CN109300028A - Real-time anti-fraud method and system and storage medium based on network data - Google Patents
Real-time anti-fraud method and system and storage medium based on network data Download PDFInfo
- Publication number
- CN109300028A CN109300028A CN201811057556.9A CN201811057556A CN109300028A CN 109300028 A CN109300028 A CN 109300028A CN 201811057556 A CN201811057556 A CN 201811057556A CN 109300028 A CN109300028 A CN 109300028A
- Authority
- CN
- China
- Prior art keywords
- fraud
- data
- model
- network
- user behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/03—Credit; Loans; Processing thereof
Abstract
The present invention provides a kind of real-time anti-fraud method and system based on network data collects raw network data, by receiving and analyzing raw network data, obtains customer transaction information, user behavior information;Customer transaction information, user behavior information are sent to fraud Model Matching;Customer transaction information, user behavior information are analyzed, model is cheated by rule match engine combination machine learning and is matched, processing result to fraud is exported according to fraud model and is judged;Fraud judgement is carried out to the processing result of fraud model output, forms specific fraud;It calls data to supply interface, specific fraud is sent to external treatment end.The present invention is by the real-time collection analysis to network data, and it is not necessary to modify subscriber service systems, directly acquire network layer information, and high-performance parses network data, exports fraud result to anti-fraud platform.Provide real-time, full dose fraud detection data and analysis result.
Description
Technical field
The present invention relates to anti-fraud fields in real time, and in particular, to a kind of real-time hair fraud method based on network data
With system and storage medium.
Background technique
With the fast development of the networking of conventional banking facilities services interconnection and Novel Internet financial models, internet fraud
Means become more and more varied, and user and internet financial platform are also being sharply increased by the risk cheated.Statistical number
According to display, China Internet risk of fraud global ranking first three, loss caused by network fraud has reached GDP's
0.63%, this number is only second to the 0.64% of the U.S..
Anti- fraud data acquisition means common at present are by database or log or bury dot pattern acquisition information, effective
Or it is comprehensive not enough, by from database obtain database in data, timeliness is poor, and will not store transaction cross number of passes
According to, final transaction results data are only stored, it is not high to the accuracy of fraud judgement;There is no network messages in log
Information lacks the network information for playing important references in anti-fraud analysis, and needs to modify operation system with unified day
Will format and content;Burying dot pattern acquisition has network bandwidth and application performance additional loss, while being difficult to ensure information
Safety.
Patent document CN108038700A provides a kind of anti-fraud data analysing method and system, to from a Back end data
Data Mart is obtained in library and chart database is sent to an analysis model, and the Data Mart and the chart database are root
It is generated according to the basic data about fraud collected in advance;The analysis model is to the Data Mart and the diagram data
Library is analyzed, to obtain an analysis result;The analysis result is exported to a front end and shown.Individual risk of fraud is known
Other model is combined with group's risk of fraud identification model, and anti-fraud system is more complete.And integrated supervised study, Semi-supervised
Study and the study of unsupervised formula, handle data, improve recognition accuracy, and enable model modification speed faster, adapt to
Property is stronger.Meanwhile establish it is counter cheat real-time points-scoring system, and score and calculate more acurrate, anti-fraud analysis result observation is more intuitive.
Visual user's relation map can also intuitively show analysis as a result, user experience is good.The data that above patent document passes through acquisition
Source carries out anti-fraud and calculates, but data are obtained from database, and process data is caused to lack.
Patent document CN104679777A provides a kind of method for detecting fraudulent trading, which comprises obtains
History fraudulent trading record and history arm's length dealing is taken to record;Based on fraudulent trading record and arm's length dealing record
The two extracts characterization factor;Training sample set is generated from fraudulent trading record and arm's length dealing record;With described
Training sample set constructs decision tree, wherein constructing leaf node as target elements using two classifications of arm's length dealing and fraudulent trading
And other nodes of the decision tree are constructed according to the characterization factor;From all from root node to finger of the decision tree
Show the path extraction fraud rule of the leaf node of fraudulent trading;And fraud inspection is carried out to transaction data according to the fraud rule
It surveys.Above patent document carries out anti-fraud by the data source obtained and calculates, but is calculated merely with historical data source, no
It is enough comprehensive.
Summary of the invention
For the defects in the prior art, the real-time hair fraudulent party based on network data that the object of the present invention is to provide a kind of
Method and system and storage medium.
A kind of real-time anti-fraud method based on network interconnection data provided according to the present invention, includes the following steps, net
Network data collection steps: collecting raw network data, and raw network data is sent to data analysis and processing step;Data point
Analysis and processing step: by receiving and analyzing raw network data, customer transaction information, user behavior information are obtained, by user
Transaction Information, user behavior information are sent to fraud Model Matching step;Cheat Model Matching step: to customer transaction information,
User behavior information is analyzed, and is cheated model by rule match engine combination machine learning and is matched, is tied according to matching
Fruit exports to fraud judgment step;Fraud judgment step: to fraud Model Matching step output matching result into
Row fraud judgement, forms specific fraud;Fraud exports step: specific fraud is sent to external treatment
End.
Preferably, the network data acquisition step includes acquisition step: receiving the primitive network number that external equipment is sent
According to;Network layer decoding step: network layer decoder is carried out to raw network data, forms first network data;Forwarding step: the is enabled
One network data is forwarded to data analysis and processing step.
Preferably, the data analysis includes data reception step with processing step: receiving network data acquisition step turns
The first network data of hair;Application layer decoding step: application layer protocol decoding is carried out to first network data, is formed unstructured
Trading activity data;Transaction association step: transaction association is carried out to trading activity data according to Trading Model, user is formed and hands over
Easy information, user behavior information;Message exports step: customer transaction information, user behavior information are exported to fraud model
With step.
Preferably, the fraud Model Matching step includes customer relationship analytical procedure: to customer transaction information, user
Customer relationship in behavioural information is analyzed, and in conjunction with customer relationship historical data, forms customer relationship net;User behavior analysis
Step: the user behavior in customer transaction information, user behavior information is analyzed, in conjunction with user behavior historical data, shape
At user behavior state;Machine learning step: it is taken advantage of in machine learning model according to customer relationship net, user behavior state
Swindleness behavior matching, exports processing result.
Preferably, the fraud judgment step includes real-time judge rule step: rule of thumb model, nerve net
Network model judges whether the processing result for cheating model output belongs to fraud, enumerates specific fraud;Rule configuration step
It is rapid: to judge whether the processing result for cheating model output belongs to fraud according to setting rule, enumerate specific fraud;Machine
Device learning data input step: it enables the processing result of fraud model output that label is set, and is input to fraud Model Matching step.
Preferably, the fraud exports step, and short message interface notifying process: specific fraud is connect by short message
Mouth is sent to external treatment end;Electric kernel interface notifying process: specific fraud is audited into artificial treatment by phone and is sent to
External treatment end;Api interface notifying process: specific fraud is interacted by api interface with ESB bus and is sent to external place
Manage end.
Preferably, the real-time anti-fraud method based on network interconnection data further includes the anti-fraud Policy Updates of dynamic
Step;The dynamic is counter to cheat Policy Updates step: enable the first anti-fraud rule of rule match engine be increased newly or modified,
Anti- fraud rule, asynchronous building suspend data analysis and processing step after the completion for asynchronous building second, enable the second anti-fraud regular
Anti- fraud rule, setup rule match engine for replacement first, restore data analysis and processing step.
Preferably, the real-time anti-fraud method based on network interconnection data, further include Nonstationary Machine Learning Model more
New step;Nonstationary Machine Learning Model updates step: the label of history fraud and normal behaviour is carried out in set period of time
Data set training obtains latest data collection training pattern, the analysis of pause data and place after latest data collection training pattern is formed
Step is managed, triggering machine learning fraud model replacement restores data analysis and processing step.
A kind of real-time anti-fake system based on network interconnection data provided according to the present invention, comprises the following modules, net
Network data acquisition module: collecting raw network data, and raw network data is sent to data analysis and processing module;Data point
Analysis and processing module: by receiving and analyzing raw network data, customer transaction information, user behavior information are obtained, by user
Transaction Information, user behavior information are sent to fraud model fitting module;Cheat model fitting module: to customer transaction information,
User behavior information is analyzed, and is cheated model by machine learning and is matched, extremely according to fraud model output processing result
Fraud judgment module;Fraud judgment module: fraud judgement, shape are carried out to the processing result of fraud model output
At specific fraud;Data supplying module: specific fraud is sent to external treatment end.
A kind of computer readable storage medium for being stored with computer program provided according to the present invention, the computer journey
The step of above method is realized when sequence is executed by processor.
Compared with prior art, the present invention have it is following the utility model has the advantages that
1, it supports seamless deployment, the number for supporting anti-fraud scene can be acquired under the premise of not modifying subscriber service system
According to;
2, it is used as user behavior data source, the behavioral data comprising all operating process of user, phase using network data
Than the final result data of database, it is capable of providing more accurately analysis result;
3, suitable for operation system no dependence, being suitable for not there are each service link of user behavior and transaction
With operation system and platform;
4, by the real-time acquisition and processing to network data, and it is sent to anti-fraud platform in real time and carries out fraud knowledge
Not, there is higher real-time compared to database, the anti-scene cheated in thing can be supported;
5, high-performance parsing network data and export recognition result to anti-fraud platform, can support level extension, support
Real-time anti-fraud detection based on mass data.
Detailed description of the invention
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention,
Objects and advantages will become more apparent upon:
Fig. 1 is module relation diagram of the invention;
Fig. 2 is system flow chart of the invention;
Fig. 3 is data collection and analysis link flow chart of the invention;
Fig. 4 is marketing link flow chart of the invention.
Specific embodiment
The present invention is described in detail combined with specific embodiments below.Following embodiment will be helpful to the technology of this field
Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill of this field
For personnel, without departing from the inventive concept of the premise, several changes and improvements can also be made.These belong to the present invention
Protection scope.
A kind of real-time anti-fraud method based on network interconnection data provided according to the present invention, comprising the following steps: net
Network data collection steps: by light-dividing device (TAP) mirror user operation system network data and it is sent to anti-fake system
Data receiver is sent to data analysis and processing to collect raw network data after being pre-processed raw network data
Step simultaneously stores initial data for subsequent further analysis;Data analysis and processing step: pretreated network data is received simultaneously
Application layer protocol, which is carried out, according to configuration obtains process of exchange data to decode.According to Trading Model to decoded process of exchange number
According to transaction association is carried out, customer transaction information, user behavior information are formed, customer transaction information, user behavior information are sent
To fraud Model Matching step;Fraud Model Matching step: analyzing customer transaction information, user behavior information, in conjunction with
Machine learning cheats model and carries out fraud matching, exports matching result to fraud judgment step according to fraud model;
Fraud judgment step: fraud judgement is carried out to the processing result of fraud model output, forms specific fraud;It takes advantage of
Swindleness behavior exports step: calling data to supply interface, specific fraud is sent to external treatment end.
Specifically, the network data acquisition step includes data collection steps: being used by light-dividing device (TAP) mirror image
Family operation system network data and the data receiver for being sent to anti-fake system receive the primitive network number that external equipment provides
According to;Network layer decoding step: being decoded raw network data according to TCP/IP layer agreement, forms application layer data;Network
Data forwarding and storing step: it enables application layer data be forwarded to data analysis and simultaneously stores raw network data with processing step
For subsequent applications in being locally stored.
Specifically, the data analysis includes data reception step with processing step: receiving network data acquisition step turns
The first network data of hair;Application layer decoding step: application layer protocol solution is carried out according to protocol stack arrangement to first network data
Code, forms non-structured process of exchange data;Transaction association step: process of exchange data are carried out according to transaction association model
Transaction association forms customer transaction information, user behavior information;Message exports step: customer transaction information, user behavior are believed
Breath output extremely fraud Model Matching step.
Specifically, the fraud Model Matching step includes customer relationship analytical procedure: to customer transaction information, user
Customer relationship in behavioural information is analyzed, and in conjunction with customer relationship historical data, forms customer relationship net.Preferably, user
Input data can be integrated into a netted model by relationship analysis, by analyzing the contact person of user, the history note of connection
The information such as record, calculate whether user belongs to potential malicious user, to avoid risk.For example certain user is obtained from network packet
Transfer information etc., in conjunction with the information that other existing channels obtain, what can be more clear depicts the relational graph of user;With
Family behavioural analysis step: the user behavior in customer transaction information, user behavior information is analyzed, is gone through in conjunction with user behavior
History data form user behavior state.Preferably, user behavior analysis can depict user when different according to input data
Between, different location, the habit on distinct device to analyze whether user may be likely to be fraudulent user, or is taken advantage of
Swindleness clique malice usurps account.For example the information of full channel is obtained in users from networks packet, for example user is in a short time more
A channel continues to try to withdraw the money, then shows that the user exists by steal-number risk;Machine learning step: it according to customer relationship net, uses
Family behavior state carries out fraud matching in machine learning model, exports processing result.Preferably, machine learning model meeting
With the information that quasi real time pattern analysis processing is obtained from network data source and other data sources, by the calculating of artificial intelligence with point
Analysis calculates different models, is matched after truthful data input and is output to fraud judgment step.
Specifically, the fraud judgment step includes real-time judge rule step: rule of thumb model, nerve net
Network model judges whether the processing result for cheating model output belongs to fraud, enumerates specific fraud;Rule configuration step
It is rapid: to judge whether the processing result for cheating model output belongs to fraud according to setting rule, enumerate specific fraud.Institute
Stating setting rule is operator's rule of thumb tuning parameter or threshold value, configures the rule and mould of fraud according to the actual situation
Type.;Machine learning data input step: it enables the processing result of fraud model output that label is set, and is input to fraud model
With step.Preferably, tagged to the processing result of each output according to network packet or other data sources, and again
Machine learning model is input to carry out calculating behavior and relationship information that user is improved in study, it can essence according to the content of network packet
Quasi- judges each input, the study of support AI that can be better according to the accurate label stamped.
Specifically, the data supplying step includes short message interface notifying process: specific fraud is connect by short message
Mouth is sent to external treatment end;Electric kernel interface notifying process: specific fraud is audited into artificial treatment by phone and is sent to
External treatment end;Api interface notifying process: specific fraud is interacted by api interface with ESB bus and is sent to external place
Manage end.
A kind of computer readable storage medium for being stored with computer program provided according to the present invention, the computer journey
The step of above method is realized when sequence is executed by processor.
A kind of real-time anti-fake system based on network interconnection data provided according to the present invention, as shown in Figure 1, include with
Lower module, network data acquisition module: collecting raw network data, and raw network data is sent to data analysis and processing mould
Block;Data analysis and processing module: by receiving and analyzing raw network data, customer transaction information, user behavior letter are obtained
Breath, is sent to fraud model fitting module for customer transaction information, user behavior information;Cheat model fitting module: to user
Transaction Information, user behavior information are analyzed, and are cheated model by machine learning and are matched, at fraud model output
Result is managed to fraud judgment module;Fraud judgment module: fraud row is carried out to the processing result of fraud model output
For judgement, specific fraud is formed;Data supplying module: calling data to supply interface, specific fraud is sent to outer
Portion processing end.
The network data acquisition module includes acquisition module: receiving the raw network data that external equipment provides;Network
Layer decoder module: being decoded raw network data according to TCP/IP layer agreement, forms application layer data;Forwarding module: it enables
Application layer data is forwarded to data analysis and processing module.
The data are analyzed with processing module
Receiving module: the application layer data of receiving network data acquisition module forwarding;
Application layer decoder module: application layer protocol decoding is carried out to application layer data, forms non-structured process of exchange
Record;
Transaction association module: recording process of exchange according to Trading Model and carry out transaction association, formation customer transaction information,
User behavior information;
Message output module: customer transaction information, user behavior information are exported to fraud model fitting module.
The fraud model fitting module includes:
Customer relationship analysis module: analyzing the customer relationship in customer transaction information, user behavior information, in conjunction with
Customer relationship historical data forms customer relationship net;
User behavior analysis module: analyzing the user behavior in customer transaction information, user behavior information, in conjunction with
User behavior historical data forms user behavior state;
Machine learning module: fraud is carried out in machine learning model according to customer relationship net, user behavior state
Matching exports processing result.
The fraud judgment module includes:
Real-time judge rule module: the processing result that rule of thumb model, neural network model judgement fraud model export
Whether belong to fraud, enumerates specific fraud;
Rule configuration module: judging whether the processing result for cheating model output belongs to fraud according to setting rule,
Enumerate specific fraud;
Machine learning data input module: it enables the processing result of fraud model output that label is set, and is input to fraud mould
Type matching module.
The data supplying module:
Short message interface notification module: specific fraud is sent to external treatment end by short message interface;
Electric kernel interface notification module: specific fraud is audited into artificial treatment by phone and is sent to external treatment end;
Api interface notification module: specific fraud is interacted by api interface with ESB bus and is sent to external treatment
End.
Real-time anti-fake system provided by the invention based on network interconnection data, can be by being based on network interconnection data
Real-time anti-fraud method step process realize.Those skilled in the art counter can take advantage of real-time based on network interconnection data
Swindleness method is interpreted as the preference of the real-time anti-fake system based on network interconnection data.
As shown in figure 3, in network data acquisition step, data analysis and processing step, it can be real by following steps
Existing, load configuration: initializing entire data collection and analysis link according to configuration, mainly includes following content: the net of monitoring
Card information, Data Matching rule to be processed, the protocol stack information of data to be analyzed, output configuration information etc.;Monitor network interface card stream
Amount: higher place can be provided relative to common message-oriented middleware according to configuring binding server network interface card and therefrom receiving data
Rationality energy;Network layer decoder: being decoded data according to ICP/IP protocol, to generate network session information;Data filtering: root
Data are filtered with the session information generated before according to configuration, abandon nontransaction data;Using layer decoder: according to configuration pair
Filtered network data is carried out using layer decoder, and content such as HTTP, XML etc. applies layer decoder, to obtain detailed transaction
Details;Transaction data association: transaction details data are associated based on the algorithm of state machine according to configuration, by one or more
Detailed data is associated to a complete transaction data;Transaction data output: association is completed by transaction data according to configuration and is sent
Subsequent operation is carried out to marketing platform.
As shown in figure 4, can be realized in real-time anti-fraud detecting step by following steps, counter take advantage of is initialized
It cheats engine step: anti-fraud engine is initialized according to loading configuration file.Configuration file mainly includes the following contents: customer relationship
Analysis rule, user behavior matching rule, training pattern data export configuration rule;Binding data source step: it is tied up according to configuration
Determine data source, the customer transaction data that receiving network data acquisition and analysis system provide.Specifically use memory switching technology
To optimize data transmission performance;Customer relationship analytical procedure: according to the relationship between the rule analysis user of definition, user is closed
System is organized into graph data structure, for downstream use.It, can be dynamically right if occurring the variation of rule in operational process
Rule is updated, and can be come into force in next treatment process immediately after the completion of update;User behavior analysis step: according to
Family transaction data and customer relationship figure identify the behavior of user using traditional rule match mode;Machine learning matching step:
On the basis of traditional rule is matched, using the machine learning algorithm based on deep neural network, data instruction is cheated according to history
Practice fraud identification model, to complete the identification of user behavior.Fraud exports step: the fraud information recognized is deposited
Storage, to develop the related application based on fraud later, is limited into database as user credit evaluation, user access
System etc..Fraud can also be sent in real time to anti-fraud platform by message, cheat platform by counter and realize real-time friendship
The easily high real-times application scenarios such as blocking.
Preferably, the invention also includes the anti-fraud Policy Updates steps of dynamic, are based on the network interconnection provided by the invention
In the real-time anti-fake system operational process of data, user can be newly-increased by interface or modifies anti-fraud rule.It is advised in application
After then, system can asynchronously construct the new anti-rule match engine cheated, and of short duration pause data flow and replace after the completion of building
Engine is changed, restores data flow after being replaced successfully again.The rule match engine batch processing, by trading information data and user
The rule of definition is matched, and will be marked on the data band of successful match.Such as: rule 1: the same account is adjacent to be operated twice
Time interval is greater than x minutes, and x takes the numerical value greater than 0;Rule 2: the adjacent operation twice of the same account is apart greater than y kilometers, y
Take the numerical value greater than 0.If an account meets above-mentioned condition simultaneously, suspicious record can be marked as.
Preferably, the invention also includes dynamic machines to learn fraud model modification step, and it is base that model is cheated in machine learning
It is formed in the flag data collection training of history fraud and normal behaviour.In order to enable machine learning fraud model with when
Between develop, the present invention can periodically based on newest data set training new model.After the completion of model training, trigger model updates stream
Journey, of short duration pause data flow and substitution model, restore data flow again after being replaced successfully.
In preferred specific embodiment, it is illustrated, will be acquired by taking the anti-fraud scene of certain bank as an example below
Module is deployed on all channels of bank, for example, Web bank, Mobile banking, on telephone bank's server, it is not necessary to modify preceding
A large amount of network informations of full channel are obtained in the case where the application of end in real time, while sending data analysis and processing for network data
Device, and network data can be stored in storage medium;After data analysis receives network data with processing module, according to
The data model of configuration obtained after network data is analyzed and handled user behavior and transaction data (such as user account,
The amount of the loan, the channel classification used, number of attempt etc.), while next mould is sent by the behavior of user and transaction data
Block, and the behavior of user and transaction data can be stored in storage medium;Judgment models are according to using machine learning module tune
It is carried out calculating matching historical record with customer relationship module and user behavior module, and final processing result is output to and is taken advantage of
Swindleness behavior judgment module;Rule configuration module input experience configuration is first passed through in advance, when then judgment module receives Real time request,
The rule rule of thumb configured, and this time whether request belongs to fraud according to the judgement of the result various dimensions of judgment models,
And it is tagged.After machine learning input module periodically arranges judging result simultaneously, it is directed back to the machine of fraud judgment models
Study module carries out calculating learning classification;The result of judgement is finally sent to downstream platform, such as phone by diversified forms
It audits platform and carries out manual examination and verification, or related personnel is sent to by short message, or sending result by API has downstream platform certainly
Dynamic processing.
In another preferred embodiment, in the application of certain internet financing corporation, by data collection point portion
Administration is on the channel of all network data acquisitions.According to the information got, such as the behavioural information that user transfers accounts etc., pass through
Artificial intelligence module analyzes the relationship between user, forms the relational network of user, and is stored in storage medium.With
In the operation of family next time, the trade network of the matching analysis user is carried out according to the calculated user model of artificial intelligence before
In whether there is high risk user, to calculate the risk of the user, and this information is passed into behavior judgment module.It is passing through
After crossing manual examination and verification or rule audit, system automatically records down the risk situation of the user, to enter data into back machine
Study module judges the risk of other users associated there according to the label information of this user.
One skilled in the art will appreciate that in addition to realizing system provided by the invention in a manner of pure computer readable program code
It, completely can be by the way that method and step be carried out programming in logic come so that provided by the invention other than system, device and its modules
System, device and its modules are declined with logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion
The form of controller etc. realizes identical program.So system provided by the invention, device and its modules may be considered that
It is a kind of hardware component, and the knot that the module for realizing various programs for including in it can also be considered as in hardware component
Structure;It can also will be considered as realizing the module of various functions either the software program of implementation method can be Hardware Subdivision again
Structure in part.
Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited to above-mentioned
Particular implementation, those skilled in the art can make a variety of changes or modify within the scope of the claims, this not shadow
Ring substantive content of the invention.In the absence of conflict, the feature in embodiments herein and embodiment can any phase
Mutually combination.
Claims (10)
1. a kind of real-time anti-fraud method based on network interconnection data, which comprises the following steps:
Network data acquisition step: collecting raw network data, and raw network data is sent to data analysis and processing step;
Data analysis and processing step: by receiving and analyzing raw network data, customer transaction information, user behavior letter are obtained
Customer transaction information, user behavior information are sent to fraud Model Matching step by breath;
Fraud Model Matching step: customer transaction information, user behavior information are analyzed, combined by rule match engine
Machine learning fraud model is matched, and is exported according to matching result to fraud judgment step;
Fraud judgment step: fraud judgement is carried out to the matching result of fraud Model Matching step output, forms tool
Body fraud;
Fraud exports step: specific fraud is sent to external treatment end.
2. the real-time anti-fraud method according to claim 1 based on network interconnection data, which is characterized in that the network
Data collection steps include:
Acquisition step: the raw network data that external equipment is sent is received;
Network layer decoding step: network layer decoder is carried out to raw network data, forms first network data;
Forwarding step: enable first network data forwarding to data analysis and processing step.
3. the real-time anti-fraud method according to claim 1 based on network interconnection data, which is characterized in that the data
It analyzes with processing step and includes:
Data reception step: the first network data of receiving network data acquisition step forwarding;
Application layer decoding step: application layer protocol decoding is carried out to first network data, forms non-structured trading activity number
According to;
Transaction association step: transaction association is carried out to trading activity data according to Trading Model, forms customer transaction information, user
Behavioural information;
Message exports step: customer transaction information, user behavior information are exported to fraud Model Matching step.
4. the real-time anti-fraud method according to claim 1 based on network interconnection data, which is characterized in that the fraud
Model Matching step includes:
Customer relationship analytical procedure: the customer relationship in customer transaction information, user behavior information is analyzed, in conjunction with user
Relationship historical data forms customer relationship net;
User behavior analysis step: the user behavior in customer transaction information, user behavior information is analyzed, in conjunction with user
Behavior historical data forms user behavior state;
Machine learning step: carrying out fraud matching according to customer relationship net, user behavior state in machine learning model,
Export processing result.
5. the real-time anti-fraud method according to claim 1 based on network interconnection data, which is characterized in that the fraud
Behavior judgment step includes:
Real-time judge rule step: rule of thumb model, neural network model judge cheat model output processing result whether
Belong to fraud, enumerates specific fraud;
Regular configuration step: judge whether the processing result for cheating model output belongs to fraud according to setting rule, enumerate
Specific fraud;
Machine learning data input step: it enables the processing result of fraud model output that label is set, and is input to fraud model
With step.
6. the real-time anti-fraud method according to claim 1 based on network interconnection data, which is characterized in that the fraud
Behavior exports step:
Short message interface notifying process: specific fraud is sent to external treatment end by short message interface;
Electric kernel interface notifying process: specific fraud is audited into artificial treatment by phone and is sent to external treatment end;
Api interface notifying process: specific fraud is interacted by api interface with ESB bus and is sent to external treatment end.
7. the real-time anti-fraud method according to claim 1 based on network interconnection data, which is characterized in that further include moving
State is counter to cheat Policy Updates step;
The dynamic is counter to cheat Policy Updates step: enable the first anti-fraud rule of rule match engine be increased newly or modified,
Anti- fraud rule, asynchronous building suspend data analysis and processing step after the completion for asynchronous building second, enable the second anti-fraud regular
Anti- fraud rule, setup rule match engine for replacement first, restore data analysis and processing step.
8. the real-time anti-fraud method described in claim 1 based on network interconnection data, which is characterized in that further include dynamic machine
Device learning model updates step;
Nonstationary Machine Learning Model updates step: the flag data of history fraud and normal behaviour is carried out in set period of time
Collection training obtains latest data collection training pattern, and the analysis of pause data is walked with processing after latest data collection training pattern is formed
Suddenly, triggering machine learning fraud model replacement restores data analysis and processing step.
9. a kind of real-time anti-fake system based on network interconnection data, which is characterized in that comprise the following modules:
Network data acquisition module: collecting raw network data, and raw network data is sent to data analysis and processing module;
Data analysis and processing module: by receiving and analyzing raw network data, customer transaction information, user behavior letter are obtained
Breath, is sent to fraud model fitting module for customer transaction information, user behavior information;
Fraud model fitting module: customer transaction information, user behavior information are analyzed, model is cheated by machine learning
It is matched, processing result is exported to fraud judgment module according to fraud model;
Fraud judgment module: fraud judgement is carried out to the processing result of fraud model output, forms specific fraud row
For;
Data supplying module: specific fraud is sent to external treatment end.
10. a kind of computer readable storage medium for being stored with computer program, which is characterized in that the computer program is located
The step of reason device realizes method described in any item of the claim 1 to 8 when executing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811057556.9A CN109300028A (en) | 2018-09-11 | 2018-09-11 | Real-time anti-fraud method and system and storage medium based on network data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811057556.9A CN109300028A (en) | 2018-09-11 | 2018-09-11 | Real-time anti-fraud method and system and storage medium based on network data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109300028A true CN109300028A (en) | 2019-02-01 |
Family
ID=65166481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811057556.9A Pending CN109300028A (en) | 2018-09-11 | 2018-09-11 | Real-time anti-fraud method and system and storage medium based on network data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109300028A (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109829721A (en) * | 2019-02-13 | 2019-05-31 | 同济大学 | Online trading multiagent behavior modeling method based on heterogeneous network representative learning |
| CN110148001A (en) * | 2019-04-29 | 2019-08-20 | 上海欣方智能系统有限公司 | A kind of system and method for realizing fraudulent trading intelligent early-warning |
| CN110213239A (en) * | 2019-05-08 | 2019-09-06 | 阿里巴巴集团控股有限公司 | Suspicious transaction message generation method, device and server |
| CN110362981A (en) * | 2019-06-29 | 2019-10-22 | 上海淇毓信息科技有限公司 | The method and system of abnormal behaviour are judged based on credible equipment fingerprint |
| CN110363649A (en) * | 2019-06-27 | 2019-10-22 | 上海淇馥信息技术有限公司 | A kind of method for prewarning risk based on user operation case, device, electronic equipment |
| CN110675263A (en) * | 2019-09-27 | 2020-01-10 | 支付宝(杭州)信息技术有限公司 | Risk identification method and device for transaction data |
| CN110956547A (en) * | 2019-11-28 | 2020-04-03 | 广州及包子信息技术咨询服务有限公司 | Search engine-based method and system for identifying cheating group in real time |
| CN110990810A (en) * | 2019-11-28 | 2020-04-10 | 中国建设银行股份有限公司 | User operation data processing method, device, equipment and storage medium |
| CN111080441A (en) * | 2019-12-20 | 2020-04-28 | 四川新网银行股份有限公司 | Method for judging negative information of bank user after loan |
| CN111581253A (en) * | 2020-05-04 | 2020-08-25 | 上海维信荟智金融科技有限公司 | Real-time detection method and system based on anti-fraud model |
| CN112053223A (en) * | 2020-08-14 | 2020-12-08 | 百维金科(上海)信息科技有限公司 | Internet financial fraud behavior detection method based on GA-SVM algorithm |
| CN112200583A (en) * | 2020-10-28 | 2021-01-08 | 交通银行股份有限公司 | Knowledge graph-based fraud client identification method |
| CN112399013A (en) * | 2019-08-15 | 2021-02-23 | 中国电信股份有限公司 | Abnormal telephone traffic identification method and device |
| CN112506983A (en) * | 2020-09-18 | 2021-03-16 | 上海欣方智能系统有限公司 | Anti-fraud method based on big data support |
| CN112579864A (en) * | 2020-12-25 | 2021-03-30 | 北京明朝万达科技股份有限公司 | Anti-fraud processing method and device |
| CN112751835A (en) * | 2020-12-23 | 2021-05-04 | 石溪信息科技(上海)有限公司 | Traffic early warning method, system, equipment and storage device |
| CN112862009A (en) * | 2021-03-29 | 2021-05-28 | 中信银行股份有限公司 | Real-time anti-fraud data processing method and system based on stream computing |
| CN113259402A (en) * | 2021-07-19 | 2021-08-13 | 北京明略软件系统有限公司 | Method and device for determining abnormal network protocol address |
| CN113610534A (en) * | 2021-07-28 | 2021-11-05 | 浙江惠瀜网络科技有限公司 | Data processing method and device for anti-fraud |
| CN113706176A (en) * | 2021-09-02 | 2021-11-26 | 赵琦 | Information anti-fraud processing method and service platform system combined with cloud computing |
| CN113793132A (en) * | 2021-09-24 | 2021-12-14 | 上海通联金融服务有限公司 | Automatic approval method, system and terminal based on machine learning |
| CN114971642A (en) * | 2022-05-30 | 2022-08-30 | 平安科技(深圳)有限公司 | Knowledge graph-based anomaly identification method, device, equipment and storage medium |
| CN116562901A (en) * | 2023-06-25 | 2023-08-08 | 福建润楼数字科技有限公司 | Automatic generation method of anti-fraud rule based on machine learning |
| CN116579774A (en) * | 2023-07-14 | 2023-08-11 | 深圳明辉智能技术有限公司 | Cross encryption-based payment platform system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103714479A (en) * | 2012-10-09 | 2014-04-09 | 四川欧润特软件科技有限公司 | Intelligent centralized monitor method and system for bank personal business fraudulent conducts |
| CN103886495A (en) * | 2013-09-30 | 2014-06-25 | 上海本家空调系统有限公司 | Monitoring method and system based on network transaction |
| CN105976242A (en) * | 2016-04-21 | 2016-09-28 | 中国农业银行股份有限公司 | Transaction fraud detection method and system based on real-time streaming data analysis |
| CN107067324A (en) * | 2017-04-18 | 2017-08-18 | 上海翼翎数据信息技术有限公司 | A kind of utilization network packet capturing data realize the method and system of transaction risk control |
| CN108038700A (en) * | 2017-12-22 | 2018-05-15 | 上海前隆信息科技有限公司 | A kind of anti-fraud data analysing method and system |
-
2018
- 2018-09-11 CN CN201811057556.9A patent/CN109300028A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103714479A (en) * | 2012-10-09 | 2014-04-09 | 四川欧润特软件科技有限公司 | Intelligent centralized monitor method and system for bank personal business fraudulent conducts |
| CN103886495A (en) * | 2013-09-30 | 2014-06-25 | 上海本家空调系统有限公司 | Monitoring method and system based on network transaction |
| CN105976242A (en) * | 2016-04-21 | 2016-09-28 | 中国农业银行股份有限公司 | Transaction fraud detection method and system based on real-time streaming data analysis |
| CN107067324A (en) * | 2017-04-18 | 2017-08-18 | 上海翼翎数据信息技术有限公司 | A kind of utilization network packet capturing data realize the method and system of transaction risk control |
| CN108038700A (en) * | 2017-12-22 | 2018-05-15 | 上海前隆信息科技有限公司 | A kind of anti-fraud data analysing method and system |
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109829721A (en) * | 2019-02-13 | 2019-05-31 | 同济大学 | Online trading multiagent behavior modeling method based on heterogeneous network representative learning |
| CN109829721B (en) * | 2019-02-13 | 2023-06-06 | 同济大学 | Online transaction multi-subject behavior modeling method based on heterogeneous network characterization learning |
| CN110148001A (en) * | 2019-04-29 | 2019-08-20 | 上海欣方智能系统有限公司 | A kind of system and method for realizing fraudulent trading intelligent early-warning |
| CN110213239A (en) * | 2019-05-08 | 2019-09-06 | 阿里巴巴集团控股有限公司 | Suspicious transaction message generation method, device and server |
| CN110213239B (en) * | 2019-05-08 | 2021-06-01 | 创新先进技术有限公司 | Suspicious transaction message generation method and device and server |
| CN110363649A (en) * | 2019-06-27 | 2019-10-22 | 上海淇馥信息技术有限公司 | A kind of method for prewarning risk based on user operation case, device, electronic equipment |
| CN110362981A (en) * | 2019-06-29 | 2019-10-22 | 上海淇毓信息科技有限公司 | The method and system of abnormal behaviour are judged based on credible equipment fingerprint |
| CN110362981B (en) * | 2019-06-29 | 2022-12-02 | 上海淇毓信息科技有限公司 | Method and system for judging abnormal behavior based on trusted device fingerprint |
| CN112399013A (en) * | 2019-08-15 | 2021-02-23 | 中国电信股份有限公司 | Abnormal telephone traffic identification method and device |
| CN110675263A (en) * | 2019-09-27 | 2020-01-10 | 支付宝(杭州)信息技术有限公司 | Risk identification method and device for transaction data |
| CN110675263B (en) * | 2019-09-27 | 2022-06-03 | 支付宝(杭州)信息技术有限公司 | Risk identification method and device for transaction data |
| CN110956547B (en) * | 2019-11-28 | 2023-11-03 | 广州及包子信息技术咨询服务有限公司 | Method and system for identifying fraudulent party in real time based on search engine |
| CN110990810A (en) * | 2019-11-28 | 2020-04-10 | 中国建设银行股份有限公司 | User operation data processing method, device, equipment and storage medium |
| CN110956547A (en) * | 2019-11-28 | 2020-04-03 | 广州及包子信息技术咨询服务有限公司 | Search engine-based method and system for identifying cheating group in real time |
| CN111080441A (en) * | 2019-12-20 | 2020-04-28 | 四川新网银行股份有限公司 | Method for judging negative information of bank user after loan |
| CN111080441B (en) * | 2019-12-20 | 2023-04-18 | 四川新网银行股份有限公司 | Method for judging negative information of bank user after loan |
| CN111581253A (en) * | 2020-05-04 | 2020-08-25 | 上海维信荟智金融科技有限公司 | Real-time detection method and system based on anti-fraud model |
| CN112053223A (en) * | 2020-08-14 | 2020-12-08 | 百维金科(上海)信息科技有限公司 | Internet financial fraud behavior detection method based on GA-SVM algorithm |
| CN112506983A (en) * | 2020-09-18 | 2021-03-16 | 上海欣方智能系统有限公司 | Anti-fraud method based on big data support |
| CN112200583B (en) * | 2020-10-28 | 2023-12-19 | 交通银行股份有限公司 | Knowledge graph-based fraudulent client identification method |
| CN112200583A (en) * | 2020-10-28 | 2021-01-08 | 交通银行股份有限公司 | Knowledge graph-based fraud client identification method |
| CN112751835B (en) * | 2020-12-23 | 2023-05-02 | 石溪信息科技(上海)有限公司 | Flow early warning method, system, equipment and storage medium |
| CN112751835A (en) * | 2020-12-23 | 2021-05-04 | 石溪信息科技(上海)有限公司 | Traffic early warning method, system, equipment and storage device |
| CN112579864B (en) * | 2020-12-25 | 2022-09-16 | 北京明朝万达科技股份有限公司 | Anti-fraud processing method and device |
| CN112579864A (en) * | 2020-12-25 | 2021-03-30 | 北京明朝万达科技股份有限公司 | Anti-fraud processing method and device |
| CN112862009A (en) * | 2021-03-29 | 2021-05-28 | 中信银行股份有限公司 | Real-time anti-fraud data processing method and system based on stream computing |
| CN113259402A (en) * | 2021-07-19 | 2021-08-13 | 北京明略软件系统有限公司 | Method and device for determining abnormal network protocol address |
| CN113610534A (en) * | 2021-07-28 | 2021-11-05 | 浙江惠瀜网络科技有限公司 | Data processing method and device for anti-fraud |
| CN113706176B (en) * | 2021-09-02 | 2022-08-19 | 江西裕民银行股份有限公司 | Information anti-fraud processing method and service platform system combined with cloud computing |
| CN113706176A (en) * | 2021-09-02 | 2021-11-26 | 赵琦 | Information anti-fraud processing method and service platform system combined with cloud computing |
| CN113793132A (en) * | 2021-09-24 | 2021-12-14 | 上海通联金融服务有限公司 | Automatic approval method, system and terminal based on machine learning |
| CN114971642A (en) * | 2022-05-30 | 2022-08-30 | 平安科技(深圳)有限公司 | Knowledge graph-based anomaly identification method, device, equipment and storage medium |
| CN116562901A (en) * | 2023-06-25 | 2023-08-08 | 福建润楼数字科技有限公司 | Automatic generation method of anti-fraud rule based on machine learning |
| CN116562901B (en) * | 2023-06-25 | 2024-04-02 | 福建润楼数字科技有限公司 | Automatic generation method of anti-fraud rule based on machine learning |
| CN116579774A (en) * | 2023-07-14 | 2023-08-11 | 深圳明辉智能技术有限公司 | Cross encryption-based payment platform system and method |
| CN116579774B (en) * | 2023-07-14 | 2024-01-12 | 深圳明辉智能技术有限公司 | Cross encryption-based payment platform system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109300028A (en) | Real-time anti-fraud method and system and storage medium based on network data | |
| CN110399550A (en) | A kind of information recommendation method and device | |
| CN106803168B (en) | Abnormal transfer detection method and device | |
| US6920440B1 (en) | Forming a signature of parameters extracted from information | |
| CN109410036A (en) | A kind of fraud detection model training method and device and fraud detection method and device | |
| CN110267272A (en) | A kind of fraud text message recognition methods and identifying system | |
| CN107067324A (en) | A kind of utilization network packet capturing data realize the method and system of transaction risk control | |
| CN110248322B (en) | Fraud group partner identification system and identification method based on fraud short messages | |
| GB2321364A (en) | Retraining neural network | |
| CN110163618A (en) | Extremely detection method, device, equipment and the computer readable storage medium traded | |
| CN103796183B (en) | A kind of refuse messages recognition methods and device | |
| CN108629379A (en) | A kind of individual's reference appraisal procedure and system | |
| CN107819747A (en) | A kind of telecommunication fraud correlation analysis system and method based on communication event sequence | |
| CN109656792A (en) | Applied performance analysis method, apparatus, computer equipment and storage medium based on network call log | |
| US11086991B2 (en) | Method and system for active risk control based on intelligent interaction | |
| CN109685336A (en) | Collection task distribution method, device, computer equipment and storage medium | |
| CN108777848A (en) | For intercept information and the method for determining intercept information | |
| CN111401447A (en) | Artificial intelligence-based flow cheating identification method and device and electronic equipment | |
| CN106055664A (en) | Method and system for filtering UGC (User Generated Content) spam based on user comments | |
| CN109327325A (en) | Multi-stage data acquisition and the evidences collection method of facing cloud platform Credibility Assessment | |
| CN110457601B (en) | Social account identification method and device, storage medium and electronic device | |
| CN110336791A (en) | A kind of breakpoint data transmission method, device, equipment and computer storage medium | |
| CN111681044A (en) | Method and device for processing point exchange cheating behaviors | |
| CN116645134A (en) | Method, device, equipment and medium for recommending credit card in stages | |
| CN110852338A (en) | User portrait construction method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190201 |
|
| RJ01 | Rejection of invention patent application after publication |