CN110008991B

CN110008991B - Risk event identification method, risk identification model generation method, risk event identification device, risk identification equipment and risk identification medium

Info

Publication number: CN110008991B
Application number: CN201910140124.2A
Authority: CN
Inventors: 赵乾坤; 肖凯; 王维强
Original assignee: Advanced New Technologies Co Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2019-02-26
Filing date: 2019-02-26
Publication date: 2023-05-02
Anticipated expiration: 2039-02-26
Also published as: CN110008991A

Abstract

The embodiment of the specification provides a risk event identification method and a risk identification model generation method and device, wherein the method comprises the following steps: determining event feature data of a target event; wherein the event feature data includes common feature data and unique feature data; performing risk recognition on the target event according to the common feature data and a first risk recognition module in the trained risk recognition model to obtain a first risk recognition result, and performing risk recognition on the target event according to the specific feature data and a second risk recognition module in the risk recognition model, which corresponds to an event scene to which the target event belongs, to obtain a second risk recognition result; and carrying out fusion processing on the first risk identification result and the second risk identification result to determine the risk identification result of the target event.

Description

Risk event identification method, risk identification model generation method, risk event identification device, risk identification equipment and risk identification medium

Technical Field

The present disclosure relates to the field of internet technologies, and in particular, to a method and an apparatus for identifying a risk event and generating a risk identification model.

Background

With the rapid development of information technology and internet technology, online services have been rapidly developed and widely applied, and how to improve the security of online services has been paid more attention and paid more attention. Generally, in order to improve the security of online services, risk prevention and control policies may be used to identify risks for online services.

However, for each service under the same type, there may be a service scenario unique to each service, for example, for a transfer service, there may be a transfer to an account, a transfer to a bank card, etc. corresponding to the service scenario; for payment type services, the corresponding service scenario may be wire down-scan code payment, online payment, etc. How to identify the risk of the service with various service scenes becomes the technical problem to be solved.

Disclosure of Invention

An object of the embodiments of the present disclosure is to provide a method and an apparatus for identifying a risk event, and generating a risk identification model, when performing risk identification on a target event, performing risk identification on the target event according to common feature data shared by the target event and events in other event scenes and a first risk identification module in the risk identification model, which is obtained based on training of event commonalities in each event scene, to obtain a first risk identification result, performing risk identification on the target event according to specific feature data specific to the target event and a second risk identification module corresponding to an event scene to which the target event belongs, to obtain a second risk identification result, and finally performing fusion processing on the first risk identification result and the second risk identification result to determine a risk identification result for performing risk identification on the target event; in the embodiment of the specification, when risk identification is performed on a target event, risk identification is performed on the target event through different risk identification models according to common feature data and specific feature data corresponding to the target event, and then risk identification results corresponding to different features are fused, so that the risk of the target event is determined, the risk identification capability is better, and the accuracy of the risk identification can be improved; in addition, as the events in each event scene can be input into the risk identification model for risk identification, the risk identification model corresponding to the event scene can be prevented from being deployed in each event scene, and therefore the operation and maintenance cost can be reduced.

In order to solve the above technical problems, the embodiments of the present specification are implemented as follows:

the embodiment of the specification provides a risk event identification method, which comprises the following steps:

determining event feature data of a target event; wherein the event feature data comprises common feature data shared by the target event and events in other event scenes and specific feature data specific to the target event;

performing risk recognition on the target event according to the common feature data and a first risk recognition module in a trained risk recognition model to obtain a first risk recognition result, and performing risk recognition on the target event according to the specific feature data and a second risk recognition module in the risk recognition model, which corresponds to an event scene to which the target event belongs, to obtain a second risk recognition result;

the risk identification model comprises a first risk identification module and a plurality of second risk identification modules, and each second risk identification module corresponds to an event scene; the first risk identification module is trained and obtained based on common feature data of the events in each event scene; the second risk identification module is trained based on the specific feature data of the event in each event scene;

And carrying out fusion processing on the first risk identification result and the second risk identification result to determine the risk identification result of the target event.

The embodiment of the specification also provides a method for generating the risk identification model, which comprises the following steps:

determining event feature data and event label data corresponding to sample events in each event scene; the event tag data is used for representing whether the sample event is a risk sample event or not;

according to the event feature data of the sample event in each event scene, determining the common feature data and the target event label data corresponding to the target sample event; the target sample event is a sample event which is screened from sample events in each event scene and meets a set rule;

training a first risk identification module of the risk identification model according to the common characteristic data corresponding to the target sample event and the target event label data; and training a second risk identification module corresponding to each event scene in the risk identification model according to the specific feature data in the event feature data corresponding to each event scene and the event tag data.

The embodiment of the specification also provides a risk event identification device, which comprises:

the first determining module is used for determining event characteristic data of the target event; wherein the event feature data comprises common feature data shared by the target event and events in other event scenes and specific feature data specific to the target event;

the risk identification module is used for carrying out risk identification on the target event according to the common characteristic data and a first risk identification module in a trained risk identification model to obtain a first risk identification result, and carrying out risk identification on the target event according to the specific characteristic data and a second risk identification module corresponding to an event scene to which the target event belongs in the risk identification model to obtain a second risk identification result;

And the second determining module is used for carrying out fusion processing on the first risk identification result and the second risk identification result so as to determine the risk identification result of the target event.

The embodiment of the specification also provides a device for generating the risk identification model, which comprises the following steps:

the first determining module is used for determining event feature data and event label data corresponding to sample events in each event scene; the event tag data is used for representing whether the sample event is a risk sample event or not;

the second determining module is used for determining common feature data and target event label data corresponding to the target sample event according to the event feature data of the sample event in each event scene; the target sample event is a sample event which is screened from sample events in each event scene and meets a set rule;

the training module is used for training a first risk identification module of the risk identification model according to the common characteristic data corresponding to the target sample event and the target event label data; and training a second risk identification module corresponding to each event scene in the risk identification model according to the specific feature data in the event feature data corresponding to each event scene and the event tag data.

a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

The embodiment of the specification also provides a device for generating a risk identification model, which comprises:

a processor; and

The present description also provides a storage medium for storing computer-executable instructions that, when executed, implement the following:

According to the technical scheme, when risk identification is carried out on a target event, risk identification is carried out on the target event according to common feature data shared by the target event and events in other event scenes and a first risk identification module which is obtained by training based on the commonality of the events in each event scene in a risk identification model, so that a first risk identification result is obtained, risk identification is carried out on the target event according to specific feature data of the target event and a second risk identification module which corresponds to the event scene to which the target event belongs, so that a second risk identification result is obtained, and finally fusion processing is carried out on the first risk identification result and the second risk identification result so as to determine a risk identification result for carrying out risk identification on the target event; in the embodiment of the specification, when risk identification is performed on a target event, risk identification is performed on the target event through different risk identification models according to common feature data and specific feature data corresponding to the target event, and then risk identification results corresponding to different features are fused, so that the risk of the target event is determined, the risk identification capability is better, and the accuracy of the risk identification can be improved; in addition, as the events in each event scene can be input into the risk identification model for risk identification, the risk identification model corresponding to the event scene can be prevented from being deployed in each event scene, and therefore the operation and maintenance cost can be reduced.

Drawings

In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings without inventive effort for a person of ordinary skill in the art.

FIG. 1 is one of the method flowcharts of the risk event identification method provided in the embodiments of the present disclosure;

fig. 2 is a schematic diagram of a model of a first risk identification module in the risk event identification method provided in the embodiment of the present disclosure;

FIG. 3 is a second flowchart of a method for identifying risk events according to the embodiment of the present disclosure;

FIG. 4 is one of the method flowcharts of the method for generating a risk identification model according to the embodiments of the present disclosure;

fig. 5 is a flowchart of a method for generating a risk identification model according to an embodiment of the present disclosure;

FIG. 6 is a second flowchart of a method for generating a risk identification model according to an embodiment of the present disclosure;

fig. 7 is a schematic block diagram of a risk event identification device according to an embodiment of the present disclosure;

Fig. 8 is a schematic diagram of module composition of a risk identification model generating device according to an embodiment of the present disclosure;

fig. 9 is a schematic structural diagram of a risk event identification device according to an embodiment of the present disclosure.

Detailed Description

In order to make the technical solutions in the present application better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.

The idea of the embodiment of the specification is that when risk identification is performed on a target event, different risk identification models are used for identifying the target event based on common characteristic data and specific characteristic data of the target event, and fusion processing is performed on two identification results to obtain a risk identification result of the target event, namely, the risk identification capability is better by combining two risk identification modules, so that the accuracy of risk identification can be improved. Based on this, the embodiment of the specification provides a method and a device for identifying a risk event and generating a risk identification model. The following will describe in detail.

Fig. 1 is one of flowcharts of a method for identifying a risk event provided in an embodiment of the present disclosure, where the method may be applied to a server, that is, an execution body of the method may be a server, and specifically, may be an identification device of a risk event installed on the server. The method shown in fig. 1 at least comprises the following steps:

step 102, determining event feature data of a target event; the event feature data includes common feature data shared by the target event and events in other event scenes and unique feature data unique to the target event.

Wherein, the target event can be a transaction event; specifically, it may be a transfer transaction event, a payment transaction event, or the like. For different transaction events, different scenarios may be corresponding, for example, for a transfer transaction event, the corresponding event scenario may include a transfer to a bank card, a transfer to an account, etc.

In the embodiment of the present disclosure, the event feature data is a feature characterizing the target event, and may include, for example, a time, a place, a specific event content, etc. of the occurrence of the target event. For example, for an event transferred to an account, the corresponding event characteristic data may include characteristic data of transfer amount, transfer time, transfer-out party, transfer-in party, etc.; for a pay-off-line code payment event, the corresponding event characteristic data may include characteristic data of a payment location, a payment event, a payer, a payee, a payment amount, and the like.

There may be some identical feature data for events in different event scenarios, e.g. time of occurrence of event, object of transaction event, age, sex, etc., of course there may also be feature data specific to each event scenario, e.g. there may be a specific feature of transaction location for off-line transactions.

Step 104, performing risk recognition on the target event according to the common feature data and the first risk recognition module in the trained risk recognition model to obtain a first risk recognition result, and performing risk recognition on the target event according to the specific feature data and the second risk recognition module corresponding to the event scene to which the target event belongs in the risk recognition model to obtain a second risk recognition result.

The risk identification model comprises a first risk identification module and a plurality of second risk identification modules, and each second risk identification module corresponds to an event scene; the first risk identification module is trained and obtained based on common feature data of the events in each event scene; the second risk identification module is trained based on characteristic feature data of the event in each event scenario.

The risk recognition model adopted in the embodiment of the present disclosure includes a first risk recognition module and a second risk recognition module, and includes a plurality of second risk recognition modules in the risk recognition model, where each event scenario corresponds to one second risk recognition module, so when the risk recognition model is adopted to perform risk recognition on a target event, the corresponding second risk recognition module can be selected according to the event scenario corresponding to the target event.

The first risk recognition module in the risk recognition model is obtained based on the commonality training of the corresponding event under each event scene. For example, for a payment transaction event, each event includes event features including: the age, sex, payment amount, payment mode and other characteristics of the payment party, but only aiming at the payment event under different event scenes, the possible payment event can comprise unique characteristics such as payment location and the like; the second risk recognition module is trained based on the specific event characteristics specific to the event in each event scenario.

Specifically, in the embodiment of the present specification, when risk identification is performed on a target event, risk identification is performed on the target event based on common feature data and unique feature data in event feature data of the target event, respectively. In the specific implementation, the first risk recognition module is used for carrying out risk recognition on the target event based on the common feature data of the target event, and the second risk recognition module is used for carrying out risk recognition on the target event based on the specific feature data of the target event. Namely, the first risk recognition module and the second risk recognition module are combined to perform risk recognition on the target event from different angles based on different characteristic data of the target event, so that the risk recognition capability is better, and the accuracy of risk recognition can be improved.

The event scenario mentioned in the embodiments of the present disclosure may be understood as a specific occurrence scenario of the event, for example, for a payment transaction event, an off-line code scanning transaction belongs to an event scenario, and an on-line payment transaction belongs to an event scenario; for transfer transaction events, transfer to a bank card is an event scenario, transfer to an account is an event scenario.

And 106, carrying out fusion processing on the first risk identification result and the second risk identification result to determine the risk identification result of the target event.

In this embodiment of the present disclosure, the first risk recognition result and the second risk recognition result are results of performing risk recognition on the target event by using different risk recognition modules according to different feature data of the target event, so in order to obtain a final risk recognition result on the target event, fusion processing is required to be performed on the first risk recognition result and the second risk recognition result.

It should be noted that, in the implementation, the first risk identification result and the second risk identification result may be risk identification scores, and correspondingly, the risk identification result of the target event determined by performing fusion processing on the first risk identification result and the second risk identification result may also be a risk identification score; alternatively, in the step 106, after determining the final risk score of the target event, whether the target event determined based on the final risk score of the target event is a risk event may be directly output; alternatively, in the step 106, after determining the final risk score of the target event, the risk level of the target event determined based on the final risk score of the target event may be output.

In order to facilitate understanding of the risk event identification method provided in the embodiments of the present disclosure, the following details of the implementation of the foregoing steps 104 and 106 will be described.

In the step 104, risk recognition is performed on the target event according to the common feature data and the first risk recognition module in the trained risk recognition model, so as to obtain a first risk recognition result, which specifically includes:

scoring the risk degree of the target event according to the common characteristic data and the first risk recognition module to obtain a first score corresponding to the target event, and taking the first score as a first risk recognition result;

correspondingly, in the step 104, risk recognition is performed on the target event according to the specific feature data and a second risk recognition module corresponding to the event scenario to which the target event belongs in the risk recognition model, so as to obtain a second risk recognition result, which includes:

and scoring the risk degree of the target event according to the special feature data and the second risk recognition module to obtain a second score corresponding to the target event, and taking the second score as a second risk recognition result.

In the present description embodiment, the first risk identification module and the second risk identification module may be gradient-lifting decision tree (Gradient Boosting Decision Tree, GBDT) models; of course, a linear logistic regression model is also possible. Of course, in addition to the foregoing, the first risk identification module and the second risk identification module may be other models, which are not limited in this embodiment of the present disclosure. And, in the implementation, the first risk identification module and the second risk identification module may use the same module, or may use different models.

In order to facilitate understanding of the embodiment of the present disclosure, a specific process of scoring the risk level of the target event by the first risk identification module and the second risk identification module will be described below by taking the first risk identification module as an example of the GBDT model.

Fig. 2 is a schematic diagram of a partial model of a first risk identification module in the embodiment of the present disclosure, when the first risk identification module shown in fig. 2 is used to score a target event, a first node corresponding to the target event is first determined according to a registration time period of a payee and a registration time period of a payer in the target event, for example, if the registration time period of the payee is longer than 30 hours and the registration time period of the payer is longer than 60 hours, the model shown in fig. 2 is entered to score the target event. If the age of the payer is greater than 25, the score obtained for the node is 0.35, if the amount of the transaction is greater than 3000, the score obtained for the node is-0.19, if the sex of the payer is greater than zero (sex male, sex female, value 1, sex unknown, value-1 can be predefined), the score obtained for the node is 0.15, and if the amount of the transaction is greater than 30, the score obtained for the node is-0.43; after obtaining the corresponding scores based on the event features, the scores are summed, i.e. 0.35+ (-0.19) +0.15+ (-0.43) = -0.12, i.e. the score of the first risk identification module shown in fig. 2 for scoring the target event is-0.12.

Of course, fig. 2 only depicts a partial model of the first risk identification module. In addition, the foregoing is only exemplified by taking the first risk identification module as the GBDT model, and if the first risk identification module and the second risk identification module are other models, the method corresponding to the models should be used to score the target event, which is not exemplified in the embodiments of the present disclosure.

In a specific implementation, in the step 104, since the risk identification needs to be performed on the target event by using the second risk identification module corresponding to the event scenario of the target event, in this embodiment of the present disclosure, the step 104 further includes the following steps:

determining an event scene to which a target event belongs; and determining a second risk recognition module for risk recognition of the target event from a plurality of second risk recognition modules contained in the risk recognition model according to an event scene to which the target event belongs.

In a specific implementation, a mapping relationship between multiple event scenarios and corresponding second risk identification modules may be stored in the risk identification model, and one possible storage form is shown in table 1.

TABLE 1

Event scenario	Second risk identification module
		Transfer to bank card	Second risk identification module 1
Online payment	Second risk recognition module 2
		Off-line code scanning payment	Second risk recognition module 3

In table 1, the case of transferring to a bank card, paying on line, and paying off line by scanning is taken as an example, and the embodiment of the present invention is not limited.

In the step 106, the first risk identification result and the second risk identification result are fused to determine a risk identification result of the target event, which specifically includes the following steps (1) and (2);

step (1), calculating a fusion score of the first score and the second score;

and (2) determining the fusion score as a risk identification result of the target event.

In a specific implementation manner, by the embodiment of the present disclosure, a risk score for risk identification of a target event may be directly output, so that a relevant person may determine whether the target time is a risk event according to the output risk score; or, the risk score can be output to other models to further judge, so that whether the target event is a risk event or the risk level of the target event is directly output from the other models; alternatively, the risk score may be output to another system for use. The present embodiment does not limit the subsequent processing of the risk score described above.

Specifically, in the embodiment of the present specification, the fusion score of the first score and the second score may be calculated by the following formula;

wherein, in the above disclosure, x ₁ Representing the first score, x ₂ And representing a second score, and x is the fusion score.

Of course, in the above-described fusion method, the full score corresponding to the first score and the second score is 1 minute. In addition, if the first score and the second score adopt ten scores or a percentage, the above formula may be adjusted so as to calculate a fused score of the first score and the second score.

Fig. 3 is a second flowchart of a method for identifying a risk event according to an embodiment of the present disclosure, where the method shown in fig. 3 at least includes the following steps:

step 302, determining event feature data of a target event; wherein the event characteristic data includes common characteristic data and unique characteristic data.

The common feature data is a feature common to the target event and the event in the other event scene, and the unique feature data is a feature unique to the target event.

And step 304, scoring the risk degree of the target event according to the common characteristic data and the first risk recognition module of the pre-trained risk recognition model, and obtaining a first score corresponding to the target event.

Step 306, determining an event scenario to which the target event belongs.

Step 308, determining a second risk recognition module for risk recognition of the target event from a plurality of second risk recognition modules included in the risk recognition model according to the event scenario to which the target event belongs.

And 310, scoring the risk degree of the target event according to the specific characteristic data and the determined second risk identification module to obtain a second score corresponding to the target event.

In step 312, a fused score of the first score and the second score is calculated, and the fused score is used as a risk identification result of the target event.

Of course, in the flowchart shown in fig. 3, the risk degree of the target event is scored by the first risk identification module, and then the risk degree of the target event is scored by the second risk identification module; in the specific implementation, the risk degree of the target event can be scored through the second risk identification module, and then the risk degree of the target event can be scored through the first risk identification module; or after determining the event characteristic data of the target event, scoring the risk degree of the target event through the first risk identification module and the second risk identification module at the same time.

The specific implementation process of each step in the embodiment shown in fig. 3 may refer to the embodiment corresponding to fig. 1 and 2, and will not be described herein again.

According to the risk event identification method provided by the embodiment of the specification, when the target event is subjected to risk identification, the target event is subjected to risk identification according to common feature data shared by the target event and events in other event scenes and a first risk identification module which is obtained by training based on the commonality of the events in each event scene in a risk identification model, so as to obtain a first risk identification result, the target event is subjected to risk identification according to specific feature data of the target event and a second risk identification module which corresponds to the event scene to which the target event belongs, so as to obtain a second risk identification result, and finally, the first risk identification result and the second risk identification result are fused so as to determine a risk identification result for carrying out risk identification on the target event; in the embodiment of the specification, when risk identification is performed on a target event, risk identification is performed on the target event through different risk identification models according to common feature data and specific feature data corresponding to the target event, and risk identification results corresponding to different features are fused, so that the risk of the target event is determined, the risk identification capability is better, and the accuracy of the risk identification can be improved; in addition, as the events in each event scene can be input into the risk identification model for risk identification, the risk identification model corresponding to the event scene can be prevented from being deployed in each event scene, and therefore the operation and maintenance cost can be reduced.

Corresponding to the risk event recognition method provided in the embodiment of the present disclosure, based on the same idea, the embodiment of the present disclosure further provides a risk recognition model generating method, which is used for generating a risk recognition model used in the risk event recognition method, fig. 4 is one of the method flowcharts of the risk recognition model generating method provided in the embodiment of the present disclosure, and the method shown in fig. 4 at least includes the following steps:

step 402, determining event feature data and event tag data corresponding to sample events in each event scene; wherein the event tag data is used to characterize whether the sample event is a risk sample event.

The event may be a transaction event, for example, a transfer event, a payment event, etc., and the corresponding event feature data may be different for different events.

In this embodiment of the present disclosure, the event tag data is used to represent whether the sample event is a risk sample event, for example, if the sample event is a risk sample event, the event tag data corresponding to the sample event may be marked as 0, and if the sample event is a non-risk sample event, the event tag data corresponding to the sample event may be marked as 1.

Step 404, determining common feature data and target event tag data corresponding to the target sample event according to the event feature data of the sample event in each event scene; the target sample event is a sample event which is screened from sample events in each event scene and meets the set rule.

Since the same feature may exist in the event features corresponding to the events in different event scenes, each event may also have its own unique feature. For example, for a payment event, payment amount, payment method, age, sex of a payparty, and the like are all present in the payment event in each scene, and thus these features can be regarded as common features of the payment event.

Specifically, in the step 404, a portion of the sample events satisfying the set rule needs to be selected from all the sample events as the target sample events, and then the common feature data corresponding to the target sample events is determined based on the event feature data corresponding to each target sample event.

In one embodiment, the setting rule includes: the ratio of risk sample events to non-risk sample events satisfies a set ratio.

I.e. the ratio of the number of events in the risk sample event to the non-risk sample event in the selected target sample event meets the set ratio. For example, the number of risk sample events and the number of non-risk sample events in the target sample event may be 1:2. Of course, the description is intended to be illustrative only and is not to be construed as limiting the embodiments herein.

In specific implementation, risk samples in the screened target sample events can be aggregated together, and non-risk samples are aggregated together for training of a risk identification model.

Step 406, training a first risk recognition module of the risk recognition model according to the common feature data corresponding to the target sample event and the target event label data; and training a second risk identification module corresponding to each event scene in the risk identification model according to the specific feature data and the event label data in the event feature data corresponding to each event scene.

In step 406, when training the risk recognition model, the first risk recognition module and the second risk recognition module need to be trained, and the first risk recognition module is obtained by training based on feature data shared by sample events in each event scenario, and the second risk recognition module is obtained by training based on characteristic feature data of sample events in each event scenario, where each event scenario used in training the second risk recognition module is each event scenario corresponding to a sample event, or may be each event scenario corresponding to a target sample event, and may be specifically selected according to an actual application scenario, and embodiments of the present disclosure do not limit this.

Of course, in the embodiment of the present specification, the first risk identification module and the second risk identification module may be GBDT models. In this case, the first risk recognition module and the second risk recognition module may be trained according to a conventional training method of the GBDT model in the prior art, and since the specific training process of the model is not improved in the embodiment of the present disclosure, the training process is not described herein.

In the embodiment of the present disclosure, if the first risk identification module and the second risk identification module use GBDT models, in order to prevent the models from being fitted, the complexity of the models is controlled, and a regularization term may be added when the models are trained. In addition, in order to prevent the first risk recognition module from being dominated by the sample event of a certain event scene during training, when each iteration starts to calculate the residual error, the contribution of each event scene to the residual error may be considered, and if the contribution duty ratio of the sample event of a certain event scene to the residual error exceeds a set threshold (may be set according to the actual application scene, for example, may be set to a value of 0.8 or the like), the iteration may be terminated in advance.

In addition, in the embodiment of the present disclosure, the first risk recognition module and the second risk recognition module may use a linear logistic regression model, and if the first risk recognition module and the second risk recognition module use a linear logistic regression model, the first risk recognition module and the second risk recognition module may be trained according to a training method of the linear logistic regression model, and specific training processes thereof are not repeated here.

In a specific implementation, in step 406, the training of the second risk identification module corresponding to each event scenario in the risk identification model according to the specific feature data and the event tag data in the event feature data corresponding to each event scenario may be specifically implemented as follows:

and optimizing the first risk identification module according to the specific characteristic data and the event label data corresponding to each event scene respectively to obtain a second risk identification module corresponding to each event scene.

In particular, training can be continued based on the specific feature data of the corresponding sample event under each event scene on the basis of the first risk identification module obtained by training, so as to obtain each second risk identification module, and thus a trained risk identification model is obtained.

In order to facilitate understanding of the sample training method provided in the embodiment of the present specification, the sample training method provided in the embodiment of the present specification will be described below by taking the sample event based on the event scenario 1 and the event scenario 2 as an example.

Fig. 5 is a flow chart of a sample training method provided in the embodiment of the present disclosure, fig. 6 is a flow chart of a method corresponding to fig. 5, and for the flow chart shown in fig. 5, the flow chart of the method shown in fig. 6 at least includes the following steps:

Step 602, determining event feature data and sample event tag data of a sample event in event scenario 1 and event scenario 2 respectively, and obtaining sample data 1 corresponding to event scenario 1 and sample data 2 corresponding to event scenario 2 respectively.

The sample data needs to include event feature data and tag data corresponding to each sample event in the event scene.

In step 604, the target sample event in the sample data 1 and the sample data 2 and the common feature data corresponding to the target sample event are extracted.

Step 606, training a first risk identification module of the risk identification model based on the common feature data and the target sample event.

Step 608, training each second risk identification module of the risk identification model according to the sample data 1, the sample data 2 and the first risk identification module.

The event scenario 1 corresponds to a second risk identification module, and the event scenario 2 corresponds to a second risk identification module.

According to the risk recognition model generation method provided by the embodiment of the specification, the first risk recognition module of the risk recognition model is trained based on the common feature data of the sample event in each event scene, and the second risk recognition module of the risk recognition model is trained based on the specific feature data in the event feature data corresponding to the sample event in each event scene, so that the obtained risk recognition modules comprise the first risk recognition module and a plurality of second risk recognition modules; in this way, when the risk identification is carried out on the target event in the follow-up, the risk identification is carried out on the target event according to the common characteristic data shared by the target event and the events in other event scenes and a first risk identification module which is obtained by training based on the commonality of the events in each event scene in a risk identification model respectively, a first risk identification result is obtained, the risk identification is carried out on the target event according to the specific characteristic data of the target event and a second risk identification module which corresponds to the event scene to which the target event belongs, a second risk identification result is obtained, and finally, fusion processing is carried out on the first risk identification result and the second risk identification result so as to determine the risk identification result for carrying out the risk identification on the target event; in the embodiment of the specification, when risk identification is performed on a target event, risk identification is performed on the target event through different risk identification models according to common feature data and specific feature data corresponding to the target event, and risk identification results corresponding to different features are fused, so that the risk of the target event is determined, the risk identification capability is better, and the accuracy of the risk identification can be improved; in addition, as the events in each event scene can be input into the risk identification model for risk identification, the risk identification model corresponding to the event scene can be prevented from being deployed in each event scene, and therefore the operation and maintenance cost can be reduced.

Corresponding to the method for identifying a risk event provided in the embodiment of the present disclosure, based on the same idea, the embodiment of the present disclosure further provides a device for identifying a risk event, configured to execute the method for identifying a risk event provided in the embodiment of the present disclosure, fig. 7 is a schematic block diagram of the device for identifying a risk event provided in the embodiment of the present disclosure, and the device shown in fig. 7 includes:

a first determining module 702, configured to determine event feature data of a target event; the event feature data comprises common feature data shared by the target event and the event under other event scenes and specific feature data specific to the target event;

the risk recognition module 704 is configured to perform risk recognition on the target event according to the common feature data and a first risk recognition module in the trained risk recognition model to obtain a first risk recognition result, and perform risk recognition on the target event according to the specific feature data and a second risk recognition module corresponding to an event scenario to which the target event belongs in the risk recognition model to obtain a second risk recognition result;

The second determining module 706 is configured to perform fusion processing on the first risk identification result and the second risk identification result, so as to determine a risk identification result of the target event.

Optionally, the risk identification module 704 includes:

the first scoring unit is used for scoring the risk degree of the target event according to the common characteristic data and the first risk identification module to obtain a first score corresponding to the target event, and the first score is used as a first risk identification result;

and the second scoring unit is used for scoring the risk degree of the target event according to the special feature data and the second risk identification module to obtain a second score corresponding to the target event, and the second score is used as a second risk identification result.

Optionally, the risk identification module 704 further includes:

the second determining unit is used for determining an event scene to which the target event belongs;

and the third determining unit is used for determining a second risk identification module for risk identification of the target event from a plurality of second risk identification modules contained in the risk identification model according to the event scene of the target event.

Optionally, the second determining module 706 includes:

a calculation unit for calculating a fusion score of the first score and the second score;

And the first determining unit is used for determining the fusion score as a risk identification result of the target event.

Optionally, the computing unit is specifically configured to:

the fused score of the first score and the second score is calculated by the following formula:

wherein in the above formula, x ₁ Representing the first score, x ₂ Representing the second score, and x represents the fusion score.

The risk event recognition device in the embodiment of the present disclosure may further execute the method executed by the risk event recognition device in fig. 1 to 3, and implement the functions of the risk event recognition device in the embodiment shown in fig. 1 to 3, which are not described herein.

According to the risk event identification device provided by the embodiment of the specification, when the risk is identified, the risk is identified according to the common feature data shared by the target event and the events under other event scenes and the first risk identification module which is obtained by training based on the commonality of the events under each event scene in the risk identification model, so as to obtain a first risk identification result, and the risk is identified according to the specific feature data of the target event and the second risk identification module which corresponds to the event scene to which the target event belongs, so as to obtain a second risk identification result, and finally, the first risk identification result and the second risk identification result are fused so as to determine the risk identification result for carrying out the risk identification on the target event; in the embodiment of the specification, when risk identification is performed on a target event, risk identification is performed on the target event through different risk identification models according to common feature data and specific feature data corresponding to the target event, and risk identification results corresponding to different features are fused, so that the risk of the target event is determined, the risk identification capability is better, and the accuracy of the risk identification can be improved; in addition, as the events in each event scene can be input into the risk identification model for risk identification, the risk identification model corresponding to the event scene can be prevented from being deployed in each event scene, and therefore the operation and maintenance cost can be reduced.

Corresponding to the method for generating the risk identification model provided in the embodiment of the present disclosure, based on the same concept, the embodiment of the present disclosure further provides a device for generating the risk identification model, configured to execute the method for generating the risk identification model provided in the embodiment of the present disclosure, fig. 8 is a schematic block diagram of the device for generating the risk identification model provided in the embodiment of the present disclosure, and the device shown in fig. 8 includes:

a first determining module 802, configured to determine event feature data and event tag data corresponding to a sample event in each event scenario; the event tag data is used for representing whether the sample event is a risk sample event or not;

a second determining module 804, configured to determine, according to the event feature data of the sample event in each event scenario, common feature data and target event tag data corresponding to the target sample event; the target sample event is a sample event which is screened from sample events in each event scene and meets a set rule;

the training module 806 is configured to train a first risk recognition module of the risk recognition model according to the common feature data corresponding to the target sample event and the target event tag data; and training a second risk identification module corresponding to each event scene in the risk identification model according to the specific feature data and the event label data in the event feature data corresponding to each event scene.

Optionally, the setting rule includes: the ratio of the risk sample event to the non-risk sample event satisfies a set ratio.

Optionally, the training module 806 is specifically configured to:

According to the risk recognition model generation device provided by the embodiment of the specification, the first risk recognition module of the risk recognition model is trained based on the common feature data of the sample event in each event scene, and the second risk recognition module of the risk recognition model is trained based on the specific feature data in the event feature data corresponding to the sample event in each event scene, so that the obtained risk recognition modules comprise the first risk recognition module and a plurality of second risk recognition modules; in this way, when the risk identification is carried out on the target event in the follow-up, the risk identification is carried out on the target event according to the common characteristic data shared by the target event and the events in other event scenes and a first risk identification module which is obtained by training based on the commonality of the events in each event scene in a risk identification model respectively, a first risk identification result is obtained, the risk identification is carried out on the target event according to the specific characteristic data of the target event and a second risk identification module which corresponds to the event scene to which the target event belongs, a second risk identification result is obtained, and finally, fusion processing is carried out on the first risk identification result and the second risk identification result so as to determine the risk identification result for carrying out the risk identification on the target event; in the embodiment of the specification, when risk identification is performed on a target event, risk identification is performed on the target event through different risk identification models according to common feature data and specific feature data corresponding to the target event, and risk identification results corresponding to different features are fused, so that the risk of the target event is determined, the risk identification capability is better, and the accuracy of the risk identification can be improved; in addition, as the events in each event scene can be input into the risk identification model for risk identification, the risk identification model corresponding to the event scene can be prevented from being deployed in each event scene, and therefore the operation and maintenance cost can be reduced.

Further, based on the methods shown in fig. 1 to 3, the embodiment of the present disclosure further provides an identification device for risk events, as shown in fig. 9.

The identification device of the risk event may be relatively different due to different configurations or performances, and may include one or more processors 901 and a memory 902, where the memory 902 may store one or more storage applications or data. Wherein the memory 902 may be transient storage or persistent storage. The application program stored in memory 902 may include one or more modules (not shown in the figures), each of which may include a series of computer-executable instruction information in an identification device for risk events. Still further, the processor 901 may be configured to communicate with the memory 902 to execute a series of computer executable instruction information in the memory 902 on the identification device of the risk event. The identification device of risk events may also include one or more power sources 903, one or more wired or wireless network interfaces 904, one or more input output interfaces 905, one or more keyboards 906, and the like.

In a specific embodiment, the risk event identification device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer executable instruction information in the risk event identification device, and the execution of the one or more programs by the one or more processors includes computer executable instruction information for:

Determining event feature data of a target event; the event feature data comprises common feature data shared by the target event and the event under other event scenes and specific feature data specific to the target event;

performing risk recognition on the target event according to the common feature data and a first risk recognition module in the trained risk recognition model to obtain a first risk recognition result, and performing risk recognition on the target event according to a second risk recognition module corresponding to an event scene to which the target event belongs in the specific feature data and the risk recognition model to obtain a second risk recognition result;

Optionally, when the computer executable instruction information is executed, performing risk identification according to the common feature data and a first risk identification module target event in the trained risk identification model to obtain a first risk identification result, including:

scoring the risk degree of the target event according to the common characteristic data and the first risk identification module to obtain a first score corresponding to the target event, and taking the first score as a first risk identification result;

performing risk recognition on the target event according to the specific feature data and a second risk recognition module corresponding to the event scene to which the target event belongs in the risk recognition model, and obtaining a second risk recognition result, wherein the method comprises the following steps:

and scoring the risk degree of the target event according to the specific characteristic data and the second risk identification module to obtain a second score corresponding to the target event, and taking the second score as a second risk identification result.

Optionally, when the computer executable instruction information is executed, performing risk recognition on the target event according to the specific feature data and a second risk recognition module corresponding to an event scenario to which the target event belongs in the risk recognition model, to obtain a second risk recognition result, and further including:

Determining an event scene to which a target event belongs;

and determining a second risk recognition module for risk recognition of the target event from a plurality of second risk recognition modules contained in the risk recognition model according to the event scene to which the target event belongs.

Optionally, when the computer executable instruction information is executed, the fusing processing is performed on the first risk identification result and the second risk identification result to determine a risk identification result of the target event, including:

calculating a fusion score of the first score and the second score;

and determining the fusion score as a risk identification result of the target event.

Optionally, the computer executable instruction information, when executed, calculates a fused score of the first score and the second score by the following formula:

Further, based on the methods shown in fig. 4 to fig. 6, the embodiment of the present disclosure further provides a device for generating a risk identification model, where the specific structure of the risk identification model is the same as that of the risk event identification device, and may be shown in fig. 9.

In a specific embodiment, the risk identification model generating device includes a memory, and one or more programs, where the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer executable instruction information in the risk event identifying device, and execution of the one or more programs by the one or more processors includes computer executable instruction information for:

Training a first risk identification module of the risk identification model according to the common characteristic data corresponding to the target sample event and the target event label data; and training a second risk identification module corresponding to each event scene in the risk identification model according to the specific feature data and the event label data in the event feature data corresponding to each event scene.

Optionally, when the computer executable instruction information is executed, training a second risk identification module corresponding to each event scene in the risk identification model according to the specific feature data and the event tag data in the event feature data corresponding to each event scene, where the second risk identification module includes:

According to the risk recognition model generation device provided by the embodiment of the specification, the first risk recognition module of the risk recognition model is trained based on the common feature data of the sample event in each event scene, and the second risk recognition module of the risk recognition model is trained based on the event feature data corresponding to the sample event in each event scene, so that the obtained risk recognition modules comprise the first risk recognition module and a plurality of second risk recognition modules; in this way, when the risk identification is carried out on the target event in the follow-up, the risk identification is carried out on the target event according to the common characteristic data shared by the target event and the events in other event scenes and a first risk identification module which is obtained by training based on the commonality of the events in each event scene in a risk identification model respectively, a first risk identification result is obtained, the risk identification is carried out on the target event according to the specific characteristic data of the target event and a second risk identification module which corresponds to the event scene to which the target event belongs, a second risk identification result is obtained, and finally, fusion processing is carried out on the first risk identification result and the second risk identification result, and a risk identification result for carrying out the risk identification on the target event is determined; in the embodiment of the specification, when risk identification is performed on a target event, risk identification is performed on the target event through different risk identification models according to common feature data and specific feature data corresponding to the target event, and risk identification results corresponding to different features are fused, so that the risk of the target event is determined, the risk identification capability is better, and the accuracy of the risk identification can be improved; in addition, as the events in each event scene can be input into the risk identification model for risk identification, the risk identification model corresponding to the event scene can be prevented from being deployed in each event scene, and therefore the operation and maintenance cost can be reduced.

Further, based on the method shown in fig. 1 to 3, the embodiment of the present disclosure further provides a storage medium, which is used to store computer executable instruction information, and in a specific embodiment, the storage medium may be a U disc, an optical disc, a hard disk, etc., where the computer executable instruction information stored in the storage medium can implement the following flow when executed by a processor:

Optionally, when the computer executable instruction information stored in the storage medium is executed by the processor, performing risk identification on the target event according to the common feature data and a first risk identification module in the trained risk identification model, to obtain a first risk identification result, including:

Optionally, when the computer executable instruction information stored in the storage medium is executed by the processor, performing risk identification on the target event according to the specific feature data and a second risk identification module corresponding to an event scenario to which the target event belongs in the risk identification model, to obtain a second risk identification result, and further including:

Determining an event scene to which a target event belongs;

Optionally, the computer executable instruction information stored in the storage medium, when executed by the processor, performs fusion processing on the first risk identification result and the second risk identification result to determine a risk identification result of the target event, including:

calculating a fusion score of the first score and the second score;

Optionally, the storage medium stores computer executable instruction information that, when executed by the processor, calculates a fused score of the first score and the second score by the following formula:

When the computer executable instruction information stored in the storage medium provided in the embodiment of the present disclosure is executed by a processor, performing risk recognition on a target event according to common feature data shared by the target event and events in other event scenes and a first risk recognition module in a risk recognition model, which is obtained based on training of the commonalities of the events in each event scene, respectively, so as to obtain a first risk recognition result, performing risk recognition on the target event according to specific feature data specific to the target event and a second risk recognition module corresponding to the event scene to which the target event belongs, so as to obtain a second risk recognition result, and finally, performing fusion processing on the first risk recognition result and the second risk recognition result, so as to determine a risk recognition result for performing risk recognition on the target event; in the embodiment of the specification, when risk identification is performed on a target event, risk identification is performed on the target event through different risk identification models according to common feature data and specific feature data corresponding to the target event, and risk identification results corresponding to different features are fused, so that the risk of the target event is determined, the risk identification capability is better, and the accuracy of the risk identification can be improved; in addition, as the events in each event scene can be input into the risk identification model for risk identification, the risk identification model corresponding to the event scene can be prevented from being deployed in each event scene, and therefore the operation and maintenance cost can be reduced.

Further, based on the method shown in fig. 4 to 6, the embodiment of the present disclosure further provides a storage medium, which is used to store computer executable instruction information, and in a specific embodiment, the storage medium may be a U disc, an optical disc, a hard disk, etc., where the computer executable instruction information stored in the storage medium can implement the following flow when executed by a processor:

Optionally, the storage medium stores computer executable instruction information, when executed by the processor, the setting rule includes: the ratio of the risk sample event to the non-risk sample event satisfies a set ratio.

Optionally, when the computer executable instruction information stored in the storage medium is executed by the processor, the training the second risk identification module corresponding to each event scene in the risk identification model according to the specific feature data and the event tag data in the event feature data corresponding to each event scene respectively includes:

The computer executable instruction information stored in the storage medium provided in the embodiments of the present disclosure, when executed by the processor, trains a first risk identification module of a risk identification model based on common feature data of sample events in each event scenario, and trains a second risk identification module of the risk identification model based on event feature data corresponding to the sample events in each event scenario, so that the obtained risk identification module includes the first risk identification module and a plurality of second risk identification modules; in this way, when the risk identification is carried out on the target event in the follow-up, the risk identification is carried out on the target event according to the common characteristic data shared by the target event and the events in other event scenes and a first risk identification module which is obtained by training based on the commonality of the events in each event scene in a risk identification model respectively, a first risk identification result is obtained, the risk identification is carried out on the target event according to the specific characteristic data of the target event and a second risk identification module which corresponds to the event scene to which the target event belongs, a second risk identification result is obtained, and finally, fusion processing is carried out on the first risk identification result and the second risk identification result, and a risk identification result for carrying out the risk identification on the target event is determined; in the embodiment of the specification, when risk identification is performed on a target event, risk identification is performed on the target event through different risk identification models according to common feature data and specific feature data corresponding to the target event, and risk identification results corresponding to different features are fused, so that the risk of the target event is determined, the risk identification capability is better, and the accuracy of the risk identification can be improved; in addition, as the events in each event scene can be input into the risk identification model for risk identification, the risk identification model corresponding to the event scene can be prevented from being deployed in each event scene, and therefore the operation and maintenance cost can be reduced.

In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.

The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each element may be implemented in one or more software and/or hardware elements when implemented in the present application.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the specification. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instruction information. These computer program instruction information may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instruction information, which is executed by the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instruction information may also be stored in a computer readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instruction information stored in the computer readable memory produce an article of manufacture including instruction information means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instruction information may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instruction information which is executed on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instruction information, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The application may be described in the general context of computer-executable instruction information, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.

The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims

1. A method of identifying a risk event, the method comprising:

2. The method of claim 1, wherein the risk recognition of the target event according to the common feature data and the first risk recognition module in the trained risk recognition model, to obtain a first risk recognition result, comprises:

scoring the risk degree of the target event according to the common characteristic data and the first risk identification module to obtain a first score corresponding to the target event as the first risk identification result;

the risk recognition is performed on the target event according to the specific feature data and a second risk recognition module corresponding to an event scene to which the target event belongs in the risk recognition model, so as to obtain a second risk recognition result, including:

And scoring the risk degree of the target event according to the specific characteristic data and the second risk identification module to obtain a second score corresponding to the target event, and taking the second score as the second risk identification result.

3. The method according to claim 1 or 2, wherein the risk recognition is performed on the target event according to the characteristic feature data and a second risk recognition module corresponding to an event scenario to which the target event belongs in the risk recognition model, so as to obtain a second risk recognition result, and the method further comprises:

determining an event scene to which the target event belongs;

and determining a second risk identification module for risk identification of the target event from a plurality of second risk identification modules contained in the risk identification model according to an event scene to which the target event belongs.

4. The method of claim 2, the fusing the first risk identification result and the second risk identification result to determine a risk identification result of the target event, comprising:

calculating a fusion score of the first score and the second score;

5. The method of claim 4, calculating a fused score of the first score and the second score by the formula:

wherein in the above formula, x ₁ Representing the first score, x ₂ And representing the second score, and x represents the fusion score.

6. A method of generating a risk identification model, the method comprising:

training a first risk identification module of a risk identification model according to the common characteristic data corresponding to the target sample event and the target event label data; and training a second risk identification module corresponding to each event scene in the risk identification model according to the specific feature data in the event feature data corresponding to each event scene and the event tag data.

7. The method of claim 6, the setting rules comprising: the ratio of the risk sample event to the non-risk sample event satisfies a set ratio.

8. The method as claimed in claim 6 or 7, wherein the training the second risk identification module corresponding to each event scenario in the risk identification model according to the specific feature data and the event label data in the event feature data corresponding to each event scenario, respectively, includes:

9. An apparatus for identifying a risk event, the apparatus comprising:

10. The apparatus of claim 9, the risk identification module comprising:

the first scoring unit is used for scoring the risk degree of the target event according to the common characteristic data and the first risk identification module, and obtaining a first score corresponding to the target event as the first risk identification result;

and the second scoring unit is used for scoring the risk degree of the target event according to the specific characteristic data and the second risk identification module to obtain a second score corresponding to the target event, and the second score is used as the second risk identification result.

11. The apparatus of claim 10, the second determination module comprising:

a calculation unit configured to calculate a fusion score of the first score and the second score;

and the first determining unit is used for determining the fusion value as a risk identification result of the target event.

12. The apparatus of claim 11, the computing unit being specifically configured to:

calculating a fused score of the first score and the second score by the following formula:

13. A risk identification model generation apparatus, the apparatus comprising:

The training module is used for training a first risk identification module of a risk identification model according to the common characteristic data corresponding to the target sample event and the target event label data; and training a second risk identification module corresponding to each event scene in the risk identification model according to the specific feature data in the event feature data corresponding to each event scene and the event tag data.

14. An identification device of a risk event, comprising:

a processor; and

15. A risk identification model generation device, comprising:

a processor; and

16. A storage medium storing computer-executable instructions that when executed implement the following:

17. A storage medium storing computer-executable instructions that when executed implement the following: