CPC G06Q 20/4016 (2013.01) [G06Q 20/382 (2013.01); G06Q 40/08 (2013.01); H04L 67/01 (2022.05); H04L 45/02 (2013.01)] | 18 Claims |
1. A computer-implemented method comprising:
receiving, by a processor, input data, wherein the input data includes a plurality of messages, each message containing a set of message data;
generating, by a pattern detector, and based on the input data, a network graph, wherein the network graph includes a plurality of nodes including a decoy node;
selecting a first context node of the plurality of nodes, wherein the first context node includes a first characteristic and the first context node is relevant to a fraudulent purpose;
identifying the decoy node in the first network graph;
removing the decoy node from the first network graph;
determining a first pattern for the first context node, wherein the first pattern ignores the decoy node and the first pattern represents a relationship between the first context nodes and the remaining plurality of nodes;
running a message propagation algorithm, wherein the message propagation algorithm includes creating a plurality of propagation messages and sending each propagation message from a seed node to each directly connected node, and continuing propagation of each propagation message until no more valid connected nodes can be found;
identifying, in response to running the message propagation algorithm and based on the first pattern, a first sister node including the first characteristic, wherein the first sister node is in a common relative position of the context node within the first pattern; and
outputting, by a network interface, the first sister node and the network graph, wherein the output includes displaying the network graph.
|