CN111476371B - Method and device for evaluating specific risk faced by server - Google Patents

Method and device for evaluating specific risk faced by server Download PDF

Info

Publication number
CN111476371B
CN111476371B CN202010588742.6A CN202010588742A CN111476371B CN 111476371 B CN111476371 B CN 111476371B CN 202010588742 A CN202010588742 A CN 202010588742A CN 111476371 B CN111476371 B CN 111476371B
Authority
CN
China
Prior art keywords
variables
variable
risk
evidence
query
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010588742.6A
Other languages
Chinese (zh)
Other versions
CN111476371A (en
Inventor
张慧南
沈磊
谌扬
汤深
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202010588742.6A priority Critical patent/CN111476371B/en
Publication of CN111476371A publication Critical patent/CN111476371A/en
Application granted granted Critical
Publication of CN111476371B publication Critical patent/CN111476371B/en
Priority to TW110111129A priority patent/TW202201334A/en
Priority to PCT/CN2021/100791 priority patent/WO2021259150A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N7/00Computing arrangements based on specific mathematical models
    • G06N7/01Probabilistic graphical models, e.g. probabilistic networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Abstract

The embodiment of the specification provides a method for evaluating specific risks faced by a service party, which comprises the following steps: on one hand, a pre-constructed Bayesian expansion network is obtained, wherein a plurality of risk attribute variables and a plurality of risk calculation variables are involved, and a corresponding value range mapping relation is formed between a node corresponding to each risk calculation variable and a value range of a father node thereof; on the other hand, evidence variable values of a plurality of evidence variables of which variable observation values are known are obtained, and inquiry variable values set for a plurality of inquiry variables to be inquired are obtained, the plurality of evidence variables and the plurality of inquiry variables are determined at least based on the plurality of risk attribute variables, and the evidence variable values are determined based on behavior data of users in the service party and/or operation data of the service party; further, based on the Bayesian expansion network, according to the evidence variable values of the evidence variables, posterior probabilities that the values of the query variables are the query variable values are determined, and the posterior probabilities are included as risk assessment results.

Description

Method and device for evaluating specific risk faced by server
Technical Field
One or more embodiments of the present disclosure relate to the field of applying machine learning to risk control, and in particular, to a method and an apparatus for evaluating a specific risk faced by a service provider.
Background
Currently, the service side faces various risks, such as operational risks during the operation process, including the possibility of operational failure or operational activities not reaching the intended target and the loss thereof. For another example, a service provider, when providing a service to a user, is at risk that some users may implement malicious, undesirable, or illegal specific behaviors using the service. For example, the illegal user performs illegal activities such as money laundering by using an electronic payment service provided by a payment platform or a financial service provided by a financial platform, and performs illegal activities such as fraud by using a transfer service and a communication service provided by a business platform.
In order to better manage the risk, the above-mentioned risk faced by the service party needs to be evaluated. However, the current risk assessment method is single and cannot meet various actual requirements. Therefore, a scheme is needed, which can accurately and effectively realize risk assessment and meet the requirements of risk tracing, source tracing and the like.
Disclosure of Invention
One or more embodiments of the present specification describe a method and an apparatus for evaluating a specific risk faced by a server, where an expanded bayesian network is formed by adding a computing node in a conventional bayesian network, and is used to organize a risk fact and a risk viewpoint, so as to implement tracing to a cause of a complete process of risk evaluation, and effectively improve accuracy, reliability, and availability of the risk evaluation.
According to a first aspect, there is provided a method of assessing a particular risk faced by a server, comprising: the method comprises the steps of obtaining a pre-constructed Bayesian expansion network, wherein the pre-constructed Bayesian expansion network comprises a directed acyclic graph, the directed acyclic graph comprises a plurality of risk attribute nodes corresponding to a plurality of risk attribute variables and a plurality of risk calculation nodes corresponding to a plurality of risk calculation variables, a value range mapping relation is formed between a value range of each risk calculation node and a value range of a father node of the risk calculation node, the directed acyclic graph further comprises a directed connection edge formed due to the existence of a dependency relation among the nodes, and the Bayesian expansion network further comprises a conditional probability table for carrying out quantitative representation on the dependency relation; acquiring evidence variable values of a plurality of evidence variables of which variable observation values are known, and acquiring inquiry variable values set for a plurality of inquiry variables to be inquired, wherein the evidence variables and the inquiry variables are determined at least based on the risk attribute variables, and the evidence variable values are determined based on behavior data of users in the service party and/or operation data of the service party; and determining the values of the plurality of query variables as posterior probabilities of the query variable values according to the evidence variable values of the plurality of evidence variables based on the Bayesian expansion network, and classifying the posterior probabilities into the risk assessment result aiming at the specific risk.
In one embodiment, the plurality of risk attribute variables includes a fact class variable corresponding to objective facts and a point of view class variable corresponding to subjective points of view.
In a specific embodiment, the view class variables include verifiable prediction class variables and non-verifiable judgment class variables.
In a specific embodiment, the obtaining evidence variable values of the evidence variables includes: determining a variable value of a first fact variable belonging to fact-class variables and included in the evidence variables based on the behavior data or the operation data and a statistical rule corresponding to the first fact variable; and/or receiving a variable value of a first viewpoint variable which is included in the plurality of evidence variables and belongs to a viewpoint class variable, and which is input by a service person of the service party based on the behavior data or the operation data.
In an embodiment, the specific risk is a risk that a user performs a specific action by using a service provided by the service provider, the service provider performs a prevention and control procedure for preventing and controlling the specific action, and the operation data includes prevention and control data generated by the service provider performing the prevention and control procedure.
In a specific embodiment, the specific behavior comprises money laundering behavior or electronic transaction fraud behavior.
In one embodiment, obtaining evidence variable values for a number of evidence variables and obtaining query variable values set for a number of query variables includes: according to a preset rule, dividing a plurality of users in the service party into a plurality of types of users; acquiring corresponding first behavior data and related first operation data aiming at any first type of users in the plurality of types of users, and further determining first evidence variable values of the evidence variables; and acquiring a first query variable value of the plurality of query variables set by the first type of user. Wherein, based on the bayesian expansion network, determining the value of the plurality of query variables as the posterior probability of the query variable value according to the evidence variable value of the plurality of evidence variables, and classifying the posterior probability as the risk assessment result for the specific risk, the method comprises the following steps: and determining the values of the plurality of query variables as first posterior probabilities of the first query variable values according to the first evidence variable values corresponding to the first class of users based on the Bayesian expansion network, and classifying the first posterior probabilities into the risk assessment results for the first class of users.
In a specific embodiment, the preset rule includes dividing based on regions, or dividing based on institutional users and individual users, or dividing based on products used.
In one embodiment, obtaining evidence variable values for a number of evidence variables and obtaining query variable values set for a number of query variables includes: obtaining variable values corresponding to a plurality of evidence attribute variables, classifying the variable values into the evidence variable values, obtaining variable values corresponding to a plurality of query attribute variables, and classifying the variable values into the query variable values, wherein the evidence attribute variables and the query attribute variables belong to the risk attribute variables; for any first computing node in the risk computing nodes, if the evidence attribute variables include all father nodes of the first computing node, determining a first computing variable value of the first computing node according to variable values corresponding to all the father nodes and a value domain mapping relation between the first computing node and all the father nodes thereof, and classifying the first computing variable value into the evidence variable value; if the evidence attribute variables and the query attribute variables each include a portion of the parent nodes, or if the query attribute variables include the parent nodes, the first calculation variable value is included in the query variable value.
In a specific embodiment, after determining that the values of the query variables are posterior probabilities of the query variable values and include the risk assessment result for the specific risk, the method further includes: and the first calculation variable value is included in the risk assessment result.
In one embodiment, the risk calculation nodes include a risk calculation node having a child node.
In one embodiment, the risk calculation nodes include transaction risk calculation nodes, the father nodes of the risk calculation nodes are transaction amount nodes and transaction area nodes in the risk attribute nodes, the variables corresponding to the transaction risk calculation nodes, the transaction amount nodes and the transaction area nodes are all discrete variables, and the value range mapping relationship between the transaction risk calculation nodes and the father nodes thereof includes a mapping relationship between discrete variable values of the transaction risk calculation nodes and discrete value combinations of the transaction amount nodes and the transaction area nodes.
According to a second aspect, there is provided an apparatus for assessing a particular risk faced by a server, comprising: the network acquisition unit is configured to acquire a pre-constructed Bayesian expansion network, which comprises a directed acyclic graph, wherein the directed acyclic graph comprises a plurality of risk attribute nodes corresponding to a plurality of risk attribute variables and a plurality of risk calculation nodes corresponding to a plurality of risk calculation variables, a value range of each risk calculation node and a value range of a father node of the risk calculation node have a corresponding value range mapping relation, the directed acyclic graph further comprises a directed connection edge formed due to dependency relations among the nodes, and the Bayesian expansion network further comprises a conditional probability table for quantitatively representing the dependency relations; a variable value acquiring unit configured to acquire evidence variable values of a plurality of evidence variables of which variable observations are known, and acquire inquiry variable values set for a plurality of inquiry variables to be inquired, the plurality of evidence variables and the plurality of inquiry variables being determined based on at least the plurality of risk attribute variables, the evidence variable values being determined based on behavior data of a user in the service side and/or operation data of the service side; and the probability determining unit is configured to determine the values of the plurality of query variables as posterior probabilities of the query variable values according to the evidence variable values of the plurality of evidence variables based on the Bayesian expansion network, and to include the posterior probabilities of the query variable values as risk assessment results for the specific risk.
According to a third aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first aspect.
According to a fourth aspect, there is provided a computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of the first aspect.
In summary, in the method and the apparatus provided in the embodiments of the present specification, an expanded bayesian network is formed by adding a computing node in a conventional bayesian network, and is used for organizing a risk fact variable, a risk viewpoint variable, and a risk computing variable, so that tracing to a cause of a complete process of risk assessment can be realized, and meanwhile, accuracy, reliability, and availability of the risk assessment are effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 illustrates a schematic diagram of the composition of a Bayesian expansion network in accordance with one embodiment;
FIG. 2 illustrates a flow chart of a method for assessing a particular risk faced by a service in accordance with an embodiment of the present disclosure;
fig. 3 is a block diagram of an apparatus for evaluating a specific risk faced by a service provider according to an embodiment of the present disclosure.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
As previously mentioned, the service aspect faces multiple risks, any of which will be referred to as a particular risk for ease of description below. In order to better manage and control the risk, the specific risk faced by the service party needs to be accurately and effectively evaluated.
Therefore, the inventor provides a risk assessment method, which can realize accurate assessment of specific risks and can realize tracing of assessment results, thereby effectively and intuitively assisting risk management and control. Specifically, the inventor proposes to introduce a Bayesian network (Bayesian network) to organize and summarize some random variables related to a specific risk, so as to visually represent the dependency relationship between the risk variables (for example, whether a customer data form is wrongly filled depends on whether employees are trained), and it needs to be understood that these random variables can be represented as corresponding nodes in the Bayesian network. In addition, besides the traditional bayesian network, a computing node (hereinafter, the bayesian network for adding the computing node is referred to as a bayesian expansion network, and is also referred to as a network for short) is added for expressing a functional relationship between value domains in the network, so as to realize the computation of risk computation variables (such as transaction suspicion), and the node influencing the risk computation variables or the node influenced by the risk computation variables can be quickly located in the network, so that the full-process tracing of risk assessment is realized.
In one embodiment, the risk assessment method may include: first, a constructed bayesian expansion network is obtained, and as shown in fig. 1, a composition diagram of the bayesian expansion network according to an embodiment is shown, the network may include a Directed acyclic graph (DAG for short) representing a dependency relationship between a plurality of risk variables, where the plurality of risk variables includes risk attribute variables (corresponding risk attribute nodes are shown by circles in the figure) determined based on risk objective facts (for example, an occupation ratio of a mechanism client in a service side), a risk viewpoint (for example, whether a wind control process is compliant), and set risk calculation variables (corresponding risk calculation nodes are shown by five stars in the figure), the network further includes condition probability tables (corresponding to the respective risk nodes) corresponding to the respective risk variables (that is, corresponding to the respective risk nodes), only a node C is shown in fig. 1 (for convenience of description, node numbering), where P (C = C0| a = a1, B = B0) =0.4 indicates that when the value of node a is a1 and the value of node B is B0, the probability that node C takes C0 is 0.4, and nodes E, F and L are computation nodes, and in one example, the mapping relationship between the value range of node E and the value ranges of its parent node C and parent node D is:
Figure 520626DEST_PATH_IMAGE001
(1)
then, according to risk variables in the network, collecting relevant data of a target user group, determining variable observation values corresponding to the evidence variables from the risk variables, and setting values of variables set for query variables to be queried according to evaluation requirements, for example, taking the node a, the node B and the node D as the evidence variables, determining the values of the evidence variables as a1, B0 and D0 respectively according to the relevant data, and taking the node C as the query variables, and setting the values of the query variables as C0 respectively; then, based on the bayesian expansion network, according to the evidence value corresponding to the evidence variable, a posterior probability that the value of the query variable is the set query value is determined, for example, a posterior probability P (C = C0, | a = a1, B = B0, D = D0) is determined, so as to include the posterior probability in the risk assessment result, further, a calculation value obtained by the calculation node may be included in the risk assessment result, for example, a calculation value of the calculation node E is included in the risk assessment result
Figure 968925DEST_PATH_IMAGE002
And (5) classifying the risk evaluation result.
By adopting the risk assessment method disclosed by the embodiment of the specification, the specific risk can be accurately assessed, and meanwhile, the reason tracing of the assessment result can be realized, so that the risk management and control are more effectively and intuitively assisted.
Next, specific implementation steps of the above evaluation method are described. Specifically, fig. 2 shows a flowchart of a method for evaluating a specific risk faced by a service party according to an embodiment of the present disclosure, where the service party may be in the form of an enterprise, an organization, a company, a network platform, and the like, and an execution subject of the method may be any computing platform or server or device cluster with computing and processing capabilities.
As shown in fig. 2, the above method includes the steps of:
step S210, obtaining a pre-constructed Bayesian expansion network, wherein the pre-constructed Bayesian expansion network comprises a directed acyclic graph, the directed acyclic graph comprises a plurality of risk attribute nodes corresponding to a plurality of risk attribute variables and a plurality of risk calculation nodes corresponding to a plurality of risk calculation variables, a value range of each risk calculation node and a value range of a father node of the risk calculation node have a corresponding value range mapping relation, the directed acyclic graph further comprises a directed connection edge formed by dependency relations among the nodes, and the Bayesian expansion network further comprises a conditional probability table for quantitatively representing the dependency relations; step S220, obtaining evidence variable values of a plurality of evidence variables of which variable observation values are known, and obtaining inquiry variable values set for a plurality of inquiry variables to be inquired, wherein the evidence variables and the inquiry variables are determined at least based on the risk attribute variables, and the evidence variable values are determined based on behavior data of users in the service party and/or operation data of the service party; and step S230, based on the Bayesian expansion network, determining the value of the plurality of query variables as the posterior probability of the query variable value according to the evidence variable value of the plurality of evidence variables, and classifying the posterior probability as a risk evaluation result aiming at the specific risk.
The steps are as follows:
first, in step S210, a previously constructed bayesian expansion network is obtained.
For the sake of understanding, the construction method of the bayesian expansion network is described below. Specifically, the Bayesian expansion network comprises establishing the directed acyclic graph and determining the conditional probability table.
Specifically, a plurality of risk variables including the plurality of risk attribute variables and a plurality of risk calculation variables are obtained first, so that a plurality of corresponding risk nodes including a plurality of risk attribute nodes and a plurality of risk calculation nodes are created.
It should be noted that the acquired multiple risk variables may be manually set by the staff for the specific risk, including setting the name of the risk variable and the value range of the risk variable. The set risk variable may be a discrete random variable, and accordingly, a value range thereof may include a plurality of discrete values, or a continuous random variable, and accordingly, a value range thereof may include a continuous value range, and values thereof cannot be listed one by one.
On one hand, for a plurality of risk attribute variables included in the plurality of risk variables, in an embodiment, a fact class variable corresponding to an objective fact may be included, specifically, the fact class variable means that a variable value may be determined according to an objective data record, for example, the fact class variable may include the number of users, the number of employees, and the like in a service party. It should be understood that the fact type variable may be set first, and then the relevant data record may be collected by a method of embedding points, or the fact type variable may be designed according to the existing data record. Therefore, when the fact type variable is obtained, the statistical rule for determining the value of the fact type variable according to the relevant data record can be obtained for subsequently determining the value of the variable. For example, the number of users is set as a continuous variable, and the corresponding statistical rules may include: the unit of the quantity is ten thousand, for example, the trading area variable is set as a discrete variable, and the discrete values in the value domain include large cities, small and medium cities, and town and countryside (it should be understood that the discrete values may be represented by 0, 1, 2, or other values instead), the statistical rule may include the correspondence between the trading longitude and latitude or name and the discrete values, such as: when the transaction place is Beijing, the value of the transaction region variable is a large city.
In another embodiment, the risk attribute variables may include a viewpoint variable corresponding to a subjective viewpoint, specifically, the viewpoint variable is obtained by adding a subjective factor to a value of the variable, for example, different experts may analyze different values of the variable. In a specific embodiment, the viewpoint variables may further include a verifiable prediction variable and a non-verifiable judgment variable, where the prediction variable may be used to verify whether the value of the current variable is correct according to data collected in the future, and the judgment variable may be used to verify whether the value of the variable is correct if there is no absolute objective data. In one example, the forecast class variables may include the next quarter of the trade or whether the company will be recruited in the next year, and the decision class variables may include whether the wind-controlled process is complete or whether the operation is successful.
On the other hand, for several risk calculation variables included in the plurality of risk variables, which are designed to express the value range mapping relationship between different variables in the network, an intuitive description of the risk assessment result may be achieved, for example, a risk probability calculation variable, a risk level variable, and a risk loss variable (for describing the loss caused by the specific risk, such as a loss amount variable and a customer loss amount) may be designed.
Specifically, the variable value of the risk calculation variable depends on the values of one or more other variables, and thus, in the setting process of a certain risk calculation variable, the variable on which the certain risk calculation variable depends is set, and the value range mapping relationship between the value range of the certain risk calculation variable and the value range of the variable on which the certain risk calculation variable depends is set. It should be noted that the variables on which the risk calculation variables depend may include a risk attribute variable and/or other risk calculation variables, which also means that the risk calculation node may have child nodes. In addition, for the value range mapping relationship, in an embodiment, a certain risk calculation variable is a discrete variable, and a plurality of variables on which the certain risk calculation variable depends are also discrete variables, and accordingly, the value range mapping relationship therebetween may include: the mapping relationship between the discrete values in the value domain of the certain risk calculation variable and the discrete value combinations composed of the discrete values in the value domains of the plurality of variables on which the certain risk calculation variable depends needs to be understood that a single discrete value combination is composed of a single discrete value of each variable in the plurality of variables. In a specific embodiment, the risk calculation variables include transaction risk calculation variables, the variables dependent on the transaction risk calculation variables include a transaction amount variable and a transaction region variable, and the three variables are all discrete variables, and the value range mapping relationship between the discrete variable values of the transaction risk calculation variables and the discrete value combination of the transaction amount variable and the transaction region variable includes a mapping relationship between the discrete value combination of the transaction risk calculation variables and the discrete value combination of the transaction amount variable and the transaction region variable. In an example, the mapping relationship may specifically include:
Figure 155187DEST_PATH_IMAGE003
(2)
in another embodiment, a risk calculation variable is a random variable, and the variables that depend on the risk calculation variable include continuous variables, and accordingly, the value range mapping relationship between the variables can be a continuous function. In one example, assuming that a risk calculation variable is transaction suspicion, the variable it depends on is transaction amount, and both are continuous variables, the value range mapping relationship between them can be the following continuous function:
Figure 815975DEST_PATH_IMAGE004
(3)
in the formula (3), the first and second groups,
Figure 974555DEST_PATH_IMAGE005
a value representing the amount of the transaction,
Figure 224447DEST_PATH_IMAGE006
a value representing the transaction suspicion.
As can be seen from the above, the obtained multiple risk variables include multiple risk attribute variables and multiple risk calculation variables, the risk attribute variables may include fact type variables and view type variables, the view type variables may include prediction type variables and judgment type variables, the multiple risk calculation variables are used to express a mapping relationship between value ranges of different variables, and the risk variables may be discrete variables or continuous variables.
The plurality of risk variables are set for a specific risk to which the service provider faces. In one embodiment, the specific risk may be an operation risk faced by the service provider, accordingly, the plurality of risk attribute variables in the plurality of risk variables may include a turnover of the service provider, a number of users, an operation cost, a number of products, a number of clicks of a product page, a size of the service provider (e.g., a number of employees, a number of recruiting posts, a number of branch companies, etc.), a financing amount, a stock tendency, an expected profit, etc., and the plurality of risk calculation variables may include an operation loss, an operation success rate, an operation revenue, etc. In another embodiment, the service side is at risk of using a service provided by the service side to implement a specific behavior, the service side executes a prevention and control process for preventing and controlling the specific behavior, and accordingly, the plurality of risk variables may include a prevention and control process variable related to the prevention and control process and a user behavior variable related to the user behavior. In a particular embodiment, the specific behavior may comprise money laundering behavior or electronic transaction fraud behavior. In a specific embodiment, the risk attribute variables of the risk variables may include whether training is performed, whether customer data collection is compliant, whether a particular behavior is engaged in high management, a transaction amount, a transaction area, and a transaction period, and the risk calculation variables may include a transaction risk calculation variable, a transaction suspicion degree, and a particular behavior comprehensive risk level.
Based on the acquired multiple risk variables, corresponding multiple risk nodes can be created. Further, as for the dependency relationship among the multiple risk nodes, as can be seen from the foregoing, for a plurality of risk calculation nodes, a node on which the value of each risk calculation node depends, that is, a parent node of each risk calculation node, is already set, so that a directed connection edge can be established between each risk calculation node and the corresponding parent node. In one embodiment, the dependency relationships other than the dependency relationship with the risk calculation node and the parent node thereof may be set manually, that is, the dependency relationships in the bayesian expansion network may all be set manually, and accordingly, a directed edge may be established between the corresponding nodes based on the other dependency relationships. Further, based on the already established directed acyclic graph, in the case that training data does not exist, a conditional probability table of each risk node may be manually set, so that a manually set bayesian expansion network may be obtained, and in the case that training data (a training sample may include values of each risk node), a conditional probability table of each risk node may be estimated by counting the training samples, so that a bayesian expansion network composed of the manually set directed acyclic graph and the conditional probability table statistically obtained based on the training samples is obtained.
In another embodiment, the other dependencies may also be determined by training data, which may be implemented by referring to the prior art, for example, a scoring function (score function) may be defined first to evaluate a degree of matching between the bayesian expansion network and the training data, and then the bayesian expansion network with an optimal structure is found based on the scoring function, and accordingly, a structure of the bayesian expansion network (i.e., the directed acyclic graph) and a conditional probability table corresponding to each risk attribute node may be determined, that is, the bayesian expansion network is determined.
It should be noted that, for the risk calculation node, the corresponding conditional probability table may be determined after the risk calculation node is set. It is to be understood that for a discrete risk calculation variable, the conditional probability takes a value other than 0, i.e., 1. For example, for the computation node E in the above formula (1), which is a discrete variable, the conditional probability table is shown in the following table 1:
TABLE 1
e0 e1 e2
c0, d1 or c0, d2 1 0 0
c1,d0 0 1 0
c1,d1 0 0 1
As shown in table 1, the last row indicates that, in the case where the values of the node C and the node D are C1 and D1, respectively, the probability of the node E being E2 is 1, and the probability of being E0 or E1 is 0.
In addition, for the continuous risk calculation variable, the conditional probability thereof may be represented by a probability distribution, and specifically, the corresponding probability distribution may be determined by a value domain mapping relationship between the continuous risk calculation variable and a plurality of parent nodes thereof, which is not described herein in detail for the specific involved calculation.
In the above, the construction of the bayesian expansion network is introduced. Specifically, the constructed bayesian expansion network comprises a directed acyclic graph, the directed acyclic graph comprises a plurality of risk attribute nodes corresponding to a plurality of risk attribute variables and a plurality of risk calculation nodes corresponding to a plurality of risk calculation variables, a value range of each risk calculation node and a value range of a parent node of the risk calculation node have a corresponding value range mapping relationship, the directed acyclic graph further comprises a directed connection edge formed due to the existence of a dependency relationship between the nodes, and the bayesian expansion network further comprises a conditional probability table for quantitatively representing the dependency relationship.
After the pre-constructed Bayesian expansion network is obtained, the query is answered by using the pre-constructed Bayesian expansion network, namely, the values of other risk variables are presumed through the observed values of some risk variables. Let Q = { Q1,Q2,...QnDenotes a query variable to be queried, Z = { Z = }1,Z2,...,ZKDenotes an evidence variable, which is known to take the value z = { z = }1,z2,...,zKGuessing the target includes calculating a posterior probability P (Q = Q | Z = Z), where Q = { Q =1,q2,...qnAnd is a set of values of variables to be queried, wherein n and k are positive integers.
Specifically, in step S220, evidence variable values of several evidence variables whose variable observations are known are obtained, and query variable values set for several query variables to be queried are obtained.
In an embodiment, behavior data of a user in the service party and/or operation data of the service party may be acquired, so that a value of which risk attribute variables of the plurality of risk attribute variables may be determined, or a data record related to which risk attribute variables is included in the acquired data is determined, and the risk attribute variables are classified into the evidence variables, and an observed value of the risk attribute variables determined according to the related data record is used as a corresponding evidence variable value. For non-evidence variables which are not included in the evidence variables in the risk attribute variables, a plurality of variables can be selected from the risk attribute variables and included in the query variables according to actual requirements, and variable values are set for the non-evidence variables in combination with the value ranges of the selected variables to serve as corresponding query variable values.
For the behavior data and the operation data, values of the multiple risk variables are determined, so reference may be made to the description of the multiple risk variables, for example, the risk variables may include the turnover number, the number of users, the number of clicks of a product page, and a prevention and control flow variable of the service party, and contents that the behavior data and the operation data may include are inferred, for example, the operation data may further include prevention and control data generated by a prevention and control flow implemented by the service party executing the prevention and control specific behavior.
For the obtaining of the variable value, in a specific embodiment, for a first fact variable included in the evidence variables and belonging to a fact class variable, a variable value of the first fact variable is determined based on the behavior data or the operation data and a statistical rule corresponding to the first fact variable. It should be noted that the term "first" in the "first fact variable" and the similar terms in the following text are only used for distinguishing the same kind of things, and do not have other limiting effects such as ordering. In one example, it is assumed that the fact-based variable includes a total transaction amount, and the statistical rule of the total transaction amount includes accumulating transaction amounts of individual transactions, and the behavior data includes a plurality of individual transaction amounts corresponding to a plurality of transactions generated by a target customer group (e.g., 1 ten thousand organization customers or 100 ten thousand individual customers) in a predetermined period (last week), so that a variable value of the total transaction amount is a sum (e.g., 10 billion) of the plurality of individual transaction amounts.
In another specific embodiment, for a first viewpoint variable belonging to the viewpoint class variable included in the evidence variables, a variable value of the first viewpoint variable input by the service person of the service party based on the behavior data or the operation data is received. Specifically, the behavior data or the operation data related to the first viewpoint variable may be displayed to the worker, and the variable value selected from the value field of the first viewpoint variable by the worker through analysis may be received.
As can be seen from the above, the evidence variables and the query variables may include evidence attribute variables and query attribute variables belonging to the risk attribute variables, respectively. In one embodiment, evidence calculation variables included in the evidence variables and/or query calculation variables included in the query variables may be determined from the risk calculation variables based on the evidence attribute variables and the query attribute variables.
For any first computing node (corresponding to a first risk computing variable) in the plurality of risk computing nodes, in a specific embodiment, if all the parent nodes of the first computing node are included in the plurality of evidence attribute variables, the first risk computing variable is included in the plurality of evidence variables, and the first computing variable value of the first computing node is determined as a corresponding evidence variable value according to variable values corresponding to all the parent nodes and a value domain mapping relationship between the first computing node and all the parent nodes thereof. In another specific embodiment, if the evidence attribute variables and the query attribute variables each include a part of the parent nodes, or the query attribute variables include the parent nodes, the risk calculation variable is included in the query variables, and the value range mapping relationship between the first calculation node and the parent nodes is determined as the corresponding query variable value. It should be noted that if all parent nodes of the first computing node are not covered by the evidence attribute variables or the query variables, the first risk variable is not used as the evidence variable or the query variable.
On the other hand, in an embodiment, in this step, a plurality of users in the service side may be further divided to obtain a plurality of types of users, and then variable values of the evidence variable and the query variable are determined for each type of user, where the evidence variable and the query variable corresponding to each type of user may be the same, but different types of users may also correspond to different evidence variables or query variables according to actual needs.
In a specific embodiment, the dividing of the plurality of users may be performed according to a preset rule, where the preset rule may include: the division is performed on the basis of regions, or on the basis of institutional users and individual users, or on the basis of products used. In an example, the division based on the region may be specifically a division based on a city or a region (e.g., east China, north China, etc.) to which the customer registration location belongs, so as to obtain a plurality of user groups in different regions. In another example, the division is based on the institutional users and the individual users, and the institutional user group and the individual user group can be obtained. In yet another example, the division is based on the products used, and multiple user groups using different products (e.g., pay for treasure, Taobao, Temple, etc.) may be obtained. It should be understood that a user group corresponds to a class of users.
Further, after the plurality of types of users are determined, corresponding evidence variable values and query variable values are respectively obtained for the users. In a specific embodiment, for any first type of user among the multiple types of users, corresponding first behavior data and related first operation data are obtained, and then first evidence variable values of the evidence variables are determined, and first query variable values of the query variables set for the first type of user are obtained.
In this way, the evidence variable values corresponding to the evidence variables and the query variable values corresponding to the query variables can be obtained.
Then, in step S230, based on the obtained bayesian expansion network, according to the evidence variable values of the evidence variables, the values of the query variables are determined as posterior probabilities of the query variable values, and the posterior probabilities are included in the risk assessment results for the specific risk.
It should be noted that, for the determination of the posterior probability, an inference method in the conventional bayesian network, such as accurate inference or approximate inference, may be adopted, where the approximate inference may be a gibbs sampling algorithm, and details of the existing inference method are not described herein.
In one embodiment, for the above case of dividing the user group, the step may include: and determining the values of the plurality of query variables as first posterior probabilities of the first query variable values according to the first evidence variable values corresponding to the first class of users based on the Bayesian network, and classifying the first posterior probabilities into the risk assessment results for the first class of users. Therefore, the risk assessment results corresponding to various users in the various users can be obtained.
In an embodiment, the risk assessment result may further include, in addition to the posterior probability obtained by the query, a calculation variable value of the risk calculation node, for example, the first calculation variable value corresponding to the first calculation node may be included in the risk assessment result.
According to a particular embodimentFor example, assume that the evidence variables include transaction number, transaction amount, transaction suspicion degree, and whether training is performed, and the query variables include transaction area and money laundering risk level, wherein the transaction suspicion degree and money laundering risk level are risk calculation variables. Further, assuming that before a prevention and control measure (such as executing the prevention and control process) for the specific risk is taken, the observed values of a plurality of evidence variables are 58 thousands of, 2 hundred million yuan, and 0.78, and no, the query values corresponding to a plurality of query variables are a first-line city and a high risk, and accordingly, inference is performed based on the bayesian expansion network to obtain a posterior probability: p1(trading area = first-line city, money laundering risk level = high | number of trades =58 million, trades amount =2 hundred million, degree of transaction suspicion =0.78, whether training is done = no) = 0.82; after the prevention and control measures are taken, the observed values of a plurality of evidence variables are respectively 50 thousands of pens, 1.5 hundred million yuan and 0.58 yes, the query values of a plurality of query variables are unchanged, and accordingly, inference is carried out based on the Bayesian expansion network to obtain the posterior probability: p2(trading area = first line city, money laundering risk level = high | number of trades =50 ten thousand, trades amount =1.5 billion dollars, trades suspiciousness =0.58, whether training is done = yes) = 0.46. Thus, the posterior probability P can be obtained1And P2And transaction suspicion degrees 0.78 and 0.46 fall under the risk assessment results. Accordingly, it is intuitive that after taking preventative measures, the probability of a high money laundering risk level is reduced from 0.82 to a value of 0.46, and the transaction suspicion is reduced from 0.78 to 0.58. Therefore, a risk evaluation result can be obtained, and risks faced by a service party before and after management and control measures are respectively evaluated, so that a management and control effect is analyzed and used for further guiding risk management and control.
In summary, by using the method for evaluating a specific risk faced by a server, disclosed in the embodiments of the present specification, an expanded bayesian network is formed by adding a computing node in a conventional bayesian network, and is used for organizing a risk fact variable, a risk viewpoint variable, and a risk computing variable, so that a cause tracing of a complete process of risk evaluation can be realized, and meanwhile, the accuracy, reliability, and availability of the risk evaluation are effectively improved.
Corresponding to the risk assessment method, the embodiment of the specification also discloses a risk assessment device. Specifically, fig. 3 shows a structural diagram of an apparatus for evaluating a specific risk faced by a service provider according to an embodiment of the present disclosure. As shown in fig. 3, the above apparatus 300 includes the following components:
the network obtaining unit 310 is configured to obtain a pre-constructed bayesian expansion network, which includes a directed acyclic graph, where the directed acyclic graph includes multiple risk attribute nodes corresponding to multiple risk attribute variables and multiple risk calculation nodes corresponding to multiple risk calculation variables, where a value range of each risk calculation node has a corresponding value range mapping relationship with a value range of its parent node, the directed acyclic graph further includes a directed connection edge formed due to a dependency relationship between nodes, and the bayesian expansion network further includes a conditional probability table quantitatively characterizing the dependency relationship. A variable value obtaining unit 320 configured to obtain evidence variable values of a plurality of evidence variables of which variable observations are known, and obtain query variable values set for a plurality of query variables to be queried, the plurality of evidence variables and the plurality of query variables being determined based on at least the plurality of risk attribute variables, the evidence variable values being determined based on behavior data of users in the service side and/or operation data of the service side. The probability determining unit 330 is configured to determine, based on the bayesian expansion network, a posterior probability that values of the query variables are the query variable values according to the evidence variable values of the evidence variables, and include a risk assessment result for the specific risk.
In one embodiment, the plurality of risk attribute variables includes a fact class variable corresponding to objective facts and a point of view class variable corresponding to subjective points of view.
In a specific embodiment, the view class variables include verifiable prediction class variables and non-verifiable judgment class variables.
In a specific embodiment, the variable value obtaining unit is specifically configured to: determining a variable value of a first fact variable belonging to fact-class variables and included in the evidence variables based on the behavior data or the operation data and a statistical rule corresponding to the first fact variable; and/or receiving a variable value of a first viewpoint variable which is included in the plurality of evidence variables and belongs to a viewpoint class variable, and which is input by a service person of the service party based on the behavior data or the operation data.
In an embodiment, the specific risk is a risk that a user performs a specific action by using a service provided by the service provider, the service provider performs a prevention and control procedure for preventing and controlling the specific action, and the operation data includes prevention and control data generated by the service provider performing the prevention and control procedure. In a specific embodiment, the specific behavior comprises money laundering behavior or electronic transaction fraud behavior.
In an embodiment, the variable value obtaining unit 320 is specifically configured to: according to a preset rule, dividing a plurality of users in the service party into a plurality of types of users; acquiring corresponding first behavior data and related first operation data aiming at any first type of users in the plurality of types of users, and further determining first evidence variable values of the evidence variables; and acquiring a first query variable value of the plurality of query variables set by the first type of user. The probability determination unit 330 is specifically configured to: and determining the values of the plurality of query variables as first posterior probabilities of the first query variable values according to the first evidence variable values corresponding to the first class of users based on the Bayesian expansion network, and classifying the first posterior probabilities into the risk assessment results for the first class of users.
In a specific embodiment, the preset rule includes dividing based on regions, or dividing based on institutional users and individual users, or dividing based on products used.
In an embodiment, the variable value obtaining unit 320 is specifically configured to: obtaining variable values corresponding to a plurality of evidence attribute variables, classifying the variable values into the evidence variable values, obtaining variable values corresponding to a plurality of query attribute variables, and classifying the variable values into the query variable values, wherein the evidence attribute variables and the query attribute variables belong to the risk attribute variables; for any first computing node in the risk computing nodes, if the evidence attribute variables include all father nodes of the first computing node, determining a first computing variable value of the first computing node according to variable values corresponding to all the father nodes and a value domain mapping relation between the first computing node and all the father nodes thereof, and classifying the first computing variable value into the evidence variable value; if the evidence attribute variables and the query attribute variables each include a portion of the parent nodes, or if the query attribute variables include the parent nodes, the first calculation variable value is included in the query variable value.
In a specific embodiment, the apparatus 300 further comprises: a classification unit configured to classify the first calculation variable value into the risk assessment result.
In one embodiment, the risk calculation nodes include a risk calculation node having a child node.
In one embodiment, the risk calculation nodes include transaction risk calculation nodes, the father nodes of the risk calculation nodes are transaction amount nodes and transaction area nodes in the risk attribute nodes, the variables corresponding to the transaction risk calculation nodes, the transaction amount nodes and the transaction area nodes are all discrete variables, and the value range mapping relationship between the transaction risk calculation nodes and the father nodes thereof includes a mapping relationship between discrete variable values of the transaction risk calculation nodes and discrete value combinations of the transaction amount nodes and the transaction area nodes.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2.
According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory having stored therein executable code, and a processor that, when executing the executable code, implements the method described in connection with fig. 2.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.

Claims (24)

1. A method of assessing a particular risk faced by a server comprising:
the method comprises the steps of obtaining a pre-constructed Bayesian expansion network, wherein the pre-constructed Bayesian expansion network comprises a directed acyclic graph, the directed acyclic graph comprises a plurality of risk attribute nodes corresponding to a plurality of risk attribute variables and a plurality of risk calculation nodes corresponding to a plurality of risk calculation variables, a value range of each risk calculation node and a value range of a father node of the risk calculation node have corresponding value range mapping relations, the directed acyclic graph further comprises directed connection edges formed due to dependency relations among the nodes, and the Bayesian expansion network further comprises a conditional probability table for quantitatively representing the dependency relations;
acquiring evidence variable values of a plurality of evidence variables of which variable observation values are known, and acquiring inquiry variable values set for a plurality of inquiry variables to be inquired, wherein the evidence variables and the inquiry variables are determined at least based on the risk attribute variables, and the evidence variable values are determined based on behavior data of users in the service party and/or operation data of the service party;
based on the Bayesian expansion network, determining the values of the plurality of query variables as posterior probabilities of the query variable values according to the evidence variable values of the plurality of evidence variables, and classifying the posterior probabilities into a risk evaluation result aiming at the specific risk;
wherein, obtain the evidence variable value of a plurality of evidence variables that variable observed value is known to and obtain the inquiry variable value that sets for a plurality of inquiry variables that await inquiry, include:
obtaining variable values corresponding to a plurality of evidence attribute variables, and classifying the variable values into the evidence variable values, and obtaining variable values corresponding to a plurality of query attribute variables, and classifying the variable values into the query variable values, wherein the evidence attribute variables and the query attribute variables belong to the risk attribute variables;
for any first computing node in the risk computing nodes, if the evidence attribute variables comprise all father nodes of the first computing node, determining a first computing variable value of the first computing node according to variable values corresponding to all the father nodes and a value domain mapping relation between the first computing node and all the father nodes thereof, and classifying the first computing variable value into the evidence variable value; if the evidence attribute variables and the query attribute variables each include a portion of the parent nodes, or the query attribute variables include the parent nodes, the first calculation variable value is included in the query variable value.
2. The method according to claim 1, wherein the plurality of risk attribute variables includes a fact class variable corresponding to objective facts and a point of view class variable corresponding to subjective points of view.
3. The method of claim 2, wherein the point of view class variables include verifiable prediction class variables and non-verifiable judgment class variables.
4. The method of claim 2, wherein said obtaining evidence variable values for a number of evidence variables comprises:
determining a variable value of a first fact variable belonging to fact type variables and included in the evidence variables based on the behavior data or the operation data and a statistical rule corresponding to the first fact variable; and/or the presence of a gas in the gas,
for a first viewpoint variable belonging to viewpoint class variables included in the evidence variables, receiving a variable value of the first viewpoint variable input by a service person of the service party based on the behavior data or the operation data.
5. The method of claim 1, wherein the specific risk is a risk that a user utilizes a service provided by the service provider to implement a specific behavior, the service provider executes a prevention and control procedure for preventing and controlling the specific behavior, and the operation data includes prevention and control data generated by the service provider executing the prevention and control procedure.
6. The method of claim 5, wherein the particular behavior comprises a money laundering behavior or an electronic transaction fraud behavior.
7. The method of claim 1, wherein obtaining evidence variable values for a number of evidence variables for which variable observations are known, and obtaining query variable values set for a number of query variables to be queried, comprises:
according to a preset rule, dividing a plurality of users in the service party into a plurality of types of users;
acquiring corresponding first behavior data and related first operation data aiming at any first class user in the multiple classes of users, and further determining first evidence variable values of the evidence variables;
acquiring a first query variable value of the plurality of query variables set for the first type of users;
based on the Bayesian expansion network, determining the value of the plurality of query variables as the posterior probability of the query variable value according to the evidence variable value of the plurality of evidence variables, and classifying the posterior probability as the risk assessment result aiming at the specific risk, wherein the method comprises the following steps:
and determining the values of the plurality of query variables as first posterior probabilities of the first query variable values according to the first evidence variable values corresponding to the first class of users based on the Bayesian expansion network, and classifying the first posterior probabilities into the risk assessment results for the first class of users.
8. The method of claim 7, wherein the preset rules include zone-based partitioning, or organization-based and individual-based partitioning, or product-based partitioning for use.
9. The method of claim 1, wherein after determining the posterior probability that the value of the number of query variables is the query variable value, ascribed to the risk assessment result for the particular risk, the method further comprises:
the first computational variable value is included in the risk assessment result.
10. The method of claim 1, wherein the number of risk computing nodes includes a risk computing node having a child node.
11. The method of claim 1, wherein the risk calculation nodes include a transaction risk calculation node, the parents of which are a transaction amount node and a transaction area node of the risk attribute nodes, the variables corresponding to the transaction risk calculation node, the transaction amount node and the transaction area node are all discrete variables, and the value range mapping relationship between the transaction risk calculation node and the parents of the transaction risk calculation node includes a mapping relationship between a discrete value of the transaction risk calculation node and a discrete value combination of the transaction amount node and the transaction area node.
12. An apparatus for assessing a particular risk faced by a server, comprising:
the network acquisition unit is configured to acquire a pre-constructed Bayesian expansion network, wherein the network acquisition unit comprises a directed acyclic graph, the directed acyclic graph comprises a plurality of risk attribute nodes corresponding to a plurality of risk attribute variables and a plurality of risk calculation nodes corresponding to a plurality of risk calculation variables, a value range of each risk calculation node and a value range of a father node of the risk calculation node have a corresponding value range mapping relation, the directed acyclic graph further comprises a directed connection edge formed due to the existence of dependency relations among the nodes, and the Bayesian expansion network further comprises a conditional probability table for quantitatively representing the dependency relations;
a variable value acquisition unit configured to acquire evidence variable values of a plurality of evidence variables of which variable observations are known, and acquire query variable values set for a plurality of query variables to be queried, the plurality of evidence variables and the plurality of query variables being determined based on at least the plurality of risk attribute variables, the evidence variable values being determined based on behavior data of a user in the service side and/or operation data of the service side;
a probability determination unit configured to determine, based on the bayesian expansion network, a posterior probability that a value of the query variable is the query variable value according to the evidence variable value of the evidence variables, and to include a risk evaluation result for the specific risk;
wherein the variable value obtaining unit is specifically configured to:
obtaining variable values corresponding to a plurality of evidence attribute variables, and classifying the variable values into the evidence variable values, and obtaining variable values corresponding to a plurality of query attribute variables, and classifying the variable values into the query variable values, wherein the evidence attribute variables and the query attribute variables belong to the risk attribute variables;
for any first computing node in the risk computing nodes, if the evidence attribute variables comprise all father nodes of the first computing node, determining a first computing variable value of the first computing node according to variable values corresponding to all the father nodes and a value domain mapping relation between the first computing node and all the father nodes thereof, and classifying the first computing variable value into the evidence variable value; if the evidence attribute variables and the query attribute variables each include a portion of the parent nodes, or the query attribute variables include the parent nodes, the first calculation variable value is included in the query variable value.
13. The apparatus according to claim 12, wherein the plurality of risk attribute variables includes a fact class variable corresponding to objective facts and a point of view class variable corresponding to subjective points of view.
14. The apparatus of claim 13, wherein the point of view class variables include verifiable prediction class variables and non-verifiable judgment class variables.
15. The apparatus of claim 13, wherein the variable value acquisition unit is specifically configured to:
determining a variable value of a first fact variable belonging to fact type variables and included in the evidence variables based on the behavior data or the operation data and a statistical rule corresponding to the first fact variable; and/or the presence of a gas in the gas,
for a first viewpoint variable belonging to viewpoint class variables included in the evidence variables, receiving a variable value of the first viewpoint variable input by a service person of the service party based on the behavior data or the operation data.
16. The apparatus of claim 12, wherein the specific risk is a risk of a user using a service provided by the service provider to implement a specific behavior, the service provider executes a prevention and control procedure for preventing and controlling the specific behavior, and the operation data includes prevention and control data generated by the service provider executing the prevention and control procedure.
17. The apparatus of claim 16, wherein the particular behavior comprises a money laundering behavior or an electronic transaction fraud behavior.
18. The apparatus of claim 12, wherein the variable value acquisition unit is specifically configured to:
according to a preset rule, dividing a plurality of users in the service party into a plurality of types of users;
acquiring corresponding first behavior data and related first operation data aiming at any first class user in the multiple classes of users, and further determining first evidence variable values of the evidence variables;
acquiring a first query variable value of the plurality of query variables set for the first type of users;
the probability determination unit is specifically configured to:
and determining the values of the plurality of query variables as first posterior probabilities of the first query variable values according to the first evidence variable values corresponding to the first class of users based on the Bayesian expansion network, and classifying the first posterior probabilities into the risk assessment results for the first class of users.
19. The apparatus of claim 18, wherein the preset rules include zone-based partitioning, or organization-based and individual-based partitioning, or product-based partitioning for use.
20. The apparatus of claim 12, wherein the apparatus further comprises:
an inclusion unit configured to include the first calculation variable value into the risk assessment result.
21. The apparatus of claim 12, wherein the number of risk computing nodes includes a risk computing node having a child node.
22. The apparatus according to claim 12, wherein the risk calculation nodes include a transaction risk calculation node, the parent nodes of which are a transaction amount node and a transaction area node of the risk attribute nodes, the variables corresponding to the transaction risk calculation node, the transaction amount node and the transaction area node are all discrete variables, and the value range mapping relationship between the transaction risk calculation node and the parent node thereof includes a mapping relationship between a discrete value of the transaction risk calculation node and a discrete value combination of the transaction amount node and the transaction area node.
23. A computer-readable storage medium, on which a computer program is stored, wherein the computer program, when executed in a computer, causes the computer to perform the method of any of claims 1-11.
24. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor implements the method of any of claims 1-11.
CN202010588742.6A 2020-06-24 2020-06-24 Method and device for evaluating specific risk faced by server Active CN111476371B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202010588742.6A CN111476371B (en) 2020-06-24 2020-06-24 Method and device for evaluating specific risk faced by server
TW110111129A TW202201334A (en) 2020-06-24 2021-03-26 Method and device for evaluating specific risk faced by service party
PCT/CN2021/100791 WO2021259150A1 (en) 2020-06-24 2021-06-18 Method and apparatus for evaluating specific risk of service party

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010588742.6A CN111476371B (en) 2020-06-24 2020-06-24 Method and device for evaluating specific risk faced by server

Publications (2)

Publication Number Publication Date
CN111476371A CN111476371A (en) 2020-07-31
CN111476371B true CN111476371B (en) 2020-09-18

Family

ID=71765296

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010588742.6A Active CN111476371B (en) 2020-06-24 2020-06-24 Method and device for evaluating specific risk faced by server

Country Status (3)

Country Link
CN (1) CN111476371B (en)
TW (1) TW202201334A (en)
WO (1) WO2021259150A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111476371B (en) * 2020-06-24 2020-09-18 支付宝(杭州)信息技术有限公司 Method and device for evaluating specific risk faced by server
US11252113B1 (en) * 2021-06-15 2022-02-15 Drift.com, Inc. Proactive and reactive directing of conversational bot-human interactions

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110147925A (en) * 2019-04-10 2019-08-20 阿里巴巴集团控股有限公司 A kind of Application of risk decision method, device, equipment and system
CN110796368A (en) * 2019-10-23 2020-02-14 北方工业大学 Bayesian network-based dynamic risk assessment method and device for community power distribution network

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2003290537A1 (en) * 2002-10-24 2004-05-13 Duke University Binary prediction tree modeling with many predictors and its uses in clinical and genomic applications
CN106411854B (en) * 2016-09-06 2019-01-29 中国电子技术标准化研究院 A kind of network security risk evaluation method based on fuzzy Bayes
US10839304B2 (en) * 2017-01-25 2020-11-17 Pearson Education, Inc. Platform-agnostic Bayes net content aggregation system and method
CN107807968B (en) * 2017-10-13 2020-02-18 深圳壹账通智能科技有限公司 Question answering device and method based on Bayesian network and storage medium
CN108596434B (en) * 2018-03-23 2019-08-02 卫盈联信息技术(深圳)有限公司 Fraud detection and methods of risk assessment, system, equipment and storage medium
CN110176132B (en) * 2019-05-27 2021-03-16 山东科技大学 Bayesian network-based logic alarm root cause analysis method and system
CN110991855A (en) * 2019-11-28 2020-04-10 西南交通大学 Bayesian network-based high-speed railway risk assessment method
CN111476371B (en) * 2020-06-24 2020-09-18 支付宝(杭州)信息技术有限公司 Method and device for evaluating specific risk faced by server

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110147925A (en) * 2019-04-10 2019-08-20 阿里巴巴集团控股有限公司 A kind of Application of risk decision method, device, equipment and system
CN110796368A (en) * 2019-10-23 2020-02-14 北方工业大学 Bayesian network-based dynamic risk assessment method and device for community power distribution network

Also Published As

Publication number Publication date
TW202201334A (en) 2022-01-01
WO2021259150A1 (en) 2021-12-30
CN111476371A (en) 2020-07-31

Similar Documents

Publication Publication Date Title
US20200192894A1 (en) System and method for using data incident based modeling and prediction
US8170998B2 (en) Methods, systems, and computer program products for estimating accuracy of linking of customer relationships
Çavdar et al. Airline customer lifetime value estimation using data analytics supported by social network information
US11562262B2 (en) Model variable candidate generation device and method
CN111476371B (en) Method and device for evaluating specific risk faced by server
Emmert‐Streib et al. Identifying critical financial networks of the DJIA: Toward a network‐based index
Li et al. Empirical bid or no bid decision process in international construction projects: Structural equation modeling framework
Liu et al. Exploring the trends, characteristic antecedents, and performance consequences of crowdsourcing project risks
CN110659961A (en) Method and device for identifying off-line commercial tenant
CN111738819A (en) Method, device and equipment for screening characterization data
Major et al. No WAN's land: Mapping US broadband coverage with millions of address queries to ISPs
CN112990386A (en) User value clustering method and device, computer equipment and storage medium
CN107633257B (en) Data quality evaluation method and device, computer readable storage medium and terminal
CN115375177A (en) User value evaluation method and device, electronic equipment and storage medium
CN112990989B (en) Value prediction model input data generation method, device, equipment and medium
CN112950347B (en) Resource data processing optimization method and device, storage medium and terminal
Steyn et al. Sentiment, emotions and stock market predictability in developed and emerging markets
Zhang et al. Fairness of ratemaking for catastrophe insurance: Lessons from machine learning
CN111476511B (en) Data display method and device for specific risks faced by server
CN115965468A (en) Transaction data-based abnormal behavior detection method, device, equipment and medium
CN110570301B (en) Risk identification method, device, equipment and medium
CN114493686A (en) Operation content generation and pushing method and device
JP7194562B2 (en) Information processing method and information processing system
CN109919811B (en) Insurance agent culture scheme generation method based on big data and related equipment
CN114202418A (en) Information processing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40034495

Country of ref document: HK