CN111489167A

CN111489167A - Risk identification method and device of service request and processing equipment

Info

Publication number: CN111489167A
Application number: CN202010305318.6A
Authority: CN
Inventors: 文珂; 张一丁; 李想; 孙波
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2020-04-17
Filing date: 2020-04-17
Publication date: 2020-08-04

Abstract

The present specification provides a method, an apparatus, and a processing device for risk identification of a service request, in which a binary bitmap is used to store information of correspondence between features and users, the correspondence between each feature and each user in the service request can be quickly determined based on the binary bitmap, and then a preset strategy is used to perform matching calculation on the binary bitmap with different feature parameter combinations, so as to determine a risk user set corresponding to each feature in the service request, and further, a risk identification result of the service request can be quickly determined based on the risk user set. The binary bitmap is used for storing the characteristic user information, so that the storage cost can be greatly reduced, off-line calculation is not needed, and an on-line database is not needed.

Description

Risk identification method and device of service request and processing equipment

Technical Field

The present specification belongs to the field of computer technologies, and in particular, to a risk identification method, apparatus, and processing device for a service request.

Background

With the development of internet and computer technologies, the number of service types is continuously increasing, and how to ensure the security of services is more and more emphasized. The data volume of the service request is increasing continuously, the user information corresponding to the suspicious transaction characteristics cannot be stored in the memory of the real-time transaction system, and the user information may be calculated off-line and synchronized to an on-line database which can be accessed quickly for the real-time suspicious transaction system to query. However, an online database for quick access needs to be introduced, which increases the complexity of the architecture and requires additional storage cost, and at the same time, additional network communication time is required, which increases the response time of the service request risk identification.

Disclosure of Invention

An object of the embodiments of the present specification is to provide a method, an apparatus, and a processing device for identifying a risk of a service request, so as to improve response speed and efficiency of risk identification of the service request.

In one aspect, an embodiment of the present specification provides a method for identifying risk of a service request, where the method includes:

acquiring a characteristic parameter to be processed corresponding to a received service request to be processed;

matching the characteristic parameters to be processed with a characteristic binary bitmap set to determine a characteristic binary bitmap to be processed corresponding to the characteristic parameters to be processed; the characteristic binary bitmap set comprises binary bitmaps corresponding to different characteristic parameters, and the binary bitmaps represent the corresponding relation between the different characteristic parameters and users;

performing matching calculation on the binary bitmap of the characteristic to be processed corresponding to the characteristic parameter to be processed according to a preset strategy, and determining a risk user set corresponding to the characteristic parameter to be processed;

and determining a risk identification result of the service request to be processed according to the risk user set and the user identifier corresponding to the service request to be processed.

In another aspect, the present specification provides a risk identification apparatus for a service request, including:

the characteristic parameter acquisition module is used for acquiring the characteristic parameters to be processed corresponding to the received service request to be processed;

the characteristic parameter matching determination module is used for matching the characteristic parameters to be processed with the characteristic binary bitmap set to determine a characteristic binary bitmap to be processed corresponding to the characteristic parameters to be processed; the characteristic binary bitmap set comprises binary bitmaps corresponding to different characteristic parameters, and the binary bitmaps represent the corresponding relation between the different characteristic parameters and users;

the binary bitmap processing module is used for performing matching calculation on the binary bitmap of the characteristic to be processed corresponding to the characteristic parameter to be processed according to a preset strategy and determining a risk user set corresponding to the characteristic parameter to be processed;

and the risk decision module is used for determining a risk identification result of the service request to be processed according to the risk user set and the user identifier corresponding to the service request to be processed.

In a further aspect, an embodiment of the present specification provides a risk identification processing device for a service request, including at least one processor and a memory for storing processor-executable instructions, where the processor executes the instructions to implement the risk identification method for the service request.

According to the method, the device and the processing equipment for identifying risks of service requests, the binary bitmap is used for storing the corresponding relation information between the features and the users, the corresponding relation between each feature and each user in the service requests can be rapidly determined based on the binary bitmap, the binary bitmaps of different feature parameter combinations are subjected to matching calculation by using a preset strategy, the risk user set corresponding to each feature in the service requests can be determined, and the risk identification results of the service requests can be rapidly determined based on the risk user set. The binary bitmap is used for storing the characteristic user information, the storage cost can be greatly reduced, offline calculation is not needed, an online database is not needed, online real-time risk identification of the service request is realized, additional network communication is not needed, the response time of the real-time service request risk identification is greatly reduced, and the efficiency and the response speed of the risk identification are improved.

Drawings

In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.

Fig. 1 is a schematic flowchart of an embodiment of a risk identification method for a service request provided in an embodiment of the present specification;

FIG. 2 is a schematic diagram of user identification index creation in one embodiment of the present description;

FIG. 3 is a schematic diagram of the construction of a feature binary bitmap set in some embodiments of the present description;

FIG. 4 is a schematic flow chart illustrating risk identification based on a preset policy in an embodiment of the present disclosure;

FIG. 5 is a flow diagram illustrating a method for risk identification of a business request in one embodiment of the present disclosure;

FIG. 6 is a block diagram illustrating an exemplary risk identification mechanism for service requests provided herein;

FIG. 7 is a block diagram of a risk identification device for service request according to another embodiment of the present disclosure;

fig. 8 is a block diagram of a hardware configuration of a risk identification server for a service request in one embodiment of the present specification.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.

With the development of science and technology, the types and handling forms of services are more and more, and the management of the security of the services is more and more important. Some lawbreakers may use the computer network to perform illegal services, identify whether the services belong to illegal services and have risks, and ensure the safe operation of the services, which is an important work for the safety management of the services. For example: the anti-money laundering offline suspicious transaction system can be used for risk identification of anti-money laundering transactions, various characteristics related to transactions can be calculated through T +1 offline, and then risk identification is carried out on transaction behaviors according to transaction characteristics, so that transactions with money laundering possibility are screened out. This process of risk identification typically requires the invocation of a significant amount of CPU time and memory capacity, often taking time in minutes or hours to calculate. In the real-time suspicious transaction system for money laundering, it is necessary to immediately determine whether each online transaction is a suspicious transaction, so that an offline screening matching scheme in minutes or even hours becomes unavailable.

The risk identification method for the service request provided by the present specification can identify the risk of the service in real time, such as: the method can be applied to a risk identification system of an anti-money laundering business, and fig. 1 is a flow diagram of an embodiment of a risk identification method of a business request provided by an embodiment of the present specification. Although the present specification provides the method steps or apparatus structures as shown in the following examples or figures, more or less steps or modules may be included in the method or apparatus structures based on conventional or non-inventive efforts. In the case of steps or structures which do not logically have the necessary cause and effect relationship, the execution order of the steps or the block structure of the apparatus is not limited to the execution order or the block structure shown in the embodiments or the drawings of the present specification. When the described method or module structure is applied to a device, a server or an end product in practice, the method or module structure according to the embodiment or the figures may be executed sequentially or in parallel (for example, in a parallel processor or multi-thread processing environment, or even in an implementation environment including distributed processing and server clustering).

In a specific embodiment of the method for identifying risk of a service request provided in this specification, as shown in fig. 1, the method may be used for a client (e.g., a smart phone, a tablet computer, a vehicle-mounted device, an intelligent wearable device, etc.), a server, and the method may include the following steps:

and 102, acquiring the characteristic parameters to be processed corresponding to the received service request to be processed.

In a specific implementation process, when a network platform or a risk identification system receives a pending service request, it is necessary to perform risk identification on the received pending service request before determining whether to release the service request. After receiving the service request to be processed, the feature parameter to be processed corresponding to the service request to be processed can be obtained, the feature parameter can represent the risk feature attribute of the service request to be processed, and the feature which can represent the service request risk can be determined based on feature extraction, analysis and the like during historical service request risk identification. Such as: the pending feature parameters may include a transaction time, a transaction amount, a transaction location, an age of the user, a name of the user, an account name, and the like corresponding to the pending service request. When a new service request to be processed is received, the value of each characteristic parameter in the service request to be processed can be directly obtained according to the predetermined characteristic parameter, that is, the characteristic parameter can include two parts, one characteristic attribute is as follows: age, and attributes corresponding to values such as greater than 30 years old. Of course, other methods may also be adopted to obtain the feature parameter to be processed of the service request to be processed, such as: the embodiment of the present specification is not particularly limited, for example, by using a method such as a feature extraction model.

104, matching the characteristic parameters to be processed with a characteristic binary bitmap set, and determining a characteristic binary bitmap to be processed corresponding to the characteristic parameters to be processed; the characteristic binary bitmap set comprises binary bitmaps corresponding to different characteristic parameters, and the binary bitmaps represent the corresponding relation between the different characteristic parameters and users.

In a specific implementation process, a feature binary bitmap set can be pre-constructed, the feature binary bitmap set can include binary bitmaps corresponding to different feature parameters, and each binary bitmap can represent a corresponding relationship between one feature parameter and a user, that is, one secondary bitmap can represent which users conform to one feature parameter and which users do not conform to the feature parameter. A binary bitmap is understood to be a bitmap in binary representation, i.e. a bitmap, also called a raster or bitmap, which is an image represented by an array of pixels. And when a new service request to be processed is received, acquiring a characteristic parameter to be processed corresponding to the service request to be processed, and acquiring a characteristic binary bitmap to be processed corresponding to the characteristic parameter to be processed based on the characteristic binary bitmap set. For example: if the characteristic parameters to be processed of the service request to be processed include the characteristic parameter 1 and the characteristic parameter 2, acquiring binary bitmaps corresponding to the characteristic parameter 1 and the characteristic parameter 2 from the characteristic binary bitmap set, namely acquiring the binary bitmaps corresponding to the characteristic parameters to be processed.

In some embodiments of the present description, the following method may be used to construct the feature binary bitmap set:

acquiring corresponding relations between each characteristic parameter and different users in a characteristic library;

and characterizing the corresponding relation between each characteristic parameter in the characteristic library and different users by using a binary bitmap to construct the characteristic binary bitmap set.

In a specific implementation process, the feature library may include a plurality of feature parameters, the feature parameters may represent common features abstracted from transaction behaviors, and feature parameters capable of representing risks of service requests may be extracted based on risk identification data of historical service requests to form the feature library. The corresponding relationship between different characteristic parameters and each user can be determined based on the risk identification data of the historical service request, that is, which users conform to the value of one characteristic parameter and which users do not conform to the value of one characteristic parameter can be determined, for example: those older than 30 years of age. And representing the corresponding relation between each characteristic parameter and the user by using a binary bitmap mode to obtain a binary bitmap corresponding to the plurality of characteristic parameters, wherein the plurality of binary bitmaps can construct a characteristic binary bitmap set. For example: the feature1 corresponds to three users, namely user1, user3 and user7, that is, there is a relationship: feature1- > (user1, user3, user7), a binary bitmap of the feature parameter feature1 can be constructed, in which the positions corresponding to the

users

1, 3, 7 are set to 1, and the positions corresponding to the other users are set to 0. By storing the corresponding relation information between the characteristics and the users through the binary bitmap, the occupied storage amount can be exponentially reduced, the storage cost is greatly reduced, off-line calculation is not needed, an additional on-line database is not needed, and the system structure is simpler.

In some embodiments of the present specification, the characterizing the correspondence between the feature parameters in the feature library by using a binary bitmap to construct the feature binary bitmap set may include:

acquiring user identifications corresponding to all users in a full user set;

indexing according to the user identification of each user in the full user set, determining the index number corresponding to each user, and constructing a user identification index;

according to the user identification index, utilizing a binary bitmap to characterize the corresponding relation between each characteristic parameter in the characteristic library and different users, and constructing a characteristic binary bitmap set; and setting the index number position of the user having the corresponding relation with the characteristic parameter in the binary bitmap as 1, and setting the index number position of the user having no corresponding relation as 0.

In a specific implementation process, all users in the system may be acquired to construct a full user set, for example: and acquiring all users in the risk prevention and control system, and constructing a full user set. And then acquiring the user identification of each user in the full user set, indexing according to the user identification of each user, determining the index number corresponding to each user, and constructing the user identification index. Such as: the user identifiers can be sorted according to the last several bits of the user identifiers, and according to the indexes sorted from 0, the types of the indexes are positive integers which are increased from 0, so that each user identifier is guaranteed to have a unique index number. Fig. 2 is a schematic diagram of a principle of creating a user identifier index in an embodiment of this specification, and as shown in fig. 2, it is assumed that n users exist in a total user set, and a user identifier corresponding to each user is: user0, user1, user2,. and usern, and the index numbers corresponding to the user identifications are 0, 1, 2, … and n in sequence.

After the user identification index is constructed, the binary bitmap of each characteristic parameter can be constructed by utilizing the corresponding relation between each characteristic parameter and different users in the binary bitmap characteristic feature library according to the user identification index, wherein in the binary bitmap of the characteristic parameter, the index number position of the user having the corresponding relation with the characteristic parameter can be set to be 1, and the index number position of the user having no corresponding relation can be set to be 0. Fig. 3 is a schematic diagram of the construction of a feature binary bitmap set in some embodiments of the present disclosure, as shown in fig. 3, the left side in fig. 3 may represent the correspondence between each feature parameter and different users, such as: the

users

0, 1 and 7 have corresponding relations with the feature1, wherein the

users

0, 1 and 7 are user identifications of users having corresponding relations with the feature 1. Based on the user identification in the corresponding relation and the pre-constructed user identification index, the index number of each user can be determined, and then based on the user identification index and the corresponding relation, a binary bitmap of each characteristic parameter is constructed. As shown on the right side of FIG. 3, "0, 1, 2, 3, 4, 5, 7" on the top of the binary bitmap in FIG. 3 may represent user identification indices, which are the index numbers of user0, user1, user2, user3, user4, user5, user6, and user7, respectively. As shown in fig. 3, the binary bitmap of feature1 can be represented as [11000001], where the value in the binary bitmap is 1 at the positions of

indices

0, 1, 7, and the rest are 0.

In addition, it should be noted that only the user identifiers of the

users

0, 1, 2, 3, 4, 5, 6, 7, and 8 users are illustrated in fig. 3, and it may be considered that only 8 users are concentrated in the full-amount users, or the maximum user identifier having a correspondence relationship in the current feature parameter is user7, and there is no correspondence relationship between other users and the current feature parameter, so the positions after the actual index number 7 in the binary bitmap are all 0, and the positions after the index number 7 may be omitted. That is, in actual application, the largest index number of the index numbers of the users having the corresponding relationship among all the characteristic parameters can be obtained, and when the binary bitmap is drawn, the length of the binary bitmap can be from 0 to the largest index number. Fig. 3 only illustrates 5 characteristic parameters, and the number of the characteristic parameters in actual use is not specifically limited in the embodiments of the present specification.

In the embodiment of the specification, the user identification index is constructed according to the user identification, the binary bitmap of each characteristic parameter is constructed by using the user identification index, the corresponding relation information between the characteristics and the user can be simply and quickly stored, the memory space occupied by the binary bitmap is small, the occupied storage capacity can be reduced, and a data basis is laid for realizing the risk identification of the service request.

And 106, performing matching calculation on the binary bitmap of the characteristic to be processed corresponding to the characteristic parameter to be processed according to a preset strategy, and determining a risk user set corresponding to the characteristic parameter to be processed.

In a specific implementation process, after the to-be-processed feature binary bitmap corresponding to the to-be-processed feature parameter of the to-be-processed service request is determined, matching calculation can be performed on the to-be-processed feature binary bitmap by using a preset strategy. The preset strategy may characterize a combination of different features, for example: the preset strategy can be that the service request with the age less than 30 years and the transaction amount greater than 2W has risk, then the to-be-processed characteristic binary bitmap corresponding to the characteristic parameter with the age greater than 30 years and the to-be-processed characteristic binary bitmap corresponding to the characteristic parameter with the transaction amount greater than 2W can be obtained, the two binary bitmaps are superposed and summed, and a comprehensive binary bitmap can be obtained. Based on the comprehensive binary bitmap, a risk user set corresponding to the characteristic parameters to be processed can be determined, such as: and adding the users with the value of 1 in the comprehensive binary bitmap into the risk user set.

And step 108, determining a risk identification result of the service request to be processed according to the risk user set and the user identifier corresponding to the service request to be processed.

In a specific implementation process, after determining a risk user set corresponding to the feature parameter to be processed of the service request to be processed, the user identifier of the user corresponding to the service request to be processed may be matched with the risk user set to determine whether the service request to be processed has a risk. For example: whether a user of a service request to be processed hits a risk user set can be judged based on a user identifier of the user to be processed, if yes, it is determined that a risk identification result of the service request to be processed is a risk, and risk management and control are required to be performed, for example: the right limit, etc. If not, the risk identification result of the pending service request is determined to be risk-free, and the pending service request can be released.

In the method for identifying risks of service requests provided in the embodiments of the present description, a binary bitmap is used to store information of correspondence between features and users, the correspondence between each feature in a service request and each user can be quickly determined based on the binary bitmap, then a preset policy is used to perform matching calculation on binary bitmaps with different feature parameter combinations, a risk user set corresponding to each feature in the service request can be determined, and a risk identification result of a service request can be quickly determined based on the risk user set. The binary bitmap is used for storing the characteristic user information, so that the storage cost can be greatly reduced, offline calculation and an online database are not needed, online real-time risk identification of the service request is realized, time consumption of extra network communication is also avoided, the response time of the real-time service request risk identification is greatly reduced, and the efficiency and the response speed of the risk identification are improved.

On the basis of the foregoing embodiment, the performing matching calculation on the to-be-processed feature binary bitmap corresponding to the to-be-processed feature parameter according to a preset policy to determine that the risk user set corresponding to the to-be-processed feature parameter may include:

selecting a preset strategy from a strategy library, and selecting a target characteristic parameter from the characteristic parameters to be processed according to the selected preset strategy;

performing AND-OR logic operation on the binary bitmap of the to-be-processed characteristic corresponding to the selected target characteristic parameter according to the preset strategy, and determining a binary bitmap of a risk user corresponding to the preset strategy;

and determining a risk user set corresponding to the characteristic parameters to be processed according to the risk user binary bitmap.

In a specific implementation process, fig. 4 is a schematic flow diagram of risk identification based on a preset policy in an embodiment of the present specification, and as shown in fig. 4, in some embodiments of the present specification, a policy library may be constructed in advance based on risk identification processing data of a historical service request, where the policy library may include a plurality of preset policies, and each preset policy may represent a combined operation of different feature parameters. When a service request to be processed is received, after a binary bitmap of the feature to be processed of the feature parameter to be processed corresponding to the service request to be processed is determined, a preset strategy can be selected from a strategy library, a target feature parameter is selected from the feature parameter to be processed of the service request to be processed according to the selected preset strategy, and then logical operation of AND-OR is carried out on the binary bitmap of the feature to be processed corresponding to the target feature parameter according to the preset strategy, so that a binary bitmap of a risk user calculated by each preset strategy can be obtained. After each risk binary bitmap is calculated and obtained based on a preset strategy, a risk user set can be determined based on the risk binary bitmap, for example: and adding the user corresponding to the value of 1 in the risk binary bitmap into the risk user set. As shown in fig. 4, if a certain preset policy is that a user with feature1 or feature 2 is at risk, feature1 and feature 2 may be obtained from the to-be-processed feature parameters of the to-be-processed service request, and further binary bitmaps corresponding to feature1 and feature 2 are obtained, and an or operation is performed on the to-be-processed feature binary bitmaps of feature1 and feature 2, so that a risk user binary bitmap may be obtained. And then, by using the same method, the risk user binary bitmap obtained by calculation corresponding to other preset strategies can be obtained, and a risk user set can be determined based on the user corresponding relations represented in the risk user binary bitmaps corresponding to all the preset strategies.

It should be noted that, when a preset policy is selected from the policy library, a specified policy may be selected as the preset policy according to actual needs, or all policies in the policy library may be sequentially used as the preset policy, and the embodiments of the present specification are not specifically limited.

In the embodiment of the present specification, the logical operation of and or and is performed on the binary bitmap corresponding to the characteristic parameter in the service request by using the preset policy, which users are at risk can be simply and quickly calculated, so as to quickly identify whether the current service request is in the users at risk, and the efficiency of risk identification is improved based on the logical operation of and or. Because the strategy characteristics are matched by adopting the bit operation of the CPU instruction level, compared with a character string comparison mode, the index level is improved, and the response delay is further reduced.

In some embodiments of this specification, the determining a risk identification result of the to-be-processed service request according to the risk user set and the user identifier corresponding to the to-be-processed service request may include:

selecting a target preset strategy from a strategy library, and determining a risk user set corresponding to the characteristic parameter to be processed according to the target preset strategy;

and determining whether the user corresponding to the service request to be processed is in the risk user set according to the user identification corresponding to the risk user set and the service request to be processed, if so, determining that the risk identification result of the service request to be processed is in the risk user set, otherwise, selecting a next target preset strategy from a strategy library until the preset strategy in the strategy library is completely selected, and if not, determining that the risk identification result of the service request to be processed is in no risk if the user corresponding to the service request to be processed is not in the risk user set.

In a specific implementation process, as shown in fig. 4, a preset policy may be sequentially selected from the policy library as a target preset policy, and based on the method in the foregoing embodiment, a risk user binary bitmap corresponding to the target prediction policy is calculated, and a risk user set corresponding to the target preset policy is determined. Firstly, judging whether the user of the current service request to be processed hits the risk user set according to the risk user set, and if yes, directly determining that the service request to be processed has risk and needs to be subjected to risk management and control. And if the business request is not hit, selecting the next preset strategy from the strategy library as a target preset strategy, repeating the steps until the preset strategy in the strategy library is completely selected, and if the user corresponding to the business request to be processed is not in the risk user set, determining that the risk identification result of the business request to be processed is risk-free.

For example: as shown in fig. 4, after selecting a preset strategy from the strategy library and performing an and or logical operation on the binary bitmap of the target characteristic parameter based on the preset strategy, a risk user binary bitmap can be obtained. The set of index numbers corresponding to a value of 1 may be considered as a set of risky users based on the risky user binary bitmap. Matching the index number of the user of the service request to be processed with the risk user set, if the index number is hit, determining that the risk identification result of the service request to be processed is risk, if the index number is not hit, selecting a next preset strategy from the strategy library, calculating a binary bitmap of the next risk user and the risk user set, and calculating the risk identification result until all the preset strategies are calculated.

In the embodiment of the specification, the target preset strategies are sequentially selected from the strategy library, the calculation of the risk user sets is performed, the matching of the risk users is performed once when one risk user set is calculated, the risk identification result of the service request to be processed can be directly determined after the matching is successful, the risk identification result can be determined by using less calculated amount of the preset strategies, and the efficiency of the service request risk identification is improved.

determining the index number of the user corresponding to the service request to be processed according to the user identification index and the user identification corresponding to the service request to be processed;

and determining whether the users corresponding to the service request to be processed are in the risk user set or not according to the index numbers of the users corresponding to the service request to be processed, if so, determining that the risk identification result of the service request to be processed is a risk, and if not, determining that the risk identification result of the service request to be processed is a risk.

In a specific implementation process, the index number of the service request to be processed can be quickly determined based on the constructed user identifier index and the user identifier corresponding to the service request to be processed. The risk user set is obtained based on binary bitmap calculation, the binary bitmap is constructed based on the user identification index, and the risk user set can carry the index number of the user, such as: the set of index numbers of users at risk can be used as a set of users at risk according to the calculation result of the binary bitmap. According to the index number of the user of the service request to be processed, whether the user of the service request to be processed is concentrated in the risk user can be quickly determined.

Based on the above embodiments, in some embodiments of the present specification, the preset policy and the feature binary bitmap set are stored in a memory.

In a specific implementation process, the space memory occupied by the binary bitmap is small, for example, for 1 hundred million users, if the ID of each user occupies an average memory of 4 bytes, if a feature includes 5000 ten thousand users, it can be estimated that the space occupied by direct storage is 50,000,000 × 4(Byte) 200,000,000(Byte) 23.84G, and the space occupied by binary bitmap storage is 50,000,000(bit)/8/1024/1024 (5.96M), so that the usage amount of storage can be exponentially reduced by using the binary bitmap to store the features and the user information, the storage capacity is greatly reduced, the feature binary bitmap set is stored in the memory, the features and the corresponding user information can be directly loaded in the memory of the system, no additional storage system is required to support on-line fast access, the offline complexity of the system is reduced, the cost is reduced, the features and the user information are directly loaded in the memory of the system, the preset storage system information and the real-time delay calculation can be performed without the immediate response to the real-time calculation policy.

Fig. 5 is a schematic flow chart of a risk identification method for a service request in an embodiment of this specification, and a risk identification process for a service request in the embodiment of this specification is specifically described below with reference to fig. 5:

1. firstly, indexing from 0 is compiled for users in the total user set, the type of the indexing is a positive integer which is increased from 0, and a unique index number exists in each user identification. Such as: the user identification is user-group [ user0, user1, user 2. The user identification index is: an index (user-group) [ (user0,0), (user1,1), (user2,2),., (usern, n) ], and can be specifically referred to fig. 2.

2. The user corresponding to the characteristic parameter is represented by a binary bitmap (bitmap), for example: suppose that feature1 corresponds to three users, namely user1, user3 and user7, that there is a relationship: feature1- > (user1, user3, user 7). Through the index relationship obtained in step 1, i can express the corresponding relationship between the features and the users by using a binary bitmap, that is: feature1- > 10001010. The corresponding relationship between all the characteristic parameters and the user is expressed by a binary bitmap (bitmap), which can be specifically seen in fig. 3.

3. And loading all characteristic parameters and corresponding user information in a memory of the real-time suspicious transaction system. When the real-time suspicious transaction system receives the transaction information of the user, the feature parameters of the received transaction information may be obtained in the memory according to the preset policy configured in a quantitative manner, various feature parameters are combined, and the and or no operation is performed on the binary bitmap corresponding to the feature parameters based on the preset policy, so as to quickly obtain the result of whether to audit the user, which may be specifically referred to the description of fig. 4.

4. And judging whether the received service request has risk or not according to the AND or NOR logic operation result based on the binary bitmap. Specifically, reference may be made to the descriptions of the above embodiments, which are not repeated herein.

The embodiment of the specification uses the binary bitmap to store the characteristic user information, so that the storage cost is greatly reduced. The matching users are screened by using the binary bitmap and (and), or (or) and not (not), and the response speed is higher than that of a circular comparison mode. And the preset strategy and the binary bitmap are both stored in the memory, and can take effect in real time without waiting when the preset strategy is changed.

In the present specification, each embodiment of the method is described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The relevant points can be obtained by referring to the partial description of the method embodiment.

Based on the risk identification method for the service request, one or more embodiments of the present specification further provide a system for risk identification of the service request. The system may include systems (including distributed systems), software (applications), modules, components, servers, clients, etc. that use the methods described in embodiments of the present specification in conjunction with any necessary hardware-implemented devices. Based on the same innovative conception, embodiments of the present specification provide an apparatus as described in the following embodiments. Since the implementation scheme of the apparatus for solving the problem is similar to that of the method, the specific apparatus implementation in the embodiment of the present specification may refer to the implementation of the foregoing method, and repeated details are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.

Specifically, fig. 6 is a schematic block structure diagram of an embodiment of a risk identification apparatus for a service request provided in this specification, and as shown in fig. 6, the risk identification apparatus for a service request provided in this specification may include: a characteristic parameter obtaining module 61, a characteristic parameter matching determining module 62, a binary bitmap processing module 63, and a risk decision module 64, wherein:

the feature parameter obtaining module 61 may be configured to obtain a to-be-processed feature parameter corresponding to the received to-be-processed service request;

the feature parameter matching determination module 62 may be configured to match the feature parameter to be processed with a feature binary bitmap set, and determine a feature binary bitmap to be processed corresponding to the feature parameter to be processed; the characteristic binary bitmap set comprises binary bitmaps corresponding to different characteristic parameters, and the binary bitmaps represent the corresponding relation between the different characteristic parameters and users;

the binary bitmap processing module 63 may be configured to perform matching calculation on the binary bitmap of the feature to be processed corresponding to the feature parameter to be processed according to a preset policy, and determine a risk user set corresponding to the feature parameter to be processed;

the risk decision module 64 may be configured to determine a risk identification result of the service request to be processed according to the risk user set and the user identifier corresponding to the service request to be processed.

The risk identification device for a service request provided in the embodiments of the present specification stores information about correspondence between features and users by using a binary bitmap, can quickly determine correspondence between each feature and each user in the service request based on the binary bitmap, and then performs matching calculation on the binary bitmap with different feature parameter combinations by using a preset policy, so as to determine a risk user set corresponding to each feature in the service request, and further can quickly determine a risk identification result of the service request based on the risk user set. The binary bitmap is used for storing the characteristic user information, the storage cost can be greatly reduced, offline calculation is not needed, an online database is not needed, online real-time risk identification of the service request is realized, additional network communication time consumption is not needed, the response time of the real-time service request risk identification is greatly reduced, and the risk identification efficiency is improved.

On the basis of the foregoing embodiments, in some embodiments of the present specification, fig. 7 is a schematic block structure diagram of a further embodiment of the risk identification apparatus for service request provided in the present specification, and as shown in fig. 7, the apparatus further includes a feature binary bitmap set constructing module 71, configured to construct the feature binary bitmap set by using the following method:

In the embodiment of the specification, the corresponding relation information between the features and the users is stored through the binary bitmap, so that the storage occupancy can be exponentially reduced, the storage cost is greatly reduced, off-line calculation is not needed, an additional on-line database is not needed, and the system structure is simpler.

On the basis of the above embodiment, the feature binary bitmap set constructing module is specifically configured to:

acquiring user identifications corresponding to all users in a full user set;

On the basis of the foregoing embodiments, in some embodiments of the present specification, the binary bitmap processing module is specifically configured to:

In the embodiment of the present specification, the logical operation of and or and is performed on the binary bitmap corresponding to the characteristic parameter in the service request by using the preset policy, which users are at risk can be simply and quickly calculated, so as to quickly identify whether the current service request is in the users at risk, and the efficiency of risk identification is improved based on the logical operation of and or. Because the strategy characteristics are matched by adopting the bit operation of the CPU instruction level, compared with the traditional character string comparison mode, the method has the advantage that the exponential level is improved, and the response delay is further reduced.

On the basis of the foregoing embodiments, in some embodiments of the present specification, the binary bitmap processing module is further configured to:

On the basis of the foregoing embodiments, in some embodiments of the present specification, the risk decision module is specifically configured to:

In the embodiment of the present description, according to the index number of the user of the service request to be processed, whether the user of the service request to be processed is centralized in the risk user can be quickly determined.

In the embodiment of the specification, the occupation amount of storage can be exponentially reduced by adopting the binary bitmap storage characteristics and the user information, the occupied storage capacity is greatly reduced, the characteristics and the corresponding user information can be directly loaded in the memory of the system, an additional storage system is not needed to support online quick access, the complexity of the system is reduced, and the cost is also reduced. Because the characteristics and the user information are directly loaded in the memory of the system, the calculation of the preset strategy is not required to be issued to an offline system, and can be directly carried out in the memory, thereby reducing the response delay. Because the calculation of the preset strategy is stored in the memory, the preset strategy can be immediately effective when changed, and the offline calculation result does not need to be waited, so that the real-time antagonism of the business risk identification is enhanced.

It should be noted that the system described above may also include other embodiments according to the description of the corresponding method embodiment. The specific implementation manner may refer to the description of the above corresponding method embodiment, and is not described in detail herein.

An embodiment of the present specification further provides a risk identification processing device for a service request, including: at least one processor and a memory for storing processor-executable instructions, the processor implementing the information recommendation data processing method of the above embodiment when executing the instructions, such as:

It should be noted that the description of the processing device and the applet searching system according to the method embodiments may also include other embodiments. The specific implementation manner may refer to the description of the related method embodiment, and is not described in detail herein.

The risk identification device for service requests provided by the specification can also be applied to various data analysis and processing systems. The system or server or terminal or processing device may be a single server, or may include a server cluster, a system (including a distributed system), software (applications), a practical operating device, a logic gate device, a quantum computer, etc. using one or more of the methods described herein or one or more embodiments of the system or server or terminal or processing device, in combination with necessary end devices implementing hardware. The system for checking for discrepancies may comprise at least one processor and a memory storing computer-executable instructions that, when executed by the processor, implement the steps of the method of any one or more of the embodiments described above.

The method embodiments provided by the embodiments of the present specification can be executed in a mobile terminal, a computer terminal, a server or a similar computing device. Taking the example of the operation on the server, fig. 8 is a hardware structure block diagram of a risk identification server for a service request in an embodiment of the present specification, and the computer terminal may be the risk identification server for a service request or a risk identification device for a service request in the above embodiment. As shown in fig. 8, the server 10 may include one or more (only one shown) processors 100 (the processors 100 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA, etc.), a non-volatile memory 200 for storing data, and a transmission module 300 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 8 is only an illustration and is not intended to limit the structure of the electronic device. For example, the server 10 may also include more or fewer components than shown in FIG. 8, and may also include other processing hardware, such as a database or multi-level cache, a GPU, or have a different configuration than shown in FIG. 8, for example.

The non-volatile memory 200 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the risk identification method of service request in the embodiment of the present specification, and the processor 100 executes various functional applications and resource data updates by executing the software programs and modules stored in the non-volatile memory 200. Non-volatile memory 200 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the non-volatile memory 200 may further include memory located remotely from the processor 100, which may be connected to a computer terminal through a network. Examples of such networks include, but are not limited to, the internet, intranets, office-to-network, mobile communication networks, and combinations thereof.

The transmission module 300 is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal. In one example, the transmission module 300 includes a Network adapter (NIC) that can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission module 300 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The method or apparatus provided in this specification and described in the foregoing embodiments may implement service logic through a computer program and record the service logic on a storage medium, where the storage medium may be read and executed by a computer, and implement the effects of the solutions described in the embodiments of this specification, such as:

The storage medium may include a physical device for storing information, and typically, the information is digitized and then stored using an electrical, magnetic, or optical media. The storage medium may include: devices that store information using electrical energy, such as various types of memory, e.g., RAM, ROM, etc.; devices that store information using magnetic energy, such as hard disks, floppy disks, tapes, core memories, bubble memories, and usb disks; devices that store information optically, such as CDs or DVDs. Of course, there are other ways of storing media that can be read, such as quantum memory, graphene memory, and so forth.

The method or apparatus for identifying risk of the service request provided in the embodiments of the present specification may be implemented in a computer by a processor executing corresponding program instructions, for example, implemented in a PC end using a c + + language of a windows operating system, implemented in a linux system, or implemented in an intelligent terminal using android and iOS system programming languages, implemented in processing logic based on a quantum computer, or the like.

It should be noted that descriptions of the apparatus, the computer storage medium, and the system described above according to the related method embodiments may also include other embodiments, and specific implementations may refer to descriptions of corresponding method embodiments, which are not described in detail herein.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the hardware + program class embodiment, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to only the partial description of the method embodiment.

The embodiments of the present description are not limited to what must be consistent with industry communications standards, standard computer resource data updating and data storage rules, or what is described in one or more embodiments of the present description. Certain industry standards, or implementations modified slightly from those described using custom modes or examples, may also achieve the same, equivalent, or similar, or other, contemplated implementations of the above-described examples. The embodiments using the modified or transformed data acquisition, storage, judgment, processing and the like can still fall within the scope of the alternative embodiments of the embodiments in this specification.

In the 90 th generation of 20 th century, it is obvious that improvements in Hardware (for example, improvements in circuit structures such as diodes, transistors and switches) or software (for improvement in method flow) can be distinguished for a technical improvement, however, as technology develops, many of the improvements in method flow today can be regarded as direct improvements in Hardware circuit structures, designers almost all obtain corresponding Hardware circuit structures by Programming the improved method flow into Hardware circuits, and therefore, it cannot be said that an improvement in method flow cannot be realized by Hardware entity modules, for example, Programmable logic devices (Programmable logic devices L organic devices, P L D) (for example, Field Programmable Gate Arrays (FPGAs) are integrated circuits whose logic functions are determined by user Programming of devices), and a digital system is "integrated" on a P L D "by self Programming of designers without requiring many kinds of integrated circuits manufactured and manufactured by special chip manufacturers to design and manufacture, and only a Hardware software is written in Hardware programs such as Hardware programs, software programs, such as Hardware programs, software, Hardware programs, software programs, Hardware programs, software, Hardware programs, software programs, Hardware programs, software, Hardware programs, Hardware, software, Hardware programs, software, Hardware, software, Hardware, software, Hardware, software, Hardware, software, Hardware, software, Hardware, software, Hardware, software, Hardware, software, Hardware, software, Hardware, software.

A controller may be implemented in any suitable manner, for example, in the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, Application Specific Integrated Circuits (ASICs), programmable logic controllers (PLC's), and embedded microcontrollers, examples of which include, but are not limited to, microcontrollers 625D, AtmelAT91SAM 91, Microchip PIC18F26K20, and Silicone L abs C8051F320, which may also be implemented as part of the control logic for a memory.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When the device or the end product in practice executes, it can execute sequentially or in parallel according to the method shown in the embodiment or the figures (for example, in the environment of parallel processors or multi-thread processing, even in the environment of distributed resource data update). The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. The terms first, second, etc. are used to denote names, but not any particular order.

For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable resource data updating apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable resource data updating apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable resource data update apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable resource data update apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, and the relevant points can be referred to only part of the description of the method embodiments. In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

The above description is merely exemplary of one or more embodiments of the present disclosure and is not intended to limit the scope of one or more embodiments of the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.

Claims

1. A method for risk identification of a business request, the method comprising:

2. The method of claim 1, the feature binary bitmap set being arranged to be constructed using:

3. The method of claim 2, wherein said characterizing the correspondence between the feature parameters in the feature library using a binary bitmap to construct the feature binary bitmap set comprises:

acquiring user identifications corresponding to all users in a full user set;

4. The method of claim 1, wherein the performing matching calculation on the binary bitmap of the feature to be processed corresponding to the feature parameter to be processed according to a preset policy and determining the set of risky users corresponding to the feature parameter to be processed comprises:

5. The method of claim 4, wherein the determining a risk identification result of the pending service request according to the set of risk users and the user identifier corresponding to the pending service request comprises:

6. The method according to claim 3, wherein the determining a risk identification result of the to-be-processed service request according to the risk user set and the user identifier corresponding to the to-be-processed service request includes:

7. The method of any of claims 1-6, wherein the predetermined policy and the feature binary bitmap set are stored in memory.

8. A risk identification apparatus for a service request, comprising:

9. The apparatus of claim 8, further comprising a feature binary bitmap set construction module for constructing the feature binary bitmap set using:

10. The apparatus of claim 9, the feature binary bitmap set building module being specifically configured to:

acquiring user identifications corresponding to all users in a full user set;

11. The apparatus of claim 8, the binary bitmap processing module being specifically configured to:

12. The apparatus of claim 11, the binary bitmap processing module further to:

13. The apparatus of claim 10, the risk decision module to:

14. The apparatus of any of claims 8-13, the predetermined policy and the feature binary bitmap set stored in a memory.

15. A risk identification processing device for business requests, comprising: at least one processor and a memory for storing processor-executable instructions, the processor implementing the method of any one of claims 1-7 when executing the instructions.