CN114331224B - Real-time business wind control processing method and system based on rule engine - Google Patents

Real-time business wind control processing method and system based on rule engine Download PDF

Info

Publication number
CN114331224B
CN114331224B CN202210217391.7A CN202210217391A CN114331224B CN 114331224 B CN114331224 B CN 114331224B CN 202210217391 A CN202210217391 A CN 202210217391A CN 114331224 B CN114331224 B CN 114331224B
Authority
CN
China
Prior art keywords
risk
suspected
triggered
monitoring
event
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210217391.7A
Other languages
Chinese (zh)
Other versions
CN114331224A (en
Inventor
孙文刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Photon Yuedong Technology Co ltd
Original Assignee
Shenzhen Photon Yuedong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Photon Yuedong Technology Co ltd filed Critical Shenzhen Photon Yuedong Technology Co ltd
Priority to CN202210217391.7A priority Critical patent/CN114331224B/en
Publication of CN114331224A publication Critical patent/CN114331224A/en
Application granted granted Critical
Publication of CN114331224B publication Critical patent/CN114331224B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

The invention relates to the technical field of data processing, in particular to a real-time business wind control processing method and system based on a rule engine. On the basis of detecting that the service event theme of the suspected risk service event is abnormal, whether the target suspected risk service event with abnormal interactive data acquisition exists or not is determined through the risk activation feature and the distribution label of the suspected risk service event in an active state in the cross-border service monitoring log set to be processed, the precision and the integrity of the interactive data of the suspected risk service event are improved under the appointed wind control rule, and the target suspected risk service event with abnormal interactive data acquisition is subjected to targeted interactive data acquisition so as to completely and reliably monitor the possible risks of the target suspected risk service event in the service interaction process. The invention guarantees the quality of the business interaction wind control processing, dynamically compiles and rapidly adjusts the wind control rules in time, and reduces the risk in the cross-border payment business interaction process.

Description

Real-time business wind control processing method and system based on rule engine
Technical Field
The invention relates to the technical field of data processing, in particular to a real-time business wind control processing method and system based on a rule engine.
Background
The continuous development of internet technology makes the processing of financial services more and more intelligent and global. At present, cross-border payment service is one of the most explosive payment service modes, and can break space-time domain limitation, so that service objects around the world are connected, and a more convenient and faster payment ecological chain is established. With the continuous expansion of the scale of the cross-border payment service, the wind control pressure of the cross-border payment service is increased, and how to improve the quality of current service wind control technology by wind control, so as to reduce the generation of service risk of cross-border payment is a technical problem which needs to be solved at present.
Disclosure of Invention
In order to solve the technical problems in the related art, the invention provides a real-time business wind control processing method and system based on a rule engine.
In a first aspect, an embodiment of the present invention provides a real-time service wind control processing method based on a rule engine, which is applied to a service wind control processing system, and the method at least includes: acquiring a cross-border service monitoring log set to be processed, wherein the service monitoring content carries suspected risk service events hitting designated wind control rules; determining x groups of suspected risk service events with triggered monitoring conditions, which are collectively covered by the cross-border service monitoring log to be processed; determining risk activation characteristics of the suspected risk business events of the triggered monitoring conditions relative to the designated wind control rule by combining the persistence monitoring indication of the suspected risk business events of the triggered monitoring conditions on the basis of the abnormal business event theme detection of the suspected risk business events of the x groups of triggered monitoring conditions; determining a distribution label of each suspected risk business event triggering the monitoring condition in a cross-border business monitoring log of the cross-border business monitoring log set to be processed; and determining that abnormal target suspected risk business events exist in interactive data acquisition in the x groups of suspected risk business events triggering the monitoring conditions through the risk activation features and the distribution labels.
Thus, on the basis of the abnormal detection of the business event theme of the suspected risk business event, through the risk activation characteristics and the distribution labels of the suspected risk business events in the cross-border business monitoring log set to be processed, whether the target suspected risk business event with abnormal interactive data acquisition exists or not is determined, the precision and the integrity of acquiring the interactive data of the suspected risk business events under the appointed wind control rule can be improved, therefore, targeted interactive data acquisition is carried out on the target suspected risk business event with abnormal interactive data acquisition so as to completely and reliably monitor the possible risks of the target suspected risk business event in the business interaction process, therefore, the quality of service interaction air control processing can be guaranteed, and the service risk caused by monitoring holes of the target suspected risk service event can be reduced as much as possible.
For some design ideas that can be implemented independently, the determining x sets of suspected risky business events that have triggered monitoring conditions and are included in the to-be-processed cross-border business monitoring log set includes: analyzing a log content set of each suspected risk service event triggered by the conditions to be determined in the cross-border service monitoring logs in the x groups of suspected risk service events triggered by the conditions to be determined in the cross-border service monitoring log set to obtain an analysis result identifier of each suspected risk service event triggered by the conditions to be determined in the cross-border service monitoring logs; performing condition triggering judgment on the suspected risk business events triggered by each condition to be judged according to the analysis result identification to obtain the suspected risk business events carrying the x groups of triggered monitoring conditions with the continuous monitoring indication; wherein the to-be-processed cross-border service monitoring log is concentrated on the continuous monitoring indication of the discontinuous suspected risk service event under the active period level, and the continuous monitoring indication has a difference.
In this way, different continuous monitoring instructions are marked by the suspected risk service events which are concentrated under the active period level in the cross-border service monitoring log to be processed, so that each suspected risk service event hitting the designated wind control rule can be accurately and quickly determined; meanwhile, on the basis of the continuous monitoring indication of each suspected risk business event hitting the designated wind control rule, the risk activation characteristics and the distribution condition of the suspected risk business event can be mined accurately and reliably, and the reliability of determining the target suspected risk business event on the basis of the risk activation characteristics and the distribution condition in the later period can be improved.
For some design ideas that can be implemented independently, the determining a distribution label of each suspected risky business event that has triggered a monitoring condition in the cross-border business monitoring log of the to-be-processed cross-border business monitoring log set includes: in the cross-border service monitoring log set to be processed, determining an attention content set of each suspected risk service event of the triggered monitoring condition in the cross-border service monitoring log by combining with an analysis result identifier corresponding to each suspected risk service event of the triggered monitoring condition; and determining the distribution label of each suspected risk business event of the triggered monitoring condition in the cross-border business monitoring log according to the priority characteristics of the cross-border business monitoring log and the attention content set of each suspected risk business event of the triggered monitoring condition in the cross-border business monitoring log.
Therefore, the determined suspected risk business events which have triggered the monitoring conditions can be guaranteed to be as accurate as possible in the distribution label of the designated wind control rule, and the completeness and reliability of the content of the related suspected risk business events determined based on the distribution label are improved.
For some design ideas that can be implemented independently, the x sets of suspected risk business events that have triggered the monitoring condition include a suspected risk business event that has triggered the monitoring condition and a suspected risk business event that has triggered the monitoring condition, and the determining, by the risk activation feature and the distribution tag, a target suspected risk business event that has an abnormal interaction data acquisition in the x sets of suspected risk business events that have triggered the monitoring condition includes: determining, in the risk activation features, a first risk activation feature of the suspected risk traffic event of the first triggered monitoring condition and a second risk activation feature of the suspected risk traffic event of the second triggered monitoring condition; determining an activation window period of a first risk activation feature of the suspected risk business event of the first triggered monitoring condition and a second risk activation feature of the suspected risk business event of the second triggered monitoring condition; determining an adaptation index between the distribution label of the suspected risk business event of the first triggered monitoring condition and the distribution label of the suspected risk business event of the second triggered monitoring condition; and determining whether the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are the target suspected risk business event or not according to the activation window period and the adaptation index.
Therefore, on the basis of detecting that the service event theme is abnormal, judging the active window period of x groups of suspected risk service events with triggered monitoring conditions in the cross-border service monitoring log set to be processed and the adaptation indexes of the corresponding distribution labels to determine whether the x groups of suspected risk service events with triggered monitoring conditions are target suspected risk service events with abnormal interactive data acquisition. The method can accurately and reliably detect the content of the suspected risk business event with abnormal interactive data acquisition, and further can improve the precision and the integrity of the interactive data of the suspected risk business event acquired under the appointed wind control rule, so that the targeted interactive data acquisition is carried out on the target suspected risk business event with abnormal interactive data acquisition to completely and reliably monitor the possible risk of the target suspected risk business event in the business interaction process, the quality of business interaction wind control processing can be guaranteed, and the business risk caused by the monitoring vulnerability of the target suspected risk business event can be reduced as much as possible.
For some design considerations that can be implemented independently, the determining, through the activation window period and the adaptation index, whether the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are the target suspected risk business event includes: determining that the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are the same suspected risk business event on the basis that the activation window period is smaller than a first specified judgment value and the adaptation index is larger than a second specified judgment value; and taking the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition as the target suspected risk business event.
Therefore, on the basis of the abnormal detection of the business event theme, the activation window period of the x groups of suspected risk business events with triggered monitoring conditions in the cross-border business monitoring log set to be processed in an active state and the adaptation indexes of the corresponding distribution labels are analyzed based on the preset judgment values, and whether the x groups of suspected risk business events with triggered monitoring conditions are the same suspected risk business events or not is determined, in other words, whether the target suspected risk business events with abnormal conditions are acquired for the interactive data or not is determined, so that the precision and the reliability of acquiring the suspected risk business events with abnormal conditions by detecting the interactive data can be improved.
For some design considerations that can be implemented independently, after the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are taken as the target suspected risk business event, the method further includes: taking a continuous monitoring indication of the suspected risk business event of the first triggered monitoring condition or a continuous monitoring indication of the suspected risk business event of the second triggered monitoring condition as a target continuous monitoring indication of the target suspected risk business event; and updating the continuous monitoring indication of the suspected risk business event of the first triggered monitoring condition and the continuous monitoring indication of the suspected risk business event of the second triggered monitoring condition into the target continuous monitoring indication.
In this way, by determining one of the continuous monitoring indication of the suspected risk business event of the first triggered monitoring condition and the continuous monitoring indication of the suspected risk business event of the second triggered monitoring condition as the target continuous monitoring indication of the target suspected risk business event, in other words, only one continuous monitoring indication is reserved for the target suspected risk business event, the interactive data of the suspected risk business event with abnormal interactive data acquisition can be correlated, and further the accuracy and the integrity of acquiring the interactive data of the suspected risk business event under the designated wind control rule can be improved, so that the targeted interactive data acquisition of the target suspected risk business event with abnormal interactive data acquisition is performed to monitor the risk possibly existing in the business interaction process of the target suspected risk business event completely and reliably, therefore, the quality of service interaction air control processing can be guaranteed, and the service risk caused by monitoring holes of the target suspected risk service event can be reduced as much as possible.
For some design considerations that can be implemented independently, after the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are taken as the target suspected risk business event, the method further includes: determining a second risk activation characteristic and a first risk activation characteristic of the target suspected risk business event through the risk activation characteristic of the suspected risk business event of the first triggered monitoring condition and the risk activation characteristic of the suspected risk business event of the second triggered monitoring condition; determining a risk activation duration value of the target suspected risk business event according to the second risk activation characteristic and the first risk activation characteristic of the target suspected risk business event; and generating wind control guidance content corresponding to the target suspected risk business event based on the designated risk activation duration value and the risk activation characteristics of the target suspected risk business event.
Therefore, the determined risk activation duration value of the suspected risk business event with the abnormal interactive data is obtained and is compared with the designated risk activation duration value for analysis, the wind control guidance content corresponding to the suspected risk business event with the abnormal interactive data is determined, accurate and reliable wind control guidance content can be generated on the premise that the suspected risk business event with the abnormal interactive data is obtained, and the problem of low wind control sensitivity of the suspected risk business event with the abnormal interactive data can be solved.
For some design considerations that can be implemented independently, determining that the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are not the target suspected risk business event on the basis of achieving one of the following requirements includes: a second risk activation feature of the suspected risk business event of the second triggered monitoring condition falls between the second risk activation feature and the first risk activation feature of the suspected risk business event of the first triggered monitoring condition; the adaptation index between the distribution label of the suspected risk business event of the first triggered monitoring condition and the distribution label of the suspected risk business event of the second triggered monitoring condition is not greater than the second specified judgment value; the activation window periods of a first risk activation feature of the suspected risk business event of the first triggered monitoring condition and a second risk activation feature of the suspected risk business event of the second triggered monitoring condition are greater than a third specified judgment value; wherein the third specified determination value is greater than the first specified determination value.
In this way, by describing specific conditions that it is determined that the suspected risk business event of the first triggered monitoring condition is not the same as the suspected risk business event of the second triggered monitoring condition, it can be determined that the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are not the target suspected risk business event, and it can be achieved that the correlation condition of any two groups of suspected risk business events of the triggered monitoring conditions can be detected quickly and accurately.
For some design ideas that can be implemented independently, before determining, by the duration monitoring indication of the suspected risk business event of the triggered monitoring condition, a risk activation characteristic of each suspected risk business event of the triggered monitoring condition with respect to the specified wind control rule based on the fact that there is an abnormality in the business event topic detection of the suspected risk business events of the x sets of triggered monitoring conditions, the method further includes: performing natural language processing on the cross-border service monitoring logs of the cross-border service monitoring log set to be processed by combining the continuous monitoring indication of the suspected risk service event of each triggered monitoring condition, and determining a candidate event topic sequence of the suspected risk service event of each triggered monitoring condition; in the candidate event topic sequence, determining a target business event topic set meeting the requirement of a specified business event topic; and taking the target business event theme with the largest statistical value positioned in the target business event theme set as the business event theme of each suspected risk business event which has triggered the monitoring condition.
Therefore, by detecting and selecting the service event topics of the suspected risk service events stored in the cross-border service monitoring log set, the target service event topic with the largest statistical value is selected from the target service event topic set meeting the requirement of the specified service event topic to serve as the service event topic of the suspected risk service event of each triggered monitoring condition, and the service event topic with higher corresponding precision and reliability of the suspected risk service event of each triggered monitoring condition can be provided.
For some independently implementable design concepts, determining that there is an anomaly detected for the business event topic of the x sets of suspected risky business events that have triggered the monitoring condition based on meeting one of the following requirements comprises: detecting no business event topic of the suspected risk business event of the x groups triggered monitoring conditions; and detecting that the credibility index of the business event theme of the suspected risk business event of the x groups of triggered monitoring conditions is smaller than a fourth specified judgment value.
Therefore, the detection result can be obtained more accurately and quickly by determining the abnormal detection condition and the successful detection condition of the business event theme.
For some design ideas that can be implemented independently, after the target business event topic with the largest statistical value located in the target business event topic set is taken as the business event topic of each suspected risky business event that has triggered the monitoring condition, the method further includes: determining x groups of suspected risk business events carrying the same business event theme in the x groups of suspected risk business events triggering the monitoring conditions by combining the business event themes of the suspected risk business events triggering the monitoring conditions; and taking the x groups of suspected risk business events carrying the same business event theme as the target suspected risk business events.
In this way, by detecting and selecting the service event topics of the suspected risk service events stored in the cross-border service monitoring log in a centralized manner, on the basis of obtaining the service event topics with higher precision and reliability, on the basis of judging whether x groups of suspected risk service events with the same service event topics but different persistence monitoring indications exist on the basis of the service event topics with higher precision and reliability, whether the suspected risk service events with abnormal interactive data acquisition exist is determined, and further, the precision and the integrity of acquiring the interactive data of the suspected risk service events under the designated wind control rule can be improved, so that the targeted interactive data acquisition of the target suspected risk service events with abnormal interactive data acquisition is performed to monitor the possible risks of the target suspected risk service events in the service interaction process completely and reliably, and dynamically compiling and quickly adjusting the wind control rules in time, so that the quality of service interaction wind control processing can be guaranteed, and the service risk caused by monitoring bugs of the target suspected risk service event can be reduced as much as possible.
In a second aspect, the present invention further provides a service wind control processing system, which includes a processor and a memory; the processor is connected with the memory in communication, and the processor is used for reading the computer program from the memory and executing the computer program to realize the method.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
Fig. 1 is a schematic hardware structure diagram of a service wind control processing system according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart of a real-time service wind control processing method based on a rule engine according to an embodiment of the present invention.
Fig. 3 is a schematic communication architecture diagram of an application environment of a real-time service wind control processing method based on a rule engine according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided by the embodiments of the present invention may be executed in a service wind control processing system, a computer device, or a similar computing device. Taking the operation on the service wind control processing system as an example, fig. 1 is a hardware structure block diagram of the service wind control processing system implementing a real-time service wind control processing method based on a rule engine according to an embodiment of the present invention. As shown in fig. 1, the service-controlled processing system 10 may include one or more (only one is shown in fig. 1) processors 102 (the processors 102 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, and optionally, a transmission device 106 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration, and does not limit the structure of the traffic wind control processing system. For example, the traffic-wind processing system 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store computer programs, for example, software programs and modules of application software, such as a computer program corresponding to the method for processing real-time business wind based on a rule engine according to an embodiment of the present invention, and the processor 102 executes various functional applications and data processing by running the computer programs stored in the memory 104, so as to implement the above-mentioned method. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the traffic-gated processing system 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 104 in the embodiment of the present invention can also understand the storage layer placed on the Elasticsearch, the business wind control processing system sends the transaction information of each time to the wind control engine and stores the transaction information in the storage layer of the Elasticsearch, and according to the stored duration transaction and external black and white list data, all rules of cross-over payment can be run out within seconds by means of the fast computing capability of the Elasticsearch, so that the cross-border system is configured on the real-time transaction, the response time of the transaction flow cannot be increased, and the wind control interception in the transaction is realized.
The transmission device 106 is used for receiving or transmitting data via a network. Specific examples of such networks may include wireless networks provided by communication providers of the service-aware processing system 10. In one example, the transmission device 106 includes a Network adapter (NIC), which can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
Based on this, please refer to fig. 2, fig. 2 is a schematic flow chart of a real-time service wind control processing method based on a rule engine according to an embodiment of the present invention, the method is applied to a service wind control processing system, and may further include the technical solutions described below.
Step 21, obtaining a cross-border service monitoring log set to be processed, wherein the service monitoring content carries suspected risk service events hitting designated wind control rules; and determining x groups of suspected risk service events which have triggered monitoring conditions and are covered in the cross-border service monitoring log set to be processed.
In the embodiment of the invention, x is an integer greater than or equal to 2. Further, the designated wind control rules may be specified based on a wind control rules engine of the cross-border bank, such as time period wind control rules, regional wind control rules, payment business object wind control rules, and the like. Suspected risky business events may be understood as business events that may be at risk, including but not limited to payment events for cross-border banks, cross-border business authentication events, cross-border business exception query events, and the like. Further, the to-be-processed cross-border service monitoring log set comprises a plurality of to-be-processed cross-border service monitoring logs. Further, a suspected risk traffic event that has triggered a monitoring condition may be understood as a suspected risk traffic event that has been flagged or tracked. The monitoring conditions may be adaptively adjusted according to the actual cross-border bank card payment service, which will not be further described herein.
In some possible embodiments, the determining of the suspected risky business event that triggers the monitoring condition for the x groups covered in the to-be-processed cross-border business monitoring log set in step 21 may include the technical solutions described in step 211 and step 212.
Step 211, in the cross-border service monitoring log set to be processed, analyzing a log content set of each suspected risk service event triggered by the condition to be determined in the cross-border service monitoring log among the suspected risk service events triggered by the x groups of conditions to be determined to obtain an analysis result identifier of each suspected risk service event triggered by the condition to be determined in the cross-border service monitoring log.
For example, the analysis result identifier of the suspected risk business event triggered by the condition to be determined in the cross-border business monitoring log may be understood as an analysis labeling range or a positioning area of the suspected risk business event triggered by the condition to be determined in the cross-border business monitoring log.
Step 212, performing condition triggering judgment on the suspected risk service event triggered by each condition to be judged according to the analysis result identifier to obtain the suspected risk service event carrying the monitoring condition triggered by the x groups of persistent monitoring instructions.
By way of example, the continuous monitoring indication may be understood as a tracking mark or a tracking annotation. Further, the to-be-processed cross-border traffic monitoring log is concentrated on the continuity monitoring indication of the discontinuous suspected risk traffic event under the level of the active period, and there is a difference.
The method is applied to steps 211-212, and can accurately and quickly determine each suspected risk service event hitting the designated wind control rule by marking different continuous monitoring instructions on the suspected risk service events which are discontinuous and concentrated under the active period level in the cross-border service monitoring log to be processed; meanwhile, on the basis of the continuous monitoring indication of each suspected risk business event hitting the designated wind control rule, the risk activation characteristics and the distribution condition of the suspected risk business event can be mined accurately and reliably, and the reliability of determining the target suspected risk business event on the basis of the risk activation characteristics and the distribution condition in the later period can be improved.
Step 22, on the basis that the service event theme detection of the suspected risk service events of the x groups of triggered monitoring conditions is abnormal, determining the risk activation characteristics of the suspected risk service events of the triggered monitoring conditions relative to the designated wind control rule by combining the persistence monitoring indication of the suspected risk service events of the triggered monitoring conditions.
In the embodiment of the present invention, the service event topic detection failure may be understood as an abnormal condition in the service event topic detection, and further, the risk activation characteristic may be understood as a statistical condition of risk activity in a time plane, for example, a time length of risk activity of a suspected risk service event that has triggered a monitoring condition for the specified wind control rule. In addition, the business event topic can be understood as semantic information or ID information of the suspected risk business event, and is used for classifying and summarizing the suspected risk business event.
In some optional embodiments, before determining, by the monitoring indication of the persistence of the suspected risk business event of the triggered monitoring condition, the risk activation characteristic of each suspected risk business event of the triggered monitoring condition with respect to the specified wind control rule on the basis of the anomaly detected in the business event topic of the suspected risk business event of the x sets of triggered monitoring conditions in step 22, the method may further include the following technical solutions described in steps 31 to 33.
And step 31, performing natural language processing on the cross-border service monitoring logs of the cross-border service monitoring log set to be processed by combining the continuous monitoring indication of the suspected risk service event of each triggered monitoring condition, and determining a candidate event topic sequence of the suspected risk service event of each triggered monitoring condition.
It will be appreciated that the natural language processing may be text recognition processing or semantic parsing processing.
And step 32, determining a target business event topic set meeting the requirements of the specified business event topic in the candidate event topic sequence.
And step 33, taking the target business event topic with the largest statistical value located in the target business event topic set as the business event topic of each suspected risk business event which has triggered the monitoring condition.
It is to be understood that the statistical value being the largest is understood to be the most detected or identified.
On the basis of the steps 31 to 33, it is determined that there is an anomaly in the service event topic detection of the x sets of suspected risky service events that have triggered the monitoring condition on the basis of one of the following requirements.
And claim 1, not detecting the business event theme of the suspected risk business event of the x groups which trigger the monitoring condition.
And 2, detecting that the credibility index of the business event theme of the suspected risk business event of the x groups of triggered monitoring conditions is smaller than a fourth specified judgment value.
Under some design considerations that can be implemented independently, after the target business event topic with the largest statistical value located in the target business event topic set is taken as the business event topic of each suspected risky business event that has triggered the monitoring condition, the method may further include the following steps: determining x groups of suspected risk business events carrying the same business event theme in the x groups of suspected risk business events triggering the monitoring conditions by combining the business event themes of the suspected risk business events triggering the monitoring conditions; and taking the x groups of suspected risk business events carrying the same business event theme as the target suspected risk business events. In this way, by detecting and selecting the service event topics of the suspected risk service events stored in the cross-border service monitoring log in a centralized manner, on the basis of obtaining the service event topics with higher precision and reliability, on the basis of judging whether x groups of suspected risk service events with the same service event topics but different persistence monitoring indications exist on the basis of the service event topics with higher precision and reliability, whether the suspected risk service events with abnormal interactive data acquisition exist is determined, and further, the precision and the integrity of acquiring the interactive data of the suspected risk service events under the designated wind control rule can be improved, so that the targeted interactive data acquisition of the target suspected risk service events with abnormal interactive data acquisition is performed to monitor the possible risks of the target suspected risk service events in the service interaction process completely and reliably, therefore, the quality of service interaction air control processing can be guaranteed, and the service risk caused by monitoring holes of the target suspected risk service event can be reduced as much as possible.
Step 23, determining a distribution label of each suspected risk business event of the triggered monitoring condition in the cross-border business monitoring log of the cross-border business monitoring log set to be processed; and determining that abnormal target suspected risk business events exist in interactive data acquisition in the x groups of suspected risk business events triggering the monitoring conditions through the risk activation features and the distribution labels.
In the embodiment of the present invention, the distribution tag is used to locate the suspected risky business event that has triggered the monitoring condition, for example, the distribution tag may represent which part of the cross-border business monitoring log set that has triggered the monitoring condition is located. Based on the method, the target suspected risk business event with abnormal interactive data acquisition can be accurately determined by combining the risk activation feature and the distribution label. In addition, the target suspected risk business event with abnormal interactive data acquisition can be understood as an event with interruption in tracking and monitoring analysis, and the interruption in tracking and monitoring analysis may cause incomplete interactive data acquisition, so that accurate and reliable wind control analysis and identification processing are difficult to realize. By the technical scheme, the target suspected risk business event with the abnormality can be accurately obtained by positioning the interactive data, and errors caused by wind control analysis and identification of the target suspected risk business event with the abnormality in the interactive data obtaining process are avoided.
Under some possible design considerations, the step 23 of determining the distribution label of each suspected risky business event that has triggered the monitoring condition in the cross-border business monitoring log of the to-be-processed cross-border business monitoring log set may include the technical solutions described in the step 231 and the step 232.
231, in the cross-border service monitoring log set to be processed, determining an attention content set of each suspected risk service event of the triggered monitoring condition in the cross-border service monitoring log by combining with an analysis result identifier corresponding to each suspected risk service event of the triggered monitoring condition.
In the embodiment of the present invention, the attention content set may be understood as a content that needs to be focused on, and may also be understood as an interest content set.
Step 232, determining a distribution label of each suspected risky business event with the triggered monitoring condition in the cross-border business monitoring log according to the priority characteristics of the cross-border business monitoring log and the attention content set of each suspected risky business event with the triggered monitoring condition in the cross-border business monitoring log.
It is understood that, when applied to steps 231 and 232, the determined suspected risk business events that have triggered the monitoring condition can be guaranteed to be as accurate as possible in the distribution label of the designated wind control rule, so as to improve the integrity and reliability of the content of the related suspected risk business events determined based on the distribution label.
In other possible embodiments, the suspected risk traffic events of the x sets of triggered monitoring conditions include a suspected risk traffic event of a first triggered monitoring condition and a suspected risk traffic event of a second triggered monitoring condition. The suspected risk service event of the first triggered monitoring condition and the suspected risk service event of the second triggered monitoring condition may correspond to different suspected risk service events, for example, the suspected risk service events of the triggered monitoring conditions may be understood as different suspected risk service events. Based on this, the step 23 of determining that the target suspected risk business event with abnormal interactive data acquisition exists in the x sets of suspected risk business events triggering the monitoring condition through the risk activation feature and the distribution tag may include the implementation of the technical solutions described in the steps 233 to 236.
Step 233, in the risk activation features, determining a first risk activation feature of the suspected risk business event of the first triggered monitoring condition and a second risk activation feature of the suspected risk business event of the second triggered monitoring condition.
Step 234, determining an activation window period of a first risk activation feature of the suspected risk business event of the first triggered monitoring condition and a second risk activation feature of the suspected risk business event of the second triggered monitoring condition.
By way of example, an activation window period may be understood as a time interval.
Step 235, determining an adaptation index between the distribution label of the suspected risk business event of the first triggered monitoring condition and the distribution label positioning feature of the suspected risk business event of the second triggered monitoring condition.
By way of example, the adaptation index may be understood as coincidence.
Step 236, determining whether the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are the target suspected risk business event according to the activation window period and the adaptation index.
And when the service event theme is detected to be abnormal, determining whether the x groups of suspected risk service events with the triggered monitoring conditions are target suspected risk service events with abnormal occurrence for acquiring the interactive data by judging the active window period of the suspected risk service events with the triggered monitoring conditions in the cross-border service monitoring log set to be processed and the adaptation indexes of the corresponding distribution labels on the basis of detecting the abnormal occurrence of the service event theme in steps 233 to 236. The method can accurately and reliably detect the content of the suspected risk business event with abnormal interactive data acquisition, and further can improve the precision and the integrity of the interactive data of the suspected risk business event acquired under the appointed wind control rule, so that the targeted interactive data acquisition is carried out on the target suspected risk business event with abnormal interactive data acquisition to completely and reliably monitor the possible risk of the target suspected risk business event in the business interaction process, the quality of business interaction wind control processing can be guaranteed, the wind control rule can be timely and dynamically compiled and quickly adjusted, and the business risk caused by the monitoring leak of the target suspected risk business event can be reduced as much as possible.
Under some independently implementable design considerations, the determining whether the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are the target suspected risk business event through the activation window period and the adaptation index described in step 236 may include the following: determining that the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are the same suspected risk business event on the basis that the activation window period is smaller than a first specified judgment value and the adaptation index is larger than a second specified judgment value; and taking the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition as the target suspected risk business event.
Under some design considerations that can be implemented independently, after the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are taken as the target suspected risk business event in the above steps, the method may further include the following steps: taking a continuous monitoring indication of the suspected risk business event of the first triggered monitoring condition or a continuous monitoring indication of the suspected risk business event of the second triggered monitoring condition as a target continuous monitoring indication of the target suspected risk business event; and updating the continuous monitoring indication of the suspected risk business event of the first triggered monitoring condition and the continuous monitoring indication of the suspected risk business event of the second triggered monitoring condition into the target continuous monitoring indication.
Under some design considerations that can be implemented independently, after the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are taken as the target suspected risk business event in the above steps, the method may further include the following steps: determining a second risk activation characteristic and a first risk activation characteristic of the target suspected risk business event through the risk activation characteristic of the suspected risk business event of the first triggered monitoring condition and the risk activation characteristic of the suspected risk business event of the second triggered monitoring condition; determining a risk activation duration value of the target suspected risk business event according to the second risk activation characteristic and the first risk activation characteristic of the target suspected risk business event; and generating wind control guidance content corresponding to the target suspected risk business event based on the designated risk activation duration value and the risk activation characteristics of the target suspected risk business event.
For example, the wind control guidance content may be understood as an alarm message or a wind control processing guidance strategy. Based on the method, the risk activation continuous value of the suspected risk business event with the abnormal interactive data is obtained through the determined interactive data, the risk activation continuous value is compared with the designated risk activation continuous value for analysis, the wind control guidance content corresponding to the suspected risk business event with the abnormal interactive data is determined, accurate and reliable wind control guidance content can be generated on the premise that the suspected risk business event with the abnormal interactive data is obtained, and the problem of low wind control sensitivity of the suspected risk business event with the abnormal interactive data can be solved.
In some examples, the suspected risk traffic event of the first triggered monitoring condition and the suspected risk traffic event of the second triggered monitoring condition are determined not to be target suspected risk traffic events on the basis of one of the following requirements being met.
And a, requiring that the second risk activation characteristic of the suspected risk business event of the second triggered monitoring condition falls between the second risk activation characteristic and the first risk activation characteristic of the suspected risk business event of the first triggered monitoring condition.
B, requiring that the adaptation index between the distribution label of the suspected risk traffic event of the first triggered monitoring condition and the distribution label of the suspected risk traffic event of the second triggered monitoring condition is not greater than the second specified decision value.
C, requiring that the activation window periods of a first risk activation feature of the suspected risk business event of the first triggered monitoring condition and a second risk activation feature of the suspected risk business event of the second triggered monitoring condition are greater than a third specified decision value; wherein the third specified determination value is greater than the first specified determination value.
It should be appreciated that, as applied to the related embodiments described above, the detection of the presence of an anomaly on the subject of a business event of a suspected risky business event may be based on, through the risk activation characteristics and the distribution labels of the suspected risk business events in the cross-border business monitoring log set to be processed, whether the target suspected risk business event with abnormal interactive data acquisition exists or not is determined, the precision and the integrity of acquiring the interactive data of the suspected risk business events under the appointed wind control rule can be improved, therefore, targeted interactive data acquisition is carried out on the target suspected risk business event with abnormal interactive data acquisition so as to completely and reliably monitor the possible risks of the target suspected risk business event in the business interaction process, therefore, the quality of service interaction wind control processing can be guaranteed, and the service risk caused by monitoring leaks of target suspected risk service events can be reduced as much as possible.
Based on the same or similar inventive concepts, as shown in fig. 3, an embodiment of the present invention further provides an architectural diagram of an application environment 30 of a real-time business wind control processing method based on a rule engine, where the application environment includes a business wind control processing system 10 and a cross-border bank client 20 that communicate with each other, and the business wind control processing system 10 and the cross-border bank client 20 implement or partially implement the technical solution described in the above method embodiment when running.
Further, an embodiment of the present invention also provides a readable storage medium, on which a program is stored, and the program, when executed by a processor, implements the method described above.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist alone, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention or a part thereof, which essentially contributes to the prior art, can be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a media service server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (9)

1. A real-time business wind control processing method based on a rule engine is applied to a business wind control processing system, and the method at least comprises the following steps:
acquiring a cross-border service monitoring log set to be processed, wherein the service monitoring content carries suspected risk service events hitting designated wind control rules; determining x groups of suspected risk service events triggering monitoring conditions and covered in the cross-border service monitoring log set to be processed; wherein x is an integer greater than or equal to 2;
determining risk activation characteristics of the suspected risk business events of the triggered monitoring conditions relative to the designated wind control rule by combining the persistence monitoring indication of the suspected risk business events of the triggered monitoring conditions on the basis of the abnormal business event theme detection of the suspected risk business events of the x groups of triggered monitoring conditions; wherein: the risk activation characteristic is a risk activity statistical condition of a time level, and comprises the risk activity duration of a suspected risk service event which triggers a monitoring condition to the specified wind control rule;
determining a distribution label of each suspected risk business event triggering the monitoring condition in a cross-border business monitoring log of the cross-border business monitoring log set to be processed; determining, by the risk activation feature and the distribution label, that the interactive data acquires a target suspected risk business event with abnormality in the x groups of suspected risk business events that have triggered the monitoring condition;
wherein, the x groups of suspected risk business events that have triggered the monitoring condition include a first suspected risk business event that has triggered the monitoring condition and a second suspected risk business event that has triggered the monitoring condition, and the determining, through the risk activation feature and the distribution tag, that the interactive data acquisition has an abnormal target suspected risk business event in the x groups of suspected risk business events that have triggered the monitoring condition includes:
determining, in the risk activation features, a first risk activation feature of the suspected risk traffic event of the first triggered monitoring condition and a second risk activation feature of the suspected risk traffic event of the second triggered monitoring condition;
determining activation window periods of a first risk activation feature of the suspected risk business event of the first triggered monitoring condition and a second risk activation feature of the suspected risk business event of the second triggered monitoring condition;
determining an adaptation index between a distribution label of the suspected risky business event of the first triggered monitoring condition and a distribution label positioning feature of the suspected risky business event of the second triggered monitoring condition;
and determining whether the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are the target suspected risk business event or not according to the activation window period and the adaptation index.
2. The method of claim 1, wherein the determining the suspected risky business event of the x sets of triggered monitoring conditions covered in the set of pending cross-border business monitoring logs comprises:
analyzing a log content set of suspected risk service events triggered by conditions to be determined in cross-border service monitoring logs in x groups of suspected risk service events triggered by conditions to be determined in the cross-border service monitoring logs to obtain analysis result identifiers of the suspected risk service events triggered by the conditions to be determined in the cross-border service monitoring logs;
performing condition triggering judgment on the suspected risk business events triggered by each condition to be judged according to the analysis result identification to obtain the suspected risk business events carrying the x groups of triggered monitoring conditions with the continuous monitoring indication; wherein the to-be-processed cross-border service monitoring log is concentrated on the continuous monitoring indication of the discontinuous suspected risk service event under the active period level, and the continuous monitoring indication has a difference.
3. The method of claim 2, wherein the determining the distribution label of each suspected risky business event of the triggered monitoring condition in the cross-border business monitoring log of the set of pending cross-border business monitoring logs comprises:
in the cross-border service monitoring log set to be processed, determining an attention content set of each suspected risk service event of the triggered monitoring condition in the cross-border service monitoring log by combining with an analysis result identifier corresponding to each suspected risk service event of the triggered monitoring condition;
and determining the distribution label of each suspected risk business event of the triggered monitoring condition in the cross-border business monitoring log according to the priority characteristics of the cross-border business monitoring log and the attention content set of each suspected risk business event of the triggered monitoring condition in the cross-border business monitoring log.
4. The method of claim 1, wherein the determining whether the suspected risk traffic event of the first triggered monitoring condition and the suspected risk traffic event of the second triggered monitoring condition are the target suspected risk traffic event by the activation window period and the adaptation index comprises:
and on the basis that the activation window period is smaller than a first specified judgment value and the adaptation index is larger than a second specified judgment value, determining that the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition are the same suspected risk business event, and taking the suspected risk business event of the first triggered monitoring condition and the suspected risk business event of the second triggered monitoring condition as the target suspected risk business event.
5. The method of claim 4, wherein after the suspected risk traffic event of the first triggered monitoring condition and the suspected risk traffic event of the second triggered monitoring condition are the target suspected risk traffic events, the method further comprises:
taking a continuous monitoring indication of the suspected risk business event of the first triggered monitoring condition or a continuous monitoring indication of the suspected risk business event of the second triggered monitoring condition as a target continuous monitoring indication of the target suspected risk business event;
and updating the continuous monitoring indication of the suspected risk business event of the first triggered monitoring condition and the continuous monitoring indication of the suspected risk business event of the second triggered monitoring condition into the target continuous monitoring indication.
6. The method of claim 5, wherein after the suspected risk traffic event of the first triggered monitoring condition and the suspected risk traffic event of the second triggered monitoring condition are the target suspected risk traffic events, the method further comprises:
determining a second risk activation characteristic and a first risk activation characteristic of the target suspected risk business event through the risk activation characteristic of the suspected risk business event of the first triggered monitoring condition and the risk activation characteristic of the suspected risk business event of the second triggered monitoring condition;
determining a risk activation duration value of the target suspected risk business event according to the second risk activation characteristic and the first risk activation characteristic of the target suspected risk business event;
and generating wind control guidance content corresponding to the target suspected risk business event based on the designated risk activation duration value and the risk activation characteristics of the target suspected risk business event.
7. The method of claim 6, wherein determining that the suspected risk traffic event of the first triggered monitoring condition and the suspected risk traffic event of the second triggered monitoring condition are not target suspected risk traffic events based on one of the following requirements being met comprises:
a second risk activation feature of the suspected risk business event of the second triggered monitoring condition falls between the second risk activation feature and the first risk activation feature of the suspected risk business event of the first triggered monitoring condition;
the adaptation index between the distribution label of the suspected risk business event of the first triggered monitoring condition and the distribution label of the suspected risk business event of the second triggered monitoring condition is not greater than the second specified judgment value;
the activation window periods of a first risk activation feature of the suspected risk business event of the first triggered monitoring condition and a second risk activation feature of the suspected risk business event of the second triggered monitoring condition are greater than a third specified judgment value; wherein the third specified determination value is greater than the first specified determination value.
8. The method of claim 1, wherein on the basis of the abnormal detection of the service event topics of the suspected risk service events of the x groups of triggered monitoring conditions, before determining, by the duration monitoring indication of the suspected risk service events of the triggered monitoring conditions, a risk activation characteristic of each of the suspected risk service events of the triggered monitoring conditions with respect to the designated wind control rule, the method further comprises:
performing natural language processing on the cross-border service monitoring logs of the cross-border service monitoring log set to be processed by combining the continuous monitoring indication of the suspected risk service event of each triggered monitoring condition, and determining a candidate event topic sequence of the suspected risk service event of each triggered monitoring condition;
in the candidate event topic sequence, determining a target business event topic set meeting the requirement of a specified business event topic;
taking the target business event theme with the largest statistical value positioned in the target business event theme set as the business event theme of each suspected risk business event which has triggered the monitoring condition;
wherein, on the basis of meeting one of the following requirements, determining that there is an abnormality in the detection of the business event topic of the x groups of suspected risk business events that have triggered the monitoring condition includes: detecting no business event topic of the suspected risk business event of the x groups triggered monitoring conditions; detecting that the credibility index of the service event theme of the suspected risk service event of the x groups of triggered monitoring conditions is smaller than a fourth specified judgment value;
after the target business event topic with the largest statistical value located in the target business event topic set is used as the business event topic of each suspected risk business event which has triggered the monitoring condition, the method further includes: determining x groups of suspected risk business events carrying the same business event theme in the x groups of suspected risk business events triggering the monitoring conditions by combining the business event themes of the suspected risk business events triggering the monitoring conditions; and taking the x groups of suspected risk business events carrying the same business event theme as the target suspected risk business events.
9. A business wind control processing system is characterized by comprising a processor and a memory; the processor is connected in communication with the memory, and the processor is configured to read the computer program from the memory and execute the computer program to implement the method of any one of claims 1 to 8.
CN202210217391.7A 2022-03-07 2022-03-07 Real-time business wind control processing method and system based on rule engine Active CN114331224B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210217391.7A CN114331224B (en) 2022-03-07 2022-03-07 Real-time business wind control processing method and system based on rule engine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210217391.7A CN114331224B (en) 2022-03-07 2022-03-07 Real-time business wind control processing method and system based on rule engine

Publications (2)

Publication Number Publication Date
CN114331224A CN114331224A (en) 2022-04-12
CN114331224B true CN114331224B (en) 2022-06-07

Family

ID=81031209

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210217391.7A Active CN114331224B (en) 2022-03-07 2022-03-07 Real-time business wind control processing method and system based on rule engine

Country Status (1)

Country Link
CN (1) CN114331224B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115438979B (en) * 2022-09-14 2023-06-09 深圳蔓延科技有限公司 Expert model decision-fused data risk identification method and server

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101714273A (en) * 2009-05-26 2010-05-26 北京银丰新融科技开发有限公司 Rule engine-based method and system for monitoring exceptional service of bank

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8732108B2 (en) * 2010-10-07 2014-05-20 International Business Machines Corporation Rule authoring for events in a grid environment
EP3224776A1 (en) * 2014-11-24 2017-10-04 ZooZ Mobile Ltd. Computerized transaction routing system and methods useful in conjunction therewith
CN110298601A (en) * 2019-07-05 2019-10-01 上海观安信息技术股份有限公司 A kind of real time business air control system of rule-based engine
CN111078757B (en) * 2019-12-19 2023-09-08 武汉极意网络科技有限公司 Autonomous learning business wind control rule engine system and risk assessment method
US20210374756A1 (en) * 2020-05-29 2021-12-02 Mastercard International Incorporated Methods and systems for generating rules for unseen fraud and credit risks using artificial intelligence

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101714273A (en) * 2009-05-26 2010-05-26 北京银丰新融科技开发有限公司 Rule engine-based method and system for monitoring exceptional service of bank

Also Published As

Publication number Publication date
CN114331224A (en) 2022-04-12

Similar Documents

Publication Publication Date Title
CN110443045B (en) Fuzzy test case generation method based on machine learning method
KR101013264B1 (en) Method and system for distinguishing relevant network security threats using comparison of refined intrusion detection audits and intelligent security analysis
EP3566166B1 (en) Management of security vulnerabilities
CN111858242A (en) System log anomaly detection method and device, electronic equipment and storage medium
CN113271237B (en) Industrial control protocol analysis method and device, storage medium and processor
CN114331224B (en) Real-time business wind control processing method and system based on rule engine
CN107168845B (en) Fault positioning method and device
CN112115468B (en) Service information detection method based on big data and cloud computing center
CN115271407B (en) Industrial Internet data processing method and system based on artificial intelligence
CN114036059A (en) Automatic penetration testing system and method for power grid system and computer equipment
CN113918993A (en) User privacy protection method and system based on artificial intelligence
CN113722719A (en) Information generation method and artificial intelligence system for security interception big data analysis
CN114610799A (en) Data processing method and device based on environment monitoring and storage medium
Pavlov et al. Analysis of IDS alert correlation techniques for attacker group recognition in distributed systems
US20230048076A1 (en) Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program
CN110808947A (en) Automatic vulnerability quantitative evaluation method and system
CN115834188A (en) Vulnerability scanning monitoring method and system, electronic equipment and storage medium
Bahaa et al. A Systematic Literature Review on Software Vulnerability Detection Using Machine Learning Approaches
CN113536322A (en) Intelligent contract reentry vulnerability detection method based on countermeasure neural network
CN114168949A (en) Application software anomaly detection method and system applied to artificial intelligence
CN112436969A (en) Internet of things equipment management method, system, equipment and medium
CN113949580A (en) Intrusion detection analysis method combined with cloud computing service and cloud computing system
CN116260640B (en) Information interception control method and system for big data analysis based on artificial intelligence
CN113037714A (en) Network security analysis method based on network big data and block chain financial cloud system
Vadlamudi et al. An Analysis of the Effectiveness of the Naive Bayes Algorithm and the Support Vector Machine for Detecting Fake News on Social Media

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant