Knogin
[Developers]

Graph Pattern Matching

Experienced financial crime investigators build intuition over years: they recognise the shape of a peel chain, the signature of a fan-out layering scheme, the timing signature of coordinated smurfing. The problem is sca

Back to All Modules
Category: InvestigationLast Updated: Feb 23, 2026
investigationaicompliance

Overview#

Experienced financial crime investigators build intuition over years: they recognise the shape of a peel chain, the signature of a fan-out layering scheme, the timing signature of coordinated smurfing. The problem is scale. A single analyst cannot manually review ten million transactions looking for those shapes. Graph Pattern Matching does exactly that, running 147 pre-built transaction patterns across the entire network simultaneously and flagging every structural match with an explainable confidence score.

The module delivers sophisticated pattern recognition capabilities that detect complex transaction structures with accuracy that significantly exceeds manual analysis. Designed for financial crime investigators, compliance teams, and law enforcement agencies, five integrated pattern detection capabilities identify suspicious activities, money laundering schemes, and criminal networks through graph topology analysis. Custom templates can be built for organisation-specific detection needs, and high-confidence discovered patterns are automatically promoted to the reusable library.

Key Features#

  • AI-driven motif discovery achieving high detection accuracy that exceeds traditional rule-based systems
  • Significant false positive reduction through sophisticated pattern scoring and multi-dimensional confidence assessment
  • Pattern template library with 147 pre-built transaction patterns covering known laundering schemes, mixing techniques, and criminal behaviours
  • Five core pattern categories: mixing patterns, layering patterns, integration patterns, obfuscation patterns, and smurfing patterns
  • Unsupervised motif discovery engine automatically identifying recurring structural patterns without predefined templates
  • Subgraph isomorphism matching performing exact and approximate pattern matching with high precision
  • Temporal pattern analysis detecting time-based laundering schemes exploiting delays, coordinated timing, and velocity patterns
  • Pattern scoring and validation using machine learning models trained on thousands of validated cases
  • Multi-dimensional confidence scoring combining topological, attribute, temporal, context, and historical factors
  • Custom template builder enabling creation of organisation-specific detection patterns
  • Automatic promotion of high-confidence discovered motifs to the reusable template library
  • Explainable AI providing feature importance and detailed scoring breakdowns for each match
  • Continuous model improvement through analyst feedback loops and quarterly retraining cycles
  • Batch processing capabilities supporting thousands of pattern queries per minute

Use Cases#

  • Money Laundering Detection: Financial institutions detect peel chains, circular flows, fan-out/fan-in patterns, and cross-chain mixing through automated pattern matching
  • Ransomware Investigation: Investigators track ransomware payment flows through splitting, consolidation, and exchange deposit patterns
  • DeFi Exploit Analysis: Security teams identify flash loan attacks and complex protocol exploitation through same-block temporal pattern analysis
  • Criminal Network Mapping: Multi-jurisdictional investigations reveal coordinated criminal organisations through temporal clustering and synchronised activity detection

Integration#

  • Connects with the Neo4j graph analysis layer for pattern computation across transaction and investigation data
  • Compatible with case management systems for automated case enrichment with pattern match results
  • Supports FATF, FinCEN, and OFAC compliance requirements through automated suspicious pattern detection
  • Role-based access controls for pattern library and execution permissions
  • Complete audit logging of all pattern matching operations for legal proceedings
  • Encrypted storage for pattern templates and results with comprehensive data protection

Open Standards#

  • openCypher (Neo4j Cypher Query Language): Graph traversals, subgraph matching, and pattern queries across the transaction network are expressed using the openCypher query language executed against the Neo4j graph layer.
  • OASIS STIX 2.1 / TAXII 2.1: Threat indicators ingested or exported as STIX 2.1 Indicator SDOs (via the TAXII 2.1 polling interface) are correlated against graph patterns, allowing external intelligence to enrich pattern match results.
  • GEXF 1.3 (Graph Exchange XML Format): Matched subgraphs and investigation graph data are exportable in GEXF 1.3, enabling interoperability with external graph-analysis tools such as Gephi.
  • GraphQL (June 2018 Specification): All pattern query, template management, and confidence-score retrieval operations are exposed through a typed GraphQL API.
  • W3C PROV-DM (PROV Data Model, 2013): Every pattern match operation is recorded as a PROV-DM activity, linking the matched subgraph entities to the detection event for chain-of-custody and audit purposes.
  • MITRE ATT&CK: Attack-pattern templates reference MITRE ATT&CK technique identifiers (e.g. T-series IDs) to classify adversary tactics embedded within detected transaction patterns.
  • FATF Recommendations (Financial Action Task Force): The pre-built pattern library covers the layering, integration, and placement typologies defined in the FATF Recommendations, supporting regulatory suspicious-activity reporting obligations.

Last Reviewed: 2026-02-23 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.