CN110691082B - Risk event processing method and device - Google Patents

Risk event processing method and device Download PDF

Info

Publication number
CN110691082B
CN110691082B CN201910914839.9A CN201910914839A CN110691082B CN 110691082 B CN110691082 B CN 110691082B CN 201910914839 A CN201910914839 A CN 201910914839A CN 110691082 B CN110691082 B CN 110691082B
Authority
CN
China
Prior art keywords
event
risk
information
current
distribution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910914839.9A
Other languages
Chinese (zh)
Other versions
CN110691082A (en
Inventor
张超
朱通
孙传亮
赵华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN201910914839.9A priority Critical patent/CN110691082B/en
Publication of CN110691082A publication Critical patent/CN110691082A/en
Application granted granted Critical
Publication of CN110691082B publication Critical patent/CN110691082B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

One or more embodiments of the present specification disclose a method and an apparatus for processing a risk event, so as to realize intelligentization of risk prevention and control and improve accuracy of risk identification. The method comprises the following steps: acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event; determining an event distribution characteristic of each event on a preset dimension according to the first event information and the second event information; and determining whether the current event is a risk event or not according to the event distribution characteristics.

Description

Risk event processing method and device
Technical Field
The present disclosure relates to the field of communications, and in particular, to a method and an apparatus for processing a risk event.
Background
The junk account is an account which has strong interest tendency and group property and is registered in batches at low cost. The identification of common spam risks is mainly identified by two main risk features: 1. the aggregation and the grouping of account numbers in the registration link mainly comprise equipment aggregation, environment aggregation, mobile phone number segment aggregation and the like; 2. and (4) abnormal behavior characteristics of the account, such as red envelope pickup, online bank payment, precious entity expenditure and the like, which are completed within 1 minute of registration.
Identity authentication refers to that identity information of natural people, such as identity cards, passports and other document information, is illegally acquired by others and is maliciously used by others in a product flow needing authentication, and then various risk behaviors are generated. Similar to the prevention and control of the garbage registration, the identification of the identity misuse risk also mainly depends on the aggregation and the batch of the authentication links, such as equipment aggregation, environment aggregation, identity number segment aggregation, and the like.
Because most of the prevention and control objects are newly registered users, the mobile phone number and the certificate number are completely new and do not appear in the system, the collected information is less, the user behavior is single, and the good/bad user behavior characteristics are not obviously distinguished, so that certain error disturbance can be caused to common users while the prevention and control of garbage registration and the risk of identity misuse are avoided. Especially for big promotion activities such as Shuangele, Shuangtwelve, Xinchun red packet, five fortune activities, Taobao Laxin and the like, the registration amount and the authentication amount obviously rise in a short period, so that the aggregation degree of dimensions such as a mobile phone number section, a certificate number section, an inviter, a channel and the like is increased, if the strategy is not adjusted in time and pertinently, misjudgment of a wind control system is easily caused, normal users are mistakenly used as a garbage account and an imposition account to be punished, and thus the normal users are disturbed.
Taking the mobile phone number segment as an example, during member operation activities, such as twenty-two, new spring red envelope, college school season, etc., the registration amount of some mobile phone number segments (7 digits before the mobile phone number) will rise significantly compared with daily, and the rise can reach 5-10 times daily, even more. If risk identification is carried out from abnormal aggregation of mobile phone number sections, a lot of disturbance of normal users can be caused.
Disclosure of Invention
One or more embodiments of the present disclosure provide a method and an apparatus for processing a risk event, so as to achieve intelligentization of risk prevention and control and improve accuracy of risk identification.
To solve the above technical problem, one or more embodiments of the present specification are implemented as follows:
in one aspect, one or more embodiments of the present specification provide a method for processing a risk event, including:
acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
determining an event distribution characteristic of each event on a preset dimension according to the first event information and the second event information;
and determining whether the current event is a risk event or not according to the event distribution characteristics.
In another aspect, one or more embodiments of the present specification provide a risk event processing apparatus, including:
the acquisition module is used for acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
the first determining module is used for determining the event distribution characteristics of the events on the preset dimension according to the first event information and the second event information;
and the second determining module is used for determining whether the current event is a risk event according to the event distribution characteristics.
In yet another aspect, one or more embodiments of the present specification provide a risk event processing device, including:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
determining an event distribution characteristic of each event on a preset dimension according to the first event information and the second event information;
and determining whether the current event is a risk event or not according to the event distribution characteristics.
In yet another aspect, one or more embodiments of the present specification provide a storage medium storing computer-executable instructions that, when executed, implement the following:
acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
determining an event distribution characteristic of each event on a preset dimension according to the first event information and the second event information;
and determining whether the current event is a risk event or not according to the event distribution characteristics.
By adopting the technical scheme of one embodiment of the specification, the event distribution characteristics of each event on the preset dimension can be determined according to the time information (including the first event information of the current event and the second event information of a plurality of historical events) of each event occurring in the specified time period, and then whether the current event is a risk event or not can be determined according to the event distribution characteristics of each event on the preset dimension, so that the risk identification of the current event can depend on the event distribution characteristics of each event occurring in the specified time period, whether the event is a batch attack or not can be automatically measured to a certain extent, the identification capability and the intelligent level of the risk event (especially the batch attack) can be improved, and the user can be prevented from being disturbed under the condition of misjudgment of the risk event.
Drawings
In order to more clearly illustrate one or more embodiments or technical solutions in the prior art in the present specification, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in one or more embodiments of the present specification, and other drawings can be obtained by those skilled in the art without inventive exercise.
FIG. 1 is a schematic flow chart diagram of a method of processing a risk event in accordance with one embodiment of the present description;
FIG. 2 is a schematic flow chart diagram of a method for risk event processing in accordance with a specific embodiment of the present description;
FIG. 3 is a schematic block diagram of a risk event processing device according to one embodiment of the present description;
FIG. 4 is a schematic block diagram of a risk event processing device according to one embodiment of the present description.
Detailed Description
One or more embodiments of the present disclosure provide a method and an apparatus for processing a risk event, so as to achieve intelligentization of risk prevention and control and improve accuracy of risk identification.
In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from one or more of the embodiments described herein without making any inventive step shall fall within the scope of protection of this document.
One or more embodiments of the present disclosure provide a method for processing a risk event, which may be applied in a scenario of batch account registration or authentication. For example, if a large number of new user registration events occur in a certain time period, the wind control system may perform risk judgment on the large number of new user registration events occurring in the certain time period, that is, judge whether the large number of new user registration events are risk events or normal increase of registration amount caused by factors such as large promotion of activities. The following describes in detail the processing method of risk event provided by one or more embodiments of the present specification.
Fig. 1 is a schematic flow chart of a method for processing a risk event according to an embodiment of the present specification, as shown in fig. 1, the method including:
s102, acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information includes user information and/or device information for performing an event.
The designated time period can be selected as the latest time period, such as the latest week, the latest month, and the like, so that each event occurring in the designated time period can accurately provide a basis for the risk degree of the current event. For example, assuming that the specified time period is the last week, the historical time is other events occurring in the last week except the current event.
The user information may include information input during user registration or authentication, such as a mobile phone number, a certificate number, a name, a geographic location, a human biometric, and the like. The device information is information of a device used when a user registers or authenticates, such as a hardware MAC address of the device, a protocol IP address of interconnection between networks, positioning information, an operating system version, and the like.
And S104, determining the event distribution characteristics of each event on the preset dimension according to the first event information and the second event information.
The preset dimension may be any one or more dimensions involved in the user registration or authentication process, such as a registration channel, a registration time, a registration place, a registration type, a device model, an operating system version, and the like.
And S106, determining whether the current event is a risk event or not according to the event distribution characteristics.
In this embodiment, the event distribution characteristic may be any item of information capable of characterizing an event distribution situation, for example, the event distribution characteristic may be a distribution complexity of each event in each preset dimension, or may also be a distribution balance degree of each event in each preset dimension, and the like.
By adopting the technical scheme of one embodiment of the specification, the event distribution characteristics of each event on the preset dimension can be determined according to the time information (including the first event information of the current event and the second event information of a plurality of historical events) of each event occurring in the specified time period, and the risk degree of the current event can be further determined according to the event distribution characteristics of each event on the preset dimension, so that the risk identification of the current event can depend on the event distribution characteristics of each event occurring in the specified time period, whether the event is a batch attack or not can be automatically measured to a certain extent, the identification capability and the intelligent level of the risk event (especially the batch attack) can be improved, and the user can be prevented from being disturbed under the condition of misjudgment of the risk event.
In one embodiment, the preset dimension comprises a plurality; the event distribution characteristic is the distribution complexity of each event in each preset dimension. Based on the method, whether the current event is a risk event or not can be determined according to the distribution complexity of each event on each preset dimension; wherein the distribution complexity is inversely related to the probability that the current event belongs to a risk event.
In this embodiment, the more complicated the distribution of each event occurring in a given time period in each preset dimension, the more the types of different situations of the event occurring in the time period are, that is, the more "confusing" the event is, so the lower the probability that the current event belongs to a risk event is, that is, the lower the risk degree of the current event is. Conversely, the more regular the distribution of each event occurring in the specified time period in each preset dimension, the fewer the types of different situations of the event occurring in the time period, and therefore, the higher the probability that the current event belongs to the risk event, that is, the higher the risk degree of the current event.
In one embodiment, the complexity of the distribution of events in preset dimensions can be represented by information entropy. Thus, it may be determined whether the current event is a risk event according to steps A1-A3 as follows:
and A1, respectively calculating the information entropy of each event on each preset dimension according to the occurrence probability of each event on each preset dimension.
The preset dimension may be any one or more dimensions involved in the user registration or authentication process, such as a registration channel, a registration time, a registration place, a registration type, a device model, an operating system version, and the like.
And calculating the information entropy of each event on each preset dimension, namely the one-dimensional information entropy of each event on each preset dimension. Taking a mobile phone number segment as an example, assuming that the same number with the first 7 digits of the mobile phone number is registered in a large batch in the last week, when the risk degree of a large batch of registration events is judged, one-digit information entropy of the large batch of registration events in each preset dimension can be calculated firstly, for example, the information entropy of the large batch of registration events in the dimensions of a registration channel, registration time, registration place, registration type, equipment model, operating system version and the like is calculated respectively.
The information entropy h (x) is calculated as shown in the following formula (1):
H(X)=-∑x∈Xp(x)logap(x) (I)
in formula (1), X represents a set of events that occur, and X represents one of the events. p (x) represents the probability of occurrence of event x in the current dimension. a is the base number of the logarithmic function, and the value of a is not limited in this embodiment, but preferably, a is 2.
Still taking the above example of the mobile phone number segment as an example, assume that the information entropy h (x) of the mass registration events on the preset dimension "registration channel" is currently calculated. Firstly, the occurrence probability of each registration event in the large batch of registration events on a preset dimension 'registration channel' is calculated, and then the information entropy H (X) of the large batch of registration events on the preset dimension 'registration channel' can be calculated based on the formula (1).
The larger the information entropy in a certain preset dimension is, the more the types of different situations of each event occurring in the preset dimension are, that is, the more "chaotic" the event is, and therefore, the lower the probability that the current event belongs to a risk event is, that is, the lower the risk degree of the current event is. Conversely, the smaller the information entropy in a certain preset dimension is, the more regular the distribution of each event occurring in the specified time period in the preset dimension is, that is, the fewer the types of different situations occurring in the preset dimension of each event are, so that the higher the probability that the current event belongs to a risk event is, that is, the higher the risk degree of the current event is.
Step A2, determining the weight corresponding to each preset dimension; and carrying out weighted summation on the information entropy of each event on each preset dimension according to the weight to obtain the total information entropy of each event on the preset dimension.
In this step, the weight corresponding to each preset dimension can be determined according to the feature occurrence quantity of each event on each preset dimension; and the characteristic occurrence quantity is positively correlated with the weight corresponding to each preset dimension. That is, the more feature occurrence of each event in the preset dimension, the higher the weight corresponding to the preset dimension; conversely, the smaller the feature occurrence quantity of each event in the preset dimension, the lower the weight corresponding to the preset dimension.
The feature occurrence quantity of each event in the preset dimension refers to the feature occurrence type quantity of each event in the preset dimension. Assuming that the preset dimension is a registration place, since the registration place may include a plurality of places such as place 1, place 2, place 3, and … …, place n, the feature occurrence amount of each event on the "registration place" in the preset dimension is n.
Step A3, determining whether the current event is a risk event according to the total information entropy of each event on the preset dimension; the total information entropy is inversely related to the probability that the current event belongs to a risk event.
In this embodiment, the total information entropy of each event in the preset dimension represents the overall distribution condition of each event. If the information entropy in each preset dimension is smaller (or the information entropy in only individual dimension is higher), the total information entropy is smaller, which indicates that the risk degree of the current event is higher, and the probability that the current event belongs to the risk event is higher; on the contrary, if the information entropy in each preset dimension is larger (or only the information entropy in individual dimension is lower), the total information entropy is larger, which indicates that the risk degree of the current event is lower, and the probability that the current event belongs to the risk event is smaller.
In one embodiment, if the total information entropy is smaller than a first preset threshold, determining that the current event is a risk event; and if the total information entropy is greater than or equal to a second preset threshold value, determining that the current event is a safety event. The first preset threshold and the second preset threshold may be the same or different. The second preset threshold may be greater than or equal to the first preset threshold.
After determining whether the current event is a risk event according to the total information entropy, corresponding wind control operation can be executed on the current event. Specifically, if the current event is a risk event, performing risk management and control operation on the current event; and if the current event is a safety event, executing risk-free passing operation on the current event.
In the embodiment, the feature distribution situation of each dimension when the service is increased is identified through the information entropy, the complexity of the feature distribution is quantitatively described according to the weighting information entropy, and the risk degree of batch attack when the service is increased can be automatically measured to a certain degree. Therefore, the scheme can improve the recognition capability of the wind control system on the large promotion activities and the batch attacks, reduce the disturbance of strategies on normal users during the large promotion activities, and reduce the dependence of the wind control on the synchronization of external business activities; meanwhile, the dependence of the strategy on the manual work is reduced, the frequency and the range of manual adjustment are reduced, and the intelligent level of the wind control system is improved.
The following describes a method for processing a risk event according to the present description. In this specific embodiment, the risk event processing method is applied to a batch account registration scenario. For example, in a promotional activity of an online shopping mall, a large amount of new number registration events occur in the last week, and when a user registers a new number in the last week, the wind control system needs to perform risk judgment on the new number registration event of the user to judge the risk of the new number registration event of the user, that is, judge whether the new number registration event belongs to a normal registration event or a risk event caused by the promotional activity.
FIG. 2 is a schematic flow chart diagram of a method for risk event processing according to a specific embodiment of the present description. As shown in fig. 2, the method can be used in a wind control system, and includes:
s201, when a new number registration event of a user is received, acquiring event information of all registration events occurring in the last week.
The event information of all the registered events comprises first event information of a currently received registered new number event and second event information of historical registered events occurring in the last week. The event information includes user information and/or device information for performing an event. The user information may include information input during user registration or authentication, such as a mobile phone number, a certificate number, a name, a geographic location, a human biometric, and the like. The device information is information of a device used when a user registers or authenticates, such as a hardware MAC address of the device, a protocol IP address of interconnection between networks, positioning information, an operating system version, and the like.
S202, counting the occurrence probability of each registration event on each preset dimension.
The preset dimension may include a registration channel, registration time, a registration place, a registration type, a device model, an operating system version, and the like.
And S203, respectively calculating the information entropy of each registered event on each preset dimension according to the occurrence probability of each registered event on each preset dimension.
The information entropy is calculated as shown in the above formula (1). The formula (1) has been described in detail in the above embodiments, and is not described herein again.
For example, for registration events occurring in the last week, if numbers corresponding to the registration events are all registered through the same channel, the probability of occurrence of the registration events on the channel is 1, that is, p (x) is 1, logap (x) is 0, so the information entropy h (x) of the dimension of the registration channel is 0.
For another example, if the numbers corresponding to the registration events are distributed in 10 dimensions, and the distribution in each dimension is equal. Then for the dimension of the registration channel, the probability of occurrence of the registration event on the registration channel is 0.1, i.e. p (x) is 0.1. Assuming that the base number a in the above formula (1) is 2, log2p(x)=log20.1 ═ 3.3. The information entropy of the registration event on the registration channel is as follows: h (x) ═ Σx∈X0.1log20.1=3.3。
And S204, determining the weight corresponding to each preset dimension according to the characteristic occurrence quantity of each event on each preset dimension.
And the characteristic occurrence quantity is positively correlated with the weight corresponding to each preset dimension. That is, the more feature occurrence of each event in the preset dimension, the higher the weight corresponding to the preset dimension; conversely, the smaller the feature occurrence quantity of each event in the preset dimension, the lower the weight corresponding to the preset dimension.
The feature occurrence quantity of each event in the preset dimension refers to the feature occurrence type quantity of each event in the preset dimension. Assuming that the preset dimension is a registration place, since the registration place may include a plurality of places such as place 1, place 2, place 3, and … …, place n, the feature occurrence amount of each event on the "registration place" in the preset dimension is n.
And S205, performing weighted summation on the information entropy of each registered event in each preset dimension according to the weight corresponding to each preset dimension, so as to obtain the total information entropy of each registered event in each preset dimension.
Assume that the preset dimensions include dimension 1, dimension 2, and dimension … …, where the weight corresponding to dimension 1 is a1, the weight corresponding to dimension 2 is a2, and the weight corresponding to dimension … … is an. The total information entropy of each registration event in the preset dimension is as follows: dimension 1 × a1+ dimension 2 × a2+ … … dimension n.
And S206, judging whether the currently occurring registration new number event is a risk event or not according to the total information entropy of each registration event on the preset dimension. If yes, executing S207; if not, go to step S208.
The larger the total information entropy is, the smaller the probability that the currently occurring registration new number event belongs to the risk event is; on the contrary, the smaller the total information entropy is, the greater the probability that the currently occurring registration new number event belongs to the risk event is.
And S207, executing risk management and control operation on the currently occurring registration new number event.
And S208, performing risk-free passing operation on the currently occurring registration new number event.
By using the above example, if the information entropy h (x) of each registration event in the dimension of the registration channel is 0, it indicates that the probability that the currently occurring registration new event belongs to the risk event is relatively high, that is, a large batch of registration events occurring in the last week probably belong to a batch attack event. If the information entropy of each registration event on the registration channel is 3.3 obtained through calculation, it is indicated that the probability that the currently-occurring registration new number event belongs to the risk event is small, that is, a large number of registration events occurring in the last week probably belong to normal registration events caused by large-scale activities.
Based on the calculation result, whether the currently occurring registration new number event is a risk event can be further determined according to the total information entropy of each registration event on all preset dimensions. The larger the total information entropy is, the smaller the probability that the current registration new number event belongs to the risk event is, namely, the most probable normal registration event caused by the promotion activity is that a large number of registration events occurring in the last week probably belong to the normal registration event; on the contrary, the smaller the total information entropy is, the higher the probability that the currently occurring registration new number event belongs to the risk event is, that is, the batch registration event occurring in the last week is likely to belong to the batch attack event.
The embodiment can see that the feature distribution situation of each dimension is identified through the information entropy when the service is increased, the complexity of the feature distribution is quantitatively described according to the weighting information entropy, and the risk degree of batch attack when the service is increased can be automatically measured to a certain degree. Therefore, the scheme can improve the recognition capability of the wind control system on the large promotion activities and the batch attacks, reduce the disturbance of strategies on normal users during the large promotion activities, and reduce the dependence of the wind control on the synchronization of external business activities; meanwhile, the dependence of the strategy on the manual work is reduced, the frequency and the range of manual adjustment are reduced, and the intelligent level of the wind control system is improved.
In one embodiment, the preset dimensions include a plurality of preset dimensions, the event distribution characteristics are the distribution balance degree of each event in each preset dimension, and based on the distribution balance degree of each event in each preset dimension, whether the current event is a risk event or not can be determined; wherein the degree of distribution balance is inversely related to the probability that the current event belongs to a risk event.
In this embodiment, the more balanced the distribution of each event occurring in a given time period in each preset dimension, the fewer the types of different situations of the event occurring in the time period, and therefore, the higher the probability that the current event belongs to a risk event, that is, the higher the risk degree of the current event. Conversely, the more unbalanced the distribution of each event occurring in a given time period in each preset dimension, the more the types of different situations of the event occurring in the time period are, i.e. the more "confusing" the event is, and therefore, the lower the probability that the current event belongs to the risk event is, i.e. the lower the risk degree of the current event is.
In one embodiment, the degree of distribution balance may be characterized using a kini coefficient. Therefore, when determining the risk degree of the current event according to the distribution balance degree of each event in each preset dimension, the kini coefficient of each event in each preset dimension can be calculated respectively; and then determining whether the current event is a risk event according to the value of the kini coefficient.
The probability that the current event belongs to the risk event is the same as the probability that the current event belongs to the risk event, namely, the larger the value of the kini coefficient is, the smaller the probability that the current event belongs to the risk event is; the smaller the value of the kini coefficient, the greater the probability that the current event belongs to a risk event. The calculation method of the kini coefficient belongs to the prior art, and therefore, the description is omitted.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same idea, the method for processing the risk event provided in one or more embodiments of the present specification further provides a device for processing the risk event.
Fig. 3 is a schematic block diagram of a risk event processing device according to an embodiment of the present specification, and as shown in fig. 3, the risk event processing device 300 includes:
an obtaining module 310, configured to obtain event information of each event occurring within a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
the first determining module 320 determines an event distribution characteristic of each event in a preset dimension according to the first event information and the second event information;
the second determining module 330 determines whether the current event is a risk event according to the event distribution characteristics.
In one embodiment, the preset dimension comprises a plurality; the event distribution characteristics comprise the distribution complexity of each event on each preset dimension;
the second determination module 330 includes:
the first determining unit is used for determining whether the current event is a risk event or not according to the distribution complexity of each event on each preset dimension; the distribution complexity is inversely related to the risk level of the current event.
In one embodiment, the distribution complexity level comprises information entropy;
the first determining unit is used for respectively calculating the information entropy of each event on each preset dimension according to the occurrence probability of each event on each preset dimension; determining the weight corresponding to each preset dimension; carrying out weighted summation on the information entropy of each event on each preset dimension according to the weight to obtain the total information entropy of each event on the preset dimension; determining whether the current event is a risk event or not according to the total information entropy; the total information entropy is inversely related to the probability that the current event belongs to a risk event.
In one embodiment, the first determining unit determines the weight corresponding to each preset dimension according to the feature occurrence quantity of each event on each preset dimension; the feature occurrence quantity is positively correlated with the weight corresponding to each preset dimension.
In one embodiment, if the total information entropy is smaller than a first preset threshold, determining that the current event is a risk event; if the total information entropy is greater than or equal to a second preset threshold value, determining that the current event is a safety event;
the apparatus 300 further comprises:
the execution module is used for executing risk control operation on the current event if the current event is a risk event; and if the current event is a safety event, executing risk-free passing operation on the current event.
In one embodiment, the preset dimension comprises a plurality; the event distribution characteristics comprise the distribution balance degree of each event on each preset dimension;
the second determination module 330 includes:
the second determining unit is used for determining whether the current event is a risk event or not according to the distribution balance degree of each event on each preset dimension; the degree of distribution balance is inversely related to the probability that the current event belongs to a risk event.
In one embodiment, the degree of distribution balance includes a kini coefficient;
the second determining unit is used for respectively calculating the damping coefficient of each event on each preset dimension; determining whether the risk event is a risk event according to the value of the kini coefficient; the kini coefficient is inversely related to the probability that the current event belongs to a risk event.
By adopting the device of one embodiment of the specification, the event distribution characteristics of each event in the preset dimension can be determined according to the time information (including the first event information of the current event and the second event information of a plurality of historical events) of each event occurring in the specified time period, and then whether the current event is a risk event or not can be determined according to the event distribution characteristics of each event in the preset dimension, so that the risk identification of the current event can depend on the event distribution characteristics of each event occurring in the specified time period, whether the event is a batch attack or not can be automatically measured to a certain extent, the identification capability and the intelligent level of the risk event (especially the batch attack) can be improved, and the user can be prevented from being disturbed under the condition of misjudgment of the risk event.
It should be understood by those skilled in the art that the above-mentioned risk event processing apparatus can be used to implement the risk event processing method described above, and the detailed description thereof should be similar to the above-mentioned method, and is not repeated herein in order to avoid complexity.
Based on the same idea, one or more embodiments of the present specification further provide a risk event processing device, as shown in fig. 4. The risk event processing devices may vary significantly depending on configuration or performance, and may include one or more processors 401 and memory 402, where one or more stored applications or data may be stored in memory 402. Wherein memory 402 may be transient or persistent. The application program stored in memory 402 may include one or more modules (not shown), each of which may include a series of computer-executable instructions in a processing device for risk events. Still further, the processor 401 may be configured to communicate with the memory 402 to execute a series of computer-executable instructions in the memory 402 on a processing device for risk events. The risk event processing apparatus may also include one or more power supplies 403, one or more wired or wireless network interfaces 404, one or more input-output interfaces 405, and one or more keyboards 406.
In particular, in this embodiment, the risk event processing device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the risk event processing device, and the one or more programs configured to be executed by the one or more processors include computer-executable instructions for:
acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
determining an event distribution characteristic of each event on a preset dimension according to the first event information and the second event information;
and determining whether the current event is a risk event or not according to the event distribution characteristics.
Optionally, the preset dimension includes a plurality of dimensions; the event distribution characteristics comprise the distribution complexity of each event in each preset dimension;
the computer executable instructions, when executed, may further cause the processor to:
determining whether the current event is a risk event or not according to the distribution complexity of each event on each preset dimension; a negative correlation between the distribution complexity and the probability that the current event belongs to the risk event.
Optionally, the distribution complexity comprises an information entropy;
the computer executable instructions, when executed, may further cause the processor to:
respectively calculating the information entropy of each event on each preset dimension according to the occurrence probability of each event on each preset dimension;
determining the weight corresponding to each preset dimension; carrying out weighted summation on the information entropy of each event on each preset dimension according to the weight to obtain the total information entropy of each event on the preset dimension;
determining whether the current event is a risk event or not according to the total information entropy; the total entropy is inversely related to the probability that the current event belongs to the risk event.
Optionally, the computer executable instructions, when executed, may further cause the processor to:
determining the weight corresponding to each preset dimension according to the characteristic occurrence quantity of each event on each preset dimension; and the feature occurrence quantity is positively correlated with the weight corresponding to each preset dimension.
Optionally, the computer executable instructions, when executed, may further cause the processor to:
if the total information entropy is smaller than a first preset threshold value, determining that the current event is the risk event;
if the total information entropy is larger than or equal to a second preset threshold value, determining that the current event is a safety event;
after determining whether the current event is a risk event according to the total information entropy, if the current event is the risk event, executing a risk control operation on the current event;
and if the current event is the safety event, executing risk-free passing operation on the current event.
Optionally, the preset dimension includes a plurality of dimensions; the event distribution characteristics comprise the distribution balance degree of each event on each preset dimension;
the computer executable instructions, when executed, may further cause the processor to:
determining whether the current event is a risk event or not according to the distribution balance degree of each event on each preset dimension; the degree of distribution balance is inversely related to the probability that the current event belongs to the risk event.
Optionally, the degree of distribution balance comprises a kini coefficient;
the computer executable instructions, when executed, may further cause the processor to:
determining whether the current event is a risk event according to the value of the kini coefficient; the kini coefficient is inversely correlated with the probability that the current event belongs to the risk event.
One or more embodiments of the present specification also propose a computer-readable storage medium storing one or more programs, the one or more programs including instructions, which when executed by an electronic device including a plurality of application programs, enable the electronic device to perform the above-mentioned risk event processing method, and in particular to perform:
acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
determining an event distribution characteristic of each event on a preset dimension according to the first event information and the second event information;
and determining whether the current event is a risk event or not according to the event distribution characteristics.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
One skilled in the art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present specification are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only one or more embodiments of the present disclosure, and is not intended to limit the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of the present specification should be included in the scope of claims of one or more embodiments of the present specification.

Claims (16)

1. A method of risk event processing, comprising:
acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
determining an event distribution characteristic of each event on a preset dimension according to the first event information and the second event information;
determining whether the current event is a risk event or not according to the event distribution characteristics;
the event distribution characteristics comprise distribution complexity or distribution balance; the distribution complexity is expressed in information entropy; the distribution balance degree is expressed by a kini coefficient; determining an event distribution characteristic of each event on a preset dimension; determining whether the current event is a risk event according to the event distribution characteristics, including: determining the information entropy of each event on each preset dimension, and determining whether the current event is a risk event according to the information entropy; or determining a kini coefficient of each event on each preset dimension, and determining whether the current event is a risk event according to the kini coefficient.
2. The method of claim 1, the preset dimension comprising a plurality; the event distribution characteristics comprise the distribution complexity of each event in each preset dimension;
determining whether the current event is a risk event according to the event distribution characteristics includes:
determining whether the current event is a risk event or not according to the distribution complexity of each event on each preset dimension; a negative correlation between the distribution complexity and the probability that the current event belongs to the risk event.
3. The method of claim 2, the distribution complexity level comprising an information entropy;
determining whether the current event is a risk event according to the distribution complexity of each event in each preset dimension, including:
respectively calculating the information entropy of each event on each preset dimension according to the occurrence probability of each event on each preset dimension;
determining the weight corresponding to each preset dimension; carrying out weighted summation on the information entropy of each event on each preset dimension according to the weight to obtain the total information entropy of each event on the preset dimension;
determining whether the current event is a risk event or not according to the total information entropy; the total entropy is inversely related to the probability that the current event belongs to the risk event.
4. The method of claim 3, wherein the determining the weight corresponding to each of the preset dimensions respectively comprises:
determining the weight corresponding to each preset dimension according to the characteristic occurrence quantity of each event on each preset dimension; and the feature occurrence quantity is positively correlated with the weight corresponding to each preset dimension.
5. The method of claim 3, the determining whether the current event is a risk event according to the total entropy, comprising:
if the total information entropy is smaller than a first preset threshold value, determining that the current event is the risk event;
if the total information entropy is larger than or equal to a second preset threshold value, determining that the current event is a safety event;
after determining whether the current event is a risk event according to the total information entropy, the method further includes:
if the current event is the risk event, executing risk control operation on the current event;
and if the current event is the safety event, executing risk-free passing operation on the current event.
6. The method of claim 1, the preset dimension comprising a plurality; the event distribution characteristics comprise the distribution balance degree of each event on each preset dimension;
determining whether the current event is a risk event according to the event distribution characteristics includes:
determining whether the current event is a risk event or not according to the distribution balance degree of each event on each preset dimension; the degree of distribution balance is inversely related to the probability that the current event belongs to the risk event.
7. The method of claim 6, the degree of distribution balance comprising a kini coefficient;
determining whether the current event is a risk event according to the distribution balance degree of each event in each preset dimension, including:
respectively calculating the kiney coefficient of each event on each preset dimension;
determining whether the current event is a risk event according to the value of the kini coefficient; the kini coefficient is inversely correlated with the probability that the current event belongs to the risk event.
8. A risk event processing apparatus, comprising:
the acquisition module is used for acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
the first determining module is used for determining the event distribution characteristics of the events on the preset dimension according to the first event information and the second event information;
the second determining module is used for determining whether the current event is a risk event or not according to the event distribution characteristics;
the event distribution characteristics comprise distribution complexity or distribution balance; the distribution complexity is expressed in information entropy; the distribution balance degree is expressed by a kini coefficient; determining an event distribution characteristic of each event on a preset dimension; determining whether the current event is a risk event according to the event distribution characteristics, including: determining the information entropy of each event on each preset dimension, and determining whether the current event is a risk event according to the information entropy; or determining a kini coefficient of each event on each preset dimension, and determining whether the current event is a risk event according to the kini coefficient.
9. The apparatus of claim 8, the preset dimension comprising a plurality; the event distribution characteristics comprise the distribution complexity of each event in each preset dimension;
the second determining module includes:
the first determining unit is used for determining whether the current event is a risk event or not according to the distribution complexity of each event on each preset dimension; the distribution complexity level is inversely related to the risk level of the current event.
10. The apparatus of claim 9, the distribution complexity level comprising an information entropy;
the first determining unit is used for respectively calculating the information entropy of each event on each preset dimension according to the occurrence probability of each event on each preset dimension; determining the weight corresponding to each preset dimension; carrying out weighted summation on the information entropy of each event on each preset dimension according to the weight to obtain the total information entropy of each event on the preset dimension; determining whether the current event is a risk event or not according to the total information entropy; the total entropy is inversely related to the probability that the current event belongs to the risk event.
11. The apparatus according to claim 10, wherein the first determining unit determines, according to feature occurrence amounts of the events in the preset dimensions, weights respectively corresponding to the preset dimensions; and the feature occurrence quantity is positively correlated with the weight corresponding to each preset dimension.
12. The apparatus according to claim 10, wherein the first determining unit determines that the current event is the risk event if the total entropy is smaller than a first preset threshold; if the total information entropy is larger than or equal to a second preset threshold value, determining that the current event is a safety event;
the device further comprises:
the execution module is used for executing risk control operation on the current event if the current event is the risk event; and if the current event is the safety event, executing risk-free passing operation on the current event.
13. The apparatus of claim 8, the preset dimension comprising a plurality; the event distribution characteristics comprise the distribution balance degree of each event on each preset dimension;
the second determining module includes:
the second determining unit is used for determining whether the current event is a risk event or not according to the distribution balance degree of each event on each preset dimension; the degree of distribution balance is inversely related to the probability that the current event belongs to the risk event.
14. The apparatus of claim 13, the degree of distribution balance comprising a kini coefficient;
the second determining unit is used for respectively calculating the kini coefficient of each event on each preset dimension; determining whether the event is a risk event according to the value of the kini coefficient; the kini coefficient is inversely correlated with the probability that the current event belongs to the risk event.
15. A risk event processing device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
determining an event distribution characteristic of each event on a preset dimension according to the first event information and the second event information;
determining whether the current event is a risk event or not according to the event distribution characteristics;
the event distribution characteristics comprise distribution complexity or distribution balance; the distribution complexity is expressed in information entropy; the distribution balance degree is expressed by a kini coefficient; determining an event distribution characteristic of each event on a preset dimension; determining whether the current event is a risk event according to the event distribution characteristics, including: determining the information entropy of each event on each preset dimension, and determining whether the current event is a risk event according to the information entropy; or determining a kini coefficient of each event on each preset dimension, and determining whether the current event is a risk event according to the kini coefficient.
16. A storage medium storing computer-executable instructions that, when executed, implement the following:
acquiring event information of each event occurring in a specified time period; the event information of each event comprises first event information of a current event and second event information of a plurality of historical events; the event information comprises user information and/or equipment information for executing the event;
determining an event distribution characteristic of each event on a preset dimension according to the first event information and the second event information;
determining whether the current event is a risk event or not according to the event distribution characteristics;
the event distribution characteristics comprise distribution complexity or distribution balance; the distribution complexity is expressed in information entropy; the distribution balance degree is expressed by a kini coefficient; determining an event distribution characteristic of each event on a preset dimension; determining whether the current event is a risk event according to the event distribution characteristics, including: determining the information entropy of each event on each preset dimension, and determining whether the current event is a risk event according to the information entropy; or determining a kini coefficient of each event on each preset dimension, and determining whether the current event is a risk event according to the kini coefficient.
CN201910914839.9A 2019-09-26 2019-09-26 Risk event processing method and device Active CN110691082B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910914839.9A CN110691082B (en) 2019-09-26 2019-09-26 Risk event processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910914839.9A CN110691082B (en) 2019-09-26 2019-09-26 Risk event processing method and device

Publications (2)

Publication Number Publication Date
CN110691082A CN110691082A (en) 2020-01-14
CN110691082B true CN110691082B (en) 2021-12-28

Family

ID=69110239

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910914839.9A Active CN110691082B (en) 2019-09-26 2019-09-26 Risk event processing method and device

Country Status (1)

Country Link
CN (1) CN110691082B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111447221B (en) * 2020-03-26 2022-07-19 支付宝(杭州)信息技术有限公司 Method and system for verifying identity using biometrics
CN111641596B (en) * 2020-05-11 2021-08-20 湖南大学 Power network information physical potential safety hazard assessment method and system and power system
CN112231354A (en) * 2020-10-16 2021-01-15 蜂助手股份有限公司 Program batch bill-swiping identification method and device, storage medium and server
CN112418728B (en) * 2020-12-11 2023-06-30 中国华能集团有限公司 Potential safety hazard correction method and device
CN113641970B (en) * 2021-08-16 2022-08-26 深圳竹云科技有限公司 Risk detection method and device and computing equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106611314A (en) * 2015-10-27 2017-05-03 阿里巴巴集团控股有限公司 Risk identification method and device
CN108270759A (en) * 2017-01-03 2018-07-10 娄奥林 A kind of method for detecting account number authenticity and validity
CN109697340A (en) * 2017-10-20 2019-04-30 中国移动通信集团浙江有限公司 A kind of auth method and device
CN110032857A (en) * 2019-02-19 2019-07-19 阿里巴巴集团控股有限公司 The registration of account, the recognition methods of credible equipment and device
CN110233831A (en) * 2019-05-21 2019-09-13 深圳壹账通智能科技有限公司 The detection method and device of malicious registration

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9596253B2 (en) * 2014-10-30 2017-03-14 Splunk Inc. Capture triggers for capturing network data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106611314A (en) * 2015-10-27 2017-05-03 阿里巴巴集团控股有限公司 Risk identification method and device
CN108270759A (en) * 2017-01-03 2018-07-10 娄奥林 A kind of method for detecting account number authenticity and validity
CN109697340A (en) * 2017-10-20 2019-04-30 中国移动通信集团浙江有限公司 A kind of auth method and device
CN110032857A (en) * 2019-02-19 2019-07-19 阿里巴巴集团控股有限公司 The registration of account, the recognition methods of credible equipment and device
CN110233831A (en) * 2019-05-21 2019-09-13 深圳壹账通智能科技有限公司 The detection method and device of malicious registration

Also Published As

Publication number Publication date
CN110691082A (en) 2020-01-14

Similar Documents

Publication Publication Date Title
CN110691082B (en) Risk event processing method and device
CN107563429B (en) Method and device for classifying network user groups
CN110768912B (en) API gateway current limiting method and device
CN108665143B (en) Wind control model evaluation method and device
CN109543373B (en) Information identification method and device based on user behaviors
CN107169499B (en) Risk identification method and device
CN108833453B (en) Method and device for determining application account
CN111339436B (en) Data identification method, device, equipment and readable storage medium
CN109086317B (en) Risk control method and related device
CN107451854B (en) Method and device for determining user type and electronic equipment
CN111310784B (en) Resource data processing method and device
CN110020025B (en) Data processing method and device
CN107018115B (en) Account processing method and device
CN110648180B (en) Method and device for adjusting delivery channel and electronic equipment
CN108449378B (en) Information pushing method, device and equipment
EP3136307A1 (en) Method and device for security assessment
CN106161824B (en) Method and device for determining liveness of communication number
CN111542043B (en) Method and device for identifying service request for changing mobile phone number
CN110008687B (en) Risk application processing method and apparatus
CN109948038B (en) Question pushing method and device
CN110278241B (en) Registration request processing method and device
CN113962276B (en) Abnormal information determination method and device, electronic equipment and storage medium
CN110659466B (en) Method and device for processing encryption behavior
CN111931797B (en) Method, device and equipment for identifying network to which service belongs
CN105718767B (en) information processing method and device based on risk identification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant