CN113159778B - Financial fraud detection method and device - Google Patents
Financial fraud detection method and device Download PDFInfo
- Publication number
- CN113159778B CN113159778B CN202011552836.4A CN202011552836A CN113159778B CN 113159778 B CN113159778 B CN 113159778B CN 202011552836 A CN202011552836 A CN 202011552836A CN 113159778 B CN113159778 B CN 113159778B
- Authority
- CN
- China
- Prior art keywords
- node
- account
- abnormal
- departure
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 14
- 230000002159 abnormal effect Effects 0.000 claims abstract description 83
- 238000000034 method Methods 0.000 claims abstract description 37
- 238000003062 neural network model Methods 0.000 claims abstract description 21
- 238000004364 calculation method Methods 0.000 claims abstract description 18
- 230000000644 propagated effect Effects 0.000 claims 1
- 230000006978 adaptation Effects 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 210000002268 wool Anatomy 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 5
- 230000002776 aggregation Effects 0.000 description 3
- 238000004220 aggregation Methods 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
- G06Q30/0185—Product, service or business identity fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Mathematical Physics (AREA)
- General Engineering & Computer Science (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Entrepreneurship & Innovation (AREA)
- Technology Law (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The disclosure provides a method and a device for detecting financial fraud, relates to the field of financial wind control, and can solve the problem that financial fraud partners are difficult to identify in the prior art. The specific technical scheme is as follows: firstly, obtaining target graph data; then, learning a graph neural network model on the target graph data to obtain an abnormal account; according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant; and finally, according to the abnormal merchant, running a graph algorithm on the target graph data to obtain the associated merchant and the associated account. The present disclosure is for detection of financial fraud.
Description
Technical Field
The disclosure relates to the technical field of financial wind control, in particular to a method and a device for detecting financial fraud.
Background
At present, the group partner is a serious problem in the field of financial fraud, and a plurality of group partner organizations, such as retail terminal pos machine card raising group partner, can be mined in the cases of cashing, lawying illegally obtained, maliciously drawing wool and the like.
In the field of finance anti-fraud, monitoring and recognition of anomalies are generally based on complex rule models, a large number of recognition strategies are written by using experience of business personnel, and malicious targets are captured by adjusting thresholds and weights. This approach is not only difficult to maintain, but also poor in accuracy, and more importantly, can generally only be determined and predicted with a single target as the object, and it is difficult to grasp potentially malicious rogue organizations from a partner perspective.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for detecting financial fraud, which can solve the problem that the financial fraud partner is difficult to identify in the prior art. The technical scheme is as follows:
according to a first aspect of embodiments of the present disclosure, there is provided a method of detecting financial fraud, the method comprising:
obtaining target graph data;
performing graph neural network model learning on the target graph data to obtain an abnormal account;
according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant;
and running a graph algorithm on the target graph data according to the abnormal merchant to obtain an associated merchant and an associated account.
The method for detecting the financial fraud, provided by the embodiment of the disclosure, comprises the steps of firstly obtaining target graph data; then, learning a graph neural network model on the target graph data to obtain an abnormal account; according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant; and finally, according to the abnormal merchant, running a graph algorithm on the target graph data to obtain the associated merchant and the associated account. According to the target graph data, after a single abnormal account and an abnormal merchant are obtained, malicious fraud partners are mined through a graph algorithm. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
In one embodiment, obtaining target graph data includes:
acquiring original data, wherein the original data comprises debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
extracting the target graph data in the graph database.
According to the embodiment of the disclosure, the original data is obtained through the method, and the node characteristics and the edge characteristics are added to the original data to form the graph database.
In one embodiment, after the target graph data is subjected to graph neural network model learning, the method further comprises:
and obtaining the weight value of each two adjacent node continuous edges in the target graph data.
In one embodiment, performing graph computation on the target graph data according to the abnormal account, and obtaining the abnormal merchant includes:
and according to the abnormal account, carrying out graph calculation based on account node characteristics, merchant node characteristics and transaction flow information side characteristics on the target graph data to obtain an abnormal merchant, wherein the transaction flow information at least comprises one of transaction amount, type and access degree.
In one embodiment, running a graph algorithm on the target graph data according to the abnormal merchant, obtaining an associated merchant and an associated account includes:
acquiring an association value of an ith departure node and N destination nodes corresponding to a first-order neighbor node of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
acquiring an association value of each destination node in the N destination nodes, wherein the association value of each destination node is the association value of the ith departure node and a weight value of the boundary between the ith departure node and the destination node;
determining each destination node in the N destination nodes as an i+1th departure node, and acquiring an association value of the i+1th departure node and M destination nodes corresponding to first-order neighbor nodes of the i+1th departure node, wherein M is more than or equal to 1;
outputting merchants with association values larger than or equal to a first preset threshold value, with the number of fraudulent transactions larger than a second preset threshold value and the proportion of the number of fraudulent transactions larger than a third preset threshold value after repeating for preset times, and determining the merchants as the associated merchants;
and outputting that the association value is larger than or equal to a fourth preset threshold value, and determining that the account is the account of the abnormal account as the association account.
In one embodiment, when i=1, the ith departure node is the abnormal merchant, and the association value of the ith departure node is set to be a fifth preset threshold.
According to a second aspect of embodiments of the present disclosure, there is provided a detection apparatus for financial fraud, including a first acquisition module, a second acquisition module, a third acquisition module, and a fourth acquisition module;
the first acquisition module is used for acquiring target graph data;
the second acquisition module is used for performing graph neural network model learning on the target graph data to acquire an abnormal account;
the third obtaining module is used for carrying out graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant;
and the fourth acquisition module is used for running a graph algorithm on the target graph data according to the abnormal merchant to acquire an associated merchant and an associated account.
The financial fraud detection device provided by the embodiment of the disclosure comprises a first acquisition module, a second acquisition module, a third acquisition module and a fourth acquisition module; the first acquisition module acquires target graph data; the second acquisition module performs graph neural network model learning on the target graph data to acquire an abnormal account; the third acquisition module performs graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant; and the fourth acquisition module runs a graph algorithm on the target graph data according to the abnormal merchant to acquire the associated merchant and the associated account. According to the target graph data, after a single abnormal account and an abnormal merchant are obtained, malicious fraud partners are mined through a graph algorithm. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
In one embodiment, the first obtaining module is specifically configured to obtain raw data, where the raw data includes debit card information of an account, credit card information, and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
extracting the target graph data in the graph database.
In one embodiment, the second obtaining module is further configured to obtain a weight value of each two adjacent node edges in the target graph data.
In one embodiment, the fourth acquisition module includes a first acquisition unit, a second acquisition unit, a determination unit, and an output unit:
the first acquisition unit is used for acquiring the association value of the ith departure node and N destination nodes corresponding to the first-order neighbor nodes of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
the second obtaining unit is configured to obtain an association value of each destination node in the N destination nodes, where the association value of each destination node is an association value of the i-th departure node and a weight value of an edge between the i-th departure node and the destination node;
the determining unit is used for determining each destination node in the N destination nodes as an i+1th departure node;
the first obtaining unit is further configured to obtain an association value of an i+1st departure node and M destination nodes corresponding to first-order neighboring nodes of the i+1st departure node, where M is greater than or equal to 1;
the output unit is used for outputting merchants with association values larger than or equal to a first preset threshold, the number of fraudulent transactions larger than a second preset threshold and the proportion of the number of fraudulent transactions larger than a third preset threshold, and determining the merchants as associated merchants;
the output unit is further configured to output an account whose association value is greater than or equal to a fourth preset threshold, and is the abnormal account, and determine that the account is an associated account.
According to a third aspect of embodiments of the present disclosure, there is provided a financial fraud detection apparatus comprising a processor and a memory having stored therein at least one computer instruction loaded and executed by the processor to implement the steps performed in the financial fraud detection method of any of the above.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored therein at least one computer instruction loaded and executed by a processor to implement the steps performed in the method of detecting financial fraud of any of the above.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a method for detecting financial fraud provided by an embodiment of the present disclosure;
FIG. 2 is a flow chart of a method for detecting financial fraud provided by an embodiment of the present disclosure;
FIG. 3 is a block diagram of a financial fraud detection apparatus provided by an embodiment of the present disclosure;
fig. 4 is a block diagram of a financial fraud detection apparatus provided in an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of systems and methods that are consistent with some aspects of the present disclosure, as detailed in the accompanying claims.
In general, for the case of anti-fraud in finance, such as prevention of various illegitimate effects, consider general data entry including debit card of an account, credit card information, transaction flow, and information of an acquiring merchant. The present disclosure defines a network-type group behavior that a malicious group organization centers on one or more malicious fraudulent merchants, plus malicious fraudulent accounts associated with them, and other fraudulent merchants associated with these accounts, and so on and spreads. Based on this, an embodiment of the present disclosure provides a method for detecting financial fraud, as shown in fig. 1, including the following steps:
step 101, obtaining target graph data;
in one embodiment, obtaining target graph data includes:
acquiring original data, wherein the original data comprises debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
target graph data is extracted from a graph database.
Specifically, account debit card information, credit card information, transaction flow information, and the like in the relational database are exported and stored in a graph database representing the transaction network. The graph data structure is composed of nodes and edges and their attributes, in this disclosure, account and merchant information is stored in the form of nodes on the graph and transaction flow information is stored in the form of edges on the graph.
According to the embodiment of the disclosure, the original data is obtained through the method, and the node characteristics and the edge characteristics are added to the original data to form the graph database.
Step 102, learning a graph neural network model on target graph data to obtain an abnormal account;
in the embodiment of the disclosure, drawing data is extracted from a drawing database, is imported into an existing drawing neural network model for learning, and a malicious mark, namely an abnormal account, for a single user is obtained to indicate whether the single user has abnormal behaviors or not.
In one embodiment, after learning the graph neural network model on the target graph data, the method further includes:
and obtaining the weight value of each two adjacent node continuous edges in the target graph data.
And 103, carrying out graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant.
In one embodiment, performing graph computation on the target graph data according to the abnormal account, obtaining the abnormal merchant includes:
and according to the abnormal account, performing graph calculation based on account node characteristics, merchant node characteristics and transaction flow information side characteristics on the target graph data to obtain abnormal merchants, wherein the transaction flow information at least comprises one of transaction amount, type and access degree.
Specifically, target graph data is extracted from a graph database, and based on graph calculation of accounts, merchants and related attributes of transaction information (including transaction amount, type, access degree and the like), merchants suspected to be in malicious fraud group organizations, namely abnormal merchants, are obtained.
And 104, running a graph algorithm on the target graph data according to the abnormal merchant to obtain the associated merchant and the associated account.
In one embodiment, running a graph algorithm on the target graph data according to the abnormal merchant, obtaining the associated merchant and the associated account includes:
acquiring an association value of an ith departure node and N destination nodes corresponding to a first-order neighbor node of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
acquiring an association value of each destination node in N destination nodes, wherein the association value of each destination node is the association value of the ith departure node and the weight value of the connecting edge of the ith departure node and the destination node;
each destination node in the N destination nodes is determined to be an i+1th departure node, and an association value of the i+1th departure node and M destination nodes corresponding to first-order neighbor nodes of the i+1th departure node are obtained, wherein M is more than or equal to 1;
outputting merchants with association values larger than or equal to a first preset threshold value, with the number of fraudulent transactions larger than a second preset threshold value and the proportion of the number of fraudulent transactions larger than a third preset threshold value after repeating for preset times, and determining the merchants as the associated merchants;
and outputting an account with the association value being greater than or equal to a fourth preset threshold value and being an abnormal account, and determining the account as an association account.
In one embodiment, when i=1, the ith departure node is an abnormal merchant, and the association value of the ith departure node is set to be a fifth preset threshold.
In the step, based on the abnormal merchant, a graph algorithm is operated, the information propagation and aggregation are completed, and the associated account and the associated merchant with larger association degree with the abnormal merchant are output.
Specifically, the method acts on the extracted abnormal merchant.
(a) Setting the "association value" score of all the nodes at the beginning to be the fifth preset threshold, in this embodiment, the association value may be set to 0.
(b) The first time takes an abnormal merchant node as a departure node and a plurality of first-order neighbor nodes thereof as a destination node set. The method comprises the steps that a starting node carries out fraction propagation on a destination node, a weight value of a connecting edge of the starting node and a destination node unfolding node is recorded as a propagation value, and the association value of each destination node is calculated as the sum of the association value and the propagation value of the starting node according to the propagation value obtained by a graph neural network model.
(c) The new set of departure nodes is the destination node of the previous propagation, and the new set of destination nodes is the first-order neighbor of the new set of departure nodes. Wherein the set of departure nodes does not contain a repeating element, and the set of destination nodes may contain a repeating element.
(d) Repeating for several times, and ending. Outputting a plurality of suspicious merchant nodes, namely associated merchants, with the association value being greater than or equal to a first preset threshold value, the fraudulent transaction quantity being greater than a second preset threshold value and the proportion of the fraudulent transaction quantity being greater than a third preset threshold value; and outputting a plurality of account nodes with the association value being larger than or equal to a fourth preset threshold value and added with abnormal accounts by the graph neural network model, namely associating the accounts.
The method for detecting the financial fraud, provided by the embodiment of the disclosure, comprises the steps of firstly obtaining target graph data; then, learning a graph neural network model on the target graph data to obtain an abnormal account; according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant; and finally, according to the abnormal merchant, running a graph algorithm on the target graph data to obtain the associated merchant and the associated account. According to the target graph data, after a single abnormal account and an abnormal merchant are obtained, malicious fraud partners are mined through a graph algorithm. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
Another embodiment of the present disclosure provides a method for detecting financial fraud, as shown in fig. 2, including the steps of:
step 201, data preprocessing and conversion
Account debit card information, credit card information, transaction flow information, etc. in the relational database are exported and stored in a graph database representing the transaction network. The graph data structure is composed of nodes and edges and their attributes, in this disclosure, account and merchant information is stored in the form of nodes on the graph and transaction flow information is stored in the form of edges on the graph.
Step 202, outputting single-target marking result
Drawing data is extracted from a drawing database, drawing neural network models are imported for training, malicious marks aiming at single users are obtained, whether the single users have abnormal behaviors or not is identified, and weight values of edges of every two adjacent nodes in target drawing data are shown.
Step 203, suspicious fraud merchant extraction
Drawing data is extracted from the drawing database, and based on drawing calculation of accounts, merchants and related attributes of transaction information (including transaction amount, type, access degree and the like), the merchants suspected to be in the malicious fraud group organization are obtained.
Step 204, associating merchant and account output
Based on the suspected fraudulent merchant, a graph algorithm is operated, information propagation and aggregation are completed, and an account and merchant with larger association degree with the suspected fraudulent merchant are output.
With respect to the graph algorithm, specifically, acts on each suspected fraudster merchant node extracted in (3).
(a) The concept of 'association value' is introduced, and initially, the score of 'association value' of all nodes is 0.
(b) For the first time, a specific suspicious fraud node is taken as a departure node, and a first-order neighbor node is taken as a destination node. The starting point performs fractional propagation to the destination point, and the destination point, namely the first-order neighbor node, receives the fraction as a weight value connected with the expansion node and marks the weight value as a propagation value.
(c) The 'association value' of the first-order neighbor node, namely the numerical sum of the original 'association value' and the received 'propagation value', is updated.
(d) The new set of departure nodes is the destination node of the previous propagation, and the new set of destination nodes is the first-order neighbor of the new set of departure nodes. Note that (i) the set of departure nodes does not contain a repeating element, and the set of destination nodes may contain a repeating element. (ii) Each node can only appear at most once in the set of departure nodes.
(e) The new departure node performs fractional propagation to the new destination node, and the propagation and updating method is the same as the steps (b) and (c). Thereafter, updating the set of departure nodes and the set of destination nodes, the method being the same as step (d).
(f) Repeating the step (e) for a plurality of times, and ending. Outputting a plurality of suspicious merchant nodes with the association value being larger than or equal to a first preset threshold value, the fraudulent transaction quantity being larger than a second preset threshold value and the proportion of the fraudulent transaction quantity being larger than a third preset threshold value, and outputting a plurality of account nodes with the association value being larger than or equal to a fourth preset threshold value and the suspicious malicious marks being added by the graphic neural network model (namely, the mark output in the step 2). These merchants, accounts and target suspected fraudulent merchants constitute malicious fraudulent parties. The accuracy is higher through the manual verification.
Step 205, output iteration update
Along with the continuous updating of the graph neural network model in the prior art, account marks are updated continuously, and weights of nodes and edges on the graph are updated. Correspondingly, the graph algorithm continuously performs parallel calculation, updates suspected malicious and fraudulent party, and completes timing output for analysis and management and control of business personnel.
The financial fraud partner detection algorithm based on the transaction map provided by the embodiment of the disclosure uses a graph data structure to represent target attributes in relational data and transaction flow information. On the premise of taking a graph neural network as a bottom layer model basis, malicious behavior labels aiming at single targets are obtained, and then through the graph algorithm disclosed by the application, information propagation and aggregation are completed, and a sub-graph structure formed by a plurality of targets with high relevance is excavated, namely suspected malicious and fraudulent groups are obtained. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
Based on the above-described method for detecting financial fraud in the corresponding embodiments of fig. 1 and 2, the following embodiments of the apparatus of the present disclosure may be used to execute the embodiments of the method of the present disclosure.
The embodiment of the disclosure provides a financial fraud detection apparatus, as shown in fig. 3, the apparatus 30 includes a first acquisition module 301, a second acquisition module 302, a third acquisition module 303, and a fourth acquisition module 304;
a first obtaining module 301, configured to obtain target graph data;
the second obtaining module 302 is configured to perform graph neural network model learning on the target graph data to obtain an abnormal account;
a third obtaining module 303, configured to perform graph computation on the target graph data according to the abnormal account, to obtain an abnormal merchant;
and the fourth obtaining module 304 is configured to run a graph algorithm on the target graph data according to the abnormal merchant, and obtain the associated merchant and the associated account.
The device for detecting financial fraud provided by the embodiment of the disclosure includes a first acquisition module 301, a second acquisition module 302, a third acquisition module 303, and a fourth acquisition module 304; the first acquisition module 301 acquires target map data; the second acquisition module 302 performs graph neural network model learning on the target graph data to acquire an abnormal account; the third obtaining module 303 performs graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant; and the fourth acquisition module 304 runs a graph algorithm on the target graph data according to the abnormal merchant to acquire the associated merchant and the associated account. According to the target graph data, after a single abnormal account and an abnormal merchant are obtained, malicious fraud partners are mined through a graph algorithm. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
In one embodiment, the first obtaining module 301 is specifically configured to obtain raw data, where the raw data includes debit card information of an account, credit card information, and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
target graph data is extracted from a graph database.
In one embodiment, the second obtaining module 302 is further configured to obtain a weight value of each two adjacent node edges in the target graph data.
In one embodiment, as shown in fig. 4, the fourth acquisition module 304 includes a first acquisition unit 3041, a second acquisition unit 3042, a determination unit 3043, and an output unit 3044:
a first obtaining unit 3041, configured to obtain an association value of an ith departure node and N destination nodes corresponding to a first-order neighboring node of the ith departure node, where i is greater than or equal to 1, and N is greater than or equal to 1;
a second obtaining unit 3042, configured to obtain an association value of each destination node in the N destination nodes, where the association value of each destination node is an association value of an ith departure node and a weight value of an edge between the ith departure node and the destination node;
a determining unit 3043 configured to determine each of the N destination nodes as an i+1th departure node;
the first obtaining unit 3041 is further configured to obtain an association value of the (i+1) th departure node and M destination nodes corresponding to the first-order neighboring nodes of the (i+1) th departure node, where M is greater than or equal to 1;
an output unit 3044, configured to output merchants with association values greater than or equal to a first preset threshold, fraudulent transaction numbers greater than a second preset threshold, and a proportion of the fraudulent transaction numbers greater than a third preset threshold, and determine the merchants as associated merchants;
the output unit 3044 is further configured to output an account whose association value is greater than or equal to the fourth preset threshold value and is an abnormal account, and determine that the account is an associated account.
Based on the above-described method for detecting a financial fraud in the corresponding embodiment of fig. 1 and 2, another embodiment of the present disclosure further provides a device for detecting a financial fraud, where the device for detecting a financial fraud includes a processor and a memory, and at least one computer instruction is stored in the memory, and the instruction is loaded and executed by the processor to implement the method for detecting a financial fraud described in the corresponding embodiment of fig. 1 and 2.
Based on the above-described detection method of financial fraud in the corresponding embodiments of fig. 1 and 2, the embodiments of the present disclosure also provide a computer readable storage medium, for example, a non-transitory computer readable storage medium may be a Read Only Memory (ROM), a random access Memory (english: random Access Memory, RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The storage medium stores at least one computer instruction for executing the method for detecting financial fraud described in the embodiments corresponding to fig. 1 and fig. 2, which are not described herein.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (5)
1. A method of detecting financial fraud, the method comprising:
obtaining target map data, the obtaining target map data comprising: acquiring original data, wherein the original data comprises debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information; extracting the target graph data in the graph database;
performing graph neural network model learning on the target graph data to obtain an abnormal account;
according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant;
running a graph algorithm on the target graph data according to the abnormal merchant to obtain an associated merchant and an associated account;
after the learning of the graph neural network model is performed on the target graph data, the method further comprises: obtaining the weight value of each two adjacent node connecting edges in the target graph data;
and running a graph algorithm on the target graph data according to the abnormal merchant, wherein the obtaining of the associated merchant and the associated account comprises the following steps:
acquiring an association value of an ith departure node and N destination nodes corresponding to a first-order neighbor node of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
acquiring an association value of each destination node in the N destination nodes, wherein the association value of each destination node is the sum of the association value of the ith departure node and a weight value of the connection edge of the ith departure node and the destination node;
determining each destination node in the N destination nodes as an i+1th departure node, and acquiring an association value of the i+1th departure node and M destination nodes corresponding to first-order neighbor nodes of the i+1th departure node, wherein M is more than or equal to 1;
after repeating the preset times, outputting merchants with association values larger than or equal to a first preset threshold, wherein the number of fraudulent transactions is larger than a second preset threshold and the proportion of the number of fraudulent transactions is larger than a third preset threshold, determining the merchants as associated merchants, outputting accounts with association values larger than or equal to a fourth preset threshold and being the abnormal accounts, and determining the accounts as associated accounts;
when i=1, the ith departure node is the abnormal merchant, and the association value of the ith departure node is set as a fifth preset threshold;
specifically, at each suspected fraudulent merchant node is extracted using graph calculations:
(a) Introducing an associated value concept, wherein the score of the associated value of all nodes is 0 at the beginning;
(b) Firstly, taking a specific suspicious fraud node as a departure node, taking a first-order neighbor node of the specific suspicious fraud node as a destination node, and carrying out fraction propagation on the departure node to the destination node; the destination node, namely a first-order neighbor node, receives the weight value of which the score is connected with the unfolded node and marks the weight value as a propagation value;
(c) Updating the 'association value' of the first-order neighbor node, namely, the numerical sum of the original 'association value' and the received 'propagation value';
(d) The new set of departure nodes is a destination node propagated the previous time, and the new set of destination nodes is a first-order neighbor of the new set of departure nodes; note that (i) the set of departure nodes does not contain a repeating element, and the set of destination nodes may contain a repeating element; (ii) Each node can only appear once in the set of departure nodes at most;
(e) The new departure node performs fraction propagation to the new destination node, and the propagation and updating methods are the same as the steps (b), (c); updating the set of departure nodes and the set of destination nodes, wherein the method is the same as the step (d);
(f) Repeating the step (e) for a plurality of times and ending; outputting a plurality of suspicious merchant nodes with the association value being larger than or equal to a first preset threshold value, the fraudulent transaction quantity being larger than a second preset threshold value and the proportion of the fraudulent transaction quantity being larger than a third preset threshold value, outputting a plurality of account nodes with the association value being larger than or equal to a fourth preset threshold value and being added with suspicious malicious marks by a graph neural network model, wherein the merchants, the accounts and target suspicious fraudulent merchants form a malicious fraud group.
2. The method according to claim 1, wherein the performing graph calculation on the target graph data according to the abnormal account, and obtaining an abnormal merchant comprises:
and according to the abnormal account, carrying out graph calculation based on account node characteristics, merchant node characteristics and transaction flow information side characteristics on the target graph data to obtain an abnormal merchant, wherein the transaction flow information at least comprises one of transaction amount, type and access degree.
3. A financial fraud detection apparatus, adapted to perform the financial fraud detection method of any of claims 1-2, the apparatus comprising: the device comprises a first acquisition module, a second acquisition module, a third acquisition module and a fourth acquisition module;
the first acquisition module is used for acquiring target graph data;
the second acquisition module is used for performing graph neural network model learning on the target graph data to acquire an abnormal account;
the third obtaining module is used for carrying out graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant;
the fourth obtaining module is used for running a graph algorithm on the target graph data according to the abnormal merchant to obtain an associated merchant and an associated account;
the fourth acquisition module comprises a first acquisition unit, a second acquisition unit, a determination unit and an output unit:
the first acquisition unit is used for acquiring the association value of the ith departure node and N destination nodes corresponding to the first-order neighbor nodes of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
the second obtaining unit is configured to obtain an association value of each destination node in the N destination nodes, where the association value of each destination node is a sum of the association value of the i-th departure node and a weight value of a boundary between the i-th departure node and the destination node;
the determining unit is used for determining each destination node in the N destination nodes as an i+1th departure node;
the first obtaining unit is further configured to obtain an association value of an i+1st departure node and M destination nodes corresponding to first-order neighboring nodes of the i+1st departure node, where M is greater than or equal to 1;
the output unit is used for outputting merchants with association values larger than or equal to a first preset threshold, the number of fraudulent transactions larger than a second preset threshold and the proportion of the number of fraudulent transactions larger than a third preset threshold, and determining the merchants as associated merchants; and outputting that the association value is larger than or equal to a fourth preset threshold value, and determining that the account is the account of the abnormal account as the association account.
4. The apparatus according to claim 3, wherein the first obtaining module is specifically configured to obtain raw data, where the raw data includes debit card information of an account, credit card information, and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
extracting the target graph data in the graph database.
5. The apparatus according to claim 4, wherein the second obtaining module is further configured to obtain a weight value of each two adjacent node edges in the target graph data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011552836.4A CN113159778B (en) | 2020-12-24 | 2020-12-24 | Financial fraud detection method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011552836.4A CN113159778B (en) | 2020-12-24 | 2020-12-24 | Financial fraud detection method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113159778A CN113159778A (en) | 2021-07-23 |
CN113159778B true CN113159778B (en) | 2023-11-24 |
Family
ID=76877995
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011552836.4A Active CN113159778B (en) | 2020-12-24 | 2020-12-24 | Financial fraud detection method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113159778B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116433345B (en) * | 2023-05-05 | 2024-05-24 | 意数信息技术(上海)有限公司 | AI-based fraudulent activity analysis method and digital financial product service system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108174296A (en) * | 2018-01-02 | 2018-06-15 | 武汉斗鱼网络科技有限公司 | Malicious user recognition methods and device |
CN108734275A (en) * | 2017-04-24 | 2018-11-02 | 英特尔公司 | Hardware I P optimizes convolutional neural networks |
CN110555455A (en) * | 2019-06-18 | 2019-12-10 | 东华大学 | Online transaction fraud detection method based on entity relationship |
CN111291760A (en) * | 2020-02-12 | 2020-06-16 | 北京迈格威科技有限公司 | Semantic segmentation method and device for image and electronic equipment |
CN111428217A (en) * | 2020-04-12 | 2020-07-17 | 中信银行股份有限公司 | Method and device for identifying cheat group, electronic equipment and computer readable storage medium |
CN111753915A (en) * | 2020-06-29 | 2020-10-09 | 广东浪潮大数据研究有限公司 | Image processing device, method, equipment and medium |
CN111784502A (en) * | 2020-06-30 | 2020-10-16 | 中国工商银行股份有限公司 | Abnormal transaction account group identification method and device |
CN112044082A (en) * | 2020-08-28 | 2020-12-08 | 腾讯科技(深圳)有限公司 | Information detection method and device and computer readable storage medium |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7107520B2 (en) * | 2002-11-18 | 2006-09-12 | Hewlett-Packard Development Company, L.P. | Automated propagation of document metadata |
US10467528B2 (en) * | 2015-08-11 | 2019-11-05 | Oracle International Corporation | Accelerated TR-L-BFGS algorithm for neural network |
US11531780B2 (en) * | 2019-05-15 | 2022-12-20 | International Business Machines Corporation | Deep learning-based identity fraud detection |
-
2020
- 2020-12-24 CN CN202011552836.4A patent/CN113159778B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108734275A (en) * | 2017-04-24 | 2018-11-02 | 英特尔公司 | Hardware I P optimizes convolutional neural networks |
CN108174296A (en) * | 2018-01-02 | 2018-06-15 | 武汉斗鱼网络科技有限公司 | Malicious user recognition methods and device |
CN110555455A (en) * | 2019-06-18 | 2019-12-10 | 东华大学 | Online transaction fraud detection method based on entity relationship |
CN111291760A (en) * | 2020-02-12 | 2020-06-16 | 北京迈格威科技有限公司 | Semantic segmentation method and device for image and electronic equipment |
CN111428217A (en) * | 2020-04-12 | 2020-07-17 | 中信银行股份有限公司 | Method and device for identifying cheat group, electronic equipment and computer readable storage medium |
CN111753915A (en) * | 2020-06-29 | 2020-10-09 | 广东浪潮大数据研究有限公司 | Image processing device, method, equipment and medium |
CN111784502A (en) * | 2020-06-30 | 2020-10-16 | 中国工商银行股份有限公司 | Abnormal transaction account group identification method and device |
CN112044082A (en) * | 2020-08-28 | 2020-12-08 | 腾讯科技(深圳)有限公司 | Information detection method and device and computer readable storage medium |
Non-Patent Citations (1)
Title |
---|
基于神经网络的多孔泡沫金属磁流变液阻尼器模型;姚行艳;喻其炳;陈志强;李川;;重庆工商大学学报(自然科学版)(03);9-12 * |
Also Published As
Publication number | Publication date |
---|---|
CN113159778A (en) | 2021-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
De Roux et al. | Tax fraud detection for under-reporting declarations using an unsupervised machine learning approach | |
CN108734380B (en) | Risk account determination method and device and computing equipment | |
WO2022121145A1 (en) | Ethereum phishing scam detection method and apparatus based on graph classification | |
CN110390465A (en) | Air control analysis and processing method, device and the computer equipment of business datum | |
CN107730262A (en) | One kind fraud recognition methods and device | |
CN106709800A (en) | Community partitioning method and device based on characteristic matching network | |
CN106897930A (en) | A kind of method and device of credit evaluation | |
CN106779278A (en) | The evaluation system of assets information and its treating method and apparatus of information | |
CN108492001A (en) | A method of being used for guaranteed loan network risk management | |
CN109840676B (en) | Big data-based wind control method and device, computer equipment and storage medium | |
KR102005733B1 (en) | Block chain-based person-to-person financial service offering system using credit rating assessment result drawn on online big data analysis | |
CN113657896A (en) | Block chain transaction topological graph analysis method and device based on graph neural network | |
CN111179089B (en) | Money laundering transaction identification method, device and equipment | |
CN113159778B (en) | Financial fraud detection method and device | |
CN110991650A (en) | Method and device for training card maintenance identification model and identifying card maintenance behavior | |
CN111160695A (en) | Method, system, device and storage medium for identifying risk account of computer operation | |
CN101295388A (en) | Credit estimation method and system | |
CN111260372B (en) | Resource transfer user group determination method, device, computer equipment and storage medium | |
CN107679862B (en) | Method and device for determining characteristic value of fraud transaction model | |
CN112966728A (en) | Transaction monitoring method and device | |
CN112967053A (en) | Method and device for detecting fraudulent transactions | |
CN112819175A (en) | Method, device, equipment and storage medium for identifying illegal legal account | |
CN110458570A (en) | Risk trade control and configuration method and its system | |
CN110619564B (en) | Anti-fraud feature generation method and device | |
CN113159924A (en) | Method and device for determining trusted client object |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |