Abstract: There are provided systems and methods for pairwise graph querying, merging, and computing for account linking. A service provider may provide an account graph system to identify pairwise similarities between different accounts based on shared data that may be identified through one or more linking characteristics. When providing pairwise graph similarities, a service provider may receive a query identifying two or more accounts and/or an account with a parameter for graph exploration and querying. The service provider may utilize connection, link, or relationship graphs, queried and generated using a graph database, to determine pairwise similarities between the designated seed account and one or more selected accounts. The graph may include vertices for different queried data points and edges connecting such queries, where directionality of the edges or other vectors may be used to identify links or hops between accounts for data querying and exploration.

Abstract: Machine learning techniques are used in combination with graph data structures to perform automated classification of accounts. Graphs may be constructed using a seed node and then expanded outward to second-degree nodes and third-degree nodes that are connected to a seed user account node via direct interaction between the accounts. Characterization information regarding the interaction between accounts can be stored in the graph (e.g., quantity of interactions, types of interactions) as well as other metrics and metadata. A classifier, using random forest or another technique, may be trained using a number of different graphs that can then be used to reach a determination as to whether a user account falls into one particular category or another. These techniques can identify accounts that may be violating terms of service, committing a security violation, and/or performing illegal actions in a way that is not ascertainable from human analysis.

Abstract: Methods and systems are presented for classifying a particular user account as a fraudulent user account by analyzing links between the user account and two or more known fraudulent user accounts collectively. Attributes of the particular user account are compared against attributes of a plurality of known fraudulent accounts to determine that the particular user account has shared attributes with a first known fraudulent account and a second known fraudulent account. The shared attributes with the first known fraudulent account and the second known fraudulent account are analyzed collectively to determine a risk level for the particular user account. The risk level may indicate a likelihood that the particular user account corresponds to a fraudulent account.

Abstract: Machine learning techniques are used in combination with graph data structures to perform automated classification of accounts. Graphs may be constructed using a seed node and then expanded outward to second-degree nodes and third-degree nodes that are connected to a seed user account node via direct interaction between the accounts. Characterization information regarding the interaction between accounts can be stored in the graph (e.g., quantity of interactions, types of interactions) as well as other metrics and metadata. A classifier, using random forest or another technique, may be trained using a number of different graphs that can then be used to reach a determination as to whether a user account falls into one particular category or another. These techniques can identify accounts that may be violating terms of service, committing a security violation, and/or performing illegal actions in a way that is not ascertainable from human analysis.

Abstract: Machine learning techniques are used in combination with graph data structures to perform automated classification of accounts. Graphs may be constructed using a seed node and then expanded outward to second-degree nodes and third-degree nodes that are connected to a seed user account node via direct interaction between the accounts. Characterization information regarding the interaction between accounts can be stored in the graph (e.g., quantity of interactions, types of interactions) as well as other metrics and metadata. A classifier, using random forest or another technique, may be trained using a number of different graphs that can then be used to reach a determination as to whether a user account falls into one particular category or another. These techniques can identify accounts that may be violating terms of service, committing a security violation, and/or performing illegal actions in a way that is not ascertainable from human analysis.

Abstract: Methods and systems are presented for classifying a particular user account as a fraudulent user account by analyzing links between the user account and two or more known fraudulent user accounts collectively. Attributes of the particular user account are compared against attributes of a plurality of known fraudulent accounts to determine that the particular user account has shared attributes with a first known fraudulent account and a second known fraudulent account. The shared attributes with the first known fraudulent account and the second known fraudulent account are analyzed collectively to determine a risk level for the particular user account. The risk level may indicate a likelihood that the particular user account corresponds to a fraudulent account.

Abstract: Various systems, mediums, and methods may involve a data engine with various components. For example, a system with the data engine may include a segmentation component, an asset preparation component, a clustering component, a variable generation component, and classification component. As such, the system may determine a number of assets associated with a number of activities of one or more accounts. Further, the system may determine various links associated with the number of assets. As such, the system may detect an attack and/or an attack trend associated with the one or more accounts based on the various links associated with the number assets. Further, the system may generate a notification that indicates the attack and/or the attack trend detected.

Abstract: Rapidly handling large data sets can be a challenge, particularly in situations where there are millions or even hundreds of millions of database records. Sometimes, however, a service level agreement necessitates that a service return a response to a query in a small amount of time. Database organization techniques can be used that reduce potentially large datasets to smaller groups (neighbors) based on uncommon but shared attributes, in various instances. Using a limited set of related records, queries can be answered using a focused approximation based on characteristics of various identified clusters of records in the set of related records. A particular record may also be associated with an existing cluster of records based on that record's similarities to records in the cluster.

Abstract: Methods and systems are presented for classifying a particular user account as a fraudulent user account by analyzing links between the user account and two or more known fraudulent user accounts collectively. Attributes of the particular user account are compared against attributes of a plurality of known fraudulent accounts to determine that the particular user account has shared attributes with a first known fraudulent account and a second known fraudulent account. The shared attributes with the first known fraudulent account and the second known fraudulent account are analyzed collectively to determine a risk level for the particular user account. The risk level may indicate a likelihood that the particular user account corresponds to a fraudulent account.

Abstract: Various systems, mediums, and methods may involve a data engine with various components. For example, a system with the data engine may include a segmentation component, an asset preparation component, a clustering component, a variable generation component, and classification component. As such, the system may determine a number of assets associated with a number of activities of one or more accounts. Further, the system may determine various links associated with the number of assets. As such, the system may detect an attack and/or an attack trend associated with the one or more accounts based on the various links associated with the number assets. Further, the system may generate a notification that indicates the attack and/or the attack trend detected.

Abstract: Machine learning techniques are used in combination with graph data structures to perform automated classification of accounts. Graphs may be constructed using a seed node and then expanded outward to second-degree nodes and third-degree nodes that are connected to a seed user account node via direct interaction between the accounts. Characterization information regarding the interaction between accounts can be stored in the graph (e.g., quantity of interactions, types of interactions) as well as other metrics and metadata. A classifier, using random forest or another technique, may be trained using a number of different graphs that can then be used to reach a determination as to whether a user account falls into one particular category or another. These techniques can identify accounts that may be violating terms of service, committing a security violation, and/or performing illegal actions in a way that is not ascertainable from human analysis.

Abstract: Various systems, mediums, and methods may involve a data engine with various components. For example, a system with the data engine may include a segmentation component, an asset preparation component, a clustering component, a variable generation component, and classification component. As such, the system may determine a number of assets associated with a number of activities of one or more accounts. Further, the system may determine various links associated with the number of assets. As such, the system may detect an attack and/or an attack trend associated with the one or more accounts based on the various links associated with the number assets. Further, the system may generate a notification that indicates the attack and/or the attack trend detected.

Abstract: Rapidly handling large data sets can be a challenge, particularly in situations where there are millions or even hundreds of millions of database records. Sometimes, however, a service level agreement necessitates that a service return a response to a query in a small amount of time. Database organization techniques can be used that reduce potentially large datasets to smaller groups (neighbors) based on uncommon but shared attributes, in various instances. Using a limited set of related records, queries can be answered using a focused approximation based on characteristics of various identified clusters of records in the set of related records. A particular record may also be associated with an existing cluster of records based on that record's similarities to records in the cluster.

Abstract: Various systems, mediums, and methods may involve a data engine with various components. For example, a system with the data engine may include a segmentation component, an asset preparation component, a clustering component, a variable generation component, and classification component. As such, the system may determine a number of assets associated with a number of activities of one or more accounts. Further, the system may determine various links associated with the number of assets. As such, the system may detect an attack and/or an attack trend associated with the one or more accounts based on the various links associated with the number assets. Further, the system may generate a notification that indicates the attack and/or the attack trend detected.