CN113421105A - Big data fraud prevention based information processing method and artificial intelligence monitoring system - Google Patents

Big data fraud prevention based information processing method and artificial intelligence monitoring system Download PDF

Info

Publication number
CN113421105A
CN113421105A CN202110855284.2A CN202110855284A CN113421105A CN 113421105 A CN113421105 A CN 113421105A CN 202110855284 A CN202110855284 A CN 202110855284A CN 113421105 A CN113421105 A CN 113421105A
Authority
CN
China
Prior art keywords
fraud
migration
path
fraudulent
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110855284.2A
Other languages
Chinese (zh)
Inventor
周全
庄钰
贾小奇
郭坤锦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongguan Changxuechangwan Education Technology Co ltd
Original Assignee
Dongguan Changxuechangwan Education Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongguan Changxuechangwan Education Technology Co ltd filed Critical Dongguan Changxuechangwan Education Technology Co ltd
Priority to CN202110855284.2A priority Critical patent/CN113421105A/en
Publication of CN113421105A publication Critical patent/CN113421105A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud

Abstract

The embodiment of the application provides an information processing method and an artificial intelligence monitoring system for preventing fraud based on big data, the characteristics of fraud path information can be used for representing part of fraud routing information of fraud event data, different fraud path information corresponds to different part of fraud routing information, the reliability of information of a to-be-protected migration fraud path generated based on the characteristics of each fraud path information in each fraud event data is higher, and the reliability of the to-be-protected migration fraud path can be effectively improved. Furthermore, the characteristics of the fraudulent path information include not only the fraudulent event characteristics but also the migration information, the fraudulent path characteristics represent the fraudulent event characteristics, the migration attribute characteristics represent the migration information, the fraudulent event characteristics and the migration information are mapped by combining the fraudulent path characteristics, and accordingly, the migration fraudulent path to be protected includes not only the fraudulent event characteristics but also the migration information, so that the reliability of the migration fraudulent path to be protected can be further improved.

Description

Big data fraud prevention based information processing method and artificial intelligence monitoring system
Technical Field
The application relates to the technical field of big data and artificial intelligence, in particular to an anti-fraud information processing method based on big data and an artificial intelligence monitoring system.
Background
The strategic significance of big data technology is not to grasp huge data information, but to specialize the data containing significance. In other words, if big data is compared to an industry, the key to realizing profitability of the industry is to improve the processing capability of the data and realize the value increment of the data through processing.
In the related technology, because big data plays an important role in information fraud prevention, the weak fraud path link can be protected and configured in a targeted manner by combining big user data analysis, and the fraud risk is reduced. For example, at present, by analyzing the fraud routing information of the relevant fraud event, the protection configuration of a weak fraud path link can be performed conveniently, however, the current scheme does not consider the process of migration information of the fraud event (for example, the migration process of the fraud path is a classical fraud scenario feature), so that the reference accuracy of the protection of the fraud path is low.
Disclosure of Invention
In order to overcome at least the above disadvantages in the prior art, the present application aims to provide an anti-fraud information processing method and an artificial intelligence monitoring system based on big data.
In a first aspect, the present application provides a big data fraud prevention-based information processing method, which is applied to an artificial intelligence monitoring system, where the artificial intelligence monitoring system is in communication connection with a plurality of cloud service systems, and the method includes:
acquiring target abnormal business behavior big data of the artificial intelligence monitoring system, determining candidate fraud event data from the target abnormal business behavior big data, extracting fraud path information from the candidate fraud event data and migration fraud event data corresponding to the candidate fraud event data respectively, generating fraud path characteristics corresponding to each fraud path information, and obtaining an optimized fraud path characteristic group corresponding to the candidate fraud event data and a migration fraud path characteristic group corresponding to the migration fraud event data; the optimized fraud path feature group comprises fraud path features corresponding to target fraud path information in candidate fraud event data respectively, and the migration fraud path feature group comprises fraud path features corresponding to migration fraud path information in migration fraud event data respectively;
matching the target fraudulent path information and the migration fraudulent path information based on the path characteristic linking degree between the target fraudulent path information and the migration fraudulent path information, and generating a migration attribute characteristic corresponding to the target fraudulent path information based on the successfully matched target fraudulent path information and the migration linking degree of the migration fraudulent path information;
fusing the migration attribute characteristics and the fraud path characteristics corresponding to the same target fraud path information to obtain corresponding fused fraud path characteristics, and updating the optimized fraud path characteristic group based on the fused fraud path characteristics to obtain an optimized fraud path characteristic group;
and obtaining a to-be-protected migration fraud path corresponding to the target abnormal business behavior big data based on the optimized fraud path characteristic group corresponding to the candidate fraud event data so as to perform protection configuration on the to-be-protected migration fraud path.
In a second aspect, an embodiment of the present application further provides a big data fraud prevention-based information processing system, where the big data fraud prevention-based information processing system includes an artificial intelligence monitoring system and a plurality of cloud service systems in communication connection with the artificial intelligence monitoring system;
the artificial intelligence monitoring system is used for:
acquiring target abnormal business behavior big data of the artificial intelligence monitoring system, determining candidate fraud event data from the target abnormal business behavior big data, extracting fraud path information from the candidate fraud event data and migration fraud event data corresponding to the candidate fraud event data respectively, generating fraud path characteristics corresponding to each fraud path information, and obtaining an optimized fraud path characteristic group corresponding to the candidate fraud event data and a migration fraud path characteristic group corresponding to the migration fraud event data; the optimized fraud path feature group comprises fraud path features corresponding to target fraud path information in candidate fraud event data respectively, and the migration fraud path feature group comprises fraud path features corresponding to migration fraud path information in migration fraud event data respectively;
matching the target fraudulent path information and the migration fraudulent path information based on the path characteristic linking degree between the target fraudulent path information and the migration fraudulent path information, and generating a migration attribute characteristic corresponding to the target fraudulent path information based on the successfully matched target fraudulent path information and the migration linking degree of the migration fraudulent path information;
fusing the migration attribute characteristics and the fraud path characteristics corresponding to the same target fraud path information to obtain corresponding fused fraud path characteristics, and updating the optimized fraud path characteristic group based on the fused fraud path characteristics to obtain an optimized fraud path characteristic group;
and obtaining a to-be-protected migration fraud path corresponding to the target abnormal business behavior big data based on the optimized fraud path characteristic group corresponding to the candidate fraud event data so as to perform protection configuration on the to-be-protected migration fraud path.
According to any one of the above aspects, the characteristics of the fraudulent path information can be used to represent part of fraudulent route information of the fraudulent event data, different fraudulent path information corresponds to different part of fraudulent route information, the reliability of the information of the to-be-protected migration fraudulent path generated based on the characteristics of each fraudulent path information in each fraudulent event data is higher, and the reliability of the to-be-protected migration fraudulent path can be effectively improved. Furthermore, the characteristics of the fraudulent path information include not only the fraudulent event characteristics but also the migration information, the fraudulent path characteristics represent the fraudulent event characteristics, the migration attribute characteristics represent the migration information, the fraudulent event characteristics and the migration information are mapped by combining the fraudulent path characteristics, and accordingly, the migration fraudulent path to be protected includes not only the fraudulent event characteristics but also the migration information, so that the reliability of the migration fraudulent path to be protected can be further improved.
Drawings
FIG. 1 is a schematic view of an application scenario of a big data fraud prevention based information processing system according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of an information processing method for preventing fraud based on big data according to an embodiment of the present application;
fig. 3 is a schematic block diagram of a structure of an artificial intelligence monitoring system for implementing the above big data fraud prevention-based information processing method according to an embodiment of the present application.
Detailed Description
FIG. 1 is a schematic diagram of a scenario of a big data fraud prevention based information processing system 10 according to an embodiment of the present application. The big data fraud prevention based information processing system 10 may include an artificial intelligence monitoring system 100 and a cloud business service system 200 communicatively connected to the artificial intelligence monitoring system 100. The big data fraud prevention based information handling system 10 shown in FIG. 1 is only one possible example, and in other possible embodiments, the big data fraud prevention based information handling system 10 may include only at least some of the components shown in FIG. 1 or may include additional components.
In this embodiment, the artificial intelligence monitoring system 100 and the cloud service system 200 in the big data fraud prevention based information processing system 10 may execute the big data fraud prevention based information processing method described in the following method embodiment in a matching manner, and for a specific part of the execution steps of the artificial intelligence monitoring system 100 and the cloud service system 200, reference may be made to the detailed description of the following method embodiment.
Fig. 2 is a schematic flow chart of an information processing method based on big data fraud prevention according to an embodiment of the present application, where the information processing method based on big data fraud prevention according to the present embodiment may be executed by the artificial intelligence monitoring system 100 shown in fig. 1, and the following describes the information processing method based on big data fraud prevention in detail.
Step S110, acquiring target abnormal business behavior big data, determining candidate fraud event data from the target abnormal business behavior big data, extracting fraud path information from the candidate fraud event data and migration fraud event data corresponding to the candidate fraud event data respectively, generating fraud path characteristics corresponding to each fraud path information, and obtaining an optimized fraud path characteristic group corresponding to the candidate fraud event data and a migration fraud path characteristic group corresponding to the migration fraud event data; the optimized fraud path feature group comprises fraud path features corresponding to target fraud path information in the candidate fraud event data respectively, and the migration fraud path feature group comprises fraud path features corresponding to migration fraud path information in the migration fraud event data respectively.
For example, the artificial intelligence monitoring system 100 may obtain the target abnormal business behavior big data locally or from the cloud business service system 200 and the other cloud business service systems 100, and generate the migration fraud path to be protected corresponding to the target abnormal business behavior big data. The artificial intelligence monitoring system 100 can perform fraud event data analysis on the target abnormal business behavior big data to obtain a fraud event data set corresponding to the target abnormal business behavior big data. The artificial intelligence monitoring system 100 can determine at least one candidate fraud event data from the fraud event data set, and generate a migration fraud path to be protected based on each candidate fraud event data. In determining candidate fraud data, the artificial intelligence monitoring system 100 may select a unit amount of fraud data from the fraud data set as the candidate fraud data, e.g., obtaining one fraud data per fraud as the candidate fraud data. Of course, the artificial intelligence monitoring system 100 may also use each fraud event data in the fraud event data set as candidate fraud event data, and the artificial intelligence monitoring system 100 may also randomly select any number of fraud event data from the candidate fraud event data as candidate fraud event data.
The migration fraud event data corresponding to the candidate fraud event data refers to at least one of forward fraud event data and backward fraud event data corresponding to the candidate fraud event data. In the fraud data set, for example, several pieces of selected forward fraud data are spaced before the candidate fraud data as the migration fraud data, and several pieces of selected forward fraud data are spaced after the candidate fraud data as the migration fraud data. For example, the first third migration of candidate fraud data is selected as forward fraud data and the last third migration of candidate fraud data is selected as backward fraud data.
In the fraud event data, there are often some fraud track flows with fraud paths, for example, application behavior fraud paths on a fraud track flow of an authority application behavior, and the like, and the patterns of these fraud track flows have specific characteristics, which can be distinguished from other flows, and meanwhile, these characteristics have certain characteristics under some common fraud event data analysis flows. Many such fraudulent paths may exist in the first and fraudulent event data, and the constituent information of these fraudulent paths is referred to as fraudulent path information. The fraud path characteristics corresponding to the fraud path information refer to fraud event data characteristics of a fraud track flow corresponding to the fraud path information.
The target fraudulent path information is fraudulent path information extracted from the candidate fraudulent event data, and the migration fraudulent path information is fraudulent path information extracted from the migration fraudulent event data. The optimized fraud path feature group comprises fraud path features corresponding to all target fraud path information in the candidate fraud event data. The migration fraud path feature group comprises fraud path features corresponding to all migration fraud path information in the migration fraud event data.
For example, the artificial intelligence monitoring system 100 may extract the fraud path information from the candidate fraud event data to obtain at least one target fraud path information, and generate a fraud path feature corresponding to each target fraud path information, so as to obtain an optimized fraud path feature group corresponding to the candidate fraud event data. The artificial intelligence monitoring system 100 may extract the fraudulent path information from the migration fraudulent event data to obtain at least one migration fraudulent path information, and generate the fraudulent path feature corresponding to each migration fraudulent path information, thereby obtaining the migration fraudulent path feature group corresponding to the migration fraudulent event data.
In an independently contemplated embodiment, the artificial intelligence monitoring system 100 can extract fraud path information from fraud event data via a fraud path information extraction algorithm, such as a fraud path analysis network based on AI training.
Step S120, the target fraudulent path information and the migration fraudulent path information are paired based on the path characteristic engagement degree between the target fraudulent path information and the migration fraudulent path information, and the migration attribute characteristic corresponding to the target fraudulent path information is generated based on the successfully paired target fraudulent path information and the migration engagement degree of the migration fraudulent path information.
For example, the path feature engagement degree between the target fraudulent path information and the migration fraudulent path information refers to an association metric value of an association path node between a fraudulent path feature corresponding to the target fraudulent path information and a fraudulent path feature corresponding to the migration fraudulent path information. The artificial intelligence monitoring system 100 may perform pairing of the target fraudulent path information and the migration fraudulent path information based on the path characteristic engagement degree between the target fraudulent path information and the migration fraudulent path information, so as to determine target fraudulent path information and migration fraudulent path information that are paired with each other.
In an embodiment of an independent concept, the pairing of the target fraudulent path information and the migration fraudulent path information may adopt a nearest neighbor algorithm based on fraudulent path characteristics, calculate path characteristic engagement degrees between one target fraudulent path information and each migration fraudulent path information, and select, from among the plurality of path characteristic engagement degrees, the migration fraudulent path information corresponding to the path characteristic engagement degree with the smallest association metric value of the associated path node as the migration fraudulent path information paired with the target fraudulent path information. In addition, in order to improve the reliability of the pairing, a threshold may be set, and when the path feature engagement degree with the minimum association metric value of the associated path node is greater than the engagement degree threshold, the migration fraud path information corresponding to the path feature engagement degree with the minimum association metric value of the associated path node is finally determined as the migration fraud path information paired with the target fraud path information.
The migration engagement degree of the target fraudulent path information and the migration fraudulent path information refers to an association metric value of an associated path node of a fraudulent path of the target fraudulent path information and the migration fraudulent path information in a migration process. The migration attribute feature is migration information for representing target fraudulent path information.
For example, when matching the target fraudulent path information and the migration fraudulent path information, some target fraudulent path information may find the migration fraudulent path information matched with each other, and some target fraudulent path information may not find the migration fraudulent path information matched with each other. And when the target fraudulent path information and the migration fraudulent path information are matched, the target fraudulent path information and the migration fraudulent path information are successfully matched. The successfully paired target fraudulent path information and migration fraudulent path information can be regarded as the same fraudulent path information on different fraudulent event data, and therefore, the migration attribute feature corresponding to the target fraudulent path information can be generated based on the migration engagement degree of the successfully paired target fraudulent path information and migration fraudulent path information.
In an independently contemplated embodiment, the migration fraud event data includes at least one of forward fraud event data and backward fraud event data. The fraudulent path information in the forward fraudulent event data can be used as the forward fraudulent path information, and the forward migration attribute characteristics corresponding to the target fraudulent path information can be generated based on the successful target fraudulent path information and the migration engagement degree of the forward fraudulent path information. Similarly, the fraudulent path information in the backward fraudulent event data can be used as backward fraudulent path information, and the backward migration attribute feature corresponding to the target fraudulent path information can be generated based on the target fraudulent path information and the migration engagement degree of the backward fraudulent path information which are successfully paired. Because the candidate fraud event data usually includes information of a plurality of target fraud paths, a plurality of forward migration attribute features and a plurality of backward migration attribute features can be finally obtained, each forward migration attribute feature can form a forward migration attribute feature group, and each backward migration attribute feature can form a backward migration attribute feature group.
In an embodiment of an independent concept, the migration engagement degree of the successfully paired target fraudulent path information and migration fraudulent path information can be directly used as the migration attribute characteristic of the corresponding target fraudulent path information.
And step S130, fusing the migration attribute characteristics and the fraud path characteristics corresponding to the same target fraud path information to obtain corresponding fused fraud path characteristics, and updating the optimized fraud path characteristic group based on the fused fraud path characteristics to obtain the optimized fraud path characteristic group.
For example, after determining the migration attribute feature corresponding to the target fraudulent path information, the artificial intelligence monitoring system 100 may fuse the migration attribute feature corresponding to the target fraudulent path information and the fraudulent path feature to obtain a fused fraudulent path feature corresponding to the target fraudulent path information. The migration attribute feature may represent migration information of the target fraudulent path information, the feature may represent a fraudulent event feature of a local fraudulent event data feature portion corresponding to the target fraudulent path information, and the fused fraudulent path feature obtained by mapping the migration attribute feature and the fraudulent path feature may represent the migration information and the fraudulent event feature of the target fraudulent path information at the same time. Further, the artificial intelligence monitoring system 100 may update the optimized rogue path feature cluster based on the fused rogue path feature, so as to obtain the optimized rogue path feature cluster.
In an embodiment of the independent concept, the optimized rogue path feature group includes target rogue path features corresponding to respective target rogue path information. The target fraudulent path characteristics may be fused fraudulent path characteristics, that is, the optimized fraudulent path characteristic group includes fused fraudulent path characteristics corresponding to each target fraudulent path information. When the artificial intelligence monitoring system 100 updates the optimized rogue path feature group based on the fused rogue path features, the rogue path features corresponding to the target rogue path information may be replaced with corresponding fused rogue path features, and the target rogue path information without the corresponding fused rogue path features may be filtered, so as to reduce the data pressure of the artificial intelligence monitoring system 100. The target fraudulent path feature may be a fused fraudulent path feature or a fraudulent path feature, that is, the optimized fraudulent path feature group may also include a fused fraudulent path feature corresponding to the target fraudulent path information having the migration attribute feature and a fraudulent path feature corresponding to the target fraudulent path information not having the migration attribute feature. When the artificial intelligence monitoring system 100 updates the optimized rogue path feature group based on the fused rogue path features, the rogue path features corresponding to the target rogue path information may be replaced with corresponding fused rogue path features, and the rogue path features corresponding to the target rogue path information without the corresponding fused rogue path features may be retained.
And step S140, obtaining a to-be-protected migration fraud path corresponding to the target abnormal business behavior big data based on the optimized fraud path characteristic group corresponding to the candidate fraud event data so as to perform protection configuration on the to-be-protected migration fraud path.
The to-be-protected migration fraud path is a fraud path used for representing that substantial fraud migration exists in the abnormal business behavior big data, and after the to-be-protected migration fraud path corresponding to the target abnormal business behavior big data is obtained, targeted protection configuration can be performed on the to-be-protected migration fraud path so as to avoid subsequent fraud through the to-be-protected migration fraud path.
For example, the artificial intelligence monitoring system 100 obtains a to-be-protected migration fraud path corresponding to the target abnormal business behavior big data based on the optimized fraud path feature group corresponding to the candidate fraud event data. It can be understood that, when there are a plurality of candidate fraud event data, the artificial intelligence monitoring system 100 may obtain optimized fraud path feature groups corresponding to the candidate fraud event data, where each optimized fraud path feature group constitutes a to-be-protected migration fraud path corresponding to the target abnormal service behavior big data. The optimized fraud path feature group can also be used as a fraud path corresponding to the candidate fraud event data.
Based on the above steps, the characteristics of the fraudulent path information can be used for representing part of fraudulent route information of the fraudulent event data, different fraudulent path information corresponds to different parts of fraudulent route information, the reliability of the information of the to-be-protected migration fraudulent path generated based on the characteristics of each fraudulent path information in each fraudulent event data is higher, and the reliability of the to-be-protected migration fraudulent path can be effectively improved. Further, the characteristics of the fraudulent path information include not only the characteristics of the fraudulent event but also the migration information, and correspondingly, the to-be-protected migration fraudulent path includes not only the characteristics of the fraudulent event but also the migration information, so that when the fraudulent event data pairing is performed based on the to-be-protected migration fraudulent path, the reliability of the abnormal business behavior big data pairing can be effectively improved.
In an embodiment of independent concept, pairing target fraudulent path information and migration fraudulent path information based on a path feature engagement degree between the target fraudulent path information and the migration fraudulent path information includes: calculating the path characteristic connection degrees between the fraud path characteristics corresponding to the current target fraud path information and the fraud path characteristics corresponding to each migration fraud path information respectively to obtain a plurality of path characteristic connection degrees corresponding to the current target fraud path information; and when the maximum path characteristic engagement degree is greater than the target engagement degree, taking the migration fraud path information corresponding to the maximum path characteristic engagement degree as the migration fraud path information matched with the current target fraud path information.
For example, when matching the fraud path information, the artificial intelligence monitoring system 100 may arbitrarily select one piece of target fraud path information from the multiple pieces of target fraud path information as the current target fraud path information, and calculate the path feature engagement degrees between the fraud path features corresponding to the current target fraud path information and the fraud path features corresponding to the respective pieces of migration fraud path information, to obtain multiple path feature engagement degrees corresponding to the current target fraud path information. And then selecting the maximum path characteristic connection degree from the multiple path characteristic connection degrees, and when the maximum path characteristic connection degree is greater than the target connection degree, taking the migration fraud path information corresponding to the maximum path characteristic connection degree as the migration fraud path information matched with the current target fraud path information. And if the maximum path characteristic connection degree is not greater than the target connection degree, indicating that the current target fraudulent path information does not have corresponding migration fraudulent path information. When the candidate fraud event data comprises a plurality of target fraud path information, each target fraud path information searches the corresponding paired migration fraud path information according to the same mode. Wherein, the target engagement degree can be set according to actual needs.
In this embodiment, the fraud path characteristics of the fraud path information may represent local fraud event data characteristic characteristics, and the fraud path information paired with each other should be located in the same or a more similar local fraud event data characteristic portion, so that when the maximum path characteristic engagement degree is greater than the target engagement degree, it may be quickly determined that the migration fraud path information corresponding to the maximum path characteristic engagement degree and the current target fraud path information are located in the same local fraud event data characteristic portion, and the two are paired successfully.
In an embodiment of independent concept, taking migration fraudulent path information corresponding to a maximum path feature engagement degree as migration fraudulent path information paired with current target fraudulent path information includes: and when the migration connection degree of the migration fraud path information corresponding to the maximum path characteristic connection degree and the current target fraud path information is greater than the target connection degree, taking the migration fraud path information corresponding to the maximum path characteristic connection degree as the migration fraud path information matched with the current target fraud path information.
For example, when matching the fraudulent path information, the artificial intelligence monitoring system 100 may calculate path feature engagement degrees between the fraudulent path features corresponding to the current target fraudulent path information and the fraudulent path features corresponding to each piece of migration fraudulent path information, obtain a plurality of path feature engagement degrees corresponding to the current target fraudulent path information, select a maximum path feature engagement degree from the plurality of path feature engagement degrees, and when the maximum path feature engagement degree is greater than the target engagement degree and the migration fraud path information corresponding to the maximum path feature engagement degree and the migration engagement degree of the current target fraudulent path information are less than the target engagement degree, use the migration fraud path information corresponding to the maximum path feature engagement degree as the migration fraudulent path information matched with the current target fraudulent path information. If the migration joining degree of the migration fraud path information corresponding to the maximum path characteristic joining degree and the current target fraud path information is not greater than the target joining degree, it is indicated that the difference between the migration fraud path information and the current target fraud path information is obvious, the change of the fraud path between fraud event data is too obvious, and the fraud event data may be abnormal, so that the migration fraud path information and the current target fraud path information are not considered to be matched with each other, and the target joining degree can be set according to actual needs.
In this embodiment, when the maximum path feature engagement degree is greater than the target engagement degree, and the migration fraud path information corresponding to the maximum path feature engagement degree and the migration engagement degree of the current target fraud path information are greater than the target engagement degree, the migration fraud path information corresponding to the maximum path feature engagement degree is used as the migration fraud path information paired with the current target fraud path information. In this way, the migration fraudulent path information paired with the current target fraudulent path information can be accurately found.
In an embodiment of an independent concept, migration fraud event data corresponding to the candidate fraud event data includes at least one of forward fraud event data and backward fraud event data corresponding to the candidate fraud event data, migration fraud path information corresponding to the forward fraud event data is forward fraud path information, migration fraud path information corresponding to the backward fraud event data is backward fraud path information, and the migration attribute feature includes at least one of a forward migration attribute feature and a backward migration attribute feature. Generating migration attribute characteristics corresponding to the target fraudulent path information based on the successfully paired target fraudulent path information and the migration linking degree of the migration fraudulent path information, wherein the characteristics comprise: when the successfully paired migration fraud path information is forward fraud path information of the target fraud path information, generating forward migration attribute characteristics corresponding to the target fraud path information based on the successfully paired target fraud path information and the migration engagement degree of the migration fraud path information; and when the successfully paired migration fraud path information is backward fraud path information of the target fraud path information, generating backward migration attribute characteristics corresponding to the target fraud path information based on the successfully paired target fraud path information and the migration engagement degree of the migration fraud path information.
For example, the migration fraud event data corresponding to the candidate fraud event data includes at least one of forward fraud event data and backward fraud event data corresponding to the candidate fraud event data, and the migration attribute feature includes at least one of a forward migration attribute feature and a backward migration attribute feature. And when the migration fraud event data corresponding to the candidate fraud event data is the forward fraud event data corresponding to the candidate fraud event data, the migration fraud path information in the migration fraud event data is the forward fraud path information. And when the successfully paired migration fraud path information is the forward fraud path information of the target fraud path information, generating forward migration attribute characteristics corresponding to the target fraud path information based on the successfully paired target fraud path information and the migration engagement degree of the migration fraud path information. And when the migration fraud event data corresponding to the candidate fraud event data is backward fraud event data corresponding to the candidate fraud event data, the migration fraud path information in the migration fraud event data is backward fraud path information. And when the successfully paired migration fraud path information is backward fraud path information of the target fraud path information, generating backward migration attribute characteristics corresponding to the target fraud path information based on the successfully paired target fraud path information and the migration engagement degree of the migration fraud path information.
In an embodiment of independent conception, the current migration attribute feature is a forward migration attribute feature or a backward migration attribute feature, and the current migration attribute feature corresponding to the target fraudulent path information is generated based on the target fraudulent path information successfully paired and the migration engagement degree of the migration fraudulent path information, including:
step S121, generating initial migration attribute characteristics corresponding to each target fraudulent path information based on the successfully paired target fraudulent path information and the migration linking degree of the migration fraudulent path information; the start migration attribute feature has a migration behavior tag.
And step S122, clustering the initial migration attribute characteristics corresponding to the same migration behavior tag to obtain cluster members corresponding to each migration behavior tag.
Step S123, counting the feature quantity of the initial migration attribute features in the same group member to obtain the target feature quantity corresponding to each group member.
And step S124, taking the migration behavior label corresponding to the clustering member with the maximum target characteristic quantity as a target migration behavior label.
And step S125, adaptively updating each initial migration attribute characteristic based on the target migration behavior tag to obtain the current migration attribute characteristic corresponding to each target fraudulent path information.
In order to avoid the influence caused by data change of abnormal business behavior big data, the migration behavior tags of the migration attribute features need to be regularized, and the forward migration attribute features and the backward migration attribute features need to be regularized respectively. The artificial intelligence monitoring system 100 may generate an initial migration attribute feature corresponding to each piece of target fraudulent path information based on the successfully paired target fraudulent path information and the migration engagement degree of the migration fraudulent path information, where the initial migration attribute feature has a migration behavior tag. And then clustering the initial migration attribute characteristics corresponding to the same migration behavior tag to obtain cluster members corresponding to each migration behavior tag. One group member comprises at least one initial migration attribute characteristic corresponding to the same migration behavior label. The artificial intelligence monitoring system 100 may count the feature quantity of the initial migration attribute features in the same cluster member to obtain the target feature quantity corresponding to each cluster member, and use the migration behavior tag corresponding to the cluster member with the largest target feature quantity as the target migration behavior tag, that is, use the migration behavior tags corresponding to most of the initial migration attribute features as the main target migration behavior tag of the candidate fraud event data. Finally, the artificial intelligence monitoring system 100 may adaptively update each initial migration attribute feature based on the target migration behavior tag, so as to obtain a current migration attribute feature corresponding to each target fraudulent path information.
And when the successfully paired migration fraud path information is forward fraud path information of the target fraud path information, the initial migration attribute feature is a forward initial migration attribute feature, and the forward initial migration attribute feature carries a forward migration behavior tag. The artificial intelligence monitoring system 100 may perform clustering on the forward initial migration attribute features corresponding to the same forward migration behavior tag to obtain cluster members corresponding to each forward migration behavior tag, count the feature quantity of the forward initial migration attribute features in the same cluster member to obtain the target feature quantity corresponding to each cluster member, use the forward migration behavior tag corresponding to the cluster member with the largest target feature quantity as the target forward migration behavior tag, that is, use the migration behavior tags corresponding to most forward initial migration attribute features as the main forward target migration behavior tag of the candidate fraud event data, adjust each forward initial migration attribute feature based on the target forward migration behavior tag, and obtain the forward target migration attribute feature corresponding to each target fraud path information.
And when the successfully paired migration fraud path information is backward fraud path information of the target fraud path information, the initial migration attribute feature is a backward initial migration attribute feature, and the backward initial migration attribute feature carries a backward migration behavior tag. The artificial intelligence monitoring system 100 may perform clustering on backward initial migration attribute features corresponding to the same backward migration behavior tag to obtain cluster members corresponding to each backward migration behavior tag, count the feature quantity of the backward initial migration attribute features in the same cluster member to obtain the target feature quantity corresponding to each cluster member, use the backward migration behavior tag corresponding to the cluster member with the maximum target feature quantity as the target backward migration behavior tag, that is, use most of the migration behavior tags corresponding to the backward initial migration attribute features as the main backward target migration behavior tag of the candidate fraud event data, adjust each backward initial migration attribute feature based on the target backward migration behavior tag, and obtain the backward target migration attribute features corresponding to each target fraud path information.
In the embodiment, the migration behavior tag of the migration attribute feature is regularized, so that the influence caused by data change of abnormal service behavior big data can be avoided, the reliability of a fraud path of candidate fraud event data is improved, and the reliability of a to-be-protected migration fraud path is improved.
In an embodiment of independent concept, adaptively updating each initial migration attribute feature based on a target migration behavior tag to obtain a current migration attribute feature corresponding to each target fraudulent path information, includes:
step S1251, adaptively update each initial migration attribute feature based on the target migration behavior tag, to obtain a temporary migration attribute feature corresponding to each target fraudulent path information.
Step S1252, perform structured conversion on each temporary migration attribute feature to obtain a current migration attribute feature corresponding to each target fraudulent path information.
In an independently conceived embodiment, performing structured conversion on each temporary migration attribute feature to obtain a current migration attribute feature corresponding to each target fraudulent path information includes:
(1) and acquiring the temporary migration attribute features with the migration risk loss smaller than the target risk loss from the temporary migration attribute features as key migration attribute features, and randomly assigning the key migration attribute features as random migration attribute features.
(2) And performing structural conversion on the random migration attribute characteristics and the temporary migration attribute characteristics with the migration risk loss not less than the target risk loss to obtain current migration attribute characteristics corresponding to each target fraud path information.
For example, in order to improve the reliability of performing the pairing of the big data of the abnormal business behavior based on the migration fraud path to be protected, random disturbance processing may be performed on the migration attribute characteristics of the target fraud path information of the core, so as to avoid the mispairing of the big data of the abnormal business behavior caused by the mispairing of the target fraud path information of the core. The artificial intelligence monitoring system 100 may obtain, from the temporary migration attribute features, a temporary migration attribute feature having a migration risk loss smaller than a target risk loss as a key migration attribute feature, where the key migration attribute feature represents a migration attribute feature corresponding to target fraud path information of the core. Then, the artificial intelligence monitoring system 100 may randomly assign the key migration attribute feature to a random migration attribute feature, that is, randomly initialize the key migration attribute feature value to generate a random migration attribute feature, where the feature migration risk loss of the random migration attribute feature is not limited. And finally, performing structured conversion on the random migration attribute characteristics and the temporary migration attribute characteristics with the migration risk loss not less than the target risk loss, and regularizing the migration boundary information of all the migration attribute characteristics to the unit characteristic migration risk loss to obtain the current migration attribute characteristics corresponding to each target fraudulent path information. Wherein, the target risk loss can be set according to actual needs.
It can be understood that each key migration attribute feature may also be randomly assigned as a random migration attribute feature of the unit feature migration risk loss, that is, the migration risk loss of the random migration attribute feature is the unit feature migration risk loss, but each vector value in different random migration attribute features may be different. Subsequently, the random migration attribute features can be directly subjected to structural transformation on the temporary migration attribute features with the migration risk loss not less than the target risk loss without structural transformation.
In an embodiment of the independent concept, the generating example of the fused fraud path feature comprises any one of the following ways: embedding the migration attribute characteristics corresponding to the same target fraud path information into the preset characteristic nodes in the corresponding fraud path characteristics to obtain corresponding fusion fraud path characteristics; and carrying out feature mapping on the migration attribute features and the fraud path features corresponding to the same target fraud path information to obtain corresponding fusion fraud path features.
For example, the step of fusing the migration attribute feature and the fraud path feature corresponding to the target fraud path information to generate the fused fraud path feature may be to embed the migration attribute feature corresponding to the target fraud path information into a preset feature node in the fraud path feature. Of course, the migration attribute feature and the fraud path feature corresponding to the target fraud path information are fused to generate a fused fraud path feature, or the migration attribute feature and the fraud path feature are subjected to feature mapping to obtain the fused fraud path feature.
In this embodiment, the migration attribute feature is embedded into the fraud path feature to obtain the fused fraud path feature, which can ensure the path dimension pairing of the fused fraud path feature and the fraud path feature, thereby ensuring the compatibility of the artificial intelligence monitoring system 100 for processing the big data of the abnormal business behavior. The migration attribute features and the fraud path features are spliced to obtain the fused fraud path features, the integrity of the fraud path features can be guaranteed, more features can be considered in the follow-up abnormal business behavior big data pairing based on the migration fraud path to be protected, and therefore the reliability of the abnormal business behavior big data pairing is improved.
In an embodiment of independent concept, the embodiment of the present application further provides an anti-fraud information processing method based on big data, including the following steps:
step S210, obtaining the first abnormal business behavior big data and the second abnormal business behavior big data, and generating a first to-be-protected migration fraud path corresponding to the first abnormal business behavior big data and a second to-be-protected migration fraud path corresponding to the second abnormal business behavior big data.
For example, the first abnormal business behavior big data and the second abnormal business behavior big data may be the abnormal business behavior big data issued by the same platform, or the abnormal business behavior big data uploaded by different artificial intelligence monitoring systems. The artificial intelligence monitoring system 100 may obtain the first abnormal business behavior big data and the second abnormal business behavior big data locally or from the cloud business service system 200 and other cloud business service systems 100, generate a first to-be-protected migration fraud path corresponding to the first abnormal business behavior big data and a second to-be-protected migration fraud path corresponding to the second abnormal business behavior big data, perform abnormal business behavior big data pairing of the first abnormal business behavior big data and the second abnormal business behavior big data based on the first to-be-protected migration fraud path and the second to-be-protected migration fraud path, and determine whether the first abnormal business behavior big data and the second abnormal business behavior big data are approximate abnormal business behavior big data.
The generation example of the migration fraud path to be protected comprises the following steps: determining candidate fraud event data from the current abnormal service behavior big data, extracting fraud path information from the candidate fraud event data and migration fraud event data corresponding to the candidate fraud event data respectively, generating fraud path characteristics corresponding to each fraud path information, obtaining an optimized fraud path characteristic group corresponding to the candidate fraud event data and a migration fraud path characteristic group corresponding to the migration fraud event data, wherein the optimized fraud path characteristic group comprises fraud path characteristics corresponding to each target fraud path information in the candidate fraud event data respectively, the migration fraud path characteristic group comprises fraud path characteristics corresponding to each migration fraud path information in the migration fraud event data respectively, and the target fraud path information and the migration fraud path information are paired based on the path characteristic engagement degree between the target fraud path information and the migration fraud path information, the method comprises the steps of generating migration attribute characteristics corresponding to target fraud path information based on migration linking degrees of the target fraud path information and the migration fraud path information which are successfully paired, fusing the migration attribute characteristics corresponding to the same target fraud path information with the fraud path characteristics to obtain fused fraud path characteristics, updating an optimized fraud path characteristic group based on the fused fraud path characteristics to obtain an optimized fraud path characteristic group, and obtaining a to-be-protected migration fraud path corresponding to current abnormal service behavior big data based on the optimized fraud path characteristic group corresponding to candidate fraud event data.
The current abnormal business behavior big data is first abnormal business behavior big data or second abnormal business behavior big data. If the current abnormal business behavior big data is first abnormal business behavior big data, the candidate fraud event data is first fraud event data, and the target fraud path information is first fraud path information. And if the current abnormal business behavior big data is second abnormal business behavior big data, the candidate fraud event data is second fraud event data, and the target fraud path information is second fraud path information.
It can be understood that, in the specific process of generating the to-be-protected migration fraud path, reference may be made to the big data fraud prevention-based information processing method described in each relevant embodiment of the foregoing to-be-protected migration fraud path generation example, and details are not described here again.
Step S220, determining data pairing information of the first abnormal business behavior big data and the second abnormal business behavior big data based on the pairing degree of the first to-be-protected migration fraud path and the second to-be-protected migration fraud path.
For example, the artificial intelligence monitoring system 100 may pair the first to-be-protected migration fraud path and the second to-be-protected migration fraud path, and determine the data pairing information of the first abnormal business behavior big data and the second abnormal business behavior big data based on the pairing degree of the first to-be-protected migration fraud path and the second to-be-protected migration fraud path. The data pairing information comprises abnormal business behavior big data approximation and abnormal business behavior big data non-approximation. In the abnormal business behavior big data display and abnormal business behavior big data reference scene, when the data matching information is that the abnormal business behavior big data is approximate, one of the first abnormal business behavior big data and the second abnormal business behavior big data is not repeatedly displayed to the user, and when the data matching information is that the abnormal business behavior big data is not approximate, the first abnormal business behavior big data and the second abnormal business behavior big data can be displayed to the user.
Based on the steps, the characteristics of the fraudulent path information can be used for representing part of fraudulent route information of the fraudulent event data, different fraudulent path information corresponds to different parts of fraudulent route information, the reliability of the information of the to-be-protected migration fraudulent path generated based on the characteristics of each fraudulent path information in each fraudulent event data is higher, and the reliability of the to-be-protected migration fraudulent path can be effectively improved. Furthermore, the characteristics of the fraudulent path information include not only the fraudulent event characteristics but also the migration information, the fraudulent path characteristics represent the fraudulent event characteristics, the migration attribute characteristics represent the migration information, the fraudulent event characteristics and the migration information are mapped by combining the fraudulent path characteristics, and accordingly, the migration fraudulent path to be protected includes not only the fraudulent event characteristics but also the migration information, so that the reliability of the migration fraudulent path to be protected can be further improved. Therefore, when the data pairing of the fraud event is carried out based on the migration fraud path to be protected, the reliability of the big data pairing of the abnormal business behavior can be effectively improved.
In an embodiment of an independent concept, the first to-be-protected migration fraud path includes a first optimized fraud path feature group corresponding to each first fraud event data, and the second to-be-protected migration fraud path includes a second optimized fraud path feature group corresponding to each second fraud event data. Step S220 includes:
and step S221, pairing each first optimized fraud path characteristic group with each second optimized fraud path characteristic group, and determining the fraud event data pairing information of each first fraud event data and each second fraud event data according to the pairing information.
Step S222, calculating the data overlapping rate of approximate fraud event for the successfully paired fraud event data combination quantity based on the fraud event data pairing information, and determining the data pairing information of the first abnormal business behavior big data and the second abnormal business behavior big data based on the data overlapping rate of the approximate fraud event.
The first to-be-protected migration fraud path comprises first optimized fraud path characteristic groups corresponding to the first fraud event data respectively, one first optimized fraud path characteristic group can represent a fraud path of the first fraud event data, and the fraud paths of the first fraud event data form the first to-be-protected migration fraud path. The first optimized fraud path feature group comprises target fraud path features corresponding to the first fraud path information in the first fraud event data. The second to-be-protected migration fraud path comprises a second optimized fraud path characteristic group corresponding to each second fraud event data, one second optimized fraud path characteristic group can represent a fraud path of the second fraud event data, and the fraud paths of each second fraud event data form the second to-be-protected migration fraud path. And the second optimized fraud path characteristic group comprises target fraud path characteristics corresponding to each second fraud path information in the second fraud event data.
For example, when matching the migration fraud path to be protected, the artificial intelligence monitoring system 100 may pair each first optimized fraud path feature group with each second optimized fraud path feature group, and determine, according to the pairing information, fraud event data pairing information of each first fraud event data and each second fraud event data. When a first optimized fraudulent path feature group and a second optimized fraudulent path feature group are paired, the artificial intelligence monitoring system 100 can calculate the optimized path feature engagement degree between each first fraudulent path information and each second fraudulent path information, determine the approximate first fraudulent path information and second fraudulent path information in the first fraudulent event data and the second fraudulent event data, and determine whether the first fraudulent event data and the second fraudulent event data are successfully paired according to the pairing fraudulent path information ratio. The fraud event data pairing information includes pairing success and pairing failure. When the fraudulent event data matching information of the first fraudulent event data and the second fraudulent event data is successful, the first fraudulent event data and the second fraudulent event data are approximate fraudulent event data, and a pair of fraudulent event data is formed. When the fraud data matching information of a first fraud data and a second fraud data is a matching failure, it indicates that the first fraud data and the second fraud data are not approximate fraud data. After determining the fraud event data matching information, the artificial intelligence monitoring system 100 may calculate an approximate fraud event data overlapping rate for the successfully matched fraud event data combination number based on the fraud event data matching information, and determine data matching information of the first abnormal business behavior big data and the second abnormal business behavior big data based on the approximate fraud event data overlapping rate. The approximate fraud event data overlapping rate is used for representing the proportion of the approximate fraud event data in the abnormal business behavior big data, when the approximate fraud event data overlapping rate is larger than the fraud event data overlapping rate threshold value, the data pairing information can be determined to be approximate to the abnormal business behavior big data, and when the approximate fraud event data overlapping rate is not larger than the fraud event data overlapping rate threshold value, the data pairing information can be determined to be not approximate to the abnormal business behavior big data. It can be understood that the matching degree of the first to-be-protected migration fraud path and the second to-be-protected migration fraud path includes matching information of each fraud event data and an approximate fraud event data overlapping rate.
