Abstract: Methods and systems are presented for classifying a particular user account as a fraudulent user account by analyzing links between the user account and two or more known fraudulent user accounts collectively. Attributes of the particular user account are compared against attributes of a plurality of known fraudulent accounts to determine that the particular user account has shared attributes with a first known fraudulent account and a second known fraudulent account. The shared attributes with the first known fraudulent account and the second known fraudulent account are analyzed collectively to determine a risk level for the particular user account. The risk level may indicate a likelihood that the particular user account corresponds to a fraudulent account.

Abstract: Methods and systems are presented for classifying a particular user account as a fraudulent user account by analyzing links between the user account and two or more known fraudulent user accounts collectively. Attributes of the particular user account are compared against attributes of a plurality of known fraudulent accounts to determine that the particular user account has shared attributes with a first known fraudulent account and a second known fraudulent account. The shared attributes with the first known fraudulent account and the second known fraudulent account are analyzed collectively to determine a risk level for the particular user account. The risk level may indicate a likelihood that the particular user account corresponds to a fraudulent account.

Abstract: A method may include identifying a shared usage of a first network address and a second network address in a predetermined period of time. The method may also include clustering the first network address and the second network address based on the shared usage. The method may include determining a weighting factor between the first network address and the second network address based on the shared usage. The method may further include receiving a request that includes the second network address from a client device. The method may include determining that the request for the electronic activity does not include suspicious activity based on the first network address and the second network address being in the cluster. The method may further include permitting the electronic activity based on the determination that the request for the electronic activity does not include suspicious activity.

Abstract: Rapidly handling large data sets can be a challenge, particularly in situations where there are millions or even hundreds of millions of database records. Sometimes, however, a service level agreement necessitates that a service return a response to a query in a small amount of time. Database organization techniques can be used that reduce potentially large datasets to smaller groups (neighbors) based on uncommon but shared attributes, in various instances. Using a limited set of related records, queries can be answered using a focused approximation based on characteristics of various identified clusters of records in the set of related records. A particular record may also be associated with an existing cluster of records based on that record's similarities to records in the cluster.

Abstract: Methods and systems are presented for classifying a particular user account as a fraudulent user account by analyzing links between the user account and two or more known fraudulent user accounts collectively. Attributes of the particular user account are compared against attributes of a plurality of known fraudulent accounts to determine that the particular user account has shared attributes with a first known fraudulent account and a second known fraudulent account. The shared attributes with the first known fraudulent account and the second known fraudulent account are analyzed collectively to determine a risk level for the particular user account. The risk level may indicate a likelihood that the particular user account corresponds to a fraudulent account.

Abstract: A method may include identifying a shared usage of a first network address and a second network address in a predetermined period of time. The method may also include clustering the first network address and the second network address based on the shared usage. The method may include determining a weighting factor between the first network address and the second network address based on the shared usage. The method may further include receiving a request that includes the second network address from a client device. The method may include determining that the request for the electronic activity does not include suspicious activity based on the first network address and the second network address being in the cluster. The method may further include permitting the electronic activity based on the determination that the request for the electronic activity does not include suspicious activity.

Abstract: A method may include identifying a shared usage of a first network address and a second network address in a predetermined period of time. The method may also include clustering the first network address and the second network address based on the shared usage. The method may include determining a weighting factor between the first network address and the second network address based on the shared usage. The method may further include receiving a request that includes the second network address from a client device. The method may include determining that the request for the electronic activity does not include suspicious activity based on the first network address and the second network address being in the cluster. The method may further include permitting the electronic activity based on the determination that the request for the electronic activity does not include suspicious activity.

Abstract: A method may include identifying a shared usage of a first network address and a second network address in a predetermined period of time. The method may also include clustering the first network address and the second network address based on the shared usage. The method may include determining a weighting factor between the first network address and the second network address based on the shared usage. The method may further include receiving a request that includes the second network address from a client device. The method may include determining that the request for the electronic activity does not include suspicious activity based on the first network address and the second network address being in the cluster. The method may further include permitting the electronic activity based on the determination that the request for the electronic activity does not include suspicious activity.

Abstract: Rapidly handling large data sets can be a challenge, particularly in situations where there are millions or even hundreds of millions of database records. Sometimes, however, a service level agreement necessitates that a service return a response to a query in a small amount of time. Database organization techniques can be used that reduce potentially large datasets to smaller groups (neighbors) based on uncommon but shared attributes, in various instances. Using a limited set of related records, queries can be answered using a focused approximation based on characteristics of various identified clusters of records in the set of related records. A particular record may also be associated with an existing cluster of records based on that record's similarities to records in the cluster.