Disclosure of Invention
The application aims to provide a digital asset transaction anomaly monitoring method, device and system, which are used for solving the problems of low coin charging safety, malicious money laundering and the like in digital asset transaction in the prior art.
In a first aspect, the present application provides a method for monitoring digital asset transaction anomalies, applied to a server, the method comprising:
acquiring a coin charging request sent by a service end; the coin charging request comprises a coin charging address and a coin charging amount;
judging whether the coin charging request triggers an air control rule or not;
if the wind control rule is triggered, executing processing on the coin charging request;
judging whether the processed coin-charging request is of a FAST account-up type or not;
if yes, the safe billing is carried out according to the coin charging request.
Optionally, before the step of determining whether the coin charging request triggers the wind control rule, the method further includes:
judging whether the accumulated coin-charging amount reaches the upper account amount; the accumulated coin-charging amount is the sum of the coin-charging amounts of at least one coin-charging request sent by the same service end;
if the accumulated coin amount does not reach the upper account amount, the step of judging whether the coin charging request triggers the wind control rule is not executed.
Optionally, the determining whether the coin charging request triggers an air control rule includes:
extracting a corresponding actual value in the coin-charging request according to at least one wind control factor;
judging whether the actual value meets the range of the reference value or not;
and if the actual value extracted according to the wind control factor does not meet the reference value range, triggering a wind control rule.
Optionally, the wind control factor includes user identity information data, and the step of determining whether the actual value meets the reference value range includes:
invoking user identity information data contained in the coin-charging request as an actual value;
establishing a money laundering blacklist as a reference value range;
and inquiring whether data matched with the user identity information data exists in the money laundering blacklist.
Optionally, the wind control factor includes user coin-charging information data, and the step of judging whether the actual value meets the reference value range includes:
calling user coin charging information data contained in the coin charging request as an actual value;
calculating historical coin charging information data of the same user within a preset duration as a reference value range;
and judging whether the user coin charging information data falls into the historical coin charging information data range.
Optionally, the processing includes deferred posting and large-amount coin-in auditing, and the step of performing processing on the coin-in request includes:
when the processing is delayed billing, freezing the coin-charging request; after a preset delay time, releasing the freezing of the coin charging request;
when the processing is large-amount money filling auditing, acquiring an approval instruction of a user; if the approval instruction is passed, the processing is completed.
Optionally, the method further comprises:
if the coin charging request is not of the FAST billing type, counting the billing times of the service end;
and when the billing times reach the preset times, performing safe billing.
In a second aspect, the present application also provides a method for monitoring abnormal transactions of digital assets, applied to a service end, the method comprising:
acquiring a coin-charging order in the block chain, generating a coin-charging request according to the coin-charging order, and sending the coin-charging request to a server; the coin charging request comprises a coin charging address and a coin charging amount;
and correspondingly executing freezing or unfreezing operation on the coin filling request according to the processing result of the server.
In a third aspect, the present application further provides a device for monitoring abnormal transactions of digital assets, which is applied to a server, and the device includes:
the acquisition unit is used for acquiring the coin charging request sent by the service end; the coin charging request comprises a coin charging address and a coin charging amount;
the judging unit is used for judging whether the coin charging request triggers a wind control rule or not;
the processing unit is used for executing processing on the coin charging request when the wind control rule is triggered;
the judging unit is also used for judging whether the processed coin charging request is of a FAST account type or not;
the processing unit is also used for carrying out safe billing according to the coin charging request.
Optionally, the judging unit is further configured to judge whether the accumulated money amount reaches the payment amount; the accumulated coin-charging amount is the sum of the coin-charging amounts of at least one coin-charging request sent by the same service end.
Optionally, the judging unit includes:
the extraction subunit is used for extracting the corresponding actual value in the coin-charging request according to at least one wind control factor;
the judging and executing subunit is used for judging whether the actual value meets the range of the reference value; and if the actual value extracted according to the wind control factor does not meet the reference value range, triggering a wind control rule.
Optionally, the extracting subunit is further configured to invoke user identity information data included in the coin-charging request as an actual value;
the judging and executing subunit is further used for establishing a money laundering blacklist as a reference value range; and inquiring whether data matched with the user identity information data exists in the money laundering blacklist.
Optionally, the extracting subunit is further configured to call user coin charging information data included in the coin charging request as an actual value;
the judging and executing subunit is further used for calculating historical coin charging information data of the same user in a preset duration as a reference value range; and judging whether the user coin charging information data falls into the historical coin charging information data range.
Optionally, the processing unit includes:
a freezing and thawing subunit, configured to freeze the coin-charging request when processing is delayed for billing; after a preset delay time, releasing the freezing of the coin charging request;
the manual approval subunit is used for acquiring approval instructions of the user when the large amount of money is filled for auditing; if the approval instruction is passed, the processing is completed.
Optionally, the apparatus further includes:
the counting unit is used for counting the billing times of the business end when the coin charging request is not of the FAST billing type; and when the billing times reach the preset times, sending a safe billing instruction to the processing unit.
In a fourth aspect, the present application further provides a device for monitoring abnormal transactions of digital assets, which is applied to a service end, and the device includes:
the request generation unit is used for acquiring a coin-charging order in the block chain, generating a coin-charging request according to the coin-charging order and sending the coin-charging request to the server; the coin charging request comprises a coin charging address and a coin charging amount;
and the execution unit is used for correspondingly executing the freezing or unfreezing operation of the coin charging request according to the processing result of the server.
In a fifth aspect, the present application further provides a digital asset transaction anomaly monitoring system, including a server and a service end, where the server is configured with the method of the first aspect; the service end is configured with the method described in the second aspect.
The application provides a digital asset transaction anomaly monitoring method, device and system, which comprises the steps of obtaining a coin charging request sent by a service end; the coin charging request comprises a coin charging address and a coin charging amount; judging whether the coin charging request triggers an air control rule or not; if the wind control rule is triggered, executing processing on the coin charging request; judging whether the processed coin-charging request is of a FAST account-up type or not; if yes, the safe billing is carried out according to the coin charging request. According to the application, the wind control system is internally provided with a rule configuration, wind control factors are applied to collected data such as bill charging order data, bill charging source data, bill charging user relationship graph data, user basic data, user behavior data and the like to judge bill charging risks, and the system is used for timely responding to abnormal bill charging requests and executing corresponding processing, so that the transaction safety is ensured; meanwhile, the application can flexibly configure the established rules according to actual demands, thereby improving the applicability and the processing efficiency of processing the exception.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to FIG. 1, a flow chart of a method for monitoring digital asset transaction anomalies in accordance with the present application;
as can be seen from fig. 1, the present application provides a method for monitoring digital asset transaction anomalies, which is applied to a server, and the method comprises:
s100: acquiring a coin charging request sent by a service end;
in this embodiment, the service end refers to a terminal that can provide the user with direct current and subsequent operations, such as a wallet, where the user passes personal information verification at the service end, so that the service end can collect characteristics of the user that want to charge coins or trade in combination with the user information, and judge behaviors and characteristics of the user account security, money-washing characteristics, abnormal coin charging and the like, thereby ensuring higher security of the trading platform. The money-filling request, which should be considered as a set capable of containing all data that may express user information and user will, is not limited to include a money-filling address and a money-filling amount; wherein the coin-charging address represents user source information, and the coin-charging amount represents transaction destination information; in addition, the bill-charging request may include a user name, a transaction time record, information of the location of the IP, etc., which is not limited herein.
In general, before sending a coin-charging request, the service end needs to query a current user's historical coin-charging order, specifically, for example, whether a coin-charging order belonging to the address of the coin-charging address under the transaction platform exists in the blockchain can be queried by a wallet in a polling manner, and the user's past coin-charging behavior can be known from the query result so as to collect user data, so that the coin-charging request can also include related data of the historical coin-charging order.
S200: judging whether the coin charging request triggers an air control rule or not;
in the scheme provided by the embodiment, specific wind control rules are required to be set for judging the attribute of the coin charging request aiming at the coin charging request sent by the service end, specifically, the wind control engine in the wind control system (RC system) can be used for carrying out rule configuration, wind control factors are applied to calculate, analyze and judge the use behaviors, the coin charging and extracting behaviors and the like of the user, and corresponding disposal operation is triggered.
Specifically, as can be seen from fig. 2, in one possible embodiment, step S20 may be decomposed into:
s210: extracting a corresponding actual value in the coin-charging request according to at least one wind control factor; the wind control factor is formulated by a developer, and can be one or more of a money-filling source money-washing black address, a cumulative money-filling pen number of the same currency of the user, a current money-filling amount of the user/a current day money-filling amount average value of y% before the same currency, a cumulative money-filling amount of the same currency for nearly x% hours/a current day-average money-filling amount of the same currency, or the like, and when the wind control factor is multiple, a corresponding actual value needs to be extracted/calculated for each wind control factor. The actual value generally corresponds to the value corresponding to the information contained in the secondary coin request.
S220: judging whether the actual value meets the range of the reference value or not; in the present embodiment, whether the range of the reference value is satisfied includes a logical judgment of boolean (yes/no, Y/N), and also includes a judgment of whether it is greater than a certain minimum value, less than a certain maximum value, whether it is located between the two values, and so on. The reference value range generally corresponds to a value corresponding to information contained in the history of coin-feed requests.
S230: and if the actual value extracted according to the wind control factor does not meet the reference value range, triggering a wind control rule.
According to the judgment condition of S220, if the extracted actual value does not meet the reference value range, the abnormal condition exists in the coin-charging request, and the purpose of triggering the wind control rule is to execute corresponding processing on the current coin-charging request in time through the wind control means, so that the system safety performance is prevented from being reduced due to the abnormal condition.
Otherwise, if the extracted actual value meets the reference value range, which indicates that the abnormal condition does not exist in the coin-charging request, the subsequent operation steps of S400 and S500 can be directly executed without invoking the subsequent wind control mechanism.
Further, according to the difference in selection of the wind control factor, the step S200 may be decomposed in different forms, and in one embodiment shown in fig. 3, the wind control factor includes user identity information data, and then the step S200 may be decomposed into:
s211: invoking user identity information data contained in the coin-charging request as an actual value; the user identity information data can comprise information such as a money charging source address, a money charging user account number, a nickname and the like, and when judging whether a money charging request triggers a wind control rule or not, the information can be extracted for inquiry;
s221: establishing a money laundering blacklist as a reference value range; the money laundering blacklist comprises known money laundering account information, wherein the money laundering account information is not limited to information including account names, account addresses and the like, and the information is integrated to establish a money laundering blacklist and stored in a system in advance for providing a comparison reference database for a money filling request;
s231: inquiring whether data matched with the user identity information data exists in a money laundering blacklist or not; for example, if the account address, the account name, etc. same as those in the money filling request exist in the money laundering blacklist, a judgment result of triggering the air control rule can be obtained.
Also, in another embodiment shown in fig. 4, when the wind control factor includes user money charging information data, step S200 may be decomposed into:
s212: calling user coin charging information data contained in the coin charging request as an actual value; the user coin-charging information data is not limited to the coin-charging amount, the coin-charging times, the accumulated coin-charging times, the coin-charging currency and the like;
s222: calculating historical coin charging information data of the same user within a preset duration as a reference value range; the historical coin-charging information data are not limited to data including the accumulated coin-charging pen number of the same coin type of the user, the current coin-charging amount of the user/the average value of the current coin-charging amount of the same coin type, the accumulated coin-charging amount of the same coin type in the near x% hours/the current daily coin-charging amount of the same coin type in the near y% days and the like; the preset time length is selected to be days, hours or minutes according to different types of the historical coin charging information data;
s232: judging whether the user coin charging information data falls into the historical coin charging information data range;
in the present application, the wind control factor may be multiple of the above embodiments, that is, multiple factors are taken as the judgment basis together, and when one factor meets the triggering condition, the conclusion of triggering the wind control rule can be obtained.
Further, before step S200, the method further includes:
s150: judging whether the accumulated coin-charging amount reaches the upper account amount; the accumulated coin-charging amount is the sum of the coin-charging amounts of at least one coin-charging request sent by the same service end. The purpose of setting up the line of accounts for is that the increase of system load is caused to the asset account for a plurality of times too little to the amount, handles the request of filling coin that the amount is little in a plurality of times in a centralized way, is favorable to increasing processing efficiency, and correspondingly, also once only accomplish the judgement to the unusual condition, has improved unusual monitoring efficiency. When the accumulated coin-charging amount does not reach the upper account amount, the next step is not performed, and the next coin-charging request is waited for, so that the accumulated coin-charging amount is continuously accumulated, and the next step is performed when the accumulated coin-charging amount reaches the upper account amount.
According to the step S200, if the judgment result is that the wind control rule is triggered, the following steps are required to be continuously executed;
s300: executing processing on the coin charging request;
based on different abnormal levels and different types of coin-charging requests, various processing modes need to be adopted, wherein the processing modes mainly comprise delayed account-up and large-amount coin-charging auditing.
The delayed billing aims at a coin charging request with a low abnormal level, the time of delayed billing is set mainly through an internal timer, and the user is safely billed after the delayed billing time is reached, but the user is not billed immediately, wherein the set delayed billing time is required to be allocated, and the user cannot bill the coin charging amount (i.e. transaction or coin lifting operation) until the time is reached, or the state is automatically released by the user or manually released by the user; the above steps can be expressed as: when the processing is delayed billing, freezing the coin-charging request; and after a preset delay time, releasing the freezing of the coin charging request.
The large-amount coin-charging auditing mainly aims at coin-charging requests with larger amount and higher abnormal level, and auditing operation can be executed by related personnel by sending the content to be audited to a manual auditing system (MGT system) and inputting auditing results; once the processing mode is entered, any operation can not be executed by the service end to release the auditing process; the above steps can be expressed as: when the processing is large-amount money filling auditing, acquiring an approval instruction of a user; if the approval instruction is passed, the processing is completed.
In addition, the processing mode also comprises the steps of sending a marking instruction or a freezing instruction to the service end, and correspondingly executing marking operation or freezing operation by the service end according to the received instruction;
specifically, when a marking instruction is sent, the user sending the coin charging request is marked by the wind control system, but the marking is only to record the behavior of the user, and the transaction process is not influenced, which is equivalent to release operation;
when a freezing instruction is sent, the instruction comprises account freezing, coin extracting time limit freezing and the like, wherein the account freezing is that a user can normally account, but the account is frozen; the user can normally pay off the money when the money is lifted and frozen, but the money lifting operation cannot be performed; the user can normally pay off the money when the money is lifted up, but the money lifting operation can not be carried out in a limited time, and the money lifting operation can be normally carried out after waiting time is reached.
S400: judging whether the processed coin-charging request is of a FAST account-up type or not;
the billing types can be divided into two types of quick billing and safe billing, in the actual application scene, the user asset rollback is caused by the blockchain rollback, so that huge losses are easily caused to a transaction platform, and in order to solve the problems, the billing operation is performed by reasonably utilizing the two different billing types, so that the losses can be avoided as much as possible, and the user experience degree can be improved to the greatest extent; the FAST accounting type is a new accounting type preset by a developer, which is between two existing types and is equivalent to an intermediate state, so that a user can trade own virtual assets, but cannot execute coin-lifting operation. In the application, whether the coin charging request is of the FAST account type is judged, which is equivalent to the last stuck point operation before the safe account charging, and the quick account charging time zone block rollback probability is lower, the safe account charging is not influenced by the block rollback, whether the quick account charging times are reached can be judged through the confirmation times in the block chain, specifically, if the coin charging request is not of the FAST account type, the account charging times of the service end are counted; and when the billing times reach the preset times, performing safe billing.
S500: and carrying out safe billing according to the coin charging request.
In this embodiment, performing secure accounting may include several cases, firstly, when it is determined that the wind control rule is not triggered, and when the coin charging request is of the FAST accounting type, secure accounting may be directly performed; secondly, when the triggering wind control rule is judged, the safe billing can be carried out when the coin charging request after wind control processing is judged to be of the FAST billing type; and thirdly, when the triggering of the wind control rule is judged, judging that the money charging request after wind control processing is not of the FAST account type, and needing to wait for the account number to be reached and then safely account.
According to the technical scheme, the application provides a digital asset transaction anomaly monitoring method, which comprises the steps of obtaining a coin charging request sent by a service end; the coin charging request comprises a coin charging address and a coin charging amount; judging whether the coin charging request triggers an air control rule or not; if the wind control rule is triggered, executing processing on the coin charging request; judging whether the processed coin-charging request is of a FAST account-up type or not; if yes, the safe billing is carried out according to the coin charging request. According to the application, the wind control system is internally provided with a rule configuration, wind control factors are applied to collected data such as bill charging order data, bill charging source data, bill charging user relationship graph data, user basic data, user behavior data and the like to judge bill charging risks, and corresponding processing is performed on abnormal bill charging requests, so that the safety of transactions is ensured; meanwhile, the application can flexibly configure the established rules according to actual demands, thereby improving the applicability and the processing efficiency of processing the exception.
As can be seen from fig. 5, the present application also provides a method for monitoring digital asset transaction anomalies, which is applied to a business end, and the method comprises:
s800: acquiring a coin-charging order in the block chain, generating a coin-charging request according to the coin-charging order, and sending the coin-charging request to a server; the coin charging request comprises a coin charging address and a coin charging amount;
s900: according to the processing result of the server, correspondingly executing freezing or unfreezing operation on the coin charging request; it should be noted that, since the service end and the service end are always kept in a connection state in the whole transaction process, the service end can acquire state information in the current transaction or coin charging and extracting process in real time, for example, a judgment result in the execution method of the service end can be sent to the service end or displayed at the service end; when the user needs to defrost the frozen coin-feed request, it can be performed at the service end.
The technical solutions between the other embodiments and the server related to the method in this embodiment may be referred to the foregoing description, and will not be repeated here.
As can be seen from fig. 6, the present application further provides a digital asset transaction anomaly monitoring device corresponding to the method shown in fig. 1, comprising:
an obtaining unit 100, configured to obtain a coin charging request sent by a service end; the coin charging request comprises a coin charging address and a coin charging amount;
a judging unit 200, configured to judge whether the coin charging request triggers a wind control rule;
a processing unit 300, configured to perform processing on the coin charging request when the wind control rule is triggered;
the judging unit 200 is further configured to judge whether the processed coin-charging request is of a FAST accounting type;
the processing unit 300 is further configured to perform secure billing according to the coin-charging request.
Further, the judging unit 200 is further configured to judge whether the accumulated money amount reaches the payment amount; the accumulated coin-charging amount is the sum of the coin-charging amounts of at least one coin-charging request sent by the same service end.
Further, as can be seen from fig. 7, the judging unit 200 includes:
an extracting subunit 210, configured to extract, according to at least one wind control factor, a corresponding actual value in the coin-charging request;
a judgment execution subunit 220, configured to judge whether the actual value meets the reference value range; and if the actual value extracted according to the wind control factor does not meet the reference value range, triggering a wind control rule.
Further, in a feasible embodiment, the extracting subunit 210 is further configured to invoke the user identity information data included in the coin-charging request as an actual value;
the judging and executing subunit 220 is further configured to establish a money laundering blacklist as a reference value range; and inquiring whether data matched with the user identity information data exists in the money laundering blacklist.
Further, in another possible embodiment, the extracting subunit 210 is further configured to retrieve the user coin-charging information data included in the coin-charging request as an actual value;
the judging and executing subunit 220 is further configured to calculate historical coin charging information data of the same user within a preset duration, as a reference value range; and judging whether the user coin charging information data falls into the historical coin charging information data range.
Further, as can be seen from fig. 8, the processing unit 300 includes:
a freeze-thaw subunit 310 configured to freeze the coin-feed request when processing is delayed billing; after a preset delay time, releasing the freezing of the coin charging request;
a manual approval subunit 320, configured to obtain an approval instruction of the user when the large amount of money is approved; if the approval instruction is passed, the processing is completed.
Further, the device further comprises:
a statistics unit 400, configured to, when the coin charging request is not of the FAST accounting type, count the accounting times of the service end; and when the billing times reach the preset times, sending a safe billing instruction to the processing unit.
The functional roles of the structural units in executing the above method in this embodiment are described in the embodiment of the method shown in fig. 1, and are not described herein.
As can be seen from fig. 9, the present application also provides a digital asset transaction anomaly monitoring device corresponding to the method shown in fig. 5, comprising:
the request generating unit 800 is configured to obtain a coin-charging order in the blockchain, generate a coin-charging request according to the coin-charging order, and send the coin-charging request to the server; the coin charging request comprises a coin charging address and a coin charging amount;
and the execution unit 900 is configured to correspondingly execute the freezing or unfreezing operation on the coin charging request according to the processing result of the server.
The functional roles of the structural units in the embodiment when performing the above method are described in the embodiment of the method shown in fig. 5, and are not described herein.
The application also provides a digital asset transaction anomaly monitoring system, which comprises: the system comprises a service end and a service end, wherein the service end configures the method shown in the figure 1; the service side is configured with the method shown in fig. 5, and the functions and descriptions of the present system can be referred to the foregoing discussion, which is not repeated here.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.