Specific embodiment
In risk identification, the probability that user belongs to risk subscribers can be obtained based on prediction model, it later, can be with base
Whether belong to risk subscribers in the risk identification strategy identification user pre-established.Wherein, the risk identification strategy can be managed
Solution is a kind of rule, and whether the determine the probability user which can belong to risk subscribers according to user belongs to risk subscribers.
For example, risk identification strategy can be when the probability (numberical range is 0~1) that user belongs to risk subscribers is greater than
When equal to 0.9, user belongs to risk subscribers, then, when the probability that user belongs to risk subscribers is 0.8, it is believed that user
Risk subscribers are not belonging to, when the probability that user belongs to risk subscribers is 0.9, it is believed that user belongs to risk subscribers.
However, existing risk identification strategy is usually rule of thumb formulated by decision-maker, when carrying out risk identification,
Accuracy is usually relatively low.For example, the risk threshold value of setting is 0.9, but 0.9 is in the risk identification strategy of above-mentioned record
Decision-maker is set based on experience, not necessarily optimum value, in this way, when carrying out risk identification, it is more likely that will be normal
User is mistakenly identified as risk subscribers, and risk subscribers are mistakenly identified as normal users, causes the accuracy of recognition result lower.
In view of this, the embodiment of the present application provides a kind of Risk Identification Method and device, this method comprises: obtaining wait know
The feature of risk value of other user, the feature of risk value is for characterizing the probability that the user to be identified belongs to risk subscribers;It obtains
The feature of risk information of the user to be identified is taken, the feature of risk information is used to characterize the information of the user to be identified
In information relevant to risk;The risk identification model that training obtains in advance is obtained, the risk identification model is based on different use
Feature of risk value, feature of risk information and the true tag training at family obtain;According to the feature of risk of the user to be identified
Value, feature of risk information and the risk identification model, identify whether the user to be identified belongs to risk subscribers.
Technical solution provided by the embodiments of the present application, can feature of risk value, feature of risk information previously according to user
And true tag, training obtain risk identification model, when carrying out risk identification to user to be identified, will can instruct in advance
The risk identification model got is believed as risk identification strategy in conjunction with the feature of risk value and feature of risk of user to be identified
Breath, identifies whether user to be identified belongs to risk subscribers.In this way, due to can be using the feature of risk information of user as training
Sample obtains risk identification strategy by way of model training, therefore, can be in conjunction with user's when carrying out risk identification
Feature of risk information efficiently identifies whether user belongs to risk subscribers, and the accuracy of recognition result is higher.
In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with the application
Attached drawing in embodiment, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described reality
Example is applied to be merely a part but not all of the embodiments of the present application.Based on the embodiment in the application, this field
Those of ordinary skill's every other embodiment obtained without creative efforts, all should belong to this Shen
The range that please be protect.
In the embodiment of the present application, the risk subscribers can be understood as fraudulent user, brush single user or other risk classifications
User, specifically can according to actual application scenarios determine, be not specifically limited here.
In technical solution provided by the embodiments of the present application, when one of risk class that risk subscribers are above-mentioned record
When the user of type, by taking fraudulent user as an example, the feature of risk value of user can characterize the probability that user belongs to fraudulent user, right
When user carries out risk identification, recognition result can be that user belongs to fraudulent user or user is not belonging to fraudulent user.
Below in conjunction with attached drawing, the technical scheme provided by various embodiments of the present application will be described in detail.
Fig. 1 is the flow diagram of one embodiment Risk Identification Method of the application.The Risk Identification Method is as follows
It is described.
S102: the feature of risk value of user to be identified is obtained.
In S102, when identifying whether user belongs to risk subscribers, the feature of risk of available user to be identified
Value, the feature of risk value can characterize the probability that user to be identified belongs to risk subscribers.
In one embodiment of the application, the feature of risk value of user to be identified is obtained, may comprise steps of:
The feature to be identified of the user to be identified is obtained, the feature to be identified includes the text of the user to be identified
At least one of eigen, characteristics of image and structural data feature;
The prediction model that training obtains in advance is obtained, the prediction model is based on the feature to be identified of user and user
True tag training obtain, the prediction model is used to predict the feature of risk value of user;
Feature to be identified and the prediction model based on the user to be identified, determination obtain the use to be identified
The feature of risk value at family.
In the present embodiment, it can train in advance and obtain prediction model, the wind of user to be identified is obtained based on prediction model
Dangerous characteristic value.Wherein, the prediction model can be understood as disaggregated model, and the prediction model can be used for predicting to be identified
Whether user belongs to risk subscribers, and the prediction result of model can characterize the probability that user to be identified belongs to risk subscribers.
In the training prediction model, the feature to be identified of available multiple users and multiple user's is true
Real label, and using the feature to be identified of multiple users and true tag as training sample, training obtains the prediction model.
The feature to be identified may include at least one in text feature, characteristics of image and structural data feature
Kind, by taking a user as an example, the text feature, which can be understood as other users, to be reported in the text reported when the user and includes
Text feature, described image feature can be understood as image (such as the chat screenshot of user that other users report the user
Deng) in include characteristics of image, the structural data feature can be understood as user and generated during using internet
Internet data (such as transaction data of user) in include data characteristics.
The true tag can be understood as the label whether characterization user belongs to risk subscribers.
It should be noted that in training prediction model, if feature to be identified in training sample be text feature,
Characteristics of image or structural data feature can then train to obtain a prediction model;If the spy to be identified in training sample
Sign includes two or three in text feature, characteristics of image and structural data feature, then can accordingly train and obtain two
A or three prediction models.
For example, can train to obtain a prediction model when the feature to be identified in training sample is text feature;
When the feature to be identified in training sample is text feature and characteristics of image, can train to obtain two prediction models.
After training obtains prediction model, when obtaining the feature of risk value of user to be identified, it can obtain first wait know
The feature to be identified of other user, wherein the feature to be identified of user to be identified also may include the text feature of above-mentioned record,
At least one of characteristics of image and structural data feature, however, it is desirable to explanation, the user to be identified got
Feature to be identified type, need corresponding with the prediction model.
For example, when prediction model is that the text prediction model obtained based on text feature training is made, it is available to be identified
The text feature of user;When prediction model is the text prediction model being respectively trained based on text feature and characteristics of image
When with image prediction model, the text feature and characteristics of image of available user to be identified are no longer illustrated one by one here
It is bright.
When obtaining the feature to be identified of user to be identified, can be obtained from the Recent data of user to be identified.Example
Such as, it when obtaining the text feature of user to be identified, is reported in recent 15 days or one month it is possible, firstly, to obtain user
When the text that reports of other users;Secondly, analyzing the text that other users report, text feature is acquired.
After getting the feature to be identified of user, the feature to be identified of user to be identified can be input to corresponding
In prediction model, the output of prediction model is obtained as a result, the output result, which can characterize user to be identified, belongs to risk subscribers
Probability, i.e., the feature of risk value of user to be identified.
In the present embodiment, the numberical range of the feature of risk value can be [0,1].
It should be noted that when user to be identified has multiple same type of features to be identified, based on prediction mould
The available multiple outputs of type are as a result, at this point it is possible to using the average value of multiple output results as the feature of risk value.Example
Such as, there are three text feature, (corresponding application scenarios can be user to be identified and reported by other users user's tool to be identified
Repeatedly, when repeatedly being reported, the multiple texts reported correspond to multiple text features), it is available based on text prediction model
Multiple outputs are as a result, at this point it is possible to using the average value of multiple output results as the feature of risk value of user to be identified, with three
For a output result 0.7,0.8 and 0.9, average value 0.8 can be regard as the feature of risk value.
If should be noted prediction model number be it is multiple, based on multiple prediction models it is available multiple
Feature of risk value, that is, the number of the feature of risk value of the user to be identified obtained are multiple.For example, prediction model includes text
Prediction model and image prediction model, then for the available output of text prediction model as a result, being based on image prediction mould
The available output of type can be used as the feature of risk value of user to be identified as a result, the two export results, i.e., to be identified
The number of the feature of risk value of user can be two.
The embodiment of the present application, can after the method based on above-mentioned record acquires the feature of risk value of user to be identified
To execute S104.
S104: the feature of risk information of the user to be identified is obtained.
In S104, after getting the feature of risk value of user to be identified, the risk of available user to be identified is special
Reference breath.
In the embodiment of the present application, the feature of risk information can be used for characterizing in the information of user to be identified with risk
Relevant information can specifically include at least one of following four information:
(1) user to be identified is with the presence or absence of the transaction record in preset time;
Consumer's risk that the preset time can identify according to specific needs determines, for example, identification user whether be
When fraudulent user, the preset time can be morning, for example, it may be 0 point to 2 points of morning, it is also possible to 1:00 AM to 4
Point etc..
(2) between the user to be identified is when carrying out more transactions in the preset time between more transactions
Every the time;
Assuming that carrying out more transactions in preset time described in user to be identified, the interval time between more transactions can shadow
Ring the risk identification result to user to be identified.For example, user to be identified is very possible if user to be identified is fraudulent user
More transactions, transaction when more transactions are fraud, and the interval between more transactions have been carried out in the preset time
Time is usually shorter.
(3) transaction amount when user to be identified trades in the preset time;
The transaction amount of user to be identified within a preset time also will affect to the risk identification of user to be identified as a result,
For example, the transaction amount of user to be identified within a preset time may be bigger if user to be identified is fraudulent user.
(4) number that the user to be identified is reported.
The number that user to be identified is reported by other users can illustrate the risk of user to be identified to a certain extent
Just, wherein a possibility that number that user to be identified is reported is more, belongs to risk subscribers are higher.
It should be understood that above-mentioned only carried out feature of risk information for example, in practical applications, the feature of risk
Information can also include other information relevant to risk, can specifically be determined according to practical application scene, not do here specific
It limits.Wherein, under different application scenarios, the feature of risk information be may be the same or different.
After getting the feature of risk information of user to be identified, S106 can be executed.
S106: the risk identification model that training obtains in advance is obtained.
In S106, risk identification model that available preparatory training obtains.In the embodiment of the present application, the risk
Identification model can be considered as risk identification strategy, can determine whether user to be identified belongs to wind based on the risk identification model
Dangerous user.
The risk identification model can feature of risk value, feature of risk information and true mark based on different user
Label training obtains, the wind recorded in feature of risk value, feature of risk information and true tag and above-mentioned S102 and S104 here
Dangerous characteristic value, feature of risk information are identical with true tag, are not repeated herein and are illustrated.
In the embodiment of the present application, the risk identification model can be trained in the following manner and be obtained:
Obtain the feature of risk value of different user and the true tag of the different user;
Obtain the feature of risk information of the different user;
Feature of risk value, true tag and feature of risk information based on the different user, training obtain tree mould
Type, and using the tree-model as the risk identification model.
When obtaining the feature of risk value of different user, by taking one of them first user as an example, following steps can be passed through
Obtain the feature of risk value of first user:
The feature to be identified of first user is obtained, the feature to be identified includes that the text of first user is special
At least one of sign, characteristics of image and structural data feature;
The prediction model that training obtains in advance is obtained, the prediction model is based on the feature to be identified of user and user
True tag training obtain, the prediction model is used to predict the feature of risk value of user;
Feature to be identified and the prediction model based on first user, determination obtain first user's
Feature of risk value.
It should be noted that obtained in the feature to be identified needs of first user got and above-mentioned S102
The feature to be identified of user to be identified is consistent, i.e., if what is obtained in S102 is the text feature of user to be identified, that
, what is obtained here is also the text feature of the first user.Wherein, the specific implementation of the feature to be identified of the first user is obtained
Mode may refer to the related content recorded in above-mentioned S102, and description is not repeated herein.
Here prediction model can be identical as the prediction model recorded in S102, may be used to the wind for predicting user
Dangerous characteristic value, i.e. user belong to the probability of risk subscribers, specifically also may refer to the related content recorded in above-mentioned S102.
It, can be by first user's after the feature to be identified and prediction model for getting first user
Input of the feature to be identified as prediction model, the output result of model are the feature of risk value of first user.
When obtaining the feature of risk information of different user, the feature of risk information that gets can in above-mentioned S104
The feature of risk information of record is identical.
It, can be with these after feature of risk value, feature of risk value information and the true tag for getting different user
Information obtains tree-model as sample characteristics, training.
In the embodiment of the present application, the tree-model is decision-tree model, it is preferable that the decision-tree model can be
Adabagging decision tree on the basis of can be realized technical solution provided by the embodiments of the present application, is also not excluded for certainly
Other kinds of decision-tree model, no longer illustrates one by one here.
In training tree-model, specific training method may refer to the training method of existing tree-model, and the application is real
Example is applied to be not described in detail.
It, can be directly using the tree-model as institute in one embodiment of the application after training obtains tree-model
State risk identification model.
It in another embodiment of the application, can test to tree-model, and determine that tree-model meets expection
When, using tree-model as the risk identification model.Implementing step may include:
Judge whether the training quota of the tree-model is more than or equal to preset value, the training quota of the tree-model includes
At least one of accuracy rate and coverage rate;
When the training quota is less than the preset value, tree-model parameter is adjusted, the tree-model parameter includes training
At least one of size, the quantity of leaf node, the depth of tree, type of the feature of risk information;
Based on the tree-model parameter adjusted, tree-model described in re -training.
The tree-model that the training quota can be obtained based on training is analyzed to obtain, and the training quota can be accurately
Rate is also possible to coverage rate, can also also include coverage rate comprising accuracy rate, it is preferable that in order to improve the standard of risk identification
Exactness, the training quota can be accuracy rate and coverage rate.
The preset value preferably can be any value between 90% to 100%, specifically can according to the actual situation really
It is fixed, it is not specifically limited here.Wherein, when the training quota when the training quota be accuracy rate and coverage rate when, accurately
Rate and coverage rate can respectively correspond a preset value, and accuracy rate and the corresponding preset value of coverage rate can be identical,
It can be different.
When whether the training quota for judging tree-model is more than or equal to the preset value, in one implementation, if
The training quota of tree-model is greater than or equal to the preset value, then tree-model directly can be determined as the risk identification mould
Type.
In another implementation, if the training quota of tree-model is less than the preset value, need to adjust tree mould
Shape parameter, the tree-model parameter may include the size of training sample, the quantity, the depth of tree of leaf node in tree-model,
Which tree-model parameter is at least one of the type of the feature of risk information specifically adjust, can according to the actual situation really
It is fixed.
After adjusting tree-model parameter, it can be based on tree-model parameter adjusted, tree-model described in re -training obtains
To new tree-model.
After obtaining new tree-model, it can judge that the training quota of new tree-model is according to the method for above-mentioned record
It is no be more than or equal to the preset value, if it is, can using new tree-model as the risk identification model, if it is not, then
It can continue to adjust tree-model parameter, and the tree-model new based on tree-model parameter training adjusted again, until new tree
The training quota of model is equal to or more than the preset value, and will newly train tree-model as the risk identification model.
It should be noted that in practical applications, in re -training tree-model, it is understood that there may be the instruction of new tree-model
Practice the case where index is always less than the preset value, at this point it is possible to which a preset duration is arranged, is equal to when the time of model training
It, can be with deconditioning tree-model, and using tree-model at this time as the risk identification model when preset duration.
During above-mentioned re -training tree-model, be greater than when the training quota for the tree-model that re -training obtains or
When equal to the preset value, the tree-model parameter for the tree-model that re -training obtains can also be recorded.For example, can be with
In the database by tree-model reference record, alternatively, tree-model parameter can also be stored in other positions.
In this way, under certain application scenarios (for example, under the application scenarios of fraud, when there is new fraudulent mean, or
Person, for predicting that user belongs to the prediction model performance decline of fraudulent user probability, and after updating prediction model, etc.) work as needs
It determines when new risk identification model (when needing to formulate new risk identification strategy), the tree mould of record can be directly based upon
Shape parameter carries out model training, and quickly obtains training quota and can satisfy the tree-model of actual demand, so as to save mould
The time of type training.
The entire training process of risk identification model in order to facilitate understanding, refers to Fig. 2.Fig. 2 is the reality of the application
Apply a flow diagram for the training method of risk identification model, model training process shown in Fig. 2 the following steps are included:
S201: the feature to be identified of different user is obtained.
The feature to be identified may include at least one in text feature, characteristics of image and structural data feature
Kind.
S202: the prediction model that training obtains in advance is obtained.
The prediction model can be used for predicting that user belongs to the probability of risk subscribers, can with obtained in S201 to
Identification feature is corresponding.For example, feature to be identified is text feature, then, prediction model can be for according to text feature
Determine that user belongs to the text prediction model of the probability of risk subscribers.
S203: according to the feature to be identified and the prediction model, the feature of risk of the different user is obtained
Value.
The feature of risk value is for characterizing the probability that user belongs to risk subscribers, wherein for a user,
The feature type phase that the number of the feature of risk value of the user can include with the feature to be identified of the user obtained in S201
Together.
For example, when feature to be identified is one of text feature, characteristics of image and structural data feature, wind
The number of dangerous characteristic value is one, when feature to be identified is two in text feature, characteristics of image and structural data feature
Kind or at three kinds, the number of feature of risk value is two or three.
S204: the feature of risk information of the different user is obtained.
The feature of risk information is for characterizing information relevant to risk in user information.It specifically can be according to reality
Application scenarios determine, are not specifically limited here.
S205: according to the feature of risk value, feature of risk information and true tag of the different user, training is obtained
Tree-model.
S206: judge whether the training quota of the tree-model is more than or equal to preset value.
The training quota may include at least one of accuracy rate and coverage rate, and the preset value can be 90%
Any value between to 100% can specifically determine according to actual needs.Wherein, when the training quota include accuracy rate and
When coverage rate, the corresponding preset value of accuracy rate and the corresponding preset value of coverage rate be may be the same or different.
If the training quota of tree-model is more than or equal to the preset value, S209 can be executed;If the instruction of tree-model
Practice index and be less than the preset value, then can execute S207.
S207: adjustment tree-model parameter.
The tree-model parameter may include the size of training sample, the quantity of leaf node, the depth of tree, the wind
At least one of the type of dangerous characteristic information specifically adjusts which parameter can not done here and have determines according to actual conditions
Body limits.
S208: being based on the tree-model parameter adjusted, and training obtains new tree-model.
After training obtains new tree-model, S206 can be executed.
S209: the corresponding tree-model parameter of the tree-model is recorded.
After recording tree-model parameter, in the new risk identification model of determination, can directly usage record the tree
Model parameter carries out model training, with the time needed for saving model training.
S210: using the tree-model as risk identification model.
It is being obtained based on the training of the method for above-mentioned record after risk identification model to get to after risk identification strategy, right
When user to be identified carries out risk identification, the risk identification model that available preparatory training obtains, and execute S108.
S108: according to the feature of risk value of the user to be identified, feature of risk information and the risk identification mould
Type, identifies whether the user to be identified belongs to risk subscribers.
In S108, it can will be obtained in the feature of risk value of the user to be identified obtained in S102, S104 to be identified
The feature of risk information of user obtains the input of risk identification model as trained in advance in S106, obtains risk identification model
Output as a result, the output result can characterize whether user to be identified belongs to risk subscribers.
In the embodiment of the present application, when determining that user to be identified belongs to risk subscribers, in order to avoid user to be identified gives
Other users bring risk, user to be identified can be marked.For marked risk subscribers, can take corresponding
Prevention and control measure, for example, transaction can be blocked when risk subscribers are traded in internet, and remind other users should
There are security risks for risk subscribers.
Technical solution provided by the embodiments of the present application, can feature of risk value, feature of risk information previously according to user
And true tag, training obtain risk identification model, when carrying out risk identification to user to be identified, will can instruct in advance
The risk identification model got is believed as risk identification strategy in conjunction with the feature of risk value and feature of risk of user to be identified
Breath, identifies whether user to be identified belongs to risk subscribers.In this way, due to can be using the feature of risk information of user as training
Sample obtains risk identification strategy by way of model training, therefore, can be in conjunction with user's when carrying out risk identification
Feature of risk information efficiently identifies whether user belongs to risk subscribers, and the accuracy of recognition result is higher.
It is above-mentioned that the application specific embodiment is described.Other embodiments are within the scope of the appended claims.
In some cases, the movement recorded in detail in the claims or step can be held according to the sequence being different from embodiment
It goes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily requires the particular order shown
Or consecutive order is just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can be with
Or may be advantageous.
Fig. 3 is the structural schematic diagram of one embodiment electronic equipment of the application.Referring to FIG. 3, in hardware view, it should
Electronic equipment includes processor, optionally further comprising internal bus, network interface, memory.Wherein, memory may include
Memory, such as high-speed random access memory (Random-Access Memory, RAM), it is also possible to further include non-volatile deposit
Reservoir (non-volatile memory), for example, at least 1 magnetic disk storage etc..Certainly, which is also possible that
Hardware required for other business.
Processor, network interface and memory can be connected with each other by internal bus, which can be ISA
(Industry Standard Architecture, industry standard architecture) bus, PCI (Peripheral
Component Interconnect, Peripheral Component Interconnect standard) bus or EISA (Extended Industry Standard
Architecture, expanding the industrial standard structure) bus etc..The bus can be divided into address bus, data/address bus, control
Bus etc..Only to be indicated with a four-headed arrow in Fig. 3, it is not intended that an only bus or a seed type convenient for indicating
Bus.
Memory, for storing program.Specifically, program may include program code, and said program code includes calculating
Machine operational order.Memory may include memory and nonvolatile memory, and provide instruction and data to processor.
Processor is from the then operation into memory of corresponding computer program is read in nonvolatile memory, in logic
Risk identification device is formed in level.Processor executes the program that memory is stored, and is specifically used for executing following operation:
The feature of risk value of user to be identified is obtained, the feature of risk value belongs to for characterizing the user to be identified
The probability of risk subscribers;
The feature of risk information of the user to be identified is obtained, the feature of risk information is described to be identified for characterizing
Information relevant to risk in the information of user;
The risk identification model that training obtains in advance is obtained, risk of the risk identification model based on different user is special
Value indicative, feature of risk information and true tag training obtain;
According to the feature of risk value of the user to be identified, feature of risk information and the risk identification model, identification
Whether the user to be identified belongs to risk subscribers.
The method that risk identification device disclosed in the above-mentioned embodiment illustrated in fig. 3 such as the application executes can be applied to handle
In device, or realized by processor.Processor may be a kind of IC chip, the processing capacity with signal.It is realizing
In the process, each step of the above method can pass through the integrated logic circuit of the hardware in processor or the finger of software form
It enables and completing.Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
CPU), network processing unit (Network Processor, NP) etc.;It can also be digital signal processor (Digital
Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit,
ASIC), field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable patrol
Collect device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present application
Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint
What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present application, can be embodied directly at hardware decoding
Reason device executes completion, or in decoding processor hardware and software module combine and execute completion.Software module can be located at
Random access memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc.
In the storage medium of this field maturation.The storage medium is located at memory, and processor reads the information in memory, in conjunction with it
Hardware completes the step of above method.
The method that the electronic equipment can also carry out Fig. 1, and realize the function of risk identification device in the embodiment shown in fig. 1
Can, details are not described herein for the embodiment of the present application.
Certainly, other than software realization mode, other implementations are not precluded in the electronic equipment of the application, such as
Logical device or the mode of software and hardware combining etc., that is to say, that the executing subject of following process flow is not limited to respectively
A logic unit is also possible to hardware or logical device.
The embodiment of the present application also proposed a kind of computer readable storage medium, the computer-readable recording medium storage
One or more programs, the one or more program include instruction, and the instruction is when by the portable electric including multiple application programs
Sub- equipment execute when, can make the portable electronic device execute embodiment illustrated in fig. 1 method, and be specifically used for execute with
Lower operation:
The feature of risk value of user to be identified is obtained, the feature of risk value belongs to for characterizing the user to be identified
The probability of risk subscribers;
The feature of risk information of the user to be identified is obtained, the feature of risk information is described to be identified for characterizing
Information relevant to risk in the information of user;
The risk identification model that training obtains in advance is obtained, risk of the risk identification model based on different user is special
Value indicative, feature of risk information and true tag training obtain;
According to the feature of risk value of the user to be identified, feature of risk information and the risk identification model, identification
Whether the user to be identified belongs to risk subscribers.
Fig. 4 is the structural schematic diagram of one embodiment risk identification device 40 of the application.Referring to FIG. 4, a kind of soft
In part embodiment, the risk identification device 40 can include: first acquisition unit 41, second acquisition unit 42, third obtain
Unit 43 and recognition unit 44, in which:
First acquisition unit 41, obtains the feature of risk value of user to be identified, and the feature of risk value is described for characterizing
User to be identified belongs to the probability of risk subscribers;
Second acquisition unit 42, obtains the feature of risk information of the user to be identified, and the feature of risk information is used for
Characterize information relevant to risk in the information of the user to be identified;
Third acquiring unit 43, obtains the risk identification model that training obtains in advance, and the risk identification model is based on not
Feature of risk value, feature of risk information and true tag training with user obtains;
Recognition unit 44 is known according to the feature of risk value, feature of risk information and the risk of the user to be identified
Other model, identifies whether the user to be identified belongs to risk subscribers.
Optionally, training obtains the risk identification model to the third acquiring unit 43 in the following manner:
Obtain the feature of risk value of different user and the true tag of the different user;
Obtain the feature of risk information of the different user;
Feature of risk value, true tag and feature of risk information based on the different user, training obtain tree mould
Type, and using the tree-model as the risk identification model.
Optionally, the third acquiring unit 43 obtains the feature of risk value of different user, comprising:
For one of them the first user, following operation is executed:
The feature to be identified of first user is obtained, the feature to be identified includes that the text of first user is special
At least one of sign, characteristics of image and structural data feature;
The prediction model that training obtains in advance is obtained, the prediction model is based on the feature to be identified of user and user
True tag training obtain;
Feature to be identified and the prediction model based on first user, determination obtain first user's
Feature of risk value.
Optionally, the third acquiring unit 43 is sentenced before using the tree-model as the risk identification model
Whether the training quota of the tree-model of breaking is more than or equal to preset value, and the training quota of the tree-model includes accuracy rate and covers
At least one of lid rate;
When the training quota is less than the preset value, tree-model parameter is adjusted, the tree-model parameter includes training
At least one of size, the quantity of leaf node, the depth of tree, type of the feature of risk information;
Based on the tree-model parameter adjusted, tree-model described in re -training;
Wherein, the third acquiring unit 43, using the tree-model as the risk identification model, comprising:
When the training quota for the tree-model that re -training obtains is more than or equal to the preset value, by re -training
The obtained tree-model is as the risk identification model.
Optionally, the risk identification device 40 further include: recording unit 45, in which:
The recording unit 45 refers in the training for the tree-model that 43 re -training of third acquiring unit obtains
When mark is more than or equal to the preset value, the tree-model parameter for the tree-model that record re -training obtains.
Optionally, the tree-model is decision-tree model.
Optionally, the first acquisition unit 41 obtains the feature of risk value of user to be identified, comprising:
The feature to be identified of the user to be identified is obtained, the feature to be identified includes the text of the user to be identified
At least one of eigen, characteristics of image and structural data feature;
The prediction model that training obtains in advance is obtained, the prediction model is based on the feature to be identified of user and user
True tag training obtain;
Feature to be identified and the prediction model based on the user to be identified, determination obtain the use to be identified
The feature of risk value at family.
Optionally, the feature of risk information of the user to be identified comprises at least one of the following:
The user to be identified is with the presence or absence of the transaction record in preset time, and the user to be identified is described default
Interval time when more transactions between more transactions is carried out in time, the user to be identified is in the preset time
Transaction amount when interior transaction, the number that the user to be identified is reported.
Optionally, the risk identification device 40 further include: marking unit 46, in which:
The marking unit 46 is after the recognition unit 44 identifies that the user to be identified belongs to risk subscribers, to institute
User to be identified is stated to be marked.
The method that risk identification device 40 provided by the embodiments of the present application can also carry out Fig. 1, and realize risk identification device
The function of embodiment shown in Fig. 1, details are not described herein for the embodiment of the present application.
In short, being not intended to limit the protection model of the application the foregoing is merely the preferred embodiment of the application
It encloses.Within the spirit and principles of this application, any modification, equivalent replacement, improvement and so on should be included in this Shen
Within protection scope please.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer is for example
It can be broadcast for personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media
It puts in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment
The combination of any equipment.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any side
Method or technology realize that information stores.Information can be computer readable instructions, data structure, the module of program or other numbers
According to.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory
(SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only memory
(ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory techniques, CD-ROM are read-only
Memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or
Other magnetic storage devices or any other non-transmission medium, can be used for storage can be accessed by a computing device information.It presses
It is defined according to herein, computer-readable medium does not include temporary computer readable media (transitory media), is such as modulated
Data-signal and carrier wave.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described
There is also other identical elements in the process, method of element, commodity or equipment.
Various embodiments are described in a progressive manner in the application, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system
For embodiment, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to method reality
Apply the part explanation of example.