CN113723522B

CN113723522B - Abnormal user identification method and device, electronic equipment and storage medium

Info

Publication number: CN113723522B
Application number: CN202111016570.6A
Authority: CN
Inventors: 陈迎运
Original assignee: Ping An Technology Shenzhen Co Ltd
Current assignee: Ping An Technology Shenzhen Co Ltd
Priority date: 2021-08-31
Filing date: 2021-08-31
Publication date: 2023-06-16
Anticipated expiration: 2041-08-31
Also published as: CN113723522A

Abstract

The embodiment of the application discloses an abnormal user identification method, an abnormal user identification device, electronic equipment and a storage medium, wherein the identification method comprises the steps of obtaining credit characteristics of a target user; inputting the credit characteristics into a preset credit evaluation model to obtain a risk coefficient of a target user; when the risk coefficient of the target user is smaller than a preset risk coefficient, acquiring current application information and historical application information of the target user according to the identity information; acquiring first-degree associated user information, second-degree associated user information and third-degree associated user information associated with a target user according to the current application information and the historical application information; dividing the association level according to the information matching degree; classifying associated users according to the association level, and constructing a user relationship network of the target user; node data corresponding to each associated user node in the user relation network is obtained, and a classification result of the target user is obtained by utilizing the node data and a preset user classification model.

Description

Abnormal user identification method and device, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of artificial intelligence technologies, and in particular, to a method and apparatus for identifying an abnormal user, an electronic device, and a storage medium.

Background

With the rapid development of network information technology, internet finance is also increasingly and widely applied to various scenes such as work and life. Many banks or financial institutions for providing credit services are emerging in the financial market, and credit products developed under the flags of each family are in full view to meet the demands of different customers.

Currently, many credit agencies have built their own air management systems, and prior to providing a credit service to a user, risk assessment of the user is often required to determine whether the user is qualified for credit. For example, credit agencies typically use corresponding assessment models to determine a risk index for a user. However, the existing wind control system generally determines whether each user is an abnormal user according to the own transaction behavior of the user, and when the user encounters a group fraud, the wind control system cannot effectively intercept part of abnormal users.

Therefore, how to accurately identify abnormal users to reduce the financial investment risk of enterprises is a popular subject under investigation by those skilled in the art.

Disclosure of Invention

The embodiment of the application mainly aims to provide a method and a device for identifying abnormal users, electronic equipment and a storage medium, and aims to improve the accuracy of identifying the abnormal users.

In a first aspect, an embodiment of the present application provides a method for identifying an abnormal user, including:

acquiring credit information of a target user based on identity information and authorization information submitted by the target user, and extracting features of the credit information to acquire credit features of the target user;

inputting the credit characteristics into a preset credit evaluation model to obtain a risk coefficient of the target user;

when the risk coefficient of the target user is smaller than a preset risk coefficient, acquiring current application information and historical application information of the target user according to the identity information;

acquiring first-degree associated user information, second-degree associated user information and third-degree associated user information associated with the target user according to the current application information and the historical application information, wherein the first-degree associated user information is user information corresponding to a first-degree associated user directly associated with at least one of the current application information or the historical application information, the second-degree associated user information is user information corresponding to a second-degree associated user directly associated with the first-degree associated user information, and the third-degree associated user information is user information corresponding to a third-degree associated user directly associated with the second-degree associated user information;

Dividing the association level between the target user and any one of the first-degree association user, the second-degree association user and the third-degree association user according to the information matching degree of the user information of the target user and any one of the first-degree association user information, the second-degree association user information and the third-degree association user information;

classifying the first-degree associated user, the second-degree associated user and the third-degree associated user according to the association level, and constructing a user relationship network of the target user according to a classification result, wherein the user relationship network comprises a plurality of associated user groups with different association levels, and each associated user group comprises a plurality of associated user nodes;

and acquiring node data corresponding to each associated user node in the user relation network, and acquiring a classification result of the target user by utilizing the node data and a preset user classification model.

In a second aspect, an embodiment of the present application further provides an apparatus for identifying an abnormal user, including:

the feature acquisition module is used for acquiring credit information of the target user based on identity information and authorization information submitted by the target user, and extracting features of the credit information so as to acquire credit features of the target user;

The risk assessment module is used for inputting the credit characteristics into a preset credit assessment model to obtain a risk coefficient of the target user;

the information acquisition module is used for acquiring current application information and historical application information of the target user according to the identity information when the risk coefficient of the target user is smaller than a preset risk coefficient;

the information association module is used for acquiring first-degree association user information, second-degree association user information and third-degree association user information associated with the target user according to the current application information and the historical application information, wherein the first-degree association user information is user information corresponding to a first-degree association user directly associated with at least one of the current application information or the historical application information, the second-degree association user information is user information corresponding to a second-degree association user directly associated with the first-degree association user information, and the third-degree association user information is user information corresponding to a third-degree association user directly associated with the second-degree association user information;

the association analysis module is used for dividing association grades between the target user and any one of the first-degree association user, the second-degree association user and the third-degree association user according to the information matching degree of the user information of the target user and any one of the first-degree association user information, the second-degree association user information and the third-degree association user information;

The network construction module is used for classifying the first-degree associated user, the second-degree associated user and the third-degree associated user according to the association level, and constructing a user relationship network of the target user according to a classification result, wherein the user relationship network comprises a plurality of associated user groups with different association levels, and each associated user group comprises a plurality of associated user nodes;

and the user classification module is used for acquiring node data corresponding to each associated user node in the user relation network, and acquiring a classification result of the target user by utilizing the node data and a preset user classification model.

In a third aspect, embodiments of the present application also provide an electronic device comprising a processor, a memory, a computer program stored on the memory and executable by the processor, and a data bus for enabling a connection communication between the processor and the memory, wherein the computer program, when executed by the processor, implements the steps of the method for identifying any abnormal user as provided in the present application.

In a fourth aspect, embodiments of the present application further provide a storage medium for computer readable storage, where the storage medium stores one or more programs, and the one or more programs are executable by one or more processors to implement the steps of any of the abnormal user identification methods as provided in the present application.

The embodiment of the application provides a method, a device, electronic equipment and a storage medium for identifying an abnormal user, wherein the method for identifying the abnormal user obtains credit information of a target user based on identity information and authorization information submitted by the target user, and performs feature extraction on the credit information to obtain credit features of the target user; inputting the credit characteristics into a preset credit evaluation model to obtain a risk coefficient of the target user; when the risk coefficient of the target user is smaller than a preset risk coefficient, acquiring current application information and historical application information of the target user according to the identity information; acquiring first-degree associated user information, second-degree associated user information and third-degree associated user information associated with the target user according to the current application information and the historical application information, wherein the first-degree associated user information is user information corresponding to a first-degree associated user directly associated with at least one of the current application information or the historical application information, the second-degree associated user information is user information corresponding to a second-degree associated user directly associated with the first-degree associated user information, and the third-degree associated user information is user information corresponding to a third-degree associated user directly associated with the second-degree associated user information; dividing the association level between the target user and any one of the first-degree association user, the second-degree association user and the third-degree association user according to the information matching degree of the user information of the target user and any one of the first-degree association user information, the second-degree association user information and the third-degree association user information; classifying the first-degree associated user, the second-degree associated user and the third-degree associated user according to the association level, and constructing a user relationship network of the target user according to a classification result, wherein the user relationship network comprises a plurality of associated user groups with different association levels, and each associated user group comprises a plurality of associated user nodes; and acquiring node data corresponding to each associated user node in the user relation network, and acquiring a classification result of the target user by utilizing the node data and a preset user classification model. When a financial service request of a target user is received, credit information of the user is acquired based on user information of the target user, so that credit coefficients of the user are evaluated for the first time according to the credit information of the user, if the first evaluation fails, the target user is indicated to be an abnormal user, when the first evaluation passes, a three-degree association relationship of the user is acquired, a user relationship network corresponding to the target user is created by utilizing the three-degree association relationship, more rules related to the target user and associated user data related to the target user can be mined from the user relationship network corresponding to each associated user node, the associated user data is used as associated characteristics of the target user, the acquired characteristic data is analyzed through a preset classification algorithm, and therefore the user is effectively evaluated to be at risk of group fraud, and the identification accuracy of the abnormal user is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a flow chart of a method for identifying an abnormal user according to an embodiment of the present application;

FIG. 2 is a schematic diagram of a three-degree associated user and user information thereof obtained from user information corresponding to a target user;

FIG. 3 is a schematic diagram of a user relationship network constructed from user information of a target user and user information associated with the target user;

fig. 4 is a schematic block diagram of an abnormal user identification device according to an embodiment of the present application;

fig. 5 is a schematic block diagram of an electronic device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.

The flow diagrams depicted in the figures are merely illustrative and not necessarily all of the elements and operations/steps are included or performed in the order described. For example, some operations/steps may be further divided, combined, or partially combined, so that the order of actual execution may be changed according to actual situations.

It is to be understood that the terminology used in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

The embodiment of the application provides a method and a device for identifying abnormal users, electronic equipment and a storage medium. The method for identifying the abnormal user can be applied to the electronic equipment. The electronic device may be a mobile phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, a wearable device, or a server, where the server may be an independent server or a server cluster.

Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.

Referring to fig. 1, fig. 1 is a flowchart of an abnormal user identification method provided in an embodiment of the present application.

As shown in fig. 1, the method for identifying an abnormal user includes steps S1 to S7.

Step S1: based on identity information and authorization information submitted by a target user, credit information of the target user is obtained, and feature extraction is performed on the credit information so as to obtain credit features of the target user.

The credit information is information for evaluating the credit rating of the user, and includes any one of credit information acquired from a bank, user credit behavior information acquired from a third party database, and user loan information recorded from a database built by itself. Each credit data in the credit information has a data attribute, for example, the credit information is described as an example, and the credit information includes a plurality of attribute data such as income level data, education level data, bank card data, credit card data, repayment record data, guarantor data, property handling data, house loan, car loan, and learning-aid loan.

Upon receipt of a target user financial service request, credit information corresponding to the target user is obtained based on identity information and authorization information submitted by the target user, and credit features are extracted from the credit information, wherein each attribute data in the credit information corresponds to a credit feature.

Step S2: and inputting the credit characteristics into a preset credit evaluation model to obtain the risk coefficient of the target user.

The credit evaluation model is a machine model which is trained in advance and is used for extracting features by utilizing credit information of a user, and after N credit features converted by the credit information are acquired, the N credit features are input into the preset credit evaluation model, so that a preliminary risk evaluation result of the user is obtained. For example, the credit evaluation model is processed by adopting a binning algorithm with the maximum K-S value to obtain binning result features, wherein N is the total number of credit features and is a positive integer.

The binning algorithm has various processing modes, and in the embodiment, the binning algorithm with the largest K-S value is adopted for processing the credit characteristics, so that the risk assessment result of the user can be more accurately distinguished from the risk coefficient of the user.

Step S3: and when the risk coefficient of the target user is smaller than a preset risk coefficient, acquiring current application information and historical application information of the target user according to the identity information.

For example, when the risk coefficient of the user is greater than or equal to the preset risk coefficient, it indicates that the current user is an abnormal user, and the financial service request can be directly refused. When the risk coefficient of the user is smaller than the preset risk coefficient, the sign of the user can not judge whether the user is related to team fraud temporarily, and further risk elimination is needed, and then the current application information and the historical application information of the user are called from the database according to the identity information of the user.

The current application information comprises at least one of a current application time, a current contact address, a current contact phone, device information of a current mobile device and a current reserved contact phone, wherein the current contact address comprises a current residence address and a current unit address, and the device information of the current mobile device comprises IP information and GPS information of the currently used mobile device.

The historical application information comprises at least one of historical application time, historical contact addresses, historical contact phones, device information of historical mobile devices and historical reserved contact phones, wherein the historical contact addresses comprise historical residence addresses and historical unit addresses, and the device information of the historical mobile devices comprises IP information and GPS information of the mobile devices used in the history.

Step S4: acquiring first-degree association user information, second-degree association user information and third-degree association user information associated with the target user according to the current application information and the historical application information, wherein the first-degree association user information is user information corresponding to a first-degree association user directly associated with at least one of the current application information or the historical application information, the second-degree association user information is user information corresponding to a second-degree association user directly associated with the first-degree association user information, and the third-degree association user information is user information corresponding to a third-degree association user directly associated with the second-degree association user information.

In some embodiments, the obtaining the first-degree associated user information, the second-degree associated user information, and the third-degree associated user information associated with the target user according to the current application information and the historical application information includes:

acquiring current first-degree associated user information matched with the current application information according to the current application information corresponding to the target user;

acquiring current secondary related user information matched with the current primary related user information according to the current primary related user information, and acquiring current tertiary related user information matched with the current secondary related user information according to the current secondary related user information;

Acquiring history once-associated user information matched with the history application information according to the history application information corresponding to the target user;

acquiring historical secondary correlation user information matched with the historical primary correlation user information according to the historical primary correlation user information, and acquiring historical tertiary correlation user information matched with the historical secondary correlation user information according to the historical secondary correlation user information;

determining first-degree associated user information associated with the target user according to the current first-degree associated user information and the historical first-degree associated user information;

determining secondary associated user information associated with the target user according to the current secondary associated user information and the historical secondary associated user information;

and determining three-degree associated user information associated with the target user according to the current three-degree associated user information and the historical three-degree associated user information.

In some embodiments, the obtaining, according to the current application information corresponding to the target user, current first-degree associated user information matched with the current application information includes:

acquiring user information corresponding to a matched user with the current application information, wherein the information matching degree of the user information and the current application information exceeds a preset value, from a database according to the current application information of the target user, and at least one of user credit information, user contact telephone, user contact address and equipment information of mobile equipment used by the user;

And taking the user information of the matched user as the current once-associated user information of the target user.

In some embodiments, the obtaining, according to the historical application information corresponding to the target user, historical once-associated user information matched with the historical application information includes:

acquiring user information corresponding to a matched user with the current application information, of which the information matching degree exceeds a preset value, from a database according to the current application information of the target user, wherein the user information comprises a user contact phone, a user contact address and equipment information of mobile equipment used by the user;

Illustratively, the current first-degree associated user directly associated with the target user is determined according to the current contact address of the target user, the current contact telephone, the device information of the current mobile device, the current reserved contact telephone and the like. And determining a user group directly related to the current first-degree related user according to the contact address, the contact telephone, the equipment information of the mobile equipment and the reserved contact telephone corresponding to the current first-degree related user, and removing the target user from the user group to obtain the current second-degree related user. And determining a user group directly related to the current secondary related user according to the contact address, the contact telephone, the equipment information of the mobile equipment and the reserved contact telephone of the current secondary related user, and removing the current primary related user from the user group to obtain the current tertiary related user. Wherein, the directly associated users refer to the same users of at least one of contact addresses, contact phones, device information of mobile devices and reserved contact phones.

Similarly, the history once-associated user directly associated with the target user is determined according to the history application information such as the history contact address, the history contact telephone, the equipment information of the history mobile equipment, the history reserved contact telephone and the like of the target user. And determining a user group directly related to the history primary related user according to the contact address, the contact telephone, the equipment information of the mobile equipment and the reserved contact telephone corresponding to the history primary related user, and removing the target user from the user group to obtain the history secondary related user. And determining a user group directly related to the history secondary related user according to the contact address, the contact telephone, the equipment information of the mobile equipment and the reserved contact telephone of the history secondary related user, and eliminating the history primary related user from the user group to obtain the history tertiary related user.

And performing de-duplication processing on the current first-degree associated user and the historical first-degree associated user, namely performing similarity matching on the current first-degree associated user and the historical first-degree associated user, and retaining any one of the current first-degree associated user and the historical first-degree associated user when the similarity value exceeds a preset value so as to acquire the first-degree associated user of the target user. And performing de-duplication processing on the current secondary correlation user and the historical secondary correlation user to acquire the secondary correlation user of the target user. And performing de-duplication processing on the current three-degree associated user and the historical one-degree associated user to acquire the three-degree associated user of the target user.

As shown in fig. 2, a target user a and a user B have a common contact phone 1, a target user a and a user C have a common contact phone 2 and a common contact address 1, and then the user B and the user C are once associated users of the target user a. The target user a and the primary association user B, C are associated by mapping the common contact telephone 1 to the technical label 1, mapping the common contact telephone 2 to the technical label 2.

If the user B and the user D have a common contact phone 3 and a common contact address 2, the user D is a direct associated user of the user B, that is, a secondary associated user of the target user a. The target user a and the secondary associated user D are associated by mapping the common contact telephone 3 to the technical label 3, the common contact address 2 to the technical label 4.

If the user C and the user E have a common contact phone 4, the user E is a direct associated user of the user C, that is, a secondary associated user of the target user a. The common contact telephone 4 is mapped to a technical label 5, and the target user A and the secondary association user E are associated.

And the user D and the user F, and the user E and the user F have the common contact telephone 5, and the user F is a direct association user of the user D and the user E, namely a three-degree association user of the target user A. The common contact telephone 5 is mapped to a technical label 6, and the target user A and the third-degree associated user F are associated.

Step S5: and dividing the association level between the target user and any one of the first-degree association user, the second-degree association user and the third-degree association user according to the information matching degree of the user information of the target user and any one of the first-degree association user information, the second-degree association user information and the third-degree association user information.

Illustratively, the user information includes at least one of a user contact phone, a user contact address, device information of a mobile device used by the user, and credit information of the user.

And performing similarity matching on information related to user attributes, such as corresponding user contact phones, user contact addresses, equipment information of mobile equipment used by users and the like, in the user information as matching features, acquiring a first information matching degree value between the user information corresponding to the target user and the user information corresponding to the first-degree associated user, acquiring a second information matching degree value between the user information corresponding to the target user and the user information corresponding to the second-degree associated user, and acquiring a third information matching degree value between the user information corresponding to the target user and the user information corresponding to the third-degree associated user.

And arranging the first information matching degree value, the second information matching degree value and the third information matching degree value in a descending order according to the numerical value, and carrying out association grading according to the area where the matching degree value is located.

In this embodiment, three-level classification of the associated users is taken as an example to explain, for example, the associated user corresponding to the matching degree value of 30% before the ranking is used as a first-level associated user, the associated user corresponding to the matching degree value of 30% after the ranking is used as a third-level associated user, and the other associated users are second-level associated users. The association degree of the first-level association user and the target user is higher than that of the second-level association user, and the association degree of the second-level association user and the target user is higher than that of the third-level association user.

Step S6: classifying the first-degree associated user, the second-degree associated user and the third-degree associated user according to the association levels, and constructing a user relationship network of the target user according to classification results, wherein the user relationship network comprises a plurality of associated user groups with different association levels, and each associated user group comprises a plurality of associated user nodes.

In some embodiments, the classifying the first degree associated user, the second degree associated user, and the third degree associated user according to the association level, and constructing the user relationship network of the target user according to the classification result includes:

classifying the first-degree associated user, the second-degree associated user and the third-degree associated user according to the association levels to obtain a plurality of associated user groups, wherein each associated user group has different association levels, each associated user group comprises a plurality of associated user nodes, and each associated user node records negative credit information, user information and association level information of the corresponding associated user;

Acquiring a negative credit time point corresponding to negative credit information of a corresponding associated user in the associated user nodes, and eliminating associated user nodes corresponding to the associated users of which the negative credit time point is smaller than a preset time point;

updating the associated user nodes to form a user relationship network of the target user.

Referring to fig. 3, illustratively, the first-degree associated user, the second-degree associated user, and the third-degree associated user are re-classified according to the matching degree of the information between the associated user and the target user, so that an associated user group with the matching degree of the information of the target user in different class intervals can be obtained, and the contribution of different user classes to judging whether the target user is an abnormal user is different.

Based on the fact that the association degree of the first-level association user in the first-level association user group and the target user is higher than that of the second-level association user in the second-level association user group, the association degree of the second-level association user in the second-level association user group and the target user is higher than that of the third-level association user in the third-level association user group, the relation closeness probability of the first-level association user and the target user is higher than that of the second-level association user and the same reason, and the relation closeness probability of the second-level association user and the target user is higher than that of the third-level association user.

Therefore, the accuracy of evaluating whether the target user is the abnormal user is higher than that of the second-level associated user through the user information of the first-level associated user, and the accuracy of evaluating whether the target user is the abnormal user is higher than that of the third-level associated user through the user information of the second-level associated user.

After the first-degree associated user, the second-degree associated user and the third-degree associated user are re-classified to obtain the associated user groups in different level intervals, a user relationship network corresponding to the target user is preliminarily formed by a plurality of associated user groups in different levels, wherein each associated user group comprises a plurality of associated users in the same level, each associated user serves as an associated user node in the user relationship network of the target user, and each associated user node records negative credit information, user information and associated level information of the corresponding associated user. By acquiring node information of the corresponding user nodes, whether the target user is an abnormal user or not can be clustered and analyzed.

However, the user nodes corresponding to the initially constructed user relationship network may be invalid nodes, and the user information corresponding to the nodes is invalid user information, so that in order to increase the efficiency and accuracy of data analysis, the data needs to be removed.

In this embodiment, the relevant user information is sorted and removed through a time axis in which an event occurs in the corresponding information, specifically, a negative credit time point corresponding to negative credit information of a corresponding associated user in the associated user nodes is obtained, and a user node corresponding to the associated user in which the negative credit time point is smaller than a preset time point is removed.

As shown in fig. 3, after the first-degree associated user, the second-degree associated user and the third-degree associated user are re-classified, three associated user groups with different grades are obtained, wherein the associated user group X is a first-level associated user group, the associated user group Y is a second-level associated user group, and the associated user group Z is a third-level associated user group.

Step S7: and acquiring node data corresponding to each associated user node in the user relation network, and acquiring a classification result of the target user by utilizing the node data and a preset user classification model.

The node data comprises at least one of the number of nodes of the associated user nodes in each associated user group, the corresponding association level of each associated user node, the type of negative credit information of the associated user corresponding to each associated user node, the number of negative credit information of the associated user corresponding to each associated user node, the negative credit time points corresponding to the negative credit information of the associated user, and the time difference between the corresponding negative credit time points in the same associated user group.

In some embodiments, the obtaining the classification result of the target user by using the node data and a preset user classification model includes:

converting the node number of the associated user nodes in each associated user group into a first derivative characteristic;

converting the corresponding association level of each associated user node into a second derived feature;

converting the negative credit information type of the associated user corresponding to each associated user node into a third derivative characteristic;

Converting the number of negative credit information of the associated user corresponding to each associated user node into a fourth derivative characteristic;

converting negative credit time points corresponding to the negative credit information of the corresponding associated user into a fifth derivative feature;

converting the time difference between corresponding negative credit time points in the same associated user group into a sixth derivative feature;

inputting the first derivative feature, the second derivative feature, the third derivative feature, the fourth derivative feature, the fifth derivative feature and the sixth derivative feature into a preset user classification model, so as to obtain a classification result of the target user.

By taking the number of nodes of the associated user nodes in each associated user group, the corresponding association level of each associated user node, the negative credit information type of the associated user corresponding to each associated user node, the number of negative credit information of the associated user corresponding to each associated user node, the negative credit time points corresponding to the negative credit information of the associated user, the time difference between the corresponding negative credit time points in the same associated user group and other relational data as features, the feature data associated with the target user can be obtained more comprehensively, and the feature data is input into a preset XGBoost model for user classification evaluation, so that whether the target user is an abnormal user can be analyzed more accurately.

Specifically, the number of nodes is the number corresponding to the associated users in the user group, the credit information of each associated user in each associated node comprises positive credit information and negative credit information, the negative credit information can assist in analyzing whether the target user is an abnormal user or not, the negative credit information has different negative information types, the contributions of the different negative information types to the analysis whether the target user is the abnormal user are different, for example, the negative information is that the credit card pays for an over period, and the negative information is that the user is blacklisted in a third party platform, and the negative information and the positive credit information have obvious different reference values. Different types of negative information can be extracted into different characteristic data, and user negative information data corresponding to an associated user associated with the target user is collected in a multi-dimensional mode, so that whether the target user is an abnormal user can be analyzed more accurately.

Further, the time corresponding to the negative information is different, the frequency of occurrence of the negative information in unit time is also different, and the reference value is also different, for example, the target user has a plurality of repayment anomalies on the credit card before one year, the credit card repayment is normal now, the target user is indicated to be possibly and temporarily inflexible in funds before one year, and the target user is indicated to be an abnormal user with lower probability.

And the target user hits the credit blacklist for many times in the recent period, so that the target user is indicated to be an abnormal user with high possibility.

Through carrying out association grade division on the target users to form association user groups with different grades, through extracting corresponding user node piece data in the association user groups with different association grades, and inputting the data into a preset XGBoost classification model, whether the target users are abnormal users or not can be more accurately analyzed by utilizing an XGBoost classification algorithm.

The XGBoost model is a classification model which is obtained by training node data corresponding to each user node based on an XGBoost classification algorithm.

Referring to fig. 4, an apparatus 10 for evaluating quality of service is further provided according to an embodiment of the present application, which includes:

the feature acquisition module 101 is configured to acquire credit information of a target user based on identity information and authorization information submitted by the target user, and perform feature extraction on the credit information to acquire credit features of the target user;

the risk assessment module 102 is configured to input the credit feature into a preset credit assessment model, so as to obtain a risk coefficient of the target user;

the information obtaining module 103 is configured to obtain current application information and historical application information of the target user according to the identity information when the risk coefficient of the target user is less than a preset risk coefficient;

The information association module 104 is configured to obtain first-degree associated user information, second-degree associated user information, and third-degree associated user information associated with the target user according to the current application information and the historical application information, where the first-degree associated user information is user information corresponding to a first-degree associated user directly associated with at least one of the current application information and the historical application information, the second-degree associated user information is user information corresponding to a second-degree associated user directly associated with the first-degree associated user information, and the third-degree associated user information is user information corresponding to a third-degree associated user directly associated with the second-degree associated user information;

the association analysis module 105 is configured to divide association levels between the target user and any one of the first-degree association user, the second-degree association user and the third-degree association user according to information matching degrees of the user information of the target user and any one of the first-degree association user information, the second-degree association user information and the third-degree association user information;

the network construction module 106 is configured to classify the first-degree associated user, the second-degree associated user, and the third-degree associated user according to the association level, and construct a user relationship network of the target user according to a classification result, where the user relationship network includes a plurality of associated user groups with different association levels, and each associated user group includes a plurality of associated user nodes;

The user classification module 107 is configured to obtain node data corresponding to each associated user node in the user relationship network, and obtain a classification result of the target user by using the node data and a preset user classification model.

In some embodiments, the current application information includes at least one of a current application time, a current unit address, a current residence address, a current contact phone, device information of a current mobile device, a current reserved contact phone;

the historical application information comprises at least one of historical application time, historical unit address, historical residence address, historical contact telephone, device information of historical mobile device and historical reserved contact telephone.

In some embodiments, the information association module 104, when acquiring the first-degree associated user information, the second-degree associated user information, and the third-degree associated user information associated with the target user according to the current application information and the historical application information, includes:

In some embodiments, when acquiring the current first-degree associated user information matched with the current application information according to the current application information corresponding to the target user, the information association module 104 includes:

acquiring user information corresponding to a matched user with the current application information, of which the information matching degree exceeds a preset value, from a database according to the current application information of the target user, wherein the user information comprises at least one of user credit information, user contact telephone, user contact address and equipment information of mobile equipment used by the user;

In some embodiments, when classifying the first degree associated user, the second degree associated user, and the third degree associated user according to the association level, the network construction module 106 constructs the user relationship network of the target user according to the classification result, including:

In some embodiments, the node data includes at least one of a number of nodes of associated user nodes in each of the associated user groups, a corresponding association level of each associated user node, a type of negative credit information of associated users corresponding to each associated user node, a number of negative credit information of associated users corresponding to each associated user node, a negative credit time point corresponding to negative credit information of corresponding associated users, and a time difference between corresponding negative credit time points in the same associated user group.

In some embodiments, the user classification module 107, when acquiring the classification result of the target user by using the node data and a preset user classification model, includes:

Referring to fig. 5, fig. 5 is a schematic block diagram of an electronic device according to an embodiment of the present application.

As shown in fig. 5, the electronic device 300 includes a processor 301 and a memory 302, the processor 301 and the memory 302 being connected by a bus 303, such as an I2C (Inter-integrated Circuit) bus.

In particular, the processor 301 is used to provide computing and control capabilities, supporting the operation of the entire server. The processor 301 may be a central processing unit (Central Processing Unit, CPU), the processor 301 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

Specifically, the Memory 302 may be a Flash chip, a Read-Only Memory (ROM) disk, an optical disk, a U-disk, a removable hard disk, or the like.

It will be appreciated by those skilled in the art that the structure shown in fig. 5 is merely a block diagram of a portion of the structure related to the embodiments of the present application and is not limiting of the electronic device to which the embodiments of the present application apply, and that a particular electronic device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

The processor 301 is configured to execute a computer program stored in the memory, and implement any one of the abnormal user identification methods provided in the embodiments of the present application when the computer program is executed.

In some embodiments, the processor 301 is configured to run a computer program stored in a memory and when executing the computer program implement the steps of:

In some embodiments, when acquiring the first-degree associated user information, the second-degree associated user information, and the third-degree associated user information associated with the target user according to the current application information and the historical application information, the processor 301 includes:

In some embodiments, when acquiring current first-degree associated user information matched with the current application information according to the current application information corresponding to the target user, the processor 301 includes:

In some embodiments, when classifying the first degree associated user, the second degree associated user, and the third degree associated user according to the association level, and constructing the user relationship network of the target user according to the classification result, the processor 301 includes:

In some embodiments, when the processor 301 obtains the classification result of the target user by using the node data and a preset user classification model, the method includes:

It should be noted that, for convenience and brevity of description, specific working processes of the electronic device described above may refer to corresponding processes in the foregoing embodiment of the method for identifying abnormal users, which are not described herein again.

The embodiment of the application also provides a storage medium, which is used for computer readable storage, and the storage medium stores one or more programs, and the one or more programs can be executed by one or more processors, so as to implement the steps of the method for identifying any abnormal user provided by the embodiment of the application.

The storage medium may be an internal storage unit of the electronic device of the foregoing embodiment, for example, a hard disk or a memory of the electronic device. The storage medium may also be an external storage device of the electronic device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device.

Those of ordinary skill in the art will appreciate that all or some of the steps, systems, functional modules/units in the apparatus, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware embodiment, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.

It should be understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.

The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments. The foregoing is merely illustrative of the embodiments of the present application, but the scope of the present application is not limited thereto, and any equivalent modifications or substitutions will be apparent to those skilled in the art within the scope of the present application, and these modifications or substitutions are intended to be included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method for identifying an abnormal user, comprising:

2. The identification method of claim 1, wherein the current application information includes at least one of a current application time, a current unit address, a current residence address, a current contact phone, device information of a current mobile device, a current reserved contact phone;

3. The method of identifying as in claim 1, wherein the obtaining first-degree associated user information, second-degree associated user information, and third-degree associated user information associated with the target user based on the current application information and the historical application information comprises:

4. The method of identifying as in claim 3, wherein the obtaining current first-degree associated user information matching the current application information according to the current application information corresponding to the target user comprises:

5. The method for identifying according to any one of claims 1 to 4, wherein classifying the first degree associated user, the second degree associated user, and the third degree associated user according to the association level, and constructing the user relationship network of the target user according to the classification result, comprises:

6. The identification method of any of claims 1-4, wherein the node data comprises at least one of a number of nodes of associated user nodes in each of the associated user groups, a corresponding level of association for each associated user node, a type of negative credit information for associated users corresponding to each associated user node, a number of negative credit information for associated users corresponding to each associated user node, a negative credit time corresponding to negative credit information for associated users, a time difference between corresponding negative credit time points in the same associated user group.

7. The method of identifying as in claim 6, wherein the obtaining the classification result of the target user using the node data and a preset user classification model comprises:

8. An apparatus for evaluating quality of service, comprising:

9. An electronic device comprising a processor, a memory, a computer program stored on the memory and executable by the processor, and a data bus for enabling a connected communication between the processor and the memory, wherein the computer program, when executed by the processor, implements the steps of the evaluation method according to any one of claims 1 to 7.

10. A storage medium for computer-readable storage, characterized in that the storage medium stores one or more programs executable by one or more processors to implement the steps of the evaluation method of any one of claims 1 to 7.