CN110111110A - The method and apparatus of knowledge based map detection fraud, storage medium - Google Patents
The method and apparatus of knowledge based map detection fraud, storage medium Download PDFInfo
- Publication number
- CN110111110A CN110111110A CN201910258370.8A CN201910258370A CN110111110A CN 110111110 A CN110111110 A CN 110111110A CN 201910258370 A CN201910258370 A CN 201910258370A CN 110111110 A CN110111110 A CN 110111110A
- Authority
- CN
- China
- Prior art keywords
- node
- fraud
- similarity
- unmarked
- knowledge mapping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000001514 detection method Methods 0.000 title claims abstract description 27
- 238000013507 mapping Methods 0.000 claims abstract description 66
- 230000003542 behavioural effect Effects 0.000 claims abstract description 35
- 230000006399 behavior Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012512 characterization method Methods 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 9
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000005236 sound signal Effects 0.000 description 4
- 241000209202 Bromus secalinus Species 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 241001269238 Data Species 0.000 description 1
- 238000009825 accumulation Methods 0.000 description 1
- 238000009412 basement excavation Methods 0.000 description 1
- 238000010225 co-occurrence analysis Methods 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Development Economics (AREA)
- Technology Law (AREA)
- Marketing (AREA)
- Economics (AREA)
- Computer Security & Cryptography (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
This disclosure relates to which a kind of method and apparatus of knowledge based map detection fraud, storage medium, are difficult to the technical issues of batch registration is cheated for solving in the related technology.The method of the knowledge based map detection fraud includes: to collect metadata, behavioral data and the fraudulent user blacklist of user;Entity in the metadata is chosen using as node, and according in the behavioral data between entity business-binding relationship and cooccurrence relation establish side to construct knowledge mapping;According to the fraudulent user blacklist, the fraud node in the knowledge mapping is marked;According to the similitude of adjacent node in the knowledge mapping, the similarity in the knowledge mapping between unmarked node and the fraud node is calculated;According to calculated result, the risk of fraud assessment result of the unmarked node is exported.
Description
Technical field
This disclosure relates to network technique field, and in particular, to a kind of method and dress of knowledge based map detection fraud
It sets, storage medium.
Background technique
Financial field needs to guarantee the safety of funds transaction to the more demanding of transaction risk control.In practical application
In, there may be some frauds.For example, in electric business or the field O2O, fictitious users batch registration carries out brush list, makees
The behaviors such as disadvantage, transaction swindling.
Summary of the invention
The disclosure provides a kind of method and apparatus of knowledge based map detection fraud, storage medium, to solve related skill
The technical issues of batch registration is cheated is difficult in art.
To achieve the above object, the embodiment of the present disclosure in a first aspect, providing a kind of detection fraud of knowledge based map
Method, which comprises
Collect metadata, behavioral data and the fraudulent user blacklist of user;
The entity in the metadata is chosen to tie up as node, and according to the business in the behavioral data between entity
Determine relationship and cooccurrence relation establishes side to construct knowledge mapping;
According to the fraudulent user blacklist, the fraud node in the knowledge mapping is marked;
According to the similitude of adjacent node in the knowledge mapping, calculate in the knowledge mapping unmarked node with it is described
Cheat the similarity between node;
According to calculated result, the risk of fraud assessment result of the unmarked node is exported.
Optionally, the similarity calculated in the knowledge mapping between unmarked node and the fraud node, packet
It includes:
The similarity of two nodes in the knowledge mapping is calculated according to following formula;
Wherein, s (a, b) is the similarity of node a and b;I (a) indicates the set of the incident adjacent node of node a, Ii(a)
Indicate i-th of adjacent node of a,Indicate empty,Indicate that a has incident adjacent node;I (b) indicates node b's
The set of incident adjacent node, Ii(b) j-th of adjacent node of b is indicated,Indicate that b has incident adjacent node;s
(Ii(a),Ij(b)) be a i-th of adjacent node and b j-th of adjacent node similarity;C is damped coefficient, C ∈ (0,
1)。
Optionally, described according to calculated result, export the risk of fraud assessment result of the unmarked node, comprising:
Calculate the mean value of the similarity between each unmarked node and all fraud nodes;
If the mean value of the similarity between the unmarked node and all fraud nodes is greater than threshold value, table is exported
Levy the risk of fraud assessment result that the unmarked node is doubtful fraud node.
Optionally, the metadata for collecting user, behavioral data, comprising:
Metadata is extracted in user's Request Log;The metadata include facility information, account information, card information, on
At least one of context information data;
According to operation flow, the behavioral data of user is obtained;The behavioral data includes that user places an order, pays, comments on, ties up
Determine mailbox cell-phone number and gives at least one of password operation data for change.
The second aspect of the embodiment of the present disclosure provides a kind of device of knowledge based map detection fraud, described device packet
It includes:
Collection module, for collecting metadata, behavioral data and the fraudulent user blacklist of user;
Module is constructed, for choosing the entity in the metadata using as node, and according to real in the behavioral data
Business-binding relationship and cooccurrence relation between body establish side to construct knowledge mapping;
Mark module, for marking the fraud node in the knowledge mapping according to the fraudulent user blacklist;
Computing module calculates nothing in the knowledge mapping for the similitude according to adjacent node in the knowledge mapping
Similarity between flag node and the fraud node;
Output module, for exporting the risk of fraud assessment result of the unmarked node according to calculated result.
Optionally, the computing module is also used to:
The similarity of two nodes in the knowledge mapping is calculated according to following formula;
Wherein, s (a, b) is the similarity of node a and b;I (a) indicates the set of the incident adjacent node of node a, Ii(a)
Indicate i-th of adjacent node of a,Indicate empty,Indicate that a has incident adjacent node;I (b) indicates node b's
The set of incident adjacent node, Ii(b) j-th of adjacent node of b is indicated,Indicate that b has incident adjacent node;s
(Ii(a), Ij(b)) be a i-th of adjacent node and b j-th of adjacent node similarity;C is damped coefficient, C ∈ (0,
1)。
Optionally, the output module includes:
Computational submodule, for calculating the similarity between each unmarked node and all fraud nodes
Mean value;
Output sub-module, if the mean value for the similarity between the unmarked node and all fraud nodes is big
In threshold value, then the risk of fraud assessment result for characterizing that the unmarked node is doubtful fraud node is exported.
Optionally, the collection module includes:
Extracting sub-module, for extracting metadata in user's Request Log;The metadata includes facility information, account
At least one of information, card information, contextual information data;
Acquisition submodule, for obtaining the behavioral data of user according to operation flow;The behavioral data includes under user
Single, payment, comment, binding mailbox cell-phone number and operation data of at least one of giving password for change.
The third aspect of the embodiment of the present disclosure provides a kind of computer readable storage medium, is stored thereon with computer journey
The step of sequence, which realizes any one of above-mentioned first aspect the method when being executed by processor.
The fourth aspect of the embodiment of the present disclosure provides a kind of device of knowledge based map detection fraud, comprising:
Memory is stored thereon with computer program;And
Processor, it is any in above-mentioned first aspect to realize for executing the computer program in the memory
The step of item the method.
By adopting the above technical scheme, following technical effect can at least be reached:
One, the disclosure is by building knowledge mapping, then, to the section appeared in fraudulent user blacklist in knowledge mapping
Point is marked, and then, calculates the similarity in the knowledge mapping between unmarked node and the fraud node, further according to
The similarity carries out risk of fraud assessment, and the node greater than threshold value cheats node as high risk.It is based on phase knowledge and magnanimity
Risk of fraud assessment is carried out, the disclosure is suitble to the scene of fictitious users batch registration identification, can effectively detect fraudulent user, avoid
Brush the loss of the behaviors brings such as list, cheating, fraudulent trading.It solves and is difficult to what batch registration was cheated in the related technology
Technical problem.
Two, the registration that the disclosure can be accumulated sufficiently in electric business or the field O2O, logs in, places an order, pay, comment etc. is used
Family behavior, the mode of the knowledge mapping of building simply easily realize there is stronger performance advantage.
Three, the SimRank algorithm used in the disclosure is substantially the similarity calculated between nodes, than correlation
PageRank algorithm in technology is more suitable for solving the problems, such as that batch registration is cheated.
Other feature and advantage of the disclosure will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is and to constitute part of specification for providing further understanding of the disclosure, with following tool
Body embodiment is used to explain the disclosure together, but does not constitute the limitation to the disclosure.In the accompanying drawings:
Fig. 1 is a kind of method flow diagram of knowledge based map detection fraud shown in one exemplary embodiment of the disclosure.
Fig. 2 is that a kind of method of knowledge based map detection fraud shown according to an exemplary embodiment includes the steps that
The middle flow chart for collecting metadata, behavioral data.
Fig. 3 is that a kind of method of knowledge based map detection fraud shown according to an exemplary embodiment includes the steps that
The flow chart of middle output risk of fraud assessment result.
Fig. 4 is a kind of device block diagram of knowledge based map detection fraud shown in one exemplary embodiment of the disclosure.
Fig. 5 is a kind of output mould of the device of knowledge based map detection fraud shown in one exemplary embodiment of the disclosure
Block block diagram.
Fig. 6 is a kind of collection mould of the device of knowledge based map detection fraud shown in one exemplary embodiment of the disclosure
Block block diagram.
Fig. 7 is a kind of device block diagram of control vehicle trunk shown in one exemplary embodiment of the disclosure.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the disclosure.It should be understood that this place is retouched
The specific embodiment stated is only used for describing and explaining the disclosure, is not limited to the disclosure.
For the fraud case of financial field, due to victim do not report or other reasons it is undiscovered, and simultaneously
It is not mined out.The undiscovered fraud case in this part can bring very big risk to financial security prevention and control, for example,
Fraudster's account can continue to gain the wealth of other victims by cheating, cause monetary losses to user.Therefore, fraudster is positioned, is known
Not Yin Zang fraud case, financial security prevention and control are had a very big significance.
It in the related art, is to construct fraud according to funds flow information, counterparty's related information and transaction data to propagate
Relational graph;Wherein, each node in fraud propagation relational graph is constructed according to counterparty's related information, according to funds flow information
And counterparty's related information constructs the directed edge between each node, which can be used to indicate that the fraud between node passes
Broadcast relationship;Then according to PageRank iteration more new algorithm, weight is propagated in the fraud for calculating each node.
It is above-mentioned just for transaction scene, to identify transaction swindling in the related technology, extensive scene can not be cheated to other,
Such as in electric business or the field O2O, fictitious users batch registration is identified, carry out the behaviors such as brush list, cheating, transaction swindling.In addition,
PageRank iteration more new algorithm is substantially to carry out importance ranking to node, the weight of the only each node provided, no
Easily embody the relevance between case-involving node and non-case-involving node.
Fig. 1 is a kind of method flow diagram of knowledge based map detection fraud shown according to an exemplary embodiment, with
Solution is difficult to the technical issues of batch registration is cheated in the related technology.As shown in Figure 1, the knowledge based map detects
The method of fraud may comprise steps of:
S11 collects metadata, behavioral data and the fraudulent user blacklist of user.
S12 chooses entity in the metadata using as node, and according to the industry in the behavioral data between entity
Business binding relationship and cooccurrence relation establish side to construct knowledge mapping.
S13 marks the fraud node in the knowledge mapping according to the fraudulent user blacklist.
S14, according to the similitude of adjacent node in the knowledge mapping, calculate in the knowledge mapping unmarked node with
Similarity between the fraud node.
S15 exports the risk of fraud assessment result of the unmarked node according to calculated result.
In step s 11, the fraudulent user blacklist is the case according to the accumulation of business, artificial judgment and historical record
Part, obtains the fraudulent user that has been identified, and case-involving account ID, cell-phone number, and equipment unique identifying number is added
It cheats in blacklist.
Fig. 2 is that a kind of method of knowledge based map detection fraud shown according to an exemplary embodiment includes the steps that
The middle flow chart for collecting metadata, behavioral data, as shown in Fig. 2, the metadata for collecting user, behavioral data, can wrap
Include step:
S111 extracts metadata in user's Request Log;The metadata includes facility information, account information, card letter
At least one of breath, contextual information data.
S112 obtains the behavioral data of user according to operation flow;The behavioral data includes that user places an order, pays, comments
By, binding mailbox cell-phone number and operation data of at least one of giving password for change.
Wherein, in step S111, user's Request Log includes user's registration request, the request that places an order, payment request etc., from
Metadata can be extracted in these request datas.Facility information included by the metadata can be equipment unique identifying number,
The address mac, IMEI (International Mobile Equipment Identity;International mobile equipment identification number) etc. letter
Breath, account information included by the metadata can be the information such as account ID, cell-phone number, mailbox, included by the metadata
Card information can be card number, contextual information included by the metadata can be IP address, trade company ID, longitude and latitude,
The information such as wifi information, request time.
In step S112, according to specific operation flow, obtain the behavioral data of user, for example, user place an order, pay,
The behaviors such as comment, binding mailbox cell-phone number, the operation such as give password for change.
After metadata, behavioral data and the fraudulent user blacklist for being collected into user, it can in the metadata
Entity as between entity in node and the behavioral data relationship construct knowledge mapping.Specifically, knowledge mapping is
By the way that the theory of the subjects such as applied mathematics, graphics, Information Visualization Technology, information science is divided with method and meterological quotation
Analysis, the methods of Co-occurrence Analysis combine, and visually show the nuclear structure of subject, developing history, preceding using visual map
Reach the modern theory of Multidisciplinary Integration purpose along field and whole Knowledge framework.Complicated ken is passed through data by it
Excavation, information processing, knowledge measure and graphic plotting and show, disclose ken active development rule, be subject
Research provides practical, valuable reference.
Relationship using the entity in the metadata as node and in the behavioral data between entity constructs knowledge graph
Spectrum, may comprise steps of: choose entity in the metadata using as node;Then, according in the behavioral data
Business-binding relationship and cooccurrence relation between entity establish side to construct knowledge mapping.
It, can be using the entity occurred in step S111 as the section of financial knowledge mapping during constructing knowledge mapping
Point, the node of financial knowledge mapping may include device number, the address mac, account ID, cell-phone number, mailbox, card number, trade company ID, IP
Address etc..
After obtaining as the entity of node, according to business-binding relationship, the cooccurrence relation between entity, establish between node
Two-way side, to form a big heterogeneous network, commonly referred to as financial knowledge mapping.Wherein, the business-binding closes
System can be with are as follows: an account is bundled with cell-phone number, card number and mailbox, then forms binding relationship between these entities.Institute
Stating cooccurrence relation can be with are as follows: an account and a trade company appear in same order log, then between account ID and trade company ID
Form cooccurrence relation.
After constructing knowledge mapping, step S13 is executed according to the fraudulent user blacklist and marks the knowledge mapping
In fraud node.After constructing knowledge mapping, the node searched in the knowledge mapping whether there is in fraudulent user blacklist
In, if there are case-involving account ID, cell-phone number, equipment the nodes such as uniquely to indicate number in the knowledge mapping, in the knowledge
In map by case-involving node identification be fraud node.
After marking the fraud node in the knowledge mapping, step S14 is executed, according to adjacent node in the knowledge mapping
Similitude, calculate the similarity between unmarked node in the knowledge mapping and the fraud node.Described in the calculating
Similarity in knowledge mapping between unmarked node and the fraud node, can be based on described in the calculating of SimRank algorithm
Similarity in knowledge mapping between unmarked node and the fraud node.In above-mentioned knowledge mapping, operation SimRank is calculated
Method, to calculate the similarity between node two-by-two.After iteration several times, the similarity of all nodes is able to update and tend to
Convergence.
The core concept of SimRank algorithm is, if neighborhood of two points in figure is more similar (to have many similar neighbours
Occupy), then the two points also should be more similar.I.e. whether two points are similar, determined by whether their neighbours are similar.
It is alternatively possible to be calculated by the following formula the similarity of two nodes in the knowledge mapping:
Wherein, s (a, b) is the similarity of node a and b;I (a) indicates the set of the incident adjacent node of node a, Ii(a)
Indicate i-th of adjacent node of a,Indicate empty,Indicate that a has incident adjacent node;I (b) indicates node b's
The set of incident adjacent node, Ii(b) j-th of adjacent node of b is indicated,Indicate that b has incident adjacent node;s
(Ii(a), Ij(b)) be a i-th of adjacent node and b j-th of adjacent node similarity;C is damped coefficient, C ∈ (0,
1)。
The meaning of C can so understand: if I (a)=I (b)={ A }, A are the adjacent nodes of a.It is calculated according to above formula
S (a, b)=C*s (A, A)=C, it is evident that C should be greater than 0 less than 1, so C ∈ (0,1), optionally, C can be set to 0.8.
The formula can be equal to the similarity mean value of the neighbours of a and the neighbours of b using simplicity of explanation as the similarity of node a and b, multiplied by coefficient
C。
On above-mentioned knowledge mapping, the similarity between any two points can be indicated with above-mentioned formula.In SimRank
Link is executed, is exactly the process that the continuous iteration of above-mentioned formula updates.It can simply be interpreted as, by the multiple of SimRank algorithm
Iteration obtains the similarity matrix on knowledge mapping, the similarity between two nodes of element representation of matrix.By the step
Suddenly, we have obtained the similarity of the unmarked node with the case-involving fraud node having determined.
After obtaining the similarity between the unmarked node and the fraud node, step S15 is executed, according to calculating
As a result, the risk of fraud assessment result of the output unmarked node.Fig. 4 is a kind of base shown according to an exemplary embodiment
The flow chart that risk of fraud assessment result is exported in the method for knowledge mapping detection fraud includes the steps that, as shown in figure 3, institute
It states according to calculated result, exports the risk of fraud assessment result of the unmarked node, may comprise steps of:
S151 calculates the mean value of the similarity between each unmarked node and all fraud nodes.
S152, if the mean value of the similarity between the unmarked node and all fraud nodes is greater than threshold value,
Output characterizes the risk of fraud assessment result that the unmarked node is doubtful fraud node.
For example, there are ten fraud nodes in the knowledge mapping of building.After iteration, one of them is unmarked
Node A and ten fraud nodes have a similarity.Then, the mean value for calculating this ten similarities, as the nothing
The risk size of flag node A scores.
It is assumed that the threshold value is 0.5, the mean value of this ten similarities is 0.7, then the similarity of the unmarked node A
It is 0.7, since the similarity 0.7 of the unmarked node A is greater than the threshold value 0.5, then it can be assumed that the unmarked node A
It also is fraud node, it can the output unmarked node A is the risk of fraud assessment result of doubtful fraud node.
Optionally, the corresponding threshold value of the unmarked node of every attribute is obtaining each unmarked node
After the mean value of similarity between all fraud nodes, using the mean value as the similarity of the unmarked node;
Next, it is determined that whether the similarity of the unmarked node of different attribute is greater than corresponding threshold value, the unmarked node of different attribute
The threshold value of corresponding reference can not be identical.
For example, can be account ID, the node of cell-phone number, card number, mailbox, the different attributes such as trade company ID is split, according to industry
A threshold value is set separately in business scene, the node of different attribute.By taking cell-phone number and card number as an example, all similarities are greater than threshold value
The cell-phone number of h regards as doubtful fraud cell-phone number, and the card number all similarities greater than threshold value s regards as doubtful fraud card number.
By adopting the above technical scheme, following technical effect can at least be reached:
One, the disclosure is by building knowledge mapping, then, to the section appeared in fraudulent user blacklist in knowledge mapping
Point is marked, and then, calculates the similarity in the knowledge mapping between unmarked node and the fraud node, further according to
The similarity carries out risk of fraud assessment, and the node greater than threshold value cheats node as high risk.It is based on phase knowledge and magnanimity
Risk of fraud assessment is carried out, the disclosure is suitble to the scene of fictitious users batch registration identification, can effectively detect fraudulent user, avoid
Brush the loss of the behaviors brings such as list, cheating, fraudulent trading.It solves and is difficult to what batch registration was cheated in the related technology
Technical problem.
Two, the registration that the disclosure can be accumulated sufficiently in electric business or the field O2O, logs in, places an order, pay, comment etc. is used
Family behavior, the mode of the knowledge mapping of building simply easily realize there is stronger performance advantage.
Three, the SimRank algorithm used in the disclosure is substantially the similarity calculated between nodes, than correlation
PageRank algorithm in technology is more suitable for solving the problems, such as that batch registration is cheated.
It is worth noting that for simple description, therefore, it is stated as a systems for embodiment of the method shown in FIG. 1
The combination of actions of column, but those skilled in the art should understand that, the disclosure is not limited by the described action sequence.Its
It is secondary, those skilled in the art should also know that, the embodiments described in the specification are all preferred embodiments, related dynamic
Make necessary to the not necessarily disclosure.
Fig. 4 is a kind of device of knowledge based map detection fraud shown in one exemplary embodiment of the disclosure.Such as Fig. 4 institute
Show, the device 300 of the knowledge based map detection fraud includes:
Collection module 310, for collecting metadata, behavioral data and the fraudulent user blacklist of user;
Module 320 is constructed, for choosing the entity in the metadata using as node, and according in the behavioral data
Business-binding relationship and cooccurrence relation between entity establish side to construct knowledge mapping;
Mark module 330, for marking the fraud node in the knowledge mapping according to the fraudulent user blacklist;
Computing module 340 calculates in the knowledge mapping for the similitude according to adjacent node in the knowledge mapping
Similarity between unmarked node and the fraud node;
Output module 350, for exporting the risk of fraud assessment result of the unmarked node according to calculated result.
Optionally, the building module 320 is also used to:
The similarity of two nodes in the knowledge mapping is calculated according to following formula;
Wherein, s (a, b) is the similarity of node a and b;I (a) indicates the set of the incident adjacent node of node a, Ii(a)
Indicate i-th of adjacent node of a,Indicate empty,Indicate that a has incident adjacent node;I (b) indicates node b's
The set of incident adjacent node, Ii(b) j-th of adjacent node of b is indicated,Indicate that b has incident adjacent node;s
(Ii(a), Ij(b)) be a i-th of adjacent node and b j-th of adjacent node similarity;C is damped coefficient, C ∈ (0,
1)。
Optionally, as shown in figure 5, the output module 350 includes:
Computational submodule 351, it is similar between each unmarked node and all fraud nodes for calculating
The mean value of degree;
Output sub-module 352, if for the equal of the similarity between the unmarked node and all fraud nodes
Value is greater than threshold value, then exports the risk of fraud assessment result for characterizing that the unmarked node is doubtful fraud node.
Optionally, as shown in fig. 6, the collection module 310 includes:
Extracting sub-module 311, for extracting metadata in user's Request Log;The metadata include facility information,
At least one of account information, card information, contextual information data;
Acquisition submodule 312, for obtaining the behavioral data of user according to operation flow;The behavioral data includes using
Family at least one of places an order, pays, commenting on, binding mailbox cell-phone number and give password for change operation data.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, no detailed explanation will be given here.
The disclosure also provides a kind of computer readable storage medium, is stored thereon with computer program, and the program is processed
The method and step of the detection fraud of knowledge based map described in any of the above-described alternative embodiment is realized when device executes.
The disclosure also provides a kind of device of knowledge based map detection fraud, comprising:
Above-mentioned computer readable storage medium;And
One or more processor, for executing the program in the computer readable storage medium.
Fig. 7 is a kind of block diagram of the device 400 of knowledge based map detection fraud shown according to an exemplary embodiment.
As shown in fig. 7, the device 400 may include: processor 401, memory 402, multimedia component 403, input/output (I/O)
Interface 404 and communication component 405.
Wherein, processor 401 is used to control the integrated operation of the device 400, to complete above-mentioned knowledge based map inspection
Survey all or part of the steps in the method for fraud.Memory 402 is for storing various types of data to support in the device
400 operation, these data for example may include the finger of any application or method for operating on the device 400
Order and the relevant data of application program.The memory 402 can be by any kind of volatibility or non-volatile memory device
Or their combination is realized, for example, static random access memory (Static Random Access Memory, referred to as
SRAM), electrically erasable programmable read-only memory (Electrically Erasable Programmable Read-Only
Memory, abbreviation EEPROM), Erasable Programmable Read Only Memory EPROM (Erasable Programmable Read-Only
Memory, abbreviation EPROM), programmable read only memory (Programmable Read-Only Memory, abbreviation PROM), only
It reads memory (Read-Only Memory, abbreviation ROM), magnetic memory, flash memory, disk or CD.Multimedia component
403 may include screen and audio component.Wherein screen for example can be touch screen, and audio component is for exporting and/or inputting
Audio signal.For example, audio component may include a microphone, microphone is for receiving external audio signal.Institute is received
Audio signal can be further stored in memory 402 or be sent by communication component 405.Audio component further includes at least one
A loudspeaker is used for output audio signal.I/O interface 404 provides interface between processor 401 and other interface modules, on
Stating other interface modules can be keyboard, mouse, button etc..These buttons can be virtual push button or entity button.Communication
Component 405 is for carrying out wired or wireless communication between the device 400 and other equipment.Wireless communication, such as Wi-Fi, bluetooth,
Near-field communication (Near Field Communication, abbreviation NFC), 2G, 3G or 4G or they one or more of group
It closes, therefore the corresponding communication component 405 may include: Wi-Fi module, bluetooth module, NFC module.
In one exemplary embodiment, device 400 can be by one or more application specific integrated circuit
(Application Specific Integrated Circuit, abbreviation ASIC), digital signal processor (Digital
Signal Processor, abbreviation DSP), digital signal processing appts (Digital Signal Processing Device,
Abbreviation DSPD), programmable logic device (Programmable Logic Device, abbreviation PLD), field programmable gate array
(Field Programmable Gate Array, abbreviation FPGA), controller, microcontroller, microprocessor or other electronics member
Part is realized, detects the method cheated for executing above-mentioned knowledge based map.
In a further exemplary embodiment, a kind of computer readable storage medium including program instruction, example are additionally provided
It such as include the memory 402 of program instruction, above procedure instruction can be executed above-mentioned to complete by the processor 401 of device 400
The method of knowledge based map detection fraud.
The preferred embodiment of the disclosure is described in detail in conjunction with attached drawing above, still, the disclosure is not limited to above-mentioned reality
The detail in mode is applied, in the range of the technology design of the disclosure, a variety of letters can be carried out to the technical solution of the disclosure
Monotropic type, these simple variants belong to the protection scope of the disclosure.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, it can be combined in any appropriate way.In order to avoid unnecessary repetition, the disclosure to it is various can
No further explanation will be given for the combination of energy.
In addition, any combination can also be carried out between a variety of different embodiments of the disclosure, as long as it is without prejudice to originally
Disclosed thought equally should be considered as disclosure disclosure of that.
Claims (10)
1. a kind of method of knowledge based map detection fraud, which is characterized in that the described method includes:
Collect metadata, behavioral data and the fraudulent user blacklist of user;
The entity in the metadata is chosen to close as node, and according to the business-binding in the behavioral data between entity
System and cooccurrence relation establish side to construct knowledge mapping;
According to the fraudulent user blacklist, the fraud node in the knowledge mapping is marked;
According to the similitude of adjacent node in the knowledge mapping, unmarked node and the fraud in the knowledge mapping are calculated
Similarity between node;
According to calculated result, the risk of fraud assessment result of the unmarked node is exported.
2. the method according to claim 1, wherein described calculate unmarked node and institute in the knowledge mapping
State the similarity between fraud node, comprising:
The similarity of two nodes in the knowledge mapping is calculated according to following formula;
Wherein, s (a, b) is the similarity of node a and b;I (a) indicates the set of the incident adjacent node of node a, Ii(a) a is indicated
I-th of adjacent node,Indicate empty,Indicate that a has incident adjacent node;The incident phase of I (b) expression node b
The set of neighbors, Ii(b) j-th of adjacent node of b is indicated,Indicate that b has incident adjacent node;s(Ii(a),
Ij(b)) be a i-th of adjacent node and b j-th of adjacent node similarity;C is damped coefficient, C ∈ (0,1).
3. the method according to claim 1, wherein described according to calculated result, the output unmarked node
Risk of fraud assessment result, comprising:
Calculate the mean value of the similarity between each unmarked node and all fraud nodes;
If the mean value of the similarity between the unmarked node and all fraud nodes is greater than threshold value, characterization institute is exported
State the risk of fraud assessment result that unmarked node is doubtful fraud node.
4. according to the method in any one of claims 1 to 3, which is characterized in that the metadata for collecting user, behavior
Data, comprising:
Metadata is extracted in user's Request Log;The metadata includes facility information, account information, card information, context
At least one of information data;
According to operation flow, the behavioral data of user is obtained;The behavioral data includes that user places an order, pays, comments on, binds postal
Case cell-phone number and give at least one of password operation data for change.
5. a kind of device of knowledge based map detection fraud, which is characterized in that described device includes:
Collection module, for collecting metadata, behavioral data and the fraudulent user blacklist of user;
Construct module, for choosing the entity in the metadata using as node, and according to entity in the behavioral data it
Between business-binding relationship and cooccurrence relation establish side to construct knowledge mapping;
Mark module, for marking the fraud node in the knowledge mapping according to the fraudulent user blacklist;
Computing module calculates unmarked in the knowledge mapping for the similitude according to adjacent node in the knowledge mapping
Similarity between node and the fraud node;
Output module, for exporting the risk of fraud assessment result of the unmarked node according to calculated result.
6. device according to claim 5, which is characterized in that the computing module is also used to:
The similarity of two nodes in the knowledge mapping is calculated according to following formula;
Wherein, s (a, b) is the similarity of node a and b;I (a) indicates the set of the incident adjacent node of node a, Ii(a) a is indicated
I-th of adjacent node,Indicate empty,Indicate that a has incident adjacent node;The incident phase of I (b) expression node b
The set of neighbors, Ii(b) j-th of adjacent node of b is indicated,Indicate that b has incident adjacent node;s(Ii(a),
Ij(b)) be a i-th of adjacent node and b j-th of adjacent node similarity;C is damped coefficient, C ∈ (0,1).
7. device according to claim 5, which is characterized in that the output module includes:
Computational submodule, for calculating the equal of the similarity between each unmarked node and all fraud nodes
Value;
Output sub-module, if the mean value for the similarity between the unmarked node and all fraud nodes is greater than threshold
Value then exports the risk of fraud assessment result for characterizing that the unmarked node is doubtful fraud node.
8. device according to any one of claims 5 to 7, which is characterized in that the collection module includes:
Extracting sub-module, for extracting metadata in user's Request Log;The metadata includes facility information, account letter
At least one of breath, card information, contextual information data;
Acquisition submodule, for obtaining the behavioral data of user according to operation flow;The behavioral data include user place an order,
Payment, comment, binding mailbox cell-phone number and operation data of at least one of giving password for change.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is held by processor
The step of any one of claims 1 to 4 the method is realized when row.
10. a kind of device of knowledge based map detection fraud characterized by comprising
Memory is stored thereon with computer program;And
Processor, for executing the computer program in the memory, to realize any one of claims 1 to 4 institute
The step of stating method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910258370.8A CN110111110A (en) | 2019-04-01 | 2019-04-01 | The method and apparatus of knowledge based map detection fraud, storage medium |
| PCT/CN2019/121458 WO2020199621A1 (en) | 2019-04-01 | 2019-11-28 | Knowledge graph-based fraud detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910258370.8A CN110111110A (en) | 2019-04-01 | 2019-04-01 | The method and apparatus of knowledge based map detection fraud, storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110111110A true CN110111110A (en) | 2019-08-09 |
Family
ID=67484924
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910258370.8A Pending CN110111110A (en) | 2019-04-01 | 2019-04-01 | The method and apparatus of knowledge based map detection fraud, storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110111110A (en) |
| WO (1) | WO2020199621A1 (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110490730A (en) * | 2019-08-21 | 2019-11-22 | 北京顶象技术有限公司 | Abnormal fund Assembling Behavior detection method, device, equipment and storage medium |
| CN110855614A (en) * | 2019-10-14 | 2020-02-28 | 微梦创科网络科技(中国)有限公司 | Method and device for processing shared black product information in industry |
| CN111415241A (en) * | 2020-02-29 | 2020-07-14 | 深圳壹账通智能科技有限公司 | Method, device, equipment and storage medium for identifying cheater |
| WO2020199621A1 (en) * | 2019-04-01 | 2020-10-08 | 北京三快在线科技有限公司 | Knowledge graph-based fraud detection |
| CN112035677A (en) * | 2020-09-03 | 2020-12-04 | 中国银行股份有限公司 | Knowledge graph-based fraud person discovery method and device |
| CN112053221A (en) * | 2020-08-14 | 2020-12-08 | 百维金科(上海)信息科技有限公司 | Knowledge graph-based internet financial group fraud detection method |
| CN112200644A (en) * | 2020-12-09 | 2021-01-08 | 北京顺达同行科技有限公司 | Method and device for identifying fraudulent user, computer equipment and storage medium |
| CN112200583A (en) * | 2020-10-28 | 2021-01-08 | 交通银行股份有限公司 | Knowledge graph-based fraud client identification method |
| CN112581271A (en) * | 2020-12-21 | 2021-03-30 | 上海浦东发展银行股份有限公司 | Merchant transaction risk monitoring method, device, equipment and storage medium |
| CN113111132A (en) * | 2020-01-13 | 2021-07-13 | 北京沃东天骏信息技术有限公司 | Method and device for identifying target user |
| CN113364764A (en) * | 2021-06-02 | 2021-09-07 | 中国移动通信集团广东有限公司 | Information security protection method and device based on big data |
| CN113592517A (en) * | 2021-08-09 | 2021-11-02 | 深圳前海微众银行股份有限公司 | Method and device for identifying cheating passenger groups, terminal equipment and computer storage medium |
| CN116308748A (en) * | 2023-03-19 | 2023-06-23 | 二十六度数字科技(广州)有限公司 | Knowledge graph-based user fraud judgment system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112200382B (en) * | 2020-10-27 | 2022-11-22 | 支付宝(杭州)信息技术有限公司 | Training method and device for risk prediction model |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010176288A (en) * | 2009-01-28 | 2010-08-12 | Toshiba Corp | Device for evaluating similarity between business task processes, and method thereof |
| CN104158840A (en) * | 2014-07-09 | 2014-11-19 | 东北大学 | Method for calculating node similarity of chart in distributing manner |
| US20150332158A1 (en) * | 2014-05-16 | 2015-11-19 | International Business Machines Corporation | Mining strong relevance between heterogeneous entities from their co-ocurrences |
| CN109191281A (en) * | 2018-08-21 | 2019-01-11 | 重庆富民银行股份有限公司 | A kind of group's fraud identifying system of knowledge based map |
| CN109272228A (en) * | 2018-09-12 | 2019-01-25 | 石家庄铁道大学 | Scientific research influence power analysis method based on Research Team's cooperative network |
| CN109408643A (en) * | 2018-09-03 | 2019-03-01 | 平安科技(深圳)有限公司 | Fund similarity calculating method, system, computer equipment and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110040631A1 (en) * | 2005-07-09 | 2011-02-17 | Jeffrey Scott Eder | Personalized commerce system |
| CN109064313A (en) * | 2018-07-20 | 2018-12-21 | 重庆富民银行股份有限公司 | Warning monitoring system after the loan of knowledge based graphical spectrum technology |
| CN109460664B (en) * | 2018-10-23 | 2022-05-03 | 北京三快在线科技有限公司 | Risk analysis method and device, electronic equipment and computer readable medium |
| CN109523153A (en) * | 2018-11-12 | 2019-03-26 | 平安科技(深圳)有限公司 | Acquisition methods, device, computer equipment and the storage medium of illegal fund collection enterprise |
| CN110111110A (en) * | 2019-04-01 | 2019-08-09 | 北京三快在线科技有限公司 | The method and apparatus of knowledge based map detection fraud, storage medium |
-
2019
- 2019-04-01 CN CN201910258370.8A patent/CN110111110A/en active Pending
- 2019-11-28 WO PCT/CN2019/121458 patent/WO2020199621A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010176288A (en) * | 2009-01-28 | 2010-08-12 | Toshiba Corp | Device for evaluating similarity between business task processes, and method thereof |
| US20150332158A1 (en) * | 2014-05-16 | 2015-11-19 | International Business Machines Corporation | Mining strong relevance between heterogeneous entities from their co-ocurrences |
| CN104158840A (en) * | 2014-07-09 | 2014-11-19 | 东北大学 | Method for calculating node similarity of chart in distributing manner |
| CN109191281A (en) * | 2018-08-21 | 2019-01-11 | 重庆富民银行股份有限公司 | A kind of group's fraud identifying system of knowledge based map |
| CN109408643A (en) * | 2018-09-03 | 2019-03-01 | 平安科技(深圳)有限公司 | Fund similarity calculating method, system, computer equipment and storage medium |
| CN109272228A (en) * | 2018-09-12 | 2019-01-25 | 石家庄铁道大学 | Scientific research influence power analysis method based on Research Team's cooperative network |
Non-Patent Citations (2)
| Title |
|---|
| LI LI: "Query Processing Based on Similar Nodes on SimRank Graph", JOURNAL OF PHYSICS: CONFERENCE SERIES, no. 3, 12 March 2019 (2019-03-12), pages 2 - 3 * |
| 杜凌霞;李翠平;陈红;张应龙;: "概率图上的对象相似度计算", 计算机研究与发展, no. 3, 15 September 2011 (2011-09-15) * |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020199621A1 (en) * | 2019-04-01 | 2020-10-08 | 北京三快在线科技有限公司 | Knowledge graph-based fraud detection |
| CN110490730A (en) * | 2019-08-21 | 2019-11-22 | 北京顶象技术有限公司 | Abnormal fund Assembling Behavior detection method, device, equipment and storage medium |
| CN110855614A (en) * | 2019-10-14 | 2020-02-28 | 微梦创科网络科技(中国)有限公司 | Method and device for processing shared black product information in industry |
| CN110855614B (en) * | 2019-10-14 | 2021-12-21 | 微梦创科网络科技(中国)有限公司 | Method and device for processing shared black product information in industry |
| CN113111132A (en) * | 2020-01-13 | 2021-07-13 | 北京沃东天骏信息技术有限公司 | Method and device for identifying target user |
| CN113111132B (en) * | 2020-01-13 | 2024-06-21 | 北京沃东天骏信息技术有限公司 | Method and device for identifying target user |
| CN111415241A (en) * | 2020-02-29 | 2020-07-14 | 深圳壹账通智能科技有限公司 | Method, device, equipment and storage medium for identifying cheater |
| CN112053221A (en) * | 2020-08-14 | 2020-12-08 | 百维金科(上海)信息科技有限公司 | Knowledge graph-based internet financial group fraud detection method |
| CN112035677A (en) * | 2020-09-03 | 2020-12-04 | 中国银行股份有限公司 | Knowledge graph-based fraud person discovery method and device |
| CN112035677B (en) * | 2020-09-03 | 2023-09-22 | 中国银行股份有限公司 | Knowledge graph-based fraud personnel discovery method and device |
| CN112200583A (en) * | 2020-10-28 | 2021-01-08 | 交通银行股份有限公司 | Knowledge graph-based fraud client identification method |
| CN112200583B (en) * | 2020-10-28 | 2023-12-19 | 交通银行股份有限公司 | Knowledge graph-based fraudulent client identification method |
| CN112200644A (en) * | 2020-12-09 | 2021-01-08 | 北京顺达同行科技有限公司 | Method and device for identifying fraudulent user, computer equipment and storage medium |
| CN112581271A (en) * | 2020-12-21 | 2021-03-30 | 上海浦东发展银行股份有限公司 | Merchant transaction risk monitoring method, device, equipment and storage medium |
| CN113364764A (en) * | 2021-06-02 | 2021-09-07 | 中国移动通信集团广东有限公司 | Information security protection method and device based on big data |
| CN113592517A (en) * | 2021-08-09 | 2021-11-02 | 深圳前海微众银行股份有限公司 | Method and device for identifying cheating passenger groups, terminal equipment and computer storage medium |
| CN116308748A (en) * | 2023-03-19 | 2023-06-23 | 二十六度数字科技(广州)有限公司 | Knowledge graph-based user fraud judgment system |
| CN116308748B (en) * | 2023-03-19 | 2023-10-20 | 二十六度数字科技(广州)有限公司 | Knowledge graph-based user fraud judgment system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020199621A1 (en) | 2020-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110111110A (en) | The method and apparatus of knowledge based map detection fraud, storage medium | |
| CN109784636A (en) | Fraudulent user recognition methods, device, computer equipment and storage medium | |
| CN109615524B (en) | Money laundering crime group partner identification method, money laundering crime group partner identification device, computer equipment and storage medium | |
| CN108665159A (en) | A kind of methods of risk assessment, device, terminal device and storage medium | |
| CN110070364A (en) | Method and apparatus, storage medium based on the fraud of graph model detection clique | |
| CN107563549B (en) | BIM (building information modeling) -based escape path generation method, device and equipment | |
| CN109087079A (en) | Digital cash Transaction Information analysis method | |
| CN109345417B (en) | Online assessment method and terminal equipment for business personnel based on identity authentication | |
| CN111371767B (en) | Malicious account identification method, malicious account identification device, medium and electronic device | |
| CN111199474A (en) | Risk prediction method and device based on network diagram data of two parties and electronic equipment | |
| CN111090780B (en) | Method and device for determining suspicious transaction information, storage medium and electronic equipment | |
| CN111222976A (en) | Risk prediction method and device based on network diagram data of two parties and electronic equipment | |
| CN110414277B (en) | Gate-level hardware Trojan horse detection method based on multi-feature parameters | |
| CN111931047B (en) | Artificial intelligence-based black product account detection method and related device | |
| CN111325619A (en) | Credit card fraud detection model updating method and device based on joint learning | |
| CN111666346A (en) | Information merging method, transaction query method, device, computer and storage medium | |
| CN106815452A (en) | A kind of cheat detection method and device | |
| CN108876545A (en) | Order recognition methods, device and readable storage medium storing program for executing | |
| CN105376223A (en) | Network identity relationship reliability calculation method | |
| CN109102324B (en) | Model training method, and red packet material laying prediction method and device based on model | |
| CN109213831A (en) | Event detecting method and device calculate equipment and storage medium | |
| CN112948274A (en) | Test case scoring model training method and test case selection method | |
| CN112529575A (en) | Risk early warning method, equipment, storage medium and device | |
| CN117035082A (en) | Knowledge graph real-time operation method and system for identifying fraudulent party | |
| CN109947817A (en) | A kind of Six Degrees relationship analysis method and system based on association map |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |