CN111428971A

CN111428971A - Service data processing method and device and server

Info

Publication number: CN111428971A
Application number: CN202010147284.2A
Authority: CN
Inventors: 王经宇; 熊涛; 周庆岳
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2020-03-05
Filing date: 2020-03-05
Publication date: 2020-07-17

Abstract

The specification provides a service data processing method, a service data processing device and a server. In one embodiment, the method for processing the service data comprises the steps of firstly obtaining and establishing relation attribute data aiming at target service data according to the target service data and multi-dimensional associated data related to the target service data; and then, determining whether the target service data has risks and the specific risk scene to which the target service data belongs according to the relation attribute data of the target service data by using a preset risk scene knowledge base containing the relation attribute data of various risk scenes. Therefore, the business data with risks in various different risk scenes can be accurately and comprehensively identified.

Description

Service data processing method and device and server

Technical Field

The present specification belongs to the field of internet technologies, and in particular, to a method, an apparatus, and a server for processing service data.

Background

In different network service processing scenarios, there are often many violations implemented by some service data with risks, so as to obtain benefits and damage the benefits of other users.

Therefore, a method for identifying the business data with risks in different risk scenarios more accurately and comprehensively is needed.

Disclosure of Invention

The specification provides a method, a device and a server for processing business data, so that the business data with risks in various different risk scenes can be accurately and comprehensively identified.

The service data processing method, device and server provided by the present specification are implemented as follows:

a method for processing service data comprises the following steps: acquiring target service data and associated data related to the target service data; establishing relation attribute data aiming at the target service data according to the target service data and the associated data; and determining whether the target service data has risks and a risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

A device for processing traffic data, comprising: the acquisition module is used for acquiring target service data and associated data related to the target service data; the establishing module is used for establishing relation attribute data aiming at the target service data according to the target service data and the associated data; the determining module is used for determining whether the target service data has risks and the risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

A server comprising a processor and a memory for storing processor-executable instructions, the instructions when executed by the processor enable target business data to be obtained, and associated data relating to the target business data; establishing relation attribute data aiming at the target service data according to the target service data and the associated data; and determining whether the target service data has risks and a risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

A computer readable storage medium having stored thereon computer instructions which, when executed, enable obtaining target business data, and associated data related to the target business data; establishing relation attribute data aiming at the target service data according to the target service data and the associated data; and determining whether the target service data has risks and a risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

The method, the device and the server for processing the service data provided by the specification are characterized in that relationship attribute data for the target service data are established by firstly acquiring and according to the target service data and multi-dimensional associated data related to the target service data; and then, determining whether the target business data has risks and the specific risk scene to which the target business data belongs according to the relation attribute data of the target business data and the relation characteristics of the target business data by using a preset risk scene knowledge base containing the relation attribute data of various risk scenes. Therefore, the business data with risks in various different risk scenes can be accurately and comprehensively identified.

Drawings

In order to more clearly illustrate the embodiments of the present specification, the drawings needed to be used in the embodiments will be briefly described below, and the drawings in the following description are only some of the embodiments described in the present specification, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without any creative effort.

Fig. 1 is a schematic diagram of an embodiment of a system structure composition to which a method for processing service data provided by an embodiment of the present specification is applied;

fig. 2 is a schematic diagram of an embodiment of a method for processing service data provided by an embodiment of the present specification, in an example scenario;

fig. 3 is a schematic diagram of an embodiment of a method for processing service data provided by an embodiment of the present specification, in an example scenario;

fig. 4 is a flowchart illustrating a method for processing service data according to an embodiment of the present disclosure;

FIG. 5 is a schematic diagram of a server according to an embodiment of the present disclosure;

fig. 6 is a schematic structural component diagram of a service data processing apparatus provided in an embodiment of the present specification.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.

The embodiment of the present specification provides a method for processing service data, which may be specifically applied to a system including a server and a data acquisition device.

In particular, reference may be made to fig. 1. The data collection device may specifically be connected to a plurality of different data channels (or links), for example channel 1, channel 2 … … channel N. Furthermore, the data acquisition device can acquire the associated data related to the target service data from a plurality of different data channels (or links), and transmit the acquired associated data related to the target service data and the target service data to the server. The server may be specifically configured to establish, according to the target service data and the associated data, relationship attribute data for the target service data; and determining whether the target service data has risks and a risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes. Further, after determining that the target service data has a risk, the server can perform corresponding processing on the target service data in a targeted manner according to a specific risk scenario corresponding to the target service data.

In this embodiment, the server may specifically include a server that is applied to a service platform side and is in charge of data processing in a background, and is capable of implementing functions such as data transmission and data processing. Specifically, the server may be, for example, an electronic device having data operation, storage function and network interaction function. Alternatively, the server may be a software program running in the electronic device and providing support for data processing, storage and network interaction. In the present embodiment, the number of servers is not particularly limited. The server may specifically be one server, or may also be several servers, or a server cluster formed by several servers.

In this embodiment, the data acquisition device may specifically include a front-end device or a plug-in program, which is disposed on a network side and can perform functions of data acquisition, data transmission, and the like on the service data and the associated data appearing in the network.

In a specific scenario example, as shown in fig. 2, a monitoring server of a risk monitoring platform of a TB shopping network may apply the service data processing method provided in this specification to monitor transaction data occurring on the TB shopping network, and timely identify and discover transaction data with risks corresponding to different risk scenarios.

In this scenario example, after monitoring the transaction data a appearing on the TB shopping network, the monitoring server may first acquire, through the data acquisition device, a plurality of associated data related to the transaction data a from a plurality of channels or links.

The associated data may be specifically understood as data related to different factors involved in the transaction data a (including, for example, an initiator, a receiver, a data environment, data content, and the like of the transaction data a) acquired through a plurality of different channels and links.

Specifically, the monitoring server may analyze the transaction data a first, and determine that the initiator of the transaction data a is the user a and the receiver of the transaction data a is the user b. Further, the monitoring server may send the transaction data a and the information of the initiator and the receiver determined to be related to the transaction data a to the data acquisition device. Therefore, the data acquisition equipment can acquire and acquire the characteristic data related to the data environment of the initiator and the receiver of the transaction data a as the associated data according to the transaction data a and the information of the initiator and the receiver of the transaction data a.

After the data acquisition device obtains the transaction data a and the information of the initiator and the receiver of the transaction data a, the data acquisition device can acquire associated data through various channels and links, such as a server of the TB shopping network, a media device used by the initiator (for example, a mobile phone used when the initiator initiates the transaction data a), a media device used by the receiver (for example, a notebook computer used when the receiver receives the transaction data a), and a server of a third party associated with or having a cooperative relationship with the TB shopping network.

The server of the third party may be a server of a sub-service application of a TB shopping network. For example, a server of shopping chat software under TB shopping net flags. The third party server may be a server of another website platform independent from the TB shopping network but in a cooperative relationship with the TB shopping network. Such as a server of a PDD shopping network. The third-party server may also be a server of an organization platform supporting data query and sharing. For example, a server supporting a resident credit inquiry platform.

In this scenario example, the data collection device may collect, through the various channels and links, feature data related to the initiator user a and the recipient user b of the transaction data a and the data environment of the transaction data as associated data for the transaction data a.

Specifically, the data collection device can collect feature data related to the initiator user A and feature data related to the receiver user B through a plurality of channels and links.

For example, the data acquisition device can obtain the total transfer records of the user A by inquiring the transfer records of the user A in the TB shopping network and the PDD shopping network. The address list for the first user can be established and obtained by acquiring the friend list of the first user in the shopping chat software.

Meanwhile, the user attribute information which can comprehensively reflect the static attribute characteristics of the user A can be established by inquiring the boarding information data of the user A in a TB shopping network and a PDD shopping network, by using the boarding information data when other organization platforms are registered, and by combining the credit data and the like aiming at the user A and obtained by inquiring a certain platform supporting the credit condition of residents. And further, the address book and the transfer record of the user A and the user attribute information of the user A can be used as feature data related to the initiator user A.

The user attribute information may specifically include: the user's name, the user's identification card information, the user's credit rating, the user's profession, the user's registry information, and the like. Of course, it should be noted that the above listed attribute information of the user is only an exemplary illustration. In specific implementation, the attribute information of the user may further include other types of information data according to specific application scenarios and processing requirements. For example, the user's gender, school calendar, etc. may also be included. The present specification is not limited to these.

In a similar manner, the data acquisition device can also acquire the transfer records and the address book of the user B and the user attribute information of the user B. And further, the transfer record and the address book of the user B and the user attribute information of the user B can be used as characteristic data related to the receiver user B.

In addition, the data acquisition device can acquire characteristic data related to the data environment of the transaction data a through a plurality of channels and links.

For example, the data acquisition device may determine a mobile phone used by the user a when initiating the transaction data a, and obtain a usage record of the mobile phone from the mobile phone. Further, the information of the address of the user A when the user A uses the mobile phone to initiate the transaction data a can be determined by reading the use record of the mobile phone and used as the initiating address of the transaction data a. The network information (such as the IP address of the connected WIFI) and the MAC address of the mobile phone and the like which are used when the user A uses the mobile phone to initiate the transaction data a can be determined as the network characteristics of the transaction data a by reading the use record of the mobile phone. In addition, the data acquisition equipment can also determine other account information used by the user A for logging in the mobile phone by reading the use record of the mobile phone, and the record of face recognition failure and/or fingerprint recognition failure of the user A when using the mobile phone, and the like as the use characteristics of the mobile phone.

Meanwhile, the data acquisition equipment can determine the notebook computer used by the user B when receiving the transaction data a, and acquire the use record of the notebook computer from the notebook computer. Further, the information of the address of the user B when the user B uses the notebook computer to receive the transaction data a can be determined by reading the use record of the notebook computer, and the information is used as the receiving address of the transaction data a. And the network information used by the user B when using the notebook computer, the MAC address of the notebook computer and the like can be determined as the network characteristics of the received transaction data a by reading the use record of the notebook computer. In addition, the data acquisition equipment can also determine other account information used by the user B for logging in the notebook computer by reading the use record of the notebook computer, and the record of password and/or authentication information input failure when the user B uses the notebook computer, and the like as the use characteristics of the mobile phone.

Further, the initiation address of the collected transaction data a, the network characteristics of the initiation transaction data a, the receiving address of the transaction data a, the network characteristics of the received transaction data a, the use characteristics of the mobile phone initiating the transaction data a, the use characteristics of the notebook computer receiving the transaction data a, and the like can be used as the characteristic data related to the data environment of the transaction data a.

Of course, it should be noted that the above listed characteristic data related to the data environment is only an exemplary illustration. In specific implementation, according to a specific application scenario and a processing requirement, other types of related data may also be acquired as the characteristic data related to the data environment.

After the data acquisition equipment acquires the associated data aiming at the transaction data a according to the mode, the associated data of the transaction data a can be sent to the monitoring server in a wired or wireless mode.

The monitoring server can synthesize the associated data of the transaction data a and the transaction data a, and determine the relationship attribute data which can comprehensively reflect the relationship characteristics of the transaction data a on a plurality of dimensions of different types based on a plurality of dimension types.

Specifically, the monitoring server can distinguish and specifically extract the relationship features corresponding to different types of dimensions from the transaction data a and the associated data of the transaction data a in a targeted manner according to the transaction dimensions, the media device dimensions, the behavior dimensions, the social dimensions and the like. Further, according to the relationship characteristics of each type dimension, a source node element (which may be denoted as src), a destination node element (which may be denoted as dst), and an edge attribute element (which may be denoted as edge _ property) in different types of dimensions are determined. Further, a relationship element group capable of describing the relationship characteristics of the corresponding type dimension may be established according to the source node element, the destination node element, and the edge attribute element in each type dimension, and may be written as: [ src, dst, edge _ property ]. Therefore, a plurality of relationship element groups respectively corresponding to different types of dimensions can be obtained, and the relationship element groups are used as relationship attribute data of the transaction data a.

The source node element and the destination node element may be configured to respectively characterize two feature objects associated with each other in the relationship between the corresponding type dimensions, and the edge attribute element may be configured to characterize a relationship attribute between the two feature objects in the relationship between the corresponding type dimensions.

For example, taking the transaction dimension as an example, the payment account of the transaction funds can be determined as a source node element, denoted as src1, the receipt account of the transaction funds can be determined as a destination node element, denoted as dst1, and the transfer route of the transaction funds, for example, by wechat red packet transfer, can be determined as an edge attribute element, denoted as edge _ property1, based on the relationship characteristics of the transaction funds on the transfer route. Further, a relationship element group for the transaction dimension, namely [ src1, dst1, edge _ property1], can be constructed according to the above three elements to characterize the relationship characteristics of the transaction dimension.

For the same type dimension, the relationship characteristic of the type dimension can be described from multiple angles in different ways. Therefore, in order to describe the relationship features of each dimension type more finely, according to specific situations, a plurality of different relationship element groups can be established to represent the relationship features of the same dimension type.

For example, for the above transaction dimension, the usage of the transaction funds related to the transaction data, for example, the purchase of shoes, may also be denoted as edge property2 based on the relationship characteristics of usage of the transaction funds. The identity information of the initiator in the transaction, e.g., the buyer, is determined to be the originating node element, denoted as src 2. The identity information of the recipient in the transaction, e.g., the seller, is determined to be the terminal node element, denoted dst 2. A corresponding set of relationship elements can then be established, the following: [ src2, dst2, edge _ property2 ]. Further, the relationship element group established based on the transaction fund usage characteristics and the relationship element group [ src1, dst1, edge _ property1] established normally based on the transfer route of the transaction fund can be used as the relationship element group corresponding to the transaction dimension together, so that the relationship characteristics in the transaction dimension can be represented more finely and comprehensively. Of course, the above listed ways of establishing the relationship element groups of the corresponding dimension types are only illustrative. In specific implementation, according to specific situations, other suitable manners may be adopted to establish the relationship element groups corresponding to the respective dimension types. The present specification is not limited to these.

In this scenario example, after determining the relationship element groups corresponding to the transaction data a and having different dimensionality types according to the above manner, the monitoring server may further synthesize the relationship element groups having different dimensionality types to obtain relationship attribute data for the transaction data a.

The relationship attribute data specifically includes relationship element groups of multiple dimension types, and the relationship characteristics of the transaction data a can be described from multiple different dimension types through the relationship attribute data.

After the relationship attribute data of the transaction data a is determined, the monitoring server can call a preset risk scene knowledge base, and determine whether the transaction data a has a risk and a risk scene to which the transaction data a belongs by matching the relationship attribute data of the transaction data a with data in the preset risk scene knowledge base.

The preset risk scene knowledge base can be specifically understood as a database which is established in advance through learning and training of relationship features of risk service data of a large number of different risk scenes and contains relationship attribute data of the risk service data respectively corresponding to multiple different risk scenes.

The multiple risk scenarios may specifically include: shopping risk scenarios, loan risk scenarios, financing risk scenarios, and the like. It should be understood that the above listed risk scenarios are only schematic illustrations. In specific implementation, other types of risk scenarios may also be introduced according to specific application scenarios and processing needs. For example, a risk scenario for an illegal activity. The above-mentioned violation may specifically be gambling behavior, fraud behavior, money laundering behavior, etc.

In the example of the present scenario, when the transaction data a is matched with the risk scene, the monitoring server may calculate, according to the preset risk scene knowledge base, a matching degree between the relationship attribute data of the transaction data a and multiple risk scenes in the preset risk scene knowledge base. And then, according to numerical sorting of the matching degrees of the relationship attribute data of the transaction data a and various risk scenes, determining the risk scene corresponding to the highest and highest matching degree in the numerical sorting from big to small as the risk scene to which the transaction data a belongs. And further determining whether the transaction data a has risks in the affiliated risk scene by comparing the lower relation between the matching degree of the transaction data a and the affiliated risk scene and a preset matching degree threshold.

For example, the monitoring server determines that the risk scene corresponding to the matching degree with the largest numerical value and the top ranking is the shopping risk scene according to the above method. Therefore, the risk scenario to which the transaction data a belongs can be determined as a shopping risk scenario. Furthermore, the matching degree between the transaction data a and the shopping risk scene is compared with a preset matching degree threshold value, and the matching degree value between the transaction data a and the shopping risk scene is found to be larger than the preset matching degree threshold value. Therefore, it can be judged that the transaction data a is at risk in the shopping risk scenario. For example, according to the risk characteristics of the shopping risk scenario, it can be determined that the transaction data a may involve risks such as the purchase of counterfeit goods or the quality of purchased goods being unqualified.

And the monitoring server can generate and send warning information to the buyer, namely the initiator user A of the transaction data, in a targeted manner according to the risk characteristics of the shopping risk scene and in combination with the relationship characteristics of the transaction data a, so as to remind the user A that the transaction data a initiated by the initiator user A possibly has risks, and monitor the transaction data a and the receiver user B of the transaction data a in a targeted manner.

Therefore, the risk scene to which the transaction data a belongs and the risk of the transaction data a in the risk scene to which the transaction data a belongs can be identified and determined accurately in time in multiple risk scenes. And moreover, based on the specific risk characteristics of the affiliated risk scene, the appropriate processing strategy can be adopted in a targeted manner to carry out corresponding processing so as to avoid risks or reduce the damage to the interests of the risk users.

In another example scenario, reference may be made to FIG. 3. The monitoring server identifies the affiliated risk scene of each transaction data appearing on the TB shopping network by utilizing the preset risk scene knowledge base, and records and stores the transaction data which do not accurately identify the affiliated risk scene and/or do not identify whether risks exist in the process of judging the existing risks, wherein the transaction data are taken as recalled transaction data, for example, the transaction data which have risks based on newly appeared attack means.

Further, every preset time period (e.g., 2 days, etc.), the monitoring server may obtain the transaction data recalled within the preset time period. And aiming at the batch of recalled transaction data, the monitoring server acquires the associated data of the recalled transaction data through the data acquisition equipment, and controls the data acquisition equipment to acquire the expanded data of the recalled transaction data through expanding a data acquisition channel, a link and/or an expanded data acquisition range.

The expanded data of the recalled transaction data may be specifically understood as data related to the recalled transaction data, which is acquired through an expanded data acquisition channel, a link, and/or an expanded data acquisition range, and is distinguished from the associated data.

For example, in the present scenario example, the data collection device may purchase, for such recalled transaction data, business data associated with the batch of recalled transaction data as extension data in a platform database that cannot be directly used before, at a certain cost. Feature data related to the receiving party, the initiating party and/or the data environment, which is not obtained before, can also be obtained as the extension data through channels and links used when the associated data is obtained before. For example, the monitoring server may generate time as an extension data from the data of the transaction data stored in the database of the TB shopping network. Of course, it should be noted that the above listed expansion data and the manner of obtaining the expansion data are only schematic illustrations. In specific implementation, according to a specific application scenario and a processing requirement, other suitable acquisition modes may be adopted to acquire other types of data as the extension data. The present specification is not limited to these.

And after acquiring the associated data and the expanded data of the recalled transaction data, the data acquisition equipment transmits the associated data and the expanded data of the recalled transaction data to the monitoring server in a wired or wireless mode.

The monitoring server can further perform feature mining on the comprehensive recalled service data, and the associated data and the extended data of the recalled service data. Specifically, the feature extraction sub-network may be used to extract the relationship features of multiple dimension types from the recalled business data, the correlation data of the recalled business data, and the extension data, as the feature mining result. And establishing relation attribute data aiming at the recalled transaction data as updated relation attribute data according to the feature mining result. And then, the preset risk scene knowledge base can be updated by using the updated relational attribute data, so that the preset risk scene knowledge base can learn and master the new risk characteristics in time.

Therefore, transaction data with risks based on the newly appeared attack means can be accurately identified subsequently by using the updated preset risk scene knowledge base, so that judgment of the risk scene and accuracy of risk determination can be improved.

In another scenario, a data processing system of the TB shopping network may train in advance relevant data that can be used to establish corresponding relationship attribute data according to transaction data and transaction data; and determining whether the transaction data has risks and a risk processing model of the risk scene to which the transaction data belongs according to a preset risk scene knowledge base and the relationship attribute data of the transaction data. And provide the risk processing model to a monitoring server.

In this way, after receiving the associated data of the transaction data a fed back by the data acquisition device, the monitoring server may input the transaction data a and the associated data of the transaction data a as a model input into the risk processing model, and operate the risk processing model. When the risk processing model is specifically operated, the relationship attribute data of the transaction data a can be determined according to the transaction data a and the associated data; further, matching the relationship attribute data of the transaction data a by calling a preset risk scene knowledge base, and determining the probability value of the risk of the transaction data a and the risk scene to which the transaction data a belongs as a processing result output model.

The monitoring server can efficiently determine the risk scene to which the transaction data a belongs and whether the transaction data a has risks according to the processing result, and the processing efficiency of the monitoring server is improved.

Referring to fig. 4, an embodiment of the present specification provides a method for processing service data. The method is particularly applied to the server side. In particular implementations, the method may include the following.

S401: and acquiring target service data and associated data related to the target service data.

In some embodiments, the target business data may be specifically understood as a business data to be determined whether a risk exists and/or to be identified as an affiliated risk scenario. Specifically, the target service data may be transaction data, mail data, push information, advertisement data, and the like. Of course, the above listed target service data is only an illustrative illustration. In specific implementation, according to a specific application scenario, data of other types and contents may also be introduced as target service data. The present specification is not limited to these.

In some embodiments, the associated data may be specifically understood as data related to different factors related to the target service data (e.g., an initiator, a receiver, a data environment, data content, etc. of the target service data) acquired through a plurality of different channels and links.

In some embodiments, the server may obtain, according to the target service data, characteristic data related to factors such as an initiator, a receiver, and/or a data environment of the target service data through a plurality of different channels and links in a targeted manner, as associated data of the target service data.

Specifically, the obtaining of the associated data related to the target service data may include the following: determining an initiator and a receiver of the target service data and a data environment of the target service data by analyzing the target service data; characteristic data relating to the originator, recipient, and/or data environment is collected as the associated data in a targeted manner.

In some embodiments, the collecting of the feature data related to the initiator and the receiver may include the following steps: collecting an address book and a transfer record of an initiator and/or user attribute information of the initiator as characteristic data related to the initiator; and collecting an address book and a transfer record of a receiver and/or user attribute information of the receiver as characteristic data related to the receiver.

In some embodiments, the user attribute information may specifically include: the user's name, the user's identification card information, the user's credit rating, the user's profession, the user's registry information, and the like. Of course, it should be noted that the above listed attribute information of the user is only an exemplary illustration. In specific implementation, the attribute information of the user may further include other types of information data according to specific application scenarios and processing requirements. For example, the user's gender, school calendar, etc. may also be included. The present specification is not limited to these.

It should be noted that the above listed feature data related to the initiator and the receiver and the manner of acquiring the feature data related to the initiator and the receiver are only schematic illustrations. In specific implementation, according to a specific application scenario and a processing requirement, other suitable acquisition modes can be acquired and adopted to acquire data of other types and contents as feature data related to an initiator and a receiver. The present specification is not limited to these.

In some embodiments, the collecting of the feature data related to the data environment may include the following steps: determining a first medium device used when an initiator initiates target service data and a second medium device used when a receiver receives the target service data; acquiring a use record of a first media device and a use record of a second media device; determining an initiating address of the target service data, a network characteristic of initiating the target service data, a receiving address of the target service data, a network characteristic of receiving the target service data, a use characteristic of the first media device and a use characteristic of the second media device according to the use record of the first media device and the use record of the second media device; and taking one or more of an initiating address of the target service data, a network characteristic of the initiating target service data, a receiving address of the target service data, a network characteristic of the receiving target service data, a use characteristic of the first media device and a use characteristic of the second media device as the characteristic data related to the data environment.

In some embodiments, the first media device may specifically include a media device that is used by the initiator to log in when initiating the target service data, for example, a device such as a mobile phone and a computer used by the initiator. Similarly, the second media device may specifically include a media device that a receiving party logs in to use when receiving the target service data.

In some embodiments, the network characteristics of the target service data may specifically include network information (for example, an IP address of a connected mobile phone network or WIFI, etc.) used by the initiator to initiate the target service data through the first media device, a MAC address of the first media device, recorded data of a user who fails to identify when using the first media device (for example, a face recognition failure, a login password verification failure, etc.), and the like. Accordingly, the network address for receiving the target service data may specifically include network information used by the receiver to receive the target service data through the second media device, a MAC address of the second media device, recorded data of a user who fails to identify when using the second media device, and the like. Of course, it should be noted that the above listed network characteristics for initiating the target service data and the network characteristics for receiving the target service data are only schematic illustrations. In specific implementation, according to a specific application scenario and a processing requirement, the network characteristics of the initiating target service data and the network characteristics of the receiving target service data may further include other types of data, content, and network-related data. The present specification is not limited to these.

In some embodiments, in implementation, one or more combinations of the obtained feature data related to the initiator, the feature data related to the receiver, and the feature data related to the data environment may be used as the associated data of the target service data.

S403: and establishing relation attribute data aiming at the target service data according to the target service data and the associated data.

In some embodiments, the relationship attribute data may be specifically understood as attribute data capable of more completely describing the relationship characteristics of the target business data based on a plurality of dimensions of different types.

In some embodiments, the above dimension types may specifically include one or more of the following enumerated dimensions: transaction dimensions, media device dimensions, behavior dimensions, and social dimensions, among others. Of course, it should be noted that the above-listed dimensional types are only illustrative. Other suitable dimension types may also be included, as the case may be, in particular implementations. The present specification is not limited to these.

In some embodiments, during specific implementation, a plurality of relationship features corresponding to a plurality of different dimension types can be extracted according to the target service data and the associated data; establishing a plurality of relation element groups corresponding to different dimension types according to the plurality of relation characteristics; and further, the plurality of relation element groups can be used as relation attribute data of the target business data.

In some embodiments, in specific implementation, pre-trained feature extraction sub-networks for a plurality of different dimension types may be used to respectively process the target service data and the associated data to extract a plurality of relationship features corresponding to the different dimension types.

In some embodiments, the relationship attribute data of the target business data may include a plurality of different relationship element groups. One relationship element group may be specifically used to characterize a relationship feature of a corresponding dimension type.

In some embodiments, a relationship element group (e.g., [ src, dst, edge _ property ]) may specifically include three different elements, namely, a source node element (which may be denoted as src), a destination node element (which may be denoted as dst), and an edge attribute element (which may be denoted as edge _ property), and a relationship characteristic of the target service data on the corresponding dimension type may be characterized by a combination of the source node element, the destination node element, and the edge attribute element.

The source node element and the destination node element may be configured to respectively characterize two feature objects associated with each other in the relationship between the corresponding type dimensions, and the edge attribute element may be configured to characterize a relationship attribute between the two feature objects in the relationship between the corresponding type dimensions. It should be added that, according to a specific application scenario, the source node element and the destination node element may be two feature objects related to the target service data, which are not primary or secondary and have the same status with each other.

In some embodiments, the relationship features of a dimension type may be specifically characterized by relationship features derived from different angles by a plurality of different relationship element groups. For example, the relationship features corresponding to the same dimension type can be characterized by the following two different relationship element groups: [ src1, dst1, edge _ property1] and [ src2, dst2, edge _ property2 ].

S405: and determining whether the target service data has risks and a risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

In some embodiments, in specific implementation, the matching degree between the relationship attribute data of the target service data and each risk scenario may be respectively calculated according to a preset risk scenario knowledge base and the relationship attribute data of the target service data; and then determining a risk scene to which the target business data belongs according to the matching degree, and determining whether the target business data has risks in the risk scene to which the target business data belongs.

In some embodiments, in specific implementation, the feature distances between the relationship attribute data of the target service data and the relationship attribute data corresponding to each risk scenario in multiple risk scenarios may be respectively calculated according to a preset risk scenario knowledge base, and then the calculated feature distances may be used as the matching degrees between the relationship attribute data of the target service data and the multiple risk scenarios.

In some embodiments, during specific implementation, a graph embedding method (e.g., node2 veceepwalk) or a path-based measurement method (e.g., a shortest path method) may be further used to determine a matching degree between the relationship attribute data of the target service data and each risk scene in the preset risk scene knowledge base. Of course, the above listed ways of determining the degree of matching are only illustrative. In specific implementation, according to a specific application scenario, the matching degree may also be determined by other suitable methods, for example, a regression classification method. The present specification is not limited to these.

In some embodiments, after the matching degree between the relationship attribute data of the target service data and each risk scene in the preset risk scene knowledge base is determined, the risk scenes with the highest matching degree value corresponding to the relationship attribute data of the target service data and the most advanced ranking may be determined as the risk scenes to which the target service data belongs according to the ranking from the largest value of the matching degree.

Furthermore, the matching degree of the relation attribute data of the target service data and the risk scene to which the relation attribute data belongs can be compared with the value of a preset matching degree threshold. And if the matching degree of the relation attribute data of the target business data and the affiliated risk scene is greater than a preset matching degree threshold value, determining that the target business data has risks in the affiliated risk scene. And if the matching degree of the relation attribute data of the target business data and the affiliated risk scene is less than or equal to a preset matching degree threshold value, determining that no risk exists in the affiliated risk scene of the target business data. The specific value of the preset matching degree threshold can be flexibly set according to the precision requirement. The specification is not limited to a specific value of the preset matching degree threshold.

In some embodiments, if the server determines that the target service data has no risk according to the above method, the server may start to determine whether the next service data has a risk and the risk scenario to which the next service data belongs, without processing the target service data.

If the server determines that the target business data has risks according to the method, the server can generate corresponding warning information and correspondingly process the business data with risks.

Specifically, the server may perform targeted processing by using a processing mode matched with the risk scene to which the target service data with risk belongs according to scene characteristics of the risk scene to which the target service data with risk belongs. For example, warning information for the target business data may be generated, and according to a risk scenario to which the target business data belongs, targeted monitoring processing, prompting processing, or the like may be performed on an initiator and/or a receiver of the target business data.

In this embodiment, relationship attribute data for target service data is established by first acquiring and according to the target service data and multidimensional associated data related to the target service data; and then, determining whether the target business data has risks and the specific risk scene to which the target business data belongs according to the relation attribute data of the target business data and the relation characteristics of the target business data by using a preset risk scene knowledge base containing the relation attribute data of various risk scenes. Therefore, the business data with risks in various different risk scenes can be accurately and comprehensively identified.

In some embodiments, in specific implementation, the training samples can be learned in advance to establish associated data which can realize establishment of corresponding relationship attribute data according to the business data and the business data; and determining whether the business data has risks and a risk processing model of the risk scene to which the business data belongs according to a preset risk scene knowledge base and the relation attribute data of the business data. The risk processing model can be a model obtained based on neural network learning in the treasury.

Therefore, when the target service data is specifically processed, the associated data of the target service data can be obtained; and inputting the target business data and the associated data into the risk processing model as model input, and operating the risk processing model. When the risk processing model is operated specifically, corresponding relationship attribute data can be established according to the target service data and the associated data of the target service data; and determining whether the target service data has risks and the risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, obtaining a corresponding processing result, and outputting a model. And further, according to the processing result, determining whether the target business data has risks and/or a risk scene to which the target business data belongs. Thereby, the processing efficiency can be improved.

In some embodiments, the obtaining of the associated data related to the target service data may include the following steps: determining an initiator and a receiver of the target service data and a data environment of the target service data; collecting characteristic data relating to the originator, recipient, and/or data environment as the associated data.

In some embodiments, the establishing of the relationship attribute data for the target service data according to the target service data and the association data may include the following steps: determining the relation characteristics of multiple dimension types of the target service data according to the target service data and the associated data; and establishing a plurality of corresponding relation element groups as relation attribute data of the target service data according to the relation characteristics of the plurality of dimension types of the target service data, wherein the relation element groups describe the relation characteristics of the corresponding dimension type through the included source node elements, the terminal node elements and the edge attribute elements.

In some embodiments, the dimension type may specifically include at least one of: transaction dimensions, media device dimensions, behavior dimensions, social dimensions, and the like.

In some embodiments, the determining, according to the preset risk scenario knowledge base and the relationship attribute data of the target service data, whether the target service data has a risk or not and a risk scenario to which the target service data belongs may include the following steps: determining the matching degree of the relation attribute data of the target service data and various risk scenes according to a preset risk scene knowledge base; according to the numerical ordering of the matching degrees of the relation attribute data of the target service data and the multiple risk scenes, determining the risk scene to which the target service data belongs; and determining whether the target service data has risks or not according to the size relation between the matching degree of the target service data and the corresponding risk scene and a preset matching degree threshold.

In some embodiments, the determining, according to the preset risk scenario knowledge base, a matching degree between the relationship attribute data of the target service data and a plurality of risk scenarios may include the following steps: and respectively calculating characteristic distances between the relation attribute data of the target service data and the relation attribute data corresponding to various risk scenes in various risk scenes according to a preset risk scene knowledge base, wherein the characteristic distances are used as the matching degrees of the relation attribute data of the target service data and the various risk scenes.

In some embodiments, in specific implementation, the preset risk scenario knowledge base may be established as follows: acquiring service data with risks in various risk scenes as sample data; acquiring associated data related to sample data; and respectively carrying out multi-dimensional clustering processing on the sample data and the associated data in various risk scenes to establish and obtain relationship attribute data corresponding to the various risk scenes.

In this embodiment, in specific implementation, multi-dimensional clustering processing may be performed on sample data and associated data in various risk scenarios; then, extracting the features of the clustering result to obtain the relation features of different dimension types of the risk service data corresponding to various risk scenes; further, the relationship attribute data corresponding to various risk scenes can be determined according to the relationship characteristics of the risk data of various risk scenes in different dimension types. And combining the relationship attribute data of the multiple risk scenes to establish a preset risk scene knowledge base.

In some embodiments, the method, when implemented, may further include: acquiring recalled service data at intervals of a preset time period; acquiring associated data related to the recalled service data and extended data; performing feature mining on the recalled service data, and associated data and extended data of the recalled service data; establishing updated relationship attribute data according to the feature mining result; and updating a preset risk scene knowledge base by using the updated relationship attribute data.

In this embodiment, the preset risk scene knowledge base can automatically and timely learn emerging risk characteristics in the above manner, and the preset risk scene knowledge base is correspondingly updated. Therefore, the updated preset risk scene knowledge base can be used for accurately identifying the business data with risks based on the newly appeared attack means, and therefore judgment of the risk scene and accuracy of risk determination can be improved.

As can be seen from the above, in the method for processing service data provided in the embodiments of the present specification, relationship attribute data for target service data is established by first obtaining and according to the target service data and multidimensional associated data related to the target service data; and then, determining whether the target service data has risks and the specific risk scene to which the target service data belongs according to the relation attribute data of the target service data by using a preset risk scene knowledge base containing the relation attribute data of various risk scenes. Therefore, the business data with risks in various different risk scenes can be accurately and comprehensively identified. When the relation attribute data of the target service data is established, firstly determining the relation attribute characteristics of a plurality of dimension types of the target service data; and then, according to the relationship attribute characteristics of each dimension type in the dimension types, constructing a relationship element group for describing the relationship attribute characteristics of the corresponding dimension type by using corresponding source node elements, terminal node elements and edge attribute elements, and obtaining relationship attribute data of which the relationship elements are used as target service data, so that the relationship attribute data which represents the relationship characteristics of the target service data more comprehensively and accurately can be obtained, and then whether the target service data has risks and the affiliated specific risk scene can be further determined more accurately by using the relationship attribute data subsequently. And acquiring recalled service data at preset time intervals, and performing feature mining and learning aiming at the recalled service data, associated data and expanded data of the recalled service data so as to timely update a used preset risk scene knowledge base, thereby continuously learning emerging risk features, identifying emerging risks by using the updated preset risk scene knowledge base, and more accurately judging whether the target service data has risks and the affiliated risk scenes.

Embodiments of the present specification further provide a server, including a processor and a memory for storing processor-executable instructions, where the processor, when implemented, may perform the following steps according to the instructions: acquiring target service data and associated data related to the target service data; establishing relation attribute data aiming at the target service data according to the target service data and the associated data; and determining whether the target service data has risks and a risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

In order to more accurately complete the above instructions, referring to fig. 5, another specific server is provided in the embodiments of the present specification, wherein the server includes a network communication port 501, a processor 502 and a memory 503, and the above structures are connected by an internal cable, so that the structures can perform specific data interaction.

The network communication port 501 may be specifically configured to obtain target service data and associated data related to the target service data.

The processor 502 may be specifically configured to establish relationship attribute data for the target service data according to the target service data and the association data; and determining whether the target service data has risks and a risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

The memory 503 may be specifically configured to store a corresponding instruction program.

In this embodiment, the network communication port 501 may be a virtual port that is bound to different communication protocols, so that different data can be sent or received. For example, the network communication port may be port No. 80 responsible for web data communication, port No. 21 responsible for FTP data communication, or port No. 25 responsible for mail data communication. In addition, the network communication port can also be a communication interface or a communication chip of an entity. For example, it may be a wireless mobile network communication chip, such as GSM, CDMA, etc.; it can also be a Wifi chip; it may also be a bluetooth chip.

In this embodiment, the processor 502 may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The description is not intended to be limiting.

In this embodiment, the memory 503 may include multiple layers, and in a digital system, the memory may be any memory as long as binary data can be stored; in an integrated circuit, a circuit without a physical form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.

An embodiment of the present specification further provides a computer storage medium based on the foregoing service data processing method, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the computer storage medium implements: acquiring target service data and associated data related to the target service data; establishing relation attribute data aiming at the target service data according to the target service data and the associated data; and determining whether the target service data has risks and a risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

In this embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard disk (Hard disk drive, HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.

In this embodiment, the functions and effects specifically realized by the program instructions stored in the computer storage medium can be explained by comparing with other embodiments, and are not described herein again.

Referring to fig. 6, in a software level, an embodiment of the present specification further provides a device for processing service data, where the device may specifically include the following structural modules.

The obtaining module 601 may be specifically configured to obtain target service data and associated data related to the target service data;

the establishing module 603 is specifically configured to establish, according to the target service data and the associated data, relationship attribute data for the target service data;

the determining module 605 is specifically configured to determine whether the target service data has a risk and a risk scenario to which the target service data belongs according to a preset risk scenario knowledge base and relationship attribute data of the target service data, where the preset risk scenario knowledge base includes relationship attribute data of multiple risk scenarios.

In some embodiments, the obtaining module 601 may specifically include the following structural units:

the first determining unit may be specifically configured to determine an initiator and a receiver of the target service data, and a data environment of the target service data;

the collecting unit may be specifically configured to collect feature data related to the initiator, the receiver, and/or a data environment as the associated data.

In some embodiments, the collecting unit may be configured to collect an address book and a transfer record of an initiator, and/or user attribute information of the initiator as feature data related to the initiator; and collecting an address book and a transfer record of a receiver and/or user attribute information of the receiver as characteristic data related to the receiver.

In some embodiments, the acquisition unit, when implemented in detail, may be further configured to determine a first media device used when the initiator initiates the target service data, and a second media device used when the receiver receives the target service data; acquiring a use record of a first media device and a use record of a second media device; determining an initiating address of the target service data, a network characteristic of initiating the target service data, a receiving address of the target service data, a network characteristic of receiving the target service data, a use characteristic of the first media device and a use characteristic of the second media device according to the use record of the first media device and the use record of the second media device; and taking one or more of an initiating address of the target service data, a network characteristic of the initiating target service data, a receiving address of the target service data, a network characteristic of the receiving target service data, a use characteristic of the first media device and a use characteristic of the second media device as the characteristic data related to the data environment.

In some embodiments, the establishing module 603 may specifically include the following structural units:

the second determining unit may be specifically configured to determine, according to the target service data and the associated data, relationship characteristics of multiple dimensional types of the target service data;

the first establishing unit may be specifically configured to establish, according to the relationship features of the multiple dimension types of the target service data, multiple corresponding relationship element groups as relationship attribute data of the target service data, where the relationship element groups describe the relationship features of the corresponding one dimension type through the included source node elements, the end node elements, and the edge attribute elements.

In some embodiments, the determining module 605 may specifically include the following structural units:

the third determining unit may be specifically configured to determine, according to a preset risk scene knowledge base, a matching degree between relationship attribute data of the target service data and multiple risk scenes;

the fourth determining unit may be specifically configured to determine a risk scenario to which the target service data belongs according to numerical ordering of matching degrees of the relationship attribute data of the target service data and multiple risk scenarios;

the fifth determining unit may be specifically configured to determine whether the target service data has a risk according to a size relationship between a matching degree of the target service data and the risk scenario to which the target service data belongs and a preset matching degree threshold.

In some embodiments, the third determining unit may be specifically configured to calculate, according to a preset risk scenario knowledge base, feature distances between the relationship attribute data of the target service data and relationship attribute data corresponding to various risk scenarios in the multiple risk scenarios, respectively, as matching degrees between the relationship attribute data of the target service data and the multiple risk scenarios.

In some embodiments, the apparatus may further include a building module of a preset risk scenario knowledge base, configured to build the preset risk scenario knowledge base. The building module of the preset risk scene knowledge base may specifically include the following structural units:

the first obtaining unit may be specifically configured to obtain, as sample data, service data with risks in multiple risk scenarios;

the second obtaining unit may be specifically configured to obtain associated data related to the sample data;

the second establishing unit may be specifically configured to perform multi-dimensional clustering processing on the sample data and the associated data in various risk scenarios, respectively, so as to establish and obtain relationship attribute data corresponding to the various risk scenarios.

In some embodiments, the apparatus may further include an updating module, which may be configured to update the preset risk scenario knowledge base. The update module may specifically include the following structural units:

the third obtaining unit may be specifically configured to obtain the recalled service data at preset time intervals;

the fourth obtaining unit may be specifically configured to obtain associated data related to the recalled service data and the extension data;

the mining unit may be specifically configured to perform feature mining on the recalled service data, and associated data and extended data of the recalled service data;

the third establishing unit is specifically used for establishing updated relationship attribute data according to the feature mining result;

and the updating unit is specifically configured to update a preset risk scene knowledge base by using the updated relationship attribute data.

It should be noted that, the units, devices, modules, etc. illustrated in the above embodiments may be implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. It is to be understood that, in implementing the present specification, functions of each module may be implemented in one or more pieces of software and/or hardware, or a module that implements the same function may be implemented by a combination of a plurality of sub-modules or sub-units, or the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

As can be seen from the above, in the processing of the service data provided in the embodiments of the present specification, the obtaining module and the establishing module first obtain and establish the relationship attribute data for the target service data according to the target service data and the multidimensional associated data related to the target service data; and determining whether the target business data has risks and the specific risk scene to which the target business data belongs according to the relation attribute data of the target business data by using a preset risk scene knowledge base containing the relation attribute data of various risk scenes through a determining module. Therefore, the business data with risks in various different risk scenes can be accurately and comprehensively identified.

Although the present specification provides method steps as described in the examples or flowcharts, additional or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an apparatus or client product in practice executes, it may execute sequentially or in parallel (e.g., in a parallel processor or multithreaded processing environment, or even in a distributed data processing environment) according to the embodiments or methods shown in the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. The terms first, second, etc. are used to denote names, but not any particular order.

Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

From the above description of the embodiments, it is clear to those skilled in the art that the present specification can be implemented by software plus necessary general hardware platform. With this understanding, the technical solutions in the present specification may be essentially embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments in the present specification.

The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The description is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.

While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification that do not depart from the spirit of the specification, and it is intended that the appended claims include such variations and modifications that do not depart from the spirit of the specification.

Claims

1. A method for processing service data comprises the following steps:

acquiring target service data and associated data related to the target service data;

establishing relation attribute data aiming at the target service data according to the target service data and the associated data;

and determining whether the target service data has risks and a risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

2. The method of claim 1, obtaining association data related to target business data, comprising:

determining an initiator and a receiver of the target service data and a data environment of the target service data;

collecting characteristic data relating to the originator, recipient, and/or data environment as the associated data.

3. The method of claim 2, collecting feature data related to the originator and recipient, comprising:

collecting an address book and a transfer record of an initiator and/or user attribute information of the initiator as characteristic data related to the initiator;

and collecting an address book and a transfer record of a receiver and/or user attribute information of the receiver as characteristic data related to the receiver.

4. The method of claim 2, collecting feature data related to a data environment, comprising:

determining a first medium device used when an initiator initiates target service data and a second medium device used when a receiver receives the target service data;

acquiring a use record of a first media device and a use record of a second media device;

determining an initiating address of the target service data, a network characteristic of initiating the target service data, a receiving address of the target service data, a network characteristic of receiving the target service data, a use characteristic of the first media device and a use characteristic of the second media device according to the use record of the first media device and the use record of the second media device;

and taking one or more of an initiating address of the target service data, a network characteristic of the initiating target service data, a receiving address of the target service data, a network characteristic of the receiving target service data, a use characteristic of the first media device and a use characteristic of the second media device as the characteristic data related to the data environment.

5. The method of claim 1, establishing relationship attribute data for the target business data according to the target business data and the association data, comprising:

determining the relation characteristics of multiple dimension types of the target service data according to the target service data and the associated data;

and establishing a plurality of corresponding relation element groups as relation attribute data of the target service data according to the relation characteristics of the plurality of dimension types of the target service data, wherein the relation element groups describe the relation characteristics of the corresponding dimension type through the included source node elements, the terminal node elements and the edge attribute elements.

6. The method of claim 5, the dimension type comprising at least one of: transaction dimensions, media device dimensions, behavior dimensions, social dimensions.

7. The method of claim 1, wherein determining whether the target business data has a risk and a risk scenario to which the target business data belongs according to a preset risk scenario knowledge base and relationship attribute data of the target business data comprises:

determining the matching degree of the relation attribute data of the target service data and various risk scenes according to a preset risk scene knowledge base;

according to the numerical ordering of the matching degrees of the relation attribute data of the target service data and the multiple risk scenes, determining the risk scene to which the target service data belongs;

and determining whether the target service data has risks or not according to the size relation between the matching degree of the target service data and the corresponding risk scene and a preset matching degree threshold.

8. The method of claim 7, wherein determining the matching degree between the relation attribute data of the target service data and the multiple risk scenarios according to a preset risk scenario knowledge base comprises:

and respectively calculating characteristic distances between the relation attribute data of the target service data and the relation attribute data corresponding to various risk scenes in various risk scenes according to a preset risk scene knowledge base, wherein the characteristic distances are used as the matching degrees of the relation attribute data of the target service data and the various risk scenes.

9. The method of claim 1, wherein the preset risk scenario knowledge base is established as follows:

acquiring service data with risks in various risk scenes as sample data;

acquiring associated data related to sample data;

and respectively carrying out multi-dimensional clustering processing on the sample data and the associated data in various risk scenes to establish and obtain relationship attribute data corresponding to the various risk scenes.

10. The method of claim 1, further comprising:

acquiring recalled service data at intervals of a preset time period;

acquiring associated data related to the recalled service data and extended data;

performing feature mining on the recalled service data, and associated data and extended data of the recalled service data;

establishing updated relationship attribute data according to the feature mining result;

and updating a preset risk scene knowledge base by using the updated relationship attribute data.

11. A device for processing traffic data, comprising:

the acquisition module is used for acquiring target service data and associated data related to the target service data;

the establishing module is used for establishing relation attribute data aiming at the target service data according to the target service data and the associated data;

the determining module is used for determining whether the target service data has risks and the risk scene to which the target service data belongs according to a preset risk scene knowledge base and the relation attribute data of the target service data, wherein the preset risk scene knowledge base comprises the relation attribute data of various risk scenes.

12. The apparatus of claim 11, the obtaining means comprising:

the first determining unit is used for determining an initiator and a receiver of the target service data and a data environment of the target service data;

and the acquisition unit is used for acquiring characteristic data related to the initiator, the receiver and/or the data environment as the associated data.

13. The device according to claim 12, wherein the collecting unit is specifically configured to collect an address book, a transfer record, and/or user attribute information of the initiator as feature data related to the initiator; and collecting an address book and a transfer record of a receiver and/or user attribute information of the receiver as characteristic data related to the receiver.

14. The apparatus according to claim 12, wherein the acquisition unit is further specifically configured to determine a first media device used when the initiator initiates the target service data, and a second media device used when the receiver receives the target service data; acquiring a use record of a first media device and a use record of a second media device; determining an initiating address of the target service data, a network characteristic of initiating the target service data, a receiving address of the target service data, a network characteristic of receiving the target service data, a use characteristic of the first media device and a use characteristic of the second media device according to the use record of the first media device and the use record of the second media device; and taking one or more of the initiating address of the target service data, the network characteristic of the initiating target service data, the receiving address of the target service data, the network characteristic of the receiving target service data, the use characteristic of the first media device and the use characteristic of the second media device as the characteristic data related to the data environment.

15. The apparatus of claim 11, the establishing means comprising:

the second determining unit is used for determining the relation characteristics of a plurality of dimension types of the target service data according to the target service data and the associated data;

and the first establishing unit is used for establishing a plurality of corresponding relation element groups as relation attribute data of the target service data according to the relation characteristics of the plurality of dimension types of the target service data, wherein the relation element groups describe the relation characteristics of one corresponding dimension type through the included source node elements, the terminal node elements and the edge attribute elements.

16. The apparatus of claim 15, the dimension types comprising at least one of: transaction dimensions, media device dimensions, behavior dimensions, social dimensions.

17. The apparatus of claim 11, the determining means comprising:

the third determining unit is used for determining the matching degree of the relation attribute data of the target service data and various risk scenes according to a preset risk scene knowledge base;

the fourth determining unit is used for determining the risk scene to which the target service data belongs according to the numerical ordering of the matching degrees of the relationship attribute data of the target service data and the multiple risk scenes;

and the fifth determining unit is used for determining whether the target service data has risks or not according to the size relationship between the matching degree of the target service data and the corresponding risk scene and a preset matching degree threshold value.

18. The apparatus according to claim 17, wherein the third determining unit is specifically configured to calculate, according to a preset risk scenario knowledge base, feature distances between the relationship attribute data of the target service data and relationship attribute data corresponding to each risk scenario in multiple risk scenarios, as matching degrees between the relationship attribute data of the target service data and the multiple risk scenarios.

19. The apparatus of claim 11, further comprising a building module of a preset risk scenario knowledge base, comprising:

the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring the service data with risks in various risk scenes as sample data;

the second acquisition unit is used for acquiring associated data related to the sample data;

and the second establishing unit is used for respectively carrying out multi-dimensional type clustering processing on the sample data and the associated data in various risk scenes so as to establish and obtain relationship attribute data corresponding to the various risk scenes.

20. The apparatus of claim 11, the apparatus further comprising an update module comprising:

a third obtaining unit, configured to obtain recalled service data at preset time intervals;

a fourth obtaining unit, configured to obtain associated data related to the recalled service data, and the extension data;

the mining unit is used for carrying out feature mining on the recalled business data, and the associated data and the extended data of the recalled business data;

the third establishing unit is used for establishing updated relationship attribute data according to the feature mining result;

and the updating unit is used for updating a preset risk scene knowledge base by using the updated relation attribute data.

21. A server comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 1 to 10.

22. A computer readable storage medium having stored thereon computer instructions which, when executed, implement the steps of the method of any one of claims 1 to 10.