT framework, we derive interaction-level prevalence features that quantify how frequently specific sender–receiver behavioral cluster pairs occur across the transaction corpus. As illustrated in Figure 1, these features encode population-level interaction regularities and provide contextual information indicating how statistically consistent or structurally rare a given transaction is within the broader behavioral landscape.
Interaction prevalence is computed separately along two dimensions: transaction frequency and transaction amount. Let N denote the total number of transactions in the dataset. For each transaction, the sender and receiver accounts are identified together with their corresponding direction-specific behavioral cluster labels, obtained from Section Directional Behavioral Clustering. Let c i and c j denote the sender and receiver cluster labels, respectively.
Let c o u n t _ f r e q ( c i ,   c j ) represent the number of transactions in which the sender belongs to frequency-based send cluster c i and the receiver belongs to frequency-based receive cluster c j . Similarly, c o u n t _ a m t ( c i ,   c j ) represents the corresponding co-occurrence count for amount-based clusters. The cluster-pair prevalence ratios are defined as
r i j f r e q = c o u n t _ f r e q ( c i ,   c j ) N       r i j a m t = c o u n t _ a m t ( c i ,   c j ) N
These normalized ratios measure the global prevalence of specific sender–receiver behavioral pairings. Cluster pairs with high prevalence correspond to statistically dominant and behaviorally consistent interaction patterns, such as recurrent transfers between similar account profiles. Conversely, low-prevalence cluster pairs reflect structurally infrequent and behaviorally uncommon interaction configurations, which may be indicative of elevated risk. Importantly, this formulation preserves directional structure, such that transfers from a high-frequency sender to a low-frequency receiver are treated differently from the inverse scenario.
By incorporating cluster-pair prevalence ratios as transaction-level features, the BI-GBDT framework embeds relational behavioral context in a compact, scalable, and graph-free manner. This representation avoids the computational overhead of explicit graph construction while remaining well suited for high-dimensional supervised learning pipelines.

3.3. Local Deviation and Risk Scoring

In the third stage of the BI-GBDT framework, we capture transaction-level deviation signals that quantify how strongly an individual transaction departs from the historical activity patterns of the involved accounts. While earlier modules focus on account-level behavioral profiling and interaction prevalence, this stage operates at the individual transaction granularity, providing complementary information that cannot be inferred from aggregate behavior alone.
For each transaction, we compute the standardized deviation (z-score) of the transaction amount relative to the historical distribution of the corresponding account, evaluated separately for sender and receiver roles. Let μs and σs denote the mean and standard deviation of past outgoing transfers for the sender, and μr and σr for the receiver. Given a transaction with amount A, the directional z-scores are defined as follows:
Z s = ( A μ s ) / σ s
Z r = ( A μ r ) / σ r        
High absolute values of Z s or Z r indicate that the transaction amount is statistically inconsistent with the historical behavior of the sender or receiver, respectively. Such deviations may arise in scenarios involving account misuse, opportunistic fraud, or behavioral drift, particularly when observed in conjunction with structurally infrequent sender–receiver interaction patterns identified in earlier modules.

3.4. Behavioral Risk Prior

This module introduces a behavioral risk prior that represents fraud concentration at the cluster level within the transaction population. The objective is to incorporate population-level risk information derived from historical fraud labels as an additional feature for downstream classification. While previous components focus on interaction structure and transaction-level deviation signals, the behavioral risk prior provides complementary information reflecting systematic fraud accumulation in specific regions of the behavioral space.
All transactions are embedded into a feature space composed of direction-specific behavioral cluster assignments, interaction prevalence ratios, and amount-related statistics derived from the preceding modules. Transactions are then grouped using a Gaussian Mixture Model (GMM), enabling soft partitioning of the feature space and probabilistic cluster membership.
For each resulting cluster ( k ), a cluster-level risk score is computed as the ratio of labeled fraudulent transactions to the total number of transactions within that cluster:
R i s k P r i o r k = F k T k
where F k denotes the set of confirmed fraudulent transactions assigned to cluster k , and T k represents the total number of transactions in the same cluster. This cluster-level risk score is assigned to each transaction according to its cluster membership and used as a supplementary feature, thereby establishing a behavioral risk prior. The resulting prior complements transaction-level deviation signals and interaction prevalence features and is jointly provided as input to the final class-weighted GBDT model.

3.5. Class-Weighted GBDT Classification

The final module of the framework performs supervised classification by integrating all features generated in the preceding stages into a class-weighted GBDT model. This module constitutes the decision layer of the framework, where interaction-aware behavioral representations, transaction-level deviation signals, and the behavioral risk prior are jointly evaluated to produce a transaction-level anomaly score.
The input feature set includes direction-specific behavioral cluster labels, cluster-pair interaction prevalence ratios, standardized deviation metrics, and the behavioral risk prior derived at the cluster level, together with conventional transactional attributes. By combining features extracted at the transaction, interaction, and population levels, the classifier captures both localized irregularities and broader behavioral structure within the payment system.
To explicitly handle the severe class imbalance characteristic of fraud detection, the GBDT model is trained using a class-weighted loss function. Formally, the optimization objective is defined as
L = i = 1 N w y i l ( y i ,   y ^ i )
where y i denotes the true class label of transaction i , y ^ i represents the corresponding model prediction, l ( ) is the base loss function, and w y i is the weight associated with class y i ,   . In this formulation, higher weights are assigned to fraudulent transactions relative to benign ones ( w f r a u d   w n o r m a l ), ensuring that misclassification errors on the minority fraud class exert a stronger influence on the learning process.
Gradient boosting constructs an ensemble of decision trees sequentially, where each new tree is trained to minimize the weighted loss by correcting the residual errors of the current ensemble. This iterative procedure enables the model to learn nonlinear decision boundaries and complex interactions among behavioral, interaction-based, and deviation-related features [17].
The output of this module is a transaction-level anomaly score that reflects the combined influence of behavioral patterns, interaction prevalence, deviation signals, and historical fraud concentration. This unified scoring mechanism enables effective discrimination between benign transactions and those exhibiting elevated fraud risk.

4. Experiments and Results

We conduct a series of experiments to evaluate the performance of the proposed BI-GBDT framework on a large-scale real-world payment transaction dataset characterized by high volume and severe class imbalance. All experiments are carried out in a distributed big data environment, and model training and evaluation are performed using PySpark ML on Apache Spark version 3.3.2 to support scalable processing of the full dataset.

4.1. Dataset

The dataset originates from a real-world financial transaction system, where all sensitive fields have been masked to preserve privacy and institutional confidentiality. Despite anonymization, the data retain the behavioral and structural properties of genuine payment flows. The corpus spans a continuous six-month observation period and consists of more than 456 million transactions, of which approximately 40,000 are labeled as confirmed fraud, corresponding to an extreme class imbalance below 0.01%.
Each record represents a single money transfer between two accounts and includes the transaction timestamp, sender and receiver account identifiers, sender and receiver bank codes, and transaction amount. These attributes enable the construction of direction-specific behavioral features, interaction-aware indicators, and transaction-level deviation signals used in the proposed BI-GBDT framework.
To capture temporal dynamics in account behavior, the six-month transaction history is processed using fixed-length monthly aggregation windows. Behavioral descriptors based on transaction frequency and transaction amount are computed independently within each monthly window and separately for sending and receiving roles. Standardized deviation (z-score) metrics are likewise calculated relative to the corresponding monthly behavioral distributions, ensuring consistency with the direction-aware modeling strategy.
The scale of the dataset necessitates distributed processing for efficient feature computation, while the severe class imbalance reflects realistic operational conditions in payment systems. For model development and evaluation, the dataset is partitioned into training and testing subsets using a stratified 70/30 split, preserving the original fraud-to-non-fraud ratio in both sets. The test set is reserved exclusively for final performance evaluation and is not used during feature learning, hyperparameter optimization, model selection, or decision threshold determination.

4.2. Model Parameters and Tuning

Hyperparameter selection is a critical component of the proposed BI-GBDT framework, as both the quality of behavioral representations and the effectiveness of the supervised decision model are sensitive to parameter choices. In this study, hyperparameters are determined using a grid search strategy and fixed consistently across all experiments to ensure a fair and reproducible evaluation.
For the direction-specific behavioral clustering component, clustering is applied independently across behavioral axes and transaction roles in accordance with the framework design described in Section 3. A unified cluster selection procedure is adopted for all clustering stages. The number of clusters is determined through a combination of silhouette analysis, the elbow method, and domain knowledge, which together balance cluster compactness, separation, and behavioral interpretability. This procedure avoids excessive fragmentation while preserving meaningful behavioral distinctions. The final clustering configurations used throughout the experiments are summarized in Table 1.
For the supervised classification stage, hyperparameters of the class-weighted GBDT model are selected via grid search over a constrained parameter space informed by the scale and severe class imbalance of the dataset. Hyperparameter optimization is performed exclusively on the training data to prevent information leakage. Given the large-scale nature of the dataset and the use of a fixed and limited hyperparameter search space, a single stratified train–test split is adopted. The held-out test set is reserved solely for final performance evaluation and does not participate in any stage of model tuning or selection.
The decision threshold is determined based on training data performance and fixed prior to evaluation on the test set. The optimal hyperparameter configuration used across all experiments is summarized in Table 2.

4.3. Evolution Metrics

This study evaluates performance using Precision, Recall, False Positive Rate (FPR), and Accuracy, computed from True Positive (TP), True Negative (TN), and False Negative (FN); the formulas are provided in Equations (10)–(13).
P r e c i s i o n = T P T P + F P
Precision measures the proportion of correctly identified fraudulent transactions among all transactions classified as fraud by the model Equation (10).
R e c a l l = T P T P + F N
Recall measures the proportion of actual fraudulent transactions that are correctly identified by the model, as defined in Equation (11).
F P R = F P F P + T N
The False Positive Rate quantifies the proportion of legitimate transactions that are incorrectly predicted as fraud, as defined in Equation (12).
A c c u r a c y = T P + T N T P + F P + T N + F N
Accuracy is the fraction of correct classifications among all transactions. In highly imbalanced settings such as fraud detection, this measure is less informative; the formula is given by Equation (13).

4.4. Results

The experimental evaluation is designed to quantify the incremental performance gains introduced by each component of the proposed BI-GBDT framework, rather than merely reporting absolute classification performance. Accordingly, a staged evaluation strategy is adopted to examine how progressively enriching a standard classifier with behavioral and interaction-aware components improves fraud detection effectiveness under severe class imbalance.
We evaluate three model configurations on an independent test set obtained via a stratified 70/30 train/test split, ensuring that the original fraud to non-fraud ratio is preserved across both subsets. The GBDT baseline represents a conventional supervised learning approach trained solely on raw transactional attributes. This configuration serves as a reference point for assessing how far the proposed framework advances beyond a standard classifier under realistic operational conditions.
The second configuration, GBDT + Behavioral Risk Prior, augments the baseline model with transaction-level deviation indicators and the proposed Behavioral Risk Prior score, which encodes cluster-level fraud concentration derived from historical labels. This setting isolates the contribution of population-level risk information that becomes particularly important under severe class imbalance and cannot be captured by raw transactional attributes alone.
The third configuration, referred to as the Proposed Method, represents the complete BI-GBDT framework by extending the second configuration with interaction aware feature engineering based on direction specific behavioral clustering and interaction prevalence encoding. Building on the Behavioral Risk Prior score and transaction level deviation signals, this configuration explicitly models sender–receiver interaction structure through cluster pair prevalence ratios, resulting in a graph-free relational representation of transaction behavior. As a result, it evaluates the full benefit of jointly incorporating behavioral context and interaction level signals beyond anomaly indicators and population-level risk information alone.
Performance results are summarized in Table 3, reporting Accuracy, Recall, and False Positive Rate (FPR). The decision threshold is selected exclusively on the training split with the objective of reducing validation FPR while preserving high recall, and is subsequently applied unchanged to the independent test set. No oversampling or synthetic data generation techniques are used.
The results are consistently supported across all evaluation metrics, as well as by the confusion matrix and ROC analysis. The plain GBDT baseline attains an accuracy of 63.0%, a recall of 52.3%, a precision of 1.2%, and a high False Positive Rate (FPR) of 37.0%, confirming the limited effectiveness of raw transactional attributes under severe class imbalance.
Incorporating the Behavioral Risk Prior, which encodes cluster-level fraud concentration derived from historical labels, improves performance to 76.0% accuracy, 66.7% recall, and a precision of 2.4%, while reducing the FPR to 24.0%. This indicates that the Behavioral Risk Prior provides an effective class-imbalance-aware signal. However, the precision remains relatively low due to the extreme rarity of fraudulent transactions in the dataset, where even modest false positive rates correspond to a large absolute number of benign transactions.
The full BI-GBDT framework further improves performance, achieving 95.7% accuracy, 72.0% recall, and a precision of 14.7%, with an FPR of only 4.3%. As illustrated in Figure 2, the confusion matrix on the independent test set shows that the majority of fraudulent transactions are correctly identified while the number of false alarms remains tightly controlled relative to the scale of legitimate transactions. This balance is particularly critical in operational payment systems, where even small increases in FPR can translate into a large volume of unnecessary alerts.
The Receiver Operating Characteristic (ROC) curves presented in Figure 3 further reinforce these findings. The BI-GBDT model achieves an Area Under the Receiver Operating Characteristic Curve (AUC) of 0.92, significantly outperforming both the GBDT + Behavioral Risk Prior configuration (AUC = 0.78) and the plain GBDT baseline (AUC = 0.68). The steeper ascent of the BI-GBDT ROC curve at low false positive rates highlights its superior ranking capability in the operating region most relevant for real-world fraud detection, where maintaining high recall under strict false positive constraints is essential.
Overall, the results show that the observed performance improvements do not stem from a single modeling component. Performance improves through the stepwise integration of class-imbalance handling, behavioral context, and interaction-aware representations, with each component contributing complementary information. As a result, the proposed BI-GBDT framework clearly extends a standard GBDT classifier into a more effective and operationally suitable fraud detection approach for large-scale payment systems.
Although the evaluation is based on a single stratified train–test split, the extremely large scale of the dataset and the high absolute number of observed fraud cases contribute to stable and reliable performance estimates. In large-scale operational fraud detection systems, small relative variations in data composition tend to have a limited impact on aggregate metrics such as recall and false positive rate. Similar evaluation protocols have been widely adopted in prior large-scale fraud detection studies employing tree-based models [34,35,36].

5. Discussion

This study demonstrates that fraud detection performance in large-scale payment systems cannot be sufficiently improved using a standard GBDT classifier trained only on raw transactional attributes. The results show that such baseline models are strongly affected by severe class imbalance and lack the ability to capture interaction-driven fraud patterns, leading to high false positive rates and limited recall.
Incorporating the Behavioral Risk Prior, which encodes cluster-level fraud concentration derived from historical labels, improves performance by mitigating the effects of class imbalance. This component reduces false positives and increases recall compared to the plain GBDT baseline. However, the results indicate that the Behavioral Risk Prior alone is not sufficient to fully separate fraudulent and legitimate transactions, particularly in cases where fraud emerges through uncommon or coordinated sender–receiver interactions.
The substantial performance improvements are observed when interaction-aware feature engineering is incorporated through direction-specific behavioral clustering and cluster-pair prevalence ratios. These features allow the model to represent sender–receiver interaction structure in a graph-free manner, capturing relational patterns that are not visible at the transaction level. This interaction-aware representation substantially reduces false positives while preserving detection sensitivity.
From an operational perspective, this improvement is critical. Even small increases in the false positive rate can generate many unnecessary alerts and increase investigation costs in large-scale payment systems [28,31]. The confusion matrix and ROC analysis show that the BI-GBDT framework maintains a favorable balance between recall and false positive control, making it more suitable for deployment than baseline approaches.
Overall, the findings show that effective fraud detection is achieved by jointly incorporating class-imbalance handling, behavioral context, and interaction-aware representations within a unified framework. The proposed BI-GBDT approach provides a scalable and practical solution that improves upon standard GBDT-based models without relying on explicit graph construction.
It is also important to clarify the scope of the proposed approach in relation to graph-based fraud detection methods. Existing graph-based fraud detection approaches typically rely on explicit transaction graph construction and graph neural networks to model higher-order dependencies between accounts. Although effective in controlled settings, such methods often face scalability, latency, and maintenance challenges in production environments with hundreds of millions of transactions. In contrast, the proposed BI-GBDT framework captures sender–receiver interaction structure using compact, tabular representations that can be seamlessly integrated into existing distributed processing pipelines [37,38,39].

Limitations

Despite the strong empirical results, this study has several limitations. First, the evaluation is conducted on a masked real-world dataset, which restricts full reproducibility and public benchmarking. Second, the analysis relies on a six-month observation window with fixed monthly aggregation. This design choice may reduce sensitivity to short-term fraud bursts or rapidly evolving attack patterns. Third, the experimental evaluation is based on a single stratified train–test split. While this reflects realistic large-scale operational settings, additional statistical validation using multiple splits or resampling techniques could further quantify performance variability. Such validation is left as an important direction for future work. Finally, as with most data-driven fraud detection systems, the proposed framework may be affected by concept drift over time, which may require periodic model retraining and recalibration in long-term deployments.
Graph-based fraud detection methods are not included as baselines in this study, as the primary objective is not to outperform graph-based models, but to demonstrate that interaction-aware representations can be effectively captured in a graph-free manner that is more compatible with large-scale operational payment systems. While graph-based approaches can offer strong expressive power, their computational and operational overhead often limits their applicability in real-time or large-scale production environments [38,39,40].

6. Conclusions

This study presents BI-GBDT, a scalable and graph-free fraud detection framework designed for large-scale payment systems operating under severe class imbalance. The proposed approach combines direction-specific behavioral clustering, interaction prevalence encoding via cluster-pair ratios, transaction-level deviation signals, and a behavioral risk prior derived from cluster-level fraud concentration within a unified class-weighted GBDT model.
Experimental results on a large real-world masked transaction dataset demonstrate that a standard GBDT classifier trained on raw transactional attributes is insufficient to reliably detect fraud in this setting. While the Behavioral Risk Prior improves performance by explicitly addressing class imbalance, the results show that this component alone cannot fully separate fraudulent and legitimate transactions. Substantial and consistent performance improvements are achieved only when interaction-aware behavioral representations are incorporated into the learning process.
The full BI-GBDT framework achieves higher recall while significantly reducing the false positive rate, as confirmed by point metrics, confusion matrix analysis, and ROCs. This balance is particularly important for operational deployment, where excessive false alarms can impose substantial investigation costs. By capturing sender–receiver interaction structure without constructing an explicit transaction graph, BI-GBDT provides an effective compromise between expressive modeling and computational scalability.
Overall, the findings show that effective fraud detection in large-scale payment systems requires the joint integration of class-imbalance handling, behavioral context, and interaction-aware feature engineering. The proposed BI-GBDT framework demonstrates how these components can be combined in a practical and scalable manner, offering a strong alternative to both transaction-only classifiers and computationally intensive graph-based approaches.
Future work may extend the proposed framework along several practical directions. The current study relies on fixed monthly aggregation windows for constructing behavioral features; exploring adaptive or multi scale temporal windowing strategies could improve sensitivity to short-term behavioral shifts and emerging fraud patterns. In addition, incorporating complementary contextual signals such as transaction channels, device information, or session-level attributes may further enrich interaction-aware representations while preserving the graph-free and scalable design of the framework. Another important direction is extending BI-GBDT to online or streaming detection settings, enabling continuous model updates and faster adaptation to evolving fraud behavior in real-world payment systems. Finally, future studies may investigate cost-sensitive thresholding and decision strategies that explicitly account for operational constraints and investigation costs, allowing the framework to be tailored to different deployment scenarios and risk preferences.

Author Contributions

M.B.K. was responsible for the technical design of the study, development of the proposed methodology, and experimental analysis. M.G. contributed to the conceptual framing of the work and co-authored the manuscript together with M.B.K. Both authors reviewed, revised, and approved the final version of the manuscript. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The data used in this study originate from a real-world financial transaction system and contain sensitive information. Due to privacy, confidentiality, and institutional restrictions, the data are not publicly available.

Acknowledgments

The author would like to extend sincere gratitude to the methodologies that have significantly contributed to and facilitated this research.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
AIArtificial Intelligence
AUCArea Under the Receiver Operating Characteristic Curve
BI-GBDTBehavioral Interaction-Aware Gradient Boosting Decision Tree
DBSCANDensity-Based Spatial Clustering of Applications with Noise
EMExpectation–Maximization
FPRFalse Positive Rate
GBDTGradient Boosting Decision Tree
GMMGaussian Mixture Model
MLMachine Learning
ROCReceiver Operating Characteristic
TPTrue Positive
FPFalse Positive
TNTrue Negative
FNFalse Negative

References

  1. Baisholan, N.; Dietz, J.E.; Gnatyuk, S.; Turdalyuly, M.; Matson, E.T.; Baisholanova, K. A Systematic Review of Machine Learning in Credit Card Fraud Detection Under Original Class Imbalance. Computers 2025, 14, 437. [Google Scholar] [CrossRef]
  2. Chen, W.; Yang, K.; Yu, Z.; Shi, Y.; Chen, C.L.P. A survey on imbalanced learning: Latest research, applications and future directions. Artif. Intell. Rev. 2024, 57, 137. [Google Scholar] [CrossRef]
  3. Silva Filho, T.; Song, H.; Perelló-Nieto, M.; Santos-Rodríguez, R.; Kull, M.; Flach, P.A. Classifier calibration: A survey on how to assess and improve predicted class probabilities. Mach. Learn. 2023, 112, 3211–3260. [Google Scholar] [CrossRef]
  4. Ma, S.; Hargreaves, C.A. Addressing Credit Card Fraud Detection Challenges with Adversarial Autoencoders. Big Data Cogn. Comput. 2025, 9, 168. [Google Scholar] [CrossRef]
  5. Hafez, I.Y.; Hafez, A.Y.; Saleh, A.; Abd El-Mageed, A.A.; Abohany, A.A. A systematic review of AI-enhanced techniques in credit card fraud detection. J. Big Data 2025, 6, 12. [Google Scholar] [CrossRef]
  6. Malik, E.F.; Khaw, K.W.; Belaton, B.; Wong, W.P.; Chew, X. Credit card fraud detection using a new hybrid machine learning architecture. Mathematics 2022, 10, 1480. [Google Scholar] [CrossRef]
  7. Ruff, L.; Vandermeulen, R.; Görnitz, N.; Deecke, L.; Siddiqui, S.A.; Binder, A.; Müller, E.; Kloft, M. Deep One-Class Classification. In Proceedings of the 35th International Conference on Machine Learning (ICML 2018), Stockholm, Sweden, 10–15 July 2018; PMLR 80, pp. 4390–4399. Available online: https://proceedings.mlr.press/v80/ruff18a.html (accessed on 13 October 2025).
  8. Schölkopf, B.; Platt, J.C.; Shawe-Taylor, J.; Smola, A.J.; Williamson, R.C. Estimating the support of a high-dimensional distribution. Neural Comput. 2001, 13, 1443–1471. [Google Scholar] [CrossRef]
  9. Tax, D.M.J.; Duin, R.P.W. Support vector data description. Mach. Learn. 2004, 54, 45–66. [Google Scholar] [CrossRef]
  10. Vincent, P.; Larochelle, Y.; Bengio, Y.; Manzagol, P.-A. Extracting and composing robust features with denoising autoencoders. In Proceedings of the 25th International Conference on Machine Learning (ICML 2008), Helsinki, Finland, 5–9 July 2008; pp. 1096–1103. [Google Scholar] [CrossRef]
  11. Zong, B.; Song, Q.; Min, M.R.; Cheng, W.; Lumezanu, C.; Cho, D.; Chen, H. Deep Autoencoding Gaussian Mixture Model for Unsupervised Anomaly Detection. In Proceedings of the 6th International Conference on Learning Representations (ICLR 2018), Vancouver, BC, Canada, 30 April–3 May 2018; Available online: https://openreview.net/forum?id=BJJLHbb0- (accessed on 14 October 2025).
  12. Zhao, Y.; Hryniewicki, M.K. XGBOD: Improving supervised outlier detection with unsupervised representation learning. In Proceedings of the International Joint Conference on Neural Networks (IJCNN 2018), Rio de Janeiro, Brazil, 8–13 July 2018; pp. 1–8. [Google Scholar] [CrossRef]
  13. Zhao, Y.; Nasrullah, Z.; Li, Z. SUOD: Accelerating Large-Scale Unsupervised Heterogeneous Outlier Detection. In Proceedings of the Machine Learning and Systems (MLSys 2021), Virtual Event, 5–9 April 2021; Volume 3. Available online: https://proceedings.mlsys.org/book/2021 (accessed on 11 October 2025).
  14. Wang, S. Evaluating cross-building transferability of attention-based automated fault detection and diagnosis for air handling units: Auditorium and hospital case study. Build. Environ. 2025, 287, 113889. [Google Scholar] [CrossRef]
  15. Akoglu, L.; Tong, H.; Koutra, D. Graph-based anomaly detection and description: A survey. Data Min. Knowl. Discov. 2015, 29, 626–688. [Google Scholar] [CrossRef]
  16. Xiang, S.; Zhu, M.; Cheng, D.; Li, E.; Zhao, R.; Ouyang, Y.; Chen, L.; Zheng, Y. Semi-supervised credit card fraud detection via attribute-driven graph representation. In Proceedings of the AAAI Conference on Artificial Intelligence (AAAI 2023), Washington, DC, USA, 7–14 February 2023. [Google Scholar] [CrossRef]
  17. Chen, T.; Guestrin, C. XGBoost: A scalable tree boosting system. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2016), San Francisco, CA, USA, 13–17 August 2016; pp. 785–794. [Google Scholar] [CrossRef]
  18. Pes, B.; Lai, G. Cost-sensitive learning strategies for high-dimensional and imbalanced data: A comparative study. PeerJ Comput. Sci. 2021, 7, e832. [Google Scholar] [CrossRef]
  19. Financial Action Task Force (FATF). International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation: The FATF Recommendations; FATF: Paris, France, 2012; last updated October 2025; Available online: https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Fatf-recommendations.html (accessed on 10 November 2025).
  20. Zaharia, M.; Xin, R.S.; Wendell, P.; Armbrust, M.; Armbrust, M.; Dave, A.; Meng, X.; Rosen, J.; Venkataraman, S.; Franklin, M.J.; et al. Apache Spark: A unified engine for big data processing. Commun. ACM 2016, 59, 56–65. [Google Scholar] [CrossRef]
  21. Chawla, N.V.; Bowyer, K.W.; Hall, L.O.; Kegelmeyer, W.P. SMOTE: Synthetic minority over-sampling technique. J. Artif. Intell. Res. 2002, 16, 321–357. [Google Scholar] [CrossRef]
  22. Bolton, R.J.; Hand, D.J. Statistical fraud detection: A review. Statist. Sci. 2002, 17, 235–255. [Google Scholar] [CrossRef]
  23. Carcillo, F.; Le Borgne, Y.-A.; Caelen, O.; Kessaci, Y.; Oblé, F.; Bontempi, G. Combining unsupervised and supervised learning in credit card fraud detection. Inf. Sci. 2021, 557, 317–331. [Google Scholar] [CrossRef]
  24. Höppner, S.; Baesens, B.; Verbeke, W.; Verdonck, T. Instance-dependent cost-sensitive learning for detecting transfer fraud. Eur. J. Oper. Res. 2022, 297, 291–300. [Google Scholar] [CrossRef]
  25. Lucas, Y.; Portier, P.-E.; Laporte, L.; He-Guelton, L.; Caelen, O.; Granitzer, M.; Calabretto, S. Towards automated feature engineering for credit card fraud detection using multi-perspective HMMs. Future Gener. Comput. Syst. 2019, 102, 393–402. [Google Scholar] [CrossRef]
  26. Vorobyev, I.; Krivitskaya, A. Reducing false positives in bank anti-fraud systems based on rule induction in distributed tree-based models. Comput. Secur. 2022, 120, 102786. [Google Scholar] [CrossRef]
  27. Ghosh Dastidar, K.; Jurgovsky, J.; Siblini, W.; Granitzer, M. NAG: Neural feature aggregation framework for credit card fraud detection. Knowl. Inf. Syst. 2022, 64, 831–858. [Google Scholar] [CrossRef]
  28. Wang, S. A hybrid SMOTE and Trans-CWGAN for data imbalance in real operational AHU AFDD: A case study of an auditorium building. Energy Build. 2025, 348, 116447. [Google Scholar] [CrossRef]
  29. Alamri, M.; Ykhlef, M. Hybrid Feature Engineering Based on Customer Spending Behavior for Credit Card Anomaly and Fraud Detection. Electronics 2024, 13, 3978. [Google Scholar] [CrossRef]
  30. Wijaya, M.G.; Pinaringgi, M.F.; Zakiyyah, A.Y.; Meiliana. Comparative Analysis of Machine Learning Algorithms and Data Balancing Techniques for Credit Card Fraud Detection. Procedia Comput. Sci. 2024, 245, 677–688. [Google Scholar] [CrossRef]
  31. Zamanzadeh Darban, Z.; Webb, G.I.; Pan, S.; Aggarwal, C.; Salehi, M. Deep Learning for Time Series Anomaly Detection: A Survey. ACM Comput. Surv. 2024, 57, 15. [Google Scholar] [CrossRef]
  32. Ahmed, K.H.; Axelsson, S.; Li, Y.; Sagheer, A.M. A credit card fraud detection approach based on ensemble machine learning classifier with hybrid data sampling. Mach. Learn. Appl. 2025, 20, 100675. [Google Scholar] [CrossRef]
  33. Jabeen, M.; Ramzan, S.; Raza, A.; Fitriyani, N.L.; Syafrudin, M.; Lee, S.W. Enhanced Credit Card Fraud Detection Using Deep Hybrid CLST Model. Mathematics 2025, 13, 1950. [Google Scholar] [CrossRef]
  34. Aros, J.; Molano, J. Financial fraud detection through the application of machine learning techniques: A literature review. Humanit. Soc. Sci. Commun. 2024, 11, 1130. [Google Scholar] [CrossRef]
  35. Hajek, P.; Abedin, M.Z.; Sivarajah, U. Fraud detection in mobile payment systems using an XGBoost-based framework. Inf. Syst. Front. 2022, 25, 1985–2003. [Google Scholar] [CrossRef]
  36. Bahnsen, A.C.; Aouada, D.; Ottersten, B.; Stojanovic, A.; Stojanovic, B. Feature engineering strategies for credit card fraud detection. Expert Syst. Appl. 2016, 51, 134–142. [Google Scholar] [CrossRef]
  37. Whitrow, C.; Hand, D.J.; Juszczak, P.; Weston, D.; Adams, N.M. Transaction aggregation as a strategy for credit card fraud detection. Data Min. Knowl. Discov. 2009, 18, 30–55. [Google Scholar] [CrossRef]
  38. Pandit, S.; Chau, D.H.; Wang, S.; Faloutsos, C. NetProbe: A fast and scalable system for fraud detection in online auction networks. In Proceedings of the WWW’07: 16th International World Wide Web Conference, Banff, AB, Canada, 8–12 May 2007; pp. 201–210. [Google Scholar] [CrossRef]
  39. Wu, Z.; Pan, S.; Chen, F.; Long, G.; Zhang, C.; Yu, P.S. A comprehensive survey on graph neural networks. IEEE Trans. Neural Netw. Learn. Syst. 2021, 32, 4–24. [Google Scholar] [CrossRef]
  40. Weber, M.; Domeniconi, G.; Chen, J.; Weidele, D.K.I.; Bellei, C.; Robinson, T.; Leiserson, C.E. Anti-money laundering in Bitcoin: Experiments with graph convolutional networks. In Proceedings of the KDD’19: The 25th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Anchorage, AK, USA, 4–8 August 2019. [Google Scholar]
Figure 1. High-level overview of the proposed BI-GBDT framework and its main processing stages.
Figure 1. High-level overview of the proposed BI-GBDT framework and its main processing stages.
Applsci 16 00876 g001
Figure 2. Confusion matrix of the BI-GBDT model on the test set.
Figure 2. Confusion matrix of the BI-GBDT model on the test set.
Applsci 16 00876 g002
Figure 3. ROC curves for BI-GBDT and other configurations on the test set.
Figure 3. ROC curves for BI-GBDT and other configurations on the test set.
Applsci 16 00876 g003
Table 1. The clustering models configurations.
Table 1. The clustering models configurations.
AxisDirectionModelNumber of Clusters
FrequencySendGMM13
FrequencyReceiveGMM8
AmountSendGMM11
AmountReceiveGMM9
Table 2. The final hyperparameter configuration of the class-weighted GBDT model.
Table 2. The final hyperparameter configuration of the class-weighted GBDT model.
HyperparameterValue
Number of boosting iterations320
Learning rate0.06
Maximum tree depth9
Minimum leaf size10,000
Subsampling rate0.7
Number of histogram bins128
Minimum split-gain threshold1 × 10−4
Table 3. Performance comparison of evaluated models on the test set.
Table 3. Performance comparison of evaluated models on the test set.
ModelAccuracy (%)Recall (%)Precision (%)FPR (%)
BI-GBDT95.772.014.74.3
GBDT + Behavioral Risk Prior76.066.72.424.0
GBDT63.052.31.237.0
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Keles, M.B.; Gokturk, M. BI-GBDT: A Graph-Free Behavioral Interaction-Aware Gradient Boosting Framework for Fraud Detection in Large-Scale Payment Systems. Appl. Sci. 2026, 16, 876. https://doi.org/10.3390/app16020876

AMA Style

Keles MB, Gokturk M. BI-GBDT: A Graph-Free Behavioral Interaction-Aware Gradient Boosting Framework for Fraud Detection in Large-Scale Payment Systems. Applied Sciences. 2026; 16(2):876. https://doi.org/10.3390/app16020876

Chicago/Turabian Style

Keles, Mustafa Berk, and Mehmet Gokturk. 2026. "BI-GBDT: A Graph-Free Behavioral Interaction-Aware Gradient Boosting Framework for Fraud Detection in Large-Scale Payment Systems" Applied Sciences 16, no. 2: 876. https://doi.org/10.3390/app16020876

APA Style

Keles, M. B., & Gokturk, M. (2026). BI-GBDT: A Graph-Free Behavioral Interaction-Aware Gradient Boosting Framework for Fraud Detection in Large-Scale Payment Systems. Applied Sciences, 16(2), 876. https://doi.org/10.3390/app16020876

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop