# Definitions and Planning

## Actions and Indicators

### ACTIVITIES

 - Move KIN between a closed group of wallets _with_ or _without_ the DS wallets among the group
   - Automated
   - Manually
 - Perform failed transactions in purpose
 - Create exhagerated number of wallets<br>Generates many unique active spenders from same user
 - Wallet paying to itself
 - Create wallet without a DS as the wallet creator
 - Use false app-id to do fraudulent activities
 - Perform earn/spend activities without user aknowledge (transactions without experiences)
 - **DS FRAUD** towards her own users. DS can still money from users (the DS holds the user private key)

### PROBS
 
 - Transactions
     - KIN DAS vs Apptopia DAU<br>Check if they internaly onboard existing users gradually into KIN<br>
       Deviation from a utility function between active users and daily spends
     - Failed / Success ratio
     - Spend / Earn ratio
     - Variance on tx type and amount
     - Set an euristic initial growth ratio that if exceeded we become red.
     - Users or Wallets / Transactions (same, initial threshold for red detection)
     - Distribution of users according to the ratio S/E. Number of users that spend half of what they earned, 1/4, 0.9, etc
 - Time
     - Bursts of transactions
     - Constant / Similar time spacing between transactions
 - Wallets
     - Wallets vs Apptopia MAU<br>
       The number of new wallets should be some reasonable portion of the active users of the DS.<br>
       This ratio can be calculated out the DS themselves.<br>
       Set an initial wallets growth of 5% (euristic choice) above a critical number of existing wallets. If this 5% is 100-1000 wallets, relatively low volatility.<br>
       Update this 5% threshold as we learn more about the actual behaviour of the ecosystem<br>
       Chose different time frames for measuring metrics. Daily / every three days / weekley / e t c
     - Wallets creation growth over time<br>
       Could be detected as a setup for the beginning of an automated trading between false wallets.
     - Wallets number vs tx or uDAS count
     - Active wallets. Wallet aging.
     - Sleepy wallet sudden wakeup
     - P2P oriented
         - Detect closed wallet loops
         - Cliques
         - Ping-pong
         - Black Hole (a single wallet getting paid by lots). Track funds path afterwards.
             - All funds transferred to DS or other SINGLE wallet
             - Funds stay there
             - Funds are spread
         - Wallet Age/first transaction time. Comare across P2P wallets and detect trading wallets of same age.
         - Do daily analysis
         - Compare between days to find recurrent groups of same wallets
     - _Deprecated_: Use `kin-bi.devprog.events_view` to detect wallet creation created by robot or not (Variance on carrier, model, location, etc...)
 - **SDK Data**<br>
    **Make this Clear**: We need to get out of the blockchain. To get information that inherently is not available in the blockchain.
    We don’t need the data, but detect the activity is performed by legitimate users and not robots or other kinds of users performing activities to influence our results.

    - Location
        - Geographical distribution of new wallets
        - Geographical distribution of transactions
    - Environmental
        - **Cookies** are useful for identifying we are in the same browser / device (in the case many accounts are open from the same computer, for example)
        - **IP** wallets distribution
        - **Client type** (browser type, device os, game engine …) wallet creator
    - KYC
        - Email and Phone can be super helpful
 - Methods
      - Create a pivot table in excel and detect anomalities

## Detection Steps

In general, probes are implemented by data extraction and analysis. Each probe is first implemented in this Notebook and once ready it can be implemented in the fraud detection process

### To Begin With

 - Correlation between Apptopia Active Users and KIN activity (WALLET CREATION)
 - Utility function between wallets number and number of spends. (WALLET CREATION / TX)
 - Compare with SDK data reporting and detect that the events are legit - MUST CHECK THIS DATA IS USEFUL

### Probes Status

1. High Frequency Fluctuations - Done
1. Low Frequency Fluctuations - Done
1. Cliques Detection - Starting

### Manual Execution

Probes:
- Frequency Fluctuations:  The red alerts table focuses the user to check the graph and validate if activity shall be further investigated or not.
- Apptopia Validaton: Manually check activity of red alerts of apps and compare if activity in KIN makes sense given the DAU readings in Apptopia.

### Automated Execution

Run probes<br>
Green - All good<br>
Red - If we found something bad - not green - go manually and check why it is red
The Red at the beginning is less accurate (many false positives) so we improve the criteria and make each criterion more accurate.<br>
Generate an output file with the reds table. An xls file would be a good base for future features.

The moment we detect a sure Red, we contact the DS to understand together the activity. If it’s too bad, then we also prepare an explanation of why this is wrong and how to behave from now on.
It is very important to detect the soonest possible.

Tell Orad to pay attention when he talks to DSs about how they measure themselves when they discuss the KRE with him, so we learn the way they think. 


 # Fraud Research


## Statistical Data Observation

### Imports and Utils

#### Constants and Imports

In [None]:
from google.cloud import bigquery
import pandas as pd
import datetime as dt
import dateutil
from dateutil.relativedelta import relativedelta
import matplotlib.pyplot as plt

# For pretty printing
from IPython.display import display, Markdown, Latex

#feature extraction - Uncomment next three imports when restarting feature analysis
# from tsfresh import extract_features
# Feature cleanup irrelevants
# from tsfresh import select_features
# from tsfresh.utilities.dataframe_functions import impute 

# CONSTS
DATA_PATH = '/Users/skulas/Dev/Kin/Data/pickles/'

#### Utilities

In [None]:
# Utils
def today_to_string(sep_char = '/'):
    now = dt.datetime.now()
    return now.strftime('%d{}%m{}%Y'.format(sep_char, sep_char))

# Encode transaction type
#  Earn  -> 4
#  Spend -> 2
#  P2P   -> 1
def encode_transaction_type(tx_history=None):
    if tx_history is None:
        return None
    mapping = {'p2p': 1, 'spend': 2, 'earn': 4}
    new_pd = tx_history.replace({'tx_type': mapping})
    
    return new_pd
    

#### Save Large Data

In [None]:
import pickle
import os.path

import numpy.lib
import numpy as np
# import cPickle as pickle

def save_pandas(fname, data):
    '''Save DataFrame or Series

    Parameters
    ----------
    fname : str
        filename to use
    data: Pandas DataFrame or Series
    '''
    np.save(open(fname, 'w'), data)
    if len(data.shape) == 2:
        meta = data.index,data.columns
    elif len(data.shape) == 1:
        meta = (data.index,)
    else:
        raise ValueError('save_pandas: Cannot save this type')
    s = pickle.dumps(meta)
    s = s.encode('string_escape')
    with open(fname, 'a') as f:
        f.seek(0, 2)
        f.write(s)

def load_pandas(fname, mmap_mode='r'):
    '''Load DataFrame or Series

    Parameters
    ----------
    fname : str
        filename
    mmap_mode : str, optional
        Same as numpy.load option
    '''
    values = np.load(fname, mmap_mode=mmap_mode)
    with open(fname) as f:
        numpy.lib.format.read_magic(f)
        numpy.lib.format.read_array_header_1_0(f)
        f.seek(values.dtype.alignment*values.size, 1)
        meta = pickle.loads(f.readline().decode('string_escape'))
    if len(meta) == 2:
        return pd.DataFrame(values, index=meta[0], columns=meta[1])
    elif len(meta) == 1:
        return pd.Series(values, index=meta[0])

file_path = "pkl.pkl"
def write_huge_pkl(data, file_path):
#     n_bytes = 2**31
    max_bytes = 2**31 - 1
#     data = bytearray(n_bytes)

    ## write
    bytes_out = pickle.dumps(data)
    with open(file_path, 'wb') as f_out:
        for idx in range(0, len(bytes_out), max_bytes):
            f_out.write(bytes_out[idx:idx+max_bytes])

def read_huge_pkl(file_path):
    max_bytes = 2**31 - 1

    ## read
    bytes_in = bytearray(0)
    input_size = os.path.getsize(file_path)
    with open(file_path, 'rb') as f_in:
        for _ in range(0, input_size, max_bytes):
            bytes_in += f_in.read(max_bytes)
    data = pickle.loads(bytes_in)
    return data

    assert(data == data2)

#### Data Fetch

In [None]:
# Data Methods

def fetch_list_of_all_devs(force_refresh = False):
    all_devs_path = DATA_PATH + 'all_devs'

    try:
        if force_refresh:
            raise FileNotFoundError('Should refresh data from Database, ignoring file on disk')
        all_devs_list = pd.read_pickle(all_devs_path)
        print('Loaded all devs list from local disk.')
    except FileNotFoundError:
        print('Fetching all devs list from DB')
        query_str = 'SELECT * FROM `kin-bi.kin.digital_services_lookup_view`'
        client = bigquery.Client()
        query_job = client.query(query_str)

        results = query_job.result()  # Waits for job to complete.
        all_devs_list = results.to_dataframe()
        all_devs_list.to_pickle(all_devs_path)
        print('List of all devs saved to disk')
    
    return all_devs_list

    
def get_dev_by_wallet(devs_list=None, wallet=None):
    if wallet is None:
        return None

    if devs_list is None:
        devs_list = fetch_list_of_all_devs()
    
    our_guy = devs_list[(devs_list['app_wallet_sender'] == wallet) |
                        (devs_list['app_wallet_recipient'] == wallet) |
                        (devs_list['app_wallet_sender_2'] == wallet) |
                        (devs_list['app_wallet_recipient_2'] == wallet)
                       ]
    return our_guy

def get_dev_by_id(dev_id, devs_list=None):
    if dev_id is None:
        return None
    
    if devs_list is None:
        devs_list = fetch_list_of_all_devs()
    
    our_guy = devs_list[(devs_list['digital_service_id'] == dev_id)]
    return our_guy

def read_tx_history_from_DB(query_str):
    client = bigquery.Client()
    query_job = client.query(query_str)

    results = query_job.result()  # Waits for job to complete.
    res = results.to_dataframe()
    print(query_str)

    return res

def read_tx_history_from_DB_by_wallet(dev_object, base_date):
    DEFAULT = 'XX_NO_WALLET'
    w1 = dev_object.app_wallet_sender.iloc[0] or 'NO_app_wallet_sender'
    w2 = dev_object.app_wallet_recipient.iloc[0] or 'NO_app_wallet_recipient'
    w3 = dev_object.app_wallet_sender_2.iloc[0] or 'NO_app_wallet_sender_2'
    w4 = dev_object.app_wallet_recipient_2.iloc[0] or 'NO_app_wallet_recipient_2'
    wallets_str = "'{}', '{}', '{}', '{}'".format(w1, w2, w3, w4)

    query_str = """
        SELECT * FROM `kin-bi.stellar.payments_with_tx_types_view` 
        WHERE date >= '{}'
        AND (source in ({}) or 
        destination in ({}))
        ORDER BY date
    """.format(base_date, wallets_str, wallets_str)

    tx_history = read_tx_history_from_DB(query_str)
    return tx_history

def read_tx_history_from_DB_by_devid(dev_object, base_date):
    devid = dev_object.digital_service_id.iloc[0]

    query_str = """
        SELECT * FROM `kin-bi.stellar.payments_with_tx_types_view` 
        WHERE date >= '{}'
        AND digital_service_id = '{}'
        ORDER BY date
    """.format(base_date, devid)

    tx_history = read_tx_history_from_DB(query_str)
    return tx_history

# NOTE: Using kin-bi.kre.payments_with_tx_types_view_with_status which is a frozen view from 1-Jan till 20-Feb 2019
def get_trans_history(base_date='2018-12-20'):
    today_history_path = '{}all_tx_history_since_{}.csv'.format(DATA_PATH, 
                                                            today_to_string('_'))
    
    try:
        tx_history = pd.read_pickle(today_history_path)
        print('Loaded all tx history from disk')
    except FileNotFoundError:
        query_str = """
                    SELECT * FROM `kin-bi.kre.payments_with_tx_types_view_with_status` 
                    WHERE date >= '{}'
                """.format(base_date)
        
        tx_history = read_tx_history_from_DB(query_str)
        
        encoded_trans = encode_transaction_type(tx_history)
        tx_history['coded_tx_type'] = encoded_trans['tx_type']

    return tx_history

def save_data_to_pikle(name_prefix='all_tx_history_since', df_to_save=None):
    if df_to_save is None:
        return

    today_history_path = '{}{}_{}.csv'.format(DATA_PATH,
                                              name_prefix,
                                              today_to_string('_'))

    print('Savin {} to {}'.format(name_prefix, today_history_path))
    df_to_save.to_pickle(today_history_path)
        

    
def get_dev_trans_history(dev_object, 
                          day=None,
                          month=None, 
                          year=None, 
                          base_date='2018-12-20',
                          search_param='wallet'):
    """
    Build a list of transactions since base_date
    Attempt to get it from the disk (saved daily)
    :param dev_object: a df row of the dev we want to search history
    :param day, month, year: The date a file has been saved to the disk (a search date)
    :param base_date: The date which the transaction history shall begin from.
    :param search_param: Search by wallet or by ds id? 'id' or 'wallet'
    """
    
    if dev_object is None:
        return None
    
    dev_id = dev_object.digital_service_id.iloc[0]
#     today_history_path = DATA_PATH + 'tx_history_for_kinit_' + dev_id + '_' + today_to_string('_')
    today_history_path = '{}tx_history_by_{}_for_{}_{}'.format(DATA_PATH, 
                                                                  search_param,
                                                                  dev_id,
                                                                  today_to_string('_'))
    
    if day is None or month is None or year is None:
        tx_history_path = today_history_path
    else:
        # Read a file alredy available in memory
        tx_history_path = '{}tx_history_by_{}_for_{}_{}_{}_{}'.format(DATA_PATH, 
                                                                     search_param,
                                                                     dev_id,
                                                                     day,
                                                                     month,
                                                                     year)

    
    try:
        tx_history = pd.read_pickle(tx_history_path)
        print('Loaded tx history from disk')
    except FileNotFoundError:
        if search_param == 'id':
            
            tx_history = read_tx_history_from_DB_by_devid(dev_object, base_date)
        elif search_param == 'wallet':
            tx_history = read_tx_history_from_DB_by_wallet(dev_object, base_date)
        else:
            return None
        encoded_trans = encode_transaction_type(tx_history)
        tx_history['coded_tx_type'] = encoded_trans['tx_type']
        tx_history.to_pickle(today_history_path)
        print('Saved tx history to disk')

    return tx_history


#### Intermediate testing of methods above

In [None]:
devs_list = fetch_list_of_all_devs()
some_dev = get_dev_by_id('yqyf', devs_list)
display('wallet = {}'.format(some_dev.app_wallet_recipient.iloc[0]))
display(devs_list)

### List all developers

In [None]:
all_devs_list = fetch_list_of_all_devs()
display(all_devs_list)

In [None]:
display(all_devs_list.iloc[0])
display(all_devs_list.iloc[0]['app_wallet_sender'])


### Case Study - Kiny
An employee within one of the Developers members of the developers program ([Kinit](https://kinexplorer.com/statistics)) performed false actions during tests he was making on the blockchain. These activity has direct impact on the KRE payment this developoer would be granted.

In [None]:
WALLET = 'GBY5PZFDZ6Y25S6YRRZ3CXOAIUWOZ3ADONFY2OYCA7GPQCPPF2RDXXZC'
DEV_ID = 'rced'
our_guy = get_dev_by_wallet(all_devs_list, WALLET)
display(our_guy)

#### Transaction History

In [None]:
tx_history = get_dev_trans_history(dev_object=our_guy)
number_of_rows, _ = tx_history.shape
print('Since 25/Dec found {} transactions'.format(number_of_rows))
display(tx_history.tail(2))

#### Daily Transactions

In [None]:
daily_histogram_data = tx_history['date'].astype("datetime64")
sfig = plt.figure('Tx Histogram', figsize=(16,9))
daily_histogram = daily_histogram_data.hist(bins=100)

#### Daily volume

In [None]:
interesting_columns = {'amount': 'sum'}
volume_df = tx_history.groupby(tx_history['date']).aggregate(interesting_columns)
sfig = plt.figure('Daily Volume', figsize=(16,9))
splt = plt.plot(volume_df.index, volume_df['amount'])


#### All transactions done by developer

In [None]:
number_of_rows, _ = tx_history.shape
print('Since 25/Dec found {} transactions of our guy with one of his wallets'.format(number_of_rows))
tx_history = get_dev_trans_history(dev_object=our_guy, search_param='id')
number_of_rows, _ = tx_history.shape
print('Since 25/Dec found {} transactions of our guy with any wallet.'.format(number_of_rows))

In [None]:
daily_histogram_data = tx_history['amount']
# unique_ammounts = daily_histogram_data.drop_duplicates()
sfig = plt.figure('Tx Histogram', figsize=(16,9))
daily_histogram = daily_histogram_data.hist(bins=100)


#### Features Extraction Experiment
Try extracting features and see what comes out.<br>
**Paused it, will get back to feature extraction later on**<br>
To enable these cells convert them back from raw to code by selecting each (not in edit mode) and typing ```y```

#### Interesting Values
Extract information about transactions for the interesting developer<br>
##### Tx Amount

In [None]:
amounts = tx_history['amount']
max_ammount = amounts.max()
min_ammount = amounts.min()
avg_amount = amounts.mean()
median_amount = amounts.median()
print('Max: {}\nMin: {}\nMedian: {}\nAvg: {}'.format(max_ammount, min_ammount, median_amount, avg_amount))
uniques_count = pd.DataFrame(tx_history.groupby('amount')['tx_hash'].nunique())
display(uniques_count.head(10))
display(uniques_count.tail(10))

### Many Developers Analysis
Learn behavioural patterns of digital service providers

Start the postgress server:
(we could run it from here, but then we need to be sure the server is up before running anything)<br>
`pg_ctl -D /usr/local/var/postgres start`

#### All Devs List

In [None]:
display(all_devs_list)
# display(sorted_tx_history.head(1))
print(all_devs_list[all_devs_list['digital_service_id']=='p365']['digital_service_name'].iloc[0])
# for index, row in all_devs_list.iterrows():
#     display(Markdown('## {}'.format(row.digital_service_name)))

#### Build Report Function

In [None]:
from sqlalchemy import create_engine
import os

ron_pwd = os.environ['RON_PG_PWD']
ron_engine = create_engine(f'postgresql://postgres:{ron_pwd}@history-collector.cmmqkby1prsb.us-east-1.rds.amazonaws.com:5432/kin')

PG_KIN2_USERNAME = os.environ['PG_KIN_2_USER']
PG_KIN2_PWD = os.environ['PG_KIN_2_PWD']
PG_KIN2_CONNSTR = 'before-migration-blockchain-history.cywwhhj0pzz8.us-east-1.rds.amazonaws.com:5432/kin'
PG_KIN3_USERNAME = os.environ['PG_KIN_3_USER']
PG_KIN3_PWD = os.environ['PG_KIN_3_PWD']
PG_KIN3_CONNSTR = 'kin-blockchain-history.cywwhhj0pzz8.us-east-1.rds.amazonaws.com:5432/kin'

KIN2_ENGINE = create_engine(f'postgresql://{PG_KIN2_USERNAME}:{PG_KIN2_PWD}@{PG_KIN2_CONNSTR}')
KIN3_ENGINE = create_engine(f'postgresql://{PG_KIN3_USERNAME}:{PG_KIN3_PWD}@{PG_KIN3_CONNSTR}')


def run_query_on_postgres(query_str, engine=ron_engine):
    dataframe = pd.read_sql_query(query_str, con=engine)
    
    return dataframe

def run_query_on_hc(query_str, engine=KIN2_ENGINE):
    dataframe = pd.read_sql_query(query_str, con=engine)
    
    return dataframe

def get_wallets_of_developer(dev_id):
    dev_wallets_df = all_devs_list[all_devs_list['digital_service_id']==dev_id][['app_wallet_sender',
                                                                                'app_wallet_recipient',
                                                                                'app_wallet_sender_2',
                                                                                'app_wallet_recipient_2'
                                                                                ]]
    dev_wallets_list = dev_wallets_df.values.tolist()
    dev_wallets_list = list(filter(bool, dev_wallets_list[0]))

    return dev_wallets_list

def sql_strlist_from_list(str_list):
    lstr = "','".join(str_list)
    sqlstr = f"('{lstr}')"
    
    return sqlstr

def get_wallets_open_by_develoer_by_date(dev_id, run_on_kin3=False):
    query_str = f"""
                    SELECT time::date as date, COUNT(destination) as number_of_wallets
                    FROM public.creations
                    WHERE memo_text = '1-{dev_id}'
                    GROUP BY time::date
                    ORDER BY time::date ASC
    """

#     results_df = run_query_on_postgres(query_str)
    if run_on_kin3:
        results_df = run_query_on_hc(query_str, KIN3_ENGINE)
    else:
        results_df = run_query_on_hc(query_str, KIN2_ENGINE)
        
    results_df.set_index('date', inplace=True)
    
    return results_df

def fetch_tx_history_for_dev(dev_id):
    query_str = f"""
        SELECT * FROM `kin-bi.stellar.payments_with_tx_types_view` 
        WHERE digital_service_id = '{dev_id}'
        ORDER BY date
    """
    dev_history = read_tx_history_from_DB(query_str)
    
    # Encode tx_type
    encoded_trans = encode_transaction_type(dev_history)
    dev_history['coded_tx_type'] = encoded_trans['tx_type']
    
    return dev_history

def fetch_udas_history_for_dev(dev_id):
        query_str = f"""
            SELECT date, COUNT(DISTINCT(source)) as unique_spenders
            FROM `kin-bi.stellar.payments_with_tx_types_view` 
            WHERE tx_type in ('spend','p2p')
            AND digital_service_id = '{dev_id}'
            GROUP BY date
            ORDER BY date ASC
        """
        udas = read_tx_history_from_DB(query_str)
        return udas
        
def draw_wallts_vs_tx(data):
    avg_ratio = 1.5
    fig = plt.figure('New wallets vs # of tx', figsize=(16,9))
#     fig.suptitle("New wallets vs # of tx", fontsize=16)
    ax = plt.subplot("211")
    ax.set_title("New Walltes")
    ax.plot(data.index, data['number_of_wallets'], label="Wallets Creation")
    mean_now = data['number_of_wallets'].mean()
    ax.set_ylim([0, avg_ratio*mean_now])

    ax = plt.subplot("212")
    ax.set_title("# of Transactions")
    ax.plot(data.index, data['number_of_tx'], label="Transactions Count")
    mean_not = data['number_of_tx'].mean()
    ax.set_ylim([0, avg_ratio*mean_not])

    plt.subplots_adjust(hspace=0.2)
    plt.show()

def generate_report(dev_id):
    dev_history = fetch_tx_history_for_dev(dev_id)

    number_of_rows, _ = dev_history.shape
    dev_name = all_devs_list[all_devs_list['digital_service_id']==dev_id]['digital_service_name'].iloc[0]
    display(Markdown('## {}'.format(dev_name)))
    print(f'Found {number_of_rows} transactions for dev id: {dev_id}.')
    
    # Transactions Histogram - better use the
    #     daily_histogram_data = dev_history['date'].astype("datetime64")
    #     sfig = plt.figure('Tx Histogram', figsize=(16,9))
    #     daily_histogram = daily_histogram_data.hist(bins=100)
    #     daily_histogram.title.set_text('Transactions Histogram')

    # uDAS 
    daily_udas = fetch_udas_history_for_dev(dev_id)
    # udas_histogram_data = daily_udas['date'].astype("datetime64")
    sfig = plt.figure('uDAS', figsize=(16,9))
    plt.plot(daily_udas['date'], daily_udas['unique_spenders'])
    plt.title('uDAS')

    # Wallets vs Transactions for dates
    sub_data = dev_history[['date', 'tx_hash']]
    sub_data = sub_data.rename(columns={'tx_hash': 'number_of_tx'})
    wallets_history = get_wallets_open_by_develoer_by_date(dev_id)
    groups = sub_data.groupby(['date'])
    counts = groups.count()
    counts = counts.sort_values(['date'])
    together = pd.merge(wallets_history, counts, how='outer', on='date')
    together = together.sort_values(['date'])
    together.fillna(0, inplace=True)
    draw_wallts_vs_tx(together)
   
    
    # Ammount Histogram
    daily_histogram_data = dev_history['amount']
    sfig = plt.figure('Am Histogram', figsize=(16,9))
    daily_histogram = daily_histogram_data.hist(bins=200)
    daily_histogram.title.set_text('Amount Histogram')
    
    # Transactions Type Histogram
    daily_histogram_data = dev_history['coded_tx_type']
    sfig = plt.figure('Tx Type Histogram', figsize=(16,9))
    daily_histogram = daily_histogram_data.hist(bins=6)
    daily_histogram.title.set_text('Type Histogram     1 -> p2p     2 -> spend     4 -> earn')
    
    # Transactions and Ammounts
    sub_data = dev_history[['tx_type', 'amount', 'date']]
    sub_data = sub_data.rename(columns={'date': 'Count'})
    groups = sub_data.groupby(['tx_type', 'amount'])
    counts = groups.count()
    counts = counts.sort_values(['tx_type', 'Count'], ascending=False)
    display(counts)
    
    return together
   

### Fraud Detect - FIRST GEN PROBES
Develop modules as they'll be used in the automated fraud detection system.

In [None]:
KRE_FT_PATH = '/Users/skulas/Dev/kre_cache_folder/'

#### Platform

In [None]:
# UTILS

def date_str_from_ymd(year, month, day, sep_char='-'):
    date_str = f'{year}{sep_char}{month}{sep_char}{day}'
    try:
        dt.datetime.strptime(date_str, f'%Y{sep_char}%m{sep_char}%d')
        return date_str
    except ValueError as verror:
        return None

In [None]:
## BIG QUERY INTERFACE

def run_on_bq(query_str):
    client = bigquery.Client()
    query_job = client.query(query_str)

    results = query_job.result()
    res = results.to_dataframe()

    return res

def fetch_dev_history_by_id_till(dev_id, end_date_year, end_date_month, end_date_day):
    date_str = date_str_from_ymd(end_date_year, end_date_month, end_date_day)
    
    if date_str is None:
        print(f'ERROR WITH DATE {end_date_year}, {end_date_month}, {end_date_day}')
        return None
    
    query_str = f"""
        SELECT * FROM `kin-bi.stellar.payments_with_tx_types_view` 
        WHERE digital_service_id = '{dev_id}'
        AND date <= '{date_str}'
        ORDER BY time ASC
    """
    dev_history = run_on_bq(query_str)
    return dev_history

def fetch_dev_history_by_from_till(dev_id,
                                   start_date_year, start_date_month, start_date_day,
                                   end_date_year, end_date_month, end_date_day):
    """
    NOTE:
    Search is done in half open range: start_date <= Search < end_date.
    Meaning end_date should be the first day of the next time span.
    """
    
    start_date_str = date_str_from_ymd(start_date_year, start_date_month, start_date_day)
    if start_date_str is None:
        print(f'ERROR WITH DATE {start_date_year}, {start_date_month}, {start_date_day}')
        return None
    
    end_date_str = date_str_from_ymd(end_date_year, end_date_month, end_date_day)
    if end_date_str is None:
        print(f'ERROR WITH DATE {end_date_year}, {end_date_month}, {end_date_day}')
        return None
    
    start_dt = dt.datetime(start_date_year, start_date_month, start_date_day)
    end_dt = dt.datetime(end_date_year, end_date_month, end_date_day)
    if end_dt < start_dt:
        print(f'ERROR WITH DATES: (end){end_date_str} < {start_date_str}(start)')
        return None
    
    query_str = f"""
        SELECT * FROM `kin-bi.stellar.payments_with_tx_types_view` 
        WHERE digital_service_id = '{dev_id}'
        AND '{start_date_str}' <= date
        AND date < '{end_date_str}'
        ORDER BY time ASC
    """
    dev_history = run_on_bq(query_str)
    return dev_history

 

In [None]:
## Abstract Data Layer
from concurrent.futures import ThreadPoolExecutor as PoolExecutor

def get_devs_list():
    # refresh the devs list once a day
    today_str = today_to_string(sep_char = '-')
    devs_file_name = f'devs_list_{today_str}.pkl'
    devs_file_path = f'{KRE_FT_PATH}{devs_file_name}'
    df_devs = None
    try:
        df_devs = pd.read_pickle(path=devs_file_path)
    except FileNotFoundError:
        df_devs = fetch_list_of_all_devs(force_refresh = True)
        df_devs.to_pickle(path=devs_file_path)
    
    return df_devs

def dev_name_by_id(dev_id):
    all_devs_list = get_devs_list()
    our_dev = all_devs_list[all_devs_list['digital_service_id']==dev_id]
    if our_dev.empty:
        return None
    else:
        return our_dev['digital_service_name'].iloc[0]
    
def get_dev_history_by_id(dev_id, end_date_year, end_date_month, end_date_day):
    date_str = date_str_from_ymd(end_date_year, end_date_month, end_date_day)
    if date_str is None:
        print('ERROR *** ERROR')
        return None
    
    file_name = f'dev_history_{dev_id}_{date_str}.pkl'
    file_path = f'{KRE_FT_PATH}{file_name}'
    df_dev_history = None
    try:
        df_dev_history = pd.read_pickle(path=file_path)
    except FileNotFoundError:
        df_dev_history = fetch_dev_history_by_id_till(dev_id, end_date_year, end_date_month, end_date_day)
        # QUERY data sorted df_dev_history = df_dev_history.sort_values(by=['time'], axis=0)
        try:
            df_dev_history.to_pickle(path=file_path)
        except FileNotFoundError:
            print('FileNotFoundError: Data too big to be saved to pickle')
        except:
            print('GENERIC ERROR: Failed to write data to pickle')
    
    return df_dev_history

def get_monthly_segments(end_date_year, end_date_month, end_date_day):
    end_date_str = date_str_from_ymd(end_date_year, end_date_month, end_date_day)
    if end_date_str is None:
        print(f'ERROR WITH DATE {end_date_year}, {end_date_month}, {end_date_day}')
        return None
    
    START_DATE = dt.datetime(2018,9,1)
    dates = []
    curr_date = START_DATE
    next_date = curr_date + relativedelta(months=+1)
    end_date = dt.datetime(end_date_year, end_date_month, end_date_day)
    
    while next_date <= end_date:
        args_tup = (curr_date.year, curr_date.month, curr_date.day,
                   next_date.year, next_date.month, next_date.day)
        dates.append(args_tup)
        curr_date = next_date
        next_date = curr_date + relativedelta(months=+1)
    return dates

def get_weekly_segments(start_date_year, start_date_month, start_date_day,
                        end_date_year, end_date_month, end_date_day):

    start_date_str = date_str_from_ymd(start_date_year, start_date_month, start_date_day)
    if start_date_str is None:
        print(f'ERROR WITH DATE {start_date_year}, {start_date_month}, {start_date_day}')
        return None
    
    end_date_str = date_str_from_ymd(end_date_year, end_date_month, end_date_day)
    if end_date_str is None:
        print(f'ERROR WITH DATE {end_date_year}, {end_date_month}, {end_date_day}')
        return None
    
    start_date = dt.datetime(start_date_year, start_date_month, start_date_day)
    dates = []
    curr_date = start_date
    next_date = curr_date + relativedelta(weeks=+1)
    end_date = dt.datetime(end_date_year, end_date_month, end_date_day)
    
    while next_date <= end_date:
        args_tup = (curr_date.year, curr_date.month, curr_date.day,
                   next_date.year, next_date.month, next_date.day)
        dates.append(args_tup)
        curr_date = next_date
        next_date = curr_date + relativedelta(weeks=+1)
    return dates

def get_n_days_segments(start_date_year, start_date_month, start_date_day,
                        end_date_year, end_date_month, end_date_day, number_of_days=5):

    start_date_str = date_str_from_ymd(start_date_year, start_date_month, start_date_day)
    if start_date_str is None:
        print(f'ERROR WITH DATE {start_date_year}, {start_date_month}, {start_date_day}')
        return None
    
    end_date_str = date_str_from_ymd(end_date_year, end_date_month, end_date_day)
    if end_date_str is None:
        print(f'ERROR WITH DATE {end_date_year}, {end_date_month}, {end_date_day}')
        return None
    
    start_date = dt.datetime(start_date_year, start_date_month, start_date_day)
    dates = []
    curr_date = start_date
    next_date = curr_date + relativedelta(days=+number_of_days)
    end_date = dt.datetime(end_date_year, end_date_month, end_date_day)
    
    while next_date <= end_date:
        args_tup = (curr_date.year, curr_date.month, curr_date.day,
                   next_date.year, next_date.month, next_date.day)
        dates.append(args_tup)
        curr_date = next_date
        next_date = curr_date + relativedelta(days=+number_of_days)
    return dates

def get_dev_history_by_from_till(dev_id,
                                 start_date_year, start_date_month, start_date_day,
                                 end_date_year, end_date_month, end_date_day):
    filen_ame = f'dev_history_{dev_id}_{start_date_year}-{start_date_month}-{start_date_day}__{end_date_year}-{end_date_month}-{end_date_day}.pkl'
    file_path = f'{KRE_FT_PATH}{filen_ame}'
    
    try:
        df = pd.read_pickle(file_path)
    except FileNotFoundError:
        print(f'Starting fetch from db for {dev_id}')
        df = fetch_dev_history_by_from_till(dev_id,
                                       start_date_year, start_date_month, start_date_day,
                                       end_date_year, end_date_month, end_date_day)
        df.to_pickle(path=file_path)

        
    return df



#### Probe - Frequency Anomalities
Implement the different probes

In [None]:
## from pandas.plotting import register_matplotlib_converters
# register_matplotlib_converters()
# import seaborn; seaborn.set()
from scipy import signal
# from matplotlib import rc
import numpy as np

from bokeh.io import output_notebook, show
from bokeh.plotting import figure
from bokeh.models import ColumnDataSource

output_notebook()
def find_tx_frequency_anomality(df_dev_data, dev_name = ''):
    chart = df_dev_data[['time', 'amount']] #.set_index('time')
    spend_chart = df_dev_data.loc[df_dev_data['tx_type'].isin(['spend','p2p'])]
    spend_chart = spend_chart[['time', 'amount']]
    
    time_quants = chart.groupby(pd.Grouper(key='time', freq='300s', axis=1))
    all_txs = time_quants.count()
    spend_time_quants = spend_chart.groupby(pd.Grouper(key='time', freq='300s', axis=1))
    spend_txs = spend_time_quants.count()
    
    print(f'spnd index size; {spend_txs.index.size}')
    print(all_txs.shape)
    print(spend_txs.shape)
    
    fig = plt.figure('Num of Tx every 5 minutes', figsize=(30,30))

    # butterworth filter
    #Creation of the filter            
    mins = 0
    bestbut = None
    bestsup = None
    bestrat = None
    # sliding avg every hour => window = 12 since each smple is a 5 minutes aggregation
    spend_txs['MA'] = spend_txs['amount'].rolling(window=12).mean().fillna(10)

    # To tune these values use the train loops bellow
    N = 4   # Filter order
    fc = 0.05
    lim = 2.65
    b, a = signal.butter(N, fc)
    butf = signal.filtfilt(b,a, spend_txs['amount'])
    ratios = spend_txs['amount']/butf

    """ use this to train the filter
    for fq in np.arange(0.05, 0.95, 0.05):
        for N in range(2,7):
            fc = fq  # Cutoff frequency, normalized 
            b, a = signal.butter(N, fc)
            butf = signal.filtfilt(b,a, all_txs['amount'])
            ratios = all_txs['amount']/butf
            for lims in [(5, 20), (2.5, 100), (1.5, 200), (1.2, 100)]:
                lim, topTx = lims
                suspects = all_txs.index[(lim < ratios) & (all_txs['amount'] > topTx)]
                num_of_sspcts = suspects.shape[0]
                if (num_of_sspcts > 0) and (num_of_sspcts < 100):
                    if mins < num_of_sspcts:
                        mins = num_of_sspcts
                        bestbut = butf
                        bestsup = suspects
                        bestrat = ratios
                        print(f'N: {N}, Freq: {fq}, lim: {lim}')

    butf = bestbut
    ratios = bestrat # all_txs['amount']/butf
    """
            
    #     suspects = bestsup # all_txs.index[(bestlim < ratios)]
    # tx ~ 200 . --> ratio 2
    # Different limits    
    suspects = spend_txs.index[(spend_txs['amount'] > 500) &  ## only when there where more than x tx
                                   (spend_txs['amount']/spend_txs['MA'] > 1.2) | ## Ratio to avg gt x
                                   (spend_txs['amount'] > 200) &  
                                   (spend_txs['amount']/spend_txs['MA'] > 1.5) | 
                                   (spend_txs['amount'] > 100) &  
                                   (spend_txs['amount']/spend_txs['MA'] > 2.5) | 
                                   (spend_txs['amount'] > 20) &  
                                   (spend_txs['amount']/spend_txs['MA'] > 5)] 
    print(suspects.shape)

    p = figure(x_axis_type="datetime", title=f"Transactions Count every 5 seconds {dev_name}", plot_width=600, plot_height=600)
    p.x('time', 'amount', source=all_txs, size=2, legend="Num of Transactions")
    p.circle('time', 'amount', source=spend_txs, fill_color='yellow', size=4, legend="Num of Spends")    
    p.line(spend_txs.index, butf, line_color='blue', line_dash=[2, 5], legend="BW Filter")
    p.line('time', 'MA', source=spend_txs, line_color='red', line_dash=[1, 2], legend="Moving Avg")
    p.xaxis[0].formatter.days = '%m/%d/%Y'
    p.xaxis.major_label_orientation = np.pi/3
    show(p)

    return {'spends':spend_txs, 'suspects':suspects}

def find_tx_large_scale_anomality(df_dev_data, dev_name = ''):
    chart = df_dev_data[['time', 'amount']]
    spend_chart = df_dev_data.loc[df_dev_data['tx_type'].isin(['spend','p2p'])]
    spend_chart = spend_chart[['time', 'amount']]
    
    time_quants = chart.groupby(pd.Grouper(key='time', freq='4H', axis=1))
    all_txs = time_quants.count()
    spend_time_quants = spend_chart.groupby(pd.Grouper(key='time', freq='4H', axis=1))
    spend_txs = spend_time_quants.count()
    
    print(f'spnd index size; {spend_txs.index.size}')
    print(all_txs.shape)
    print(spend_txs.shape)
    
    fig = plt.figure('Num of Tx every 5 minutes', figsize=(30,30))

    # butterworth filter
    #Creation of the filter            
            
    mins = 0
    bestbut = None
    bestsup = None
    bestrat = None
    # sliding avg every hour => window = 12 since each smple is a 5 minutes aggregation
    spend_txs['MA'] = spend_txs['amount'].rolling(window=6).mean().fillna(10)

    # To tune these values use the train loops bellow
    N = 3   # Filter order
    fc = 0.05
    lim = 2.5
    b, a = signal.butter(N, fc)
    butf = signal.filtfilt(b,a, spend_txs['amount'])
    ratios = spend_txs['amount']/butf

    """ use this to train the filter
    for fq in np.arange(0.05, 0.95, 0.05):
        for N in range(2,9):
            fc = fq  # Cutoff frequency, normalized 
            b, a = signal.butter(N, fc)
            butf = signal.filtfilt(b,a, spend_txs['amount'])
            ratios = spend_txs['amount']/butf
            # In case of 50 tx, the ratio with the bw filter shall be above 5 to be interesting.
            # 150 - 2.5 and so on...
            for lims in [(5, 50), (2.5, 150), (1.5, 400), (1.2, 600)]:
                lim, topTx = lims
                suspects = spend_txs.index[(lim < ratios) & (spend_txs['amount'] > topTx)]
                num_of_sspcts = suspects.shape[0]
                if (num_of_sspcts > 0) and (num_of_sspcts < 100):
                    if mins < num_of_sspcts:
                        mins = num_of_sspcts
                        bestbut = butf
                        bestsup = suspects
                        bestrat = ratios
                        print(f'N: {N}, Freq: {fq}, lim: {lim}')

    butf = bestbut
    ratios = bestrat # all_txs['amount']/butf
    """
            
    #     suspects = bestsup # all_txs.index[(bestlim < ratios)]
    # tx ~ 200 . --> ratio 2
    # Different limits    
    suspects = spend_txs.index[(spend_txs['amount'] > 500) &  ## only when there where more than x tx
                                   (spend_txs['amount']/spend_txs['MA'] > 1.8) | ## Ratio to avg gt x
                                   (spend_txs['amount'] > 200) &  
                                   (spend_txs['amount']/spend_txs['MA'] > 2) | 
                                   (spend_txs['amount'] > 100) &  
                                   (spend_txs['amount']/spend_txs['MA'] > 3) | 
                                   (spend_txs['amount'] > 20) &  
                                   (spend_txs['amount']/spend_txs['MA'] > 5)] 
    print(suspects.shape)


    p = figure(x_axis_type="datetime", title=f"Transactions Count every 4 hours {dev_name}", plot_width=600, plot_height=600)
    p.x('time', 'amount', source=all_txs, size=2, legend="Num of Transactions")
#     p.circle(spend_txs.index, spend_txs['amount'], fill_color='gray', size=3, legend="Num of Spends")
    p.circle('time', 'amount', source=spend_txs, fill_color='yellow', size=4, legend="Num of Spends")
    
    p.line(spend_txs.index, butf, line_color='blue', line_dash=[2, 5], legend="BW Filter")
    p.line('time', 'MA', source=spend_txs, line_color='red', line_dash=[2, 7], legend="Moving Avg")
    p.xaxis[0].formatter.days = '%m/%d/%Y'
    p.xaxis.major_label_orientation = np.pi/3
    show(p)

    # Find anomalities
#     display(spend_txs.loc[suspects])
#     display(spend_txs.loc[time>'2019-02-30'][suspects])
    return {'spends':spend_txs, 'suspects':suspects}


#### Probe - Ping-Pongs

In [None]:
display(DH.columns)


def get_next_top_wallet(df_dev_data, column_name='source', ix=0):
    grouper = df_dev_data.groupby([column_name])
    sums = grouper.sum()
    cnts = grouper.count()
    
    # detect most paying wallet
    sorted_cnts = cnts.sort_values(by='tx_hash', axis=0, ascending=False).reset_index()
#     display(sums.head(5))
#     display(sorted_cnts.head(5))
    
    # Analyze wallet
    busy_wallet = sorted_cnts.iloc[ix][column_name]
    num_of_tx = sorted_cnts.iloc[ix]['tx_hash']
    total_payed = sums.loc[busy_wallet]
    avg_payment = total_payed/num_of_tx
    all_payments_by_wallet = df_dev_data[df_dev_data[column_name]==busy_wallet]
    median_payment = all_payments_by_wallet['amount'].median()
    
    print(f'Wallet {busy_wallet} made {num_of_tx} transactions paying {total_payed} KIN in total')
    print(f'Avg payment: {avg_payment}. Median payment: {median_payment}')
    

get_next_top_wallet(DH, 'source')
# detect_pingpongs(DH, 'destination')

In [None]:
def detect_pingpongs(df_dev_data):
    # Sources
    grouper = df_dev_data.groupby(['source'])
#     src_sums = grouper.sum()
    src_cnts = grouper.count()
    sorted_src_cnts = src_cnts.sort_values(by='tx_hash', axis=0, ascending=False).reset_index()
    src_cnts = None #not needed, release some memory
    
    # Destinations
    grouper = df_dev_data.groupby(['destination'])
#     dst_sums = grouper.sum()
    dst_cnts = grouper.count()
    sorted_dst_cnts = dst_cnts.sort_values(by='tx_hash', axis=0, ascending=False).reset_index()
    dst_cnts = None #not needed, release some memory
    
    
    display(sorted_dst_cnts.head(5))
    display(sorted_src_cnts.head(5))
    
    list_of_payers = sorted_src_cnts['source'].to_list()
    payments_made_to_payers = df_dev_data[df_dev_data['destination'].isin(list_of_payers)]
    self_payments = df_dev_data[df_dev_data['destination'] == df_dev_data['source']]
    print(df_dev_data.shape)
    print(payments_made_to_payers.shape)
    print(self_payments.shape)
    display(self_payments)
    
    # cound pingpongs
    pingpong_df = pd.DataFrame()
    for six, srow in sorted_src_conts.itterrows():
        pay_wallet = row['source']
        for dix, drow in sorted_dst_conts.itterrows():
            dst_wallet = row['destination']
            
    
detect_pingpongs(DH)

#### Probe - Wallets Cliques

In [None]:
import networkx as nx
import numpy as np
# from datetime import timezone as tz

In [None]:
def convert_time_to_epoch(df, time_column_name='time'):
    # Transform dates to numbers 
    types = df.dtypes
    time_type = types[time_column_name]
    if time_type != np.float64:
        print('TRANSFORMING DATES TO FLOATS')
        df[time_column_name] = df[time_column_name].astype('int64')//1e9
    
    return df
    
def create_tx_graph(df_dev_data, directed=False, attributed_graph=True):
    df_renamed = df_dev_data
    df_renamed.rename(columns={'source': 'src_w', 'destination': 'dst_w', 'time': 'tx_t'}, inplace = True)

    # Transform dates to numbers 
    if attributed_graph:
        convert_time_to_epoch(df_renamed, time_column_name='tx_t')
        print(f"Max time {df_renamed['tx_t'].max()}, min time {df_renamed['tx_t'].min()}")
        attrs = ['amount', 'tx_t']
    else:
        attrs = None
    
    if directed:
        g_engine = nx.DiGraph
    else:
        g_engine = nx.Graph
    grph = nx.from_pandas_edgelist(df_renamed,
                                source='src_w',
                                target='dst_w',
                                create_using=g_engine,
                                edge_attr=attrs)
    return grph

def analyze_cliques(grph):
    clq_enumerator = nx.enumerate_all_cliques(grph)
    num_of_cliques = 0
    biggest_clique_size = 0
    biggest_clique = None
    for clique in clq_enumerator:
        num_of_wallets = len(clique)
        if num_of_wallets > 4:
            num_of_cliques += 1
        if num_of_wallets > biggest_clique_size:
            biggest_clique_size = num_of_wallets
            biggest_clique = clique
    
    print(f"{'*'*4} number of cliques: {num_of_cliques} {'*'*4}")
    print(f"The largest clique has {biggest_clique_size} wallets. ")
    print('Wallets in clique:')
    for w_node in biggest_clique:
        print(f'n: {w_node}')
    
    print('-'*8)
    return biggest_clique_size

def loops_list(grph):
    self_loops = nx.nodes_with_selfloops(grph)
    loops_arr = []
    if self_loops:
        for sl in self_loops:
            loops_arr.append(sl)

    return loops_arr

def has_loops(grph):
    found_loops = False
    self_loops = nx.nodes_with_selfloops(grph)
    for sl in self_loops:
        if sl:
          found_loops = True
          break
    return found_loops
    
def find_core(grph, core_rank=None):
    cores_graph = nx.k_core(grph, k=core_rank)
          
    return cores_graph



### TESTS

#### Load data in monthly chunks
Read data from BI in multi threads. Each thread downloads a different month and saves a pkl to the disk.

In [None]:
## Read monthly segmented data in parallel and save it to disk
dev_id = 'l68b'
paramsarr = get_monthly_segments(2019, 5, 1)
print(paramsarr)
args_tups_arr = ((dev_id, dsy, dsm, dsd, dey, dem, ded) for dsy, dsm, dsd, dey, dem, ded in paramsarr)
with PoolExecutor(max_workers=4) as executor:
    for result in executor.map(lambda p: get_dev_history_by_from_till(*p), args_tups_arr):   # (*p) does the unpacking part
        pass

print(f"{'*'*40} ALL DONE {'*'*40}")

In [None]:
# reconstruct DF using existing monthly segments cached files.
# If the pkl files don't exist, first download them from BQ using the parallel connections above ...
dfs = []
dev_id = 'l83h'
print(dev_name_by_id(dev_id))

paramsarr = get_monthly_segments(2019, 4, 1)
print(paramsarr)
args_tups_arr = ((dev_id, dsy, dsm, dsd, dey, dem, ded) for dsy, dsm, dsd, dey, dem, ded in paramsarr)
with PoolExecutor(max_workers=1) as executor:
    for result in executor.map(lambda p: get_dev_history_by_from_till(*p), args_tups_arr):   # (*p) does the unpacking part
        dfs.append(result)
        print(end='.')
        pass

DH = pd.concat(dfs)
print(f"{'*'*40} ALL DONE {'*'*40}")



#### Load data in daily chunks
Read data from BI in parallel and save it to the disk in pkl files.<br>
Then read it searially and rebuild a huge DF.

In [None]:
paramsarr = get_n_days_segments(2019, 3, 1,
                        2019, 4, 1, number_of_days=1)
display(paramsarr)

In [None]:
## Build a DF from saved segmented dataframe to disk from parallel logic above (daily segments)
dev_id = 'l83h'
print(f'Reconstruct Dev Data - {dev_name_by_id(dev_id)}')
paramsarr = get_n_days_segments(2019, 5, 1,
                        2019, 5, 21, number_of_days=4)
args_tups_arr = ((dev_id, dsy, dsm, dsd, dey, dem, ded) for dsy, dsm, dsd, dey, dem, ded in paramsarr)

dfs = []

with PoolExecutor(max_workers=1) as executor:
    for result in executor.map(lambda p: get_dev_history_by_from_till(*p), args_tups_arr):   # (*p) does the unpacking part
        dfs.append(result)
        print(end='.')
        pass

DH = pd.concat(dfs)
dfs = []
print(f"{'*'*40} ALL DONE {'*'*40}")


In [None]:
#### TESTING AREA ####
dev_id = '8vlz'
DL = get_devs_list()
print(dev_name_by_id('sss'))
print(dev_name_by_id(dev_id))
display(DL)

#### Load data in chunks using the KRE package

In [None]:
from kre.data.data_formater import dev_history_in_time_segmets, read_dev_lookup
from kre.data.data_interpreter import DataInterpreter
import datetime as dt

dev_lookup = read_dev_lookup()
display(dev_lookup)

In [None]:
dev_id = '8vlz'
dev_name = DataInterpreter.dev_name_with_id(dev_lookup, dev_id)
start_date = dt.datetime(2019, 5, 1)
end_date = dt.datetime(2019, 7, 7)

print(f'Loading history of {dev_name} between {start_date} and {end_date}')
DH = dev_history_in_time_segmets(
            dev_id,
            start_date,
            end_date,
            segment_length_in_days=1)

#### Probe - fq anomalities detect 

In [None]:
# dev_name = dev_name_by_id(dev_id)
dev_name = DataInterpreter.dev_name_with_id(dev_lookup, dev_id)

print(dev_name)
results = find_tx_frequency_anomality(DH, dev_name)

In [None]:
monthly_spends = results['spends']
suspects = results['suspects']
monthly_spends = monthly_spends.loc[suspects[suspects>='2019-03-01 00:00:00+0000']]
# display(monthly_spends[monthly_spends['amount']>20])
display(monthly_spends)


In [None]:
results = find_tx_large_scale_anomality(DH, dev_name)

In [None]:
monthly_spends = results['spends']
suspects = results['suspects']
# display(suspects[1])
# monthly_spends = monthly_spends.loc[suspects]
monthly_spends = monthly_spends.loc[suspects[suspects>='2019-03-01 00:00:00+0000']]
display(monthly_spends[monthly_spends['amount']>40])

#### Probe - Cliques

In [None]:
dev_name = dev_name_by_id(dev_id)
print(dev_name)
display(DH.head(2))
print(DH.dtypes)
print(DH.shape)
graph = create_tx_graph(DH)

In [None]:
biggest = analyze_cliques(graph)

In [None]:
if biggest > 5:
    # Create a Directed Graph
    di_graph = create_tx_graph(DH, True)
    
    # Generate a sub graph from the clique
    # Takes ages  clique_graph = nx.make_max_clique_graph(graph, create_using=nx.DiGraph)
    
    # nx.write_gml(G, f'/Users/skulas/Dev/TEMP/kin_graph_history_{num_of_txs}_g.gml')
    filename = f'graph_of_biggest_clique_of_{dev_id}_size_{biggest}.graphml'
    nx.write_graphml_lxml(clique_graph, f'/Users/skulas/Dev/TEMP/{filename}')
    
    # Graph of DS for a the period of time being used
#     filename = f'graph_of_{dev_id}_clique_size_{biggest}.graphml'
#     nx.write_graphml_lxml(di_graph, f'/Users/skulas/Dev/TEMP/{filename}')

In [None]:
di_graph = create_tx_graph(DH, True)
loops_found = has_loops(di_graph)
#     print(f'There are {len(self_loops)} SELF LOOPS IN THE {dev_id} GRAPH!')
if loops_found:
    self_loops = loops_list(di_graph)
    print(f'FOUND {len(self_loops)} LOOPS. THIS IS A PROBLEM')
    for sl in self_loops:
        print(sl)
    print('REMOVING LOOPS')
    di_graph.remove_edges_from(nx.selfloop_edges(di_graph))

# core_gaph = find_core(di_graph)
# print(f'Number of nodes in entire graph: {di_graph.order()}')
# print(f'Number of nodes in core: {core_gaph.order()}')
# filename = f'CORE_graph_of_{dev_id}_.graphml'
# nx.write_graphml_lxml(core_gaph, f'/Users/skulas/Dev/TEMP/{filename}')

#### Probe - Cyclic

In [None]:
from kre.validation.fraud.probes.cyclic_activity import CyclicTransactions as CT
from kre.data.data_interpreter import DataInterpreter

cyclic = CT(DH, preset = CT.Preset.ROLL_5_TX)

In [None]:
# wallet = 'GBAXSKHOWEXQ2COAACUSCC2ZMFXYGN23ZXYSY4EZSBBX2MQU4VDN6WVO'
# wallet = 'GCNIOEWQZZMMEUGDR6GDLBRMFP3J3D5MIR2M5ZZETE6AU6BQUHSWTOLK'
wallet = 'GA3WTR6HZYL4BNX3UN3LGUPSVOEPPSXX5O47ZVWVHM76R6PI55XSODHQ'
wallet_activity = cyclic.analyze_wallet(wallet, statistic_summary=False)
wallet_activity['date'] = wallet_activity['time'].dt.date
# display(pd.to_datetime(wallet_activity['time'], yearfirst=True))
# goups_destination = wallet_activity.groupby('destination')
date_groups = wallet_activity.groupby(['destination', 'date'])
# number_of_different_wallets = goups_destination.count()
number_of_different_wallets = date_groups.count()
display(number_of_different_wallets)

# wlt = 'GCU6X575CDOYPHQ2RFU4JOK6OAWK7FE5IMLZR5QGEUK7P3CGFOWQ6SHU'
# wlt_data = wallet_activity.loc[wallet_activity['destination'] == wlt]
# wlt_data['date'] = wlt_data['time'].dt.date
# date_groups = wlt_data.groupby(['destination', 'date'])

# display(date_groups.count())
# display(DH.loc[DH['destination'] == wlt])

#### Probe - P2P Fake

In [None]:
from kre.validation.fraud.probes.p2p_fake_transactions import P2PFakeTransactions as fp2p
import datetime as dt

###########
# Fake P2p
fakep2p = fp2p(DH)
(res, temp) = fakep2p.run()

display(res)
display(temp)

In [None]:
p2p_sizes = temp.groupby(level='source').size()
print(p2p_sizes['GDZZU7SZN67MKYUMB4RSQ2QK5HRYYGGE3L6JYVKIV7F47HA75C3VXO6E'])
cnt = p2p_sizes.size
print(f'There are {cnt} paying wallets')
for size in range(0, 3):
    print(f'{size} ... {p2p_sizes.index[size]} : {p2p_sizes[size]}')
    
mn = p2p_sizes.mean()
md = p2p_sizes.median()
print(f'Avg: {mn}, Med: {md}')

### DS scan

#### P365

In [None]:
generate_report('p365')

#### Tapatalk

In [None]:
generate_report('tapa')

#### NearBy

In [None]:
generate_report('8vlz')

#### Kinit

In [None]:
generate_report('kit')

#### Vent

In [None]:
generate_report('l68b')

#### Rave

In [None]:
generate_report('l83h')

#### Pause For

In [None]:
generate_report('pgbv')

#### Swelly

In [None]:
generate_report('swel')

#### Find Travellers

In [None]:
generate_report('yqyf')

#### Kik

In [None]:
generate_report('kik')

#### KinTipBot(OUR STAR) - Chaincity ....

In [None]:
generate_report('rced')

#### Pop.in

In [None]:
generate_report('lsff')

In [None]:
tg = generate_report('ysa7')
display(tg.head(3))
mnw = tg['number_of_wallets'].mean()
mnt = tg['number_of_tx'].mean()
print('-'*80)
print(f'Avg wllts {mnw}')
print(f'Avg tx {mnt}')

#### Blast Chat

In [None]:
generate_report('ujti')

#### ThisThat

In [None]:
generate_report('2bpx')

#### GoChallenge

In [None]:
generate_report('ze6y')

## Fraud Logic Analysis

### Random Forests

Move along the differnet thresholds we test and ask one after the other in different order (random forest) to improve fraud prediction based on forest training.