| CPC G06Q 30/0185 (2013.01) [G06F 16/9024 (2019.01); G06F 21/64 (2013.01); G06N 5/04 (2013.01); G06Q 30/0205 (2013.01); G06Q 50/01 (2013.01)] | 19 Claims |
|
1. A method comprising:
accessing, by a computer system, a graph comprising a plurality of nodes, the graph stored in a memory of the computer system, the plurality of nodes including a plurality of user account nodes and a plurality of attribute nodes, each user account node in the plurality of user account nodes representing a user account, each attribute node in the plurality of attribute nodes comprising information identifying an attribute characterized by an attribute name and a value associated with the attribute name, wherein, each node in the plurality of user account nodes is connected via one or more edges to one or more attribute nodes from the plurality of attribute nodes representing one or more attributes that are associated with the user account represented by the user account node, the plurality of user account nodes comprising a set of one or more fraudulent user account nodes corresponding to one or more user accounts known as being fraudulent, the plurality of user account nodes further comprising a set of one or more monitored user account nodes corresponding to one or more user accounts being monitored;
for a first monitored user account node in the plurality of monitored user account nodes, identifying, by the computer system, by searching the graph stored in the memory of the computer system, a set of one or more shared attribute nodes from the set of attribute nodes, wherein each attribute node in the set of shared attribute nodes is connected via edges to both the first monitored user account node and to at least one fraudulent user account node from the plurality of fraudulent user account nodes;
based on the set of one or more shared attribute nodes in the graph stored in the memory of the computer system, computing, by the computer system, a match score for the first monitored user account node by:
determining a number of attribute nodes in the set of one or more shared attribute nodes;
determining a number of attribute nodes connected via edges to a first fraudulent user account node from the set of fraudulent user account nodes; and
computing the match score based upon the number of attribute nodes in the set of one or more shared attribute nodes and the number of attribute nodes connected via edges with the first fraudulent user account node;
determining, by the computer system, based upon the match score computed for the first monitored user account node in the graph stored in the memory of the computer system, that a first monitored user account corresponding to the first monitored user account node is potentially a fraudulent user account;
responsive to the determining, identifying, by the computer system, an action to be performed with respect to the first monitored user account corresponding to the first monitored user account node;
performing, by the computer system, the action, wherein the action comprises tagging the first monitored user account as a potentially fraudulent user account;
receiving, by the computer system, via a data stream, monitored user account information identifying one or more new user accounts being monitored;
receiving, by the computer system, via the data stream, fraudulent user account information identifying one or more new user accounts known as being fraudulent; and
dynamically updating, by the computer system, the graph based at least in part on the monitored user account information and the fraudulent user account information.
|