CN111915468B - Network anti-fraud active inspection and early warning system - Google Patents
Network anti-fraud active inspection and early warning system Download PDFInfo
- Publication number
- CN111915468B CN111915468B CN202010817933.5A CN202010817933A CN111915468B CN 111915468 B CN111915468 B CN 111915468B CN 202010817933 A CN202010817933 A CN 202010817933A CN 111915468 B CN111915468 B CN 111915468B
- Authority
- CN
- China
- Prior art keywords
- fraud
- module
- network
- early warning
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007689 inspection Methods 0.000 title claims abstract description 43
- 238000009826 distribution Methods 0.000 claims abstract description 49
- 230000003993 interaction Effects 0.000 claims abstract description 38
- 238000011156 evaluation Methods 0.000 claims abstract description 15
- 238000012216 screening Methods 0.000 claims abstract description 9
- 238000011835 investigation Methods 0.000 claims abstract description 8
- 238000005070 sampling Methods 0.000 claims abstract description 5
- 238000012544 monitoring process Methods 0.000 claims description 49
- 238000000034 method Methods 0.000 claims description 35
- 238000007726 management method Methods 0.000 claims description 31
- 238000004891 communication Methods 0.000 claims description 25
- 230000006378 damage Effects 0.000 claims description 18
- 230000008520 organization Effects 0.000 claims description 16
- 230000006399 behavior Effects 0.000 claims description 11
- 238000007781 pre-processing Methods 0.000 claims description 11
- 230000002452 interceptive effect Effects 0.000 claims description 9
- 238000012546 transfer Methods 0.000 claims description 9
- 230000002159 abnormal effect Effects 0.000 claims description 8
- 238000001914 filtration Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 230000002776 aggregation Effects 0.000 claims description 7
- 238000004220 aggregation Methods 0.000 claims description 7
- 238000010276 construction Methods 0.000 claims description 6
- 238000011217 control strategy Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 6
- 239000011159 matrix material Substances 0.000 claims description 5
- 230000011273 social behavior Effects 0.000 claims description 5
- 238000013135 deep learning Methods 0.000 claims description 4
- 239000012634 fragment Substances 0.000 claims description 3
- 238000003860 storage Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000012550 audit Methods 0.000 claims description 2
- 238000001514 detection method Methods 0.000 claims description 2
- 238000011084 recovery Methods 0.000 claims description 2
- 238000005457 optimization Methods 0.000 claims 1
- 230000002265 prevention Effects 0.000 abstract description 7
- 238000005516 engineering process Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 8
- 230000036541 health Effects 0.000 description 5
- 230000010354 integration Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000005856 abnormality Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000013480 data collection Methods 0.000 description 2
- 239000003814 drug Substances 0.000 description 2
- 230000008846 dynamic interplay Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000001364 causal effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000002996 emotional effect Effects 0.000 description 1
- 235000019580 granularity Nutrition 0.000 description 1
- 239000000383 hazardous chemical Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000035772 mutation Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
- G06Q50/265—Personal security, identity or safety
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/04—Forecasting or optimisation specially adapted for administrative or management purposes, e.g. linear programming or "cutting stock problem"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/067—Enterprise or organisation modelling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Strategic Management (AREA)
- Human Resources & Organizations (AREA)
- Economics (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Tourism & Hospitality (AREA)
- Entrepreneurship & Innovation (AREA)
- Marketing (AREA)
- Development Economics (AREA)
- Quality & Reliability (AREA)
- Game Theory and Decision Science (AREA)
- Operations Research (AREA)
- Computer Security & Cryptography (AREA)
- Educational Administration (AREA)
- Accounting & Taxation (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Primary Health Care (AREA)
- Finance (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention belongs to the field of public security, and particularly relates to an anti-fraud active inspection and early warning system for a network, aiming at solving the problem of poor robustness of fraud prevention technology of the network and the telephone. The system of the invention comprises: an automatic inspection module configured to construct a swindle-cue clustering space; the online screening module is configured to obtain the total probability association distribution of the first information of the subject leader and the affiliated members in the suspicious fraud clues through topological sorting and conditional distribution sampling; the credibility evaluation module is configured to evaluate suspicious fraud clues through a layered non-standard network comprehensive evaluation method; and the active early warning module is configured to actively push suspicious fraud clues with the weight larger than the set early warning threshold value to mobile phones of anti-fraud department personnel or case investigation systems, and start electronic supervision and limit for investigating the suspicious fraud clues. The invention locks fraud clues by actively capturing the network and telephone fraud interaction structure, thereby improving the robustness of network and telephone fraud prevention.
Description
Technical Field
The invention belongs to the field of public security, and particularly relates to a network anti-fraud active inspection and early warning system.
Background
With the rapid popularization of the telecom mobile Internet 4G/5G and the intelligent multimedia terminal, the number of mobile phone net people in China reaches 6.88 hundred million by 2016, and the scale of users is the first worldwide. Huge telecommunication user interaction information not only becomes an important decision-making aid for urging to bring up new information consumption service industry, finding and processing civil problems and making effective policies, but also becomes a preferred object for vicious events such as telephone network fraud, network terrorism and illegal crimes implemented by lawless persons or organizations wantonly. Technical challenges of dynamic evolution and emotional drift of existing network and telephone fraud prevention means, diversity of communication modes and event clues along with user group interaction, and the like, make it difficult for existing network and telephone fraud prevention technologies to effectively acquire a user group dynamic interaction topological structure, and fail to accurately identify the problems of network and telephone fraud clues and the like. The telecommunication phishing events in China are made to be more and more intense, the criminal means are more and more endless, and meanwhile, the telecommunication phishing is interwoven with the criminal events such as high interest and credit, network marketing, illegal funding and the like to derive novel criminal events such as 'campus credit', 'hot spot praise' and 'crowd funding and entrepreneurses', so that the social crime rate is increased year by year, and unprecedented challenges are brought to the social public safety.
Disclosure of Invention
In order to solve the above problems in the prior art, that is, to solve the problems that the prior network and telephone fraud prevention technology is difficult to effectively acquire the dynamic interaction topology of the user group, and cannot accurately identify the network and telephone fraud clues, resulting in poor robustness of prevention, in a first aspect of the present invention, a network anti-fraud active inspection and early warning system is provided, the system includes: the system comprises an automatic inspection module, an online selection module, a credibility evaluation module and an active early warning module;
the automatic inspection module is configured to perform feature matching identification on first data acquired in real time by adopting a pre-constructed prior rule base, take the first data with the matching degree larger than a set threshold value as suspicious fraud clues, and construct a suspicious fraud clue clustering space by an information entropy coefficient aggregation method; the prior rule base comprises various types of network and telephone fraud topology feature models; the first data is interactive data of a user group in a mobile social network, an Internet social network and a voice telephone;
the online screening module is configured to acquire interaction influence variables from the fraud cue clustering space, and obtain full probability association distribution of first information of subject leaders and affiliated members in suspicious fraud cues through topological sorting and conditional distribution sampling; the first information comprises interactive community structure, attribution, topic content, network and phone fraud confidence and hazard risk coefficient;
the credibility assessment module is configured to assess the total probability relevance distribution of the suspected fraud clues through a hierarchical scale-free network comprehensive assessment method, obtain the weight of the suspected fraud clue harm credibility, and construct a suspicious fraud clue harm credibility distribution knowledge base;
the active early warning module is configured to actively push suspicious fraud clues with the suspicious fraud clue harm credibility weight larger than a set early warning threshold value in the suspicious fraud clue harm credibility distribution knowledge base to a mobile phone of anti-fraud department personnel or a case inspection system through a collaborative filtering recommendation matrix algorithm, and start electronic inspection limit period inspection of the suspicious fraud clues.
In some preferred embodiments, the system further comprises a data acquisition module, an online preprocessing module, an automatic extraction module and a logical relationship online generation module;
the data acquisition module is configured to acquire sample data; the sample data comprises court electronic data, public security electronic data, operator data, internet social network data, mobile social network data, bank credit investigation data, credit record data, insurance data, video data, e-commerce record data and third-party financial payment data;
the online preprocessing module is configured to fragment and mark sample data, preprocess the marked sample data in real time in batches and package the sample data into an XML format;
the automatic extraction module is configured to encode XML data through a self-encoder for deep learning, automatically extract subject threads and attributes, and package the subject threads and attributes into an internet phone fraud model;
the logic relation online generation module is configured to adopt a super-geometric network relation representation model, measure the logic relation among the internet phone fraud models online, abstract and generalize the logic relation, construct anti-fraud maps in real time, store the anti-fraud maps in a set type database in a classified manner, and update newly-added samples in the database in real time.
In some preferred embodiments, the system further comprises an automatic disk-copying module and an early warning strategy building module;
the automatic duplication module is configured to duplicate the generated network and telephone fraud topology distribution model from the anti-fraud map through a similarity clustering algorithm and a community structure representation learning method;
the early warning strategy building module is configured to actively match and generate the grade of the suspected fraud cue weight coefficient on line from the large-scale social network and telephone communication network data by means of a priori feature library which restores the network and telephone fraud topology distribution model and manual experience intervention.
In some preferred embodiments, the system further comprises a user management module, an organization management module, a model management module, a policy management module, a log auditing module, and an operation monitoring module;
the user management module is configured to manage user information and user authority of the anti-fraud active patrol and early-warning system;
the organization management module is configured to manage organization information and organization authorities of the anti-phishing active patrol and early-warning system;
the model management module is configured to adjust and load the network and telephone fraud topology distribution model according to the authority and the user authority;
the strategy management module is configured to load and adjust the early warning strategy;
the log auditing module is configured to collect, recombine, analyze, process, store, give an abnormal alarm and display the logs of the anti-fraud active patrol and early-warning system;
the operation monitoring module is configured to monitor the operation state of the anti-phishing active inspection and early warning system in real time.
In some preferred embodiments, the active early warning module further includes an identity abnormality monitoring unit, a behavior abnormality monitoring unit, and an abnormality monitoring and early warning unit;
the identity abnormity monitoring unit is configured to acquire first information of the fraud object according to the input social network account number or the contact way of the fraud object, and perform real-time monitoring; the first information comprises social security information, criminal records, abnormal consumption and unknown fund source information;
the behavior abnormity monitoring unit is configured to acquire a track of the target to be detected within a set time period according to the input identity information of the fraud object and the set time period; the tracks comprise consumption behavior tracks and social behavior tracks;
the communication mode abnormity monitoring and early warning unit is configured to acquire a detection image of a dangerous article carried by a fraud object in a public place when the communication mode abnormity of the fraud object is detected, and generate fraud object hazard characteristic data for a public security department to make a decision.
In some preferred embodiments, the method of "preprocessing the marked sample data in real time batch" in the preprocessing module includes: and carrying out preprocessing of filtering, denoising and semantic recovery on the marked sample data.
In some preferred embodiments, the network and telephone fraud topology distribution models that have occurred include a single broadcast group interaction model, a single unordered scan model, a two-way short-term high-frequency end-to-end interaction model, a two-way non-access high-frequency end-to-end interaction model, a profit mode group interaction community model, an internet financial loan community model, a medicine and health community model, a public inspection telephone calling fraud model.
In some preferred embodiments, when the anti-fraud department personnel checks suspected fraud clues, the anti-fraud department personnel confirms that the suspected fraud clues are fraud clues, acquires the personal information of the fraud objects in the fraud clues and the corresponding early warning strategies, and sends the personal information and the corresponding early warning strategies to the bank, the related financial institution or the public security department;
the early warning strategy comprises an alarm strategy, a locking strategy, an emergency notification, a strong authentication strategy, a release strategy and an alarm deployment and control strategy;
the alarm strategy is to alarm and block the transaction when detecting that the user transacts with the blacklist collection account through different payments;
the locking strategy is that when the fact that software and hardware information, time, place and using habits of a user using the network terminal and the mobile terminal are inconsistent with common file information of the user is detected, the account is considered to be stolen and locked;
the dangerous case notification strategy is that when detecting that a cheated user uses a third party of the network terminal to pay or transacts the account transfer service to a bank, the platform actively gives a dangerous case notification to a related financial institution to remind of verifying the transaction validity;
the strong authentication strategy is that when the user is detected to be in a state of transferring a large amount of money for the first time after the foreign network is changed, the transaction is suspended, and the transaction is verified with the telephone client;
the passing strategy is to actively remind the public security department to handle procedures such as transfer passing and the like in time when the platform receives a clue for removing by the public security department;
the alarm arrangement control strategy is that after the blocked transaction is alarmed again, large account transfer is carried out, the suspended transaction is verified with the telephone client, and if verification information is inconsistent, an alarm is given.
In some preferred embodiments, the overall probability distribution of suspected fraud clues is evaluated by a hierarchical scale-free network comprehensive evaluation method, which comprises the following steps: and decoupling, clustering and weighting evaluation are carried out on the total probability association distribution of the suspected fraud clues by a hierarchical scale-free network comprehensive evaluation method.
The invention has the beneficial effects that:
the invention locks fraud clues by actively capturing the network and telephone fraud interaction structure, thereby improving the robustness of network and telephone fraud prevention. The invention dynamically aggregates fraud clues of specific subjects in the social network or telephone user interaction data, aggregates group interaction elements with similarity or correlation, aggregates sparse interaction intents to form clues with different granularities, achieves the purpose of self-emerging clues from group interaction data, and overcomes the problems of multi-source heterogeneity, rapid evolution, difficulty in capture and the like contained in large-scale group interaction.
Meanwhile, the invention carries out on-line prejudgment on various suspicious fraud clues by prejudging the key index mutation/step of the suspicious fraud clue clustering space in the interaction of the network and the telephone user group and combining various early warning rules, thereby improving the accuracy and the real-time property of active early warning. The passive inspection mode of the conventional network anti-fraud system is fundamentally overcome, the purpose of obtaining fraud and accurately locking the target under a big data environment is really realized, and the anti-fraud department is guided to change from a post-mortgage anti-fraud mode to an active troubleshooting fraud mode.
In addition, the method supports online acquisition of multi-source heterogeneous data and automatic synthesis of similar characteristics, can comprehensively acquire various types of edge data, and ensures the comprehensiveness of data acquisition.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings.
FIG. 1 is an exemplary diagram of the overall architecture of an anti-phishing active inspection and early warning system of one embodiment of the present invention;
FIG. 2 is a diagram of an exemplary architecture of a data collection integration system of the anti-fraud active patrol and early-warning system according to an embodiment of the present invention;
FIG. 3 is an exemplary diagram of a model and policy construction system of the anti-fraud active patrol and early-warning system according to an embodiment of the present invention;
FIG. 4 is a diagram of an exemplary architecture of a real-time active early warning system of the anti-fraud active patrol and early warning system according to an embodiment of the present invention;
FIG. 5 is a diagram of an exemplary architecture of a platform management system of the anti-fraud active patrol and early-warning system according to an embodiment of the present invention;
FIG. 6 is a diagram illustrating the monitoring results of the abnormal identity monitoring unit according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a monitoring result of the abnormal behavior monitoring unit according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a monitoring result of the anomaly monitoring and early warning unit according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
The invention relates to a network anti-fraud active inspection and early warning system, which comprises: the system comprises an automatic inspection module, an online selection module, a credibility evaluation module and an active early warning module;
the automatic inspection module is configured to perform feature matching identification on first data acquired in real time by adopting a pre-constructed prior rule base, take the first data with the matching degree larger than a set threshold value as suspicious fraud clues, and construct a suspicious fraud clue clustering space by an information entropy coefficient aggregation method; the prior rule base comprises various types of network and telephone fraud topology feature models; the first data is interactive data of a user group in a mobile social network, an Internet social network and a voice telephone;
the online screening module is configured to acquire interaction influence variables from the fraud cue clustering space, and obtain full probability association distribution of first information of subject leaders and affiliated members in suspicious fraud cues through topological sorting and conditional distribution sampling; the first information comprises interactive community structure, attribution, topic content, network and phone fraud confidence and hazard risk coefficient;
the credibility assessment module is configured to assess the total probability relevance distribution of the suspected fraud clues through a hierarchical scale-free network comprehensive assessment method, obtain the weight of the suspected fraud clue harm credibility, and construct a suspicious fraud clue harm credibility distribution knowledge base;
the active early warning module is configured to actively push suspicious fraud clues with the suspicious fraud clue harm credibility weight larger than a set early warning threshold value in the suspicious fraud clue harm credibility distribution knowledge base to a mobile phone of anti-fraud department personnel or a case inspection system through a collaborative filtering recommendation matrix algorithm, and start electronic inspection limit period inspection of the suspicious fraud clues.
In order to more clearly describe the anti-fraud active inspection and early warning system of the present invention, the following describes in detail the modules of an embodiment of the method of the present invention with reference to the attached drawings.
As shown in fig. 1, the system is divided into a data acquisition and integration system 100, a model and policy construction system 200, a real-time active early warning system 300, and a platform management system 400;
1. data collection integration system 100
The data acquisition and integration system comprises a data acquisition module 101, an online preprocessing module 102, an automatic extraction module 103 and a logical relationship online generation module 104, as shown in fig. 2;
the data acquisition module 101 is configured to acquire sample data; the sample data comprises court electronic data, public security electronic data, operator data, internet social network data, mobile social network data, bank credit investigation data, credit record data, insurance data, video data, e-commerce record data and third-party financial payment data;
in the embodiment, protocols such as Web crawler, ftp, JDBC/ODBC, Web service, MQTT, coach and Sqoop are supported, and structured, semi-structured and unstructured data are acquired online from channels covering traditional internet, mobile internet, WeChat, microblog and telecommunication telephone networks, group interaction data, mobile terminal location data, third-party financial payment data, court electronic data, public security electronic data, bank credit investigation data, credit record data, insurance data, video data and E-commerce record data.
The bank credit investigation data is data with very high quality, and mainly comprises credit records of a credit card, a grey list, old dependence, loss of credit, mandatory execution information and the like, and each item may relate to tendencies of loss of credit fraud and the like in comparison with the core.
The communication data of operators, the large-scale e-commerce behavior data, various insurance data and loan records of various institutions are communicated with each other, and the data sources are also very core data for anti-fraud. Moreover, blacklist data of the bank and the credit institution are relatively direct, and the labor cost for checking can be saved.
The online preprocessing module 102 is configured to fragment and mark sample data, preprocess the marked sample data in real time in batches, and package the sample data into an XML format;
in this embodiment, the data processing mode is converted from off-line processing to on-line processing, sample data is fragmented and marked, and the marked sample data is preprocessed by filtering, denoising and semantic restoration in real time and encapsulated into an XML format.
The automatic extraction module 103 is configured to encode the XML data through a deep learning self-encoder, automatically extract subject threads and attributes, and encapsulate the subject threads and attributes into an internet phone fraud model;
in the embodiment, a deep learning self-coding technology, that is, a self-encoder, is adopted to automatically extract topic clues and attributes (main body, social channel, history tag, time, activity track, social circle, friend list, network port tag, and the like) from the XML data of multiple sources, which are heterogeneous, multiple modes, and high-dimensional hybrid, and package the topic clues and attributes into a million-level internet phone fraud model.
The logical relationship generation module 104 is configured to adopt the super-geometric network relationship representation model, measure the logical relationship between the internet phone fraud models online, abstract and generalize the logical relationship, construct an anti-fraud map in real time, store the anti-fraud map in a database of a set type in a classified manner, and update a newly added sample in the database in real time.
In the embodiment, the hyper-geometric network relation representation model is adopted to measure the logic relation (sequential, turning, causal, progressive, association and the like) among millions of internet phone fraud models, abstract and generalize the logic relation, automatically construct anti-fraud maps, store the anti-fraud maps into the set type database in a classified manner, and update the newly added samples in the database in real time.
In the invention, the set type database comprises a fraud information base, a loss information base, a high-risk information base, a position information base, an abnormal information base and a personnel behavior portrait information base; in other embodiments, the classification may be performed according to actual needs.
Wherein the fraud information repository: storing fraudulent transaction activity occurring during the service; cross product fraud; cross-channel combinatorial/complex fraud, etc.;
a message loss information base: the information of the lost credit personnel and the organization recorded by the credit system is stored;
high-risk information base: storing business violation and suspicious operation, personnel and organization information with higher risk;
a position information base: storing the relative location of the user or institution;
an abnormal information base: suspicious behaviors exist in storage system access and transaction sessions; whether both parties of the transaction occur on the suspicious list;
personnel behavior portrait information base: and storing the basic information of the personal identity of the user, income expenditure information, interests and hobbies, personal influence, social relations and abnormal behavior information.
2. Model and policy building system 200
The model and policy construction system comprises an automatic disk replication module 201 and an early warning policy construction module 202, as shown in fig. 3;
an automatic duplication module 201 configured to duplicate the network and telephone fraud topology distribution models that have occurred from the anti-fraud atlas through a similarity clustering algorithm and a community structure representation learning method;
in this embodiment, a topological distribution model, that is, various network and telephone fraud topological distribution models, is constructed for various network and telephone fraud events that have occurred, and includes 50 models, such as a single broadcast group interaction model, a single unordered scanning model, a two-way short-term high-frequency end-to-end interaction model, a profit mode group interaction community model, an internet financial loan community model, a medicine and health care community model, a public inspection telephone calling fraud model, and a impersonation company leading and submitting model.
The single broadcast group interaction model is used for depicting that a calling party continuously initiates a call to a called party, and the calling party and the called party do not have any relation between the first call and the first call, and is the most main mode of phishing at present;
the single unordered scanning model is used for depicting a network fraud mode of actively hunting social members in the social network, namely, a cheater continuously scans contents such as personal identities, occupation, consumption, interests and the like of a microblog, a WeChat, a friend circle and a social circle through network flesh automatic search software, and a hunting object mode is locked;
the bidirectional short-term high-frequency end-to-end interaction model is used for depicting a communication mode that intermittent financial fraud exists between a calling party and a called party of the network telephone, the two modes surround the contents of stocks, futures, bitcoins, health products, financial products, off-site financing, financial Internet, financial loan and the like, and the communication frequency exceeds the communication frequency of the lovers in a short term;
the profit mode group interaction community model describes a social network bitcoin fraud mode, specifically describes that bitcoin transaction personnel create a transaction social circle to be hidden in a public social network, hunts various investors through various single unordered scanning models, and forms a profit mode group interaction community by taking high profit returns as baits;
the Internet financial loan community model is used for depicting novel Internet network high interest loan fraud communication modes such as 'campus loan', 'hotspot praise', 'network game' and 'crowd funding and entrepreneurses';
the system comprises a medical health community model, a public inspection telephone calling fraud model, a pretend company leader withdrawal model and the like, and is used for depicting a network telephone communication mode of professional high-knowledge group cooperation fraud, specifically the professional high-knowledge group fraud utilizes an enterprise virtual network of a communication company to construct a virtual medical health community communication mode, a public inspection communication mode and a state organ communication mode, and the professional high-knowledge group cooperation telephone fraud is developed.
The early warning strategy building module 202 is configured to actively match and generate the grade of the suspected fraud cue weight coefficient on line from the large-scale social network and telephone communication network data by means of a priori feature library which has been restored to have network and telephone fraud topology distribution models and manual experience intervention through a deduction method;
in the present embodiment, a hierarchical mapping relationship of the occurred network and phone fraud topology distribution model and the preset suspected fraud cue weight coefficients is constructed. Namely, by means of a pattern matching deduction method, the weights of suspected fraud clues are actively matched online from large-scale social network and telephone communication network data by means of a priori feature library which has been restored and has undergone network and telephone fraud topological distribution models and manual experience intervention, and the suspected fraud clues are ranked in a hierarchical manner.
3. Real-time active early warning system 300
The real-time active early warning system 300 comprises an automatic inspection module 301, an online screening module 302, a credibility evaluation module 303 and an active early warning module 304, as shown in fig. 4;
the automatic inspection module 301 is configured to match the first data acquired in real time by using a historical priori rule base, take the first data with the matching degree greater than a set threshold value as a suspected fraud cue, and construct a suspected fraud cue clustering space by an information entropy coefficient aggregation method; the prior rule base comprises various types of network and telephone fraud models and anti-fraud personnel experience models; the first data is interactive data of a user group in a mobile social network, an Internet social network and a voice telephone;
in this embodiment, the various types of internet and telephone fraud topology distribution models are used as a priori rule base for online multi-task comparison matching machine learning, and from the online interaction process data of the hundred million user groups, online phishing clues with various model matching degrees reaching a set threshold are generated, the preferred set threshold of the invention is 65%, that is, interaction data with matching degree higher than 65% is taken as suspicious fraud clues. Establishing a clustering space of suspected fraud clues in network and telephone user group interaction based on the suspected fraud clues, namely excavating potential semantic association among large-scale group interaction clusters through a multi-scale rapid approximate inference method, an aggregation algorithm and an information entropy coefficient aggregation method, realizing online aggregation of suspected fraud clue migration paths in the network and telephone user group interaction, and establishing an empowerment mapping relation from a time sequence evolution graph model to the suspected fraud clues.
An online screening module 302, configured to obtain interaction influence variables from the fraud cue clustering space, and obtain full probability association distribution of the first information of the subject leaders and affiliated members in the suspected fraud cues through topological sorting and conditional distribution sampling; the first information comprises interactive community structure, attribution, topic content, network and phone fraud confidence and hazard risk coefficient;
in the embodiment, from the event thread clustering space in the interaction of the network and the telephone user groups, the interactive community structure, the attribution, the topic content, the network and telephone fraud confidence and the hazard risk coefficient of the subject leader and the affiliated members of the suspicious thread are screened. The screening process is as follows:
on-line acquisition of a user interaction influencing variable X from a suspected fraud cue clustering space in network and telephone user interactionsiAnd using topological ordering such that for all i and j, if XiIs XjJ is greater than i. The variables may then be sampled in this order. In other words, we can first adopt xi~P(xi) Describing a suspicious user xiThen assuming x as the probability distribution of the fraudulent features ofiTo show the occurrence of phishing features, we resort to xiAs a prejudgment xi+1The prior reference value of the fraud feature confidence distribution of (1), namely: x is the number ofi+1~P(xi+1|Pa(xi) By analogy, until finally we obtain xn~P(xn|Pa(xn) ) full probability confidence profile structure. Thus according to xi~P(xi|Pa(xi) Automatically generate x)i+1The total probability association distribution of the suspicious fraud cues to the user is the total probability association distribution map.
The credibility assessment module 303 is configured to assess the total probability relevance distribution of the suspected fraud clues by a hierarchical scale-free network comprehensive assessment method, obtain the weight of the suspected fraud clue harm credibility, and construct a suspicious fraud clue harm credibility distribution knowledge base;
in the embodiment, by means of the prior of the industry anti-fraud expert experience, the anti-fraud historical model and the like, a hierarchical scale-free network comprehensive evaluation method is applied to match suspicious fraud clues with the industry expert experience and the historical model one by one on line, and the incidence relation and the empowerment among different evaluation factor objects are searched. On the basis of establishing the suspected fraud cue importance evaluation index system, combining with the numerical value of a certain statistical index, arranging contents such as network and telephone fraud confidence saturation, hazard risk coefficient, forked nodes and oscillating nodes in the risk area according to the time sequence, and generating the weight of the suspected fraud cue hazard confidence on line.
The active early warning module 304 is configured to actively push suspicious fraud cues in the suspicious fraud cue harm credibility distribution knowledge base to a mobile phone of anti-fraud department personnel or a case screening system through a collaborative filtering recommendation matrix algorithm, and enable electronic monitoring limit period screening of the suspicious fraud cues, wherein the weight of the suspicious fraud cue harm credibility of the suspicious fraud cue harm distribution knowledge base is greater than a set early warning threshold value.
In this embodiment, the cue detects the transition from a fraud-reversal evidence-seeking approach to an active patrol approach that prevents fraud from occurring. The method statistically analyzes the probability distribution of the network and telephone fraud risk-dividing evolution rule, namely the total probability correlation distribution, from the dimensions of time, space and the like, and forms a gray GM (h, n) model. According to the grey model, determining that the risk weight coefficient of the grey GM (h, n) model is actively notified to an anti-fraud department in advance by means of mobile network WeChat, short message, convenient micro-blog, telephone, third-party communication channel and the like, informing the hazard degree, namely judging whether the hazard credibility weight of the suspected fraud clue is greater than a set early warning threshold value or not, if so, actively pushing the suspected fraud clue to a mobile phone of an anti-fraud department or a case inspection system through a collaborative filtering recommendation matrix algorithm, and starting an electronic inspection limit period to inspect the suspected fraud clue.
In addition, when anti-fraud department personnel investigate suspicious fraud clues, the personnel are determined to be fraud clues, personal information of a fraud object in the fraud clues and early warning strategies of the fraud event are acquired and sent to banks, related financial institutions or public security departments;
in the invention, the early warning strategy comprises an alarm strategy, a locking strategy, an emergency notification, a strong authentication strategy, a release strategy and an alarm deployment and control strategy;
the alarming strategy is that when detecting that the user transacts with the blacklist collection account through different payment, alarming processing is carried out to block the transaction;
the locking strategy is that when the software and hardware information, time, place and use habit of the user using the network terminal and the mobile terminal are detected to be inconsistent with the common file information, the account is considered to be stolen and locked;
the dangerous case notification strategy is that when detecting that a cheated user uses a third party of the network terminal to pay or transacts the account transfer service to a bank, the platform actively gives a dangerous case notification to a related financial institution to remind the transaction validity to be verified;
the strong authentication strategy is that when the user is detected to be in a state of transferring large amount for the first time after the foreign network is changed, the transaction is suspended and the user verifies the user;
the release strategy is that when the platform receives a clue for removing by the public security department, the platform actively reminds the public security department to handle procedures such as transfer release and the like in time;
the alarm arrangement control strategy is that after the blocked transaction is alarmed again, large account transfer is carried out, the suspended transaction is verified with the telephone client, and if the verification information is inconsistent, an alarm is given.
The real-time active early warning system 300 further includes an identity anomaly monitoring unit 305, a social behavior anomaly monitoring unit 306, and a communication mode anomaly monitoring and early warning unit 307;
an identity anomaly monitoring unit 305 configured to obtain information such as social security information, crime records, abnormal consumption, unknown fund sources and the like of a suspect according to a social network account or a telephone number of an input suspect, namely a fraud object, and perform real-time monitoring; a real-time monitoring section as shown in fig. 6; the system of the present invention is referred to simply as a fraud system.
The social behavior anomaly monitoring unit 306 is configured to acquire a behavior track, a related fund transaction topic and a communication interaction topological track of the target to be detected in the corresponding time period according to the input identity information of the suspect and social information such as a microblog or a micro message issued in the corresponding time period; the face retrieval section shown in fig. 7 shows the behavior trajectory of the inputted suspect;
a communication mode anomaly monitoring and early warning unit 307 configured to perform capturing and storing of video images of a public area and analyzing of the captured images to generate fraud object hazard characteristic data for decision-making by anti-fraud departments according to analysis such as tracking, analysis and pursuit of communication mode anomaly change of suspects, and perform alarm prompt and display of related information if anomaly exists; such as the hazardous materials monitoring module shown in fig. 8.
4. Platform management system 400
The platform management system 400 includes a user management module 401, an organization management module 402, a model management module 403, a policy management module 404, a log audit module 405, and an operation monitoring module 406, as shown in fig. 5;
the user management module 401 is configured to manage user information and user rights of the anti-fraud active patrol and early-warning system;
in this embodiment, the user management module is configured to perform addition, deletion, modification, and check on the user, and perform distributed storage on the related data, so as to ensure that the authority and role information of the corresponding user can be normally stored and used. The authority authentication of the user in the user login process adopts Shiro service-based multi-domain identity authentication and authorization, and the method specifically comprises the following steps:
firstly, judging whether a logged-in user is a Shiro domain, if so, creating a subject (class), judging that a user login request needs a corresponding right item, if not, detecting a login path of the user, and if the login path is a common login path, directly logging in; if the logged-in user needs the authority, checking whether the user has a corresponding authority item through a persistence filter, if not, returning a no-authority page or prompting no authority, otherwise, checking through the filter.
An organization management module 402 configured to manage organization information and organization authority of the anti-fraud active patrol and early-warning system;
in this embodiment, the use of different organizations is managed, and functions and applications oriented to the organizations are presented, that is, organization information and organization authorities of the anti-fraud active patrol and early-warning system are managed.
The model management module 403 is configured to adjust and load the network and telephone fraud topology distribution model that has occurred according to the authority and the user authority;
in this embodiment, a model constructed by using mass data provides customized loading of the model according to the need of a specific scenario decision, and generates corresponding risk prediction and alarm application.
A policy management module 404 configured to load and adjust the early warning policy;
in this embodiment, the policy management module is configured to load and adjust policies such as strong authentication, release, alarm, prediction, and the like.
The log auditing module 405 is configured to collect, recombine, analyze, process, store, alarm and display logs of the anti-fraud active patrol and early warning system;
and the operation monitoring module 406 is configured to monitor the operation state of the anti-phishing active inspection and early warning system in real time.
In this embodiment, the operation monitoring module is configured to monitor an operation state of the anti-fraud active inspection and early warning system. The method mainly comprises the steps of service monitoring, server monitoring, network monitoring and safety monitoring;
service monitoring: monitoring the running states of the data acquisition and integration system 100, the model and strategy construction system 200, the real-time active early warning system 300, the platform management system 400 and the database;
monitoring by the server: and monitoring the cluster equipment, including equipment temperature, power on and power off, fan rotating speed and the like. Monitoring a CPU, a memory, a disk and an operating system of the server;
network monitoring: monitoring network flow, network storm, network congestion and network topology;
safety monitoring: data security, user security, network security, access security, and the like are monitored.
It should be noted that, the anti-fraud active inspection and early warning system provided in the foregoing embodiment is only illustrated by the division of the functional modules, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the modules or steps in the embodiment of the present invention are further decomposed or combined, for example, the modules in the foregoing embodiment may be combined into one module, or may be further split into multiple sub-modules, so as to complete all or part of the functions described above. The names of the modules and steps involved in the embodiments of the present invention are only for distinguishing the modules or steps, and are not to be construed as unduly limiting the present invention.
The terms "comprises," "comprising," or any other similar term are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
Claims (7)
1. An anti-phishing active inspection and early warning system, comprising: the system comprises an automatic inspection module, an online selection module, a credibility evaluation module, an active early warning module, a data acquisition module, an online preprocessing module, an automatic extraction module, a logic relationship online generation module, an automatic re-recording module and an early warning strategy construction module;
the automatic inspection module is configured to perform feature matching identification on first data acquired in real time by adopting a pre-constructed prior rule base, take the first data with the matching degree larger than a set threshold value as suspicious fraud clues, and construct a suspicious fraud clue clustering space by an information entropy coefficient aggregation method; the prior rule base comprises various types of network and telephone fraud topology feature models; the first data is interactive data of a user group in a mobile social network, an Internet social network and a voice telephone;
the online screening module is configured to acquire interaction influence variables from the fraud cue clustering space, and obtain full probability association distribution of first information of subject leaders and affiliated members in suspicious fraud cues through topological sorting and conditional distribution sampling; the first information comprises interactive community structure, attribution, topic content, network and phone fraud confidence and hazard risk coefficient;
the credibility assessment module is configured to assess the total probability relevance distribution of the suspected fraud clues through a hierarchical scale-free network comprehensive assessment method, obtain the weight of the suspected fraud clue harm credibility, and construct a suspicious fraud clue harm credibility distribution knowledge base;
the active early warning module is configured to actively push suspicious fraud clues with the credibility weight of the suspicious fraud clue harm credibility being greater than a set early warning threshold value in the suspicious fraud clue harm credibility distribution knowledge base to a mobile phone of anti-fraud department personnel or a case investigation system through a collaborative filtering recommendation matrix algorithm, and start electronic supervision limit period investigation of the suspicious fraud clues;
the data acquisition module is configured to acquire sample data; the sample data comprises court electronic data, public security electronic data, operator data, internet social network data, mobile social network data, bank credit investigation data, credit record data, insurance data, e-commerce record data and third-party financial payment data;
the online preprocessing module is configured to fragment and mark sample data, preprocess the marked sample data in real time in batches and package the sample data into an XML format;
the automatic extraction module is configured to encode XML data through a self-encoder for deep learning, automatically extract subject threads and attributes, and package the subject threads and attributes into an internet phone fraud model;
the logic relation online generation module is configured to adopt a super-geometric network relation representation model, measure the logic relation among the internet phone fraud models online, abstract and generalize the logic relation, construct anti-fraud maps in real time, store the anti-fraud maps in a set type database in a classified manner, and update newly-added samples in the database in real time;
the automatic duplication module is configured to duplicate the generated network and telephone fraud topology distribution model from the anti-fraud map through a similarity clustering algorithm and a community structure representation learning method;
the early warning strategy building module is configured to actively match and generate the grade of the suspected fraud cue weight coefficient on line from the large-scale social network and telephone communication network data by means of a priori feature library which restores the network and telephone fraud topology distribution model and manual experience intervention.
2. The anti-phishing active inspection and early warning system as claimed in claim 1, further comprising a user management module, an organization management module, a model management module, a policy management module, a log audit module, an operation monitoring module;
the user management module is configured to manage user information and user authority of the anti-fraud active patrol and early-warning system;
the organization management module is configured to manage organization information and organization authorities of the anti-phishing active patrol and early-warning system;
the model management module is configured to adjust and load the network and telephone fraud topology distribution model storage, structure updating, parameter optimization and model destruction which have occurred according to the authority and the user authority;
the strategy management module is configured to load and adjust the early warning strategy;
the log auditing module is configured to collect, recombine, analyze, process, store, give an abnormal alarm and display the logs of the anti-fraud active patrol and early-warning system;
the operation monitoring module is configured to monitor the operation state of the anti-phishing active inspection and early warning system in real time.
3. The anti-fraud active inspection and early warning system according to claim 1, wherein the active early warning module further comprises an identity anomaly monitoring unit, a social behavior anomaly monitoring unit, a communication mode anomaly monitoring and early warning unit;
the identity abnormity monitoring unit is configured to acquire first information of the fraud object according to the input social network account number or the contact way of the fraud object, and perform real-time monitoring; the first information comprises social security information, criminal records, abnormal consumption and unknown fund source information;
the behavior abnormity monitoring unit is configured to acquire a track of the target to be detected within a set time period according to the input identity information of the fraud object and the set time period; the tracks comprise consumption behavior tracks and social behavior tracks;
the communication mode abnormity monitoring and early warning unit is configured to acquire a detection image of a dangerous article carried by a fraud object in a public place when the communication mode abnormity of the fraud object is detected, and generate fraud object hazard characteristic data for a public security department to make a decision.
4. The anti-phishing active inspection and early warning system as claimed in claim 1, wherein said preprocessing module "preprocesses the marked sample data in real time batch", and the method comprises: and (4) pre-processing the marked sample data by filtering, denoising and semantic recovery.
5. The anti-phishing active inspection and early warning system in accordance with claim 1, wherein said network and phone fraud topology distribution models that have occurred comprise a single broadcast group interaction model, a single unordered scanning model, a two-way short-term high-frequency end-to-end interaction model, a two-way non-access high-frequency end-to-end interaction model, a profit mode group interaction community model, an internet financial loan community model, a healthcare community model, a public inspection telephone calling fraud model.
6. The anti-fraud active inspection and early warning system according to claim 1, wherein when anti-fraud department personnel checks suspected fraud cues, the anti-fraud department personnel determines that the suspected fraud cues are fraud cues, acquires personal information of the fraud objects in the fraud cues and corresponding early warning strategies, and sends the information to banks, related financial institutions or public security departments;
the early warning strategy comprises an alarm strategy, a locking strategy, an emergency notification, a strong authentication strategy, a release strategy and an alarm deployment and control strategy;
the alarm strategy is to alarm and block the transaction when detecting that the user transacts with the blacklist collection account through different payments;
the locking strategy is that when the fact that software and hardware information, time, place and using habits of a user using the network terminal and the mobile terminal are inconsistent with common file information of the user is detected, the account is considered to be stolen and locked;
the dangerous case notification strategy is that when detecting that a cheated user uses a third party of the network terminal to pay or transacts the account transfer service to a bank, the platform actively gives a dangerous case notification to a related financial institution to remind of verifying the transaction validity;
the strong authentication strategy is that when the user is detected to be in a state of transferring a large amount of money for the first time after the foreign network is changed, the transaction is suspended, and the transaction is verified with the telephone client;
the passing strategy is to actively remind the public security department to handle procedures such as transfer passing and the like in time when the platform receives a clue for removing by the public security department;
the alarm arrangement control strategy is that after the blocked transaction is alarmed again, large account transfer is carried out, the suspended transaction is verified with the telephone client, and if verification information is inconsistent, an alarm is given.
7. The anti-fraud active inspection and early warning system according to claim 1, wherein the overall probability distribution of associations of suspected fraud cues is evaluated by a hierarchical scale-free network comprehensive evaluation method, which comprises: and decoupling, clustering and weighting evaluation are carried out on the total probability association distribution of the suspected fraud clues by a hierarchical scale-free network comprehensive evaluation method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010817933.5A CN111915468B (en) | 2020-08-14 | 2020-08-14 | Network anti-fraud active inspection and early warning system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010817933.5A CN111915468B (en) | 2020-08-14 | 2020-08-14 | Network anti-fraud active inspection and early warning system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111915468A CN111915468A (en) | 2020-11-10 |
| CN111915468B true CN111915468B (en) | 2021-09-10 |
Family
ID=73284798
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010817933.5A Active CN111915468B (en) | 2020-08-14 | 2020-08-14 | Network anti-fraud active inspection and early warning system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111915468B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112583804B (en) * | 2020-12-05 | 2022-02-25 | 苏州小棉袄信息技术股份有限公司 | Monitoring management system capable of tracking and evidence obtaining of network illegal behaviors in real time |
| CN112669187B (en) * | 2020-12-31 | 2024-04-02 | 深圳云天励飞技术股份有限公司 | Identity recognition method and device, electronic equipment and related products |
| CN114021039B (en) * | 2021-11-10 | 2022-08-23 | 深圳安巽科技有限公司 | Anti-fraud joint defense early warning method, system and storage medium |
| CN116361559B (en) * | 2023-04-07 | 2024-03-01 | 爱乐云(深圳)科技有限公司 | User resource anti-fraud strategy generation method and server adopting artificial intelligence |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8660954B2 (en) * | 2010-05-03 | 2014-02-25 | Fundacao CPQD—Centro de Pesquisa E Desenvolvimento em Telecommuncacoes | Fraud and events integrated management method and system |
| CN103634317A (en) * | 2013-11-28 | 2014-03-12 | 北京奇虎科技有限公司 | Method and system of performing safety appraisal on malicious web site information on basis of cloud safety |
| CN106686264A (en) * | 2016-11-04 | 2017-05-17 | 国家计算机网络与信息安全管理中心 | Method and system for fraud call screening and analyzing |
| CN110148001A (en) * | 2019-04-29 | 2019-08-20 | 上海欣方智能系统有限公司 | A kind of system and method for realizing fraudulent trading intelligent early-warning |
-
2020
- 2020-08-14 CN CN202010817933.5A patent/CN111915468B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8660954B2 (en) * | 2010-05-03 | 2014-02-25 | Fundacao CPQD—Centro de Pesquisa E Desenvolvimento em Telecommuncacoes | Fraud and events integrated management method and system |
| CN103634317A (en) * | 2013-11-28 | 2014-03-12 | 北京奇虎科技有限公司 | Method and system of performing safety appraisal on malicious web site information on basis of cloud safety |
| CN106686264A (en) * | 2016-11-04 | 2017-05-17 | 国家计算机网络与信息安全管理中心 | Method and system for fraud call screening and analyzing |
| CN110148001A (en) * | 2019-04-29 | 2019-08-20 | 上海欣方智能系统有限公司 | A kind of system and method for realizing fraudulent trading intelligent early-warning |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111915468A (en) | 2020-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111915468B (en) | Network anti-fraud active inspection and early warning system | |
| Mena | Machine learning forensics for law enforcement, security, and intelligence | |
| CN109347801B (en) | Vulnerability exploitation risk assessment method based on multi-source word embedding and knowledge graph | |
| US20070266439A1 (en) | Privacy management and transaction system | |
| Goode et al. | Detecting complex account fraud in the enterprise: The role of technical and non-technical controls | |
| Chandra et al. | A taxonomy of cybercrime: Theory and design | |
| Oatley | Themes in data mining, big data, and crime analytics | |
| National Research Council et al. | Protecting individual privacy in the struggle against terrorists: A framework for program assessment | |
| Tundis et al. | Challenges and available solutions against organized cyber-crime and terrorist networks | |
| Kul et al. | Towards a Cyber Ontology for Insider Threats in the Financial Sector. | |
| CN113918938A (en) | User entity behavior analysis method and system of continuous immune safety system | |
| Michel et al. | Cyber identity: Salient trait ontology and computational framework to aid in solving cybercrime | |
| Goodman | Making computer crime count | |
| Nadu | Money laundering analysis based on time variant behavioral transaction patterns using data mining | |
| CN113923037B (en) | Anomaly detection optimization device, method and system based on trusted computing | |
| US20090234827A1 (en) | Citizenship fraud targeting system | |
| Khattri et al. | Parameters of automated fraud detection techniques during online transactions | |
| Sulayman et al. | Designing security user profiles via anomaly detection for user authentication | |
| Genga et al. | Discovering reliable evidence of data misuse by exploiting rule redundancy | |
| Pamuji et al. | Linear regression for prediction of excessive permissions database account traffic | |
| Zytniewski et al. | Software agents supporting the security of IT systems handling personal information | |
| Kapoor | Deception Detection And Vulnerability Analysis Using A Multi-Level Clustering Machine Learning Algorithm In Business Transactions | |
| Ayusha et al. | The impact of big data on fraud investigations | |
| Khanuja et al. | Monitor and detect suspicious transactions with database forensics and Dempster-Shafer theory of evidence | |
| Mihailescu et al. | Unveiling Threats: Leveraging User Behavior Analysis for Enhanced Cybersecurity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |