Deep Learning Fraud Detection With AWS SageMaker and Glue

Fraud detection has become a top priority for businesses across industries. With fraudulent activities growing more sophisticated, traditional rule-based approaches often fall short in addressing the constantly evolving threats. Detecting and preventing fraud — be it financial scams, identity theft, or insurance fraud — is crucial, especially when global fraud losses run into billions of dollars annually.

This guide discusses how deep learning can improve fraud detection with AWS SageMaker and AWS Glue. Deep learning, a branch of machine learning, excels at uncovering complex patterns in large datasets and adapting to emerging fraud techniques. AWS SageMaker, a comprehensive machine learning platform, equips businesses with the tools to build, train, and deploy advanced deep learning models, while AWS Glue streamlines data preparation and integration with its fully managed ETL capabilities.

Together, these AWS services enable organizations to create end-to-end fraud detection pipelines that are robust, scalable, and seamlessly fit within existing data ecosystems. In this document, I'll walk you through the process of developing a powerful fraud detection system using deep learning on AWS. We'll cover best practices, common challenges, and real-world applications to help you build an efficient and future-ready solution.

AWS SageMaker for Deep Learning With XGBoost

AWS SageMaker offers a powerful platform for developing machine learning models, and when it comes to fraud detection, XGBoost (Extreme Gradient Boosting) stands out as a particularly effective algorithm. Let's dive into how SageMaker and XGBoost work together to create robust fraud detection systems.

XGBoost on AWS SageMaker is a popular machine learning algorithm known for its speed and performance, especially in fraud detection scenarios. SageMaker provides a built-in XGBoost algorithm optimized for the AWS ecosystem.

• High accuracy. XGBoost often outperforms other algorithms in binary classification tasks like fraud detection.
• Handles imbalanced data. Fraud cases are typically rare, and XGBoost can handle this imbalance effectively.
• Feature importance. XGBoost provides insights into which features are most crucial for detecting fraud.
• Scalability. SageMaker's implementation can handle large datasets efficiently.

Architecture

1. Data sources – Various input streams, including transactional databases, log files, and real-time data feeds that provide raw information for fraud detection.
2. AWS Glue – A fully managed ETL (Extract, Transform, Load) service that catalogs your data, cleans it, enriches it, and moves it reliably between various data stores and data streams.
   
3. Amazon S3 (processed data) – Highly scalable object storage service that stores both the processed data from Glue and the model artifacts from SageMaker.
4. AWS SageMaker (XGBoost Model) – A fully managed machine learning platform that will be leveraged to build, train, and deploy the XGBoost machine learning model.
5. Sagemaker endpoints – A scalable compute environment for deploying the model for real-time fraud detection.
6. API Gateway – Acts as a protection layer in front of the model deployed in the SageMaker endpoint. It helps secure calls, track requests, and manage model deployments with minimal impact on the consuming application.
7. Fraud detection application – A custom application or serverless function that integrates the deployed model into the business workflow, making fraud predictions on new transactions.

Implementation

Here is the small snippet of the data that I am considering for training the ML model in CSV format. The data has the following columns

• transaction_id – Unique identifier for each transaction
• customer_id – Identifier for the customer making the transaction
• merchant_id – Identifier for the merchant receiving the payment
• card_type – Type of card used (credit or debit)
• amount – Transaction amount
• transaction_date – Date and time of the transaction
• is_fraud – Binary indicator of whether the transaction is fraudulent (1) or not (0)

The Glue ETL script in Pyspark below demonstrates how I processed and prepared data for fraud detection using XGBoost in SageMaker. I am using transactional data and performing some basic data cleaning and feature engineering. 

Remember to replace the bucket name in the code snippet below. Also, the source database and table names are as configured in the Glue Crawler:

import sys

from awsglue.transforms import *

from awsglue.utils import getResolvedOptions

from pyspark.context import SparkContext

from awsglue.context import GlueContext

from awsglue.job import Job

from pyspark.sql.functions import col, when, to_timestamp, hour, dayofweek

​

# Initialize the Glue context

args = getResolvedOptions(sys.argv, ['JOB_NAME'])

sc = SparkContext()

glueContext = GlueContext(sc)

spark = glueContext.spark_session

job = Job(glueContext)

job.init(args['JOB_NAME'], args)

​

# Read input data

datasource0 = glueContext.create_dynamic_frame.from_catalog(

    database = "fraud_detection_db", # Database name configured in the glue crawler

    table_name = "raw_transactions" # Table name configured in the glue crawler

)

​

# Convert to DataFrame for easier manipulation

df = datasource0.toDF()

# Data cleaning

df = df.dropDuplicates().na.drop()

​

# Feature engineering

​

df = df.withColumn("amount", col("amount").cast("double"))

df = df.withColumn("timestamp", to_timestamp(col("transaction_date"), "yyyy-MM-dd HH:mm:ss"))

df = df.withColumn("hour_of_day", hour(col("timestamp")))

df = df.withColumn("day_of_week", dayofweek(col("timestamp")))

# Encode categorical variables

df = df.withColumn("card_type_encoded", when(col("card_type") == "credit", 1).otherwise(0))

​

# Calculate statistical features

df = df.withColumn("amount_zscore", 

    (col("amount") - df.select(mean("amount")).collect()[0][0]) / df.select(stddev("amount")).collect()[0][0]

)

​

# Select final features for model training

final_df = df.select(

    "transaction_id",

    "amount",

    "amount_zscore",

    "hour_of_day",

    "day_of_week",

    "card_type_encoded",

    "is_fraud"  # this is my target variable

)

​

# Write the processed data back to S3

output_dir = "s3://<bucket_name>/processed_transactions/"

glueContext.write_dynamic_frame.from_options(

    frame = DynamicFrame.fromDF(final_df, glueContext, "final_df"),

    connection_type = "s3",

    connection_options = {"path": output_dir},

    format = "parquet"

)

​

job.commit()

Now, once the processed data is stored in S3, the next step will be to use Sagemaker Jupyter Notebook to train the model. Again, remember to replace your bucket name in the code.

import boto3

import sagemaker

from sagemaker import get_execution_role

from sagemaker.amazon.amazon_estimator import get_image_uri

from sagemaker.session import Session

import pandas as pd

import numpy as np

from sklearn.model_selection import train_test_split

from sklearn.preprocessing import StandardScaler

​

# Set up the SageMaker session

role = get_execution_role()

session = sagemaker.Session()

bucket = session.default_bucket()

prefix = 'fraud-detection-xgboost'

​

# Specify the S3 location of your processed data

s3_data_path = 's3://<bucket_name> /processed_transactions/'

​

# Read the data from S3

df = pd.read_parquet(s3_data_path)

​

# Split features and target

X = df.drop('is_fraud', axis=1)

y = df['is_fraud']

​

# Split the data into train and test sets

X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)

​

# Scale the features

scaler = StandardScaler()

X_train_scaled = scaler.fit_transform(X_train)

X_test_scaled = scaler.transform(X_test)

​

# Combine features and target for SageMaker

train_data = pd.concat([pd.DataFrame(X_train_scaled), y_train.reset_index(drop=True)], axis=1)

test_data = pd.concat([pd.DataFrame(X_test_scaled), y_test.reset_index(drop=True)], axis=1)

​

# Save the data to S3

train_path = session.upload_data(path=train_data.to_csv(index=False, header=False), 

                                 bucket=bucket, 

                                 key_prefix=f'{prefix}/train')

test_path = session.upload_data(path=test_data.to_csv(index=False, header=False), 

                                bucket=bucket, 

                                key_prefix=f'{prefix}/test')

​

# Set up the XGBoost estimator

container = get_image_uri(session.boto_region_name, 'xgboost', '1.0-1')

xgb = sagemaker.estimator.Estimator(container,

                                    role,

                                    instance_count=1,

                                    instance_type='ml.m5.xlarge',

                                    output_path=f's3://<bucket_name>}/{prefix}/output',

                                    sagemaker_session=session)

​

# Set hyperparameters

xgb.set_hyperparameters(max_depth=5,

                        eta=0.2,

                        gamma=4,

                        min_child_weight=6,

                        subsample=0.8,

                        objective='binary:logistic',

                        num_round=100)

# Train the model

xgb.fit({'train': train_path, 'validation': test_path})

# Deploy the model

xgb_predictor = xgb.deploy(initial_instance_count=1, instance_type='ml.m4.xlarge')

​

# Test the deployed model

test_data_np = test_data.drop('is_fraud', axis=1).values.astype('float32')

predictions = xgb_predictor.predict(test_data_np)

​

# Evaluate the model

from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score

​

y_pred = [1 if p > 0.5 else 0 for p in predictions]

print(f"Accuracy: {accuracy_score(y_test, y_pred)}")

print(f"Precision: {precision_score(y_test, y_pred)}")

print(f"Recall: {recall_score(y_test, y_pred)}")

print(f"F1 Score: {f1_score(y_test, y_pred)}") 

​

# Clean up

xgb_predictor.delete_endpoint()

Result

Here is the output of the test run on the model.

Accuracy: 0.9982

​

Precision: 0.9573

​

Recall: 0.8692

​

F1 Score: 0.9112

Let me break down what these metrics mean in the context of fraud detection:

• Accuracy: 0.9982 (99.82%) – This high accuracy might look impressive, but in fraud detection, it can be misleading due to class imbalance. Most transactions are not fraudulent, so even always predicting "not fraud" could give high accuracy.
• Precision: 0.9573 (95.73%) – This indicates that when the model predicts a transaction is fraudulent, it's correct 95.73% of the time. High precision is important to minimize false positives, which could lead to legitimate transactions being blocked.
• Recall: 0.8692 (86.92%) – This shows that the model correctly identifies 86.92% of all actual fraudulent transactions. While not as high as precision, it's still good. In fraud detection, we often prioritize recall to catch as many fraudulent transactions as possible.
• F1 Score: 0.9112 – This is the harmonic mean of precision and recall, providing a balanced measure of the model's performance. An F1 score of 0.9112 indicates a good balance between precision and recall.

These metrics suggest a well-performing model that's good at identifying fraudulent transactions while minimizing false alarms. However, there's always room for improvement, especially in recall. 

In a real-world scenario, you might want to adjust the model's threshold to increase recall, potentially at the cost of some precision, depending on the specific business requirements and the cost associated with false positives versus false negatives.

Conclusion

The implementation of a deep learning-based fraud detection system using AWS SageMaker and Glue represents a significant leap forward in the fight against financial fraud. Using XGBoost algorithms and the scalability of cloud computing, businesses can now detect and prevent fraudulent activities with unprecedented accuracy and efficiency.

Throughout this document, we've explored the intricate process of building such a system, from data preparation with AWS Glue to model training and deployment with SageMaker. The architecture we've outlined has shown how the combination of AWS SageMaker, Glue, and XGBoost offers a formidable weapon in the arsenal against fraud.