CN113344453A - Risk monitoring method, device, system, storage medium and equipment - Google Patents
Risk monitoring method, device, system, storage medium and equipment Download PDFInfo
- Publication number
- CN113344453A CN113344453A CN202110757389.4A CN202110757389A CN113344453A CN 113344453 A CN113344453 A CN 113344453A CN 202110757389 A CN202110757389 A CN 202110757389A CN 113344453 A CN113344453 A CN 113344453A
- Authority
- CN
- China
- Prior art keywords
- model
- request data
- risk
- wind control
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000012544 monitoring process Methods 0.000 title claims abstract description 32
- 239000013598 vector Substances 0.000 claims abstract description 49
- 238000012806 monitoring device Methods 0.000 claims abstract description 11
- 238000012549 training Methods 0.000 claims description 60
- 238000012545 processing Methods 0.000 claims description 24
- 238000013527 convolutional neural network Methods 0.000 claims description 14
- 238000011156 evaluation Methods 0.000 claims description 13
- 238000004458 analytical method Methods 0.000 claims description 2
- 238000012502 risk assessment Methods 0.000 abstract description 15
- 230000000694 effects Effects 0.000 abstract description 7
- 238000012552 review Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000011158 quantitative evaluation Methods 0.000 description 3
- 230000004913 activation Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
- G06Q10/06393—Score-carding, benchmarking or key performance indicator [KPI] analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Human Resources & Organizations (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Theoretical Computer Science (AREA)
- Entrepreneurship & Innovation (AREA)
- General Physics & Mathematics (AREA)
- Economics (AREA)
- Data Mining & Analysis (AREA)
- Educational Administration (AREA)
- Marketing (AREA)
- Development Economics (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Molecular Biology (AREA)
- General Health & Medical Sciences (AREA)
- Evolutionary Computation (AREA)
- Game Theory and Decision Science (AREA)
- Computational Linguistics (AREA)
- Biophysics (AREA)
- Biomedical Technology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a risk monitoring method, a risk monitoring device, a risk monitoring system, a storage medium and a risk monitoring device, wherein the corresponding relation between an event type and a wind control model is configured in advance. And under the condition of receiving request data sent from the outside, analyzing the request data to obtain the type of the target event. And determining a wind control model corresponding to the target event type based on the corresponding relation. And if the corresponding wind control model is the regular model, acquiring a request result of the request data, and inputting the request result into the regular model to obtain the risk level. And if the corresponding wind control model is an intelligent model, embedding the request data to obtain a vector, and inputting the vector into the intelligent model to obtain a risk score. The rule model can realize the configuration of dynamic rules (namely risk rules) and take effect in real time, and the rule model is combined with the intelligent model, so that the workload of manual review can be effectively reduced compared with the prior art. And moreover, the risk assessment is carried out by using the intelligent model, so that the reliability is higher.
Description
Technical Field
The present application relates to the field of big data processing technologies, and in particular, to a risk monitoring method, apparatus, system, storage medium, and device.
Background
Risk monitoring has always been an important module required for each business item (e.g., activity class, user-generated content class). According to the traditional risk monitoring scheme, risk data are processed mainly through key word filtering, blacklist, rule, manual auditing and the like. However, the conventional risk monitoring scheme often takes a long time to configure the risk rule, and needs to check the risk data manually, so that the reliability of risk assessment is low, and the labor cost is too high.
Therefore, how to improve the reliability of risk assessment under the condition of controllable labor cost becomes a problem to be solved urgently in the field.
Disclosure of Invention
The application provides a risk monitoring method, a risk monitoring device, a risk monitoring system, a storage medium and a risk monitoring device, and aims to improve the reliability of risk assessment under the condition that the labor cost is controllable.
In order to achieve the above object, the present application provides the following technical solutions:
a risk monitoring method, comprising:
presetting a corresponding relation between an event type and a wind control model; the wind control model comprises a regular model and an intelligent model; the rule model is constructed based on a preset corresponding relation between the risk rule and the risk level; the intelligent model is obtained by training based on taking a training sample as the input of a convolutional neural network and taking a risk score of the pre-labeled training sample as a training target, wherein the training sample comprises a vector sample which is obtained by embedding sample request data;
under the condition of receiving request data sent from the outside, analyzing the request data to obtain a target event type;
determining a wind control model corresponding to the target event type based on the corresponding relation;
if the wind control model corresponding to the target event type is the rule model, acquiring a request result of the request data, and inputting the request result into the rule model to obtain a risk level output by the rule model;
and if the wind control model corresponding to the target event type is the intelligent model, embedding the request data to obtain a vector, and inputting the vector into the intelligent model to obtain a risk score output by the intelligent model.
Optionally, if the wind control model corresponding to the target event type is the rule model, obtaining a request result of the request data includes:
asynchronously writing each request data sent from the outside into a preset message queue in advance;
performing streaming processing on the request data contained in the message queue to obtain each value of a preset abstract field;
taking the sum of all the values as a request result of the request data, and storing the request result in a preset database;
and if the wind control model corresponding to the target event type is the rule model, reading a request result of the request data from the database.
Optionally, after the inputting the request result into the rule model and obtaining the risk level output by the rule model, the method further includes:
and prompting the user that the requested data has risks under the condition that the risk level output by the rule model is greater than a preset level.
Optionally, after the vector is input into the intelligent model and a risk score output by the intelligent model is obtained, the method further includes:
and prompting the user that the requested data has risks under the condition that the risk score output by the intelligent model is larger than a preset threshold value.
A risk monitoring device comprising:
the configuration unit is used for configuring the corresponding relation between the event type and the wind control model in advance; the wind control model comprises a regular model and an intelligent model; the rule model is constructed based on a preset corresponding relation between the risk rule and the risk level; the intelligent model is obtained by training based on taking a training sample as the input of a convolutional neural network and taking a risk score of the pre-labeled training sample as a training target, wherein the training sample comprises a vector sample which is obtained by embedding sample request data;
the analysis unit is used for analyzing the request data to obtain a target event type under the condition of receiving the request data sent from the outside;
the determining unit is used for determining a wind control model corresponding to the target event type based on the corresponding relation;
the first evaluation unit is used for acquiring a request result of the request data if the wind control model corresponding to the target event type is the rule model, and inputting the request result into the rule model to obtain the risk level output by the rule model;
and the second evaluation unit is used for embedding the request data to obtain a vector if the wind control model corresponding to the target event type is the intelligent model, and inputting the vector into the intelligent model to obtain the risk score output by the intelligent model.
Optionally, the first evaluation unit is specifically configured to:
asynchronously writing each request data sent from the outside into a preset message queue in advance;
performing streaming processing on the request data contained in the message queue to obtain each value of a preset abstract field;
taking the sum of all the values as a request result of the request data, and storing the request result in a preset database;
and if the wind control model corresponding to the target event type is the rule model, reading a request result of the request data from the database.
Optionally, the method further includes:
the prompting unit is used for prompting a user that the requested data has risks under the condition that the risk level output by the rule model is greater than a preset level;
the prompting unit is further used for prompting the user that the requested data has risks under the condition that the risk score output by the intelligent model is larger than a preset threshold value.
A risk monitoring system comprising:
the system comprises a management background, a big data processing module and a decision engine;
the management background is used for configuring the corresponding relation between the event type and the wind control model; the wind control model comprises a regular model and an intelligent model; the rule model is constructed based on a preset corresponding relation between the risk rule and the risk level; the intelligent model is obtained by training based on taking a training sample as the input of a convolutional neural network and taking a risk score of the pre-labeled training sample as a training target, wherein the training sample comprises a vector sample which is obtained by embedding sample request data;
the big data processing module is used for asynchronously writing each request data sent from the outside into a preset message queue in advance; performing streaming processing on the request data contained in the message queue to obtain each value of a preset abstract field; taking the sum of all the values as a request result of the request data, and storing the request result in a preset database;
the decision engine is used for analyzing the request data to obtain a target event type under the condition of receiving the request data sent from the outside; determining a wind control model corresponding to the target event type based on the corresponding relation; if the wind control model corresponding to the target event type is the rule model, acquiring a request result of the request data, and inputting the request result into the rule model to obtain a risk level output by the rule model; and if the wind control model corresponding to the target event type is the intelligent model, embedding the request data to obtain a vector, and inputting the vector into the intelligent model to obtain a risk score output by the intelligent model.
A computer-readable storage medium comprising a stored program, wherein the program performs the risk monitoring method.
A risk monitoring device comprising: a processor, a memory, and a bus; the processor and the memory are connected through the bus;
the memory is used for storing a program, and the processor is used for executing the program, wherein the risk monitoring method is executed when the program runs.
According to the technical scheme, the corresponding relation between the event type and the wind control model is configured in advance. The wind control model comprises a regular model and an intelligent model. The rule model is constructed based on a preset corresponding relation between the risk rule and the risk level. The intelligent model is obtained by training based on the fact that a training sample is used as input of a convolutional neural network, and risk scores of the pre-labeled training sample are used as training targets, the training sample comprises a vector sample, and the vector sample is obtained by embedding sample request data. And under the condition of receiving request data sent from the outside, analyzing the request data to obtain the type of the target event. And determining a wind control model corresponding to the target event type based on the corresponding relation. And if the wind control model corresponding to the target event type is a regular model, acquiring a request result of the request data, and inputting the request result into the regular model to obtain the risk level output by the regular model. And if the wind control model corresponding to the target event type is an intelligent model, embedding the request data to obtain a vector, and inputting the vector into the intelligent model to obtain a risk score output by the intelligent model. The rule model can realize the configuration of dynamic rules (namely risk rules) and take effect in real time, and the rule model is combined with the intelligent model, so that compared with the prior art, the manual auditing workload can be effectively reduced, and the labor cost is reduced. Moreover, risk assessment is carried out by using the intelligent model, so that more secret risks can be effectively prevented, and the reliability is higher. Therefore, by the scheme, the reliability of risk assessment can be improved under the condition that the labor cost is controllable.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1a is a schematic diagram of an architecture of a risk monitoring system according to an embodiment of the present application;
FIG. 1b is a schematic diagram of a default interface provided in an embodiment of the present application;
FIG. 1c is a schematic diagram illustrating a correspondence between configuration event types and wind control models according to an embodiment of the present application;
FIG. 1d is a schematic diagram of a big data processing flow provided in the application example;
FIG. 1e is a schematic diagram of another big data processing flow provided in the application example;
FIG. 1f is a schematic representation of a risk score provided in an embodiment of the application;
FIG. 1g is a schematic diagram of a risk decision provided in an embodiment of the application;
FIG. 1h is a schematic diagram illustrating a risk monitoring system according to an embodiment of the present application;
fig. 2 is a schematic diagram of a risk monitoring method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of another risk monitoring method provided in the embodiments of the present application;
fig. 4 is a schematic structural diagram of a risk monitoring apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As shown in fig. 1a, an architecture diagram of a risk monitoring system provided in the embodiment of the present application includes:
management backend 100, big data processing module 200, and decision engine 300.
And the management background 100 is used for configuring the corresponding relation between the event type and the wind control model.
Event types (eventcode) are common general knowledge familiar to those skilled in the art and include, but are not limited to: login behavior, registration behavior, transaction behavior, and the like. The wind control model includes a rule model and an intelligent model (an artificial intelligence algorithm, hereinafter referred to as ai model).
The rule model is pre-constructed based on the preset corresponding relationship between the risk rule and the risk level, and the risk rule is common knowledge familiar to those skilled in the art, including but not limited to: system rules, counting rules, and blacklists, among others.
The ai model is obtained by training based on the training sample as the input of the convolutional neural network and the risk score of the pre-labeled training sample as the training target. The training samples comprise vector samples, and the vector samples are obtained by embedding (embedding) sample request data.
In the embodiment of the present application, the management background 100 is developed based on a springboot frame, and the wind control model is an algorithm model developed based on the springboot frame and a groovy programming language. The rule model is developed based on a springboot frame and a groovy programming language, the configuration of dynamic rules (namely risk rules) can be realized, the dynamic rules are effective in real time, and the rule model is combined with the ai model. And moreover, risk assessment is carried out by using the ai model, so that more secret risks can be effectively prevented, and the reliability is higher.
It should be noted that, a user may issue an adjustment instruction to the management background 100 through a preset interface developed based on an vue framework (existing java language framework), and control the management background 100 to adjust a corresponding relationship between an event type and a wind control model, where the preset interface is specifically shown in fig. 1 b.
In addition, the management background 100 is used to configure a specific implementation manner of the corresponding relationship between the event type and the wind control model, which is common knowledge familiar to those skilled in the art, and specifically, can refer to fig. 1 c.
A big data processing module 200, configured to asynchronously write each request data sent from outside into a preset message queue (for example, a kafka queue, so-called kafka being a public distributed publish-subscribe message system); performing stream processing on the request data contained in the message queue to obtain values of a preset abstract field (abstract field, which is common knowledge familiar to those skilled in the art and is not described herein again), specifically, taking an abstract field "ip-associated user number" as an example, performing stream processing on the request data in the message queue to obtain values of "ip-associated user number" within 1 hour; the sum of the values is used as a request result for requesting data, and is stored in a preset database (for example, redis, which is a public database).
In the embodiment of the present application, the big data processing module 200 is pre-constructed based on the kafka framework (a published message subscription system) and the flink framework (a published data analysis algorithm).
Specifically, the big data processing module 200 is configured to perform stream processing on request data included in the message queue to obtain each value of the preset abstract field, and store a sum of the values as a request result of the request data in a preset database, as shown in fig. 1d and fig. 1 e.
The decision engine 300 is configured to, in the case of receiving request data sent from the outside, parse the request data to obtain a target event type; determining a wind control model corresponding to the target event type based on the corresponding relation between the event type and the wind control model; if the wind control model corresponding to the target event type is a rule model, reading a request result of the request data from the database, and inputting the request result into the rule model to obtain a risk level output by the rule model; and if the wind control model corresponding to the target event type is the ai model, embedding the request data to obtain a vector, and inputting the vector into the ai model to obtain a risk score output by the ai model.
It should be noted that the ai model includes a first sub model, a second sub model, a fully connected layer (dense), and an activation function (activate), the first sub model includes a 1-dimensional convolutional neural network (covld) and a fully connected layer, and the second sub model includes a preset convolutional neural network (i.e., covld +2-cycle + bn + covld), an attention mechanism (attention), and a fully connected layer (dense). Specifically, the vectors are respectively used as the input of the first submodel and the second submodel to obtain the output of the first submodel and the output of the second submodel, the output of the first submodel and the output of the second submodel are combined to obtain a combined result, and finally the combined result is output through the full connection layer and the activation function to obtain the risk score output by the ai model.
Specifically, assuming that the request data includes a mobile phone number, a mailbox, an IP, and other data, the request data is embedded to obtain a vector, and the vector is input to the ai model to obtain a specific process of the risk score output by the ai model, as shown in fig. 1 f.
In the embodiment of the present application, the decision engine 300 performs qualitative evaluation on the request data by using the rule model, performs quantitative evaluation on the request data by using the ai model, and combines the qualitative evaluation and the quantitative evaluation, so as to improve the accuracy and reliability of risk evaluation. Specifically, the decision engine 300 implements the above-mentioned qualitative evaluation and quantitative evaluation processes, which can be seen in fig. 1 g. Besides, based on the decision engine 300, the big data processing module 200, and the management background 100, a specific implementation manner of risk monitoring is implemented, including but not limited to the above-mentioned contents, and a technician may increase functions of each module according to actual situations so as to be applied to an actual using process, specifically, as shown in fig. 1 h.
In addition, the decision engine 300 is further configured to prompt the user to request that the data has a risk when the risk level output by the rule model is greater than a preset level; and prompting the user to request the data to have risks under the condition that the risk score output by the ai model is larger than a preset threshold value.
In summary, the rule model can implement configuration of dynamic rules (i.e., risk rules) and take effect in real time, and the rule model and the ai model are combined, so that compared with the prior art, the workload of manual review can be effectively reduced, and the labor cost can be reduced. And moreover, risk assessment is carried out by using the ai model, so that more secret risks can be effectively prevented, and the reliability is higher. Therefore, by the scheme of the embodiment, the reliability of risk assessment can be improved under the condition that the labor cost is controllable.
As shown in fig. 2, a schematic diagram of a risk monitoring method provided in an embodiment of the present application includes the following steps:
s201: and pre-configuring the corresponding relation between the event type and the wind control model.
The wind control model comprises a regular model and an intelligent model. The rule model is pre-constructed based on a preset corresponding relation between the risk rule and the risk level. The intelligent model is obtained by training based on the fact that a training sample is used as input of a convolutional neural network, and risk scores of the pre-labeled training sample are used as training targets, the training sample comprises a vector sample, and the vector sample is obtained by embedding sample request data.
S202: and asynchronously writing each request data sent from the outside into a preset message queue.
S203: and performing streaming processing on the request data contained in the message queue to obtain each value of the preset abstract field.
S204: and taking the sum of all the values as a request result of requesting data, and storing the request result in a preset database.
S205: and analyzing the request data aiming at each request data to obtain the type of the target event.
S206: and determining a wind control model corresponding to the target event type based on the corresponding relation between the event type and the wind control model.
S207: and if the wind control model corresponding to the target event type is a regular model, reading a request result of the request data from the database.
S208: and inputting the request result into the rule model to obtain the risk level output by the rule model.
S209: and prompting the user to request the data to have risk under the condition that the risk level output by the rule model is greater than the preset level.
S210: and if the wind control model corresponding to the target event type is an intelligent model, embedding the request data to obtain a vector.
S211: and inputting the vector into the intelligent model to obtain the risk score output by the intelligent model.
S212: and prompting the user to request the data to have risks under the condition that the risk score output by the intelligent model is larger than a preset threshold value.
In summary, the rule model can implement configuration of dynamic rules (i.e., risk rules) and take effect in real time, and the rule model is combined with the intelligent model, so that compared with the prior art, the workload of manual review can be effectively reduced, and the labor cost can be reduced. Moreover, risk assessment is carried out by using the intelligent model, so that more secret risks can be effectively prevented, and the reliability is higher. Therefore, by the scheme of the embodiment, the reliability of risk assessment can be improved under the condition that the labor cost is controllable.
It should be noted that, in the above embodiment, the reference S202 is an optional specific implementation manner of the risk monitoring method described in this application. In addition, S212 mentioned in the above embodiments is also an optional specific implementation manner of the risk monitoring method described in this application. For this reason, the flow mentioned in the above embodiment can be summarized as the method shown in fig. 3.
As shown in fig. 3, a schematic view of another risk monitoring method provided in the embodiment of the present application includes the following steps:
s301: and pre-configuring the corresponding relation between the event type and the wind control model.
The wind control model comprises a rule model and an intelligent model, the rule model is constructed based on a preset corresponding relation between risk rules and risk grades, the intelligent model is obtained by training based on a training sample as the input of a convolutional neural network and the risk score of the pre-labeled training sample as a training target, the training sample comprises a vector sample, and the vector sample is obtained by embedding sample request data.
S302: and under the condition of receiving request data sent from the outside, analyzing the request data to obtain the type of the target event.
S303: and determining a wind control model corresponding to the target event type based on the corresponding relation.
S304: and if the wind control model corresponding to the target event type is a regular model, acquiring a request result of the request data, and inputting the request result into the regular model to obtain the risk level output by the regular model.
S305: and if the wind control model corresponding to the target event type is an intelligent model, embedding the request data to obtain a vector, and inputting the vector into the intelligent model to obtain a risk score output by the intelligent model.
In summary, the rule model can implement configuration of dynamic rules (i.e., risk rules) and take effect in real time, and the rule model is combined with the intelligent model, so that compared with the prior art, the workload of manual review can be effectively reduced, and the labor cost can be reduced. Moreover, risk assessment is carried out by using the intelligent model, so that more secret risks can be effectively prevented, and the reliability is higher. Therefore, by the scheme of the embodiment, the reliability of risk assessment can be improved under the condition that the labor cost is controllable.
Corresponding to the risk monitoring method provided by the embodiment of the application, the embodiment of the application also provides a risk monitoring device.
As shown in fig. 4, an architecture diagram of a risk monitoring device provided in the embodiment of the present application includes:
the configuration unit 401 is configured to pre-configure a corresponding relationship between the event type and the wind control model. The wind control model comprises a rule model and an intelligent model, the rule model is constructed based on a preset corresponding relation between risk rules and risk grades, the intelligent model is obtained by training based on a training sample as the input of a convolutional neural network and the risk score of the pre-labeled training sample as a training target, the training sample comprises a vector sample, and the vector sample is obtained by embedding sample request data.
An analyzing unit 402, configured to, in a case that request data sent from the outside is received, analyze the request data to obtain a target event type.
A determining unit 403, configured to determine, based on the correspondence, a wind control model corresponding to the target event type.
The first evaluation unit 404 is configured to, if the wind control model corresponding to the target event type is a rule model, obtain a request result of the request data, and input the request result into the rule model to obtain a risk level output by the rule model.
The process of obtaining the request result of the request data by the first evaluation unit 404 includes: asynchronously writing each request data sent from the outside into a preset message queue in advance; performing streaming processing on request data contained in the message queue to obtain values of a preset abstract field; taking the sum of all the values as a request result of requesting data, and storing the request result in a preset database; and if the wind control model corresponding to the target event type is a regular model, reading a request result of the request data from the database.
And a second evaluation unit 405, configured to, if the wind control model corresponding to the target event type is an intelligent model, embed the request data to obtain a vector, and input the vector into the intelligent model to obtain a risk score output by the intelligent model.
And the prompting unit 406 is configured to prompt the user to request that the data has a risk when the risk level output by the rule model is greater than a preset level.
And the prompting unit 406 is further configured to prompt the user to request that the data has a risk when the risk score output by the intelligent model is greater than a preset threshold.
In summary, the rule model can implement configuration of dynamic rules (i.e., risk rules) and take effect in real time, and the rule model is combined with the intelligent model, so that compared with the prior art, the workload of manual review can be effectively reduced, and the labor cost can be reduced. Moreover, risk assessment is carried out by using the intelligent model, so that more secret risks can be effectively prevented, and the reliability is higher. Therefore, by the scheme of the embodiment, the reliability of risk assessment can be improved under the condition that the labor cost is controllable.
The present application also provides a computer-readable storage medium comprising a stored program, wherein the program performs the risk monitoring method provided by the present application.
The present application further provides a risk monitoring device, including: a processor, a memory, and a bus. The processor is connected with the memory through a bus, the memory is used for storing programs, and the processor is used for running the programs, wherein when the programs run, the risk monitoring method provided by the application is executed, and the method comprises the following steps:
presetting a corresponding relation between an event type and a wind control model; the wind control model comprises a regular model and an intelligent model; the rule model is constructed based on a preset corresponding relation between the risk rule and the risk level; the intelligent model is obtained by training based on taking a training sample as the input of a convolutional neural network and taking a risk score of the pre-labeled training sample as a training target, wherein the training sample comprises a vector sample which is obtained by embedding sample request data;
under the condition of receiving request data sent from the outside, analyzing the request data to obtain a target event type;
determining a wind control model corresponding to the target event type based on the corresponding relation;
if the wind control model corresponding to the target event type is the rule model, acquiring a request result of the request data, and inputting the request result into the rule model to obtain a risk level output by the rule model;
and if the wind control model corresponding to the target event type is the intelligent model, embedding the request data to obtain a vector, and inputting the vector into the intelligent model to obtain a risk score output by the intelligent model.
Optionally, if the wind control model corresponding to the target event type is the rule model, obtaining a request result of the request data includes:
asynchronously writing each request data sent from the outside into a preset message queue in advance;
performing streaming processing on the request data contained in the message queue to obtain each value of a preset abstract field;
taking the sum of all the values as a request result of the request data, and storing the request result in a preset database;
and if the wind control model corresponding to the target event type is the rule model, reading a request result of the request data from the database.
Optionally, after the inputting the request result into the rule model and obtaining the risk level output by the rule model, the method further includes:
and prompting the user that the requested data has risks under the condition that the risk level output by the rule model is greater than a preset level.
Optionally, after the vector is input into the intelligent model and a risk score output by the intelligent model is obtained, the method further includes:
and prompting the user that the requested data has risks under the condition that the risk score output by the intelligent model is larger than a preset threshold value.
The functions described in the method of the embodiment of the present application, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method of risk monitoring, comprising:
presetting a corresponding relation between an event type and a wind control model; the wind control model comprises a regular model and an intelligent model; the rule model is constructed based on a preset corresponding relation between the risk rule and the risk level; the intelligent model is obtained by training based on taking a training sample as the input of a convolutional neural network and taking a risk score of the pre-labeled training sample as a training target, wherein the training sample comprises a vector sample which is obtained by embedding sample request data;
under the condition of receiving request data sent from the outside, analyzing the request data to obtain a target event type;
determining a wind control model corresponding to the target event type based on the corresponding relation;
if the wind control model corresponding to the target event type is the rule model, acquiring a request result of the request data, and inputting the request result into the rule model to obtain a risk level output by the rule model;
and if the wind control model corresponding to the target event type is the intelligent model, embedding the request data to obtain a vector, and inputting the vector into the intelligent model to obtain a risk score output by the intelligent model.
2. The method according to claim 1, wherein if the wind control model corresponding to the target event type is the rule model, obtaining the request result of the request data comprises:
asynchronously writing each request data sent from the outside into a preset message queue in advance;
performing streaming processing on the request data contained in the message queue to obtain each value of a preset abstract field;
taking the sum of all the values as a request result of the request data, and storing the request result in a preset database;
and if the wind control model corresponding to the target event type is the rule model, reading a request result of the request data from the database.
3. The method of claim 1, wherein after inputting the request result into the rule model and obtaining the risk level output by the rule model, the method further comprises:
and prompting the user that the requested data has risks under the condition that the risk level output by the rule model is greater than a preset level.
4. The method of claim 1, wherein after inputting the vector into the intelligent model and obtaining the risk score output by the intelligent model, further comprising:
and prompting the user that the requested data has risks under the condition that the risk score output by the intelligent model is larger than a preset threshold value.
5. A risk monitoring device, comprising:
the configuration unit is used for configuring the corresponding relation between the event type and the wind control model in advance; the wind control model comprises a regular model and an intelligent model; the rule model is constructed based on a preset corresponding relation between the risk rule and the risk level; the intelligent model is obtained by training based on taking a training sample as the input of a convolutional neural network and taking a risk score of the pre-labeled training sample as a training target, wherein the training sample comprises a vector sample which is obtained by embedding sample request data;
the analysis unit is used for analyzing the request data to obtain a target event type under the condition of receiving the request data sent from the outside;
the determining unit is used for determining a wind control model corresponding to the target event type based on the corresponding relation;
the first evaluation unit is used for acquiring a request result of the request data if the wind control model corresponding to the target event type is the rule model, and inputting the request result into the rule model to obtain the risk level output by the rule model;
and the second evaluation unit is used for embedding the request data to obtain a vector if the wind control model corresponding to the target event type is the intelligent model, and inputting the vector into the intelligent model to obtain the risk score output by the intelligent model.
6. The apparatus according to claim 5, wherein the first evaluation unit is specifically configured to:
asynchronously writing each request data sent from the outside into a preset message queue in advance;
performing streaming processing on the request data contained in the message queue to obtain each value of a preset abstract field;
taking the sum of all the values as a request result of the request data, and storing the request result in a preset database;
and if the wind control model corresponding to the target event type is the rule model, reading a request result of the request data from the database.
7. The apparatus of claim 5, further comprising:
the prompting unit is used for prompting a user that the requested data has risks under the condition that the risk level output by the rule model is greater than a preset level;
the prompting unit is further used for prompting the user that the requested data has risks under the condition that the risk score output by the intelligent model is larger than a preset threshold value.
8. A risk monitoring system, comprising:
the system comprises a management background, a big data processing module and a decision engine;
the management background is used for configuring the corresponding relation between the event type and the wind control model; the wind control model comprises a regular model and an intelligent model; the rule model is constructed based on a preset corresponding relation between the risk rule and the risk level; the intelligent model is obtained by training based on taking a training sample as the input of a convolutional neural network and taking a risk score of the pre-labeled training sample as a training target, wherein the training sample comprises a vector sample which is obtained by embedding sample request data;
the big data processing module is used for asynchronously writing each request data sent from the outside into a preset message queue in advance; performing streaming processing on the request data contained in the message queue to obtain each value of a preset abstract field; taking the sum of all the values as a request result of the request data, and storing the request result in a preset database;
the decision engine is used for analyzing the request data to obtain a target event type under the condition of receiving the request data sent from the outside; determining a wind control model corresponding to the target event type based on the corresponding relation; if the wind control model corresponding to the target event type is the rule model, acquiring a request result of the request data, and inputting the request result into the rule model to obtain a risk level output by the rule model; and if the wind control model corresponding to the target event type is the intelligent model, embedding the request data to obtain a vector, and inputting the vector into the intelligent model to obtain a risk score output by the intelligent model.
9. A computer-readable storage medium, comprising a stored program, wherein the program performs the risk monitoring method of any of claims 1-4.
10. A risk monitoring device, comprising: a processor, a memory, and a bus; the processor and the memory are connected through the bus;
the memory is configured to store a program and the processor is configured to execute the program, wherein the program is configured to perform the risk monitoring method of any of claims 1-4 when executed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110757389.4A CN113344453A (en) | 2021-07-05 | 2021-07-05 | Risk monitoring method, device, system, storage medium and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110757389.4A CN113344453A (en) | 2021-07-05 | 2021-07-05 | Risk monitoring method, device, system, storage medium and equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113344453A true CN113344453A (en) | 2021-09-03 |
Family
ID=77482543
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110757389.4A Pending CN113344453A (en) | 2021-07-05 | 2021-07-05 | Risk monitoring method, device, system, storage medium and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113344453A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113992429A (en) * | 2021-12-22 | 2022-01-28 | 支付宝(杭州)信息技术有限公司 | Event processing method, device and equipment |
CN115473735A (en) * | 2022-09-13 | 2022-12-13 | 企查查科技有限公司 | Risk assessment method and device for data request |
CN117155719A (en) * | 2023-11-01 | 2023-12-01 | 北京傲星科技有限公司 | Vehicle data security detection method, system, electronic equipment and storage medium |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107316134A (en) * | 2017-06-16 | 2017-11-03 | 深圳乐信软件技术有限公司 | A kind of risk control method, device, server and storage medium |
CN107330572A (en) * | 2016-04-28 | 2017-11-07 | 阿里巴巴集团控股有限公司 | Air control method, apparatus and system |
CN107451710A (en) * | 2017-04-27 | 2017-12-08 | 北京鼎泰智源科技有限公司 | A kind of Information Risk grade five-category method and system |
CN108062629A (en) * | 2017-12-26 | 2018-05-22 | 平安科技(深圳)有限公司 | Processing method, terminal device and the medium of transaction event |
CN108090829A (en) * | 2017-12-21 | 2018-05-29 | 深圳市买买提信息科技有限公司 | A kind of data managing method, data administrator and electronic equipment |
CN108665143A (en) * | 2018-04-11 | 2018-10-16 | 阿里巴巴集团控股有限公司 | The appraisal procedure and device of air control model |
CN109636607A (en) * | 2018-12-18 | 2019-04-16 | 平安科技(深圳)有限公司 | Business data processing method, device and computer equipment based on model deployment |
CN110020780A (en) * | 2019-02-26 | 2019-07-16 | 阿里巴巴集团控股有限公司 | The method, apparatus and electronic equipment of information output |
CN111951008A (en) * | 2020-07-22 | 2020-11-17 | 中国建设银行股份有限公司 | Risk prediction method and device, electronic equipment and readable storage medium |
CN111967807A (en) * | 2020-10-23 | 2020-11-20 | 支付宝(杭州)信息技术有限公司 | Method and device for generating risk event judgment rule executed by computer |
-
2021
- 2021-07-05 CN CN202110757389.4A patent/CN113344453A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107330572A (en) * | 2016-04-28 | 2017-11-07 | 阿里巴巴集团控股有限公司 | Air control method, apparatus and system |
CN107451710A (en) * | 2017-04-27 | 2017-12-08 | 北京鼎泰智源科技有限公司 | A kind of Information Risk grade five-category method and system |
CN107316134A (en) * | 2017-06-16 | 2017-11-03 | 深圳乐信软件技术有限公司 | A kind of risk control method, device, server and storage medium |
CN108090829A (en) * | 2017-12-21 | 2018-05-29 | 深圳市买买提信息科技有限公司 | A kind of data managing method, data administrator and electronic equipment |
CN108062629A (en) * | 2017-12-26 | 2018-05-22 | 平安科技(深圳)有限公司 | Processing method, terminal device and the medium of transaction event |
CN108665143A (en) * | 2018-04-11 | 2018-10-16 | 阿里巴巴集团控股有限公司 | The appraisal procedure and device of air control model |
CN109636607A (en) * | 2018-12-18 | 2019-04-16 | 平安科技(深圳)有限公司 | Business data processing method, device and computer equipment based on model deployment |
CN110020780A (en) * | 2019-02-26 | 2019-07-16 | 阿里巴巴集团控股有限公司 | The method, apparatus and electronic equipment of information output |
CN111951008A (en) * | 2020-07-22 | 2020-11-17 | 中国建设银行股份有限公司 | Risk prediction method and device, electronic equipment and readable storage medium |
CN111967807A (en) * | 2020-10-23 | 2020-11-20 | 支付宝(杭州)信息技术有限公司 | Method and device for generating risk event judgment rule executed by computer |
Non-Patent Citations (2)
Title |
---|
何文涛: "面向借贷数据的风控模型研究", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》, no. 3, 15 March 2020 (2020-03-15), pages 35 - 37 * |
张靓裔: "《企业迁云之路》", 机械工业出版社, pages: 196 - 200 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113992429A (en) * | 2021-12-22 | 2022-01-28 | 支付宝(杭州)信息技术有限公司 | Event processing method, device and equipment |
CN115473735A (en) * | 2022-09-13 | 2022-12-13 | 企查查科技有限公司 | Risk assessment method and device for data request |
CN117155719A (en) * | 2023-11-01 | 2023-12-01 | 北京傲星科技有限公司 | Vehicle data security detection method, system, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113344453A (en) | Risk monitoring method, device, system, storage medium and equipment | |
KR101789962B1 (en) | Method and system for inferring application states by performing behavioral analysis operations in a mobile device | |
CN105939350B (en) | Network access control method and system | |
CN111311136A (en) | Wind control decision method, computer equipment and storage medium | |
CN111898023A (en) | Message pushing method and device, readable storage medium and computing equipment | |
EP2983117A1 (en) | Event processing method in stream processing system and stream processing system | |
CN111866016A (en) | Log analysis method and system | |
CN109873752B (en) | Robot interaction method, device, storage medium and equipment in communication group | |
WO2020253364A1 (en) | Big data analytics-based information pushing method, apparatus, and device, and storage medium | |
CN110929145A (en) | Public opinion analysis method, public opinion analysis device, computer device and storage medium | |
CN111680287B (en) | Application program detection method and device based on user privacy protection | |
CN110912874B (en) | Method and system for effectively identifying machine access behaviors | |
CN113127746A (en) | Information pushing method based on user chat content analysis and related equipment thereof | |
CN111510446B (en) | Attack detection method and device, electronic equipment and storage medium | |
CN111581258B (en) | Security data analysis method, device, system, equipment and storage medium | |
CN113438374B (en) | Intelligent outbound call processing method, device, equipment and storage medium | |
CN113190682B (en) | Method and device for acquiring event influence degree based on tree model and computer equipment | |
CN111177725A (en) | Method, device, equipment and storage medium for detecting malicious click operation | |
CN116955573B (en) | Question searching method, device, equipment and storage medium | |
CN117522593A (en) | Client consultation service management method, device, equipment and storage medium | |
CN115329347B (en) | Prediction method, device and storage medium based on car networking vulnerability data | |
CN113032836B (en) | Data desensitization method and apparatus | |
CN116208513A (en) | Gateway health degree prediction method and device | |
US20150378797A1 (en) | Event Processing Method in Stream Processing System and Stream Processing System | |
CN116050520A (en) | Risk processing model training method, risk object processing method and related devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210903 |