# README: Fighting Fraud with Graph Theory



### Background / Purpose
The purpose of this project is to compare strategies for detecting ratings manipulation that occurs when a fraudster sets up fake accounts in an online marketplace and then uses them to boost their peer to peer ratings score. Specifically, I will demonstrate how effective fraud detection features can be built using graph theory and applied in a machine learning model to predict fraud from users who manipulate their ratings score.

### The Data and the Fraud
I will use five years of peer to peer ratings from the Over The Counter (OTC) Bitcoin Marketplace [Over The Counter (OTC) Bitcoin Marketplace!](https://bitcoin-otc.com) between 2011 and 2016. In this online marketplace, where users traded products and services for bitcoin, each party has the option of rating the trustworthiness of the person they transacted with. Trust ratings range from -10  representing completely untrustworthy to +10 reflecting a very trusted individual. For the purpose of this analysis, I have categorized these ratings as fraud (-10), untrustworhy (-9 to -1), and trusted (>0). The dataset <<link>> contains four fields: date, rater, ratee, rating.

<image of website>

Fraud is on issue in the OTC marketplace and their websites displays the following warning: 

*"Do not rely on the ratings blindly - since the cost of entry into the web of trust is only one positive rating, it is not impossible for a scammer to infiltrate the system, and then create a bunch of bogus accounts who all inter-rate each other. Talk to people on #bitcoin-otc first, make sure they are familiar with the person you're about to trade with, have traded with him successfully in the past, etc."*

The goal of this project will be to identify these types of fraudulent OTC transactions before they occurs. 

### Marketplace Fraud
In peer to peer (P2P) marketplaces, fraudsters generally need to establish a trusted rating profile in order to undertake a transaction of any significant value. Therefore, the most aggregious frauds will involve a user account with a positive ratings profile and no history of negative ratings. I will test fraud detection techniques on a subset of the marketplace transactions that meet this criteria:
- 3+ prior positive ratings
- no history of negative ratings

- Total Ratings in subset: 17,965 
- - Negative Ratings: 525 (2%)
- - Fraud Ratings: 245 (1%)

### Useing Graph Theory to Detect Ratings Manipulation
Graph theory metrics can be used to understand the interactions that a user is having with other accounts and can be used to identify patterns associated with fraudulent ratings boostings. When OTC users rate each other, a network is formed linking then together by the ratings they give each other. I diplay positive ratings in blue and negative ratings in red. The direction shows who is receiving the rating and width is related to the size of the rating score. The network surrounding a fraudster who is manipulating his ratings is structured different from the activity that is generated from a normal user.

< side by side example of fraud and normal user>

This interaction can be quantified and comapred with normal OTC interations by using several different graph theory components. Thes components can be grouped into **Triads** and **Measures of Density**

### Traids
In graph theory, triads are groups of 3 nodes that are interlinked in some way. Triads in our case would be users that are linked by the ratings that they give each other. In a directional graph there are 16 different possible configuratios of triads. 
    <<show triads graphic>>
Triads use the following nameing convention:
    1st digit: number of bidirectional connections between nodes (users have rated each other)
    2nd digit: number of single directional connections (only one user has been rated)
    3rd digit: number of open connections (users have not interacted with each other)
    
The triads most interesting for us are the 201 and 030T structures. The 201 is what we would normally expect to see when user interact and both rate each other. However, the 030T structure is what we see when fraudsters are using fake accounts to boost their ratings. In this scenaro, they don't necessarily provide reciprocal ratings and they users that have been rated tend to rate each other in an interconnected fashion. 

    - cdf plots of 201 and 030T values for fraud and non fraud users??? - using just the fraudster and victim in fraud transaction identified in this dataset.
    
### Measures of Density
- Measure of centrality, specifically high closeness and low betweeness to signify a denser network
- Cluster coefficient
- Number of cliques
- Custer Coefficient
    
    
### Feature Creation
To create fraud prediction features, I use the history of prior positive ratings in the marketplace and generate a Reverse Directed Ego Subgraph of the users rating connections. An Ego Subgraph is a subnetwork that is centered around the user. I use a reverse directed graph with a radius of 1 so that I pick up the users that have rated the user in question. The egonetwork will also pick up interactions between any of the nodes in the subgraph. To normalize data between heavy and light user activity, the triad counts are divided by the number of people a user has interacted with (the user nodes degree). 
    
To predict negative OTC ratings, we need to do more than just identify a user involved in ratings manipulation. We must also identify when they are being rated by one of their co-conspiritor users (positive rating) vs. a legit user who is being victimized (negative rating). I do this by measuring the difference in metric values between the rater and ratee.
    
### Model Accuracy
    
    
### Alternative Fraud Prediction Features
Historical Account Activity
Features that look for anomalous user behavior are used to identify ATO fraud. I will use features related days the account has been active and last used.

- Days Since First Rating
- Days Since Last Rating
- Number of Postivite Ratings Received
- Number of Negative Ratings Received
- Ratio of Negative to Positive Ratings
- Average Rating

    
### Conclusion
    
    Not only is this fraud difficult to anticipate by the marketplace users, it is also difficult to identify by traditional fraud detection models. Models are usually based on features that measure the velocity and pattern of a user’s activity and learn which patterns are normal and which ones are likely fraudulent. However in this case, we need to look beyond the fraud user and see what is happening with people they have previously interacted with.

# OLD README
Creating a trusted environment is essential for successful online marketplaces. Unfortunately, unscrupulous users will devise schemes to manipulate user ratings and thus, undermine this trust. My project's goal is to build a predictive model to identify users who are likely to create negative experiences for other marketplace users. 

### Bitcoin Trading Marketplaces
The OTC Bitcoin Marketplace is a place where users can trade bitcoin for service or products or vice versa. For my project I focused on the Over The Counter Bitcoin Marketplace. 

![](/images/OTC_screenshot.png)

 Trust is established by having users rate each other based on the experience of their interactions. Ratings range from -10 for completely untrustworthy to +10 for very trusted. My project focuses on the first five years of operation of this marketplace which involves 5,881 users giving 35,588 ratings to each other, 10% of which were negative. 

![](/images/bitcoin_marketplace_hist.png)

### The Fraud Ratings Manipulation Scheme
Someone trying to defraud a user needs to establish ratings credibility before anyone is likely to engage with them in a transaction of any significant value. They can work to obtain a higher rating by engaging in legitimate transactions, but this takes time and fraudsters are usually not very patient.  Alternatively, they can create a bunch of fake users and then have all of these users rate each other positively. Once the users have a good rating, they go out and find an unsuspecting legitimate user to defraud.

<img src="/images/example1.png" alt="drawing" width="500"/>
<img src="/images/example2.png" alt="drawing" width="500"/>

### Fraud Detection Models
Not only is this fraud difficult to anticipate by the marketplace users, it is also difficult to identify by traditional fraud detection models. Models are usually based on features that measure the velocity and pattern of a user’s activity and learn which patterns are normal and which ones are likely fraudulent. However in this case, we need to look beyond the fraud user and see what is happening with people they have previously interacted with.

### Graph Theory Features
To address this issue, I have engineered 10 predictive features based on graph theory. For each transaction, I used the history of prior positive ratings in the marketplace and generated a Reverse Directed Ego Subgraph of the users rating connections. The subgraph shows interactions between users that the main user has received positive ratings from. This subgraph is then used as the basis for generating predictive features associated with the user, mostly around density metrics. These features consist of:
- Counts of triads, specificaly triads 301, 210, 201, and 120
- Measure of centrality, specifically high closeness and low betweeness to signify a denser network
- Cluster coefficient
- Number of degrees or users that where interacted with
- Number of cliques

### Other Features
My model also uses 12 more traditional features associated with user activity including, negative ratings in previous 24 and 48 hours, number of successive negative ratings, days since last active, first active and last negative rating, number of positive and negative ratings, sum and average of ratings received and negative ratings percent.

### The model:
My fraud detection model utilizes these 22 features with a Random Forest Classifier. I trained the model on 80 percent of the marketplace ratings using a stratified and shuffled sample and tested performance against the remaining 20% of ratings. I used scikit-learn's RandomizedSearchCV method to define a grid of paramaeter ranges and randomly sampled from the grid performing 3-fold cross validation. Next I used a grid search with cross validation for final tuning. Tuning resulted in a 2.64% increase in model performance. The accuracy score of 0.9437 was extemely close to the Out Of Bag score of 0.09462 thus suggesting model validity. My model was able to successfully predict a negative rating 54% of the time with only 1% of legitimate users affected with a false positive prediction when using a 0.5 threshold value. For the fraud ratings scenario described above, I was able to sample the results and determine successful classification after the graph theory features had been added to the model. 

<img src="/images/confusion_matrix.png" alt="drawing" width="500"/>

<img src="/images/PR_curve.png" alt="drawing" width="500"/>

### Next Steps - Results Validation
The model performed slightly better with the graph theory features than without with the f1_score increasing from .65 to .66. As there are relatively few frauds tied to the scenario I am trying to detect, I would like to ensure that this increase is due to them being detected. I plan to run a series of random train-test-splits to test the model with and without the graph features and then compare the results to determine if they are statistically significant, especially for the scenarios I have manually categorized as ratings manipulation fraud. 

Data Source: https://snap.stanford.edu/data/soc-sign-bitcoin-otc.html

OTC Bitcoin Marketplace: https://bitcoin-otc.com