Business Context
A retail bank has detected suspicious activity where multiple accounts share common identifiers (IP addresses, device IDs) in a way that suggests a 'fraud ring'. The fraud department needs to identify completely connected subgraphs (cliques) where every account is linked to every other account in the group, indicating high-risk collusion.
About the Set : optNetwork
Network analysis and graph algorithms.
Discover all actions of optNetwork Data Preparation
Creation of a transaction link table representing shared identifiers between accounts. Accounts A, B, C, and D form a fully connected fraud ring.
Copied!
| 1 | |
| 2 | DATA mycas.fraud_links; |
| 3 | INPUT acc_from $ acc_to $; |
| 4 | DATALINES; |
| 5 | AccA AccB AccA AccC AccA AccD AccB AccC AccB AccD AccC AccD AccE AccF AccF AccG; |
| 6 | |
| 7 | RUN; |
| 8 |
Étapes de réalisation
1
Execute the clique action to find fraud rings and calculate the 'clique number' to determine the size of the largest ring found.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | ACTION optNetwork.clique / links={name='fraud_links', vars={from='acc_from', to='acc_to'}} cliqueNumber=TRUE out={name='suspect_groups', replace=true}; |
| 4 | |
| 5 | RUN; |
| 6 |
2
Verify the results by fetching the clique number from the result list.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | PRINT 'Largest Fraud Ring Size: ' || find(results, 'cliqueNumber'); |
| 4 | |
| 5 | RUN; |
| 6 |
Expected Result
The action should identify one major clique {AccA, AccB, AccC, AccD} as a suspect group. The 'cliqueNumber' result should return 4, indicating the size of the largest collusion ring.