CN111835790B - Risk identification method, device and system - Google Patents
Risk identification method, device and system Download PDFInfo
- Publication number
- CN111835790B CN111835790B CN202010751210.XA CN202010751210A CN111835790B CN 111835790 B CN111835790 B CN 111835790B CN 202010751210 A CN202010751210 A CN 202010751210A CN 111835790 B CN111835790 B CN 111835790B
- Authority
- CN
- China
- Prior art keywords
- model
- risk identification
- service
- real
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The application discloses a risk identification method which is used for solving the problem that in the prior art, the risk identification method causes low completion efficiency of services with high real-time requirements. The method comprises the following steps: judging whether the service to be subjected to risk identification meets a real-time identification condition; the real-time identification condition is used for distinguishing services with higher real-time requirements for completing services from services with lower real-time requirements for completing services; if so, calling a risk identification model in the first model set to identify whether the business has risks; and the risk identification models in the first model set are obtained by screening according to a preset model screening rule. The application also discloses a risk identification device and a risk identification system.
Description
The patent application is a divisional application of patent application with the application number of 201510754045.2, the application date of 2015 is 09/11/2015, and the name of the invention is 'a risk identification method, device and system'.
Technical Field
The present application relates to the field of computer technologies, and in particular, to a risk identification method, apparatus, and system.
Background
Currently, in order to ensure network security and to ensure that the legal interests of the legal users of the internet are not damaged, risk identification of services in the internet is required. The significance of risk identification on the service is that aiming at the identified service which possibly has risk, bad results can be avoided by stopping, terminating or canceling the service operation and the like.
A typical business risk identification system in the prior art is schematically shown in fig. 1, and includes a risk control system, a model operation platform, a model library and a model management system. In practical application, the parts are matched with each other to provide risk identification service for a business system.
Specifically, the model operating platform in fig. 1 may execute, under the call of the risk control system, one by one for each risk identification model stored in the model library: and judging whether the business operation hits the risk identification model or not by taking the relevant information of the business operation to be executed by the business system as the input of the risk identification model. And aiming at the hit risk identification model, the model operation platform provides an output result (namely a risk consultation result) of the hit risk identification model to a risk control system. The fact that the business operation hits on the risk identification model means that the relevant information of the business operation is used as the input of the risk identification model, and an output result indicating that the business operation has a risk is obtained.
In the prior art, with the development of services, more and more service systems are accessed to a service risk identification system. Accordingly, the number of risk identification models in the model library is increased, so that the average time for completing single risk identification is longer and longer, that is, the efficiency of single risk identification is lower and lower.
The efficiency of risk identification for business operations affects the completion efficiency of business processes to which the business operations belong, and therefore the existence of the above problems particularly affects the completion efficiency of businesses (such as payment businesses) with high real-time requirements.
Disclosure of Invention
The embodiment of the application provides a risk identification method, which is used for solving the problem that the completion efficiency of a service with high real-time requirement is low due to the adoption of the risk identification method in the prior art.
The embodiment of the application further provides a risk identification device, which is used for solving the problem that the completion efficiency of the service with high real-time requirement is low due to the adoption of the risk identification method in the prior art.
The embodiment of the application further provides a risk identification system.
The embodiment of the application adopts the following technical scheme:
a risk identification method, comprising:
judging whether the service to be subjected to risk identification meets a real-time identification condition; the real-time identification condition is used for distinguishing services with higher real-time requirements for completing services from services with lower real-time requirements;
if so, calling a risk identification model in the first model set to identify whether the business has risks;
and the risk identification models in the first model set are obtained by screening according to a preset model screening rule.
A risk identification device, comprising:
the judging unit is used for judging whether the service to be subjected to risk identification meets the real-time identification condition;
the model calling unit is used for calling a risk identification model in the first model set to identify whether the business has risks or not when the judgment result obtained by the judgment unit is yes;
and the risk identification models in the first model set are obtained by screening according to a preset model screening rule.
A risk identification system comprises a risk control system, a real-time model operation system, an asynchronous model operation system, a model efficiency monitoring system, a synchronous model library and a full library, wherein:
the risk control system is used for judging whether the service to be subjected to risk identification meets the real-time identification condition; if so, calling a real-time model operation system; if the judgment result is negative, calling an asynchronous model operation system; the real-time identification condition is used for distinguishing services with higher real-time requirements for completing services from services with lower real-time requirements;
the real-time model operation system is used for responding to the calling of the risk control system and identifying whether the business has risks or not by utilizing the risk identification model in the synchronous model library; the risk identification model in the synchronous model library is obtained by screening from the full-scale library according to a preset model screening rule;
the asynchronous model operation system is used for responding to the calling of the risk control system and identifying whether the business has risks or not by utilizing the risk identification model in the full-scale library;
and the model efficiency monitoring system is used for respectively monitoring the hit conditions of the risk identification models in the synchronous model library and the full-scale library and adjusting the risk identification models in the synchronous model library according to the monitoring result.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:
as for the service meeting the real-time identification condition, only the screened risk identification model needs to be called for risk identification, and whether the risk identification model is hit or not does not need to be judged one by one aiming at all the risk identification models, the risk identification efficiency of the service meeting the real-time identification condition can be improved compared with the prior art, and the completion efficiency of the service is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic diagram of a business risk identification system of the prior art;
fig. 2 is a schematic flow chart illustrating an implementation of a risk identification method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a risk identification system according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a risk identification device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Example 1
In order to solve the problem that the completion efficiency of a service with a high real-time requirement is low due to the adoption of a risk identification method in the prior art, the embodiment of the application provides the risk identification method. The execution subject of the method may be a server, a risk control system, or any device capable of executing the method. The execution subject is not limited to the present application, and for convenience of description, the execution subject is an example of a risk control system in the embodiments of the present application.
Specifically, a specific implementation flowchart of the method is shown in fig. 2, and includes the following steps:
in the embodiment of the present application, the service to be risk-identified may be, for example, a service corresponding to a service operation to be executed by a service system. The business operation may be an operation with a high security requirement, such as a transfer operation or a payment operation, and may of course be any business operation included in any business process.
In the embodiment of the present application, the risk control system may perform the determination by responding to a risk consultation request sent by the service system after receiving the request; alternatively, the determination may be triggered by other events.
The real-time identification condition is used for distinguishing the service with higher real-time requirement for completing the service from the service with lower real-time requirement.
The real-time recognition condition may be preset.
The real-time identification condition, such as but not limited to, may include at least one of the following conditions:
1. the service attribute value representing the real-time requirement of the service is higher than a preset service real-time threshold value;
considering that the requirement on the response time of the risk consultation request is higher for the service with high real-time requirement, in the embodiment of the present application, the service attribute value representing the "requirement on the real-time property of the service" may be used as a basis for judging whether the service meets the real-time identification condition.
For example, if a service attribute value used for characterizing "the real-time requirement of the service" of a certain service is: "5" -that is, the service needs to be completed in 5 seconds; and the service attribute threshold is "3" -i.e., 3 seconds. Then the service satisfies the real-time identification condition because the service attribute value is higher than the service attribute threshold value.
2. The service attribute value representing the service priority level of the service is higher than a preset service priority level threshold value.
Considering that the service with higher service priority level has higher requirement on the response time of the risk consultation request, in the embodiment of the present application, the service attribute value representing "service priority level" may be used as a basis for determining whether the service satisfies the real-time identification condition.
For example, if the service attribute representing "service priority" of a certain service is "1" — that is, the priority of the service is 1; and the traffic priority level threshold is "2". Then the service does not satisfy the real-time identification condition because the service attribute value of the service is lower than the service priority level threshold.
In this embodiment of the present application, if the real-time identification condition includes the above two conditions at the same time, it may be determined that the service satisfies the real-time identification condition only when the service satisfies the two conditions at the same time, otherwise, it is determined that the service does not satisfy the real-time identification condition.
In the embodiment of the present application, the real-time identification condition may also be other conditions different from the above two conditions, which is not illustrated here.
And step 22, the risk control system calls a risk identification model in the first model set to identify whether the business to be subjected to risk identification has risks.
And the risk identification models in the first model set are obtained by screening according to a preset model screening rule.
For example, the risk identification models may be screened from the model library in advance according to the model screening rule to form the first model set.
In an embodiment of the present application, the model filtering rule may include at least one of the following rules:
1. screening a risk identification model with the importance level higher than a preset level;
considering some important risk identification models, it is necessary to identify business operations that may have serious consequences, and therefore, the screening may be performed according to the importance level of the risk identification model.
For example, the risk identification models may be sequentially screened in the order of the importance levels from high to low until a first predetermined number of risk identification models are screened, or until all risk identification models with importance levels higher than a preset level in the model library are screened.
In the embodiment of the application, the setting personnel of the risk identification model can determine the importance level for the risk identification model and set the corresponding importance level identification for the risk identification model. Therefore, the importance level of the risk identification model can be determined according to the importance level identification when the risk identification model is screened subsequently.
Or, the corresponding importance level identification can be set for the risk identification model according to the number of hits. In particular, the number of times the risk identification model is hit by different types of business within a set length of time may be recorded. If the number of times that a certain risk identification model is hit by the service of the payment class (the service with higher security level) is the largest within the set time length, the importance level of the risk identification model can be determined to be higher, so that a corresponding importance level identifier can be set for the risk identification model; if the number of times that a certain risk identification model is hit by a service (service with a higher security level) of a modified password class is the largest within the set time length, the importance level of the risk identification model can be determined to be the second highest, so that a corresponding importance level identifier can be set for the risk identification model. The importance level identifier set for the risk identification model can be used as a basis for determining the importance level of the risk identification model when the risk identification model is screened.
The basis of the importance level identification is set for the risk identification model, which can be determined according to actual requirements, and is not limited in the embodiment of the application.
2. Screening a risk identification model with the hit frequency higher than a preset frequency threshold;
since a risk identification model with a higher hit frequency indicates a higher compatibility, i.e., is more likely to be hit by different business operations, the risk identification model can be screened according to the hit frequency.
For example, the risk identification models may be sequentially screened in the order of the hit frequency from high to low until a second predetermined number of risk identification models are screened, or until all risk identification models with the hit frequency higher than a preset frequency threshold are screened. In the embodiment of the application, the hit condition of the risk identification model can be monitored, and the hit frequency of the risk identification model is determined according to the monitoring result.
Here, the hit frequency referred to herein may be a hit frequency within a predetermined time period. The specified time period may be, for example, a month, a week, a day, or the like.
In the embodiment of the present application, if the model screening rule includes the above two rules, the screened risk identification model satisfies: the importance level is higher than the predetermined level, and the hit frequency is higher than the predetermined frequency threshold.
In the embodiment of the present application, the model filtering rule may also be another rule different from the above two rules, which is not illustrated here.
By adopting the method provided by the embodiment of the application, for the service meeting the real-time identification condition, only the screened risk identification model is required to be called for risk identification, and whether the selected risk identification model hits the service is not required to be judged one by one aiming at all risk identification models in the model library, so that the risk identification efficiency of the service meeting the real-time identification condition can be improved compared with the prior art, and the completion efficiency of the service is also improved.
Some alternative embodiments of the above method are described further below.
In this embodiment, when the determination result obtained by performing step 21 is negative, in order to still identify whether the service has a risk and avoid a potential safety hazard caused by missing identification of the risk, another model set (referred to as a second model set) different from the first model set may be called to identify whether the service has a risk.
Wherein, the second model set is also formed by risk identification models. The risk identification models in the second set of models may be completely different or partially the same as the risk identification models in the first set of models. In particular, the first model set may be selected by screening risk identification models in the second model set. I.e. the first set of models, may be a subset of the second set of models.
Considering that there may be a risk identification model that can be hit by a business in a risk identification model that is not screened in the first model set, in order to achieve comprehensive identification of whether there is a risk in a business, in an embodiment, when a determination result obtained by performing step 21 is yes, the method provided in this embodiment may further include the steps of: judging whether the business hits a risk identification model in the third model set; and updating the first model set according to the risk identification model in the third model set hit by the business when the business hits the risk identification model in the third model set.
Through the updating of the first model set, the risk identification models contained in the first model set can be richer, so that the first model set is called again subsequently to carry out risk identification on the business, and the risk identification can be more comprehensive.
The third model set may be the same as or different from the second model set.
Furthermore, on the one hand, considering the risk identification model already added to the first model set, it is possible that the hit frequency becomes lower and lower as the business changes or is influenced by other factors; on the other hand, considering that the hit frequency may reflect the importance of the risk identification model to some extent, in one embodiment, the calling priority of the risk identification models in the first model set may be determined according to the hit frequency, so as to achieve the opposite of the risk identification model with higher hit frequency (generally, higher importance) being called with higher priority, and the risk identification model with lower hit frequency (generally, lower importance) being even 0.
After determining the calling priority of each risk identification model in the first model set according to the hit frequency, the process of calling the first model set to identify whether the business has a risk may specifically include:
and sequentially calling the risk identification models in the first model set according to the calling priority of the risk identification models to identify whether the business has risks.
In the embodiment of the application, considering that the probability of the risk identification models with too low hit frequency or even 0 in the first model set being called is relatively very small or even negligible, the risk identification models with hit frequency lower than the hit frequency threshold may be deleted from the first model set to avoid that such risk identification models occupy storage space.
It should be noted that the execution subjects of the steps of the method provided in embodiment 1 may be the same apparatus, or different apparatuses may be used as the execution subjects of the method. The embodiment of the present application does not limit the execution sequence of each step of the above method. The number is set for each step in the embodiment of the present application to describe each step orderly, and the execution order of the steps is not limited, that is, the number set for each step in the embodiment of the present application is not to be considered as a feature that limits the execution order of the steps.
Example 2
Based on the same inventive concept as that in embodiment 1 of the present application, embodiment 2 provides a risk identification system, so as to solve the problem that the completion efficiency of a service with a high real-time requirement is low due to the adoption of a risk identification method in the prior art.
Fig. 3 is a schematic structural diagram of the risk identification system provided in embodiment 2, and includes a risk control system 31, a real-time model operating system 32, an asynchronous model operating system 33, a model performance monitoring system 34, a synchronous model library 35, and a full-scale library 36. The main function of the risk identification system is to feed back the risk consultation result to the business system in response to the consultation of the business system in fig. 3. The functions of the service system are similar to those of the service system in the prior art, and are not described herein again.
The following describes how the risk identification system implements risk identification on a service, by describing functions of each part in fig. 3:
the risk control system 31 is configured to respond to a risk consultation request sent by the service system, and determine whether a service to be subjected to risk identification meets a real-time identification condition; if the judgment result is yes, the real-time model operation system 32 is called; if the judgment result is no, the asynchronous model operating system 33 is called. Further, the risk control system 31 receives the recognition result fed back by the real-time model operating system 32 or the asynchronous model operating system 33, and transmits the recognition result to the business system.
The calling mode of the risk control system 31 to the real-time model running system 32 and the asynchronous and asynchronous model running system 33 may be realized by sending a calling instruction to the real-time model running system 32 and the asynchronous and asynchronous model running system 33. The call instruction may include information related to business operations included in the risk consultation request. The information may be at least one of a requester user identifier of the service (such as a bank account number of a user requesting a transfer), a time when the user requests to complete the service (such as 1 m). This information can then be used as input to a risk identification model.
It should be noted that, in embodiment 2, the manner in which the risk control system 31 determines whether the service to be subjected to risk identification meets the real-time identification condition may refer to the method described in embodiment 1, and details are not described here.
And the real-time model running system 32 is used for responding to the calling of the risk control system 31, taking the information related to the business operation as the input of the risk identification models stored in the synchronous model library 35, and calling the risk identification models stored in the synchronous model library 35 one by one to identify whether the business has risks. Further, the output of the risk recognition model hit in the synchronization model library 35 is fed back to the risk control system 31 as a recognition result.
And the asynchronous model operating system 33 is used for responding to the calling of the risk control system 31, taking the information related to the business operation as the input of the risk identification models stored in the full-scale library 36, and calling the risk identification models stored in the full-scale library 36 one by one to identify whether the business has risks. Further, the output of the risk recognition model hit in the full-scale library 36 is fed back to the risk control system 31 as a recognition result.
And the model efficiency monitoring system 34 is configured to monitor hits of the risk identification models in the synchronous model library 35 and the full-scale library 36, and adjust the risk identification models in the synchronous model library 35 according to the monitoring results.
Specifically, when monitoring into the full-scale library 36, there is a risk identification model with a hit rate higher than the hit rate first threshold for a first length of time, and the risk identification model is not screened into the synchronization model library 35, the model performance monitoring system 34 may set the risk identification model into the synchronization model library 35. For example, the model may be copied into the synchronization model library 35. In addition, when a risk identification model having a hit rate lower than the second threshold of the hit rate for a predetermined second time period is monitored in the synchronization model library 35, the real-time model operating system 32 may be notified that such a risk identification model is no longer operated.
And the synchronous model library 35 is used for storing each risk identification model which is screened from the full-scale library 36 and is suitable for the business with higher real-time requirement. The rule for screening the model used in screening the risk identification model may refer to the rule described in embodiment 1, and is not described herein again.
And the full-scale library 36 is used for storing all preset risk identification models.
By adopting the system provided by the embodiment 2 of the application, the model operation system is divided into the real-time model operation system 32 and the asynchronous model operation system 33, the former is used for calling each risk identification model which is screened from the full-scale library 36 and is suitable for the service with higher real-time requirement, and the latter is used for calling each risk identification model in the full-scale library 36, so that for the service with higher real-time requirement, only the screened risk identification model can be called for identification, and the risk identification model in the whole full-scale library 36 is not required to be taken as a calling object. Therefore, for the service with higher real-time requirement, the risk identification efficiency can be improved, the service completion efficiency can be improved, and the user can obtain better experience.
Example 3
In order to solve the problem that the completion efficiency of a service with a high real-time requirement is low due to the adoption of a risk identification method in the prior art, embodiment 3 of the present application provides a risk identification device. The specific structural schematic diagram of the device is shown in fig. 4, and mainly comprises the following functional units:
a judging unit 41, configured to judge whether the service to be risk identified satisfies a real-time identification condition.
The real-time identification condition is used for distinguishing the service with higher real-time requirement for completing the service from the service with lower real-time requirement.
And a model calling unit 42, configured to, when the determination result obtained by the determining unit 41 is yes, call a risk identification model in the first model set, and identify whether the business has a risk.
And the risk identification models in the first model set are obtained by screening according to a preset model screening rule.
In this embodiment of the application, when the determination result obtained by the determining unit 41 is negative, in order to still identify whether the business has a risk so as to avoid a security problem caused by missed identification of the risk, the model invoking unit 42 may be further configured to invoke a risk identification model in the second model set to identify whether the business has a risk when the determination result obtained by the determining unit 41 is negative.
Considering that there may be risk recognition models that can be hit by the service in the risk recognition models that are not screened in the first model set, in order to realize overall recognition of whether there is a risk in the service, in one embodiment, the determining unit is further configured to determine whether the service to be risk recognized hits the risk recognition model in the third model set when determining that the service meets the real-time recognition condition. Accordingly, the apparatus may further include an updating unit. The updating unit is configured to update the first model set according to the risk identification model in the third model set hit by the service when the determining unit 41 determines that the service hits the risk identification model in the third model set.
Furthermore, on the one hand, considering the risk identification model already added to the first model set, it is possible that the hit frequency becomes lower and lower as the business changes or is influenced by other factors; on the other hand, considering that the hit frequency may reflect the importance of the risk identification model to some extent, in one embodiment, the apparatus may further include a frequency determination unit and a priority determination unit.
The frequency determining unit is used for determining the hit frequency of each risk identification model in the first model set; and the priority determining unit is used for determining the calling priority of the risk identification model in the first model set according to the hit frequency determined by the frequency determining unit. Correspondingly, the model invoking unit 43 may be specifically configured to sequentially invoke the risk identification models in the first model set according to the invocation priority of the risk identification model determined by the priority determining unit, so as to identify whether the service has a risk.
In the embodiment of the present application, considering that the probability of the risk identification model in the first model set being invoked with a too low hit frequency or even 0 hit frequency is relatively very small or even negligible, in an embodiment, the apparatus may further include a model deleting unit in addition to the frequency determining unit. The model deleting unit is used for deleting the risk identification models with the hit frequency lower than the hit frequency threshold value, which is determined by the determining unit, from the first model set.
In order to realize that the screening risk identification models form the first model set, the apparatus provided in the embodiment of the present application may further include a model screening unit. The unit is used for screening risk identification models to form a first model set according to the sequence of the hit frequency of the risk identification models from high to low; or screening the risk identification models to form a first model set according to the order of the importance levels of the risk identification models from high to low.
By adopting the device provided by the embodiment of the application, as for the service meeting the real-time identification condition, only the screened risk identification models are required to be called for risk identification, and whether the selected risk identification models hit or not is not required to be judged one by one aiming at all the risk identification models, the risk identification efficiency of the service meeting the real-time identification condition can be improved compared with the prior art, and the completion efficiency of the service is also improved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (9)
1. A method for risk identification, comprising:
judging whether the service to be subjected to risk identification meets a real-time identification condition or not; the real-time identification condition is used for distinguishing a service which has a high requirement on the real-time performance of completing the service from a service which has a low requirement on the real-time performance of completing the service, and the real-time identification condition comprises the following steps: the real-time requirement of the service to be subjected to risk identification is higher than the preset service real-time requirement, and the service attribute value of the service to be subjected to risk identification is higher than the preset service priority level threshold value, wherein the service attribute value is used for representing the real-time requirement of the service;
if so, calling a risk identification model in the first model set to identify whether the business has risks;
the risk identification models in the first model set are obtained by screening according to a preset model screening rule and are used for carrying out risk identification on the services meeting the real-time identification condition;
the screening according to a preset model screening rule to obtain the risk identification model in the first model set comprises the following steps:
and screening the risk identification models with the hit frequency higher than a preset frequency threshold value to form the first model set according to the sequence from high to low of the hit frequency of the risk identification models, or screening the risk identification models with the importance level higher than the preset level to form the first model set according to the sequence from high to low of the importance level of the risk identification models.
2. The method of claim 1, wherein the method further comprises:
if not, calling a risk identification model in the second model set to identify whether the business has risks;
the second model set is a set formed by risk identification models;
in the second model set, at least one risk identification model different from the risk identification models in the first model set exists.
3. The method of claim 1, wherein when the determination is yes, the method further comprises:
judging whether the business hits a risk identification model in a third model set;
when the business is judged to hit the risk identification model in the third model set, updating the first model set according to the risk identification model in the third model set hit by the business;
the third model set is a set formed by risk identification models;
in the third model set, at least one risk identification model different from the risk identification models in the first model set exists.
4. The method of claim 1, wherein the method further comprises:
determining hit frequency of each risk identification model in the first model set;
from the first set of models, risk identification models having a hit frequency below a hit frequency threshold are deleted.
5. A risk identification device, comprising:
the judging unit is used for judging whether the service to be subjected to risk identification meets the real-time identification condition; the real-time identification condition is used for distinguishing a service which has a high requirement on the real-time performance of completing the service from a service which has a low requirement on the real-time performance of completing the service, and the real-time identification condition comprises the following steps: the real-time requirement of the service to be subjected to risk identification is higher than the preset service real-time requirement, and the service attribute value of the service to be subjected to risk identification is higher than the preset service priority level threshold value, wherein the service attribute value is used for representing the real-time requirement of the service;
the model calling unit is used for calling a risk identification model in the first model set to identify whether the business has risks or not when the judgment result obtained by the judgment unit is yes; the risk identification models in the first model set are obtained by screening according to a preset model screening rule and are used for carrying out risk identification on the services meeting the real-time identification condition;
the model screening unit is used for screening the risk identification models with the hit frequency higher than a preset frequency threshold value to form the first model set according to the sequence of the hit frequency of the risk identification models from high to low; or screening the risk identification models with the importance levels higher than the preset level according to the order from high to low of the importance levels of the risk identification models to form the first model set.
6. The apparatus of claim 5, wherein:
the model calling unit is also used for calling the risk identification model in the second model set to identify whether the business has risks or not when the judgment result obtained by the judgment unit is negative;
the second model set is a set formed by risk identification models;
in the second model set, at least one risk identification model different from the risk identification models in the first model set exists.
7. The apparatus of claim 5, wherein:
the judging unit is further configured to judge whether the service hits a risk identification model in the third model set when it is judged that the service to be subjected to risk identification meets the real-time identification condition;
the device further comprises:
an updating unit, configured to update the first model set according to the risk identification model in the third model set hit by the service when the determining unit determines that the service hits the risk identification model in the third model set;
the third model set is a set formed by risk identification models;
in the third model set, at least one risk identification model different from the risk identification models in the first model set exists.
8. The apparatus of claim 5, wherein the apparatus further comprises:
the frequency determining unit is used for determining the hit frequency of each risk identification model in the first model set;
and the model deleting unit is used for deleting the risk identification model with the hit frequency lower than the hit frequency threshold value, which is determined by the frequency determining unit, from the first model set.
9. A risk identification system, comprising a risk control system, a real-time model operating system, an asynchronous model operating system, a model efficiency monitoring system, a synchronous model library and a full library, wherein:
the risk control system is used for judging whether the service to be subjected to risk identification meets the real-time identification condition; if so, calling a real-time model operation system; if the judgment result is negative, calling the asynchronous model operation system; the real-time identification condition is used for distinguishing a service which has a higher requirement on the real-time performance of completing the service from a service which has a lower requirement on the real-time performance, and the real-time identification condition comprises the following steps: the real-time requirement of the service to be subjected to risk identification is higher than the preset service real-time requirement, and the service attribute value of the service to be subjected to risk identification is higher than the preset service priority level threshold value, wherein the service attribute value is used for representing the real-time requirement of the service;
the real-time model operation system is used for responding to the calling of the risk control system and identifying whether the business has risks or not by utilizing the risk identification model in the synchronous model library; the risk identification models in the synchronous model library are obtained by screening from the full-scale library according to a preset model screening rule, wherein the synchronous model library comprises risk identification models in a first model set, the full-scale library comprises preset risk identification models for identifying whether the business has risks, and the full-scale library comprises risk identification models in a second model set and risk identification models in a third model set;
the asynchronous model operation system is used for responding to the calling of the risk control system and identifying whether the business has risks or not by utilizing the risk identification model in the full-scale library;
the model efficiency monitoring system is used for respectively monitoring the hit conditions of the risk identification models in the synchronous model library and the full-scale library and adjusting the risk identification models in the synchronous model library according to the monitoring results;
wherein the real-time model operating system is configured to:
and screening the risk identification models with the hit frequency higher than a preset frequency threshold value to form the first model set according to the sequence of the hit frequency of the risk identification models from high to low, or screening the risk identification models with the importance level higher than the preset level to form the first model set according to the sequence of the importance level of the risk identification models from high to low.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010751210.XA CN111835790B (en) | 2015-11-09 | 2015-11-09 | Risk identification method, device and system |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510754045.2A CN106685894B (en) | 2015-11-09 | 2015-11-09 | Risk identification method, device and system |
| CN202010751210.XA CN111835790B (en) | 2015-11-09 | 2015-11-09 | Risk identification method, device and system |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510754045.2A Division CN106685894B (en) | 2015-11-09 | 2015-11-09 | Risk identification method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111835790A CN111835790A (en) | 2020-10-27 |
| CN111835790B true CN111835790B (en) | 2022-12-09 |
Family
ID=58864699
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510754045.2A Active CN106685894B (en) | 2015-11-09 | 2015-11-09 | Risk identification method, device and system |
| CN202010751210.XA Active CN111835790B (en) | 2015-11-09 | 2015-11-09 | Risk identification method, device and system |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510754045.2A Active CN106685894B (en) | 2015-11-09 | 2015-11-09 | Risk identification method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN106685894B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107527287A (en) * | 2017-08-29 | 2017-12-29 | 深圳市分期乐网络科技有限公司 | A kind of risk control method and device |
| CN110390445A (en) * | 2018-04-16 | 2019-10-29 | 阿里巴巴集团控股有限公司 | The recognition methods of operational risk, device and system |
| CN108985072A (en) | 2018-07-16 | 2018-12-11 | 北京百度网讯科技有限公司 | Operate defence method, device, equipment and computer-readable medium |
| CN109559232A (en) * | 2019-01-03 | 2019-04-02 | 深圳壹账通智能科技有限公司 | Transaction data processing method, device, computer equipment and storage medium |
| CN110753032B (en) * | 2019-09-24 | 2021-11-16 | 支付宝(杭州)信息技术有限公司 | Risk dimension combination excavation method, device and equipment |
| CN110728436B (en) * | 2019-09-24 | 2022-06-10 | 支付宝(杭州)信息技术有限公司 | Risk identification method and device, electronic equipment and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101505302A (en) * | 2009-02-26 | 2009-08-12 | 中国联合网络通信集团有限公司 | Dynamic regulating method and system for security policy |
| CN101706937A (en) * | 2009-12-01 | 2010-05-12 | 中国建设银行股份有限公司 | Method and system for monitoring electronic bank risks |
| CN102194177A (en) * | 2011-05-13 | 2011-09-21 | 南京柯富锐软件科技有限公司 | System for risk control over online payment |
| CN102594783A (en) * | 2011-01-14 | 2012-07-18 | 中国科学院软件研究所 | Network security emergency responding method |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SG115533A1 (en) * | 2003-04-01 | 2005-10-28 | Maximus Consulting Pte Ltd | Risk control system |
| AU2004272083B2 (en) * | 2003-09-12 | 2009-11-26 | Emc Corporation | System and method for risk based authentication |
| US20060036536A1 (en) * | 2003-12-30 | 2006-02-16 | Williams William R | System and methods for evaluating the quality of and improving the delivery of medical diagnostic testing services |
| US20130097660A1 (en) * | 2011-10-17 | 2013-04-18 | Mcafee, Inc. | System and method for whitelisting applications in a mobile network environment |
| CN103123712A (en) * | 2011-11-17 | 2013-05-29 | 阿里巴巴集团控股有限公司 | Method and system for monitoring network behavior data |
| CN102722814B (en) * | 2012-06-01 | 2015-08-19 | 苏州通付盾信息技术有限公司 | A kind of self-adaptation controllable management system of online transaction risk of fraud |
| CN103220288B (en) * | 2013-04-12 | 2015-01-28 | 江苏通付盾信息科技有限公司 | Safe-operation method of social platform |
| CN103903088B (en) * | 2014-03-12 | 2018-11-20 | 王峰 | A kind of high speed railway construction engineering drawing lessons control system and method |
-
2015
- 2015-11-09 CN CN201510754045.2A patent/CN106685894B/en active Active
- 2015-11-09 CN CN202010751210.XA patent/CN111835790B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101505302A (en) * | 2009-02-26 | 2009-08-12 | 中国联合网络通信集团有限公司 | Dynamic regulating method and system for security policy |
| CN101706937A (en) * | 2009-12-01 | 2010-05-12 | 中国建设银行股份有限公司 | Method and system for monitoring electronic bank risks |
| CN102594783A (en) * | 2011-01-14 | 2012-07-18 | 中国科学院软件研究所 | Network security emergency responding method |
| CN102194177A (en) * | 2011-05-13 | 2011-09-21 | 南京柯富锐软件科技有限公司 | System for risk control over online payment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106685894B (en) | 2020-07-31 |
| CN111835790A (en) | 2020-10-27 |
| CN106685894A (en) | 2017-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111835790B (en) | Risk identification method, device and system | |
| CN111478961B (en) | Multi-tenant service calling method and device | |
| CN106656932B (en) | Service processing method and device | |
| CN109614238B (en) | Target object identification method, device and system and readable storage medium | |
| CN105138371B (en) | Method for upgrading software and device | |
| CN109818937A (en) | For the control method of Android permission, device and storage medium, electronic device | |
| CN111290958B (en) | Method and device for debugging intelligent contract | |
| CN104866296B (en) | Data processing method and device | |
| CN105930226B (en) | A kind of data processing method and device | |
| CN107463839A (en) | A kind of system and method for managing application program | |
| CN111258850A (en) | Method and device for updating software information based on Linux system | |
| WO2020259034A1 (en) | Method, apparatus, and device for identifying offline source code, and storage medium | |
| CN112995236A (en) | Internet of things equipment safety management and control method, device and system | |
| CN109543457B (en) | Method and device for controlling calling between intelligent contracts | |
| CN115001967A (en) | Data acquisition method and device, electronic equipment and storage medium | |
| CN110941486A (en) | Task management method and device, electronic equipment and computer readable storage medium | |
| CN109714214A (en) | A kind of processing method and management equipment of server exception | |
| CN112650614A (en) | Call chain monitoring method and device, electronic equipment and storage medium | |
| CN108848501B (en) | Number management method and device and server | |
| CN111124791A (en) | System testing method and device | |
| CN112541810A (en) | Risk handling method and device for business data and computer readable storage medium | |
| CN114281549A (en) | Data processing method and device | |
| CN111198986A (en) | Information sending method and device, electronic equipment and storage medium | |
| CN111698266A (en) | Service node calling method, device, equipment and readable storage medium | |
| CN115080355B (en) | Method and device for generating monitoring log |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40039752 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |