Amazon Fraud Detector
Hands-On
Demo
In this demo, we will:
- Set up IAM roles and permissions for Amazon Fraud Detector
- Create and upload training data to S3
- Create variables, entity types, and labels
- Create event type for new account registration
- Build and train the machine learning model
- Review model performance and deploy the model
- Create outcomes and business rules for risk-based decisions
- Build and publish the fraud detector
- Test the detector with CloudShell using different risk scenarios
- Monitor predictions and analyze results
- Clean up all resources
Agenda
Create IAM Role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "frauddetector.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Add permissions
AmazonFraudDetectorFullAccess
Add permissions
AmazonS3ReadOnlyAccess
Name, review, and create
FraudDetectorServiceRole
Step 1: Select trusted entities
Step 2: Add permissions
Create S3 Bucket
fraud-detector-demo-123456
Successfully created bucket "fraud-detector-demo-123456"
Download raw file
ip_address,email_address,billing_state,user_agent,billing_postal,phone_number,EVENT_TIMESTAMP,billing_address,EVENT_LABEL
112.136.132.151,fake_cgonzales@example.net,NC,"Mozilla/5.0 (iPad; CPU iPad OS 10_3_3 like Mac OS X) AppleWebKit/532.2 (KHTML, like Gecko) CriOS/34.0.827.0 Mobile/13K063 Safari/532.2",34491,(555)333 - 9246,2022-10-14T00:28:30Z,12351 Amanda Knolls Fake St.,legit
192.169.234.143,fake_dustin64@example.net,CO,"Mozilla/5.0 (Windows; U; Windows NT 6.1) AppleWebKit/532.44.3 (KHTML, like Gecko) Version/4.0.3 Safari/532.44.3",34555,(555)779 - 5604,2022-11-29T22:19:40Z,691 Deborah Estate Fake St.,legit
185.112.224.79,fake_samuel59@example.net,CO,"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7_0 rv:5.0; mr-IN) AppleWebKit/532.25.5 (KHTML, like Gecko) Version/4.0 Safari/532.25.5",33611,(555)948 - 9198,2023-02-18T09:16:19Z,28583 Joseph Tunnel Fake St.,legit
68.73.183.186,fake_tinalopez@example.net,TN,"Mozilla/5.0 (Linux; Android 7.1.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/59.0.807.0 Safari/535.1",33520,(555)477 - 7885,2022-12-19T09:13:35Z,019 Linda Via Fake St.,legitSample File
Upload file
Upload succeeded
Amazon Fraud Detector
Create Variables
ip_address
email_address
user_agent
billing_city
billing_state
billing_zip
phone_number
Create entity type
customerCreate entity type
Entity types
Create labels
fraudCreate label
fraud
Create label
legit
legit
Create event type
new_account_registrationCreate event type
Event variables
Labels
Add Labels
Labels
Create event type
Build a model
Model type
Choose data file in S3
Copy the IAM Role ARN
Define model details
new_account_model
Event type
Role ARN & S3 Data Location
Model tags
Model inputs
Label classification
Review and create
Create and train model
Model training is in progress
Ready to deploy
Deploy the model
Model performance
ROC Curve
Model variable importance
Deploy model version
Deploy model version
Active
Create detector
new_account_detector
Add model
Create a 1st outcome
deny_registration
high_risk_deny$new_account_model_insightscore > 950
Outcomes
Add another rule
Create a 2nd outcome
review_registration
Create rule
medium_risk_review$new_account_model_insightscore > 850
Outcomes
Add another rule
approve_registrationCreate a 3rd outcome
Create rule
low_risk_approve$new_account_model_insightscore <= 850
Outcomes
3 Rules
Configure rule execution
Rules (3)
Rules (3)
Review and create
Create detector
Publish the Detector
Publish version
Launch AWS CloudShell
aws frauddetector get-event-prediction \
--detector-id "new_account_detector" \
--event-type-name "new_account_registration" \
--event-id "test-event-high-risk-deny" \
--event-timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
--entities '[{"entityType":"customer", "entityId":"customer-fraud-indicators"}]' \
--event-variables '{
"email_address": "fraud123@10minutemail.com",
"ip_address": "185.220.100.240",
"billing_city": "Lagos",
"billing_state": "NG",
"user_agent": "curl/7.68.0",
"phone_number": "0000000000"
}'High Risk Event
aws frauddetector get-event-prediction \
--detector-id "new_account_detector" \
--event-type-name "new_account_registration" \
--event-id "test-event-low-risk-approve" \
--event-timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
--entities '[{"entityType":"customer", "entityId":"customer-legitimate"}]' \
--event-variables '{
"email_address": "john.smith@gmail.com",
"ip_address": "173.252.66.1",
"billing_city": "Seattle",
"billing_state": "WA",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
"phone_number": "2065551234"
}'Low Risk Event
Medium Risk Event
aws frauddetector get-event-prediction \
--detector-id "new_account_detector" \
--event-type-name "new_account_registration" \
--event-id "test-event-review-8" \
--event-timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
--entities '[{"entityType":"customer", "entityId":"customer-fraud-indicators"}]' \
--event-variables '{
"email_address": "john.smith@gmail.com",
"ip_address": "173.252.66.1",
"billing_city": "Lagos",
"billing_state": "NG",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
"phone_number": "2065551234"
}'
Search past predictions
Clean Up
Empty S3 Bucket
permanently deleteEmpty S3 Bucket
Delete S3 Bucket
Delete S3 Bucket
fraud-detector-demo-123456
Delete FraudDetectorServiceRole
Delete Detector
Delete Detector
Delete Model
Delete Model
Delete Model Version
Undeploy Model Version
Undeploy Model Version
Delete Detector Version
Deactivate Detector Version
Deactivate detector version
Delete Detector Version
Delete Detector Version
new_account_detector (Version 1)
Delete Detector
Delete new_account_detector
Delete new_account_detector
Delete rule version
high_risk_deny (Version 1)Delete high_risk_deny (Version 1)
Delete rule version
Delete detector
Delete new_account_detector
Delete model
Undeploy model version
Undeploy model version
Undeploy
Undeploying...
Delete Model Version
