CN111641594B - Method, system, medium and device for detecting fraudulent user based on page behavior - Google Patents

Method, system, medium and device for detecting fraudulent user based on page behavior Download PDF

Info

Publication number
CN111641594B
CN111641594B CN202010388823.1A CN202010388823A CN111641594B CN 111641594 B CN111641594 B CN 111641594B CN 202010388823 A CN202010388823 A CN 202010388823A CN 111641594 B CN111641594 B CN 111641594B
Authority
CN
China
Prior art keywords
user
behavior
page
fraudulent
comprehensive evaluation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010388823.1A
Other languages
Chinese (zh)
Other versions
CN111641594A (en
Inventor
蒋昌俊
丁志军
章昭辉
闫春钢
李震川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongji University
Original Assignee
Tongji University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongji University filed Critical Tongji University
Priority to CN202010388823.1A priority Critical patent/CN111641594B/en
Publication of CN111641594A publication Critical patent/CN111641594A/en
Application granted granted Critical
Publication of CN111641594B publication Critical patent/CN111641594B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a method, a system, a medium and equipment for detecting a fraudulent user based on page behaviors, wherein the method for detecting the fraudulent user based on the page behaviors comprises the following steps: performing feature extraction on event data generated by a user on different pages to obtain page behavior feature vectors; performing behavior analysis on the page behavior feature vectors through a page behavior detection model; and comprehensively evaluating the results of the behavior analysis in the multiple pages, and detecting abnormal user behaviors according to the comprehensive evaluation results to detect the fraudulent users corresponding to the abnormal user behaviors. According to the invention, through comprehensive evaluation of the abnormal user behavior conditions on a plurality of pages, the possibility of misjudgment of the fraudulent user is reduced, and the reliability of the fraudulent user detection method is improved.

Description

Method, system, medium and device for detecting fraudulent user based on page behavior
Technical Field
The invention relates to the technical field of fraud detection, in particular to a fraud detection method, a system, a medium and equipment based on page behaviors.
Background
With the vigorous development of the internet finance industry, more and more internet finance companies provide diversified and convenient credit services to meet the daily life consumption needs of people. Meanwhile, the grey black practitioner cheats more and more about credit services launched by the internet financial company, huge economic loss is brought to the internet financial company, and the development of the internet financial industry is seriously influenced. Therefore, under the condition that the problem is increasingly serious, how to effectively identify the credit cheating user, especially when the cheating party applies for the loan, the method can accurately identify the credit cheating user, and becomes a hot topic to be solved urgently in the society of the present time.
At present, a credit auditing method based on voiceprint has been proposed in the prior art, which collects voice data of a user during a credit auditing session and acquires a risk level condition of a current client; and then selecting one or more combinations of a voiceprint anti-fraud strategy, a voice anti-fraud strategy, a light voice anti-fraud strategy, a background voice anti-fraud strategy and a voice emotion anti-fraud strategy according to the risk level condition of the user to execute anti-fraud operation and obtain the anti-fraud recognition result of the current client. The invention does reduce the risk of credit application fraud to some extent, but still has certain limitations. The credit application risk detection mode in the invention is limited to voice-related analysis, is not practical for a loan application scene which cannot acquire voice data, and limits the application of a model method. In addition, fraud detection is also provided for the customer by using the relational graph network structure, the label features and the statistical feature vectors. More specifically, the method determines a customer statistical feature vector and a customer relationship map from the obtained credit customer data; converting the node sequence in the customer relationship graph into a node label sequence through the state label data corresponding to the obtained credit customer data; then, converting the node label sequence into a characteristic vector corresponding to the customer relation map through a skip-gram algorithm; and training the initial model according to the statistical feature vector and the feature vector of the customer relation map until the training iteration number meets a preset iteration number threshold value to obtain a credit fraud detection model. Although the method can better identify the fraud risk of the credit customer so as to provide better protection for the property of the credit customer, sufficient customer relationship data needs to be acquired, otherwise, the model performance is reduced because a perfect customer relationship network cannot be constructed, and in addition, the calculation of the customer relationship network needs more calculation resources, so that the cost is huge. Under the internet era, more and more services are acquired at mobile terminals, and a great part of credit business of internet financial companies is applied through mobile phone APP. Various information can be filled in according to requirements in the credit application process of a user, and the credit fraud can be accurately identified by fully mining the behavior habit of the user applying for the loan to distinguish normal users from fraud in consideration of certain difference of behavior habits of each person.
Therefore, how to provide a method, a system, a medium and a device for detecting a fraudulent user based on page behavior to solve the defects that the prior art cannot provide a detection method for a fraudulent user with better universality and higher reliability, and the like, becomes a technical problem to be solved by the technical staff in the field.
Disclosure of Invention
In view of the above drawbacks of the prior art, an object of the present invention is to provide a method, a system, a medium, and a device for detecting a fraudulent user based on page behavior, so as to solve the problem that the prior art cannot provide a detection method for a fraudulent user with good versatility and high reliability.
In order to achieve the above and other related objects, an aspect of the present invention provides a method for detecting fraudulent users based on page behavior, where the method for detecting fraudulent users based on page behavior includes: performing feature extraction on event data generated by a user on different pages to obtain page behavior feature vectors; performing behavior analysis on the page behavior feature vectors through a page behavior detection model; and comprehensively evaluating the results of the behavior analysis in the multiple pages, and detecting abnormal user behaviors according to the comprehensive evaluation results to detect the fraudulent users corresponding to the abnormal user behaviors.
In an embodiment of the present invention, the step of performing feature extraction on event data generated by a user on different pages to obtain a page behavior feature vector includes: extracting the statistical value of the stay time of the user on different pages; extracting statistics of time for filling contents on different pages by a user; and extracting the number of times of modification of the content filled in on different pages by the user.
In an embodiment of the present invention, the step of performing behavior analysis on the plurality of page behavior feature vectors by using a page behavior detection model includes: pre-training the page behavior detection model according to event data of historical users; and inputting the page behavior feature vector corresponding to the current user into the page behavior detection model to calculate the degree of abnormality, and respectively determining the degree of abnormality corresponding to the current user in a plurality of pages.
In an embodiment of the present invention, the step of training the page behavior detection model in advance according to event data of a historical user includes: and pre-training a Gaussian mixture model according to the event data of the historical user, and taking the Gaussian mixture model as the page behavior detection model.
In an embodiment of the present invention, the step of performing comprehensive evaluation on the results of behavior analysis in the multiple pages, and performing user behavior anomaly detection according to the results of the comprehensive evaluation to detect a fraudulent user corresponding to the anomalous user behavior includes: if the result of the behavior analysis in any page exceeds a preset threshold value of the corresponding page, judging that the user is a fraudulent user; or endowing different weight values to the behavior analysis results in the multiple pages to obtain a comprehensive evaluation value, and judging the fraudulent user according to the comprehensive evaluation value.
In an embodiment of the present invention, the step of determining the fraudulent user according to the comprehensive evaluation value includes: comparing the comprehensive evaluation value with a preset comprehensive threshold value; if the comprehensive evaluation value exceeds the preset comprehensive threshold value, judging that the user is a fraudulent user; and if the comprehensive evaluation value does not exceed the preset comprehensive threshold value, judging that the user is a non-fraudulent user.
In an embodiment of the present invention, the page behavior detection model is a loan application page behavior detection model: and comprehensively evaluating the results of the behavior analysis in the plurality of loan operation pages, and detecting the abnormal behavior of the user according to the comprehensive evaluation results to detect a loan application fraud user corresponding to the abnormal user behavior.
Another aspect of the present invention provides a system for detecting fraudulent users based on page behavior, including: the characteristic extraction module is used for extracting characteristics of event data generated by users on different pages to obtain page behavior characteristic vectors; the behavior analysis module is used for carrying out behavior analysis on the page behavior feature vectors through a page behavior detection model; and the fraud detection module is used for comprehensively evaluating the results of the behavior analysis in the multiple pages and detecting the abnormal user behavior according to the comprehensive evaluation results so as to detect the fraud user corresponding to the abnormal user behavior.
Yet another aspect of the present invention provides a medium having stored thereon a computer program that, when executed by a processor, implements the page behavior based fraudulent user detection method.
A final aspect of the invention provides an apparatus comprising: a processor and a memory; the memory is configured to store a computer program, and the processor is configured to execute the computer program stored in the memory to cause the apparatus to perform the page behavior-based fraud user detection method.
As described above, the fraudulent user detection method, system, medium and apparatus based on page behavior according to the present invention have the following advantages:
according to the method, the relevant operation process characteristics of the user are extracted from the log event data of the user through characteristic extraction, and the complex operation log data are converted into the behavior characteristic vector of the user on the page. The behavior characteristic vector of the user applying for loan on the key page is analyzed in detail to obtain the decision of abnormal behavior, so that the reliability of detection of the fraudulent user is improved.
Drawings
FIG. 1 is a schematic flow chart illustrating a page behavior-based fraud user detection method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating feature extraction in an embodiment of the fraudulent user detection method based on page behavior according to the present invention.
FIG. 3 is a flow chart of behavior analysis of the method for detecting fraudulent users based on page behavior according to an embodiment of the present invention.
FIG. 4 is a schematic diagram illustrating a comprehensive evaluation of the page behavior-based fraud user detection method according to an embodiment of the present invention.
FIG. 5 is a flowchart illustrating the comprehensive evaluation of the page behavior-based fraud user detection method according to an embodiment of the present invention.
FIG. 6 is a schematic diagram illustrating the structure of a fraudulent user detection system based on page behavior according to an embodiment of the present invention.
FIG. 7 is a schematic diagram illustrating the structural connection of the fraudulent user detection equipment based on page behavior according to an embodiment of the present invention.
Description of the element reference numerals
6 fraudulent user detection system based on page behavior
61 feature extraction module
62 behavior analysis module
63 fraud detection module
S11-S13
S111 to S113
S121 to S122
S131 to S132 steps
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
The invention provides a fraud user detection method based on page behaviors, which extracts relevant operation flow characteristics of a user from log event data of the user through characteristic extraction and converts complex operation log data into behavior characteristic vectors of the user on a page. The behavior characteristic vector of the user applying for loan on the key page is analyzed in detail to obtain the decision of abnormal behavior, so that the reliability of detection of the fraudulent user is improved.
The principle and implementation of the method, system, medium and apparatus for detecting fraudulent users based on page behaviors according to this embodiment will be described in detail below with reference to fig. 1 to 7, so that those skilled in the art can understand the method, system, medium and apparatus for detecting fraudulent users based on page behaviors without creative work.
Referring to fig. 1, a schematic flow chart of a page behavior based fraud user detection method according to an embodiment of the invention is shown. The page behavior-based fraud user detection method is applied to scenes such as financial or fund transaction fraud and the like, for example, loan platform fraud or shopping platform fraud, by using vulnerabilities of a transaction system after a user acquires a drive type operation course. As shown in fig. 1, the method for detecting a fraudulent user based on page behavior specifically includes the following steps:
and S11, performing feature extraction on event data generated by the user on different pages to obtain page behavior feature vectors.
Specifically, event data formed by behavior logs of the user are integrated and combed, and features capable of describing user behaviors are extracted from the event data to form feature vectors. The specific characteristics are different from page to page, and mainly include statistics (maximum, minimum, mode, mean, etc.) related to the stay time of the user on the page, statistics of the time used for filling the content on the page, the number of times of modifying the content filled by the user, and the like. For example, if the user stays on the page for a short time when loan application information is filled in, the information is quickly filled in, the number of modifications is small, or an abnormality occurs in the face recognition interface, the user is considered to be a fraudulent user with a high possibility.
Please refer to fig. 2, which is a flowchart illustrating a feature extraction process of the fraudulent user detection method based on page behavior according to an embodiment of the present invention. As shown in fig. 2, S11 includes:
and S111, extracting the statistical value of the stay time of the user on different pages.
Specifically, when the user fills out information, the stay time on the page is short, and the user is considered to have an abnormality.
And S112, extracting the statistic value of the time for the user to fill in the content on different pages.
Specifically, when a user fills in information, it is assumed that the user may have an abnormality if the time taken when the page fills in the content is short. If the filled information is filled in seconds, the user is extremely strong in purpose, the information is prepared early, and the operation is skilled.
And S113, extracting the number of times of modifying the content filled in on different pages by the user.
Specifically, when a user fills in information, the information is not modified in the page, and the user is considered to have an exception.
And S12, performing behavior analysis on the page behavior feature vectors through a page behavior detection model.
Please refer to fig. 3, which is a flowchart illustrating a behavior analysis of the method for detecting fraudulent users based on page behavior according to an embodiment of the present invention. As shown in fig. 3, S12 includes:
and S121, pre-training the page behavior detection model according to the event data of the historical user.
In this embodiment, a gaussian mixture model is trained in advance according to event data of a historical user, and the gaussian mixture model is used as the page behavior detection model. The method is based on an unsupervised Gaussian mixture model, and can be applied to the situation without data labels, particularly the situation that credit business is just started to be launched. Therefore, by comprehensively evaluating the abnormal conditions of the user behaviors on a plurality of pages, the possibility of misjudgment of the fraudulent user is reduced, and the reliability of detection of the fraudulent user is improved.
It should be noted that the gaussian mixture model is only an embodiment of the present invention, and other training models capable of performing page detection are also within the scope of the present invention.
And S122, inputting the page behavior feature vector corresponding to the current user into the page behavior detection model to calculate the degree of abnormality, and respectively determining the degree of abnormality corresponding to a plurality of pages of the current user.
And S13, comprehensively evaluating the results of the behavior analysis in the multiple pages, and detecting abnormal user behaviors according to the results of the comprehensive evaluation to detect the fraudulent user corresponding to the abnormal user behaviors.
Please refer to fig. 4, which is a schematic diagram illustrating a comprehensive evaluation of the page behavior-based fraud user detection method according to an embodiment of the present invention. As shown in fig. 4, model training is performed by using behavior data of the existing loan application user on the corresponding page, so as to obtain a page anomaly detection model (i.e., a page behavior detection model). And then inputting the behavior characteristics of the user on the key page, namely the key page 1 and the key page 2 …, namely the key page m, into a page abnormality detection model for calculating the abnormality degree in online running. And after the anomaly values of the user on each key page are obtained, carrying out comprehensive evaluation.
Please refer to fig. 5, which is a flowchart illustrating a comprehensive evaluation of the page behavior-based fraud user detection method according to an embodiment of the present invention. As shown in fig. 5, S13 includes:
s131, if the result of the behavior analysis in any page exceeds the preset threshold value of the corresponding page, the user is judged to be a fraudulent user.
S132, endowing different weighted values to the behavior analysis results in the multiple pages to obtain a comprehensive evaluation value, and judging a fraudulent user according to the comprehensive evaluation value.
Specifically, the comprehensive evaluation value is compared with a preset comprehensive threshold value; if the comprehensive evaluation value exceeds the preset comprehensive threshold value, judging that the user is a fraudulent user; and if the comprehensive evaluation value does not exceed the preset comprehensive threshold value, judging that the user is a non-fraudulent user.
When the page behavior-based fraud user detection method is applied to a detection scene of a loan application fraud user, comprehensive evaluation is carried out on results of behavior analysis in a plurality of loan operation pages, and user behavior abnormity detection is carried out according to the comprehensive evaluation results so as to detect the loan application fraud user corresponding to abnormal user behavior.
The present embodiments provide a computer storage medium having stored thereon a computer program that, when executed by a processor, implements the page behavior based fraudulent user detection method.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the above method embodiments may be performed by hardware associated with a computer program. The aforementioned computer program may be stored in a computer readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned computer-readable storage media comprise: various computer storage media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The protection scope of the fraudulent user detection method based on page behavior is not limited to the execution sequence of the steps listed in this embodiment, and all the schemes of adding, subtracting and replacing steps in the prior art according to the principle of the present invention are included in the protection scope of the present invention.
The page behavior-based fraudulent user detection system provided by the present embodiment will be described in detail below with reference to the drawings. It should be noted that the division of the modules of the following system is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity or may be physically separated. And the modules can be realized in a form that all software is called by the processing element, or in a form that all the modules are realized in a form that all the modules are called by the processing element, or in a form that part of the modules are called by the hardware. For example: a module may be a separate processing element, or may be integrated into a chip of the system described below. Further, a certain module may be stored in the memory of the following system in the form of program code, and a certain processing element of the following system may call and execute the function of the following certain module. Other modules are implemented similarly. All or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, the steps of the above method or the following modules may be implemented by hardware integrated logic circuits in a processor element or instructions in software.
The following modules may be one or more integrated circuits configured to implement the above methods, for example: one or more Application Specific Integrated Circuits (ASICs), one or more Digital Signal Processors (DSPs), one or more Field Programmable Gate Arrays (FPGAs), and the like. When some of the following modules are implemented in the form of a program code called by a Processing element, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling the program code. These modules may be integrated together and implemented in the form of a System-on-a-chip (SOC).
Please refer to fig. 6, which is a schematic structural diagram of a fraudulent user detection system based on page behavior according to an embodiment of the present invention. As shown in fig. 6, the fraudulent user detection system 6 based on page behavior includes: a feature extraction module 61, a behavior analysis module 62 and a fraud detection module 63.
The feature extraction module 61 is configured to perform feature extraction on event data generated by a user on different pages to obtain a page behavior feature vector.
In this embodiment, the feature extraction module 61 is specifically configured to extract statistical values of stay time of a user on different pages; extracting statistics of time for filling contents on different pages by a user; and extracting the number of times of modification of the content filled in on different pages by the user.
The behavior analysis module 62 is configured to perform behavior analysis on a plurality of the page behavior feature vectors through a page behavior detection model.
In this embodiment, the behavior analysis module 62 is specifically configured to pre-train the page behavior detection model according to event data of a historical user; and inputting the page behavior feature vector corresponding to the current user into the page behavior detection model to calculate the degree of abnormality, and respectively determining the degree of abnormality corresponding to the current user in a plurality of pages.
The fraud detection module 63 is configured to perform comprehensive evaluation on the results of the behavior analysis in the multiple pages, and perform user behavior anomaly detection according to the results of the comprehensive evaluation to detect a fraudulent user corresponding to an abnormal user behavior.
In this embodiment, the fraud detection module 63 is specifically configured to determine that the user is a fraudulent user if a result of behavior analysis in any page exceeds a preset threshold of a corresponding page; or endowing different weight values to the behavior analysis results in the multiple pages to obtain a comprehensive evaluation value, and judging the fraudulent user according to the comprehensive evaluation value.
The system for detecting fraudulent users based on page behaviors can realize the method for detecting fraudulent users based on page behaviors, but the device for realizing the method for detecting fraudulent users based on page behaviors comprises but is not limited to the structure of the system for detecting fraudulent users based on page behaviors enumerated in the embodiment, and all structural modifications and replacements in the prior art according to the principle of the invention are included in the protection scope of the invention.
Please refer to fig. 7, which is a schematic structural connection diagram of a fraudulent user detecting device based on page behavior according to an embodiment of the present invention. As shown in fig. 7, the present embodiment provides an apparatus including: a processor, memory, a communication interface, or/and a system bus; the memorizer and the communication interface are connected with the processor through a system bus and complete mutual communication, the memorizer is used for storing a computer program, the communication interface is used for communicating with other equipment, and the processor is used for operating the computer program to enable the equipment to execute all steps of the fraud user detection method based on the page behaviors.
The above-mentioned system bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The system bus may be divided into an address bus, a data bus, a control bus, and the like. The communication interface is used for realizing communication between the database access device and other equipment (such as a client, a read-write library and a read-only library). The Memory may include a Random Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components.
In summary, the method, system, medium, and device for detecting fraudulent users based on page behavior according to the present invention extract the relevant operation flow characteristics of the user from the log event data of the user through characteristic extraction, and convert the complex operation log data into the behavior characteristic vector of the user on the page. The behavior characteristic vector of the user applying for loan on the key page is analyzed in detail to obtain the decision of abnormal behavior, so that the reliability of detection of the fraudulent user is improved. The invention effectively overcomes various defects in the prior art and has high industrial utilization value.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.

Claims (9)

1. A fraudulent user detection method based on page behavior is characterized in that the fraudulent user detection method based on page behavior comprises the following steps:
performing feature extraction on event data generated by a user on different pages to obtain page behavior feature vectors;
performing behavior analysis on the page behavior feature vectors through a page behavior detection model; the page behavior feature vector comprises: the statistical value of the staying time of the user on different pages, the statistical value of the time for the user to fill in the content on different pages and the modification times of the content filled in different pages by the user;
and comprehensively evaluating the results of the behavior analysis in the multiple pages, and detecting abnormal user behaviors according to the comprehensive evaluation results to detect the fraudulent users corresponding to the abnormal user behaviors.
2. The method of claim 1, wherein the step of performing behavior analysis on the plurality of page behavior feature vectors by a page behavior detection model comprises:
pre-training the page behavior detection model according to event data of historical users;
and inputting the page behavior feature vector corresponding to the current user into the page behavior detection model to calculate the degree of abnormality, and respectively determining the degree of abnormality corresponding to the current user in a plurality of pages.
3. The method of claim 2, wherein the step of pre-training the page behavior detection model based on event data of historical users comprises:
and pre-training a Gaussian mixture model according to the event data of the historical user, and taking the Gaussian mixture model as the page behavior detection model.
4. The method for detecting fraudulent users based on page behavior according to claim 1, wherein the step of comprehensively evaluating the results of behavior analysis in a plurality of pages and detecting abnormal user behavior according to the results of comprehensive evaluation to detect fraudulent users corresponding to abnormal user behavior comprises:
if the result of the behavior analysis in any page exceeds a preset threshold value of the corresponding page, judging that the user is a fraudulent user; or
And giving different weight values to the behavior analysis results in the multiple pages to obtain a comprehensive evaluation value, and judging the fraudulent user according to the comprehensive evaluation value.
5. The method for detecting a fraudulent user based on page behavior according to claim 4, characterized in that the step of making a decision of the fraudulent user according to said comprehensive evaluation value includes:
comparing the comprehensive evaluation value with a preset comprehensive threshold value;
if the comprehensive evaluation value exceeds the preset comprehensive threshold value, judging that the user is a fraudulent user;
and if the comprehensive evaluation value does not exceed the preset comprehensive threshold value, judging that the user is a non-fraudulent user.
6. The method of claim 1, wherein the page behavior detection model is a loan application page behavior detection model:
and comprehensively evaluating the results of the behavior analysis in the plurality of loan operation pages, and detecting the abnormal behavior of the user according to the comprehensive evaluation results to detect a loan application fraud user corresponding to the abnormal user behavior.
7. A system for detecting fraudulent users based on page behavior, said system comprising:
the characteristic extraction module is used for extracting characteristics of event data generated by users on different pages to obtain page behavior characteristic vectors;
the behavior analysis module is used for carrying out behavior analysis on the page behavior feature vectors through a page behavior detection model; the page behavior feature vector comprises: the statistical value of the staying time of the user on different pages, the statistical value of the time for the user to fill in the content on different pages and the modification times of the content filled in different pages by the user;
and the fraud detection module is used for comprehensively evaluating the results of the behavior analysis in the multiple pages and detecting the abnormal user behavior according to the comprehensive evaluation results so as to detect the fraud user corresponding to the abnormal user behavior.
8. A medium having stored thereon a computer program, characterized in that the computer program, when being executed by a processor, implements the page behavior based fraudulent user detection method of any one of claims 1 to 6.
9. An apparatus, comprising: a processor and a memory;
the memory is for storing a computer program, and the processor is for executing the memory-stored computer program to cause the apparatus to perform the page behavior-based fraudulent user detection method of any one of claims 1 to 6.
CN202010388823.1A 2020-05-09 2020-05-09 Method, system, medium and device for detecting fraudulent user based on page behavior Active CN111641594B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010388823.1A CN111641594B (en) 2020-05-09 2020-05-09 Method, system, medium and device for detecting fraudulent user based on page behavior

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010388823.1A CN111641594B (en) 2020-05-09 2020-05-09 Method, system, medium and device for detecting fraudulent user based on page behavior

Publications (2)

Publication Number Publication Date
CN111641594A CN111641594A (en) 2020-09-08
CN111641594B true CN111641594B (en) 2021-11-30

Family

ID=72331945

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010388823.1A Active CN111641594B (en) 2020-05-09 2020-05-09 Method, system, medium and device for detecting fraudulent user based on page behavior

Country Status (1)

Country Link
CN (1) CN111641594B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113344376A (en) * 2021-06-02 2021-09-03 南京星云数字技术有限公司 Merchant risk monitoring method and device, computer equipment and storage medium
CN113344469B (en) * 2021-08-02 2021-11-30 成都新希望金融信息有限公司 Fraud identification method and device, computer equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102999572A (en) * 2012-11-09 2013-03-27 同济大学 User behavior mode digging system and user behavior mode digging method
CN106529773A (en) * 2016-10-31 2017-03-22 宜人恒业科技发展(北京)有限公司 Online credit and fraud risk evaluation method based on identifying code type question answering
CN108604272A (en) * 2015-12-28 2018-09-28 安博特菲有限公司 Robot is identified using behavioural characteristic
CN109214683A (en) * 2018-09-06 2019-01-15 平安科技(深圳)有限公司 A kind of Application of risk decision method and device
CN109410036A (en) * 2018-10-09 2019-03-01 北京芯盾时代科技有限公司 A kind of fraud detection model training method and device and fraud detection method and device
CN110781366A (en) * 2019-09-09 2020-02-11 深圳壹账通智能科技有限公司 Webpage data processing method and device, computer equipment and storage medium
US10630707B1 (en) * 2015-10-29 2020-04-21 Integral Ad Science, Inc. Methods, systems, and media for detecting fraudulent activity based on hardware events

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109685647B (en) * 2018-12-27 2021-08-10 阳光财产保险股份有限公司 Credit fraud detection method and training method and device of model thereof, and server
CN110348998A (en) * 2019-06-27 2019-10-18 上海淇馥信息技术有限公司 The method and device of user's risk of fraud prediction based on yellow page data

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102999572A (en) * 2012-11-09 2013-03-27 同济大学 User behavior mode digging system and user behavior mode digging method
US10630707B1 (en) * 2015-10-29 2020-04-21 Integral Ad Science, Inc. Methods, systems, and media for detecting fraudulent activity based on hardware events
CN108604272A (en) * 2015-12-28 2018-09-28 安博特菲有限公司 Robot is identified using behavioural characteristic
CN106529773A (en) * 2016-10-31 2017-03-22 宜人恒业科技发展(北京)有限公司 Online credit and fraud risk evaluation method based on identifying code type question answering
CN109214683A (en) * 2018-09-06 2019-01-15 平安科技(深圳)有限公司 A kind of Application of risk decision method and device
CN109410036A (en) * 2018-10-09 2019-03-01 北京芯盾时代科技有限公司 A kind of fraud detection model training method and device and fraud detection method and device
CN110781366A (en) * 2019-09-09 2020-02-11 深圳壹账通智能科技有限公司 Webpage data processing method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN111641594A (en) 2020-09-08

Similar Documents

Publication Publication Date Title
KR102061987B1 (en) Risk Assessment Method and System
CN112837069B (en) Block chain and big data based secure payment method and cloud platform system
CN109360089B (en) Loan risk prediction method and device
CN111641594B (en) Method, system, medium and device for detecting fraudulent user based on page behavior
US11250368B1 (en) Business prediction method and apparatus
CN105354210A (en) Mobile game payment account behavior data processing method and apparatus
CN109214178B (en) APP application malicious behavior detection method and device
CN110348188B (en) Core body checking method and device
CN112927061A (en) User operation detection method and program product
CN111553701A (en) Session-based risk transaction determination method and device
CN113240510A (en) Abnormal user prediction method, device, equipment and storage medium
KR101999765B1 (en) Method and system for analyzing pattern of banking phishing loan using data mining technology
CN109670931A (en) Behavioral value method, apparatus, equipment and the storage medium of loan user
CN111091408A (en) User identification model creating method and device and identification method and device
CN113554228A (en) Repayment rate prediction model training method and repayment rate prediction method
CN117495544A (en) Sandbox-based wind control evaluation method, sandbox-based wind control evaluation system, sandbox-based wind control evaluation terminal and storage medium
CN112818868A (en) Behavior sequence characteristic data-based violation user identification method and device
CN116823428A (en) Anti-fraud detection method, device, equipment and storage medium
CN114510720A (en) Android malicious software classification method based on feature fusion and NLP technology
CN111507829A (en) Overseas credit card wind control model iteration method, device, equipment and storage medium
CN110570301B (en) Risk identification method, device, equipment and medium
CN109272398B (en) Operation request processing system
CN111639681A (en) Early warning method, system, medium and device based on education drive type fraud
US20230206925A1 (en) System and method for spoofing detection
CN113255929B (en) Method and device for acquiring interpretable reasons of abnormal user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant