Skip to content

florin414/cerberus-graph

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Cerberus Graph 🐕‍🦺🛡️

Go Architecture Graph Latency

Cerberus Graph is a high-performance Synchronous Fraud Detection Engine designed to intercept transactions before authorization.

Unlike asynchronous monitoring systems that alert on fraud post-factum, Cerberus sits in the critical path of the payment gateway. It leverages Go's concurrency primitives to enforce a "Defense in Depth" strategy, querying graph relationships, statistical velocity, and ML models in parallel.

Architectural Goal: To answer the question "Is this transaction fraudulent?" in under 200ms by analyzing the user's hidden connections in a Graph Database.

🏗️ The "Cerberus" Architecture (3-Headed Defense)

The system consumes transaction requests from Kafka and orchestrates three parallel checks using the Scatter-Gather pattern:

Head 1: The Velocity Check (Redis)

  • Question: "Did this user spend >$500 in the last 10 minutes?"
  • Impl: Uses sliding window counters in Redis. Extremely fast (sub-millisecond).

Head 2: The Relationship Check (Neo4j)

  • Question: "Is this card linked to a device that was used by a known fraudster?"
  • Impl: Cypher queries designed for depth-limited traversal (2-hops).
  • Optimization: Uses read-replicas for the graph to handle high throughput.

Head 3: The Inference Check (AI/ML)

  • Question: "Does the transaction metadata look suspicious?"
  • Impl: Loads an ONNX model directly in Go (or calls a gRPC sidecar) to score the transaction probability.

🚀 Throughput & Concurrency Model

Cerberus creates a custom stream processing topology in Go (without heavy frameworks like Flink), giving us fine-grained control over memory and threads.

  1. Ingestion: A Kafka Consumer Group reads the tx-pending topic.
  2. Fan-Out: For each transaction, a Goroutine spawns 3 sub-routines (The 3 Heads).
  3. Aggregation: Results are collected via channels. If any "Head" returns a RISK_CRITICAL signal, the transaction is blocked immediately (fail-fast).
  4. Decision: The final verdict is produced to tx-authorized or tx-rejected topics.

🛠️ Tech Stack

  • Core Engine: Go (Golang)
  • Messaging: Apache Kafka (Redpanda for dev)
  • Graph DB: Neo4j (Cypher)
  • Cache/State: Redis (Pipeline execution)
  • ML Runtime: ONNX Runtime / TensorFlow Lite

🧬 Graph Query Example (Cypher)

Detecting a "Money Mule" ring by checking if the recipient is connected to known bad actors:

// Check if the recipient shares a DeviceID with a blacklisted user
MATCH (recipient:User {id: $to_user})
MATCH (recipient)-[:USED_DEVICE]->(d:Device)<-[:USED_DEVICE]-(bad:User)
WHERE bad.status = 'FRAUD'
RETURN count(bad) > 0 as is_fraud_ring

About

A real-time, pre-authorization fraud detection engine written in Go. Uses a Scatter-Gather pattern to orchestrate Graph queries (Neo4j), Velocity checks (Redis), and ML inference within a strict latency budget.

Topics

golang security machine-learning kafka neo4j stream-processing graph-database real-time-analytics fraud-detection distribuited-systems

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors