CN113420941A - Risk prediction method and device for user behavior - Google Patents
Risk prediction method and device for user behavior Download PDFInfo
- Publication number
- CN113420941A CN113420941A CN202110806533.9A CN202110806533A CN113420941A CN 113420941 A CN113420941 A CN 113420941A CN 202110806533 A CN202110806533 A CN 202110806533A CN 113420941 A CN113420941 A CN 113420941A
- Authority
- CN
- China
- Prior art keywords
- user
- strategy
- preset
- score
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000003379 elimination reaction Methods 0.000 claims abstract description 11
- 230000000694 effects Effects 0.000 claims description 27
- 238000004364 calculation method Methods 0.000 claims description 20
- 230000008030 elimination Effects 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 8
- 230000006399 behavior Effects 0.000 description 87
- 238000010586 diagram Methods 0.000 description 8
- 230000002411 adverse Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/04—Forecasting or optimisation specially adapted for administrative or management purposes, e.g. linear programming or "cutting stock problem"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/957—Browsing optimisation, e.g. caching or content distillation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
- G06Q10/06393—Score-carding, benchmarking or key performance indicator [KPI] analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0207—Discounts or incentives, e.g. coupons or rebates
Abstract
According to the method and the device for predicting the risk of the user behavior, the basic information of a user and the behavior information of a user browsing page are obtained based on a long connecting channel, wherein the basic information of the user comprises a user id, a user equipment id and a user ip; counting the de-duplication association number associated with the user id in a set time period based on the user id, the user equipment id and the user ip; calculating user scores according to the behavior information of the user browsing pages, preset user behavior model scoring rules, a preset decay period and a preset decay rate; and comparing the duplication-elimination association number and the user score serving as strategy atoms with a preset strategy set to determine the risk level of the user. According to the scheme, the user basic information is utilized to count the number of the duplicate removal associations, the user score is calculated by utilizing the behavior information of the user browsing page, and the risk grade of the user behavior is judged by combining the obtained number of the duplicate removal associations and the user score, so that the purpose of risk prediction of the user behavior is achieved.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a risk prediction method and device for user behaviors.
Background
With the continuous development of productivity, the life consumption modes of people are more diversified, and the types and the number of products which can be consumed by customers are more and more pushed by merchants.
Generally, the merchant can launch some marketing activities with the nature of rewards, so that the marketing activities attract users, improve the liveness of the users and increase the viscosity of the users. However, some illegal users (such as black-producing users) cheat the rewards of the marketing activities by using illegal means such as scripts and simulators, which may result in that the users really participating in the marketing activities cannot obtain the rewards, bring poor experience to the users, cause the users to tell grooves and complaints, and further cause adverse effects on business operations of merchants.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for predicting a risk of a user behavior, so as to implement risk prediction on the user behavior, so as to provide an effective reference suggestion for a merchant to perform activity reward issue.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
the invention discloses a risk prediction method of user behavior in a first aspect, which comprises the following steps:
acquiring user basic information and user browsing page behavior information based on a long connecting channel, wherein the long connecting channel is established in advance, and the user basic information comprises a user id, a user equipment id and a user ip;
counting the de-duplication association number associated with the user id in a set time period based on the user id, the user equipment id and the user ip;
calculating a user score according to the user browsing page behavior information, a preset user behavior model scoring rule, a preset decay period and a preset decay rate, wherein the preset decay period represents the duration of the user participating in the activity, and the preset decay rate represents the decay degree of the user score in the preset decay period;
and comparing the duplication elimination association number and the user score serving as strategy atoms with a preset strategy set to determine the risk level of the user, wherein the preset strategy set comprises a plurality of strategies, each strategy comprises a plurality of rules and a plurality of strategy atoms, and each strategy corresponds to one risk level.
Optionally, the process of establishing the user behavior model scoring rule includes:
acquiring historical browsing page behavior information of a user and corresponding historical scores of the user;
counting the times of the historical page subscription of the user and the stay time of the historical page subscription of the user based on the historical page browsing behavior information of the user;
establishing a user behavior model scoring rule ln (t) tscore + ln (pv) pvscore based on the times of the user history subscription pages, the stay time of the history subscription pages and the user history score;
wherein t represents the stay time of the history subscription page, pv represents the number of times of the history subscription page, and tscore and pvscore represent the calculation factors.
Optionally, the calculating the user score according to the user browsing page behavior information, the preset user behavior model scoring rule, the preset decay cycle and the preset decay rate includes:
counting the times of subscribing the page by the user and the stay time of the subscribed page based on the page browsing behavior information of the user;
calculating the current score of the user according to a preset scoring rule of the user behavior model;
according to nscore (1-n) m, calculating a score obtained by the attenuation of the current user score by the preset attenuation rate in the preset attenuation period, and taking the score as the user score;
wherein nscore represents the current rating of the user, n represents a preset decay period, and m represents a preset decay rate.
Optionally, the determining the risk level of the user by using the de-duplication association number and the user score as policy atoms and comparing the policy atoms with a preset policy set includes:
taking the de-duplication association number and the user score as strategy atoms, and comparing the strategy atoms with all strategy atoms of each strategy in a preset strategy set;
judging whether the comparison result accords with all rules of the strategy currently used for comparison;
if not, or if the strategy is in accordance with the preset risk level, the risk level corresponding to the strategy currently used for comparison is passed; executing comparison of the next strategy until the last strategy, and taking the risk level corresponding to the last strategy as the risk level of the user;
and if the risk level corresponding to the strategy currently used for comparison is not passed, taking the risk and the like corresponding to the strategy currently used for comparison as the risk level of the user.
Optionally, after obtaining the basic information of the user based on the long connection channel, the method further includes:
and authenticating the basic information of the user.
The second aspect of the present invention discloses a risk prediction device for user behavior, the device comprising:
the device comprises an acquisition unit, a processing unit and a display unit, wherein the acquisition unit is used for acquiring user basic information and user browsing page behavior information based on a long connecting channel, the long connecting channel is pre-established, and the user basic information comprises a user id, a user equipment id and a user ip;
the counting unit is used for counting the de-duplication association number associated with the user id in a set time period based on the user id, the user equipment id and the user ip;
the calculation unit is used for calculating a user score according to the user browsing page behavior information, a preset user behavior model scoring rule, a preset decay period and a preset decay rate, wherein the preset decay period represents the duration of the user participating in the activity, and the preset decay rate represents the decay degree of the user score in the preset decay period;
and the determining unit is used for comparing the duplication elimination association number and the user score serving as strategy atoms with a preset strategy set to determine the risk level of the user, wherein the preset strategy set comprises a plurality of strategies, each strategy comprises a plurality of rules and a plurality of strategy atoms, and each strategy corresponds to one strategy risk level.
Optionally, the method further includes: a building unit;
the establishing unit comprises:
the acquisition module is used for acquiring the behavior information of the user historical browsing page and the corresponding user historical score;
the first statistical module is used for counting the times of the historical page subscription of the user and the stay time of the historical page subscription based on the historical page browsing behavior information of the user;
the establishing module is used for establishing a user behavior model scoring rule ln (t) × tscore + ln (pv) × pvscore based on the times of the user historical subscription pages, the stay duration of the historical subscription pages and the user historical scores; wherein t represents the stay time of the history subscription page, pv represents the number of times of the history subscription page, and tscore and pvscore represent the calculation factors.
Optionally, the computing unit includes:
the second statistical module is used for counting the times of subscribing the page by the user and the stay time of the subscribed page based on the user browsing page behavior information;
the first calculation module is used for calculating the current score of the user according to a preset scoring rule of the user behavior model;
the second calculation module is used for calculating a score obtained by attenuation of the current user score by the preset attenuation rate in the preset attenuation period according to nscore (1-n m), and taking the score as the user score; wherein nscore represents the current rating of the user, n represents a preset decay period, and m represents a preset decay rate.
Optionally, the determining unit includes:
the comparison module is used for comparing the duplication elimination association number and the user score serving as strategy atoms with all strategy atoms of each strategy in a preset strategy set;
the judging module is used for judging whether the comparison result accords with all rules of the strategy currently used for comparison;
the first processing module is used for judging whether the comparison result accords with all rules of the strategy currently used for comparison or not if the judgment module judges that the comparison result accords with all rules of the strategy currently used for comparison and the risk level corresponding to the strategy currently used for comparison is passed; executing comparison of the next strategy until the last strategy, and taking the risk level corresponding to the last strategy as the risk level of the user;
and the second processing module is used for taking the risk and the like corresponding to the strategy for comparison as the risk level of the user if the judgment module judges that the comparison result conforms to all rules of the strategy for comparison at present and the risk level corresponding to the strategy for comparison at present does not pass.
Optionally, the method further includes: an authentication unit;
and the authentication unit is used for authenticating the user basic information acquired by the acquisition unit based on the long connection channel.
Based on the method and the device for predicting the risk of the user behavior, basic user information and behavior information of a user browsing page are obtained based on a long connecting channel, the long connecting channel is established in advance, and the basic user information comprises a user id, a user equipment id and a user ip; counting the de-duplication association number associated with the user id in a set time period based on the user id, the user equipment id and the user ip; calculating a user score according to the user browsing page behavior information, a preset user behavior model scoring rule, a preset decay period and a preset decay rate, wherein the preset decay period represents the duration of the user participating in the activity, and the preset decay rate represents the decay degree of the user score in the preset decay period; and comparing the duplication elimination association number and the user score serving as strategy atoms with a preset strategy set to determine the risk level of the user, wherein the preset strategy set comprises a plurality of strategies, each strategy comprises a plurality of rules and a plurality of strategy atoms, and each strategy corresponds to one risk level. In the scheme provided by the embodiment of the invention, the number of the duplicate removal associations is counted by using the basic information of the user, the user score is calculated by using the behavior information of the user browsing page, and the risk grade of the user behavior is judged by combining the obtained number of the duplicate removal associations and the user score, so that the risk prediction of the user behavior is realized, and the aim of providing effective reference suggestions for the activity reward issue of merchants is fulfilled.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flowchart of a risk prediction method for user behavior according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of constructing scoring rules of a user behavior model according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating a preset policy set policy atom according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating a preset policy aggregation rule according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a preset policy centralized risk level according to an embodiment of the present invention;
fig. 6 is a schematic flowchart of determining a risk level of a user according to an embodiment of the present invention;
fig. 7 is a block diagram of a risk prediction apparatus for user behavior according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein.
According to the background technology, illegal users cheat the rewards of marketing activities by using illegal means such as scripts and simulators, so that the users who really participate in the marketing activities cannot obtain the rewards, poor experience is brought to the users, groove telling and complaints are caused to the users, and further adverse effects are caused to business operation of merchants.
In contrast, the embodiment of the invention provides a method and a device for predicting risk of user behavior, so as to predict risk of user behavior, and provide effective reference suggestions for merchants to issue activity rewards, so that the merchants issue limited activity rewards to users who really participate in marketing activities, thereby improving user experience and increasing user stickiness. The specific implementation process is illustrated by the following examples.
Referring to fig. 1, a flowchart of a risk prediction method for user behavior according to an embodiment of the present invention is shown. The method comprises the following steps:
s101: and acquiring the basic information of the user and the behavior information of the user browsing page based on the long connecting channel.
In S101, a long connection means that a plurality of packets can be continuously transmitted over one connection, and if no packet is transmitted during the connection maintenance, a link check packet needs to be transmitted in both directions. It is understood that a long connection channel refers to a channel established based on a long connection.
The user basic information includes a user id, a user device id, and a user ip.
It should be noted that the user id may be a unique user id assigned by the active platform when the user registers to log in the active platform. It will be appreciated that the user id can be used to distinguish between different users.
The user device id may be a specific user device id assigned by the activity platform when the user registers to log on to the activity platform using electronic devices including, but not limited to, cell phones and PCs. It will be appreciated that the user device id can be used to distinguish between electronic devices used by different users.
The user ip can be a network address used by the user when the user registers to log in the activity platform.
The user browsing page behavior information may refer to user behavior information generated by a user when browsing an active page. In a specific implementation, the user browsing page behavior information includes, but is not limited to, a heartbeat event, a subscription page event, and a page switching event.
The heartbeat event refers to that after a long connecting channel is established between a client and a server, the client sends a message to the server at regular intervals according to the requirement of the server. For example, a message is sent to the server every 60 seconds so that the server knows that the client is in communication with it. That is, by the heartbeat event, the communication situation between the server and the client can be judged.
The subscription page event refers to user behavior information when a user browses a certain page.
The page switching event refers to user behavior information when a user browses from one page to another page.
In the specific implementation process of S101, after a long connection channel is established between a client where a user is located and a server based on, but not limited to, an MQTT (Message queue Telemetry Transport) protocol, the server may obtain basic information of the user and behavior information of a user browsing page through the long connection channel.
Optionally, the obtained basic user information and the user browsing page behavior information may be stored in the kafka, i.e. the distributed publish-subscribe messaging system. And when the user basic information and the user browsing page behavior information are used, directly obtaining the information from the kafka.
It should be noted that after the basic user information is obtained, the basic user information may be authenticated to verify the validity of the user.
Optionally, after authenticating the basic user information, storing the authentication information in the map.
S102: and counting the de-duplication association number associated with the user id in a set time period based on the user id, the user equipment id and the user ip.
In S102, the set time period may be set according to the actual scene application requirement.
In a specific implementation, the set time period may be set to be a longer time period, or may be set to be a shorter time period, which is not limited herein. For example, the set time period may be 1 minute, 5 minutes, or 10 minutes, the set time period may also be 1 hour or 5 hours, and the set time period may also be 1 day or 7 days, it being understood that this is for illustration only.
In the specific implementation process of S102, in a set time period, first, the number of all user device ids and/or the number of all user ips associated with a user id are counted, and the number of all user devices and/or the number of all user ips associated with a user device id are counted, and the number of all user devices and/or the number of all user device ids associated with a user ip are counted.
Secondly, the number of duplicate user equipment ids is removed from the number of all user equipment ids associated with the user id, resulting in the de-duplication association number of different user equipment ids associated with the user id.
And/or removing the quantity of the repeated user ip from the quantity of all the user ip associated with the user id to obtain the de-duplication association quantity of different user ip associated with the user id; the number of duplicate user ids is removed from the number of all user ids associated with the user device id, resulting in a de-duplication association number for different user ids associated with the user device id.
And/or removing the quantity of the repeated user ip from the quantity of all the user ip associated with the user equipment id to obtain the de-duplication association quantity of different user ip associated with the user equipment id; and removing the quantity of the repeated user ids from the quantity of all the user ids associated with the user ip to obtain the de-duplication association quantity of different user ids associated with the user ip.
And/or removing the number of the repeated user equipment ids from the number of all the user equipment ids associated with the user ip to obtain the de-duplication association number of different user equipment ids associated with the user ip.
For ease of understanding the above illustration, an example is provided.
For example, it is counted that the number of all the ue ids associated with the ue id 123456 in a set time period is 7, specifically, the ue ids of these 7 devices are ASD, ASF, ASG, ASF, ASG, and ASH, respectively, and then the number of duplicate ue ids is removed from these 7 devices, that is, the ue ids in the fourth, fifth, and sixth positions are removed from the left to right order, so as to obtain the number of duplicate associations of different ue ids associated with the ue ids, which is understood to be 4.
It should be noted that, the statistics of the number of duplicate removal associations of different user ips associated with the user id, the statistics of the number of duplicate removal associations of different user ids associated with the user device id, the statistics of the number of duplicate removal associations of different user ips associated with the user device id, the statistics of the number of duplicate removal associations of different user ids associated with the user ip, and the statistics of the number of duplicate removal associations of different user device ids associated with the user ip are similar to the above-mentioned example of the number of duplicate removal associations of different user device ids associated with the user id, and are not necessarily introduced.
Optionally, when counting the de-duplication association numbers of different user device ids associated with the user id and/or the de-duplication association numbers of different user ips associated with the user id, and counting the de-duplication association numbers of different user ids associated with the user device id and/or the de-duplication association numbers of different user ips associated with the user device id, and counting the de-duplication association numbers of different user ids associated with the user ips and/or the de-duplication association numbers of different user device ids associated with the user ips, the statistics may be performed in a real-time calculation manner, or may be performed in an offline calculation manner, and the statistics may be performed according to actual application requirements, which is not limited herein.
Optionally, after counting the number of de-duplication associations of different user device ids associated with the user id and/or the number of de-duplication associations of different user ips associated with the user id, and counting the number of de-duplication associations of different user id associated with the user device id and/or the number of de-duplication associations of different user ips associated with the user device id, and counting the number of de-duplication associations of different user id associated with the user ip and/or the number of de-duplication associations of different user device ids associated with the user ip, all the numbers of de-duplication associations may be stored in db (Data Base ), and obtained directly from db when any one or more of the above numbers of de-duplication associations are used; of course, all the de-duplication association numbers may be stored in the redis, and when any one or more of the above-mentioned all the de-duplication association numbers are used, the de-duplication association numbers are directly obtained from the redis.
S103: and calculating the user score according to the behavior information of the user browsing page, the preset scoring rule of the user behavior model, the preset decay period and the preset decay rate.
In S103, the user behavior model scoring rule is pre-constructed.
Specifically, as shown in fig. 2, the process of constructing the user behavior model scoring rule mainly includes the following steps:
a1: and acquiring historical browsing page behavior information of the user and corresponding historical scores of the user.
In a specific implementation, user behavior information generated when a user browses an active page within a set time period in the past is acquired, and corresponding user history scores are acquired.
A2: and counting the times of the historical page subscription of the user and the stay time of the historical page subscription based on the historical page browsing behavior information of the user.
In a2, the number of historical subscribed pages refers to the total number of times the user viewed the active page within a past set period of time.
For example, if the number of times that the user browses the active page to topic1 in the past set time period is 3, and the number of times that the user browses the active page to topic2 is 1, the number of times that the user historically subscribes to the page is 4.
The stay-on duration of the history subscription page refers to the total stay-on duration of the user browsing the active page within a set period of time in the past.
For example, if the time length consumed by the user when browsing the active page as topic1 in the past set time period is 35 seconds, and the time length consumed when browsing the active page as topic2 is 6 seconds, the stay time length of the history subscription page is 41 seconds.
In a specific implementation, the stay time of the historical subscribed page and the number of times of the historical subscribed page of the user are counted based on the historical heartbeat event, the historical subscribed page event and the historical page switching event in the historical browsing page behavior information of the user.
A3: and establishing a user behavior model scoring rule based on the times of the user history subscription page, the stay time of the history subscription page and the user history score.
In a specific implementation, the user behavior model scoring rule is established based on the number of times of executing the history subscription page of the user obtained from the step a2, the stay time of the history subscription page, and the history score of the user obtained from the step a 1. The established user behavior model scoring rule is expressed as follows:
ln(t)*tscore+ln(pv)*pvscore(1)
in formula (1), t represents the stay time of the history subscription page, pv represents the number of history subscription pages, and tscore and pvscore represent the calculation factors.
It should be noted that specific values of tscore and pvscore are not limited, and may be adjusted according to the application requirements of the actual scene. Preferably, tscore has a value of 18 and pvscore has a value of 10.
It should be noted that, when the value of ln (t) tscore is greater than 70, the value of ln (t) tscore is adjusted to 70, that is, the value range of ln (t) tscore is not greater than 70. When the value of ln (pv) pvscore is greater than 30, the value of ln (pv) pvscore is adjusted to 30, that is, the value range of ln (pv) pvscore is not greater than 30.
In S103, the preset decay period represents a duration of time for which the user is engaged in the activity.
For example, the time for the user to attend the event is 2021 year, 2 month and 1 day, and the time for the user to finish attending the event is 2021 year, 2 month and 15 days, it is understood that the preset decay period is 15 days.
In S103, the preset decay rate represents a degree of decay of the user score within a preset decay period.
It should be noted that the preset decay rate may be adjusted according to the application needs of the actual scene. Optionally, the value range of the preset decay rate is an interval (0, 1).
In the process of implementing S103 specifically, first, based on the user browsing page behavior information obtained by executing S101, the number of times of subscribing to a page by the user and the dwell time of the subscribing page are counted.
Secondly, based on a preset user behavior model scoring rule, substituting the counted times of the subscription pages and the stay time of the subscription pages into a formula (1), namely ln (t) × tscore + ln (pv) × pvscore, for calculation, and obtaining the current score of the user.
And finally, calculating a score obtained by attenuating the current score of the user by a preset attenuation rate in a preset attenuation period according to a formula (2), and taking the score as the score of the user.
nscore*(1-n*m)(2)
Wherein nscore represents the current rating of the user, n represents a preset decay period, and m represents a preset decay rate.
Optionally, when calculating the user score, a real-time calculation mode may be adopted, and an offline calculation mode may also be adopted, which is not limited herein.
Optionally, after the user score is calculated, the user score may be stored in db (Data Base ), and when the user score is used, the user score is directly obtained from db; of course, the user score may also be stored in the redis, and when the user score is used, the user score is directly obtained from the redis.
S104: and comparing the duplication-elimination association number and the user score serving as strategy atoms with a preset strategy set to determine the risk level of the user.
In S104, the preset policy set may be preset according to an actual scene application requirement.
The preset policy set comprises a plurality of policies, each policy comprises a plurality of rules and a plurality of policy atoms, and each policy corresponds to a risk level.
Policy atoms include, but are not limited to, counting services, model scoring, and user/device tags, among others. In a specific embodiment, as shown in fig. 3, an embodiment of the present invention discloses a schematic diagram of a policy atom in a preset policy set, where the policy atom specifically includes a black and white and grey list, a counting service, a model score, a user/device tag, and a field match.
Rules include, but are not limited to, greater than, less than, and equal to. In a specific embodiment, as shown in fig. 4, the embodiment of the present invention further discloses a schematic diagram for presetting a policy centralizing rule. Specifically, the rule includes: greater than, less than, equal to, less than, in, not in, prefix match, suffix match, include, coolean, and drools based.
Risk levels include, but are not limited to, ACCEPT (i.e., indicating pass), REVIEW (i.e., indicating risk, advised rejection, and SAFE (i.e., indicating white list pass directly). in one embodiment, as shown in fig. 5, embodiments of the present invention also disclose a schematic diagram of pre-set policy-focused risk levels.
In the process of specifically implementing S104, based on the duplicate removal association number obtained by executing S102 and the user score obtained by executing S103, the duplicate removal association number and the user score are used as policy atoms, and are compared with policy atoms of a preset policy set policy, and the risk level of the user is determined according to the comparison result and rules of the preset policy set policy.
It should be noted that the larger the number of de-duplication associations, the higher the risk level of the user.
A higher user score indicates a lower risk rating for the user.
It can be understood that the user has a lower risk level if the number of de-duplication associations is smaller and the user score is higher; otherwise, the number of de-duplication associations is larger, and the user score is lower, then the risk level of the user is higher.
Based on the user behavior risk prediction method provided by the embodiment of the invention, the user basic information is utilized to count the number of the duplicate removal associations, the user score is calculated by utilizing the behavior information of the user browsing page, and the risk grade of the user behavior is judged by combining the obtained number of the duplicate removal associations and the user score, so that the risk prediction of the user behavior is realized, and the purpose of providing effective reference suggestions for the merchants to perform activity reward distribution is realized.
Based on the method for predicting the risk of the user behavior provided by the embodiment of the present invention, as shown in fig. 6, the process of specifically executing S104 to compare the deduplication association number and the user score as policy atoms with a preset policy set and determining the risk level of the user mainly includes the following steps:
b1: and taking the de-duplication association number and the user score as strategy atoms, and comparing the strategy atoms with all strategy atoms of each strategy in a preset strategy set.
In a specific implementation, the de-duplication association number and the user score are used as policy atoms and are sequentially compared with each policy in a preset policy set, specifically, the de-duplication association number and the user score are compared with all policy atoms of the currently used policy for comparison.
B2: and judging whether the comparison result conforms to all rules of the strategy currently used for comparison. If the comparison result does not conform to all the rules of the policy currently used for comparison, or if the comparison result conforms to all the rules of the policy currently used for comparison and the risk level corresponding to the policy currently used for comparison passes, continuing to execute B3; if the comparison result conforms to all the rules of the policy currently used for comparison and the risk level corresponding to the policy currently used for comparison does not pass, B4 is continuously executed.
In a specific implementation, if the result of comparing the number of duplicate associations and the user score with any policy atom of the policies currently used for comparison does not conform to the rule corresponding to the policy atom currently used for comparison, it is determined that the comparison result does not conform to all the rules of the policies currently used for comparison, and B3 is executed.
If the result of comparing the de-duplication association number and the user score with each strategy atom of the strategy currently used for comparison accords with the corresponding rule of the strategy atom currently used for comparison, determining that the comparison result accords with all the rules of the strategy currently used for comparison; and performing further judgment to determine the risk level corresponding to the policy currently used for comparison, if the risk level corresponding to the policy currently used for comparison passes, performing B3, and if the risk level corresponding to the policy currently used for comparison does not pass, performing B4.
B3: and executing comparison of the next strategy until the last strategy, and taking the risk level corresponding to the last strategy as the risk level of the user.
In a specific implementation, the comparison of the next policy is performed, and B2 is returned to be performed until the last policy, and the risk level corresponding to the last policy is used as the risk level of the user.
B4: and taking the risk and the like corresponding to the strategy currently used for comparison as the risk level of the user.
To better understand the content of the above process of determining the risk level of the user, a specific example is described, it is to be understood that the following example is only used for illustration, and the data is more complex in actual situations.
For example, assume that there are two policies in the preset policy set.
The first policy has a policy atom and a rule, the policy atom is: the user score 50, the corresponding rule is: greater than. The risk level corresponding to the first policy is accept.
The second policy has two policy atoms and two rules, the first policy atom is: the user score 30, the corresponding rule is: is less than; the second strategy atom is: the number of de-duplication associations 50 for different user ids associated with a user device id during a day, the corresponding rule is: greater than. The second strategy corresponds to a risk level of reject.
The number of de-duplication associations of different user ids associated with the user device id in one day is counted to be 70, and the calculated user score is 10.
Then, comparing the calculated user score of 10 with the policy atom in the first policy, it can be understood that 10 is less than 50, and therefore, the calculated user score of 10 does not conform to the corresponding rule of the first policy atom.
Continuing to perform the comparison with the policy atom in the second policy, specifically, comparing the calculated user score 10 with the first policy atom in the second policy, where it can be understood that 10 is less than 30, and therefore, the calculated user score 10 conforms to the rule corresponding to the first policy atom; comparing the statistical de-duplication count 70 with the second policy atom in the second policy, it can be understood that 70 is greater than 50, and therefore, the statistical de-duplication count 70 conforms to the rule corresponding to the second policy atom.
Thus, the risk level corresponding to the second policy is taken as the risk level of the user, i.e. the risk level of the user is reject.
In the embodiment of the invention, the number of the duplicate removal associations and the user scores are used as the strategy atoms, the strategy atoms are compared with all the strategy atoms of each strategy in the preset strategy set, whether the comparison result accords with all the rules of the strategies currently used for comparison is judged, the subsequent corresponding steps are executed based on different comparison results, and the risk grade of the user behavior is judged by combining the number of the duplicate removal associations and the user scores, so that the risk prediction of the user behavior is realized, and the purpose of providing effective reference suggestions for the activity reward issuing of merchants is achieved.
The embodiment of the invention discloses a risk prediction method of user behaviors, and correspondingly, the embodiment of the invention also discloses a risk prediction device of user behaviors.
Fig. 7 is a block diagram of a risk prediction apparatus for user behavior according to an embodiment of the present invention. The device includes: an acquisition unit 701, a statistical unit 702, a calculation unit 703, and a determination unit 704.
The acquiring unit 701 is configured to acquire user basic information and user browsing page behavior information based on a long connection channel, where the long connection channel is pre-established, and the user basic information includes a user id, a user device id, and a user ip.
A counting unit 702, configured to count, based on the user id, the user device id, and the user ip, a de-duplication association number associated with the user id in a set time period.
The calculating unit 703 is configured to calculate a user score according to the user browsing page behavior information, a preset user behavior model scoring rule, a preset decay period and a preset decay rate, where the preset decay period represents a duration of time for a user to participate in an activity, and the preset decay rate represents a decay degree of the user score in the preset decay period.
A determining unit 704, configured to compare the de-duplication association count and the user score as policy atoms with a preset policy set, to determine a risk level of the user, where the preset policy set includes multiple policies, each policy includes multiple rules and multiple policy atoms, and each policy corresponds to a policy risk level.
In some embodiments provided herein, the apparatus further comprises: and establishing a unit.
The establishing unit comprises:
the acquisition module is used for acquiring the behavior information of the user historical browsing page and the corresponding user historical score;
the first statistical module is used for counting the times of the historical page subscription of the user and the stay time of the historical page subscription based on the historical page browsing behavior information of the user;
the establishing module is used for establishing a user behavior model scoring rule ln (t) × tscore + ln (pv) × pvscore based on the times of the user historical subscription pages, the stay duration of the historical subscription pages and the user historical scores; wherein t represents the stay time of the history subscription page, pv represents the number of times of the history subscription page, and tscore and pvscore represent the calculation factors.
In some embodiments provided herein, the computing unit includes:
the second statistical module is used for counting the times of subscribing the page by the user and the stay time of the subscribed page based on the user browsing page behavior information;
the first calculation module is used for calculating the current score of the user according to a preset scoring rule of the user behavior model;
the second calculation module is used for calculating a score obtained by attenuation of the current user score by the preset attenuation rate in the preset attenuation period according to nscore (1-n m), and taking the score as the user score; wherein nscore represents the current rating of the user, n represents a preset decay period, and m represents a preset decay rate.
In some embodiments provided herein, the determining unit includes:
the comparison module is used for comparing the duplication elimination association number and the user score serving as strategy atoms with all strategy atoms of each strategy in a preset strategy set;
the judging module is used for judging whether the comparison result accords with all rules of the strategy currently used for comparison;
the first processing module is used for judging whether the comparison result accords with all rules of the strategy currently used for comparison or not if the judgment module judges that the comparison result accords with all rules of the strategy currently used for comparison and the risk level corresponding to the strategy currently used for comparison is passed; executing comparison of the next strategy until the last strategy, and taking the risk level corresponding to the last strategy as the risk level of the user;
and the second processing module is used for taking the risk and the like corresponding to the strategy for comparison as the risk level of the user if the judgment module judges that the comparison result conforms to all rules of the strategy for comparison at present and the risk level corresponding to the strategy for comparison at present does not pass.
In some embodiments provided herein, the apparatus further comprises: and an authentication unit.
And the authentication unit is used for authenticating the user basic information acquired by the acquisition unit based on the long connection channel.
It should be noted that, for specific execution principles and implementation processes of each unit and each module in the user behavior risk prediction apparatus disclosed in the embodiment of the present invention, reference may be made to corresponding contents in the user behavior risk prediction method disclosed in the embodiment of the present invention, and details are not described here any more.
Based on the risk prediction device for user behavior provided by the embodiment of the present invention, the obtaining unit obtains the basic user information and the behavior information of the user browsing page based on the long connection channel, where the long connection channel is pre-established, and the basic user information includes a user id, a user equipment id, and a user ip; the statistical unit is used for counting the de-duplication association number associated with the user id in a set time period based on the user id, the user equipment id and the user ip; the calculating unit calculates a user score according to the user browsing page behavior information, a preset user behavior model scoring rule, a preset decay period and a preset decay rate, wherein the preset decay period represents the duration of the user participating in the activity, and the preset decay rate represents the decay degree of the user score in the preset decay period; the determining unit takes the duplication elimination association number and the user score as policy atoms, compares the policy atoms with a preset policy set, and determines the risk level of the user, wherein the preset policy set comprises a plurality of policies, each policy comprises a plurality of rules and a plurality of policy atoms, and each policy corresponds to a risk level. In the scheme provided by the embodiment of the invention, the number of the duplicate removal associations is counted by using the basic information of the user, the user score is calculated by using the behavior information of the user browsing page, and the risk grade of the user behavior is judged by combining the obtained number of the duplicate removal associations and the user score, so that the risk prediction of the user behavior is realized, and the aim of providing effective reference suggestions for the activity reward issue of merchants is fulfilled.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for risk prediction of user behavior, the method comprising:
acquiring user basic information and user browsing page behavior information based on a long connecting channel, wherein the long connecting channel is established in advance, and the user basic information comprises a user id, a user equipment id and a user ip;
counting the de-duplication association number associated with the user id in a set time period based on the user id, the user equipment id and the user ip;
calculating a user score according to the user browsing page behavior information, a preset user behavior model scoring rule, a preset decay period and a preset decay rate, wherein the preset decay period represents the duration of the user participating in the activity, and the preset decay rate represents the decay degree of the user score in the preset decay period;
and comparing the duplication elimination association number and the user score serving as strategy atoms with a preset strategy set to determine the risk level of the user, wherein the preset strategy set comprises a plurality of strategies, each strategy comprises a plurality of rules and a plurality of strategy atoms, and each strategy corresponds to one risk level.
2. The method of claim 1, wherein the process of establishing the user behavior model scoring rules comprises:
acquiring historical browsing page behavior information of a user and corresponding historical scores of the user;
counting the times of the historical page subscription of the user and the stay time of the historical page subscription of the user based on the historical page browsing behavior information of the user;
establishing a user behavior model scoring rule ln (t) tscore + ln (pv) pvscore based on the times of the user history subscription pages, the stay time of the history subscription pages and the user history score;
wherein t represents the stay time of the history subscription page, pv represents the number of times of the history subscription page, and tscore and pvscore represent the calculation factors.
3. The method of claim 2, wherein calculating a user score based on the user browsed page behavior information, preset user behavior model scoring rules, a preset decay period, and a preset decay rate comprises:
counting the times of subscribing the page by the user and the stay time of the subscribed page based on the page browsing behavior information of the user;
calculating the current score of the user according to a preset scoring rule of the user behavior model;
according to nscore (1-n) m, calculating a score obtained by the attenuation of the current user score by the preset attenuation rate in the preset attenuation period, and taking the score as the user score;
wherein nscore represents the current rating of the user, n represents a preset decay period, and m represents a preset decay rate.
4. The method of claim 1, wherein comparing the de-duplication association count and the user score as a policy atom with a preset policy set to determine a risk level of a user comprises:
taking the de-duplication association number and the user score as strategy atoms, and comparing the strategy atoms with all strategy atoms of each strategy in a preset strategy set;
judging whether the comparison result accords with all rules of the strategy currently used for comparison;
if not, or if the strategy is in accordance with the preset risk level, the risk level corresponding to the strategy currently used for comparison is passed; executing comparison of the next strategy until the last strategy, and taking the risk level corresponding to the last strategy as the risk level of the user;
and if the risk level corresponding to the strategy currently used for comparison is not passed, taking the risk and the like corresponding to the strategy currently used for comparison as the risk level of the user.
5. The method of claim 1, wherein after obtaining the basic user information based on the long connection channel, the method further comprises:
and authenticating the basic information of the user.
6. A risk prediction apparatus for user behavior, the apparatus comprising:
the device comprises an acquisition unit, a processing unit and a display unit, wherein the acquisition unit is used for acquiring user basic information and user browsing page behavior information based on a long connecting channel, the long connecting channel is pre-established, and the user basic information comprises a user id, a user equipment id and a user ip;
the counting unit is used for counting the de-duplication association number associated with the user id in a set time period based on the user id, the user equipment id and the user ip;
the calculation unit is used for calculating a user score according to the user browsing page behavior information, a preset user behavior model scoring rule, a preset decay period and a preset decay rate, wherein the preset decay period represents the duration of the user participating in the activity, and the preset decay rate represents the decay degree of the user score in the preset decay period;
and the determining unit is used for comparing the duplication elimination association number and the user score serving as strategy atoms with a preset strategy set to determine the risk level of the user, wherein the preset strategy set comprises a plurality of strategies, each strategy comprises a plurality of rules and a plurality of strategy atoms, and each strategy corresponds to one strategy risk level.
7. The apparatus of claim 6, further comprising: a building unit;
the establishing unit comprises:
the acquisition module is used for acquiring the behavior information of the user historical browsing page and the corresponding user historical score;
the first statistical module is used for counting the times of the historical page subscription of the user and the stay time of the historical page subscription based on the historical page browsing behavior information of the user;
the establishing module is used for establishing a user behavior model scoring rule ln (t) × tscore + ln (pv) × pvscore based on the times of the user historical subscription pages, the stay duration of the historical subscription pages and the user historical scores; wherein t represents the stay time of the history subscription page, pv represents the number of times of the history subscription page, and tscore and pvscore represent the calculation factors.
8. The apparatus of claim 7, wherein the computing unit comprises:
the second statistical module is used for counting the times of subscribing the page by the user and the stay time of the subscribed page based on the user browsing page behavior information;
the first calculation module is used for calculating the current score of the user according to a preset scoring rule of the user behavior model;
the second calculation module is used for calculating a score obtained by attenuation of the current user score by the preset attenuation rate in the preset attenuation period according to nscore (1-n m), and taking the score as the user score; wherein nscore represents the current rating of the user, n represents a preset decay period, and m represents a preset decay rate.
9. The apparatus of claim 6, wherein the determining unit comprises:
the comparison module is used for comparing the duplication elimination association number and the user score serving as strategy atoms with all strategy atoms of each strategy in a preset strategy set;
the judging module is used for judging whether the comparison result accords with all rules of the strategy currently used for comparison;
the first processing module is used for judging whether the comparison result accords with all rules of the strategy currently used for comparison or not if the judgment module judges that the comparison result accords with all rules of the strategy currently used for comparison and the risk level corresponding to the strategy currently used for comparison is passed; executing comparison of the next strategy until the last strategy, and taking the risk level corresponding to the last strategy as the risk level of the user;
and the second processing module is used for taking the risk and the like corresponding to the strategy for comparison as the risk level of the user if the judgment module judges that the comparison result conforms to all rules of the strategy for comparison at present and the risk level corresponding to the strategy for comparison at present does not pass.
10. The apparatus of claim 6, further comprising: an authentication unit;
and the authentication unit is used for authenticating the user basic information acquired by the acquisition unit based on the long connection channel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110806533.9A CN113420941A (en) | 2021-07-16 | 2021-07-16 | Risk prediction method and device for user behavior |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110806533.9A CN113420941A (en) | 2021-07-16 | 2021-07-16 | Risk prediction method and device for user behavior |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113420941A true CN113420941A (en) | 2021-09-21 |
Family
ID=77721815
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110806533.9A Pending CN113420941A (en) | 2021-07-16 | 2021-07-16 | Risk prediction method and device for user behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113420941A (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102201937A (en) * | 2011-06-13 | 2011-09-28 | 刘胜利 | Method for detecting Trojan quickly based on heartbeat behavior analysis |
| CN102594825A (en) * | 2012-02-22 | 2012-07-18 | 北京百度网讯科技有限公司 | Method and device for detecting intranet Trojans |
| CN102932352A (en) * | 2012-11-02 | 2013-02-13 | 北京奇虎科技有限公司 | Method and server for communicating with client |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
| CN106027548A (en) * | 2016-06-28 | 2016-10-12 | 武汉斗鱼网络科技有限公司 | System and method for generating white list based on page heartbeat event of a live broadcast website |
| US20180082229A1 (en) * | 2015-05-13 | 2018-03-22 | Alibaba Group Holding Limited | Risk identification based on historical behavioral data |
| CN108521405A (en) * | 2018-03-20 | 2018-09-11 | 咪咕文化科技有限公司 | A kind of risk management and control method, device and storage medium |
| CN109660584A (en) * | 2017-10-12 | 2019-04-19 | 阿里巴巴集团控股有限公司 | A kind of method and communication means and communication system of client and the long connection of server foundation |
| CN109978547A (en) * | 2017-12-28 | 2019-07-05 | 北京京东尚科信息技术有限公司 | Risk behavior control method and system, equipment and storage medium |
| CN111104628A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111259952A (en) * | 2020-01-14 | 2020-06-09 | 中国平安财产保险股份有限公司 | Abnormal user identification method and device, computer equipment and storage medium |
| CN111491300A (en) * | 2020-03-11 | 2020-08-04 | 中移(杭州)信息技术有限公司 | Risk detection method, device, equipment and storage medium |
| CN111754241A (en) * | 2019-05-27 | 2020-10-09 | 北京京东尚科信息技术有限公司 | User behavior perception method, device, equipment and medium |
| CN111951008A (en) * | 2020-07-22 | 2020-11-17 | 中国建设银行股份有限公司 | Risk prediction method and device, electronic equipment and readable storage medium |
| CN112580952A (en) * | 2020-12-09 | 2021-03-30 | 腾讯科技(深圳)有限公司 | User behavior risk prediction method and device, electronic equipment and storage medium |
-
2021
- 2021-07-16 CN CN202110806533.9A patent/CN113420941A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102201937A (en) * | 2011-06-13 | 2011-09-28 | 刘胜利 | Method for detecting Trojan quickly based on heartbeat behavior analysis |
| CN102594825A (en) * | 2012-02-22 | 2012-07-18 | 北京百度网讯科技有限公司 | Method and device for detecting intranet Trojans |
| CN102932352A (en) * | 2012-11-02 | 2013-02-13 | 北京奇虎科技有限公司 | Method and server for communicating with client |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
| US20180082229A1 (en) * | 2015-05-13 | 2018-03-22 | Alibaba Group Holding Limited | Risk identification based on historical behavioral data |
| CN106027548A (en) * | 2016-06-28 | 2016-10-12 | 武汉斗鱼网络科技有限公司 | System and method for generating white list based on page heartbeat event of a live broadcast website |
| CN109660584A (en) * | 2017-10-12 | 2019-04-19 | 阿里巴巴集团控股有限公司 | A kind of method and communication means and communication system of client and the long connection of server foundation |
| CN109978547A (en) * | 2017-12-28 | 2019-07-05 | 北京京东尚科信息技术有限公司 | Risk behavior control method and system, equipment and storage medium |
| CN108521405A (en) * | 2018-03-20 | 2018-09-11 | 咪咕文化科技有限公司 | A kind of risk management and control method, device and storage medium |
| CN111104628A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111754241A (en) * | 2019-05-27 | 2020-10-09 | 北京京东尚科信息技术有限公司 | User behavior perception method, device, equipment and medium |
| CN111259952A (en) * | 2020-01-14 | 2020-06-09 | 中国平安财产保险股份有限公司 | Abnormal user identification method and device, computer equipment and storage medium |
| CN111491300A (en) * | 2020-03-11 | 2020-08-04 | 中移(杭州)信息技术有限公司 | Risk detection method, device, equipment and storage medium |
| CN111951008A (en) * | 2020-07-22 | 2020-11-17 | 中国建设银行股份有限公司 | Risk prediction method and device, electronic equipment and readable storage medium |
| CN112580952A (en) * | 2020-12-09 | 2021-03-30 | 腾讯科技(深圳)有限公司 | User behavior risk prediction method and device, electronic equipment and storage medium |
Non-Patent Citations (4)
| Title |
|---|
| SOLANO J, ET AL.: "Risk-based static authentication in web applications with behavioral biometrics and session context analytics", 《SPRINGER》, 14 August 2019 (2019-08-14) * |
| 成理嘉: "基于过程挖掘的电商业务风险预测方案的设计与实现", 《中国优秀硕士学位论文全文数据库- 信息科技辑》 * |
| 成理嘉: "基于过程挖掘的电商业务风险预测方案的设计与实现", 《中国优秀硕士学位论文全文数据库- 信息科技辑》, 15 January 2018 (2018-01-15) * |
| 阿维纳什·考希克著、沈文婷译: "谷歌数据分析方法:以用户为中心的数据分析思维框架", 广西科学技术出版社, pages: 312 - 315 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10929879B2 (en) | Method and apparatus for identification of fraudulent click activity | |
| CN113543178B (en) | Service optimization method, device, equipment and storage medium based on user perception | |
| CN108076237B (en) | Telephone customer service data processing method and device | |
| JP5551704B2 (en) | Evaluating online marketing efficiency | |
| CN106603262A (en) | Method and system of distribution of customer service modes | |
| KR20180039656A (en) | Measure your advertising performance | |
| JP5925373B1 (en) | Communication support system | |
| WO2019034164A1 (en) | Competition event voting system and method | |
| EP2174220A1 (en) | System and method for voting in online competitions | |
| KR20120040589A (en) | Optimum tender price prediction method and system | |
| US20190098568A1 (en) | Method and apparatus for generating recommended changes to communication behaviors | |
| CN106874273A (en) | Channel information statistical method, device and system | |
| CN113412607B (en) | Content pushing method and device, mobile terminal and storage medium | |
| CN109034867B (en) | Click traffic detection method and device and storage medium | |
| CN108734550A (en) | Method, apparatus, equipment and the storage medium of propelling data | |
| Dyaberi et al. | Managing cellular congestion using incentives | |
| CN110532485B (en) | User behavior detection method and device based on multi-source data fusion | |
| CN106209731B (en) | Session service processing method and device | |
| CN110585722A (en) | Block chain-based game time information processing method and device and game control method and device | |
| CN110070392B (en) | User loss early warning method and device | |
| CN112967091A (en) | Intelligent distribution method, system and storage medium for marketing service event | |
| CN113420941A (en) | Risk prediction method and device for user behavior | |
| CN111814064A (en) | Abnormal user processing method and device based on Neo4j, computer equipment and medium | |
| CN110675197A (en) | Method, device and equipment for evaluating data and storage medium | |
| CN113362127A (en) | Second-hand car bidding system with high availability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210921 |