×

Systems and user interfaces for holistic, data-driven investigation of bad actor behavior based on clustering and scoring of related data

  • US 9,454,785 B1
  • Filed: 09/17/2015
  • Issued: 09/27/2016
  • Est. Priority Date: 07/30/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer system comprising:

  • one or more computer readable storage devices configured to store;

    a plurality of computer executable instructions;

    at least one data cluster stored in a memory of the computer system, wherein the at least one data cluster is associated with a data clustering strategy and is generated according to the data clustering strategy, the data cluster including at least;

    a plurality of trade data items including information associated with trades of a trader;

    a plurality of external event data items including information associated with at least one of a trade confirmation, a trade settlement, an exchange margining, or a cash flow associated with a trade;

    a plurality of logical connections among the data items in the data cluster, wherein each logical connection indicates a relationship between at least two of the data items; and

    wherein all the data items in the data cluster are linked with one another, either directly or indirectly, by the logical connections;

    a plurality of trading risk indicators including a first trading risk indicator and a second trading risk indicator, wherein the first trading risk indicator is a control timing arbitrage indicator for detecting whether a trader is routinely cancelling or amending trades prior to an external event to create a positive change to the trader'"'"'s PNL; and

    one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the computer system to;

    access the data cluster, including the plurality of trade data items and the plurality of external event data items, from the one or more computer readable storage devices;

    access the control timing arbitrage indicator from the one or more computer readable storage devices; and

    apply the control timing arbitrage indicator to the data cluster by;

    analyzing the plurality of trade data items to identify cancelled or amended trades of the trader;

    determining a cancellation or amendment time associated with each cancelled or amended trade of the trader;

    analyzing the plurality of external event data items to identify a subset of external event data items, wherein each external event data item of the subset of external event data items is associated with a respective one of the cancelled or amended trades of the trader and a time that is after the cancelation or amendment time associated with the respective one of the cancelled or amended trades of the trader; and

    generating an alert in response to determining that the subset of external event data items includes more external event data items than a threshold number of external event data itemsaccess the second trading risk indicator from the one or more computer readable storage devices; and

    apply the second trading risk indicator to the data cluster by;

    analyzing at least a subset of the plurality of trade data items and external event data items analyzed through applying the control arbitrage timing indicator.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×