CN111209315A - Method, device and equipment for monitoring suspected risk object and readable storage medium - Google Patents

Method, device and equipment for monitoring suspected risk object and readable storage medium Download PDF

Info

Publication number
CN111209315A
CN111209315A CN202010032782.2A CN202010032782A CN111209315A CN 111209315 A CN111209315 A CN 111209315A CN 202010032782 A CN202010032782 A CN 202010032782A CN 111209315 A CN111209315 A CN 111209315A
Authority
CN
China
Prior art keywords
risk
label
suspected
information
labels
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010032782.2A
Other languages
Chinese (zh)
Inventor
侯方舟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Property and Casualty Insurance Company of China Ltd
Original Assignee
Ping An Property and Casualty Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Property and Casualty Insurance Company of China Ltd filed Critical Ping An Property and Casualty Insurance Company of China Ltd
Priority to CN202010032782.2A priority Critical patent/CN111209315A/en
Publication of CN111209315A publication Critical patent/CN111209315A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2465Query processing support for facilitating data mining operations in structured databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/258Data format conversion from or to a database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Economics (AREA)
  • General Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Data Mining & Analysis (AREA)
  • Educational Administration (AREA)
  • Probability & Statistics with Applications (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Software Systems (AREA)
  • Game Theory and Decision Science (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention relates to the technical field of big data, and discloses a method for monitoring suspected risk objects, which comprises the following steps: and acquiring data information of all objects to be detected, wherein the data information contains the unique identification fields of the objects to be detected, the unique identification fields are used as main keys of all information chains, and the unique identification fields are respectively connected with all field information of all the objects to be detected in series to obtain corresponding information chains. And respectively carrying out format conversion on the field information in each information chain according to the label format to obtain a corresponding label set. And according to a preset matching rule, sequentially matching each label set with a label used for describing the characteristics of the suspected object in the preset suspected object auxiliary locking portrait to obtain a corresponding matching result. And calculating the matching degree of each matching result, and sequentially judging whether each matching degree is greater than a preset threshold value so as to output the risk suspicion object. The invention also discloses a device and equipment for monitoring the suspected risk object and a computer readable storage medium. The invention provides more accurate risk suspect object monitoring service for users and improves the accuracy of risk monitoring.

Description

Method, device and equipment for monitoring suspected risk object and readable storage medium
Technical Field
The invention relates to the technical field of big data, in particular to a method, a device and equipment for monitoring suspected risk objects and a computer readable storage medium.
Background
In the field of security audit, methods and tools for performing advanced auxiliary locking on suspected objects of potential risks by using an AI algorithm are quite lacking in similar security analysis products at home and abroad at present. This current situation leads to the lack of a bottom-up security risk analysis tool with dimensions of interest as the primary behavioral carrier, the suspect behavioral object, for security incident risk.
According to the practical experience of safety audit, the safety risk events of suspected behavior objects with the action motivation and the action opportunity generally highly conform to the pareto law (two-eight law), that is, the high-risk safety events are generally highly centralized, and a small number of suspected behavior objects cause high-occupation-ratio safety risk loss.
Disclosure of Invention
The invention mainly aims to provide a method, a device and equipment for monitoring a suspected risk object and a computer readable storage medium, aiming at solving the technical problem of how to lock a suspected potential risk object from mass sample data.
In order to achieve the above object, the present invention provides a method for monitoring a suspected risk object, comprising the steps of:
acquiring first data information of all objects to be detected, which is input in advance according to a uniform field format, wherein the first data information comprises unique identification field information of the objects to be detected;
respectively taking the unique identification field information of each object to be detected as a main key of each information chain, and respectively connecting all the field information of each object to be detected in series to obtain the information chain of each object to be detected;
respectively carrying out format conversion on field information in each information chain according to a preset label format to obtain a label set corresponding to each information chain;
on the basis of a preset matching rule, sequentially carrying out label matching on each label set and a label corresponding to a preset suspected object auxiliary locking picture to obtain a picture matching result corresponding to each label set, wherein the suspected object auxiliary locking picture is composed of the label sets for describing the characteristics of the suspected object;
calculating the matching degree of the corresponding portrait matching result of each object to be detected, and sequentially judging whether each matching degree is greater than a preset threshold value;
and if so, taking the corresponding object to be detected as a risk suspected object and outputting the unique identity identification field information of the risk suspected object according to the risk grade.
Optionally, before the step of obtaining the first related data information of all the objects to be detected input in advance according to the uniform field format, the method further includes:
acquiring second data information of all risk behavior objects;
generating a white portrait of the suspected object based on the second data information;
acquiring all labels in the white portrait of the suspected object based on the white portrait of the suspected object, and calculating risk weight indexes of all the labels;
and respectively coloring and marking each label based on the risk weight index to generate a suspect object auxiliary locking portrait, wherein the high risk labels are deeply colored, the middle risk labels are lightly colored, and the low risk labels are not colored.
Optionally, the generating a white portrait of a suspected object based on the second data information includes:
reading the unique identification field information of each risk behavior object contained in the second data information;
respectively taking the unique identity identification field information of each risk behavior object as a main key, and connecting the main key with the field information of the risk behavior object in series to generate a plurality of information chains associated with all the main keys;
translating field information in the plurality of information chains into a plurality of tags in a preset format based on the plurality of information chains;
classifying the plurality of labels according to a preset analysis dimension and outputting a label data set;
and generating a white portrait of the suspected object based on the label data set.
Optionally, after the step of classifying the plurality of tags according to the preset analysis dimension and outputting the tag data set, the method further comprises,
verifying the integrity of the data tags in the tag dataset;
said generating a white picture of a suspect object based on said set of tag data comprises,
carrying out quantitative assignment on each label in the label data set to obtain a label data set based on the quantitative assignment of the label;
if the data labels in the label data set based on the label quantitative assignment are complete, determining target labels in the label data set based on the label quantitative assignment through a preset algorithm to obtain a target item set;
and generating and outputting a white portrait of the suspected object according to the target item set.
Optionally, the performing, based on a preset matching rule, tag matching between each tag set and a tag corresponding to a preset suspect object assisted locking picture in sequence to obtain a picture matching result corresponding to each tag set includes:
matching the tag sets with tags corresponding to the auxiliary locking portrait of the suspected object according to a preset matching rule, and outputting portrait matching results corresponding to the tag sets;
if the matching result is that all the labels in the label set corresponding to the object to be detected fall in the non-coloring area, sorting the matching result according to the number of the successfully matched labels, and outputting the corresponding matching result;
and if the matching result is that the labels in the label set corresponding to the object to be detected fall in the dark coloring area or the light coloring area, sorting the matching result according to the number of the coloring labels in the successfully matched labels, and outputting the corresponding matching result.
Optionally, the color marking the labels respectively based on the risk weight index, and the generating a suspect object assisted locked portrait includes:
if the risk weight index of the label is larger than a first preset threshold value, marking the label as a high-risk label;
if the risk weight index of the label is larger than a second preset threshold and smaller than the first preset threshold, marking the label as a medium risk label;
if the risk weight index of the label is smaller than the second preset threshold, marking the label as a low-risk label;
based on the risk weight index, deeply coloring the high-risk label, lightly coloring the medium-risk label and not coloring the low-risk label to generate a suspect object auxiliary locking portrait;
wherein the first preset threshold is greater than the second preset threshold.
Optionally, the obtaining all the labels in the white portrait of the suspected object based on the white portrait of the suspected object, and calculating the risk weight indexes of all the labels includes:
acquiring a plurality of labels in the white portrait of the suspected object;
respectively calculating risk weight indexes of the labels, and arranging the labels according to a preset sequence based on the risk weight indexes;
wherein the risk weight index calculation formula is as follows:
R=M/T,M=w*n;
wherein, R represents a risk weight index, M represents an objective risk weight, T represents a risk tolerance, w represents a tag cumulative frequency, and n represents a correlation loss, which is a constant.
Further, the present invention provides a suspected risk object monitoring device, including:
the information acquisition module is used for acquiring first data information of all objects to be detected, which is input in advance according to a uniform field format, wherein the first data information comprises unique identification field information of the objects to be detected;
the field processing module is used for respectively taking the unique identification field information of each object to be detected as a main key of each information chain, and respectively connecting all the field information of each object to be detected in series to obtain the information chain of each object to be detected;
the format conversion module is used for respectively carrying out format conversion on the field information in each information chain according to a preset label format to obtain a label set corresponding to each information chain;
the matching module is used for sequentially performing label matching on each label set and a label corresponding to a preset suspected object auxiliary locking portrait based on a preset matching rule to obtain a portrait matching result corresponding to each label set, wherein the suspected object auxiliary locking portrait is composed of the label sets used for describing the characteristics of the suspected object;
the judging module is used for calculating the matching degree of the corresponding portrait matching result of each object to be detected and sequentially judging whether each matching degree is greater than a preset threshold value;
and the output module is used for taking the corresponding object to be detected as a risk suspected object and outputting the unique identity field information of the risk suspected object according to the risk grade if the matching degree is greater than a preset threshold value.
Further, the suspected risk object monitoring device further comprises:
the sample acquisition module is used for acquiring second data information of all risk behavior objects;
the white portrait generating module is used for generating a white portrait of the suspected object based on the second data information;
the calculation module is used for acquiring all labels in the white portrait of the suspected object based on the white portrait of the suspected object and calculating the risk weight indexes of all the labels;
and the coloring module is used for respectively coloring and marking each label based on the risk weight index to generate a suspect object auxiliary locking portrait, wherein the high-risk labels are deeply colored, the medium-risk labels are lightly colored, and the low-risk labels are not colored.
Optionally, the generating module includes:
the reading unit is used for reading the unique identity field information of the object to be detected contained in the second data information of all the risk behavior objects;
the identification unit is used for respectively taking the unique identity identifications of all the risk behavior objects as main keys, and simultaneously connecting the main keys in series with the field information of the risk behavior objects to generate a plurality of information chains associated with all the main keys;
the format conversion unit is used for carrying out format conversion on the field information in the information chains according to a preset label format based on the information chains to generate a plurality of labels in the preset format;
the classification unit is used for classifying the labels according to a preset analysis dimension and outputting a label data set;
and the generating unit is used for generating a white portrait of the suspected object based on the label data set.
Optionally, the generating module further includes:
the verification unit is used for verifying the integrity of the data tags in the tag data set;
the generating unit is specifically configured to:
carrying out quantitative assignment on each label in the label data set to obtain a label data set based on the quantitative assignment of the label; when the data labels in the label data set are complete, determining target labels in the label data set through a preset algorithm based on the label data set to obtain a target item set; and generating and outputting a white portrait of the suspected object according to the target item set.
Optionally, the matching module is specifically configured to: matching the tag sets with tags corresponding to the auxiliary locking portrait of the suspected object according to a preset matching rule, outputting portrait matching results corresponding to the tag sets, and when the matching results indicate that all tags in the tag sets corresponding to the object to be detected fall in a non-coloring area, sorting the matching results according to the number of successfully matched tags and outputting corresponding matching results; and when the matching result is that the labels in the label set corresponding to the object to be detected fall in a dark coloring area or light coloring, sorting the matching result according to the number of the coloring labels in the successfully matched labels, and outputting the corresponding matching result.
Optionally, the coloring module is specifically configured to: when the risk weight index of the label is larger than a first preset threshold value, marking the label as a high-risk label; when the risk weight index of the label is larger than a second preset threshold value and is smaller than a first preset threshold value, marking the label as a medium risk label; when the risk weight index of the label is smaller than a second preset threshold value, marking the label as a low-risk label; and based on the risk weight index, deeply coloring the high-risk label, shallowly coloring the medium-risk label, not coloring the low-risk label, and generating an auxiliary locking portrait of the suspected object, wherein the first preset threshold is larger than the second preset threshold.
Optionally, the calculation module is specifically configured to:
acquiring a plurality of labels in the white portrait of the suspected object, respectively calculating risk weight indexes of the labels, and arranging the labels according to a preset sequence based on the risk weight indexes;
wherein the risk weight index calculation formula is as follows:
R=M/T,M=w*n;
wherein, R represents a risk weight index, M represents an objective risk weight, T represents a risk tolerance, w represents a tag cumulative frequency, and n represents a correlation loss, which is a constant.
Further, in order to achieve the above object, the present invention further provides a suspected risk object monitoring apparatus, where the suspected risk object monitoring apparatus includes a memory, a processor, and a suspected risk object monitoring program stored in the memory and operable on the processor, and the suspected risk object monitoring program is executed by the processor to implement the steps of the suspected risk object monitoring method.
Further, to achieve the above object, the present invention further provides a computer readable storage medium, where a suspected risk object monitoring program is stored on the computer readable storage medium, and when the suspected risk object monitoring program is executed by a processor, the steps of the suspected risk object monitoring method are implemented.
The method comprises the steps of acquiring data information containing a unique identification field of an object to be detected in advance, connecting the unique identification field with other field information of the object to be detected in series to obtain information chains of the object to be detected, converting the field information in each information chain into a label format, and generating a corresponding label set; and according to a preset matching rule, sequentially matching the labels in each label set with the labels used for describing the characteristics of the suspected objects in the preset suspected object auxiliary locking portrait, and determining a matching result. And calculating the matching degree of the corresponding portrait matching result of each object to be detected according to the matching result, and outputting the unique identification field information of the corresponding risk suspicion object according to the matching degree. According to the method and the device, automatic screening of mass data raw materials is realized, a risk suspect object list which is strongly associated with risk events is obtained, and therefore the risk suspect objects can be identified more quickly and locked in an auxiliary mode.
Drawings
FIG. 1 is a schematic structural diagram of an equipment hardware operating environment according to an embodiment of the suspected risk object monitoring equipment of the present invention;
FIG. 2 is a schematic flow chart of a suspected risk object monitoring method according to a first embodiment of the present invention;
FIG. 3 is a flowchart illustrating a suspected risk object monitoring method according to a second embodiment of the present invention;
FIG. 4 is a schematic view of a detailed process of step S220 in FIG. 3;
FIG. 5 is a flowchart illustrating a detailed process of step S2205 in FIG. 4;
FIG. 6 is a schematic view of a detailed process of step S140 in FIG. 2;
FIG. 7 is a schematic view of a detailed process of one embodiment of step S230 in FIG. 3;
FIG. 8 is a schematic view of a detailed process of step S240 in FIG. 3;
fig. 9 is a schematic functional block diagram of an embodiment of the suspected risk object monitoring device according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a risk suspicion object monitoring device.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an apparatus hardware operating environment according to an embodiment of the suspected risk object monitoring apparatus of the present invention.
As shown in fig. 1, the suspected risk monitoring apparatus may include: a processor 1001, such as a CPU, a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a memory device separate from the processor 1001 described above.
Those skilled in the art will appreciate that the hardware configuration of the suspected risk monitoring facility shown in fig. 1 does not constitute a limitation of the suspected risk monitoring facility, and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer-readable storage medium, may include therein an operating system, a network communication module, a user interface module, and a suspected risk object monitoring program. The operating system is a program for managing and controlling the risk suspected object monitoring equipment and software resources, and supports the operation of a network communication module, a user interface module, a risk suspected object monitoring program and other programs or software; the network communication module is used to manage and control the network interface 1004; the user interface module is used to manage and control the user interface 1003.
In the hardware structure of the suspected risk object monitoring device shown in fig. 1, the network interface 1004 is mainly used for connecting to a system background and performing data communication with the system background; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; the suspected risk monitoring apparatus invokes a suspected risk monitoring program stored in the memory 1005 via the processor 1001 and performs the operations of the following embodiments of the suspected risk monitoring method.
Based on the above hardware structure of the suspected risk object monitoring device, the embodiments of the suspected risk object monitoring method of the present invention are provided.
Referring to fig. 2, fig. 2 is a schematic flow chart of a method for monitoring suspected risk objects according to a first embodiment of the present invention. In this embodiment, the method for monitoring suspected risk objects includes the following steps:
step S110, acquiring first data information of all objects to be detected, which is input in advance according to a uniform field format, wherein the first data information comprises unique identification field information of the objects to be detected;
in this embodiment, the first relevant data information of the object to be detected refers to data information of the object to be detected, where a security auditor needs to determine whether a risk suspicion object exists. And inputting the data information according to a uniform field format, wherein the data information of each object to be detected comprises unique identification field information which can confirm the object to be detected. For example, employee job number, or identification number, etc.
Step S120, the unique identification field information of each object to be detected is respectively used as a main key of each information chain, and all the field information of each object to be detected is respectively connected in series to obtain the information chain of each object to be detected;
in this embodiment, the primary key refers to a primary key, which is one or more fields in the table, and its value is used to uniquely identify a record in the table. For example, there is one piece of data information of three: zhang three men, age >30, with penalty history, job number zhangsan748, wherein the job number zhangsan748 can be used as a primary key of the data message to confirm Zhang three.
In the present embodiment, the information chain refers to an information chain from fact information and the like to information, for example, lei si men, age >30, history of punishment, job number lisi668, highest scholarship subject, maiden, ethnic, birthday, native place, great name, and information of all fields thereof constitutes an information chain about lei si. And (3) connecting the unique identity of each object to be detected, such as the work number, with all field information corresponding to the object to be detected in series to obtain data information, namely the information chain of Liqu.
Step S130, converting the format of the field information in each information chain according to a preset label format to obtain a label set corresponding to each information chain;
in this embodiment, the field information in each information chain is processed according to a preset tag format to generate field information in a tag format, and the generated field information in each tag format is a tag.
In this embodiment, the tag refers to certain data information of the object to be detected, for example: age, highest school calendar, nationality, birthday, native place, etc. are all labels that describe the basic information of a certain person.
The information chain has a plurality of fields, each field can generate a corresponding label, so when the field information in the information chain is subjected to label translation, a plurality of labels can be generated. For example, zhangsan748 (primary key) -male, age >30, with penalty history, belonging to field service, having a common account number, and after format conversion processing, is zhangsan748- {1, 5, 10, 14, 16}, where a set of multiple generated tags is called a tag set, such as zhangsan748- {1, 5, 10, 14, 16 }.
Step S140, sequentially carrying out label matching on each label set and a label corresponding to a preset suspected object auxiliary locking portrait based on a preset matching rule to obtain a portrait matching result corresponding to each label set, wherein the suspected object auxiliary locking portrait is composed of the label sets for describing the characteristics of the suspected object;
in this embodiment, there are two preset matching rules, including: a non-colored matching pattern and a colored matching pattern. And sequentially carrying out label matching on each label set and a preset suspected object auxiliary locking tool to obtain an portrait matching result corresponding to each label set.
Step S150, calculating the matching degree of the corresponding portrait matching results of each object to be detected, and sequentially judging whether each matching degree is greater than a preset threshold value;
in this embodiment, according to the portrait matching result corresponding to each object to be detected, the matching degree between the tag set corresponding to each object to be detected and the suspect object auxiliary locking portrait is calculated, and whether the matching degree is greater than a preset threshold value is determined.
And step S160, if yes, taking the corresponding object to be detected as a risk suspected object and outputting the unique identification field information of the risk suspected object according to the risk grade.
In this embodiment, if the matching degree is greater than a preset threshold, the corresponding detected object is used as a target of the suspected risk object, the unique identification field information of the suspected risk object is output according to the risk level, and the specific suspected risk object is determined according to the unique identification field information.
For example, the following steps: images {2, 5, 7, 8, 12 (non-colored region) |15 (light), 21, 23 (colored region) } a2{1, 7, 23}, B2{2, 5, 7, 8, 12, 15}, and C2{6, 15, 21}, then the matching result is output as C2, a2, B2, and simultaneously unique id field information C2, a2, B2 corresponding to C2, a2, B2 is output.
In the embodiment, all data information containing the unique identity identification field of the object to be detected is obtained in advance, the unique identity identification field is connected with other field information of the object to be detected in series to obtain information chains of each object to be detected, and then the field information in each information chain is converted into a label format to generate a corresponding label set; and according to a preset matching rule, sequentially matching the labels in each label set with the labels used for describing the characteristics of the suspected objects in the preset suspected object auxiliary locking portrait, and determining a matching result. And calculating the matching degree of the corresponding portrait matching result of each object to be detected according to the matching result, and outputting the unique identification field information of the corresponding risk suspicion object according to the matching degree. According to the embodiment, automatic screening of mass data raw materials is realized, the list of the risk suspicion objects which are strongly associated with risk events is obtained, and then the risk suspicion objects can be identified more quickly and locked in an auxiliary mode.
Referring to fig. 3, fig. 3 is a schematic flow chart of a suspected risk object monitoring method according to a second embodiment of the present invention. In this embodiment, before the step S110, the method further includes:
step S210, acquiring second data information of all risk behavior objects;
in this embodiment, the second relevant data of the risk behavior object is relevant data information of a risk behavior object related to the current information security risk event.
Step S220, generating a white portrait of the suspected object based on the second data information;
in this embodiment, according to the second related data information of all risk behavior objects, the corresponding data information is output according to a preset tag format, a corresponding tag is generated, all the generated tags form a corresponding tag data set, and a suspect object white portrait is generated according to the tag data set.
Step S230, acquiring all labels in the white portrait of the suspected object based on the white portrait of the suspected object, and calculating risk weight indexes of all labels;
in this embodiment, all the label information in the white portrait of the suspected object is obtained, and the risk weight index of each label is calculated, wherein each label may be divided according to the difference of the risk weight index, and includes three kinds of labels: high risk tags, medium risk tags, and low risk tags.
And step S240, respectively coloring and marking each label based on the risk weight index, and generating an auxiliary locking portrait of the suspected object, wherein the high-risk label is deeply colored, the medium-risk label is lightly colored, and the low-risk label is not colored.
In this embodiment, the labels are arranged from high to low by calculating the risk weight index of each label, the labels in the first 20% of the rows of the risk weight index are deeply colored, the labels in the 20% -50% of the rows are lightly colored, and the labels in the last 50% of the rows are not colored. The regions of the image composed of lightly colored and deeply colored labels are colored regions, and the regions of the image composed of labels that are not colored are non-colored regions. And after all the labels are colored, generating an auxiliary locking portrait of the suspected object.
Referring to fig. 4, fig. 4 is a schematic view of a detailed flow of the step S220 in fig. 3. Based on the foregoing embodiment, in this embodiment, the foregoing step S220 further includes:
step S2201, reading unique identification field information of each risk behavior object included in the second data information;
in this embodiment, the relevant data information of all risk behavior objects is input according to the same field format, such as: gender, age, native place, highest school calendar, whether terminal privileges are available, etc. Wherein, these field information include the unique identification field information of the risk behavior object. The unique identity of the risky behavior object refers to unique field information that can determine the identity of the risky behavior object, for example, a job number or an identification number.
Step S2202, respectively using the unique identification field information of each risk behavior object as a main key, and connecting the main key with the field information of the risk behavior object in series to generate a plurality of information chains associated with all the main keys;
in this embodiment, the primary key refers to a primary key, which is one or more fields in the table, and its value is used to uniquely identify a record in the table. For example, there is one piece of data information of three: zhang three men, age >30, with penalty history, job number zhangsan748, wherein the job number zhangsan748 can be used as a primary key of the data message to confirm Zhang three.
In this embodiment, the unique id of the risk behavior object is used as a primary key and is connected in series with other field information of the risk behavior object, and the generated data information is an information chain of the risk behavior object. The information chain refers to an information chain from fact information and the like to information, for example, Liquan, age >30, punishment history, job number lisi668, highest scholarship subject, maiden, ethnic, birthday, native place, great name, and information of all fields constitutes the information chain about Liquan.
Step S2203, based on the plurality of information chains, performing format conversion on the field information in the plurality of information chains according to a preset label format to generate a plurality of labels in the preset format;
in this embodiment, the field information in each information chain is processed according to a preset tag format to generate field information in a tag format, and the generated field information in each tag format is a tag.
In this embodiment, the tag refers to certain data information of the object to be detected, for example: age, highest school calendar, ethnicity, birthday, native place, etc. fields for recording the basic information of a certain person.
The information chain has a plurality of fields, each field can generate a corresponding label, so when the field information in the information chain is subjected to label translation, a plurality of labels can be generated. For example, Zhangsan748 (primary key) -male, age >30, penalty history, field duty, presence of common account number, translated as Zhangsan748- {1, 5, 10, 14, 16 }.
Step S2204, classifying the plurality of labels according to a preset analysis dimension and outputting a label data set;
in this embodiment, the generated set composed of a plurality of tags is called a tag set. For example, zhangsan748 (primary key) -male, age >30, penalty history, field duty, presence of common account number, and set of translated tags is zhangsan748- {1, 5, 10, 14, 16 }. And further, labeling and classifying field information in the information chains corresponding to all risk behavior objects according to different dimension attributes until all input field information completes labeling and classification according to the dimension attributes, and outputting the result to form a label data set.
Step S2205, generating a white portrait of the suspected object based on the label data set.
In this embodiment, the tag information in the generated tag data set is processed to find out the tag output with the strongest association. For example, which tag features are frequently appeared and have the highest association degree with the risk action in the tag features of the inventory risk behavior object are checked. And pruning the labels with low relevance degree layer by utilizing pruning to gradually obtain a final target item set with the highest relevance degree and generate a white portrait of the suspected object.
Further, after the step S2204, the method further includes:
verifying the integrity of the data tags in the tag dataset;
in this embodiment, the output tag data set is checked. And randomly extracting n risk behavior object main keys and information chains, matching the label integrality of related data in the label set according to the main key information, and observing whether omission exists or not. And if the input label is not complete, an alarm prompt is given to the display interface, and the user can select to remove the sample data with problems.
Referring to fig. 5, fig. 5 is a schematic view of a detailed flow of the step S2205 in fig. 4. Based on the foregoing embodiment, in this embodiment, the foregoing step S2205 further includes:
step S101, carrying out quantitative assignment on each label in the label data set to obtain a label data set based on the quantitative assignment of the label;
in this embodiment, the labels are quantitatively assigned, for example, 1 for male, 2 for female, 3 for age [20, 25 ]; the age (25, 30) is 4, the age (30,100) is 5, the nationality (han nationality) is 6, the nationality (non-han nationality) is 7, the highest academic calendar (the current subject) is 8, the highest academic calendar (the current subject) is 9 and the like until the last label n, and a feature set based on label quantitative assignment is obtained, namely a label data set based on label quantitative assignment [1.
Step S102, if the data label is complete, determining a target label in the label data set through a preset algorithm based on the label data set to obtain a target item set;
in this embodiment, if all the tag data are complete, all the tags in the tag data set are processed according to a preset algorithm to obtain a plurality of tags with strong relevance, where the plurality of tags are target tags, and a set formed by the target tags is a target item set. For example, iterative pruning is performed on the tag data set by using Apriori algorithm principle, and a target tag with strong relevance is output after iterative pruning. And obtaining a final target item set by using the target labels.
And step S103, generating and outputting a white portrait of the suspected object according to the target item set.
In this embodiment, a white portrait of the suspected object is generated and output according to the target item set, for example, if the finally output target item set k is {1, 5, 6, 8, 11, 13, 15, 17, 18, 20}, it is described that the feature of the universal strong association tag of the past risk suspected object is: the male is more than 30 years old, Chinese, the subject calendar, has no penalty history, does not belong to the management layer, is not the outwork, is not the common account, has the operation frequency of more than 10 at night, has frequent operation, and generates the white portrait of the suspect according to the strong-correlation label characteristics.
Referring to fig. 6, fig. 6 is a schematic view of a detailed flow of the step S140 in fig. 2. Based on the foregoing embodiment, in this embodiment, the foregoing step S140 further includes:
step S1401, matching the tag sets with tags corresponding to the suspected object auxiliary locking portrait according to a preset matching rule, and outputting portrait matching results corresponding to the tag sets;
in this embodiment, the portrait generated by the tags in the tag set is matched with the suspect assisted locked portrait, and the matching result is output.
In this embodiment, there are two types of preset matching rules: a non-colored matching pattern and a colored matching pattern. And sequentially carrying out label matching on each label set and a preset suspected object auxiliary locking tool to obtain an portrait matching result corresponding to each label set.
In this embodiment, the suspect assisted locking portrait is a special tag set, which includes a plurality of tags, and is a set of tags. And calculating the risk weight indexes of the labels, coloring the first 50% of the labels, and not coloring the last 50% of the labels, namely focusing on the risk characteristics corresponding to the first 50% of the labels. The colored label is composed of areas which are colored areas, and areas which are not colored are called non-colored areas.
In this embodiment, the non-coloring matching mode is to match the tags in the tag set with the tags in the suspect assisted-locked portrait, and if all the tags that are successfully matched are non-coloring tags, that is, all the tags fall in a non-coloring area, the tags are preferentially sorted according to the number of the tags, and then output. Such as: images {2, 5, 7, 8, 12 (non-colored region) |15, 21, 23 (colored region) }, a1{2, 512}, B1{1, 3, 6}, and C1{2, 7}, and the matching results are output as a1 and C1.
In this embodiment, the coloring matching mode is to match the tags in the tag set with the tags in the suspect assisted-locked portrait, and if the tags that are successfully matched have colored tags, that is, if all or a part of the tags fall in a colored area, output the tags preferentially according to the result of the coloring portrait matching. Such as: images {2, 5, 7, 8, 12 (non-colored region) |15 (shallow), 21, 23 (colored region) }, a2{1, 7, 23}, B2{2, 5, 7, 8, 12, 15}, and C2{6, 15, 21}, and the matching results are output as C2, a2, and B2
Step S1402, if the matching result is that all the labels in the label set corresponding to the object to be detected fall in the non-coloring area, sorting the matching result according to the number of successfully matched labels, and outputting a corresponding matching result;
in this embodiment, if all the tags in the tag set correspond to the area formed by the non-colored tags in the suspect object auxiliary locking portrait, the tags are preferentially sorted according to the number of the same tags in the tag set corresponding to the object to be detected and then output. Such as: if the images {2, 5, 7, 8, 12 (non-colored regions), A1{2, 5, 12}, B1{1, 3, 6}, and C1{2, 7}, the output matching results are A1, C1, A1 has 3 tags corresponding to the same number of tags in the suspect object auxiliary lock image, C1 has 2 tags corresponding to the same number of tags in the suspect object auxiliary lock image, and 3 is greater than 2, so the output matching results are A1, and C1.
Step S1403, if the matching result is that the labels in the label set corresponding to the object to be detected fall in the dark coloring area or the light coloring area, the matching result is sorted according to the number of the coloring labels in the successfully matched labels, and the corresponding matching result is output;
in this embodiment, if the tags in the tag set correspond to the area formed by the colored tags in the suspect assisted-locked portrait, the colored portrait matching result is preferentially sorted according to the chromaticity and then output. Such as: images {2, 5, 7, 8, 12 (non-colored region) |15 (light colored region) |21, 23 (dark colored region), a2{1, 7, 23}, B2{2, 5, 7, 8, 12, 15}, and C2{6, 15, 21}, then matching results are output as C2, a2, B2.
Referring to fig. 7, fig. 7 is a schematic view of a detailed flow of the step S230 in fig. 3. Based on the foregoing embodiment, in this embodiment, the foregoing step S230 further includes:
step S2301, acquiring a plurality of labels in the white portrait of the suspected object;
in this embodiment, the suspected white portrait is drawn based on the target item set composed of a plurality of tags, so that there are many tags in the suspected white portrait.
Step S2302, respectively calculating risk weight indexes of the labels, and arranging the labels according to a preset sequence based on the risk weight indexes;
wherein the risk weight index is calculated using the formula:
R=M/T,M=w*n;
wherein, R represents a risk weight index, M represents an objective risk weight, T represents a risk tolerance, w represents a tag cumulative frequency, and n represents a correlation loss, which is a constant.
In this embodiment, n is the correlation loss and is set as a constant since only the frequency and tolerance relationship is discussed.
In this embodiment, a security auditor performs custom setting according to risk tolerance of different risk tags, and assumes that "age > 30" is an accumulated frequency w of the tag is 115, which is set to be high tolerance of 0.8; and the cumulative frequency w of the tag "the number of night operations > 10" is 70, which is set to a low tolerance of 0.2.
Taking the above scenario as an example:
A) r ("age > 30") (115 × n)/0.8 × 143.75n, ranging from 20% to 50%;
B) r ("number of nighttime operations > 10") - (70 × n)/0.2 ═ 350n, the arrangement belonged to the top 20%.
Referring to fig. 8, fig. 8 is a schematic view of a detailed flow of the step S240 in fig. 3. Based on the foregoing embodiment, in this embodiment, the foregoing step S240 further includes:
step S2401, if the risk weight index of the label is greater than a first preset threshold, marking the label as a high-risk label;
in this embodiment, by calculating the risk weight indexes of the tags and arranging the risk weight indexes from high to low, if the risk weight indexes of the tags are 20% before the arrangement, that is, if the preset first threshold is 0.8, the corresponding tag is marked as a high risk tag.
Such as: assume that the cumulative frequency w of the tag "the number of night operations > 10" is 70, which is set to a low tolerance of 0.2. Taking the above scenario as an example:
r ("number of night operations > 10") (70 × n)/0.2 ═ 350n, and the ranking belongs to the top 20%, that is, the risk weight index ("number of night operations > 10") >0.8, then the label "number of night operations > 10" is labeled as a high risk label.
Step S2402, if the risk weight index of the label is greater than a second preset threshold and smaller than the first preset threshold, marking the label as a medium risk label;
in this embodiment, by calculating the risk weight indexes of the labels and arranging the risk weight indexes from high to low, if 20% to 50% of the risk weight index rows of the labels are also preset that the first threshold is 0.8, the second threshold is 0.5, and 0.5< risk weight index <0.8, the corresponding label is marked as a medium risk label.
Such as: assume that the cumulative frequency w of the tag "age > 30" is 115, set to a high tolerance of 0.8. Taking the above scenario as an example:
the label "age > 30" is labeled as a medium risk label if the arrangement is 20% -50%, i.e., 0.5< risk weight index ("age > 30") <0.8 ═ 143.75n (115 × n)/0.8 ═ 143.75 n.
Step S2403, if the risk weight index of the label is smaller than the second preset threshold, marking the label as a low-risk label;
in this embodiment, by calculating the risk weight indexes of the labels and arranging the risk weight indexes from high to low, if the risk weight indexes of the labels are arranged 50% later, that is, the risk weight indexes are less than 0.5, the corresponding labels are labeled as low-risk labels.
Step S2404, based on the risk weight index, deep coloring the high risk label, shallow coloring the medium risk label, and not coloring the low risk label, and generating a suspect assisted locked portrait.
In this embodiment, according to the value of the risk weight index, the risk degree of the label is marked, the high-risk labels are deeply colored, the medium-risk labels are lightly colored, and after the low-risk labels are not colored, the corresponding suspect auxiliary locking portrait is generated. For example, if the tag "number of night operations > 10" is a high-risk tag, the tag "number of night operations > 10" is colored in a dark color, and if the tag "age > 30" is a medium-risk tag, the tag "age > 30" is colored in a light color, and if the tag "age < 20" is a low-risk tag, the tag "age < 20" is not colored, that is, is not colored.
Referring to fig. 9, fig. 9 is a functional module schematic diagram of an embodiment of the suspected risk object monitoring device of the present invention. In this embodiment, the suspected risk object monitoring device includes:
the information acquisition module 10 is configured to acquire first data information of all objects to be detected, which is input in advance according to a uniform field format, where the first data information includes unique identification field information of the objects to be detected;
the field processing module 20 is configured to use the unique identification field information of each object to be detected as a primary key of each information chain, and respectively connect all the field information of each object to be detected in series to obtain the information chain of each object to be detected;
the format conversion module 30 is configured to perform format conversion on the field information in each information chain according to a preset tag format, so as to obtain a tag set corresponding to each information chain;
the matching module 40 is used for sequentially performing label matching on each label set and a label corresponding to a preset suspected object auxiliary locking portrait based on a preset matching rule to obtain a portrait matching result corresponding to each label set, wherein the suspected object auxiliary locking portrait is composed of the label sets used for describing the characteristics of the suspected object;
the judging module 50 is used for calculating the matching degree of the corresponding portrait matching results of each object to be detected and sequentially judging whether each matching degree is greater than a preset threshold value;
and the output module 60 is configured to, if the matching degree is greater than a preset threshold, take the corresponding object to be detected as a suspected risk object and output the unique identity field information of the suspected risk object according to the risk level.
Optionally, in a specific embodiment, the apparatus for monitoring suspected risk further includes:
the sample acquisition module is used for acquiring second data information of all risk behavior objects;
the white portrait generating module is used for generating a white portrait of the suspected object based on the second data information;
the calculation module is used for acquiring all labels in the white portrait of the suspected object based on the white portrait of the suspected object and calculating the risk weight indexes of all the labels;
and the coloring module is used for respectively coloring and marking each label based on the risk weight index to generate a suspect object auxiliary locking portrait, wherein the high-risk labels are deeply colored, the medium-risk labels are lightly colored, and the low-risk labels are not colored.
Optionally, in a specific embodiment, the generating module includes:
the reading unit is used for reading the unique identity field information of the object to be detected contained in the second data information of all the risk behavior objects;
the identification unit is used for respectively taking the unique identity identifications of all the risk behavior objects as main keys, and simultaneously connecting the main keys in series with the field information of the risk behavior objects to generate a plurality of information chains associated with all the main keys;
the format conversion unit is used for carrying out format conversion on the field information in the information chains according to a preset label format based on the information chains to generate a plurality of labels in the preset format;
the classification unit is used for classifying the labels according to a preset analysis dimension and outputting a label data set;
and the generating unit is used for generating a white portrait of the suspected object based on the label data set.
Optionally, in a specific embodiment, the generating module further includes:
the verification unit is used for verifying the integrity of the data tags in the tag data set;
the generating unit is specifically configured to:
carrying out quantitative assignment on each label in the label data set to obtain a label data set based on the quantitative assignment of the label; when the data labels in the label data set are complete, determining target labels in the label data set through a preset algorithm based on the label data set to obtain a target item set; and the target item set generating subunit is used for generating and outputting a white portrait of the suspected object according to the target item set.
Optionally, in a specific embodiment, the matching module is specifically configured to: matching the tag sets with tags corresponding to the auxiliary locking portrait of the suspected object according to a preset matching rule, outputting portrait matching results corresponding to the tag sets, and when the matching results indicate that all tags in the tag sets corresponding to the object to be detected fall in a non-coloring area, sorting the matching results according to the number of successfully matched tags and outputting corresponding matching results; and when the matching result is that the labels in the label set corresponding to the object to be detected fall in the coloring area, sorting the matching result according to the number of the coloring labels in the successfully matched labels, and outputting the corresponding matching result.
Optionally, in a specific embodiment, the coloring module is specifically configured to: when the risk weight index of the label is larger than a first preset threshold value, marking the label as a high-risk label; when the risk weight index of the label is larger than a second preset threshold value and is smaller than a first preset threshold value, marking the label as a medium risk label; when the risk weight index of the label is smaller than a second preset threshold value, marking the label as a low-risk label; and based on the risk weight index, deeply coloring the high-risk label, shallowly coloring the medium-risk label, not coloring the low-risk label, and generating an auxiliary locking portrait of the suspected object, wherein the first preset threshold is larger than the second preset threshold.
Optionally, in a specific embodiment, the calculation module is specifically configured to:
acquiring a plurality of labels in the white portrait of the suspected object, respectively calculating risk weight indexes of the labels, and arranging the labels according to a preset sequence based on the risk weight indexes;
wherein the risk weight index calculation formula is as follows:
R=M/T,M=w*n;
wherein, R represents a risk weight index, M represents an objective risk weight, T represents a risk tolerance, w represents a tag cumulative frequency, and n represents a correlation loss, which is a constant.
The method for monitoring the suspected risk object provided by the embodiment overcomes the defects of the current security audit in the field of identification and locking of the suspected object, and provides an analysis and auxiliary tool with artificial dimensionality. The safety auditor can utilize an automation tool to automatically screen the mass data raw materials, obtain a list of the risk suspicion objects which are strongly associated with the risk events, and can quickly identify and assist in locking the risk suspicion objects without generally investing a large amount of human resources like a traditional method.
Based on the same contents of the embodiment as those of the method for monitoring suspected risk object of the present invention, the contents of the embodiment of the apparatus for monitoring suspected risk object are not described in detail in this embodiment.
The invention also provides a computer readable storage medium.
In this embodiment, a suspected risk object monitoring program is stored on the computer readable storage medium, and when being executed by a processor, the suspected risk object monitoring program implements the steps of the suspected risk object monitoring method described in any one of the above embodiments. The method implemented when the suspected risk object monitoring program is executed by the processor may refer to the embodiments of the suspected risk object monitoring method of the present invention, and thus, the description thereof is not repeated.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM), and includes instructions for causing a terminal (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The present invention is described in connection with the accompanying drawings, but the present invention is not limited to the above embodiments, which are only illustrative and not restrictive, and those skilled in the art can make various changes without departing from the spirit and scope of the invention as defined by the appended claims, and all changes that come within the meaning and range of equivalency of the specification and drawings that are obvious from the description and the attached claims are intended to be embraced therein.

Claims (10)

1. A method for monitoring a suspected risk object is characterized by comprising the following steps:
acquiring first data information of all objects to be detected, which is input in advance according to a uniform field format, wherein the first data information comprises unique identification field information of the objects to be detected;
respectively taking the unique identification field information of each object to be detected as a main key of each information chain, and respectively connecting all the field information of each object to be detected in series to obtain the information chain of each object to be detected;
respectively carrying out format conversion on field information in each information chain according to a preset label format to obtain a label set corresponding to each information chain;
on the basis of a preset matching rule, sequentially carrying out label matching on each label set and a label corresponding to a preset suspected object auxiliary locking picture to obtain a picture matching result corresponding to each label set, wherein the suspected object auxiliary locking picture is composed of the label sets for describing the characteristics of the suspected object;
calculating the matching degree of the corresponding portrait matching result of each object to be detected, and sequentially judging whether each matching degree is greater than a preset threshold value;
and if so, taking the corresponding object to be detected as a risk suspected object and outputting the unique identity identification field information of the risk suspected object according to the risk grade.
2. The method for monitoring suspected risk objects according to claim 1, wherein before the step of obtaining the first related data information of all objects to be detected, which is input in advance according to a uniform field format, the method further comprises:
acquiring second data information of all risk behavior objects;
generating a white portrait of the suspected object based on the second data information;
acquiring all labels in the white portrait of the suspected object based on the white portrait of the suspected object, and calculating risk weight indexes of all the labels;
and respectively coloring and marking each label based on the risk weight index to generate a suspect object auxiliary locking portrait, wherein the high risk labels are deeply colored, the middle risk labels are lightly colored, and the low risk labels are not colored.
3. The method of claim 2, wherein generating a whitepicture of the suspect object based on the second data information comprises:
reading the unique identification field information of each risk behavior object contained in the second data information;
respectively taking the unique identity identification field information of each risk behavior object as a main key, and connecting the main key with the field information of the risk behavior object in series to generate a plurality of information chains associated with all the main keys;
based on the plurality of information chains, carrying out format conversion on field information in the plurality of information chains according to a preset label format to generate a plurality of labels in the preset format;
classifying the plurality of labels according to a preset analysis dimension and outputting a label data set;
and generating a white portrait of the suspected object based on the label data set.
4. The method of claim 3, wherein after the step of classifying the plurality of tags according to a predetermined analysis dimension and outputting a tag data set, further comprising,
verifying the integrity of the data tags in the tag dataset;
said generating a white picture of a suspect object based on said set of tag data comprises,
carrying out quantitative assignment on each label in the label data set to obtain a label data set based on the quantitative assignment of the label;
if the data labels in the label data set based on the label quantitative assignment are complete, determining target labels in the label data set based on the label quantitative assignment through a preset algorithm to obtain a target item set;
and generating and outputting a white portrait of the suspected object according to the target item set.
5. The method for monitoring the suspected risk object according to claim 2, wherein the step of sequentially performing label matching on the label sets and labels corresponding to the auxiliary locked images of the suspected object based on the preset matching rules to obtain the image matching results corresponding to the label sets comprises:
matching the tag sets with tags corresponding to the auxiliary locking portrait of the suspected object according to a preset matching rule, and outputting portrait matching results corresponding to the tag sets;
if the matching result is that all the labels in the label set corresponding to the object to be detected fall in the non-coloring area, sorting the matching result according to the number of the successfully matched labels, and outputting the corresponding matching result;
and if the matching result is that the labels in the label set corresponding to the object to be detected fall in the dark coloring area or the light coloring area, sorting the matching result according to the number of the coloring labels in the successfully matched labels, and outputting the corresponding matching result.
6. The method of claim 2, wherein the step of color-marking each tag based on the risk weight index to generate a suspect assisted locked sketch comprises:
if the risk weight index of the label is larger than a first preset threshold value, marking the label as a high-risk label;
if the risk weight index of the label is larger than a second preset threshold and smaller than the first preset threshold, marking the label as a medium risk label;
if the risk weight index of the label is smaller than the second preset threshold, marking the label as a low-risk label;
based on the risk weight index, deeply coloring the high-risk label, lightly coloring the medium-risk label and not coloring the low-risk label to generate a suspect object auxiliary locking portrait;
wherein the first preset threshold is greater than the second preset threshold.
7. The method of claim 2, wherein the obtaining all labels in the white portrait of the suspected object based on the white portrait of the suspected object and calculating the risk weight indexes of all labels comprises:
acquiring a plurality of labels in the white portrait of the suspected object;
respectively calculating risk weight indexes of the labels, and arranging the labels according to a preset sequence based on the risk weight indexes;
wherein the risk weight index calculation formula is as follows:
R=M/T,M=w*n;
wherein, R represents a risk weight index, M represents an objective risk weight, T represents a risk tolerance, w represents a tag cumulative frequency, and n represents a correlation loss, which is a constant.
8. A suspected risk monitoring device, comprising:
the information acquisition module is used for acquiring first data information of all objects to be detected, which is input in advance according to a uniform field format, wherein the first data information comprises unique identification field information of the objects to be detected;
the field processing module is used for respectively taking the unique identification field information of each object to be detected as a main key of each information chain, and respectively connecting all the field information of each object to be detected in series to obtain the information chain of each object to be detected;
the format conversion module is used for respectively carrying out format conversion on the field information in each information chain according to a preset label format to obtain a label set corresponding to each information chain;
the matching module is used for sequentially performing label matching on each label set and a label corresponding to a preset suspected object auxiliary locking portrait based on a preset matching rule to obtain a portrait matching result corresponding to each label set, wherein the suspected object auxiliary locking portrait is composed of the label sets used for describing the characteristics of the suspected object;
the judging module is used for calculating the matching degree of the corresponding portrait matching result of each object to be detected and sequentially judging whether each matching degree is greater than a preset threshold value;
and the output module is used for taking the corresponding object to be detected as a risk suspected object and outputting the unique identity field information of the risk suspected object according to the risk grade if the matching degree is greater than a preset threshold value.
9. A suspected risk object monitoring apparatus comprising a memory, a processor and a suspected risk object monitoring program stored on the memory and executable on the processor, the suspected risk object monitoring program when executed by the processor implementing the steps of the suspected risk object monitoring method as claimed in any one of claims 1-7.
10. A computer-readable storage medium, on which a suspected object of risk monitoring program is stored, which, when executed by a processor, implements the steps of the suspected object of risk monitoring method according to any one of claims 1-7.
CN202010032782.2A 2020-01-13 2020-01-13 Method, device and equipment for monitoring suspected risk object and readable storage medium Pending CN111209315A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010032782.2A CN111209315A (en) 2020-01-13 2020-01-13 Method, device and equipment for monitoring suspected risk object and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010032782.2A CN111209315A (en) 2020-01-13 2020-01-13 Method, device and equipment for monitoring suspected risk object and readable storage medium

Publications (1)

Publication Number Publication Date
CN111209315A true CN111209315A (en) 2020-05-29

Family

ID=70784354

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010032782.2A Pending CN111209315A (en) 2020-01-13 2020-01-13 Method, device and equipment for monitoring suspected risk object and readable storage medium

Country Status (1)

Country Link
CN (1) CN111209315A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112688947A (en) * 2020-12-25 2021-04-20 南通海睿知新信息科技有限公司 Internet-based network communication information intelligent monitoring method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112688947A (en) * 2020-12-25 2021-04-20 南通海睿知新信息科技有限公司 Internet-based network communication information intelligent monitoring method and system

Similar Documents

Publication Publication Date Title
US20240087102A1 (en) Automatic Image Based Object Damage Assessment
CN109872162B (en) Wind control classification and identification method and system for processing user complaint information
WO2013129548A1 (en) Document classification system, document classification method, and document classification program
Palmer et al. Forensic analysis in the digital world
WO2022262752A1 (en) Information recommendation method and apparatus based on data interaction, and device and storage medium
CN112632405A (en) Recommendation method, device, equipment and storage medium
CN112270222A (en) Information standardization processing method, equipment and computer readable storage medium
CN107644045B (en) Processing method and device for insuring data
CN111209315A (en) Method, device and equipment for monitoring suspected risk object and readable storage medium
EP3217282A1 (en) System for using login information and historical data to determine processing for data received from various data sources
CN114385609A (en) Label-based government affair event processing system, method, equipment and storage medium
CN113420018A (en) User behavior data analysis method, device, equipment and storage medium
CN111967437A (en) Text recognition method, device, equipment and storage medium
WO2022262774A1 (en) Information exchange method, apparatus and device, and storage medium
WO2022262775A1 (en) Information processing method and apparatus based on data exchange, and device and storage medium
CN113239126A (en) Business activity information standardization scheme based on BOR method
CN114238768A (en) Information pushing method and device, computer equipment and storage medium
CN112990713A (en) Method, system and storage medium for evaluating engineering consultation service in whole process
JP7015725B2 (en) Data preparation method and data utilization system related to data utilization
Kelley et al. Honey sources: neural network approach to bee species classification
JP2019185582A5 (en)
CN113592368B (en) Index data extraction method, device, equipment and storage medium
CN112508745B (en) Document evaluation method and device
CN115982646B (en) Management method and system for multisource test data based on cloud platform
CN117194751B (en) Government electronic data screening method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination