Machine Learning with Human feedback

Real-time WhiteBox Machine Learning

Data Processing

ThreatMark collects an enormous amount of anonymized data, from device and network characteristics to behavioral biometrics such as mouse movement and keystroke events. Complex data processing allows us to transform unstructured raw data into a structured, machine-readable set of information. Each entity in this set, such as a user or transaction, is represented by a large numeric vector that can be easily compared to another entity or a group of entities.

At ThreatMark, we are constantly developing new features based on expert knowledge, covering new and unseen patterns that are being revealed automatically by our systems or customer feedback.


Multiple Models Scopes

The machine learning platform at ThreatMark is represented by a stack or set of several tens of machine learning models. The models can be used for various use cases and have a different scope: A model represents user anomaly detection (via one-class SVM, for example) and another model represents classification of users into clusters (via Random Forest or XGB, for example).

For nearly every ThreatMark signal and every use case, we employ a stack of multiple models with different architectures, accepting different data. This makes it possible to analyze each entity from various angles and within several scopes or scales. The results are significantly reduced false positives and increased precision.

Real-time Machine Learning

Fighting fraud on multiple levels is a difficult task, mainly because fraudsters constantly change their tactics. At ThreatMark, we update and re-train most of our models in real time using either feedback from our customers, or automatic decision-making engine for very high or low scores.

For example, we re-train behavioral anomaly detection models after each successful user session, adapting it to the evolving user behavior and habits. If we encounter a new case of transaction fraud, we immediately update our global transaction anomaly models and network fraud models to apply the change and protect all customers.


WhiteBox Principle

Practical machine learning differs from rule-based approach and expert analysis by much higher efficiency and speed, thanks to automation. However, the difference also lies in an occassional lack of clear understanding of why a model made a specific decisions (so called Blackbox predictions).

At ThreatMark, we solve this issue by speaking to a customer and providing explanation of a model’s decisions (Whitebox principle). The ThreatMark web interface also provides tracking of each score down to individual signals and helps understand why a specific score was issued.