Detection and restriction of unwanted messages through time interval cluster analysis

What is claimed is: 1. A method of detecting a flood of unwanted messages, the method comprising the steps of: capturing a population of message data sent during a first interval, the message data including sender, recipient, content and submission time; establishing clusters of messages with the same content; repeating the processes for a second interval; merging the clusters for the first and second interval; constructing a network graph of clusters with each edge connecting a sender to a recipient, the clusters are constructed by a Cartesian representation of a message's attributes comprising a plurality of parameters; and detecting sender loops wherein the detected sender loops are a suspect cluster built over the first and second intervals having parameters including counts of connected nodes and rate of growth whereby corrective action is taken to minimize the message traffic from the sender. 2. The method of claim 1 wherein the parameters for the suspect cluster further include number of loops. 3. The method of claim 1 wherein the step of establishing clusters of messages with the same content is effected by applying a streaming machine learning algorithm. 4. The method of claim 1 wherein the parameters for the Cartesian representation include a first parameter of the message on a first axis and a second parameter of the message on a second axis. 5. The method of claim 1 wherein the parameters are selected from the group consisting of message word count, message character count, message sentence count, message file size, word embedding, message fuzzy hash, message keywords, message attachment file size, message attachment file name, and message meta data. 6. The method of claim 3 wherein the machine learning algorithm is density-based spatial clustering of applications with noise. 7. The method of claim 1 further comprising an associated metric for sender loops, the associated metrics is the number of nodes in a given loop. 8. The method of claim 1 wherein the corrective action is to restrict further transmission of the messages associated with detected sender loops. 9. The method of claim 1 wherein the corrective action is to restrict further transmission from the sender associated with the detected sender loops. 10. A method of detecting a flood of unwanted messages, the method comprising the steps of: capturing a population of message data sent during a first interval, the message data including sender, recipient, content and submission time; applying density-based spatial clustering of applications with noise to establish clusters of messages with the same content; filtering out sparse messages; repeating the processes for a second interval; merging the clusters for the first and second interval; constructing a network graph of clusters with each edge connecting a sender to a recipient; computing the breadth and depth of a resultant tree of the graph; detecting from the breadth and depth computations, suspect patterns in the network graph, the patterns selected from the group consisting of sender loops, excessive breadth of distribution and excessive depth of relay to sequential recipients; and automatically restricting further transmission of the messages with a cluster of messages having a suspect pattern. 11. The method of claim 10 further comprising the step of restricting further transmission activity of the sender. 12. The method of claim 11 wherein the restriction step is initiated responsive rule-derived from historical data of the spread of unwanted messages. 13. The method of claim 11 wherein the restriction step is initiated responsive to anomaly detection. 14. The method of claim 10 wherein the processing and clustering steps are continuously repeated for subsequent intervals for ongoing detection of floods of unwanted messages. 15. A method of detecting a flood of unwanted messages, the method comprising the steps of: capturing a population of message data sent during a first interval, the message data including sender, recipient, content and submission time; processing message content to form feature vectors, the processing technique selected from the group consisting of word embedding and fuzzy hashing; applying an algorithm to establish density clusters of messages with the same content; repeating the processes for subsequent intervals; merging the clusters for the first and subsequent intervals; filtering out sparse messages and sparse individual clusters; tagging metadata for each message, the metadata including sender and recipient for each data point in the cluster; constructing a graph for each message in the cluster wherein the graph is directed from sender to recipient and is chronologically ordered; for each message in the cluster, determining if the sender of the message is already a node in the constructed graph wherein the absence of the sender, two nodes are added, one for the sender and another for the recipient with a directional edge pointing from sender to recipient, wherein if the sender already exist and the recipient does not exist, adding a new node for the recipient and an edge with a timestamp, wherein if both sender and recipient nodes exist for the message in the constructed graph, add an edge from sender to recipient; apply a loop detection algorithm to the graph resolving one or more metrics selected from the group consisting of traversal path, number of participants, and time elapsed for the looping; computing the breadth and depth of the resultant tree of the graph; detecting from the breadth and depth computations suspect patterns in the network graph, the patterns including sender loops, excessive breadth of distribution, anomaly detection or excessive depth of relay to sequential recipients; and automatically restricting further transmission of the messages within a cluster of messages having a suspect pattern, the restriction selected from the group consisting of sender blocking on a message delivery platform, sender blocking on the message receiving platform, content blocking on the message delivery platform and content blocking on the message receiving platform. 16. The method of claim 15 wherein in the sender blocking step is selected from the group consisting of temporary sender blocking and sender message delivery delay. 17. The method of claim 15 wherein the content blocking step is selected from the group consisting of temporary content blocking and message delivery delay. 18. The method of claim 15 wherein the detection of suspect patterns is performed by a machine learning algorithm.