Systems and user interfaces for holistic, data-driven investigation of bad actor behavior based on clustering and scoring of related data
First Claim
1. A computer system comprising:
- one or more computer readable storage devices configured to store;
a plurality of computer executable instructions;
at least one data cluster stored in a memory of the computer system, wherein the at least one data cluster is associated with a data clustering strategy and is generated according to the data clustering strategy, the data cluster including at least;
a plurality of trade data items including information associated with trades of a trader;
a plurality of external event data items including information associated with at least one of a trade confirmation, a trade settlement, an exchange margining, or a cash flow associated with a trade;
a plurality of logical connections among the data items in the data cluster, wherein each logical connection indicates a relationship between at least two of the data items; and
wherein all the data items in the data cluster are linked with one another, either directly or indirectly, by the logical connections;
a trading risk indicator configured to utilize at least a subset of the data items in the data cluster; and
one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the computer system to;
access the data cluster, including the plurality of trade data items and the plurality of external event data items, from the one or more computer readable storage devices;
access the trading risk indicator from the one or more computer readable storage devices;
apply the trading risk indicator to the data cluster by;
analyzing the plurality of trade data items; and
analyzing the plurality of external event data items to identify a subset of external event data items; and
generate an alert in response to determining that the subset of external event data items includes more external event data items than a threshold number of external event data items.
8 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, automatically tag and group those clustered data structures, and provide results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria, rules, indicators, or scenarios so as to generate scores, reports, alerts, or conclusions that the analyst may quickly and efficiently use to evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters in the context of, for example, a risky trading investigation.
604 Citations
20 Claims
-
1. A computer system comprising:
-
one or more computer readable storage devices configured to store; a plurality of computer executable instructions; at least one data cluster stored in a memory of the computer system, wherein the at least one data cluster is associated with a data clustering strategy and is generated according to the data clustering strategy, the data cluster including at least; a plurality of trade data items including information associated with trades of a trader; a plurality of external event data items including information associated with at least one of a trade confirmation, a trade settlement, an exchange margining, or a cash flow associated with a trade; a plurality of logical connections among the data items in the data cluster, wherein each logical connection indicates a relationship between at least two of the data items; and wherein all the data items in the data cluster are linked with one another, either directly or indirectly, by the logical connections; a trading risk indicator configured to utilize at least a subset of the data items in the data cluster; and one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the computer system to; access the data cluster, including the plurality of trade data items and the plurality of external event data items, from the one or more computer readable storage devices; access the trading risk indicator from the one or more computer readable storage devices; apply the trading risk indicator to the data cluster by; analyzing the plurality of trade data items; and analyzing the plurality of external event data items to identify a subset of external event data items; and generate an alert in response to determining that the subset of external event data items includes more external event data items than a threshold number of external event data items. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system comprising:
-
one or more computer readable storage devices configured to store; a plurality of computer executable instructions; at least one data cluster stored in a memory of the computer system, wherein the at least one data cluster is associated with a data clustering strategy and is generated according to the data clustering strategy, the data cluster including at least; a plurality of trade data items including information associated with trades of a trader; a plurality of profit and loss (PNL) data items including information associated with the trader'"'"'s PNL over a time period; and a plurality of logical connections among the data items in the data cluster, wherein each logical connection indicates a relationship between at least two of the data items; and wherein all the data items in the data cluster are linked with one another, either directly or indirectly, by the logical connections; a trading risk indicator configured to utilize at least a subset of the data items in the data cluster; and one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the computer system to; access the data cluster, including the plurality of trade data items and the plurality of PNL data items, from the one or more computer readable storage devices; access the trading risk indicator from the one or more computer readable storage devices; apply the trading risk indicator to the data cluster by; analyzing the plurality of trade data items; and analyzing the plurality of PNL data items; and generate an alert in response to application of the trading risk indicator to the data cluster. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification