CN111340612B - Account risk identification method and device and electronic equipment - Google Patents
Account risk identification method and device and electronic equipment Download PDFInfo
- Publication number
- CN111340612B CN111340612B CN202010117169.0A CN202010117169A CN111340612B CN 111340612 B CN111340612 B CN 111340612B CN 202010117169 A CN202010117169 A CN 202010117169A CN 111340612 B CN111340612 B CN 111340612B
- Authority
- CN
- China
- Prior art keywords
- graph
- data
- sub
- risk
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/03—Credit; Loans; Processing thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
Landscapes
- Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Finance (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the specification relates to an account risk identification method and device and electronic equipment. The method comprises the following steps: classifying the acquired wind control event data; constructing a corresponding data relation graph for each type of data; calculating by using a corresponding sub-graph discovery algorithm aiming at each type of the data relation graph to obtain a sub-relation graph corresponding to each type of the data relation graph; and respectively calculating each type of the sub-relation graph by adopting a sub-graph clustering algorithm to obtain a risk sub-graph, and taking the risk sub-graph as a risk identification result of the account. According to the embodiment of the specification, the account risk identification method and the account risk identification device can be applied to account risk identification in a multi-application scene.
Description
Technical Field
The embodiment of the specification relates to the technical field of risk control, and more particularly, to an account risk identification method, an account risk identification device, an electronic device, and a computer-readable storage medium.
Background
In the field of risk control, it is important to determine whether a batch of accounts belong to the same group. For example, in marketing activities, the marketing funds can be prevented from being taken by the same person for multiple times through group recognition of accounts, and the marketing funds are guaranteed to effectively reach target users. In batch attack, the group identification of the accounts is integrated to prevent massive registration of the junk accounts and illegal attack, reduce the identification load of the wind control system and ensure the safety of normal accounts. However, in many application scenarios, the risk identification of the account is extremely difficult, and effective account identification cannot be realized. Accordingly, there is a need to improve upon the above-mentioned problems in the prior art.
Disclosure of Invention
It is an object of embodiments of the present specification to provide a new solution for risk identification of an account.
According to a first aspect of embodiments of the present specification, there is provided a method for identifying risk of an account, including:
classifying the acquired wind control event data;
constructing a corresponding data relation graph for each type of data;
calculating by using a corresponding sub-graph discovery algorithm aiming at each type of the data relation graph to obtain a sub-relation graph corresponding to each type of the data relation graph;
and respectively calculating each type of the sub-relation graph by adopting a sub-graph clustering algorithm to obtain a risk sub-graph, and taking the risk sub-graph as a risk identification result of the account.
Optionally, wherein the wind event data comprises: account data, strong media data uniquely identifying user identities, weak media data shared by a plurality of users, transfer relation data and transaction relation data among accounts;
the construction of the corresponding data relation graph aiming at each type of data comprises the following steps:
taking the account data and the strong medium data as nodes, and constructing a strong medium relation graph according to the relation between the account data and the strong medium data;
taking the account data and the various weak medium data as nodes, and constructing a weak medium relation graph according to the relation between the account data and the weak medium data;
taking the account data as nodes, and constructing a transfer relation graph according to transfer relation data among the accounts; and (c) a second step of,
and taking the account data as nodes, and constructing a transaction relationship graph according to the transaction relationship data among the accounts.
Optionally, when the data relationship graph is the strong media relationship graph, the step of obtaining a sub-relationship graph corresponding to each type of the data relationship graph by using a corresponding sub-graph discovery algorithm includes:
and calculating the strong medium relational graph by adopting a connected graph algorithm to obtain a node set of the connected graph as a sub-relational graph of the strong medium relational graph.
Optionally, when the data relationship diagram is the weak medium relationship diagram, the step of obtaining a sub-relationship diagram corresponding to each type of the data relationship diagram by using a corresponding sub-diagram discovery algorithm includes:
converting the weak media relationship graph into an account and an account weight graph;
and calculating the account and the account weight graph by adopting a community discovery algorithm to obtain a dense subgraph which is used as a sub-relation graph of the weak medium relation graph.
Optionally, when the data relationship diagram is the transfer relationship diagram, the step of obtaining a sub-relationship diagram corresponding to each type of the data relationship diagram by performing calculation using a corresponding sub-graph discovery algorithm includes:
and calculating the transfer relation diagram by adopting a K-core algorithm to obtain a sub-relation diagram of the transfer relation diagram.
Optionally, when the data relationship diagram is the transaction relationship diagram, the step of obtaining a sub-relationship diagram corresponding to each type of the data relationship diagram by using a corresponding sub-diagram discovery algorithm includes:
and calculating the transaction relation graph by adopting a double-K-kernel algorithm to obtain a sub-relation graph of the transaction relation graph.
Optionally, the step of calculating each type of the sub-relationship graph by using a subgraph clustering algorithm to obtain a risk subgraph, and using the risk subgraph as a risk identification result of the account includes:
calculating each type of the sub-relation graph by adopting an isolated forest algorithm, and identifying the risk sub-graph which is obviously different from other sub-relation graphs, or identifying the sub-relation graph containing an account with definite risk as the risk sub-graph;
and taking the risk subgraph as a risk identification result of the account.
Optionally, after the step of constructing the corresponding data relationship diagram, the method further includes:
and executing validity processing and hot spot elimination processing on the nodes in each data relation graph.
Optionally, after the step of obtaining a risk sub-graph and using the risk sub-graph as a risk identification result of the account, the method further includes:
carrying out normalization processing on the nodes of each risk subgraph;
and establishing a relationship graph of the user and the risk subgraph based on the relationship between the user and the risk subgraph.
Optionally, after the step of establishing a relationship graph between the user and the risk sub-graph based on the relationship between the user and the risk sub-graph, the method further includes:
calculating the similarity probability between the users with definite risks and the users without definite risks;
calculating the similarity probability of the user without definite risk based on the similarity probability and the weight value given to the node;
carrying out percentile smoothing calculation after summing the similarity probabilities of the users without definite risks to obtain the relative risk degree of the users without definite risks;
and determining the user with high risk according to the comparison result of the relative risk degree and a preset threshold value.
Optionally, after the step of establishing a relationship graph between the user and the risk sub-graph based on the relationship between the user and the risk sub-graph, the method further includes:
converting the user and risk sub-graph relationship graph into a user and user relationship graph;
setting high importance for users without missing labels partially, and calculating a group formed by nodes by adopting a label propagation algorithm;
and calculating the group score, and endowing the group score to each node in the group to obtain the identification result of the user group.
According to a second aspect of embodiments of the present specification, there is provided an account risk identification method apparatus, including:
the classification module is used for classifying the acquired wind control event data;
the construction module is used for constructing a corresponding data relation graph aiming at each type of data;
the calculation module is used for calculating by using a corresponding sub-graph discovery algorithm aiming at each type of the data relation graph to obtain a sub-relation graph corresponding to each type of the data relation graph;
and the recognition module is used for calculating each type of the sub-relation graph by adopting a sub-graph clustering algorithm to obtain a risk sub-graph, and taking the risk sub-graph as a risk recognition result of the account.
According to a third aspect of the embodiments of the present specification, there is provided an electronic device including the method and apparatus for identifying risk of an account according to the second aspect of the embodiments of the present specification, or the electronic device includes:
a memory for storing executable commands;
a processor, configured to execute the method for identifying risk of an account according to any one of the first aspect of the embodiments of the present specification under the control of the executable command.
According to a fourth aspect of the embodiments of the present specification, there is further provided a computer-readable storage medium storing executable instructions, which when executed by a processor, perform the method for identifying risk of an account according to the first aspect of the embodiments of the present specification.
One beneficial effect of the embodiments of the present specification is that the method of the present embodiment classifies the acquired wind control event data; constructing a corresponding data relation graph for each type of data; calculating by using a corresponding sub-graph discovery algorithm aiming at each type of the data relation graph to obtain a sub-relation graph corresponding to each type of the data relation graph; and respectively calculating each type of the sub-relation graph by adopting a sub-graph clustering algorithm to obtain a risk sub-graph, and taking the risk sub-graph as a risk identification result of the account. According to the embodiment of the specification, multiple risk sub-graph recognition models are integrated, the defect of insufficient model scene coverage caused by data or variable loss can be reduced, and the method and the device can be suitable for account risk recognition in multiple application scenes.
Other features of embodiments of the present specification and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description, serve to explain the principles of the embodiments of the specification.
FIG. 1 is a schematic diagram of a risk identification method for an account according to an embodiment of the present disclosure;
fig. 2 is a block diagram showing a hardware configuration of a server 1000 that can implement an embodiment of the present invention;
FIG. 3 is a flow diagram of a method of risk identification of an account according to an embodiment of the present description;
FIG. 4 is a functional block diagram of a risk identification device of an account according to an embodiment of the present description;
FIG. 5 illustrates a functional block diagram of an electronic device in accordance with an embodiment of the present description.
Detailed Description
Various exemplary embodiments of the present specification will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the embodiments of the present specification unless specifically stated otherwise.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the embodiments, their application, or uses.
Techniques, methods and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
< hardware configuration >
Fig. 1 is a schematic diagram of an account risk identification method according to an embodiment of the present disclosure. As shown in fig. 1, in the present embodiment, in order to reduce the defect of insufficient coverage of the model scene due to data or variable loss, multiple risk sub-graph recognition models are integrated.
For example, as shown in fig. 1, the risk identification scheme of the account of the present embodiment is implemented by four components: a composition component, an unsupervised subgraph discovery component, a risk subgraph recognition component, and a user-risk subgraph recommendation component.
Specifically, the composition component can construct a strong media account relationship diagram, a weak media account relationship diagram, an account transfer relationship diagram and an account transaction relationship diagram according to different underlying composition data of the existing group partner identification algorithm. It should be noted that after new data is introduced, only newly added sub-graphs need to be mixed into the existing user and risk sub-graph compositions, and existing codes do not need to be changed, so that the expandability of the risk identification model is increased.
The unsupervised subgraph discovery component can identify subgraphs with aggregations in an unsupervised or semi-supervised manner for different compositions. And combining the existing experience, and adopting different subgraph discovery algorithms aiming at different compositions. As shown in fig. 1, a connectivity graph discovery algorithm is adopted for the strong media account relationship graph, a community discovery algorithm is adopted for the weak media account relationship graph, a K core (K core) algorithm is adopted for the account transfer relationship graph, and a double K core algorithm is adopted for the account transaction relationship graph.
A risk subgraph identification component is used to identify which subgraphs are abnormal or at risk.
The user-risk sub-graph recommendation component is used for reducing model decline caused by variable loss by generating a mode of integrating more risk sub-graphs, using the link relation of various risk sub-graphs through a recommendation mode, finally calculating account sequencing highly similar to the existing risk accounts, and calculating user risk scores and user groups with higher dimensionality.
Fig. 2 is a block diagram showing a hardware configuration of a server 1000 that can implement an embodiment of the present invention.
Server 1000 may be, for example, a blade server or the like.
In one example, server 1000 may be a computer.
In another example, the server 1000 may be as shown in fig. 2, including a processor 1100, a memory 1200, an interface device 1300, a communication device 1400, a display device 1500, an input device 1600. Although the server may also include speakers, microphones, etc., these components are not relevant to the present invention and are omitted here.
The processor 1100 may be, for example, a central processing unit CPU, a microprocessor MCU, or the like. The memory 1200 includes, for example, a ROM (read only memory), a RAM (random access memory), a nonvolatile memory such as a hard disk, and the like. The interface device 1300 includes, for example, a USB interface, a serial interface, and the like. Communication device 1400 is capable of wired or wireless communication, for example. The display device 1500 is, for example, a liquid crystal display panel. The input device 1600 may include, for example, a touch screen, a keyboard, and the like.
In this embodiment, the server 1000 is configured to classify the acquired wind control event data; constructing a corresponding data relation graph for each type of data; calculating by using a corresponding sub-graph discovery algorithm aiming at each type of the data relation graph to obtain a sub-relation graph corresponding to each type of the data relation graph; and respectively calculating each type of the sub-relation graph by adopting a sub-graph clustering algorithm to obtain a risk sub-graph, and taking the risk sub-graph as a risk identification result of the account.
The servers shown in fig. 2 are merely illustrative and are in no way meant to limit the invention, its applications, or uses. In an embodiment of the present invention, the memory 1200 of the server 1000 is used for storing instructions for controlling the processor 1100 to operate so as to execute the risk identification method for any account provided by the embodiment of the present invention.
It should be understood by those skilled in the art that although a plurality of devices are shown for the server 1000 in fig. 2, the present invention may only relate to some of the devices, for example, only the processor 1100 and the storage device 1200 of the server 1000. The skilled person can design the instructions according to the disclosed solution. How the instructions control the operation of the processor is well known in the art and will not be described in detail herein.
< method examples >
The present embodiment provides a risk identification method for an account, which may be performed by the server 1000 as shown in fig. 2, for example.
As shown in fig. 3, the method includes the following steps 2000 to 2600:
and step 2000, classifying the acquired wind control event data.
Wherein the wind event data comprises: the system comprises account data, strong medium data for uniquely identifying user identities, weak medium data shared by a plurality of users, transfer relation data and transaction relation data among accounts.
Specifically, the account data refers to an account number, such as a bank card number, a credit card number, a financial account number, and the like. The strong media data may be, for example, a user's mobile phone number, business license, bank card, device number, certificate number, etc. The weak media data is, for example, a mobile phone model, an operating system, an IP address, a WiFi address, etc. The transfer relationship data and transaction relationship data are, for example, funds data for transfers between accounts and accounts, between accounts and merchants.
In this embodiment, the server 1000 may specifically classify the acquired wind control event data according to the underlying composition data of the existing group recognition algorithm.
Optionally, for the strong media data, the server 1000 may use the account data and the strong media data as nodes, and construct a strong media relationship diagram according to a relationship between the account data and the strong media data.
Specifically, the strong media relationship diagram refers to a relationship formed by an account and corresponding strong media data in a wind control event, such as a relationship formed by the account and a Unique Material Identifier (UMID) in a payment event, and a relationship formed by the account and a WiFi address. The nodes can be accounts or various strong media data, different strong media data represent different nodes, and if the accounts and the strong media data appear in the same wind control event, the accounts and the strong media event form a connecting edge to finally form a strong media relation graph.
Optionally, for the weak media data, the server 1000 may use the account data and a plurality of types of the weak media data as nodes, and construct a weak media relationship graph according to a relationship between the account data and the weak media data.
Specifically, the weak media data generally includes other media besides the strong media data, such as a manufacturer of the mobile phone, a model of an operating system of the mobile phone, a city district street of a collection address of the user, a type of a commodity purchased by the user, a money amount grouping (e.g., 10 yuan, 100 yuan, etc.) of the commodity purchased by the user, and the like. When account data and weak medium data appear in the wind control event, the weak medium data is not singly used as a node but is a combination form of a plurality of weak medium data (general > =3 weak mediums), for example, (XX brand mobile phone + Hangzhou city west lake region ancient green street + wine buying) is regarded as a weak medium node. When account data and all related weak media in the weak media node data occur in one wind control event, a connecting edge exists between the account data and the weak media node, and a weak media relation graph is finally formed.
Optionally, for the transfer relationship data, the server 1000 may use the account data as a node, and construct a transfer relationship diagram according to the transfer relationship data between the accounts. For the transaction relationship data, the server 1000 may use the account data as a node, and construct a transaction relationship graph according to the transaction relationship data between the accounts.
Further, in order to reduce the complexity of algorithm calculation and storage overhead, after the corresponding data relationship graph is constructed, the server 1000 may further perform validity processing of nodes and hot spot elimination processing on the nodes in each data relationship graph.
Specifically, the validity processing of the node refers to eliminating invalid media with wrong data formats, and since data with wrong formats, such as an identification number less than 18 bits, may be obtained in the data acquisition process, it is necessary to eliminate these invalid media and retain data with correct data formats.
The hot spot refers to a node which has a large number of nodes connected with the node after the composition, for example, more than 1000 nodes, and this situation generally occurs in a public medium, such as an IP address, an MAC address or a public mobile phone number in a public place, and the node is generally considered to have no risk. Such hot spots are typically excluded to reduce the complexity of unsupervised graph algorithms.
For example, hundreds of thousands or millions of people may be connected to the IP address of "beijing subway". For another example, if a merchant receives more than 1000 accounts, it means that the merchant is a large merchant, and the probability of various cheating and fraud risks is very low.
And 2400, calculating by using a corresponding sub-graph discovery algorithm for each type of the data relation graph to obtain a sub-relation graph corresponding to each type of the data relation graph.
In this step, the server 1000 mainly identifies subgraphs with aggregations in an unsupervised or semi-supervised manner for various data relationship graphs.
Specifically, when the data relationship diagram is the strong media relationship diagram, the server 1000 may calculate the strong media relationship diagram by using a connected graph algorithm to obtain a node set of the connected graph, which is used as a sub-relationship diagram of the strong media relationship diagram.
In a connectivity graph algorithm, nodes having a path between any pair of nodes are typically identified in a set that constitutes a set of nodes of a connectivity graph. The set of nodes contains accounts and strong media. In practical application, the node set can be used to obtain a corresponding connected graph in the original graph as required.
Specifically, when the data relationship diagram is the weak media relationship diagram, the server 1000 may convert the weak media relationship diagram into an account and an account weight diagram; and calculating the account and the account weight graph by adopting a community discovery (Louvain) algorithm to obtain a dense subgraph which is used as a sub-relational graph of the weak medium relational graph.
When the server 1000 converts the weak media relationship graph into the account and account weight graph, specifically, if at least one identical weak media node exists between two accounts, an edge is established between the accounts, and a formula is used
The weight of the edge is calculated.
Wherein the numerator represents the number of weak media shared between node u and node v. The more media connected, the larger the score, the denominator representing the weighting of the media, the more weak media connected accounts, the larger the denominator, the smaller the score. After the account and the account weight graph are formed, the dense subgraph is calculated by using the Louvan algorithm, and the application of the Louvian algorithm can refer to the description in the prior art and is not described herein again.
It should be noted that, because a large number of transfers and transactions are haphazardly performed in the transfer and transaction relationships, if the amount of money involved is small, such transfers of funds do not contribute to the overall wind control identification, and on the other hand, such nodes occupy most of the nodes in the network, and the elimination of these nodes and edges can effectively reduce the algorithm calculation and storage overhead.
Specifically, when the data relationship diagram is the transfer relationship diagram, the server 1000 calculates the transfer relationship diagram by using a K core (K core) algorithm to obtain a sub-relationship diagram of the transfer relationship diagram.
For example, when the hyper-parameter k core is set, pruning is started from the node with the degree of 1 until there is no node with the degree of 1 in the graph. All pruned nodes k core =1. The nodes k core >1 in the remaining graph. And starting pruning for the node with the degree of 2 until the node with the degree of 2 is not available in the graph. All pruned nodes k core =2. The nodes k core >2 in the remaining graph. Recursion is performed until all k-cores in the graph are larger than a given hyperparameter.
Specifically, when the data relationship diagram is the transaction relationship diagram, the server 1000 calculates the transaction relationship diagram by using a double-K core algorithm to obtain a sub-relationship diagram of the transaction relationship diagram.
In this step, different hyper-parameter K core is set for the account and the merchant based on the original K core. For example, the account is set to k core =1, and the merchant is set to k core =2. Firstly, pruning is started for all accounts and merchants with the degree of 1, and then secondary pruning is carried out for merchants with the degree of 2. Recursion is performed until all k-cores in the graph are larger than a given hyperparameter.
And 2600, adopting a subgraph clustering algorithm to calculate each type of the sub-relation graph respectively to obtain a risk subgraph, and taking the risk subgraph as a risk identification result of the account.
In this step, the server 1000 is specifically configured to identify which sub-relationship graphs are abnormal or risky. Specifically, the server 1000 may use an isolated Forest (Isolation Forest) algorithm to calculate each type of the sub-relationship graph, identify the risk sub-graph that is clearly different from other sub-relationship graphs, or identify the sub-relationship graph containing an account with a definite risk as the risk sub-graph; and taking the risk subgraph as a risk identification result of the account.
When the server 1000 adopts Isolation Forest algorithm for calculation, a part of variables with obvious business meanings, such as transaction behaviors of money amount, frequency and the like of transactions, and operation behaviors of equipment change, password change times and the like, are given through business experience, and the sub-relational graphs are identified to be obviously different from other sub-relational graphs; or according to the clear risky account provided by the service, counting the proportion of the recognized risky account in the sub-relation graph, and reserving the sub-graph with the risky account as the risk recognition result of the account.
Further, after obtaining the risk identification result of the account, the server 1000 may determine which groups have higher risk through the relationship between the user and the risk sub-graph.
Specifically, the server 1000 may perform normalization processing on the nodes of each risk sub-graph. And each risk sub-graph is respectively normalized according to the abnormal score or the proportion of the risk account, and the normalization aims to enable the abnormal score to be compared with the proportion of the risk account. Where the anomaly score may be calculated using an unsupervised anomaly recognition algorithm such as an isolated forest.
In one example, the normalization scheme may employ a gaussian-based normalization scheme that translates the anomaly score or risk account ratio into a weight for another node by fitting a gaussian.
After normalizing the nodes of each risk sub-graph, the server 1000 establishes a relationship graph between a user and the risk sub-graph based on the relationship between the user and the risk sub-graph. Specifically, when a user is in a certain risk sub-graph, a connecting edge exists between the user and the risk sub-graph. And the weight of the risk sub-graph represents the risk degree of the risk sub-graph.
In one possible implementation, the server 1000 may determine the likelihood of similarity between a user at an express risk and a user at no express risk by calculating a probability of similarity between users at express risk and users at express risk; calculating the similarity probability of the user without definite risk based on the similarity probability and the weight value given to the node; carrying out percentile smooth calculation after summing the similarity probabilities of the users without definite risks to obtain the relative risk degree of the users without definite risks; and determining the user with high risk according to the comparison result of the relative risk degree and a preset threshold value.
In this example, the similarity probability between users with definite risk and users without definite risk can be calculated by rewriting the indexes of AA in the SWING algorithm and increasing the node weight. And finally, carrying out percentile smoothing after summing the similarity probabilities of the users without definite risks, and calculating the relative risk degree of the users without definite risks. In practical application, the preset threshold value can be set in a policy sampling inspection mode, and users with high risks are given.
Wherein, the user who defines the risk generally comes from the output result of other strategies or models, and the node weight can be increased by adopting weak supervision learning or directly using the risk score of the model as the node weight. The similarity probability of the user without clear risk may be calculated by, for example, multiplying the similarity probability by the weight value of the node, or may be calculated by another formula without directly adopting the multiplication, and is not particularly limited herein.
It should be noted that this example is applied to a bottom line risk identification scenario with a relatively malignant risk, such as a risk identification scenario involving yellow, political, and terrorism.
In another possible implementation, the server 1000 may convert the user and risk sub-graph relationship graph into a user and user relationship graph; setting high importance for users without partial missing labels, and calculating a group formed by nodes by adopting a Label Propagation Algorithm (LPA); and calculating the group score, and endowing the group score to each node in the group to obtain the identification result of the user group.
When the server 1000 converts the user and risk sub-graph relationship graph into the user and user relationship graph, if the user and the user are in two or more identical risk sub-graphs, a connecting edge exists between the two users, the sum of the risk degrees of the risk sub-graphs represents the weight of the edge, and the weighted average calculation is performed on the edges with the same node pairs.
It should be noted that this example is more applicable to risk identification scenarios with relatively non-malignant risks, such as a list-swiping and appearance-type risk identification scenario.
The method of the present embodiment has been described above with reference to the accompanying drawings. The server classifies the acquired wind control event data; constructing a corresponding data relation graph for each type of data; calculating by using a corresponding sub-graph discovery algorithm aiming at each type of the data relation graph to obtain a sub-relation graph corresponding to each type of the data relation graph; and respectively calculating each type of the sub-relation graph by adopting a sub-graph clustering algorithm to obtain a risk sub-graph, and taking the risk sub-graph as a risk identification result of the account. According to the embodiment of the specification, multiple risk sub-graph recognition models are integrated, the defect of insufficient model scene coverage caused by data or variable loss can be reduced, and the method and the device can be suitable for account risk recognition in multiple application scenes. And based on the establishment of the user and the risk sub-graph relation graph, a higher-dimensional user risk score and a user group can be calculated.
< apparatus embodiment >
The present embodiment provides an account risk identification apparatus, for example, the account risk identification apparatus 4000 shown in fig. 4, where the account risk identification apparatus 4000 may include a classification module 4100, a construction module 4200, a calculation module 4300, and an identification module 4400.
The classification module 4100 is configured to classify the acquired wind control event data.
A building module 4200, configured to build a corresponding data relationship graph for each type of data.
The calculating module 4300 is configured to perform calculation using a corresponding sub-graph discovery algorithm for each type of the data relationship graph to obtain a sub-relationship graph corresponding to each type of the data relationship graph.
The identifying module 4400 is configured to calculate each type of the sub-relationship graph by using a sub-graph clustering algorithm to obtain a risk sub-graph, and use the risk sub-graph as a risk identification result of the account.
Wherein the wind event data comprises: the system comprises account data, strong medium data for uniquely identifying user identities, weak medium data shared by a plurality of users, transfer relation data and transaction relation data among accounts.
Specifically, the building module 4200 is specifically configured to: taking the account data and the strong media data as nodes, and constructing a strong media relational graph according to the relationship between the account data and the strong media data; taking the account data and various weak medium data as nodes, and constructing a weak medium relation graph according to the relation between the account data and the weak medium data; taking the account data as nodes, and constructing a transfer relation graph according to the transfer relation data among the accounts; and taking the account data as nodes, and constructing a transaction relationship graph according to the transaction relationship data among the accounts.
In an example, when the data relationship diagram is the strong media relationship diagram, the calculation module 4300 is specifically configured to calculate the strong media relationship diagram by using a connected graph algorithm to obtain a node set of the connected graph as a sub-relationship diagram of the strong media relationship diagram.
In one example, when the data relationship diagram is the weak media relationship diagram, the calculation module 4300 is specifically configured to convert the weak media relationship diagram into an account and an account weight diagram; and calculating the account and the account weight graph by adopting a community discovery algorithm to obtain a dense subgraph which is used as a sub-relationship graph of the weak medium relationship graph.
In an example, when the data relationship diagram is the transfer relationship diagram, the calculation module 4300 is specifically configured to calculate the transfer relationship diagram by using a K-kernel algorithm to obtain a sub-relationship diagram of the transfer relationship diagram.
In an example, when the data relationship diagram is the transaction relationship diagram, the calculation module 4300 is specifically configured to calculate the transaction relationship diagram by using a double-K-kernel algorithm to obtain a sub-relationship diagram of the transaction relationship diagram.
Specifically, the identifying module 4400 may be configured to calculate each type of the sub-relationship graph by using an isolated forest algorithm, identify the risk sub-graph that is obviously different from other sub-relationship graphs, or identify the sub-relationship graph including an account with an explicit risk as the risk sub-graph; and taking the risk subgraph as a risk identification result of the account.
Further, the building module 4200 can be further configured to perform a node validation process and a hot spot elimination process on each node in the data relationship graph.
Further, the identification module 4400 may be further configured to perform normalization processing on the node of each risk sub-graph; and establishing a relationship graph of the user and the risk subgraph based on the relationship between the user and the risk subgraph.
Optionally, the identification module 4400 may be further configured to calculate a similarity probability between a user with an explicit risk and a user without an explicit risk; calculating the similarity probability of the user without definite risk based on the similarity probability and the weight value given to the node; carrying out percentile smoothing calculation after summing the similarity probabilities of the users without definite risks to obtain the relative risk degree of the users without definite risks; and determining the user with high risk according to the comparison result of the relative risk degree and a preset threshold value.
Optionally, the recognition module 4400 may be further configured to convert the user and risk sub-graph relationship graph into a user and user relationship graph; setting high importance for part of users without missing labels, and calculating a group formed by nodes by adopting a label propagation algorithm; and calculating the group score, and endowing the group score to each node in the group to obtain the identification result of the user group.
The device for identifying a risk of an account according to this embodiment may be used to implement the technical solutions of the method embodiments, and the implementation principle and technical effects are similar, which are not described herein again.
< apparatus embodiment >
In this embodiment, an electronic device is also provided, and the electronic device includes an account risk identification apparatus 4000 described in the apparatus embodiment of this specification; alternatively, the electronic device is the electronic device 5000 shown in fig. 5, and includes:
a memory 5100 for storing executable commands.
The processor 5200 is configured to execute the method described in any of the method embodiments of the present specification under the control of executable commands stored in the memory 5100.
The implementation subject in the electronic device according to the executed method embodiment may be a server or a terminal device.
< computer-readable storage Medium embodiment >
The present embodiments provide a computer-readable storage medium having stored therein an executable command that, when executed by a processor, performs a method described in any of the method embodiments of the present specification.
Embodiments of the present description may be systems, methods, and/or computer program products. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for causing a processor to implement aspects of embodiments of the specification.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as a punch card or an in-groove protruding structure with instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device over a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations for embodiments of the present description may be assembly instructions, instruction Set Architecture (ISA) instructions, machine related instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, an electronic circuit, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA), can execute computer-readable program instructions to implement various aspects of embodiments of the present specification by utilizing state information of the computer-readable program instructions to personalize the electronic circuit.
Aspects of embodiments of the present specification are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the specification. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present description. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. It is well known to those skilled in the art that implementation by hardware, implementation by software, and implementation by a combination of software and hardware are equivalent.
The foregoing description of the embodiments of the present specification has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the market, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein. The scope of embodiments of the present description is defined by the appended claims.
Claims (12)
1. A method of risk identification of an account, comprising:
classifying the acquired wind control event data;
constructing a corresponding data relation graph for each type of data;
calculating by using a corresponding sub-graph discovery algorithm aiming at each type of the data relation graph to obtain a sub-relation graph corresponding to each type of the data relation graph;
calculating each type of the sub-relation graph by adopting a sub-graph clustering algorithm to obtain a risk sub-graph, and taking the risk sub-graph as a risk identification result of an account;
carrying out normalization processing on the nodes of each risk subgraph;
establishing a relationship graph between the user and the risk subgraph based on the relationship between the user and the risk subgraph;
converting the user and risk sub-graph relationship graph into a user and user relationship graph;
setting high importance for users without missing labels partially, and calculating a group formed by nodes by adopting a label propagation algorithm;
and calculating a group score, and endowing the group score to each node in the group to obtain an identification result of the user group.
2. The method of claim 1, wherein the wind event data comprises: account data, strong medium data uniquely identifying user identity, weak medium data shared by a plurality of users, transfer relation data and transaction relation data among accounts;
the method for constructing the corresponding data relation graph aiming at each type of data comprises the following steps:
taking the account data and the strong medium data as nodes, and constructing a strong medium relation graph according to the relation between the account data and the strong medium data;
taking the account data and the various weak medium data as nodes, and constructing a weak medium relation graph according to the relation between the account data and the weak medium data;
taking the account data as nodes, and constructing a transfer relation graph according to transfer relation data among the accounts; and (c) a second step of,
and taking the account data as nodes, and constructing a transaction relationship graph according to the transaction relationship data among the accounts.
3. The method according to claim 2, wherein when the data relationship graph is the strong media relationship graph, the step of obtaining the sub-relationship graph corresponding to each type of the data relationship graph by performing the calculation using the corresponding sub-graph discovery algorithm includes:
and calculating the strong medium relational graph by adopting a connected graph algorithm to obtain a node set of the connected graph as a sub-relational graph of the strong medium relational graph.
4. The method according to claim 2, wherein when the data relationship graph is the weak media relationship graph, the step of obtaining the sub-relationship graph corresponding to each type of the data relationship graph by performing the calculation using the corresponding sub-graph discovery algorithm includes:
converting the weak media relationship graph into an account and an account weight graph;
and calculating the account and the account weight graph by adopting a community discovery algorithm to obtain a dense subgraph which is used as a sub-relation graph of the weak medium relation graph.
5. The method of claim 2, wherein when the data relationship graph is the transfer relationship graph, the step of calculating by using a corresponding subgraph discovery algorithm to obtain a sub-relationship graph corresponding to each type of the data relationship graph comprises:
and calculating the transfer relation diagram by adopting a K-core algorithm to obtain a sub-relation diagram of the transfer relation diagram.
6. The method according to claim 2, wherein when the data relationship graph is the transaction relationship graph, the step of obtaining the sub-relationship graph corresponding to each type of the data relationship graph by performing the calculation using the corresponding sub-graph discovery algorithm includes:
and calculating the transaction relation graph by adopting a double-K-kernel algorithm to obtain a sub-relation graph of the transaction relation graph.
7. The method of claim 1, wherein the step of calculating each type of the sub-relationship graph by using a subgraph clustering algorithm to obtain a risk subgraph, and using the risk subgraph as a risk identification result of the account comprises:
calculating each type of the sub-relation graph by adopting an isolated forest algorithm, and identifying the risk sub-graph which is obviously different from other sub-relation graphs, or identifying the sub-relation graph containing an account with definite risk as the risk sub-graph;
and taking the risk subgraph as a risk identification result of the account.
8. The method of claim 1, wherein after the step of constructing the corresponding data relationship graph, the method further comprises:
and executing the validity processing of the nodes and the hot spot elimination processing on the nodes in each data relation graph.
9. The method of claim 1, wherein after the step of building a user and risk sub-graph relationship graph based on the relationship of the user to the risk sub-graph, the method further comprises:
calculating the similarity probability between the users with definite risks and the users without definite risks;
calculating the similarity probability of the user without definite risk based on the similarity probability and the weight value given to the node;
carrying out percentile smooth calculation after summing the similarity probabilities of the users without definite risks to obtain the relative risk degree of the users without definite risks;
and determining the user with high risk according to the comparison result of the relative risk degree and a preset threshold value.
10. An account risk identification device, comprising:
the classification module is used for classifying the acquired wind control event data;
the construction module is used for constructing a corresponding data relation graph aiming at each type of data;
the calculation module is used for calculating by using a corresponding sub-graph discovery algorithm aiming at each type of the data relation graph to obtain a sub-relation graph corresponding to each type of the data relation graph;
the recognition module is used for calculating each type of the sub-relation graph by adopting a sub-graph clustering algorithm to obtain a risk sub-graph, and taking the risk sub-graph as a risk recognition result of the account;
the identification module can also be used for carrying out normalization processing on the nodes of each risk subgraph; establishing a relationship graph between the user and the risk subgraph based on the relationship between the user and the risk subgraph;
the recognition module can be also used for converting the user and risk sub-graph relationship graph into a user and user relationship graph; setting high importance for users without missing labels partially, and calculating a group formed by nodes by adopting a label propagation algorithm; and calculating a group score, and endowing the group score to each node in the group to obtain an identification result of the user group.
11. An electronic device comprising the risk identification means of an account of claim 10, or comprising:
a memory for storing executable commands;
a processor for performing the method of risk identification of an account of any of claims 1-9 under the control of the executable command.
12. A computer-readable storage medium storing executable instructions that, when executed by a processor, perform the method of risk identification of an account of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010117169.0A CN111340612B (en) | 2020-02-25 | 2020-02-25 | Account risk identification method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010117169.0A CN111340612B (en) | 2020-02-25 | 2020-02-25 | Account risk identification method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111340612A CN111340612A (en) | 2020-06-26 |
| CN111340612B true CN111340612B (en) | 2022-12-06 |
Family
ID=71186308
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010117169.0A Active CN111340612B (en) | 2020-02-25 | 2020-02-25 | Account risk identification method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111340612B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111523831B (en) * | 2020-07-03 | 2020-11-03 | 支付宝(杭州)信息技术有限公司 | Risk group identification method and device, storage medium and computer equipment |
| CN111984698B (en) * | 2020-08-07 | 2021-03-19 | 北京芯盾时代科技有限公司 | Information prediction method, device and storage medium |
| CN112381544B (en) * | 2020-11-16 | 2022-09-02 | 支付宝(杭州)信息技术有限公司 | Subgraph determination method and device and electronic equipment |
| CN113033966A (en) * | 2021-03-03 | 2021-06-25 | 携程旅游信息技术(上海)有限公司 | Risk target identification method and device, electronic equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109063966A (en) * | 2018-07-03 | 2018-12-21 | 阿里巴巴集团控股有限公司 | The recognition methods of adventure account and device |
| CN109347787A (en) * | 2018-08-15 | 2019-02-15 | 阿里巴巴集团控股有限公司 | A kind of recognition methods of identity information and device |
| CN109460930A (en) * | 2018-11-15 | 2019-03-12 | 武汉斗鱼网络科技有限公司 | A kind of method and relevant device of determining adventure account |
| CN109784636A (en) * | 2018-12-13 | 2019-05-21 | 中国平安财产保险股份有限公司 | Fraudulent user recognition methods, device, computer equipment and storage medium |
| CN110009174A (en) * | 2018-12-13 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Risk identification model training method, device and server |
| CN110046805A (en) * | 2019-03-29 | 2019-07-23 | 阿里巴巴集团控股有限公司 | Risk subscribers find method and device |
| CN110135853A (en) * | 2019-04-25 | 2019-08-16 | 阿里巴巴集团控股有限公司 | Clique's user identification method, device and equipment |
| CN110278175A (en) * | 2018-03-14 | 2019-09-24 | 阿里巴巴集团控股有限公司 | Graph structure model training, the recognition methods of rubbish account, device and equipment |
| CN110348978A (en) * | 2019-07-19 | 2019-10-18 | 中国工商银行股份有限公司 | The recognition methods of risk clique, device, equipment and the storage medium calculated based on figure |
-
2020
- 2020-02-25 CN CN202010117169.0A patent/CN111340612B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110278175A (en) * | 2018-03-14 | 2019-09-24 | 阿里巴巴集团控股有限公司 | Graph structure model training, the recognition methods of rubbish account, device and equipment |
| CN109063966A (en) * | 2018-07-03 | 2018-12-21 | 阿里巴巴集团控股有限公司 | The recognition methods of adventure account and device |
| CN109347787A (en) * | 2018-08-15 | 2019-02-15 | 阿里巴巴集团控股有限公司 | A kind of recognition methods of identity information and device |
| CN109460930A (en) * | 2018-11-15 | 2019-03-12 | 武汉斗鱼网络科技有限公司 | A kind of method and relevant device of determining adventure account |
| CN109784636A (en) * | 2018-12-13 | 2019-05-21 | 中国平安财产保险股份有限公司 | Fraudulent user recognition methods, device, computer equipment and storage medium |
| CN110009174A (en) * | 2018-12-13 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Risk identification model training method, device and server |
| CN110046805A (en) * | 2019-03-29 | 2019-07-23 | 阿里巴巴集团控股有限公司 | Risk subscribers find method and device |
| CN110135853A (en) * | 2019-04-25 | 2019-08-16 | 阿里巴巴集团控股有限公司 | Clique's user identification method, device and equipment |
| CN110348978A (en) * | 2019-07-19 | 2019-10-18 | 中国工商银行股份有限公司 | The recognition methods of risk clique, device, equipment and the storage medium calculated based on figure |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111340612A (en) | 2020-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111340612B (en) | Account risk identification method and device and electronic equipment | |
| CN110009174B (en) | Risk recognition model training method and device and server | |
| CN109685647B (en) | Credit fraud detection method and training method and device of model thereof, and server | |
| US20220020026A1 (en) | Anti-money laundering methods and systems for predicting suspicious transactions using artifical intelligence | |
| CN109344326B (en) | Social circle mining method and device | |
| TW202011285A (en) | Sample attribute evaluation model training method and apparatus, and server | |
| US11900382B2 (en) | Method and system for detecting fraudulent transactions | |
| WO2021159766A1 (en) | Data identification method and apparatus, and device, and readable storage medium | |
| CN111612038B (en) | Abnormal user detection method and device, storage medium and electronic equipment | |
| CN113360580B (en) | Abnormal event detection method, device, equipment and medium based on knowledge graph | |
| CN112435137B (en) | Cheating information detection method and system based on community mining | |
| CN110310129B (en) | Risk identification method and system thereof | |
| CN111931047B (en) | Artificial intelligence-based black product account detection method and related device | |
| US11687836B2 (en) | System and method for automatic labeling of clusters created by machine learning methods | |
| CN113221104A (en) | User abnormal behavior detection method and user behavior reconstruction model training method | |
| CN114548300B (en) | Method and device for explaining service processing result of service processing model | |
| CN110852761B (en) | Method and device for formulating anti-cheating strategy and electronic equipment | |
| CN113553446B (en) | Financial anti-fraud method and device based on heterograph deconstruction | |
| CN113592517A (en) | Method and device for identifying cheating passenger groups, terminal equipment and computer storage medium | |
| CN113011966A (en) | Credit scoring method and device based on deep learning | |
| CN111245815A (en) | Data processing method, data processing device, storage medium and electronic equipment | |
| US11348115B2 (en) | Method and apparatus for identifying risky vertices | |
| Petrov | Identification of unusual wallets on ethereum platform | |
| Kang | Fraud Detection in Mobile Money Transactions Using Machine Learning | |
| CN111626887A (en) | Social relationship evaluation method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |