CN106067088A - E-bank accesses detection method and the device of behavior - Google Patents

E-bank accesses detection method and the device of behavior Download PDF

Info

Publication number
CN106067088A
CN106067088A CN201610371473.1A CN201610371473A CN106067088A CN 106067088 A CN106067088 A CN 106067088A CN 201610371473 A CN201610371473 A CN 201610371473A CN 106067088 A CN106067088 A CN 106067088A
Authority
CN
China
Prior art keywords
risk
value
session
access
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610371473.1A
Other languages
Chinese (zh)
Inventor
曲家文
李庆华
胡军锋
章传强
廖渊
刘云川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Postal Savings Bank of China Ltd
Original Assignee
Postal Savings Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Postal Savings Bank of China Ltd filed Critical Postal Savings Bank of China Ltd
Priority to CN201610371473.1A priority Critical patent/CN106067088A/en
Publication of CN106067088A publication Critical patent/CN106067088A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Development Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Marketing (AREA)
  • Accounting & Taxation (AREA)
  • Educational Administration (AREA)
  • Technology Law (AREA)
  • Game Theory and Decision Science (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a kind of e-bank and access detection method and the device of behavior.This e-bank accesses the detection method of behavior and includes: the access line obtaining target account is characterized value;By default risk evaluation model, access line is characterized value to calculate, obtain the value-at-risk of target account, wherein, presetting risk evaluation model and calculate for access line being characterized value according to preset algorithm, value-at-risk is for representing the risk size of access behavior;And the risk class of target account is determined according to value-at-risk.By the present invention, improve e-bank and access the accuracy of behavior detection method.

Description

E-bank accesses detection method and the device of behavior
Technical field
The present invention relates to e-commerce field, in particular to a kind of e-bank access behavior detection method and Device.
Background technology
E-bank is the extension of bank's tradition counter service, can make banking no longer by the location of business, business hours Restriction, provide required financial service for people at any time.Also many security risks it are faced with, especially while it offers convenience It is continuously increased along with swindle case, it will bring huge loss for bank and user thereof.At present, in order to preferably prevent The generation of e-bank's fraud, the main mode used according to specialist system create-rule detects fraud, but, base The problems such as Policy Updates are delayed, rate of false alarm is high, matching efficiency is low would generally be brought so that bank and the profit of user in rule and method Benefit can not be protected.
Prior art uses rule-based method carry out monitoring electronic bank risks, be mainly focused on the single rule of use Then complete risk identification process with historical rule, and the threshold value result of foundation risk identification is traded the response of behavior, but It is not described in detail for regular generation process crucial in whole system, causes generation and the foundation of follow-up risk score value Risk threshold value carries out the process of risk assessment and lacks powerful support, and as it was previously stated, rule-based detection mode can not Enough adapting to the reality that Current electronic bank is faced, first, the method, for new risk None-identified, secondly, works as rule When then number is the hugest, system processing power will be brought obvious pressure by analyte detection process.
Access, for e-bank in correlation technique, the problem that behavior detection method accuracy is low, the most not yet propose effectively Solution.
Summary of the invention
Present invention is primarily targeted at the detection method and device providing a kind of e-bank to access behavior, to solve electricity Sub-bank accesses the low problem of detection method accuracy of behavior.
To achieve these goals, according to an aspect of the invention, it is provided a kind of e-bank accesses the inspection of behavior Survey method, the method includes: the access line obtaining target account is characterized value;By default risk evaluation model to the behavior of access Eigenvalue calculates, and obtains the value-at-risk of target account, wherein, presets risk evaluation model and be used for according to preset algorithm visit Asking that behavior characteristics value calculates, value-at-risk is for representing the risk size of access behavior;And determine target according to value-at-risk The risk class of account.
Further, the access line of acquisition target account is characterized value and comprises determining that the target session of target account, its In, target session is to need to conduct interviews the session of behavioral value, and target session is single session, and target session includes at least Once access behavior;Obtain the access number index in target session, request classification density index and request classification intensity Index, wherein, the access number index in target session is the session number of operations in target session, the request in target session Classification density index is session transaction code type number and the ratio of target session number of operations in target session, asks classification collection Middle level index is the ratio of the number of operations of the number of Transaction Inquiries class transaction code and target session in target session, and automatically The difference of the ratio of payment inquiry class transaction code number and session number of operations;By access number index, ask classification density index It is characterized value as access line with request classification intensity index.
Further, according to default risk evaluation model, access line is characterized value and carries out risk assessment calculating, obtain mesh The value-at-risk of mark account includes: access line is characterized value and is input to preset in risk evaluation model;Obtain the first Preset Time The interior value-at-risk presetting risk evaluation model output, obtains multiple output value-at-risk;And multiple output value-at-risks are tired out Adding, the value-at-risk obtained adding up is as the value-at-risk of target account.
Further, calculate access line being characterized value by default risk evaluation model, obtain target account Value-at-risk before, method includes: special to the access behavior of the second Preset Time internal object account by distributed computing method Value indicative resolves, and the access line obtaining multiple classification is characterized value;By adaptive clustering scheme according to the visit of multiple classifications Ask that default risk evaluation model is updated by behavior characteristics value and target account value-at-risk.
Further, determine the risk class of target account according to value-at-risk after, method also includes: generates and determines The control instruction that risk class is corresponding, wherein, control instruction for target account stop access, part stop access or not Stop and access;And the access of target account is controlled by control instruction.
To achieve these goals, according to a further aspect in the invention, it is provided that a kind of e-bank accesses the inspection of behavior Surveying device, this device includes: acquiring unit, is characterized value for obtaining the access line of target account;Computing unit, is used for passing through Default risk evaluation model is characterized value to access line and calculates, and obtains the value-at-risk of target account, and wherein, default risk is commented Estimating model to calculate for access line being characterized value according to preset algorithm, value-at-risk is for representing that the risk of access behavior is big Little;And determine unit, for determining the risk class of target account according to value-at-risk.
Further, acquiring unit comprises determining that module, for determining the target session of target account, wherein, target meeting Words are the session of the behavioral value that needs to conduct interviews, and target session be single session, and target session includes at least and once accesses Behavior;First acquisition module, for obtaining the access number index in target session, request classification density index and request classification Intensity index, wherein, the access number index in target session is the session number of operations in target session, target session In request classification density index be the ratio of session transaction code type number and target session number of operations in target session, please Seeking classification intensity index is the ratio of the number of Transaction Inquiries class transaction code and the number of operations of target session in target session Value, with the difference of automatic fee inquiry class transaction code number with the ratio of session number of operations;First acquisition module is additionally operable to visit Ask that quantitative index, request classification density index and request classification intensity index are characterized value as access line.
Further, computing unit includes;Input module, is input to preset risk assessment for access line is characterized value In model;Second acquisition module, presets the value-at-risk of risk evaluation model output in obtaining the first Preset Time, obtains many Individual output value-at-risk;And accumulator module, for multiple output value-at-risks are added up, using the cumulative value-at-risk obtained as The value-at-risk of target account.
Further, device also includes: resolution unit, is used for by distributed computing method mesh in the second Preset Time The access line of mark account is characterized value and resolves, and the access line obtaining multiple classification is characterized value;Updating block, is used for passing through Adaptive clustering scheme is characterized value and target account value-at-risk to default risk evaluation model according to the access line of multiple classifications It is updated.
Further, device also includes: signal generating unit, for generating the control instruction corresponding with the risk class determined, Wherein, control instruction accesses for stoping target account, and part prevention accesses or do not stops access;And control unit, For being controlled the access of target account by control instruction.
The present invention is characterized value by the access line obtaining target account;By default risk evaluation model to the behavior of access Eigenvalue calculates, and obtains the value-at-risk of target account, wherein, presets risk evaluation model and be used for according to preset algorithm visit Asking that behavior characteristics value calculates, value-at-risk is for representing the risk size of access behavior;And determine target according to value-at-risk The risk class of account, solves e-bank and accesses the problem that behavior detection method accuracy is low, and then reached to improve electricity Sub-bank accesses the effect of behavior detection method accuracy.
Accompanying drawing explanation
The accompanying drawing of the part constituting the application is used for providing a further understanding of the present invention, and the present invention's is schematic real Execute example and illustrate for explaining the present invention, being not intended that inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart that e-bank according to a first embodiment of the present invention accesses the detection method of behavior;
Fig. 2 is the flow chart that e-bank according to a second embodiment of the present invention accesses the detection method of behavior;
Fig. 3 is the flow chart that e-bank according to a third embodiment of the present invention accesses the detection method of behavior;
Fig. 4 is the flow chart that e-bank according to a fourth embodiment of the present invention accesses the detection method of behavior;
Fig. 5 is the flow chart that e-bank according to a fifth embodiment of the present invention accesses the detection method of behavior;
Fig. 6 is the flow chart that e-bank according to a sixth embodiment of the present invention accesses the detection method of behavior;And
Fig. 7 is the schematic diagram that e-bank according to embodiments of the present invention accesses the detection device of behavior.
Detailed description of the invention
It should be noted that in the case of not conflicting, the embodiment in the application and the feature in embodiment can phases Combination mutually.Describe the present invention below with reference to the accompanying drawings and in conjunction with the embodiments in detail.
In order to make those skilled in the art be more fully understood that the application scheme, below in conjunction with in the embodiment of the present application Accompanying drawing, is clearly and completely described the technical scheme in the embodiment of the present application, it is clear that described embodiment is only The embodiment of the application part rather than whole embodiments.Based on the embodiment in the application, ordinary skill people The every other embodiment that member is obtained under not making creative work premise, all should belong to the model of the application protection Enclose.
It should be noted that term " first " in the description and claims of this application and above-mentioned accompanying drawing, " Two " it is etc. for distinguishing similar object, without being used for describing specific order or precedence.Should be appreciated that so use Data can exchange in the appropriate case, in order to embodiments herein described herein.Additionally, term " includes " and " tool Have " and their any deformation, it is intended that cover non-exclusive comprising, such as, contain series of steps or unit Process, method, system, product or equipment are not necessarily limited to those steps or the unit clearly listed, but can include the most clear That list to Chu or for intrinsic other step of these processes, method, product or equipment or unit.
Embodiments provide a kind of e-bank and access the detection method of behavior.
Fig. 1 is the flow chart that e-bank according to a first embodiment of the present invention accesses the detection method of behavior, such as Fig. 1 institute Showing, the method comprises the following steps:
Step S102: the access line obtaining target account is characterized value.
The access line of acquisition target account is characterized value and can be accomplished by: determine the target of target account Session, obtains the access number index in target session, request classification density index and request classification intensity index, will visit Ask that quantitative index, request classification density index and request classification intensity index are characterized value as access line.Obtaining mesh When the access line of mark account is characterized value, the access line obtaining target account in units of session is characterized value.Session refers to Unbroken request response sequence between client and server, each request to client, server can recognize that request Come from same client, such as, begin to one when a unknown client sends first request to Web page application program Individual session, when client clearly terminate session or server do not accept in a Preset Time client any request time, session tie Bundle.
Target session is to need to conduct interviews the session of behavioral value, obtains target account in units of single session Access line is characterized value, and target session is single session, and target session is including at least once accessing behavior.Getting target After session, obtain the access number index in target session, request classification density index and request classification intensity index, Wherein, the access number index in target session is the session number of operations in target session, the request classification in target session Density index is session transaction code type number and the ratio of target session number of operations in target session, asks classification collection intermediate range Degree index is the ratio of the number of operations of the number of Transaction Inquiries class transaction code and target session in target session, with automatic fee The difference of the ratio of inquiry class transaction code number and session number of operations;By access number index, ask classification density index and ask Classification intensity index is asked to be characterized value as access line.
Step S104: by default risk evaluation model, access line is characterized value and calculates, obtain target account Value-at-risk.
Presetting risk evaluation model to calculate for access line being characterized value according to preset algorithm, value-at-risk is used for table Show the risk size of access behavior.
According to default risk evaluation model, access line is characterized value and carries out risk assessment calculating, obtain the wind of target account Danger value may is that access line is characterized value to be input to preset in risk evaluation model;Wind is preset in obtaining the first Preset Time The value-at-risk of danger assessment models output, obtains multiple output value-at-risk;Multiple output value-at-risks are added up, obtains cumulative Value-at-risk as the value-at-risk of target account.
Single session access behavior characteristics value of target account is input in the risk evaluation model preset, by default Risk evaluation model obtains the value-at-risk of target account list session, by the risk of the first Preset Time all sessions of internal object account Value is cumulative, obtains the value-at-risk of the target account of the first Preset Time.
For example, when target account being conducted interviews behavioral value, characteristics extraction can be included, fraud detection, Risk assessment three part, wherein, characteristics extraction refers to the access number index feature in the single session obtaining account, Dan Hui Request classification density index feature in words and the request classification intensity index feature in single session, and composition characteristic to Amount;Fraud detection refers to the risk by obtaining this session in individual session characteristic of correspondence vector input kind of risk decision model Classification, and produce the risk score of response, namely value-at-risk;Risk assessment refers to the risk score of sessions all under the account Add up, obtain the risk score result for the account, and by this risk score result according to the risk class threshold set It is worth to risk evaluation results qualitatively, wherein, when the risk score of the session under to the account carries out cumulative, can will be somebody's turn to do Under account, the risk score of all sessions adds up, it is also possible to the risk score to the session under the account in Preset Time Add up, such as, the risk score of the session under the account in one month is added up, account risk in obtaining month Appraisal result.
Calculate access line being characterized value by default risk evaluation model, obtain target account value-at-risk it Before, method also includes: by distributed computing method, the access line of the second Preset Time internal object account is characterized value and carries out Resolving, the access line obtaining multiple classification is characterized value;Special according to the access behavior of multiple classifications by adaptive clustering scheme Default risk evaluation model is updated by value indicative and target account value-at-risk.
Above-mentioned risk evaluation model and detected access line are characterized the data etc. of value can pass through the big number of main flow Realize data storage according to instrument, inquire about and analyze.Such as, using Distributed Storage platform, Distributed Storage is put down Platform uses the big data tool of main flow to build, it would be preferable to support the storage of magnanimity isomeric data and inquiry.
Access the accuracy of behavior detection method in order to improve e-bank further, default risk evaluation model is carried out Update.It is updated default risk evaluation model can being regularly to update according to the new data supplemented, wherein, updates It is that the decision model to each kind of risk is corrected.Such as, kind of risk is generated certainly by self adaptation K-means clustering method Plan model, according to the characteristic vector distribution in feature space of all sessions each index feature composition, sets for each kind of risk Fixed corresponding risk score, generates risk score model, and dynamically updates this model according to strategy, dynamically update bag Including: risk evaluation model carries out regular update according to the new data supplemented, the new data supplemented refer to that last time is to risk assessment mould New data after type correction.
Step S106: determine the risk class of target account according to value-at-risk.
Determine that the risk class of target account may is that by default risk evaluation model access behavior according to value-at-risk Eigenvalue calculates, and obtains the value-at-risk of target account, judges Preset Time according to value-at-risk and risk class segmentation situation In the risk class residing for value-at-risk of this target account, such as, risk class is divided into Three Estate: low-risk, risk and Excessive risk, value-at-risk is low-risk below 20 points, and 21 points to 80 are divided into risk, and 81 points to 100 are divided into excessive risk, by sentencing The risk class interval at disconnected value-at-risk place determines the risk class of target account.
Determine the risk class of target account according to value-at-risk after, method also includes: the risk class generating Yu determining Corresponding control instruction, wherein, control instruction accesses for stoping target account, partly stops accessing or not stoping visit Ask;And the access of target account is controlled by control instruction.
Preferably, in order to improve the safety of e-bank, after the risk class determining target account, according to target The risk class of account controls account behavior, generates the control instruction corresponding with corresponding risk class.Such as, control instruction bag Including the first control instruction, the first control instruction, for stoping access instruction, stops access instruction for stoping the access of target account Behavior;Control instruction also includes that the second control instruction, the second control instruction are that part stops access instruction, part to stop access to refer to Order accesses behavior for stoping the part of target account;Control instruction also includes that the 3rd control instruction, the 3rd control instruction are not Stop access instruction, do not stop access instruction to be used for allowing the access behavior of target account.If the risk class of target account For excessive risk, for ensureing account safety, generate the first control instruction, i.e. stop the access behavior of target account;If target account The risk class at family is risk, for ensureing account safety, generates the second control instruction, i.e. stops the part of target account to access Behavior, such as, stops the trading activity of target account, or the trading activity for target account carries out phone or note is true Recognize, after being identified through, just allow access or the trading activity of target account;If the risk class of target account is low-risk, then Generate the 3rd control instruction, the most do not stop the access behavior of target account.
This embodiment uses the access line obtaining target account to be characterized value;By default risk evaluation model to access line It is characterized value to calculate, obtains the value-at-risk of target account, wherein, preset risk evaluation model for according to preset algorithm pair Access line is characterized value and calculates, and value-at-risk is for representing the risk size of access behavior;And determine mesh according to value-at-risk The risk class of mark account, improves e-bank and accesses the accuracy of behavior detection method, thus determine target more accurately The risk class of account, in order to the access behavior to target account is controlled.
Fig. 2 is the flow chart that e-bank according to a second embodiment of the present invention accesses the detection method of behavior, this enforcement Example can be as the preferred implementation of above-mentioned first embodiment, as in figure 2 it is shown, this e-bank accesses the detection method of behavior Including:
Step S202: data collection and pretreatment.
In e-banking system, be will be stored in the visit of the target account in operation system by data collection and pretreatment Ask that the data such as behavior characteristics value are in real time or to collect in Distributed Storage platform, as history number in the way of batch According to, (Hadoop Distributed File System is referred to as such as to use storm (Storm) and distributed file system HDFS), by parallel calculating method, such as, map conclusion (MapReduce), in units of session, historical data is carried out whole Reason.
Such as, being processed by initial data under big data processing platform (DPP) Hadoop, initial data is in units of session Arranging, with session as key (Key), initial data is value (Value).
Step S204: model construction.
The historical data put in order is extracted, extracts the access number index in single session, the request in single session Request classification intensity index in classification density index and single session, generates characteristic vector according to above-mentioned three kinds of indexs, makes With adaptive clustering scheme, data are sorted out by such as K-means clustering method, export risk evaluation model, namely kind of risk Decision model, and set risk score standard value for each kind of risk.
Single session characteristics vector representation: the data collected are carried out the feature extraction of corresponding index, i.e. session operation time Number and session transaction code list of types, obtain the characteristic vector that can be directly trained to after doing following process:
Obtain the access number index in single session: extract session number of operations, be designated as n;
Obtain the request classification density index in single session: extract session transaction code list of types, calculate its element The ratio of number m and session number of operations nIt is designated as d;
Obtain the request classification intensity index in single session: extract session transaction code list of types, calculate and wherein belong to Transaction code number c in Transaction Inquiries class1Ratio with session number of operations nClass is inquired about with wherein belonging to automatic fee Transaction code number c2Ratio with session number of operations nDifferenceIt is designated as c;
Finally give characteristic vector vrobot=(n, d, c).
Kind of risk decision model is obtained by self adaptation K-means clustering method:
Primarily determine that kind of risk number: owing to, in whole feature space, access number (n) reflection in single session is abnormal Situation the most obvious, therefore carry out least square fitting with this feature value, matched curve trend analysis show that single session can divide Three risk classes, thus initial setting kind of risk is 3, meanwhile, also draw sample number sc in excessive risk rank;
Obtain decision model: use K-means clustering method, feature space is divided into three regions, compares and fall within three Request classification density (d) in the sample number of individual characteristic area and the list session of all kinds of centers and the request classification collection in single session Middle degree (c) the two feature, is unsatisfactory for three below condition, then, after kind of risk number+1, cluster is until condition meets again:
The sample number of three characteristic areas is incremented by by class, and class center n value is the biggest, and sample number is the fewest, and that class pair maximum The sample number answered is close with sc in the range of error (δ=100) allows, and is (α, sc+ δ), wherein, α=max (0, sc- δ);
Class center d value is inversely proportional to sample number;
Class center c value is directly proportional to sample number;
Export the class center of each kind of risk, be kind of risk decision model.
After obtaining kind of risk decision model, according to kind of risk decision model, set up risk score model, to calculate Target account access line is characterized value.
Analyzing kind of risk decision model to understand, classification 1 best suits the feature that the machine mankind are abnormal, wherein, the machine mankind Referring to that plug-in program, machine mankind transaction refer to the type of transaction initiated by plug-in program, therefore risk class is the highest, and other are two years old The degree of risk of class is successively decreased successively, is defined as shown in table 1 by the risk class of this exception.
Table 1 cluster result and risk score mapping table
Cluster result Classification 3 Classification 2 Classification 1
Risk score 0 1 10
As shown in table 1, when risk score is 0, cluster result belongs to classification 3, when risk score is 1, and cluster result For classification 2, when risk score is 10, risk class is the highest, and cluster result is classification 1.
Step S206: risk analysis.
Obtain the session data of target account, including the access number index in single session, the request classification in single session Density index and the request classification intensity index in single session, generate single session characteristic of correspondence vector, by characteristic vector Being input in kind of risk decision model, the output of kind of risk decision model is the value-at-risk of this session data, by target The value-at-risk of all single session of account adds up and obtains the final risk value of target account, determines target by final risk value The risk class of account.
After building risk evaluation model, carrying out risk analysis by risk evaluation model, risk analysis part is permissible It is divided into risk score to calculate and risk class determines.
Risk score calculates:
Sessions all under account to be marked are carried out characteristic vector expression, inputs kind of risk decision model, i.e. input Risk evaluation model;
The method of discrimination of kind of risk belonging to every session: calculating individual session (s) to three Ge Lei center (a1,a2,a3) Distance, be attributed to closest min (| s-a1|,|s-a2|,|s-a3|) that class, and the risk score of such correspondence is composed To this session;
Account overall risk score value R is i.e. obtained by cumulative for the risk score of sessions all under the account.
Risk class determines:
By historical risk distribution of grading, calculate risk demarcation interval, such as, piece wise least square method matching can be used Obtain suitable border, be divided into devoid of risk, low-risk, risk, four ranks of excessive risk at present, then by R and different wind The Risk interval of danger rank compares, and determines the risk class of final account.
This embodiment passes through data collection and pretreatment, builds risk evaluation model, then utilizes risk evaluation model to enter Row risk analysis, obtains the value-at-risk of target account, by big data processing platform (DPP) to account behavior whether with all account lists Access number index in session, the request classification density index in single session refer to the request classification intensity in single session Mark the consistent fraud detection that carries out, and determine whether swindle row according to the corresponding relation of described risk score value Yu risk class For account.Propose self adaptation K-means clustering method, improve e-bank and access the accuracy of behavior fraud detection, with Time, the system of the present invention also has the premium properties processing mass data.
Fig. 3 is the flow chart that e-bank according to a third embodiment of the present invention accesses the detection method of behavior.This enforcement Example can be as the preferred implementation of model construction in the second embodiment, as it is shown on figure 3, the method comprises the following steps:
Step S302: extract single session index feature value composition characteristic vector.
In the present embodiment, risk evaluation model i.e. kind of risk decision model, build main defeated of risk evaluation model Enter the session number of operations for target account and session transaction code type, the session number of operations of target account and session transaction code Type is stored in session number of operations and session transaction code list of types.Wherein, during session number of operations is individual session Record number, session transaction code list of types is the list of the transaction code type composition occurred in all records of individual session.
Access number index in single session is session number of operations;Request classification density index in single session is session Element number and the ratio of session number of operations in transaction code list of types;Request classification intensity index in single session is Session transaction code list of types belongs to the transaction code number of Transaction Inquiries class and the ratio of session number of operations, concludes the business with session Code type list belongs to the transaction code number of automatic fee inquiry class and the difference of the ratio of session number of operations.
Step S304: use K-means clustering method to obtain single session kind of risk decision model.
Use adaptive clustering scheme, such as K-means, characteristic vector is sorted out, obtains all kinds of class centers, as in advance Surveying the decision model of kind of risk belonging to session, concrete model construction step is as follows:
Primarily determine that kind of risk number: carry out least square fitting with the access number in single session, curve tendency divide Separate out single session risk class number b, and initial setting kind of risk is b, meanwhile, also draw sample number in excessive risk rank sc;
Use K-means clustering method, feature space is divided into b region, compares the sample falling within b characteristic area Request classification density in several and all kinds of centers list session and the request classification intensity the two feature in single session, no Meet three below condition, then need to increase kind of risk number and again cluster until condition meets.
The sample number of b characteristic area is incremented by by class, and class center n value is the biggest, and sample number is the fewest, and that class pair of maximum Ratio shared by the sample number answered is close with sc in the range of error allows, and excessive easy generation is reported by mistake, too small then kind of risk Number is excessive, and operand strengthens;Request classification density in single session that class center is corresponding is inversely proportional to sample number;Class center is corresponding Single session in request classification intensity be directly proportional to sample number.
Step S306: set risk score value according to the intensity of anomaly of sample in each kind of risk after cluster.
The intensity of anomaly embodied according to sample size in each kind of risk after cluster, sets each kind of risk corresponding Value-at-risk, i.e. sample size are the most rare, and specification exception degree is the highest, then value-at-risk arranges the highest, and contrary value-at-risk sets the lowest.
This embodiment, by extracting single session index feature value composition characteristic vector, uses K-means clustering method to obtain Single session kind of risk decision model, sets risk score value according to the intensity of anomaly of sample in each kind of risk after cluster, carries Gao Liao e-bank accesses the accuracy of behavior detection method, thus determines the risk class of target account more accurately, in order to Access behavior to target account is controlled.
Fig. 4 is the flow chart that e-bank according to a fourth embodiment of the present invention accesses the detection method of behavior.This enforcement The preferred implementation that example can be analyzed as the second embodiment risk, as shown in Figure 4, the method comprises the following steps:
Step S402: risk score calculates.
Asking in the access number index feature in single session of target account, single session is obtained by characteristic extraction procedure Ask classification density index feature and the request classification intensity index feature in single session, calculate the machine mankind in individual session Characteristic vector;
Obtain the kind of risk belonging to individual session by kind of risk decision model, obtain corresponding value-at-risk, specifically Step can be: calculates the individual session characteristic of correspondence vector distance to all kinds of centers, this session is attributed to distance the shortest That class, is assigned to it by the risk score of such correspondence;
Account risk score result, i.e. value-at-risk is obtained by cumulative for the value-at-risk of sessions all under same account.
Step S404: risk class determines.
Carry out risk class division according to the distribution of all risk score results in historical data, such as, use segmentation to intend The method closed obtains different risk class;
Scoring interval corresponding with risk class for consumer's risk score value is compared, if falling in this interval, then User delimited as this risk class.
This embodiment is characterized value by the access line extracting target account and carries out risk score calculating, then according to being counted The value-at-risk obtained and risk class demarcation interval, to judge the risk class of target account, improve e-bank's access line Accuracy for detection method.
Fig. 5 is the flow chart that e-bank according to a fifth embodiment of the present invention accesses the detection method of behavior.This enforcement Example can be as the preferred implementation of the 4th embodiment risk score calculation, as it is shown in figure 5, the method includes following step Rapid:
Step S502: calculate robot category feature vector in individual session.
Obtained by characteristic extraction procedure in the access number index feature in single session of account to be analyzed, single session Request classification density index feature and the request classification intensity index feature in single session, calculate robot in individual session Category feature vector.
Step S504: by kind of risk belonging to decision model judging characteristic vector, obtain corresponding risk score.
Obtain the kind of risk belonging to individual session by kind of risk decision model, obtain corresponding value-at-risk, specifically Way: calculate the individual session characteristic of correspondence vector distance to all kinds of centers, this session is attributed to that class that distance is the shortest, will The risk score of such correspondence is assigned to it.
Step S506: obtain account risk score result by cumulative for the risk score of all for single account sessions.
By kind of risk belonging to decision model judging characteristic vector, after obtaining corresponding risk score, by single The risk score of all sessions of target account adds up and obtains the risk score result of target account, when carrying out cumulative, permissible The risk score of all of for target account session is added up, it is also possible to by the risk score of the target account in Preset Time Add up, obtain the value-at-risk of Preset Time internal object account.
This embodiment is by calculating robot category feature vector in individual session, by decision model judging characteristic vector institute Belong to kind of risk, obtain corresponding risk score, obtain account risk comment cumulative for the risk score of all for single account sessions Divide result, by said method, improve e-bank and access the accuracy of behavior detection method.
Fig. 6 is the flow chart that e-bank according to a sixth embodiment of the present invention accesses the detection method of behavior.This enforcement The preferred implementation that example can determine as the 4th embodiment risk rank, as shown in Figure 6, the method includes following step Rapid:
Step S602: risk score calculates.
Asking in the access number index feature in single session of target account, single session is obtained by characteristic extraction procedure Ask classification density index feature and the request classification intensity index feature in single session, be characterized value as access line.Root According to default risk evaluation model, access line being characterized value and carry out risk assessment calculating, the value-at-risk obtaining target account is permissible It is: access line is characterized value and is input to preset in risk evaluation model;Risk assessment mould is preset in obtaining the first Preset Time The value-at-risk of type output, obtains multiple output value-at-risk, adds up multiple output value-at-risks, by the cumulative value-at-risk obtained Value-at-risk as target account.
Step S604: determine risk class threshold interval.
When determining risk class threshold interval can by Preset Time in the knot of value-at-risk of multiple target account Fruit is calculated, or empirically value determines the threshold interval corresponding to each risk class, and such as, risk class divides For Three Estate: low-risk, risk and excessive risk, value-at-risk is low-risk below 20 points, and 21 points to 80 are divided into risk, 81 points are divided into excessive risk to 100.
Step S606: account risk class calculates.
Target account risk class calculates, namely risk class determines, by judging the risk class district at value-at-risk place Between determine the risk class of target account.The risk score of such as target account is 90 points, then account risk class is high wind Danger, it is preferable that be controlled the access behavior of account according to the risk class of account, such as, generates and stops access instruction, logical Cross the access behavior stoping access instruction to stop high risk target account.
This embodiment is calculated by risk score, determines risk class threshold interval, and account risk class calculates, and determines mesh The risk class of mark account, improves e-bank and accesses the accuracy of behavior detection method.
It should be noted that can be at such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing Computer system performs, and, although show logical order in flow charts, but in some cases, can be with not It is same as the step shown or described by order execution herein.
Embodiments providing a kind of e-bank and access the detection device of behavior, this e-bank accesses behavior Detection device may be used for performing the detection method of e-bank's access behavior of the embodiment of the present invention.
Fig. 7 is the schematic diagram that e-bank according to embodiments of the present invention accesses the detection device of behavior, as it is shown in fig. 7, This device includes:
Acquiring unit 10, is characterized value for obtaining the access line of target account.
Acquiring unit 10 comprises determining that module, and for determining the target session of target account, wherein, target session is for needing The session of behavioral value to be conducted interviews, target session is single session, and target session is including at least once accessing behavior;The One acquisition module, for obtaining the access number index in target session, request classification density index and request classification collection intermediate range Degree index, wherein, the access number index in target session is the session number of operations in target session, asking in target session Seeking classification density index is session transaction code type number and the ratio of target session number of operations in target session, asks classification Intensity index is the ratio of the number of operations of the number of Transaction Inquiries class transaction code and target session in target session, with oneself The difference of the ratio of dynamic payment inquiry class transaction code number and session number of operations;First acquisition module is additionally operable to refer to access number Mark, request classification density index and request classification intensity index are characterized value as access line.
Computing unit 20, calculates for access line being characterized value by default risk evaluation model, obtains target The value-at-risk of account.
Presetting risk evaluation model to calculate for access line being characterized value according to preset algorithm, value-at-risk is used for table Show the risk size of access behavior.
Computing unit 20 includes;Input module, is input to preset in risk evaluation model for access line is characterized value; Second acquisition module, presets the value-at-risk of risk evaluation model output in obtaining the first Preset Time, obtains multiple output Value-at-risk;Accumulator module, for adding up to multiple output value-at-risks, using the cumulative value-at-risk obtained as target account Value-at-risk.
Determine unit 30, for determining the risk class of target account according to value-at-risk.
By default risk evaluation model, access line is characterized value at computing unit 20 to calculate, obtains target account Value-at-risk after, determine that unit 30 determines the risk class of target account according to the value-at-risk of target account, such as, determine list Unit 30 judges the risk class corresponding to value-at-risk of target account by the threshold interval of value-at-risk with risk class.
Preferably, in order to improve the access behavior safety of target account, device also includes: signal generating unit, is used for generating The control instruction corresponding with the risk class determined, wherein, control instruction accesses for stoping target account, and part stops visits Ask or do not stop access;And control unit, for being controlled the access of target account by control instruction.
Access the accuracy of behavior detection method to improve e-bank further, device also includes: resolution unit, uses Resolve in the access line of the second Preset Time internal object account being characterized value by distributed computing method, obtain multiple The access line of classification is characterized value;Updating block, for special according to the access behavior of multiple classifications by adaptive clustering scheme Default risk evaluation model is updated by value indicative and target account value-at-risk.
The access line that this embodiment obtains target account by acquiring unit 10 is characterized value;Computing unit 20 is by presetting Risk evaluation model is characterized value to access line and calculates, and obtains the value-at-risk of target account, wherein, presets risk assessment mould Type calculates for access line being characterized value according to preset algorithm, and value-at-risk is for representing the risk size of access behavior; And determine that unit 30 determines the risk class of target account according to value-at-risk, thus improve e-bank and access behavioral value The accuracy of method.
Obviously, those skilled in the art should be understood that each module of the above-mentioned present invention or each step can be with general Calculating device realize, they can concentrate on single calculating device, or be distributed in multiple calculating device and formed Network on, alternatively, they can with calculate the executable program code of device realize, it is thus possible to by they store Performed by calculating device in the storage device, or they are fabricated to respectively each integrated circuit modules, or by them In multiple modules or step be fabricated to single integrated circuit module and realize.So, the present invention be not restricted to any specifically Hardware and software combines.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made any repaiies Change, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (10)

1. the detection method of e-bank's access behavior, it is characterised in that including:
The access line obtaining target account is characterized value;
By default risk evaluation model, described access line is characterized value to calculate, obtains the risk of described target account Value, wherein, presets risk evaluation model and calculates for described access line being characterized value according to preset algorithm, described risk Value is for representing the risk size of access behavior;And
The risk class of described target account is determined according to described value-at-risk.
Method the most according to claim 1, it is characterised in that the access line obtaining described target account is characterized value bag Include:
Determining the target session of described target account, wherein, described target session is to need to conduct interviews the session of behavioral value, Described target session is single session, and described target session is including at least once accessing behavior;
Obtain the access number index in described target session, request classification density index and request classification intensity index, Wherein, the access number index in described target session is the session number of operations in described target session, described target session In request classification density index be session transaction code type number and described target session number of operations in described target session Ratio, described request classification intensity index is the number of Transaction Inquiries class transaction code and described mesh in described target session The ratio of number of operations of rotating savings words, with the ratio of automatic fee inquiry class transaction code number and described session number of operations it Difference;And
By described access number index, described request classification density index and described request classification intensity index as described Access line is characterized value.
Method the most according to claim 1, it is characterised in that according to described default risk evaluation model to described access line Being characterized value and carry out risk assessment calculating, the value-at-risk obtaining described target account includes:
Described access line is characterized value be input in described default risk evaluation model;
In obtaining the first Preset Time, the value-at-risk of described default risk evaluation model output, obtains multiple output value-at-risk;With And
Adding up the plurality of output value-at-risk, the value-at-risk obtained adding up is as the value-at-risk of described target account.
Method the most according to claim 1, it is characterised in that by described default risk evaluation model to described access Behavior characteristics value calculates, and before obtaining the value-at-risk of described target account, described method includes:
By distributed computing method, the access line of target account described in the second Preset Time is characterized value to resolve, Access line to multiple classifications is characterized value;And
It is characterized value and described target account value-at-risk pair according to the access line of the plurality of classification by adaptive clustering scheme Described default risk evaluation model is updated.
Method the most according to claim 1, it is characterised in that determine the risk of described target account according to described value-at-risk After grade, described method also includes:
Generating the control instruction corresponding with the risk class determined, wherein, described control instruction is for hindering described target account Only accessing, part stops access or does not stop access;And
The access of described target account is controlled by described control instruction.
6. the detection device of e-bank's access behavior, it is characterised in that including:
Acquiring unit, is characterized value for obtaining the access line of target account;
Computing unit, calculates for described access line being characterized value by default risk evaluation model, obtains described mesh The value-at-risk of mark account, wherein, presets risk evaluation model and carries out for described access line being characterized value according to preset algorithm Calculating, described value-at-risk is for representing the risk size of access behavior;And
Determine unit, for determining the risk class of described target account according to described value-at-risk.
Device the most according to claim 6, it is characterised in that described acquiring unit includes:
Determining module, for determining the target session of described target account, wherein, described target session is that needs conduct interviews row For the session of detection, described target session is single session, and described target session is including at least once accessing behavior;
First acquisition module, for obtaining the access number index in described target session, request classification density index and request Classification intensity index, wherein, the access number index in described target session is the session operation in described target session Number of times, the request classification density index in described target session be in described target session session transaction code type number with described The ratio of target session number of operations, described request classification intensity index is Transaction Inquiries class transaction in described target session The number of code and the ratio of the number of operations of described target session, grasp with described session with automatic fee inquiry class transaction code number Make the difference of the ratio of number of times;
First acquisition module is additionally operable to described access number index, described request classification density index and described request classification collection Middle level index is characterized value as described access line.
Device the most according to claim 6, it is characterised in that described computing unit includes;
Input module, is input in described default risk evaluation model for described access line is characterized value;
Second acquisition module, in obtaining the first Preset Time, the value-at-risk of described default risk evaluation model output, obtains Multiple output value-at-risks;And
Accumulator module, for adding up to the plurality of output value-at-risk, using the cumulative value-at-risk obtained as described target The value-at-risk of account.
Device the most according to claim 6, it is characterised in that described device also includes:
Resolution unit, for being characterized the access line of target account described in the second Preset Time by distributed computing method Value resolves, and the access line obtaining multiple classification is characterized value;And
Updating block, for being characterized value and described target by adaptive clustering scheme according to the access line of the plurality of classification Described default risk evaluation model is updated by account value-at-risk.
Device the most according to claim 6, it is characterised in that described device also includes:
Signal generating unit, for generating the control instruction corresponding with the risk class determined, wherein, described control instruction is for institute Stating target account stops access, part stop access or do not stop access;And
Control unit, for controlling the access of described target account by described control instruction.
CN201610371473.1A 2016-05-30 2016-05-30 E-bank accesses detection method and the device of behavior Pending CN106067088A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610371473.1A CN106067088A (en) 2016-05-30 2016-05-30 E-bank accesses detection method and the device of behavior

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610371473.1A CN106067088A (en) 2016-05-30 2016-05-30 E-bank accesses detection method and the device of behavior

Publications (1)

Publication Number Publication Date
CN106067088A true CN106067088A (en) 2016-11-02

Family

ID=57420971

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610371473.1A Pending CN106067088A (en) 2016-05-30 2016-05-30 E-bank accesses detection method and the device of behavior

Country Status (1)

Country Link
CN (1) CN106067088A (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106708016A (en) * 2016-12-22 2017-05-24 中国石油天然气股份有限公司 Failure monitoring method and failure monitoring device
CN107067157A (en) * 2017-03-01 2017-08-18 北京奇艺世纪科技有限公司 Business risk appraisal procedure, device and air control system
CN108268886A (en) * 2017-01-04 2018-07-10 中国移动通信集团四川有限公司 For identifying the method and system of plug-in operation
CN109120429A (en) * 2017-06-26 2019-01-01 苏宁云商集团股份有限公司 A kind of Risk Identification Method and system
CN109120428A (en) * 2017-06-26 2019-01-01 苏宁云商集团股份有限公司 A kind of method and system for air control analysis
CN109272398A (en) * 2018-09-11 2019-01-25 北京芯盾时代科技有限公司 A kind of e-bank is counter to cheat method and system
CN109327473A (en) * 2018-12-03 2019-02-12 北京工业大学 A kind of identity identifying method based on block chain technology
CN110033151A (en) * 2018-11-09 2019-07-19 阿里巴巴集团控股有限公司 Relational risk evaluation method, device, electronic equipment and computer storage medium
CN110033153A (en) * 2018-12-05 2019-07-19 阿里巴巴集团控股有限公司 A kind of pair of information recommendation carries out resource bonusing method, device and equipment
CN110084468A (en) * 2019-03-14 2019-08-02 阿里巴巴集团控股有限公司 A kind of Risk Identification Method and device
CN110335144A (en) * 2019-07-10 2019-10-15 中国工商银行股份有限公司 Personal electric bank account safety detection method and device
CN110363531A (en) * 2018-03-26 2019-10-22 索尼公司 The method and apparatus for handling fraud
CN110826036A (en) * 2019-11-06 2020-02-21 支付宝(杭州)信息技术有限公司 User operation behavior safety identification method and device and electronic equipment
CN111597549A (en) * 2020-04-17 2020-08-28 国网浙江省电力有限公司湖州供电公司 Network security behavior identification method and system based on big data
CN112288329A (en) * 2020-11-23 2021-01-29 中国农业银行股份有限公司 Risk estimation method and device for operation behavior record
CN113159419A (en) * 2021-04-21 2021-07-23 成都卫士通信息产业股份有限公司 Group feature portrait analysis method, device and equipment and readable storage medium
CN114640606A (en) * 2020-12-01 2022-06-17 中移物联网有限公司 Abnormity processing method and controller for Internet of things card terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102117459A (en) * 2010-01-06 2011-07-06 阿里巴巴集团控股有限公司 Risk control system and method
CN104778591A (en) * 2015-04-01 2015-07-15 北京三快在线科技有限公司 Extracting and identifying methods of feature information of abnormal behavior and devices
CN104881783A (en) * 2015-05-14 2015-09-02 中国科学院信息工程研究所 E-bank account fraudulent conduct and risk detecting method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102117459A (en) * 2010-01-06 2011-07-06 阿里巴巴集团控股有限公司 Risk control system and method
CN104778591A (en) * 2015-04-01 2015-07-15 北京三快在线科技有限公司 Extracting and identifying methods of feature information of abnormal behavior and devices
CN104881783A (en) * 2015-05-14 2015-09-02 中国科学院信息工程研究所 E-bank account fraudulent conduct and risk detecting method and system

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106708016A (en) * 2016-12-22 2017-05-24 中国石油天然气股份有限公司 Failure monitoring method and failure monitoring device
CN108268886A (en) * 2017-01-04 2018-07-10 中国移动通信集团四川有限公司 For identifying the method and system of plug-in operation
CN107067157A (en) * 2017-03-01 2017-08-18 北京奇艺世纪科技有限公司 Business risk appraisal procedure, device and air control system
CN109120428B (en) * 2017-06-26 2022-04-19 南京星云数字技术有限公司 Method and system for wind control analysis
CN109120428A (en) * 2017-06-26 2019-01-01 苏宁云商集团股份有限公司 A kind of method and system for air control analysis
CN109120429B (en) * 2017-06-26 2022-04-15 南京星云数字技术有限公司 Risk identification method and system
CN109120429A (en) * 2017-06-26 2019-01-01 苏宁云商集团股份有限公司 A kind of Risk Identification Method and system
CN110363531B (en) * 2018-03-26 2023-04-28 索尼公司 Method and device for processing fraud
CN110363531A (en) * 2018-03-26 2019-10-22 索尼公司 The method and apparatus for handling fraud
CN109272398A (en) * 2018-09-11 2019-01-25 北京芯盾时代科技有限公司 A kind of e-bank is counter to cheat method and system
CN109272398B (en) * 2018-09-11 2020-05-08 北京芯盾时代科技有限公司 Operation request processing system
CN110033151B (en) * 2018-11-09 2024-01-19 创新先进技术有限公司 Relation risk evaluation method and device, electronic equipment and computer storage medium
CN110033151A (en) * 2018-11-09 2019-07-19 阿里巴巴集团控股有限公司 Relational risk evaluation method, device, electronic equipment and computer storage medium
CN109327473B (en) * 2018-12-03 2021-10-01 北京工业大学 Identity authentication system based on block chain technology
CN109327473A (en) * 2018-12-03 2019-02-12 北京工业大学 A kind of identity identifying method based on block chain technology
CN110033153A (en) * 2018-12-05 2019-07-19 阿里巴巴集团控股有限公司 A kind of pair of information recommendation carries out resource bonusing method, device and equipment
CN110084468B (en) * 2019-03-14 2020-09-01 阿里巴巴集团控股有限公司 Risk identification method and device
CN110084468A (en) * 2019-03-14 2019-08-02 阿里巴巴集团控股有限公司 A kind of Risk Identification Method and device
CN110335144A (en) * 2019-07-10 2019-10-15 中国工商银行股份有限公司 Personal electric bank account safety detection method and device
CN110826036A (en) * 2019-11-06 2020-02-21 支付宝(杭州)信息技术有限公司 User operation behavior safety identification method and device and electronic equipment
CN111597549A (en) * 2020-04-17 2020-08-28 国网浙江省电力有限公司湖州供电公司 Network security behavior identification method and system based on big data
CN112288329A (en) * 2020-11-23 2021-01-29 中国农业银行股份有限公司 Risk estimation method and device for operation behavior record
CN114640606A (en) * 2020-12-01 2022-06-17 中移物联网有限公司 Abnormity processing method and controller for Internet of things card terminal
CN113159419A (en) * 2021-04-21 2021-07-23 成都卫士通信息产业股份有限公司 Group feature portrait analysis method, device and equipment and readable storage medium

Similar Documents

Publication Publication Date Title
CN106067088A (en) E-bank accesses detection method and the device of behavior
CN110417721B (en) Security risk assessment method, device, equipment and computer readable storage medium
CN112766550B (en) Random forest-based power failure sensitive user prediction method, system, storage medium and computer equipment
CN106897918A (en) A kind of hybrid machine learning credit scoring model construction method
CN109472610A (en) A kind of bank transaction is counter to cheat method and system, equipment and storage medium
CN104881783A (en) E-bank account fraudulent conduct and risk detecting method and system
CN112668859A (en) Big data based customer risk rating method, device, equipment and storage medium
CN111460312A (en) Method and device for identifying empty-shell enterprise and computer equipment
CN112417176B (en) Method, equipment and medium for mining implicit association relation between enterprises based on graph characteristics
CN113627566A (en) Early warning method and device for phishing and computer equipment
CN104850868A (en) Customer segmentation method based on k-means and neural network cluster
CN109146667B (en) Method for constructing external interface comprehensive application model based on quantitative statistics
CN107784411A (en) The detection method and device of key variables in model
CN113919932A (en) Client scoring deviation detection method based on loan application scoring model
CN112950359A (en) User identification method and device
CN108845285A (en) Electric energy metering device detection method and system
CN117132383A (en) Credit data processing method, device, equipment and readable storage medium
CN105930430A (en) Non-cumulative attribute based real-time fraud detection method and apparatus
CN116012152A (en) Method, device and equipment for identifying abnormal transaction entity and readable storage medium
CN116205528A (en) Illegal construction identification method and system based on construction site power data
CN114943479A (en) Risk identification method, device and equipment of business event and computer readable medium
CN115660101A (en) Data service providing method and device based on service node information
CN113919415A (en) Abnormal group detection method based on unsupervised algorithm
Lee et al. Application of machine learning in credit risk scorecard
CN113723522B (en) Abnormal user identification method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20161102

RJ01 Rejection of invention patent application after publication