CN108734469A - The method and apparatus for determining consumer's risk label undetermined - Google Patents

Abstract

This specification embodiment provides a kind of method and apparatus determining consumer's risk label undetermined.This method includes：Obtain the access path information of user in the network flow in the predetermined time；According to the access path information architecture Heterogeneous Information network of user, wherein the node of the Heterogeneous Information network includes the access path node of user and user；Based on the fraudulent user marked in the Heterogeneous Information network, first path in the Heterogeneous Information network, path of the member path between user undetermined and fraudulent user are determined；Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine the risk label of the user undetermined.

Description

The method and apparatus for determining consumer's risk label undetermined

Technical field

This specification embodiment is related to network technique field more particularly to a kind of method determining consumer's risk label undetermined And device.

Background technology

With the development of Internet technology, network payment safety problem also gradually increases, this gives payment company and user Different degrees of monetary losses are brought, for example, fraudulent user inveigles buyer user Xiang Qi to transfer accounts, but are not used to these buyers Allot corresponding commodity in family.In order to determine fraudulent user, to take measures to avoid the monetary losses of user, the prior art logical as possible It is often to identify the fraudulent trading of fraudulent user from dimensions such as trading activity exception, Receiving information exceptions.But still can There are some fraudulent users and fraudulent trading None- identified to obtain, this brings higher risk to security.

Invention content

This specification embodiment provides a kind of method and apparatus determining consumer's risk label undetermined, for determining use undetermined The risk label at family.

This specification embodiment uses following technical proposals：

In a first aspect, a kind of method determining consumer's risk label undetermined is provided, including：Obtain the net in the predetermined time The access path information of user in network flow；According to the access path information architecture Heterogeneous Information network of user, wherein described different The node of structure information network includes the access path node of user and user；Based on the fraud marked in the Heterogeneous Information network User determines first path in the Heterogeneous Information network, path of the member path between user undetermined and fraudulent user； Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine the risk label of the user undetermined.

Second aspect provides a kind of device determining consumer's risk label undetermined, including：Access path acquisition of information mould Block obtains the access path information of user in the network flow in the predetermined time；Module is built, is believed according to the access path of user Breath structure Heterogeneous Information network, wherein the node of the Heterogeneous Information network includes the access path node of user and user；Member Path determination module determines the member in the Heterogeneous Information network based on the fraudulent user marked in the Heterogeneous Information network Path, path of the member path between user undetermined and fraudulent user；Risk label determining module is existed based on user undetermined Corresponding member path, determines the risk label of the user undetermined in the Heterogeneous Information network.

The third aspect provides a kind of electronic equipment, including：It memory, processor and is stored on the memory simultaneously The computer program that can be run on the processor realizes following behaviour when the computer program is executed by the processor Make：Obtain the access path information of user in the network flow in the predetermined time；It is different according to the access path information architecture of user Structure information network, wherein the node of the Heterogeneous Information network includes the access path node of user and user；Based on described different The fraudulent user marked in structure information network determines first path in the Heterogeneous Information network, and the member path is use undetermined Path between family and fraudulent user；Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine described in The risk label of user undetermined.

Fourth aspect provides a kind of computer readable storage medium, is stored on the computer readable storage medium Computer program realizes following operation when the computer program is executed by processor：Obtain the network flow in the predetermined time The access path information of middle user；According to the access path information architecture Heterogeneous Information network of user, wherein the Heterogeneous Information The node of network includes the access path node of user and user；Based on the fraudulent user marked in the Heterogeneous Information network, Determine first path in the Heterogeneous Information network, path of the member path between user undetermined and fraudulent user；It is based on User undetermined corresponding member path in the Heterogeneous Information network, determines the risk label of the user undetermined.

Above-mentioned at least one technical solution that this specification embodiment uses can reach following advantageous effect：Pass through basis The access path information architecture Heterogeneous Information network of user, and based on the fraudulent user marked in the Heterogeneous Information network, really Determine first path between user undetermined and fraudulent user in Heterogeneous Information network, and then first path based on user undetermined, determines The risk label of user undetermined, to identify fraudulent user therein.

Description of the drawings

Attached drawing described herein is used for providing further understanding of the present application, constitutes part of this application, this Shen Illustrative embodiments and their description please do not constitute the improper restriction to the application for explaining the application.In the accompanying drawings：

Fig. 1 is the method implementation process signal for the determination consumer's risk label undetermined that one embodiment of this specification provides Figure；

Fig. 2 is the Heterogeneous Information in the method for the determination consumer's risk label undetermined that one embodiment of this specification provides Network diagram；

Fig. 3 is that the method implementation process for the determination consumer's risk label undetermined that another embodiment of this specification provides is shown It is intended to；

Fig. 4 is the apparatus structure schematic diagram for the determination consumer's risk label undetermined that one embodiment of this specification provides；

Fig. 5 is the structure diagram for the electronic equipment that one embodiment of this specification provides.

Specific implementation mode

To keep the purpose, technical scheme and advantage of the application clearer, below in conjunction with the application specific embodiment and Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing Go out the every other embodiment obtained under the premise of creative work, shall fall in the protection scope of this application.

As shown in Figure 1, one embodiment of this specification provides a kind of method determining consumer's risk label undetermined, use In the risk label for determining user undetermined, the idiographic flow schematic diagram of this method is as shown in Figure 1, include the following steps：

S102：Obtain the access path information of user in the network flow in the predetermined time.

Predetermined time in the embodiment, the period before being current time, for example, the predetermined time can be most Nearly 1 year, nearest half a year or nearest one day etc..User in the embodiment can be all in transaction platform or website Registered user can also be a part of user etc. selected in above-mentioned transaction platform or website.Above-mentioned access path information, A series of continuous historical operation record information of user can be used for characterizing, for example, access path information can be characterization user A Using device A connecting wireless network equipment A and have purchased commodity A etc..

S104：According to the access path information architecture Heterogeneous Information network of user.

Wherein, the node of the Heterogeneous Information network includes the access path node of user and user.

In the access path information of above-mentioned user, user, equipment, connection wireless network WI-FI etc., can be used as be Different types of node in Heterogeneous Information network, therefore, the step can be according to the sections in the access path information of above-mentioned user The structure Heterogeneous Information network such as path between point and node.A kind of Heterogeneous Information network of structure is as shown in Fig. 2, in Fig. 2 In, account A, account B, account C, account D and suspicion fraudulent user X1, fraudulent user Y, suspicion fraudulent user X2 node class Type is user type；The node type of mobile phone M1, computer P and mobile phone M2 are device type；WI-FI and location-based clothes The node type of business LBS is properly termed as environmental form.

Optionally, as one embodiment, the path in the Heterogeneous Information network between adjacent any two node For indicating to include described two nodes at least one access path information.

Optionally, as one embodiment, the access path node of user can also include other than user information It is following at least one：The equipment that user uses；The LAN for the equipment access that user uses；Network address (the example of user's browsing Such as, the shop record of user's browsing)；And location based service LBS used in customer access network, wherein above-mentioned use Family information may include account, phone number, email address or Unique Material identification code of user etc. again.

S106：Based on the fraudulent user marked in the Heterogeneous Information network, the member in the Heterogeneous Information network is determined Path, path of the member path between user undetermined and fraudulent user.

Include user node in the Heterogeneous Information network that above-mentioned structure is completed, includes a large amount of use in user node Family may include having fraudulent user, user undetermined, normal users etc. in these users, wherein user undetermined, which is uncertain, is Fraudulent user or normal users.In addition, fraudulent user can also be marked fraudulent user label by the step.

In this specification embodiment, first path (meta path) can realize connection not in above-mentioned Heterogeneous Information network With the series connection of node type, it is specifically as follows the path between user undetermined and fraudulent user, that is, first path can be source node Be fraudulent user, end-node it is user undetermined；Alternatively, it is fraudulent user that source node, which is user undetermined, end-node,.

When specifically determining first path in the step, the node type and node that can be primarily based in Heterogeneous Information network Relationship between type builds its synoptic diagram；Then, it is based on above-mentioned synoptic diagram, first road is obtained using breadth first traversal algorithm etc. Diameter.For example, may be used breadth first traversal algorithm on synoptic diagram from user type node until another user class Type node terminates.Under normal conditions, since there may be two-way sides, ergodic algorithm to terminate naturally in above-mentioned synoptic diagram, institute The length in first path can be specified as constraints, stop traversal when the path of traversal is more than the length.

S108：Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine the user's undetermined Risk label.

User undetermined in the step can belong to the user in above-mentioned S102.Risk label in the step, specifically Can be characterization user undetermined it be fraudulent user, or characterization user undetermined is normal users；Optionally, the risk mark in the step Label, can also be the risk class for characterizing user undetermined, for example, it is low risk of fraud user, medium fraud to characterize user undetermined Risk subscribers or high risk of fraud user etc..

As previously mentioned, path of the first path determined in S106 between user undetermined and fraudulent user, as one A preferred embodiment, S108 can according to user undetermined in the Heterogeneous Information network it is corresponding member path quantity and/or Length etc., to determine the risk label of user undetermined.

If for example, the number in first path of the user undetermined is greater than or equal to the first predetermined threshold, it is determined that described to wait for It is fraudulent user to determine user；Or,

If path length is less than or equal to the number in first path of the second predetermined threshold in first path of the user undetermined More than the first predetermined threshold, it is determined that the user undetermined is fraudulent user；Or,

If path length is all higher than third predetermined threshold in all first paths of the user undetermined, it is determined that described undetermined User is low risk of fraud user.

Wherein, the quantity in first path is more, and the intersection characterized between user undetermined and fraudulent user is more, then user undetermined Closer with fraudulent user, then user undetermined is that the possibility of fraudulent user is higher.The length in first path is longer, and characterization is undetermined It may be contacted between user and fraudulent user (for example, having been used under the same wireless network, in identical place identical Location based service etc.) possibility with regard to smaller, then user undetermined is that the possibility of fraudulent user is lower.

Certainly, in other examples, it is also based on user undetermined corresponding member in the Heterogeneous Information network Path, and some other factors, for example, whether abnormal, Receiving information is abnormal etc. for trading activity, collectively as reference According to determining the risk label of the user undetermined.

By the method for the determination consumer's risk label undetermined that this specification embodiment provides, pass through the access according to user Routing information builds Heterogeneous Information network, and based on the fraudulent user marked in the Heterogeneous Information network, determines Heterogeneous Information First path in network between user undetermined and fraudulent user, and then first path based on user undetermined, determine user's undetermined Risk label, to identify fraudulent user therein.

The prior art is typically abnormal etc. from trading activity exception, Receiving information when determining consumer's risk label undetermined Dimension sets out to identify the fraudulent trading of fraudulent user, when fraudulent user deliberately avoids the knowledge of air control strategy by some behaviors When transferring accounts not or by multilayer to realize fund transfer, the prior art is then helpless, and this specification embodiment is because fully sharp With the access path information of user, the accuracy of identification fraudulent user is improved, fraudulent user is solved and passes through some behaviors Come deliberately avoid the identification of air control strategy or transferred accounts by multilayer realize fund transfer when None- identified the problem of.

In addition, the fraud recognition methods that this specification embodiment provides, passes through the Heterogeneous Information network and member constructed Path, it is easy to the relationship of fraudulent user and user undetermined is depicted, it is explanatory preferable.

In the above-described embodiments, since the routing information moment that user accesses in network flow is all changing, in order to Newest access path information is made full use of, the accuracy for the consumer's risk label undetermined determined finally is improved, in above-mentioned reality After applying the risk label for determining user undetermined in the S108 in example, for example, determining that some or multiple users undetermined are After fraudulent user, the fraudulent user determined can also be added label, with the fraudulent user marked before, and pre- timing The access path information of user in interior updated network flow, updates the Heterogeneous Information network.

After the Heterogeneous Information network is completed in update, it can also continue to hold according to the S106 and S108 of above-described embodiment Row, the risk label of other users undetermined is determined with this.Also, above-mentioned adjustment Heterogeneous Information network, and then determine use undetermined The process of the risk label at family can repeatedly recycle execution.

Optionally, before the risk label that the S108 of above-described embodiment determines the user undetermined, above-described embodiment side Method can also include the following steps：The corresponding first road of risk label and training user's data based on training user's data Diameter is trained fraud identification model；In this way, the S108 in above-described embodiment is based on user undetermined in the Heterogeneous Information net Corresponding member path, determines the risk label of the user undetermined in network, including：Can be specifically by user undetermined described different Input of the corresponding member path as fraud identification model in structure information network, to obtain the risk label of the user undetermined.

As shown in figure 3, this specification yet another embodiment provides a kind of sides determining consumer's risk label undetermined Method, for determining that the risk label of user undetermined first realizes it before introducing the embodiment based on fraud identification model Thought is introduced.

See you later Fig. 2, and Fig. 2 is one and is typically built using Transaction Information, account information, facility information and environmental information Heterogeneous Information network.In fig. 2, account A and account B has remitted money to suspicion fraudulent user X1 simultaneously, and there are no good at this time Method judges that account X1 is fraudulent user.

By above-mentioned Heterogeneous Information network can be seen that suspicion fraudulent user X1 (user X1 undetermined) and at present oneself through determination Fraudulent user account Y (or fraudulent user Y) between exist association：That is, suspicion fraudulent user X1 used mobile phone M1, fraud User Y used computer P, mobile phone M1 and computer P to appear under wireless network W simultaneously again.So utilizing above-mentioned Heterogeneous Information net Network, we may determine that suspicion fraudulent user account X1 be fraudulent user possibility it is big.

Specifically, as shown in figure 3, the embodiment includes the following steps：

S302：Obtain the access path information of user in the network flow in the predetermined time.

The specific of the step discloses S102 of the shortcoming referring to above-described embodiment.

S304：According to the access path information architecture Heterogeneous Information network of user.

Wherein, the node of the Heterogeneous Information network includes the access path node of user and user.

In the embodiment, as shown in Fig. 2, the access path node of user includes user account, user equipment and user Environment residing for equipment etc., wherein the environment residing for user equipment may include the WI-FI of user equipment connection, and should Used location based service record of user etc..

In this way, according to the Heterogeneous Information network that the access path information architecture of user comes out, user can specifically include The various types of node such as account, user equipment and environment.

The other of the step disclose S104 of the shortcomings referring to above-described embodiment.

S306：Based on the fraudulent user marked in the Heterogeneous Information network, the member in the Heterogeneous Information network is determined Path.

Path of the member path between user undetermined and fraudulent user.

As shown in figure 3, suspicion fraudulent user X1 and suspicion fraudulent user X2 are not determine whether it is the undetermined of fraudulent user User, suspicion fraudulent user X1 used mobile phone M1, fraudulent user Y that computer P, suspicion fraudulent user X2 was used to use mobile phone M2, and mobile phone M1 and computer P were all connected with wireless network (WI-FI) W, mobile phone M2 and computer P and used location-based clothes Be engaged in LBS.

In this way, the relationship between suspicion fraudulent user X1 and fraudulent user Y can portray as a first path：X1→M1 → W → P → Y is connected in series suspicion fraudulent user X1 and fraudulent user Y by this yuan of path；It suspicion fraudulent user X2 and takes advantage of Relationship between swindleness user Y can portray as a first path：X2 → M2 → L → P → Y takes advantage of suspicion by this yuan of path Swindleness user X2 and fraudulent user Y is connected in series.

According to first path obtained above, when there is new transaction to generate, in Fig. 2, account A is to suspicion fraudulent user X1 A transaction has occurred, can search with the presence or absence of there is concatenated first path between suspicion fraudulent user X1 and fraudulent user, such as Fruit exists, then can mark and be；If it does not exist, then it is that can construct the variable based on first path in this way that can mark System.

S308：The corresponding first path of risk label and training user's data based on training user's data, to fraud Identification model is trained.

When the step specifically obtains fraud identification model, model can be built first, for example, by using Multiple Kernel Learning (multi- Kernal learning) mode build model；Then the risk label of training user's data and the training are used The corresponding first path of user data is trained the model put up as training data, finally obtains fraud identification model.Separately Outside, when structure cheats identification model, identification model can be built using the method for Multiple Kernel Learning, that is, different types of original Path is built using different core, and such as two layers of relationship and multilayer relationship can use different models, be carried then in conjunction with gradient It rises decision tree (Gradient Boosting Decision Tree, GBDT) algorithm or random forest (Random Forest) is calculated Method scheduling algorithm builds model, and then by integrated mode, (Ensemble methods arrive the algorithm combination of several machine learning Together, or a kind of different parameters of algorithm be grouped together) mode build model.

S310：Using user undetermined in the Heterogeneous Information network it is corresponding member path as cheat identification model it is defeated Enter, to obtain the risk label of the user undetermined.

Above-mentioned fraud identification model is determined for the risk label of user undetermined, for example, the member for determining input The risk label of user undetermined in path；Further for example, determining the risk of the user account undetermined for the both parties being newly generated Label etc..

By the method for the determination consumer's risk label undetermined that this specification embodiment provides, known according to the fraud constructed Other model, you can the risk label for determining user undetermined, to identify fraudulent user.

The prior art is typically abnormal etc. from trading activity exception, Receiving information when determining consumer's risk label undetermined Dimension sets out to identify the fraudulent trading of fraudulent user, when fraudulent user deliberately avoids the knowledge of air control strategy by some behaviors When transferring accounts not or by multilayer to realize fund transfer, the prior art is then helpless, and this specification embodiment is because fully sharp With the access path information of user, the accuracy of identification fraudulent user is improved, fraudulent user is solved and passes through some behaviors Come deliberately avoid the identification of air control strategy or transferred accounts by multilayer realize fund transfer when None- identified the problem of.

In addition, the fraud recognition methods that this specification embodiment provides, passes through the Heterogeneous Information network and member constructed Path, it is easy to the relationship of fraudulent user and account undetermined is depicted, it is explanatory preferable.

Data in the Heterogeneous Information network constructed due to above-mentioned S304 are all being changed all the time, optionally, As one embodiment, the access path information of user can also be updated, and constantly updates above-mentioned first path, specifically more Singapore dollar road When diameter, a set of mechanism can be set and go to find the relationship between fraudulent user (black sample), by small between the black sample of construction Type network finds new first path；Can also according to the node added in Heterogeneous Information network come more Singapore dollar path, for example, than Such as, the node of video website type is added in Heterogeneous Information network, in this way, above-mentioned member path will be derived, for example, account Family A and account B has viewed certain minority's channel of the video website simultaneously.

By above-mentioned newer first path, it can also be used to the above-mentioned fraud identification model of re -training, for example, passing through The machine learning algorithm of online learning is updated above-mentioned fraud identification model, can be specifically daily update or Person is update etc. by the hour.

Description above part describes the embodiment of the method for determining consumer's risk label undetermined in detail, as shown in figure 4, this Specification additionally provides a kind of device determining consumer's risk label undetermined, as shown in figure 4, the device includes：

Access path data obtaining module 401 obtains the access path information of user in the network flow in the predetermined time；

Module 402 is built, according to the access path information architecture Heterogeneous Information network of user, wherein the Heterogeneous Information The node of network includes the access path node of user and user；

First path determination module 403 determines the isomery letter based on the fraudulent user marked in the Heterogeneous Information network Cease first path in network, path of the member path between user undetermined and fraudulent user；

Risk label determining module 404 is based on user undetermined corresponding member path in the Heterogeneous Information network, determines The risk label of the user undetermined.

Optionally, as one embodiment, the path in the Heterogeneous Information network between adjacent any two node For indicating to include described two nodes at least one access path information.

Optionally, as one embodiment, the risk label determining module 404, if first path of the user undetermined Number be greater than or equal to the first predetermined threshold, it is determined that the user undetermined be fraudulent user.

Optionally, as one embodiment, the risk label determining module 404, if first path of the user undetermined The number that middle path length is less than or equal to first path of the second predetermined threshold is more than the first predetermined threshold, it is determined that described undetermined User is fraudulent user.

Optionally, as one embodiment, described device further includes：Update module, based on the fraudulent user determined, with And in the network flow in the predetermined time user access path information, update the Heterogeneous Information network.

Optionally, as one embodiment, described device further includes：Model training module, based on training user's data Risk label and the corresponding first path of training user's data, are trained fraud identification model；The risk label is true Cover half block 404, using user undetermined in the Heterogeneous Information network it is corresponding member path as cheat identification model input, with Obtain the risk label of the user undetermined.

Optionally, as one embodiment, the access path node of user includes following at least one：What user used sets It is standby；The LAN for the equipment access that user uses；The network address of user's browsing；And the location based service that user uses LBS。

It is referred to corresponding preceding text according to the device of the above-mentioned determination of this specification embodiment consumer's risk label undetermined The flow of the method for the determination consumer's risk label undetermined of inventive embodiments, also, the dress of determination consumer's risk label undetermined Each unit/module and other above-mentioned operation and/or functions in setting determine consumer's risk label undetermined to realize respectively Corresponding flow in method, for sake of simplicity, details are not described herein.

Below in conjunction with Fig. 5 detailed descriptions according to the electronic equipment of the embodiment of the present application.With reference to figure 5, in hardware view, electricity Sub- equipment includes processor, optionally, including internal bus, network interface, memory.Wherein, as shown in figure 5, memory can Can include memory, such as high-speed random access memory (Random-Access Memory, RAM), it is also possible to further include non-easy The property lost memory (non-volatile memory), for example, at least 1 magnetic disk storage etc..Certainly, which is also possible to Including realizing the required hardware of other business.

Processor, network interface and memory can be connected with each other by internal bus, which can be industry Standard architecture (Industry Standard Architecture, ISA) bus, Peripheral Component Interconnect standard (Peripheral Component Interconnect, PCI) bus or expanding the industrial standard structure (Extended Industry Standard Architecture, EISA) bus etc..The bus can be divided into address bus, data/address bus, Controlling bus etc..For ease of indicating, only indicated with a four-headed arrow in Fig. 5, it is not intended that an only bus or one kind The bus of type.

Memory, for storing program.Specifically, program may include program code, and said program code includes calculating Machine operational order.Memory may include memory and nonvolatile memory, and provide instruction and data to processor.

Processor is from then operation in corresponding computer program to memory is read in nonvolatile memory, in logical layer The device of forwarding chat message is formed on face.Processor executes the program that memory is stored, and specifically for executing this explanation The operation of the previously described embodiment of the method for book.

The method that the method or apparatus that above-mentioned Fig. 1 to Fig. 4 illustrated embodiment discloses executes can be applied in processor, or Person is realized by processor.Processor may be a kind of IC chip, the processing capacity with signal.During realization, Each step of the above method can be completed by the integrated logic circuit of the hardware in processor or the instruction of software form.On The processor stated can be at general processor, including central processing unit (Central Processing Unit, CPU), network Manage device (Network Processor, NP) etc.；Can also be digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate Array (Field-Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or crystalline substance Body pipe logical device, discrete hardware components.May be implemented or execute disclosed each method in the embodiment of the present application, step and Logic diagram.General processor can be microprocessor or the processor can also be any conventional processor etc..In conjunction with The step of method disclosed in the embodiment of the present application, can be embodied directly in hardware decoding processor and execute completion, or with decoding Hardware and software module combination in processor execute completion.Software module can be located at random access memory, flash memory, read-only storage In the storage medium of this fields such as device, programmable read only memory or electrically erasable programmable memory, register maturation.It should The step of storage medium is located at memory, and processor reads the information in memory, the above method is completed in conjunction with its hardware.

The method that electronic equipment shown in fig. 5 can also carry out Fig. 1 to Fig. 3, and realize and determine consumer's risk label undetermined Method is in the function of Fig. 1 to embodiment illustrated in fig. 3, and details are not described herein for the embodiment of the present application.

Certainly, other than software realization mode, other realization methods are not precluded in the electronic equipment of the application, for example patrol Collect the mode etc. of device or software and hardware combining, that is to say, that the executive agent of following process flow is not limited to each patrol Unit is collected, can also be hardware or logical device.

This specification embodiment also provides a kind of computer readable storage medium, is stored on computer readable storage medium Computer program, the computer program realize each process of above-mentioned each embodiment of the method when being executed by processor, and can reach To identical technique effect, to avoid repeating, which is not described herein again.Wherein, the computer readable storage medium, it is such as read-only Memory (Read-Only Memory, abbreviation ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic disc or CD etc..

It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, the application can be used in one or more wherein include computer usable program code computer The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.

The application is with reference to method, the flow of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.

These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.

In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net Network interface and memory.

Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology realizes information storage.Information can be computer-readable instruction, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storages, magnetic tape cassette, tape magnetic disk storage or other magnetic storage apparatus Or any other non-transmission medium, it can be used for storage and can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.

It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability Including so that process, method, commodity or equipment including a series of elements include not only those elements, but also wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including element There is also other identical elements in process, method, commodity or equipment.

It these are only embodiments herein, be not intended to limit this application.To those skilled in the art, The application can have various modifications and variations.It is all within spirit herein and principle made by any modification, equivalent replacement, Improve etc., it should be included within the scope of claims hereof.

Claims (10)

1. a kind of method determining consumer's risk label undetermined, including：

Obtain the access path information of user in the network flow in the predetermined time；

According to the access path information architecture Heterogeneous Information network of user, wherein the node of the Heterogeneous Information network includes using The access path node of family and user；

Based on the fraudulent user marked in the Heterogeneous Information network, first path in the Heterogeneous Information network is determined, it is described Path of first path between user undetermined and fraudulent user；

Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine the risk label of the user undetermined.

2. the method as described in claim 1,

Path in the Heterogeneous Information network between adjacent any two node is for indicating at least one access path letter Include described two nodes in breath.

3. method according to claim 1 or 2,

Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine the risk label of the user undetermined, Including：

If the number in first path of the user undetermined is greater than or equal to the first predetermined threshold, it is determined that the user undetermined is to take advantage of Cheat user.

4. method according to claim 1 or 2,

Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine the risk label of the user undetermined, Including：

If in first path of the user undetermined, the number that path length is less than or equal to first path of the second predetermined threshold is more than First predetermined threshold, it is determined that the user undetermined is fraudulent user.

5. method according to claim 1 or 2, the method further includes：

The access path information of user in network flow based on the fraudulent user determined and in the predetermined time updates institute State Heterogeneous Information network.

6. method according to any one of claims 1 to 5, before the risk label for determining the user undetermined, the side Method further includes：

The corresponding first path of risk label and training user's data based on training user's data, to fraud identification model into Row training；

Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine the risk label of the user undetermined, Including：

Using user undetermined, corresponding member path is as the input of fraud identification model in the Heterogeneous Information network, to obtain State the risk label of user undetermined.

7. the access path node of the method as described in claim 1, user includes following at least one：

The equipment that user uses；

The LAN for the equipment access that user uses；

The network address of user's browsing；And

Location based service LBS used by a user.

8. a kind of device determining consumer's risk label undetermined, including：

Access path data obtaining module obtains the access path information of user in the network flow in the predetermined time；

Module is built, according to the access path information architecture Heterogeneous Information network of user, wherein the section of the Heterogeneous Information network Point includes the access path node of user and user；

First path determination module determines the Heterogeneous Information network based on the fraudulent user marked in the Heterogeneous Information network In first path, the path of the member path between user undetermined and fraudulent user；

Risk label determining module is based on user undetermined corresponding member path in the Heterogeneous Information network, waiting for described in determination Determine the risk label of user.

9. a kind of electronic equipment, including：It memory, processor and is stored on the memory and can transport on the processor Capable computer program realizes following operation when the computer program is executed by the processor：

Obtain the access path information of user in the network flow in the predetermined time；

According to the access path information architecture Heterogeneous Information network of user, wherein the node of the Heterogeneous Information network includes using The access path node of family and user；

Based on the fraudulent user marked in the Heterogeneous Information network, first path in the Heterogeneous Information network is determined, it is described Path of first path between user undetermined and fraudulent user；

Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine the risk label of the user undetermined.

10. a kind of computer readable storage medium, computer program, the meter are stored on the computer readable storage medium Following operation is realized when calculation machine program is executed by processor：

Obtain the access path information of user in the network flow in the predetermined time；

According to the access path information architecture Heterogeneous Information network of user, wherein the node of the Heterogeneous Information network includes using The access path node of family and user；

Based on the fraudulent user marked in the Heterogeneous Information network, first path in the Heterogeneous Information network is determined, it is described Path of first path between user undetermined and fraudulent user；

Based on user undetermined in the Heterogeneous Information network it is corresponding member path, determine the risk label of the user undetermined.