Method and apparatus for detecting rogue trading activity

What is claimed is: 1. A system for detecting malware and fraudulent activity of at least one user, the system comprising: a plurality of transactional devices in communication with a plurality of transactional servers, wherein the plurality of transactional devices are configured to execute transactions using the plurality of transactional servers, the plurality of transactional devices including a plurality of computing devices, wherein each of the plurality of computing devices is used by one or more of a plurality of users for executing the transactions, wherein each of the plurality of users is assigned one of responsibility levels, each of the responsibility levels defining a type of the transactions each of the plurality of users is allowed to execute; a plurality of verification devices, each of the plurality of verification devices being connected to one of the plurality of transactional devices and including one of the following: a card reader, a one-time key device, and a password entry device; a data processing apparatus comprising at least a monitoring device, an alert module, and a database, wherein: the monitoring device is in communication with the plurality of transactional devices and the plurality of transactional servers and programmed to: gather a plurality of data items at a time of generation accruing from historical behavior of the plurality of users in association with the plurality of transactional devices, wherein for each device of the plurality of transactional devices, the plurality of data items include a domain name system (DNS) server data log entry and at least one item from a group consisting of at least one data transfer volume, at least one accessed website address, at least one IP address, and at least one port address; gather a further plurality of data items at the time of generation accruing from data generated by the plurality of transactional servers in response to communications received from the plurality of users via the plurality of transactional devices, wherein for each device of the plurality of transactional devices, the further plurality of data items include a domain name system (DNS) server data log entry and at least one item from the group consisting of at least one data transfer volume, at least one accessed website address, at least one IP address, and at least one port address; verify an identity of each of the plurality of users using one of the plurality of verification devices; analyze the plurality of data items and the further plurality of data items for a period of time; based on the analysis, train a statistical model for the period of time; create a baseline transaction profile for each of the plurality of users executing the transactions on the plurality of transactional devices based on a training set, the training set being created based on the statistical model and training data, the training data being selected from: the plurality of data items accruing from the historical behavior of each of the plurality of users, the plurality of data items at least comprising a domain name system (DNS) server data log entry, and at least one item from the group consisting of at least one data transfer volume, at least one accessed website address, at least one IP address, and at least one port address, the historical behavior indicative of a normal operation of each of the plurality of computing devices; and the further plurality of data items accruing from the data generated by the plurality of transactional servers in response to the communications received from each of the plurality of users; group the plurality of users into groups based on the one of responsibility levels of each of the plurality of users; create a group baseline transaction profile for each of the groups based on the training set created, the statistical model, and the plurality of data items accruing from the historical behavior of one or more of the plurality of users of each of the groups; receive, from the plurality of transactional devices, further data items relating to present behavior of the plurality of users and a type of transactions executed by the plurality of users, wherein the further data items comprise a domain name system (DNS) server data log entry and at least one item from the group consisting of at least one data transfer volume, at least one accessed website address, at least one IP address, and at least one port address; compare the further data items relating to the present behavior of at least one of the plurality of users to the baseline transaction profile of the at least one of the plurality of users; compare the type of transactions executed by the at least one of the plurality of users to the group baseline transaction profile of one of the groups into which the at least one of the plurality of users is grouped; based on the comparison, detect irregularities between the present behavior and the type of transactions executed by the at least one of the plurality of users and at least one of the baseline transaction profiles of the at least one of the plurality of users and the group baseline transaction profile of the one of the groups, the detecting of irregularities including detecting an automated execution of a transaction, and detecting a deviation from the normal operation of each of the plurality of computing devices, the deviation including a deviation in data transfer volume, a continued access to a website address or IP address not in the baseline transaction profile, or a deviation of a port address; and update the baseline transaction profile of each of the plurality of users and the group baseline transaction profile of each of the groups to include the further data items accruing from the present behavior of each of the plurality of users; and the alert module is in communication with the monitoring device, the alert module being programmed to generate an alert, in real time, based on the detection of the irregularities, the irregularities from the normal operation comprising a deviation in data transfer volume, a continued access to a website address or IP address not in the baseline transaction profile, or a deviation of a port address, the irregularities potentially being indicative of malware. 2. The system of claim 1 , wherein the plurality of data items comprise at least one of: security purchase transaction data, security sale transaction data, put options pricing data, global address lookup, network address, routing information, transaction time stamp, transaction date stamp, and device cookies data. 3. The system of claim 1 , wherein the responsibility levels of the plurality of users are retrieved from a plurality of transaction profiles of the plurality of users. 4. The system of claim 1 , wherein the historical behavior comprises data items selected from at least one of a rate, volume, price, stock ticker, periodic variances in volume rates, and seasonal variances in rates or volumes. 5. A method for detecting malware and fraudulent activity of at least one user, the method comprising: gathering, by a monitoring device of a data processing apparatus, a plurality of data items at a time of generation accruing from historical behavior of a plurality of users in association with a plurality of transactional devices, wherein for each device of the plurality of transactional devices, the plurality of data items include a domain name system (DNS) server data log entry and at least one item from a group consisting of at least one data transfer volume, at least one accessed website address, at least one IP address, and at least one port address, the plurality of transactional devices including a plurality of computing devices, wherein each of the plurality of computing devices is used by one or more of the plurality of users fo