WO2020119284A1 - Method and device for determining risk of user access - Google Patents

Abstract

A method and device for determining a risk of user access. The method comprises: acquiring first registration assessment information when a user applies for a first user identity on an access platform (102); acquiring second registration assessment information and behavior assessment information related to a second user identity of the user in a specified application (104); and determining, according to the first registration assessment information, the second registration assessment information and the behavior assessment information, risk assessment information of the user when assuming the first user identity on the access platform (106). The invention resolves the issue of inaccurate risk assessment with respect to business users due to a limited amount of data at the time of business user registration, improves accuracy when assessing the risk of business user access, and further enhances the security of online transactions.

Description

Method and device for determining risk of user access Technical field

This specification belongs to the technical field of risk assessment, and in particular relates to a method and device for determining the risk of user access.

Background technique

With the advancement of technology, more and more online platforms have become the users' choices for shopping and consumption. The user needs to register the merchant on the network platform, and the network platform is evaluated and allowed to enter before the user can become the merchant of the network platform. The merchant access system is the first threshold in the process of merchant expansion and operation. The access time for the merchant itself is limited, which is a cold start problem.

In the prior art, the risk assessment for merchant access is usually based on the data at the time of registration of the merchant, which is often limited by the scarce features of the data available at the time of access, and the accuracy of risk identification for merchant access is relatively low.

Summary of the invention

The purpose of this specification is to provide a method and device for determining the risk of user access, which solves the problem of low accuracy of risk identification for merchant access.

On the one hand, the embodiments of the present specification provide a method for determining the risk of user access, including:

Obtain the first registration evaluation information when the user requests to be the identity of the first user in the access platform;

Obtain the second registration evaluation information and behavior evaluation information of the user as the second user identity in the designated application;

According to the first registration evaluation information, the second registration evaluation information, and the behavior evaluation information, it is determined that the user is the risk evaluation information of the identity of the first user in the access platform.

On the other hand, this specification provides a risk determination device for user access, including:

The first evaluation information acquisition module is used to obtain the first registration evaluation information when the user requests to be the identity of the first user in the access platform;

A second evaluation information obtaining module, configured to obtain second registration evaluation information and behavior evaluation information when the user is identified as the second user in the designated application;

The admission risk assessment module is used to determine the risk that the user is the identity of the first user on the admission platform based on the first registration assessment information, the second registration assessment information, and the behavior assessment information Evaluation information.

In still another aspect, this specification provides a risk determination processing device for user access, including: at least one processor and a memory for storing processor-executable instructions, which are implemented in the embodiments of the specification when the processor executes the instructions The method of determining the risk of user access.

In another aspect, this specification provides a risk determination system for user access, including at least one processor and a memory for storing processor-executable instructions, which are implemented in the embodiments of the specification when the processor executes the instructions The method of determining the risk of user access.

The method, device, processing equipment, and system for determining the risk of user access provided in this manual use the second registration evaluation information and behavior evaluation information when the user performs the user registration before the merchant registration, combined with the user’s second registration evaluation information when performing the merchant registration. 1. Register the assessment information to comprehensively determine the risk assessment information for merchants to enter. It avoids the problem that the amount of data at the time of merchant registration is relatively small, resulting in inaccurate merchant access risk assessment results, improves the accuracy of merchant access risk assessment, and further improves the security of online transactions.

BRIEF DESCRIPTION

In order to more clearly explain the embodiments of the specification or the technical solutions in the prior art, the following will briefly introduce the drawings required in the embodiments or the description of the prior art. Obviously, the drawings in the following description are only These are some of the embodiments described in this specification. For those of ordinary skill in the art, without paying any creative labor, other drawings can also be obtained based on these drawings.

FIG. 1 is a schematic flowchart of a risk determination method for user access in an embodiment of this specification;

FIG. 2 is a schematic diagram of a framework for merchant access risk assessment in an embodiment of this specification;

FIG. 3 is a schematic diagram of the risk assessment involved in merchant access in the embodiment of this specification;

4 is a schematic diagram of a module structure of an embodiment of a risk determination device for user access provided in this specification;

FIG. 5 is a block diagram of the hardware structure of the risk determination server for user access applying the embodiment of the present application.

detailed description

In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be described clearly and completely in conjunction with the drawings in the embodiments of this specification. Obviously, the described The embodiments are only a part of the embodiments of this specification, but not all the embodiments. Based on the embodiments in this specification, all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of this specification.

With the development of computer and Internet technologies, more and more users use online platforms to conduct transactions. At the same time, more and more merchants register on the online platform and settle in various online platforms to realize online sales. The online platform needs to conduct a risk assessment for the merchants that are allowed to enter, and may need to refuse entry for the merchants with higher risks to improve the security of online transactions. The process for a merchant to register as a user of an online platform is usually as follows: a user who first registers as an online platform performs user registration, and then performs merchant registration. After successful registration, the merchant becomes an online platform merchant.

The embodiment of this specification provides a method for determining the risk of user access, which is mainly aimed at evaluating the risk of the user as a merchant identity when registering the merchant on the network platform. Using the user registration information when the user performs user registration and the behavior information in the platform after the user registration, combined with the merchant registration information when the user is converted to a merchant, the risk assessment information for merchant access is comprehensively determined. The user registration data, user behavior data, and merchant registration data are used to achieve accurate assessment of merchant access risk, and to solve the problem that the amount of data at the moment of merchant registration is small, making the risk assessment inaccurate.

The risk determination method for user access in this manual can be applied to clients or servers. Clients can be smartphones, tablets, smart wearable devices (smart watches, virtual reality glasses, virtual reality helmets, etc.), smart vehicle equipment And other electronic equipment.

Specifically, FIG. 1 is a schematic flowchart of a user admission risk determination method in an embodiment of this specification. As shown in FIG. 1, the overall process of a user admission risk determination method provided in an embodiment of this specification may include:

Step 102: Obtain first registration evaluation information when the user requests to be the first user identity in the access platform.

In the specific implementation process, the access platform may represent the network platform where the merchant is ready to register, and may be a server, a trading system, a trading client, etc. When a merchant enters the network platform, he must first register as a user of the network platform. In this embodiment of the specification, the merchant is regarded as the first user identity and the user is regarded as the second user identity. The merchant in the following embodiments can be equivalent to the first One user identity, the user can be equal to the second user identity.

The user's request as the first user identity in the access platform can be understood as the user performing merchant registration in the access platform. This embodiment of the specification can obtain the merchant registration information that is registered at the merchant side of the access platform when the user is converted into a merchant, that is, the first registration evaluation information, and the first registration evaluation information can indicate that the system is capable of registering the merchant when the user is converted to the merchant. The information obtained includes: merchant identity, behavior information during registration, equipment information, fund information, etc. In one embodiment of this specification, the first registration evaluation information may include: at least one of identity information, registration behavior information, device information, environment information, conflict information, and relationship information. Among them, the identity information may represent information such as the merchant identity, merchant name, shop name, merchandise name sold, merchant location, etc. provided at the time of merchant registration. The registration behavior information can represent the user's operation behaviors such as: mouse click behavior, copy and paste behavior when entering a business name or password, keyboard typing behavior, etc. The above behavior information can be obtained through device monitoring. The device information may represent the identification information of the device used when registering the merchant, and so on. The environment information may represent the network environment information when the merchant registers, such as: whether the connected network is a wired network or a wireless network, network name, network address and other information. The conflict information can represent the time or geographic conflict information that occurred when the merchant registered, for example, if the user's location was acquired in Shanghai before 1 second and in Beijing after 1 second based on the device identification or network address during user registration , It can be considered that the behavior is a conflict behavior, there may be risks, which can be used as conflict information. The relationship information can represent the user's relationship network information, such as: merchant information that has dealt with the user, user information that has chatted with the user, and contact information obtained from the user's address book with the authorization of the user.

Step 104: Obtain the second registration evaluation information and behavior evaluation information of the user as the second user identity in the designated application.

The user needs to register as a user of the access platform before registering the merchant in the access platform. The user acts as the second user identity in the designated application, which can be understood as the user registering the user in the designated application. The embodiment of the present specification can obtain second registration evaluation information and behavior evaluation information when the user is the second user identity in the designated application, that is, the user identity. The specified application in this embodiment of the specification may be an admission platform, or an application, system, or platform associated with the admission platform. For example, if the online transaction platform A is associated with the payment platform B, the user is registered as When conducting a risk assessment, the merchant of the online trading platform A can obtain the second registration assessment information and behavior assessment information when the user is registered as a user of the online trading platform A, and can also obtain the second registration assessment information when the user is registered as a user on the payment platform B Register assessment information and behavior assessment information.

The second registration evaluation information may include information such as user name, identity, age, gender, contact information, and of course, other information. In an embodiment of the present specification, the second registration evaluation information may include: at least one of relationship information, media information, registration behavior information, conflict information, and identity information. Among them, the relationship information may represent the user's relationship network information, such as: merchant information that has had a transaction with the user, user information that has a chat record with the user, and obtaining contact information on the user's address book under the authorization of the user. The media information may indicate the media or device used during user registration, such as the wifi network connected during user registration and the identification of the device terminal used. The registration behavior information can represent the operation behavior of the user when registering the user (such as mouse click behavior, copy and paste behavior, keyboard stroke behavior, etc., which can be obtained through the monitoring device), browsing behavior, and registration behavior information can also include The behavior information of the associated user in the network platform obtained according to the obtained relationship information, or the behavior information of the user in other network platforms obtained according to the user ID registered by the user. Conflict information can indicate conflict information that does not match the actual situation at the time or geographic location of the user when registering. For example, if the user's location at the time of registration is obtained in Shanghai, 1 After the second, the location is in Beijing, it can be considered that the behavior is a conflict behavior, there may be risks, which can be used as conflict information; or the user ID of the user is registered or logged in on multiple devices at the same time. The identity information may represent the identity-related information such as the user ID, identity, age, gender, occupation, etc. filled in when the user registers.

After the user registers on the user terminal of the access platform or other designated applications and becomes a user of the access platform or other designated applications, he can perform corresponding operations on the access platform or other designated applications, such as: commodity trading, browsing related products, etc. . The embodiment of the present specification can obtain the user's behavior evaluation information on the user end of the access platform, and the behavior evaluation information may include the user's transaction behavior information and browsing information in the network platform. In one embodiment of this specification, the behavior evaluation information may include at least one of transaction behavior information and operation behavior information, where the operation behavior information may include user browsing information, payment information, product collection information, product attention information, store collection information , Store attention information, etc. According to actual needs, the behavior evaluation information may also include other behavior information, such as: user behavior information associated with the user, etc., which is not specifically limited in the embodiments of this specification.

In the specific implementation process, the operation behavior of the user registered as the admission platform on the admission platform or the application associated with the admission platform may be monitored to obtain behavior evaluation information.

It should be noted that the first registration evaluation information, the second registration evaluation information, and the behavior evaluation information usually correspond to the information of the same user, that is, the information of the same user when registering the merchant, the information of the user registration, the registration becomes Information about the behavior of platform users in the platform. The time of user registration and merchant registration are different, and the data may be updated. If the user performs merchant registration immediately after user registration, some information may also be the same, which can be determined according to the actual situation. The embodiments of this manual are not specific. limited. That is, some information in the first registration evaluation information may be the same as or different from some information in the second registration evaluation information, for example, the identity information and relationship information at the time of merchant registration may be the same as the identity information and The relationship information is the same. Of course, the information may be inconsistent because the registration time is far away, or the information to be filled in between user registration and merchant registration may be different.

Step 106: Determine, according to the first registration evaluation information, the second registration evaluation information, and the behavior evaluation information, the user as risk evaluation information of the identity of the first user on the access platform.

After obtaining the first registration assessment information, the second registration assessment information, and the behavior assessment information, a comprehensive analysis determines the risk assessment information of the user when registering as a merchant in the access platform, which can be understood as the risk assessment information for merchant access . The risk assessment information may indicate the risk probability that the merchant exists. In addition, the embodiment of the specification may determine whether to allow the merchant to enter the admission platform based on the determined risk assessment information of the merchant's admission. For example, if the risk assessment information of the merchant's entry is greater than the risk threshold, the merchant is denied entry, and if the risk assessment information of the merchant's entry is less than the risk threshold, entry is permitted.

For example, if user A wants to enter a certain network platform to become a merchant of the network platform, he can obtain the first registration evaluation information such as identity information, device information, environment information, and relationship information when user A performs the merchant registration. Then obtain the second registration evaluation information when user A performs user registration on the network platform, and user A's behavior evaluation information on the network platform after registering as a user of the network platform, such as: transaction information, payment information, browsing information, Pay attention to information, etc. Based on the obtained first registration evaluation information, second registration evaluation information, and behavior evaluation information, the risk evaluation information of the merchant who becomes the network platform after user A enters the network platform is comprehensively determined. For example, user A's second registration evaluation information can be used as an initial condition, behavior evaluation information can be used as a boundary condition, combined with the first registration evaluation information, a risk evaluation can be performed to determine the access risk evaluation information of user A entering the network platform.

When conducting the risk assessment of merchant access, you can also use the assessment model to input the first registration assessment information, second registration assessment information, and behavior assessment information into the constructed assessment model to determine the risk of merchant entry Evaluation information. It can also be determined by expert experience, risk assessment strategy, etc. The embodiments of this specification are not specifically limited.

It should be noted that the embodiments of the present specification may obtain the second registration evaluation information when the user performs user registration, or may obtain the second registration evaluation information when the user performs merchant registration. Behavior evaluation information can also be used to monitor user behavior in real time after the user registers as a user of the access platform to determine the behavior evaluation information, or when the user is registered as an access platform merchant and needs to perform access risk assessment, then obtain the user The behavior evaluation information can be selected according to the actual situation, and the embodiment of this specification is not specifically limited.

The method for determining the risk of user access provided in the embodiments of the present specification uses the user registration information before the merchant registration, that is, the second registration evaluation information and behavior evaluation information, combined with the user's first registration evaluation information when performing the merchant registration, Comprehensively determine the risk assessment information for merchant access. It avoids the problem that the amount of data at the time of merchant registration is relatively small, resulting in inaccurate merchant access risk assessment results, improves the accuracy of merchant access risk assessment, and further improves the security of online transactions.

Based on the above embodiment, in one embodiment of the present specification, the second registration evaluation information may include: based on the relationship information, the medium information, the registration behavior information, the conflict information, the identity At least one of the information uses the user registration score determined by the constructed user registration risk assessment model.

In the specific implementation process, after obtaining the user registration information, that is, the second registration evaluation information when the user is registered as the user of the specified application on the user side, the historical data can be used to construct the user registration risk assessment model and the user registration risk assessment model Determine the user registration score based on the obtained user registration information. Alternatively, a priori knowledge, expert experience, evaluation strategy, etc. may be used to determine the user registration score, and a suitable method may be selected according to actual needs. The embodiments of this specification are not specifically limited.

For example, user registration related information such as relationship information, media information, registration behavior information, conflict information, and identity information during registration of multiple historical users can be obtained. For details, reference may be made to the records of the foregoing embodiments, and details are not described here. Through the analysis of historical user's relationship network, anomaly detection, behavior sequence analysis, etc., using the historical user's user registration related information for model training, a user registration risk assessment model is constructed. To evaluate the user registration information of a new user, the user registration related information of the user can be input to the user registration risk assessment model to determine the user registration score of the user. The method for constructing model training may use supervised model training, unsupervised model training, or other model training methods, which are not specifically limited in the embodiments of this specification.

In the embodiment of the present specification, the user registration score is determined by using the relevant information when the user performs user registration on the designated application, and the user registration score may represent the risk that the user exists on the designated application as the second user. The risk assessment result of the user identity is usually related to the risk assessment result of the merchant. The risk assessment score of the user identity is used as one of the risk assessment criteria for merchant access, which increases the data reference amount of the merchant access risk assessment. To avoid the problem of inadequate data volume affecting the results of merchant access risk assessment and improve the accuracy of merchant access risk assessment results.

Based on the above embodiment, in one embodiment of the present specification, the behavior evaluation information may include: based on at least one of the transaction behavior information and the operation behavior information, determined by using the constructed behavior evaluation model User behavior score.

In the specific implementation process, historical data can be used to construct a behavior evaluation model, and the behavior evaluation model and the obtained behavior-related information such as the transaction behavior information and operation behavior information in the above embodiments can be used to determine the user behavior score. Alternatively, a priori knowledge, expert experience, evaluation strategies, etc. may be used to determine the user behavior score, and a suitable method may be selected according to actual needs, which is not specifically limited in the embodiments of this specification.

For example, it is possible to obtain behavior-related information after multiple historical users are registered as users of the network platform, and to construct behavior evaluation models by analyzing historical user behavior information and model training. To evaluate the behavior information of a new user, the user's behavior information can be input into the constructed behavior evaluation model to determine the user's behavior score. The method for constructing model training may use supervised model training, unsupervised model training, or other model training methods, which are not specifically limited in the embodiments of this specification.

The user registration score and user behavior score in the embodiments of the present specification may be specific scores, risk levels, risk probabilities, etc. For example, it is determined that the user registration score is 5 points or intermediate risk or 0.5 risk probability. It can be set according to actual needs, and the embodiments of this specification are not specifically limited.

In the embodiment of the present specification, after the user is registered as the user of the designated application, the behavior information on the designated application is obtained to determine the user behavior score, and the user behavior score may represent the risk that the user exists on the designated application as the second user. degree. The user behavior score is usually related to the risk assessment results of the merchant. Taking the user behavior score as one of the risk assessment criteria for merchant access, the reference data of the merchant access risk assessment is increased to avoid insufficient data. Issues that affect the results of merchant access risk assessments have improved the accuracy of merchant access risk assessment results.

Based on the above embodiment, in one embodiment of the present specification, the user is determined as the access platform based on the first registration evaluation information, the second registration evaluation information, and the behavior evaluation information. The risk assessment information of the first user identity may include:

According to the first registration evaluation information, the behavior evaluation information, and the second registration evaluation information, use the admission evaluation model to determine the risk evaluation information of the user as the identity of the first user in the admission platform The access evaluation model is constructed based on historical first registration evaluation information, historical behavior evaluation information, and historical second registration evaluation information.

In the specific implementation process, a merchant access evaluation model can be constructed based on historical data, such as: obtaining historical first registration evaluation information, historical behavior evaluation information, and historical second registration evaluation information, conducting model training, and building a standard Into the evaluation model. When conducting the risk assessment of merchant access, you can input the first registration assessment information, behavior assessment information, and second registration assessment information of the merchant into the constructed access assessment model to obtain the risk assessment information of the merchant admission , That is, the risk that the user exists as the first identity in the access platform. Among them, the construction method of the access assessment model can be selected according to actual needs, such as: supervised model training or unsupervised model training, the specific form of the model can also be determined according to the actual situation, the embodiment of this specification is not specifically limited .

Using the model evaluation method, you can quickly assess the access risk of merchants and improve the efficiency of risk assessment.

In an embodiment of the present specification, when constructing the admission evaluation model, a class imbalance algorithm (such as the EasyEnsemble algorithm) may be used to perform sample balancing, and the admission evaluation model may be constructed according to sample data after sample balancing. For example, you can choose the merchants that are discharged or complained to be confirmed as black samples, use the EasyEnsemble algorithm to balance the samples, and then use XGBoost as the underlying binary classification model to build an access assessment model to conduct the risk assessment of merchant access. Among them, EasyEnsemble is an under-sampling algorithm that uses an integrated method. It uses random extraction from the normal samples and black samples and other orders of magnitude to perform combined training with replacement extraction. The "extraction-combination-training" is repeated N times to form With N independent bottom model parallel bagging sets, the prediction is averaged to get the final output. Bagging can represent a method for improving the accuracy of learning algorithms. This method constructs a series of prediction functions and then combines them into a prediction function in a certain way. XGBoost (extreme Gradient Boosting) can represent an advanced gradient enhancement algorithm. Using the category imbalance algorithm to balance the samples in the model construction process can improve the accuracy of model construction and further improve the accuracy of merchant access risk assessment.

Based on the above embodiment, in one embodiment of the present specification, the risk assessment information is a risk probability existing under the conditions of the second registration assessment information, the behavior assessment information, and the first registration assessment information. In a specific implementation process, the embodiments of the present specification may express the risk assessment information of merchant access as a conditional probability form, which is used to quantify the user's risk when registering as a merchant. The risk assessment information for merchant access can be defined as the risk (value) assessment at the merchant access time t ₀ , which is the starting point of the life cycle of a merchant entity. Specifically, the risk assessment information for merchant access can be expressed as the following conditional probability:

Risk assessment information for merchant access = P(risk|Φt ₀ )

In the above formula, [Phi] may represent features of the access time, i.e., a second set of registration policy evaluation information, evaluation information behavior, t ₀ a first evaluation information registration time, t ₀ access time may represent the merchant, indicates a potential Risk risks of.

The above formula can represent the admission time, that is, the time t ₀ , given the condition Φ, the probability that the merchant is at risk.

The embodiment of this specification proposes a new method of characterizing the risk assessment information of the merchant's access, which can accurately represent the risk probability of the merchant's entry time, and combines the user's registration assessment information when the merchant has not performed the above registration, User behavior assessment information improves the accuracy of merchant access risk assessment and further improves the security of online platform transactions.

FIG. 2 is a schematic diagram of a framework for merchant access risk assessment in an embodiment of this specification. In FIG. 2, T-2, T-1, T+0, and T+1 may represent a time axis, but not specific time intervals. Schematically indicate the sequence of each process. As shown in FIG. 2, in the embodiment of this specification, according to the time sequence, the risk assessment process of merchant access mainly includes: user registration evaluation (the second registration evaluation information can be obtained as the initial condition of the C terminal (ie, user terminal)), User behavior assessment (available behavior assessment information as C-terminal (ie, user-side) boundary conditions), merchant registration information (ie, first registration assessment information), and then use strategies or models to determine the risk assessment information for merchant access, merchants Admitted risk assessment information can be understood as the initial conditions of the B end (ie, the merchant end). In addition, in an embodiment of the present specification, the risk assessment information of the merchant's admission may be updated according to the behavior verification information of the admitted merchant in the admission platform, and then the optimization strategy and optimization strategy may be performed based on the updated risk assessment information. Model retraining is to update the access assessment model. Among them, the behavior verification information of the admitted merchant in the admission platform may indicate the behavior information of the user in the admission platform after becoming the merchant of the admission platform, the complaint information of other users, etc.

The embodiment of the present specification uses the verification information of the already approved merchant's behavior in the admission platform to update the merchant's risk assessment information, and uses the updated data to optimize the model or strategy to improve the accuracy of the merchant's admission risk assessment Sex.

Before registering as a merchant, it is relatively easy to characterize the risk of being a C-side (ie, user) user. The solution of the embodiment of this specification is that the risk characterization of the C-side account dimension affects its conversion to the B-side (ie, merchant) to a certain extent. End) risk. Based on this assumption, the risk assessment information of merchant access introduces corresponding C-end account registration risk (C-end initial condition) and C-end account action behavior profile (C-end boundary condition) as a strategy supplement for merchant access. FIG. 3 is a schematic diagram of a risk assessment design framework for merchant access in the embodiment of the present specification. The process of conducting merchant access risk assessment in the embodiment of the present specification will be specifically described below with reference to FIG. 3:

1) User registration: refers to the process of user registration access platform (such as payment application platform) and passing authentication. The front-end data of the user registration access platform is relatively rich. Therefore, the underlying risk control logic of relationship networks, anomaly detection, and behavior sequence analysis can be built through multi-dimensional strategy features based on relationships, media, behaviors, conflicts, and identities. The linear superposition of a priori experience outputs the user registration score, which is the second registration evaluation information in the above embodiment. That is, the user registration information when the user is registered as the second user identity, that is, the user identity, can be obtained, and then the user registration risk assessment model can be used to obtain the user registration score.

2) User behavior: The user registration score is used as the initial condition of the C terminal, combined with the user's behavior characteristics during the CB terminal and the risk strategy features of the C terminal (including browsing, payment and other characteristics), combined with the underlying classification algorithm, to carry out The classifier training and prediction of the supervised mode (high-risk users appearing in the CB link can be used as black samples) can finally output user behavior scores that can represent the behavior evaluation information in the above embodiments. That is, after the user is registered as the user of the admission platform with the second identity, that is, the user identity, the behavior information in the admission platform can be obtained. For the specific content of the behavior information, reference may be made to the records in the foregoing embodiments, and details are not described here. Reuse the behavior evaluation model to obtain user behavior scores.

3) Merchant access: The user registration score is used as the C-terminal initial condition, and the user behavior score is used as the C-terminal boundary condition to update the C-end user risk profile, combined with the admission feature that can be obtained in the merchant registration scenario, that is, the first registration Evaluation information can also be referred to as merchant registration information (which can include: merchant identity, registration behavior, equipment, environment, conflicts, relationships, etc.), through quantitative strategies based on manual prior experience or supervised classifiers, etc., can eventually output B The initial conditions are the risk assessment information for merchant access. As shown in Figure 3, the user's user registration score, user behavior score, and merchant registration information on the merchant side can be combined to use the access assessment model to determine the risk assessment information for the user's access on the access platform.

It should be noted that the method for determining the user registration score, user behavior score, and merchant access risk assessment information in the above embodiments may be combined with a list-based admission mechanism, device-based, IP (Internet Protocol) Waiting for the access strategy of dimension aggregation. The list-based admission risk control system is mainly composed of three parts: list storage, list management, and list strategy. The list is stored in the database through historical internal data and the list of directly involved in the anti-check list of potential risks. The list management will be marked according to the type of risk and content, so as to apply to the most suitable scenario. The list strategy is not only to prevent and control the merchants on the blacklist, but also includes the current black, historical black, counterparty black, scene association black, etc., which can be used for user registration score, user behavior score, and merchant access risk Evaluation information determination process. Admission strategy based on single-dimensional aggregation of equipment, IP, etc.: Admission strategy based on single-dimensional media is to accumulate the available information such as equipment and IP used by merchants in the admission scenario within a certain sliding time window. There are risks, and the threshold can be determined by expert experience. At the same time, the graph algorithm is used to find the first-level or second-level merchants of the media for marking. Such strategies have high accuracy for batch and gang attacks, and can also be used for user registration scores, user behavior scores, and merchants. The process of determining the risk assessment information for admission.

The embodiment of this specification transforms the cold start problem at the B end into a full link hot start at the CB end, which integrates the results of the list and media aggregation strategies, and at the same time can identify more potential risks based on the personalized risk characteristics of the C end and expand risk coverage Rate, quantify the risk (value) of the merchant into components, and help different application scenarios from the merchant domain. The accuracy of merchant access risk assessment has been improved, and the security of online transactions has been further improved.

The embodiments of the above method in this specification are described in a progressive manner. The same or similar parts between the embodiments can be referred to each other. Each embodiment focuses on the differences from other embodiments. For the relevant parts, please refer to the description of the method embodiments.

Based on the above-mentioned user entry risk determination method, one or more embodiments of this specification also provide a user admission risk determination device. The device may include a system (including a distributed system), software (applications), modules, components, servers, clients, etc. using the method described in the embodiments of the present specification in combination with necessary hardware implementation devices. Based on the same innovative concept, the devices in one or more embodiments provided by the embodiments of this specification are as described in the following embodiments. Since the implementation solution of the device to solve the problem is similar to the method, the implementation of the specific device in the embodiments of the present specification may refer to the implementation of the foregoing method, and the repetition is not repeated. As used below, the term "unit" or "module" may implement a combination of software and/or hardware that achieves a predetermined function. Although the devices described in the following embodiments are preferably implemented in software, implementation of hardware or a combination of software and hardware is also possible and conceived.

Specifically, FIG. 4 is a schematic diagram of a module structure of an embodiment of a user admission risk determination device provided in this specification. As shown in FIG. 4, the user admission risk determination device provided in this specification includes: first evaluation information acquisition Module 41, second assessment information acquisition module 42, and admission risk assessment module 43, where:

The first evaluation information obtaining module 41 may be used to obtain first registration evaluation information when a user requests to be the identity of the first user in the access platform;

The second evaluation information obtaining module 42 may be used to obtain second registration evaluation information and behavior evaluation information when the user is the identity of the second user in the designated application;

The admission risk assessment module 43 may be used to determine the user as the first user identity in the admission platform based on the first registration assessment information, the second registration assessment information, and the behavior assessment information Risk assessment information.

The risk determination device for user access provided by the embodiments of the present specification uses the second registration evaluation information and behavior evaluation information of the user before the merchant registration, combined with the first registration evaluation information of the user when registering the merchant, to comprehensively determine Risk assessment information for merchant access. It avoids the problem that the amount of data at the time of merchant registration is relatively small, resulting in inaccurate merchant access risk assessment results, improves the accuracy of merchant access risk assessment, and further improves the security of online transactions.

On the basis of the foregoing embodiment, the second registration evaluation information acquired by the second evaluation information acquisition module includes at least one of relationship information, media information, behavior information, conflict information, and identity information.

In the device for determining the risk of user access provided by the embodiments of the present specification, user registration information is usually relatively rich. Combining the user registration information for risk assessment of merchant access, the amount of data for merchant access risk assessment is increased, which can further improve merchant access The accuracy of the risk assessment.

Based on the above embodiment, the second registration evaluation information acquired by the second evaluation information acquisition module includes: based on the relationship information, the media information, the registration behavior information, the conflict information, and the identity At least one of the information uses the user registration score determined by the constructed user registration risk assessment model.

In this embodiment of the present specification, the user registration score is determined by using the relevant information when the user performs user registration on the designated application, and the user registration score may indicate the degree of risk that the user exists on the designated application as the second user. Take the risk assessment score of user identity as one of the risk assessment criteria for merchant access. The risk assessment result of user identity is usually related to the risk assessment result of the merchant, which increases the data reference amount of merchant access risk assessment. To avoid the problem of inadequate data volume affecting the results of merchant access risk assessment and improve the accuracy of merchant access risk assessment results.

Based on the foregoing embodiment, the behavior evaluation information acquired by the second evaluation information acquisition module includes at least one of transaction behavior information, operation behavior information, and the like.

The embodiment of this specification combines the behavior information of the merchant on the admission platform to conduct a risk assessment of the merchant's admission before the merchant registration, which improves the data volume of the merchant's admission risk assessment and further improves the accuracy of the merchant's admission risk assessment Sex.

Based on the foregoing embodiment, the behavior evaluation information acquired by the second evaluation information acquisition module includes: based on at least one of the transaction behavior information and the operation behavior information, determined by using the constructed behavior evaluation model User behavior score.

In the embodiment of the present specification, after the user is registered as the user of the designated application, the behavior information on the designated application is obtained to determine the user behavior score, and the user behavior score may represent the risk that the user exists on the designated application as the second user. degree. The user behavior score is regarded as one of the risk assessment criteria for merchant access. The user behavior score is usually related to the risk assessment results of the merchant, which increases the reference data of the merchant access risk assessment and avoids the lack of data. Issues that affect the results of merchant access risk assessments have improved the accuracy of merchant access risk assessment results.

Based on the foregoing embodiment, the first registration evaluation information acquired by the first evaluation information acquisition module includes at least one of identity information, registration behavior information, device information, environment information, conflict information, and relationship information.

The embodiments of the present specification, combined with the merchant registration information provided at the time of merchant registration, conduct a risk assessment of merchant access, which can improve the accuracy of merchant access risk assessment.

Based on the above embodiments, the admission risk assessment module is specifically used to:

According to the first registration evaluation information, the behavior evaluation information, and the second registration evaluation information, use the admission evaluation model to determine the risk evaluation information of the user as the identity of the first user in the admission platform The access evaluation model is constructed based on historical first registration evaluation information, historical behavior evaluation information, and historical second registration evaluation information.

In the embodiments of the present specification, by using the model evaluation method, the merchants can quickly assess the risk of admission and improve the efficiency of risk assessment.

Based on the above embodiments, the admission risk assessment module is also used to:

When constructing the admission evaluation model, a class imbalance algorithm is used for sample balancing, and the admission evaluation model is constructed according to the sample data after sample balancing.

In the embodiment of the present specification, using the category imbalance algorithm to balance the samples in the model construction process can improve the accuracy of model construction and further improve the accuracy of merchant access risk assessment.

Based on the above embodiment, the admission risk assessment module further includes a model update unit for:

Update the risk assessment information according to the behavior verification information of the user when the first user is identified as the first user in the access platform;

According to the updated risk assessment information, update the admission assessment model.

In this embodiment of the present specification, the use of the approved merchant's behavior verification information in the admission platform is used to update the merchant's risk assessment information, and the updated data is used to optimize the model or strategy to improve the merchant's admission risk assessment. accuracy.

Based on the above embodiments, the risk assessment information determined by the admission risk assessment module is the risk existing under the conditions of the first registration assessment information, the behavior assessment information, and the second registration assessment information Probability.

The embodiment of this specification proposes a new method of characterizing the risk assessment information of merchant access, which can accurately represent the risk probability of the merchant at the moment of admission, and combines the user registration assessment information when the merchant has not performed the above registration 1. Information on user behavior assessment, which improves the accuracy of merchant access risk assessment and further improves the security of online platform transactions.

It should be noted that the above description of the device according to the method embodiment may also include other implementations. For a specific implementation manner, reference may be made to the description of related method embodiments, and details are not repeated herein.

An embodiment of the present specification also provides a risk determination processing device for user access, including: at least one processor and a memory for storing processor-executable instructions, and when the processor executes the instructions, a user who implements the foregoing embodiment Admittance risk determination methods, such as:

Obtain the first registration evaluation information when the user requests to be the identity of the first user in the access platform;

Obtain the second registration evaluation information and behavior evaluation information of the user as the second user identity in the designated application;

According to the first registration evaluation information, the second registration evaluation information, and the behavior evaluation information, it is determined that the user is the risk evaluation information of the identity of the first user in the access platform.

The storage medium may include a physical device for storing information, usually after the information is digitized and then stored in a medium using electrical, magnetic, or optical means. The storage medium may include: devices that use electrical energy to store information, such as various types of memory, such as RAM, ROM, etc.; devices that use magnetic energy to store information, such as hard disks, floppy disks, magnetic tapes, magnetic core memories, magnetic bubble memories, U disk; a device that uses optical means to store information such as CD or DVD. Of course, there are other ways of readable storage media, such as quantum memory, graphene memory, and so on.

It should be noted that the above description of the processing device according to the method embodiment may also include other implementation manners. For a specific implementation manner, reference may be made to the description of related method embodiments, and details are not repeated herein.

The risk determination system for user access provided in this specification can be a risk determination system for individual user access, and can also be applied to various data analysis and processing systems. The system may include any user-entered risk determination device in the foregoing embodiments. The system may be a separate server, or it may include a server cluster, system (including distributed system), software (application) using one or more of the methods or one or more embodiments of this specification. Terminal devices that actually operate devices, logic gate devices, quantum computers, etc., combined with the necessary implementation hardware. The detection system for checking the difference data may include at least one processor and a memory storing computer-executable instructions. When the processor executes the instructions, the steps of the method in any one or more of the above embodiments are implemented.

The method embodiments provided in the embodiments of this specification can be executed in a mobile terminal, a computer terminal, a server, or a similar computing device. Taking an example of running on a server, FIG. 5 is a block diagram of a hardware structure of a risk determination server for user access applying the embodiment of the present application. As shown in FIG. 5, the server 10 may include one or more (only one is shown in the figure) processor 100 (the processor 100 may include but is not limited to a processing device such as a microprocessor MCU or a programmable logic device FPGA, etc.), A memory 200 for storing data, and a transmission module 300 for communication functions. A person of ordinary skill in this neighborhood can understand that the structure shown in FIG. 5 is merely an illustration, which does not limit the structure of the foregoing electronic device. For example, the server 10 may also include more or fewer components than those shown in FIG. 5, for example, it may also include other processing hardware, such as a database or a multi-level cache, a GPU, or have a configuration different from that shown in FIG.

The memory 200 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the risk determination method for user access in the embodiments of the present specification. The processor 100 runs the software programs and modules stored in the memory 200, Thereby performing various functional applications and data processing. The memory 200 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 200 may further include memories remotely provided with respect to the processor 100, and these remote memories may be connected to a computer terminal through a network. Examples of the above network include but are not limited to the Internet, intranet, local area network, mobile communication network, and combinations thereof.

The transmission module 300 is used to receive or send data via a network. The above-mentioned specific examples of the network may include a wireless network provided by a communication provider of computer terminals. In one example, the transmission module 300 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through the base station to communicate with the Internet. In one example, the transmission module 300 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner.

The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve the desired results. In addition, the processes depicted in the drawings do not necessarily require the particular order shown or sequential order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The method or apparatus described in the above embodiments provided in this specification can implement business logic through a computer program and be recorded on a storage medium, and the storage medium can be read and executed by a computer to achieve the effects of the solutions described in the embodiments of this specification.

The above method and device for determining the risk of user access provided by the embodiments of the present specification can be implemented by a processor executing corresponding program instructions in a computer, such as using a Windows operating system C++ language to implement on a PC, a Linux system, or other For example, use android, iOS system programming language to realize in the intelligent terminal, and realize the processing logic based on quantum computer.

It should be noted that the description of the device, computer storage medium, and system described above in the specification according to the related method embodiments may also include other implementation manners. For specific implementation manners, reference may be made to the description of the corresponding method embodiments, and details are not repeated here. .

The embodiments in this specification are described in a progressive manner. The same or similar parts between the embodiments can be referred to each other. Each embodiment focuses on the differences from other embodiments. In particular, for the hardware + program embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method embodiment.

The embodiments of this specification are not limited to those that must comply with industry communication standards, standard computer data processing and data storage rules, or those described in one or more embodiments of this specification. Some industry standards or implementations described in a custom manner or embodiments based on slightly modified implementations can also achieve the same, equivalent, or similar, or predictable implementation effects of the foregoing embodiments. Examples obtained by applying these modified or deformed data acquisition, storage, judgment, processing methods, etc., can still fall within the scope of optional implementations of the examples in this specification.

In the 1990s, the improvement of a technology can be clearly distinguished from the improvement in hardware (for example, the improvement of circuit structures such as diodes, transistors, and switches) or the improvement in software (the improvement of the process flow). However, with the development of technology, the improvement of many methods and processes can be regarded as a direct improvement of the hardware circuit structure. Designers almost get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by hardware physical modules. For example, a programmable logic device (Programmable Logic Device, PLD) (such as a field programmable gate array (Field Programmable Gate Array, FPGA)) is such an integrated circuit, and its logic function is determined by the user programming the device. Designers can program themselves to "integrate" a digital system on a PLD without having to ask chip manufacturers to design and make dedicated integrated circuit chips. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is also mostly implemented with "logic compiler" software, which is similar to the software compiler used in program development and writing, but before compilation The original code must also be written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), and HDL is not only one kind, but there are many kinds, such as ABEL (Advanced Boolean Expression) Language , AHDL (AlteraHardwareDescriptionLanguage), Confluence, CUPL (CornellUniversityProgrammingLanguage), HDCal, JHDL (JavaHardwareDescriptionLanguage), Lava, Lola, MyHDL, PALASM, RHDL (RubyHardwareDescription) It is VHDL (Very-High-Speed Integrated Circuit Hardware Description) and Verilog. Those skilled in the art should also be clear that by simply programming the method flow in the above hardware description languages and programming into the integrated circuit, the hardware circuit that implements the logic method flow can be easily obtained.

The controller may be implemented in any suitable manner, for example, the controller may take a microprocessor or processor and a computer-readable medium storing computer-readable program code (such as software or firmware) executable by the (micro)processor , Logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as part of the control logic of the memory. Those skilled in the art also know that, in addition to implementing the controller in the form of pure computer-readable program code, it is entirely possible to logically program method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded To achieve the same function in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the device for implementing various functions included therein can also be regarded as a structure within the hardware component. Or even, the means for realizing various functions can be regarded as both a software module of an implementation method and a structure within a hardware component.

The system, device, module or unit explained in the above embodiments may be specifically implemented by a computer chip or entity, or implemented by a product with a certain function. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, an on-board human-machine interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet A computer, a wearable device, or any combination of these devices.

Although one or more embodiments of this specification provide method operation steps as described in the embodiments or flowcharts, more or fewer operation steps may be included based on conventional or non-inventive means. The order of the steps listed in the embodiment is only one way among the order of execution of many steps, and does not represent a unique order of execution. When the actual device or terminal product is executed, it may be executed sequentially or in parallel according to the method shown in the embodiments or the drawings (for example, a parallel processor or multi-threaded processing environment, or even a distributed data processing environment). The terms "include", "include" or any other variant thereof are intended to cover non-exclusive inclusion, so that a process, method, product, or device that includes a series of elements includes not only those elements, but also others that are not explicitly listed Elements, or also include elements inherent to such processes, methods, products, or equipment. Without more restrictions, it does not exclude that there are other identical or equivalent elements in the process, method, product or equipment including the elements. The first and second words are used to indicate names, but do not indicate any particular order.

For the convenience of description, when describing the above device, the functions are divided into various modules and described separately. Of course, when implementing one or more of this specification, the functions of each module may be implemented in the same or more software and/or hardware, or the modules that achieve the same function may be implemented by a combination of multiple submodules or subunits, etc. . The device embodiments described above are only schematic. For example, the division of the unit is only a division of logical functions. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or integrated To another system, or some features can be ignored, or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.

The present invention is described with reference to flowcharts and/or block diagrams of methods, apparatuses (systems), and computer program products according to embodiments of the present invention. It should be understood that each flow and/or block in the flowchart and/or block diagram and a combination of the flow and/or block in the flowchart and/or block diagram may be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, special-purpose computer, embedded processing machine, or other programmable data processing device to produce a machine that enables the generation of instructions executed by the processor of the computer or other programmable data processing device An apparatus for realizing the functions specified in one block or multiple blocks of one flow or multiple flows of a flowchart and/or one block or multiple blocks of a block diagram.

These computer program instructions may also be stored in a computer-readable memory that can guide a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including an instruction device, the instructions The device implements the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and/or block diagrams.

These computer program instructions can also be loaded onto a computer or other programmable data processing device, so that a series of operating steps are performed on the computer or other programmable device to produce computer-implemented processing, which is executed on the computer or other programmable device The instructions provide steps for implementing the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and/or block diagrams.

In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include non-permanent memory, random access memory (RAM) and/or non-volatile memory in computer-readable media, such as read only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer-readable media, including permanent and non-permanent, removable and non-removable media, can store information by any method or technology. The information may be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, read-only compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic cassette tapes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. As defined in this article, computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carrier waves.

Those skilled in the art should understand that one or more embodiments of this specification may be provided as a method, system, or computer program product. Therefore, one or more embodiments of this specification may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may employ computer programs implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code The form of the product.

One or more embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. One or more embodiments of this specification can also be practiced in distributed computing environments in which tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules may be located in local and remote computer storage media including storage devices.

The embodiments in this specification are described in a progressive manner. The same or similar parts between the embodiments can be referred to each other. Each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method embodiment. In the description of this specification, the description referring to the terms "one embodiment", "some embodiments", "examples", "specific examples", or "some examples" means specific features described in conjunction with the embodiment or examples , Structure, material or characteristic is included in at least one embodiment or example of this specification. In this specification, the schematic representation of the above terms does not necessarily refer to the same embodiment or example. Moreover, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. In addition, without contradicting each other, those skilled in the art may combine and combine different embodiments or examples and features of the different embodiments or examples described in this specification.

The above is only an embodiment of one or more embodiments of this specification, and is not intended to limit one or more embodiments of this specification. For those skilled in the art, various modifications and changes can be made to one or more embodiments of this specification. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principle of this specification shall be included in the scope of the claims.

Claims (22)

1. A risk determination method for user access includes:

   Obtain the first registration evaluation information when the user requests to be the identity of the first user in the access platform;

   Obtain the second registration evaluation information and behavior evaluation information of the user as the second user identity in the designated application;

   According to the first registration evaluation information, the second registration evaluation information, and the behavior evaluation information, it is determined that the user is the risk evaluation information of the identity of the first user in the access platform.
2. The method according to claim 1, wherein the second registration evaluation information includes: at least one of relationship information, media information, registration behavior information, conflict information, and identity information.
3. The method of claim 2, the second registration evaluation information includes: based on at least one of the relationship information, the media information, the registration behavior information, the conflict information, and the identity information, Determined using the constructed user registration risk assessment model.
4. The method of claim 1, wherein the behavior evaluation information includes at least one of transaction behavior information and operation behavior information.
5. The method according to claim 4, wherein the behavior evaluation information comprises: based on at least one of the transaction behavior information and the operation behavior information, a user behavior score determined by using the constructed behavior evaluation model.
6. The method according to claim 1, wherein the first registration evaluation information includes at least one of identity information, registration behavior information, device information, environment information, conflict information, and relationship information.
7. The method of claim 1, the determining that the user is the first user on the admission platform based on the first registration evaluation information, the second registration evaluation information, and the behavior evaluation information Identity risk assessment information, including:

   According to the first registration evaluation information, the behavior evaluation information, and the second registration evaluation information, use the admission evaluation model to determine the risk evaluation information of the user as the identity of the first user in the admission platform The access evaluation model is constructed based on historical first registration evaluation information, historical behavior evaluation information, and historical second registration evaluation information.
8. According to the method of claim 7, when constructing the admission evaluation model, a class imbalance algorithm is used for sample balancing, and the admission evaluation model is constructed according to the sample data after sample balancing.
9. The method of claim 7, further comprising:

   Update the risk assessment information according to the behavior verification information of the user when the first user is identified as the first user in the access platform;

   According to the updated risk assessment information, update the admission assessment model.
10. The method according to claim 1, wherein the risk assessment information is a risk probability existing under the conditions of the second registration assessment information, the behavior assessment information, and the first registration assessment information.
11. A risk determination device for user access includes:

    The first evaluation information acquisition module is used to obtain the first registration evaluation information when the user requests to be the identity of the first user in the access platform;

    A second evaluation information obtaining module, configured to obtain second registration evaluation information and behavior evaluation information when the user is identified as the second user in the designated application;

    The admission risk assessment module is used to determine the risk that the user is the identity of the first user on the admission platform based on the first registration assessment information, the second registration assessment information, and the behavior assessment information Evaluation information.
12. The apparatus according to claim 11, wherein the second registration evaluation information obtained by the second evaluation information obtaining module includes at least one of relationship information, media information, registration behavior information, conflict information, and identity information.
13. The apparatus of claim 12, the second registration evaluation information obtained by the second evaluation information obtaining module includes: based on the relationship information, the medium information, the registration behavior information, the conflict information, the At least one of the identity information uses the user registration score determined by the constructed user registration risk assessment model.
14. The apparatus of claim 11, the behavior evaluation information obtained by the second evaluation information obtaining module includes at least one of transaction behavior information and operation behavior information.
15. The apparatus of claim 14, the behavior evaluation information obtained by the second evaluation information obtaining module comprises: based on at least one of the transaction behavior information and the operation behavior information, determined using a constructed behavior evaluation model Of user behavior scores.
16. The apparatus of claim 11, the first registration evaluation information acquired by the first evaluation information acquisition module includes at least one of identity information, registration behavior information, device information, environment information, conflict information, and relationship information.
17. The apparatus of claim 11, the admission risk assessment module is specifically used to:

    According to the first registration evaluation information, the behavior evaluation information, and the second registration evaluation information, use the admission evaluation model to determine the risk evaluation information of the user as the identity of the first user in the admission platform The access evaluation model is constructed based on historical first registration evaluation information, historical behavior evaluation information, and historical second registration evaluation information.
18. The apparatus of claim 17, the admission risk assessment module is further used to:

    When constructing the admission evaluation model, a class imbalance algorithm is used for sample balancing, and the admission evaluation model is constructed according to the sample data after sample balancing.
19. The apparatus of claim 17, the admission risk assessment module further comprises a model update unit for:

    Update the risk assessment information according to the behavior verification information of the user when the first user is identified as the first user in the access platform;

    According to the updated risk assessment information, update the admission assessment model.
20. The apparatus of claim 11, the risk assessment information determined by the admission risk assessment module is present under the conditions of the first registration assessment information, the behavior assessment information, and the second registration assessment information Risk probability.
21. A risk determination processing device for user access, including: at least one processor and a memory for storing processor executable instructions, the processor implementing the instructions implements any one of claims 1-10 method.
22. A risk determination system for user access includes at least one processor and a memory for storing processor-executable instructions, and the processor implements the instructions to implement the method of any one of claims 1-10.

Images