Channel-Agnostic Containment of Scam Stores in SDN Networks

In recent years, fraudulent shopping websites have continued to pose a serious threat despite heightened attention. Existing, case-specific security ecosystems often lack real-time mitigation, overlooking the myriad social channels, the short-lived nature of attacks, and the open windows that expose mobile commerce and PC-centric vulnerabilities. In this paper, we propose an automated method for gathering and detecting Fraudulent E-Commerce Websites (FCWs) by examining URLs from the very internet fabric such attacks rely on being HTTP, HTTPS, HTTP3 protocols in an SDN network. We relied on an in-network web retrieval system and a feature-enhanced XGBoost classifier built on the BeyondPhish model, to identify and categorize FCWs. Our model achieved a detection rate of 97.28% and a false-negative rate of 2.7%. Finally, detected FCWs are blocked via SDN OpenFlow rules applied to their IPv4 and IPv6 addresses, effectively closing the exploitation window that previous approaches left open for an average of 15 days or more when legal processes were required. By leveraging real-time, in-network web retrieval, classification, and mitigation, we achieved a pipeline detection-to-restriction time of under 30 seconds while blocking fraudulent URLs across all channels, demonstrating strong potential for enhancing mobile-commerce and PC-centric security.