Cracking Hidden Ad Fraud: JD’s AI‑Driven Anti‑Cheat System Explained

From Academic Research to Real‑World Anti‑Fraud

During graduate studies at Tsinghua University, the author participated in data‑mining competitions and focused on anomaly detection, achieving high true‑positive rates (>95%) and low false‑positive rates (<0.35%). The laboratory environment provided clean datasets and stable evaluation metrics, which built a solid technical foundation but also created a narrow research mindset.

After joining JD.com’s retail technology team, the author faced massive e‑commerce traffic during major sales events. Traditional models that performed well in the lab struggled with real‑world scale, resource constraints, and evolving fraud tactics. This gap highlighted the need for solutions that could continuously evolve in chaotic, high‑volume environments.

Detecting Concealed Address Codes with Large Language Models

In the CPS (cost‑per‑sale) advertising model, fraudsters embed secret codes in address fields to claim commissions illegitimately. Simple regex filters quickly become obsolete as new code patterns emerge. To overcome this, the team introduced a large language model (LLM) to understand the semantic meaning of address strings.

Using an open‑source LLM fine‑tuned with LoRA, a few thousand manually labeled anomalous addresses taught the model to recognize “abnormal patterns.” The model was further refined with a reinforcement‑learning‑from‑human‑feedback (RHLF) loop: when the model produced incorrect predictions, human experts corrected it, and the feedback was fed back into the training process.

Examples of the model’s generative reasoning include correctly flagging addresses such as “3栋78910单元1023室” and “3栋2单元1023室ATTTT233,” where the numeric strings act as hidden fraud codes—something regex‑based rules cannot capture.

After three iterative versions, the system achieved a false‑positive rate of 0.3% while accurately detecting both explicit and covert address codes.

Balancing Accuracy, Cost, and Latency

Scaling the solution to JD’s massive traffic required a careful trade‑off between model sophistication, computational cost, and real‑time latency. The team adopted model distillation: the large LLM acted as a “teacher,” and a smaller, faster model learned its knowledge through feature‑level distillation. Over ten versions, the distilled model matched the teacher’s accuracy while meeting strict latency requirements.

Key Insights for Sustainable Anti‑Fraud Engineering

Cost‑aware technology selection: Evaluate models not only by accuracy but also by annotation cost, compute expense, and business impact (e.g., how many fraudulent orders are prevented per millisecond of latency reduction).

Continuous knowledge evolution: Stay abreast of the latest AI research (e.g., attention mechanisms) and rapidly prototype promising ideas to keep the fraud‑detection pipeline ahead of adversaries.

Cross‑domain thinking: Apply game‑theoretic predictions of attacker behavior, introduce stochastic and nonlinear feedback mechanisms inspired by dissipative structures, and use generative AI to anticipate new fraud patterns before they appear.

Conclusion: The T‑Shaped Engineer

The author emphasizes that successful anti‑fraud work requires deep expertise in a specific technical domain (AI, NLP, reinforcement learning) combined with a broad understanding of business constraints and evolving threat landscapes. Building such “T‑shaped” capabilities enables engineers to design solutions that are both cutting‑edge and pragmatically viable.