In the embodiment, the approximate fraud event data between the first abnormal business behavior big data and the second abnormal business behavior big data is determined, the approximate fraud event data overlapping rate is calculated based on the approximate fraud event data combination quantity, and the data pairing information is determined based on the approximate fraud event data overlapping rate, so that accurate data pairing information can be obtained.
In an embodiment of the independent concept, the first optimized fraudulent path characteristic group includes a plurality of target fraudulent path characteristics corresponding to the first fraudulent path information, and the second optimized fraudulent path characteristic group includes a plurality of target fraudulent path characteristics corresponding to the second fraudulent path information. Step S221 includes:
(1) and determining a first target optimized rogue path feature group from each first optimized rogue path feature group, and determining a second target optimized rogue path feature group from each second optimized rogue path feature group.
(2) And in the first target optimized fraudulent path characteristic group and the second target optimized fraudulent path characteristic group, matching the first fraudulent path information and the second fraudulent path information based on the optimized path characteristic engagement degree between the first fraudulent path information and the second fraudulent path information.
(3) And calculating a matching fraud path information proportion based on the successful matching fraud path information combination quantity, and determining fraud event data matching information of first fraud event data corresponding to the first target optimization fraud path characteristic group and second fraud event data corresponding to the second target optimization fraud path characteristic group based on the matching fraud path information proportion.
For example, the artificial intelligence monitoring system 100 can arbitrarily select one first optimized rogue path feature group from the respective first optimized rogue path feature groups as the first target optimized rogue path feature group, and arbitrarily select one second optimized rogue path feature group from the respective second optimized rogue path feature groups as the second target optimized rogue path feature group. And in the first target optimized fraudulent path characteristic group and the second target optimized fraudulent path characteristic group, matching the first fraudulent path information and the second fraudulent path information based on the optimized path characteristic engagement degree between the first fraudulent path information and the second fraudulent path information. When the optimized path characteristic engagement degree between a first fraudulent path information and a second fraudulent path information is greater than the target engagement degree, it can be determined that the first fraudulent path information and the second fraudulent path information are a pair of approximate fraudulent path information, and the first fraudulent path information and the second fraudulent path information are successfully paired. And calculating a matching fraud path information proportion based on the successful matching fraud path information combination quantity, and determining fraud event data matching information of first fraud event data corresponding to the first target optimization fraud path characteristic group and second fraud event data corresponding to the second target optimization fraud path characteristic group based on the matching fraud path information proportion. The matching fraud path information proportion is used for representing the proportion of approximate fraud path information in fraud event data, when the matching fraud path information proportion is larger than a fraud path information proportion threshold value, the matching fraud event data can be determined to be successful in matching, the two fraud event data are approximate fraud event data, when the matching fraud path information proportion is not larger than the fraud path information proportion threshold value, the matching fraud event data can be determined to be failed in matching, and the two fraud event data are not approximate fraud event data. That is, the artificial intelligence monitoring system 100 can calculate the optimized path feature engagement degree between the fraudulent path information in any two fraudulent event data, so as to find the approximate fraudulent path information statistic between the two fraudulent event data, and further determine whether the two fraudulent event data are approximate fraudulent event data.
In the embodiment, approximate fraudulent path information between two fraudulent event data is determined, the proportion of the paired fraudulent path information is calculated based on the combined number of the approximate fraudulent path information, and the pairing information of the fraudulent event data is determined based on the approximate key proportion, so that accurate pairing information of the fraudulent event data can be obtained.
In an embodiment of independent concept, in a first target optimized rogue path feature group and a second target optimized rogue path feature group, matching first rogue path information and second rogue path information based on an optimized path feature engagement degree between the first rogue path information and the second rogue path information includes: and when the optimized path characteristic engagement degree is greater than the target engagement degree, determining that the corresponding first cheating path information and the corresponding second cheating path information are successfully paired.
For example, when pairing the fraudulent path information, when the optimized path characteristic engagement degree between a first fraudulent path information and a second fraudulent path information is greater than the target engagement degree, it may be determined that the pairing of the first fraudulent path information and the second fraudulent path information is successful. Wherein, the target engagement degree can be set according to actual needs.
In this embodiment, when matching the fraudulent path information between different abnormal business behavior big data, only the optimized path characteristic engagement degree between the fraudulent path information is considered, and the migration engagement degree between the fraudulent path information is not considered. In this way, the mutually paired fraudulent path information can be found out in the updated fraudulent event data.
In an embodiment of independent concepts, calculating a matching fraud path information ratio based on a successful matching fraud path information combination number, and determining fraud event data matching information of first fraud event data corresponding to a first target optimized fraud path feature group and second fraud event data corresponding to a second target optimized fraud path feature group based on the matching fraud path information ratio, the method includes:
(1) and determining a first fraud path information statistic based on the number of target fraud path features in the first target optimized fraud path feature community, and determining a second fraud path information statistic based on the number of target fraud path features in the second target optimized fraud path feature community.
(2) And taking the fraud path information statistic with the smaller number in the first fraud path information statistic and the second fraud path information statistic as the migration fraud path information statistic.
(3) And determining approximate fraud path information statistic based on the successfully paired fraud path information combination quantity, and obtaining the paired fraud path information ratio based on the approximate fraud path information statistic and the migration fraud path information statistic.
(4) And when the matching fraud path information ratio is greater than a preset ratio threshold, determining that the corresponding fraud event data matching information of the first fraud event data and the second fraud event data is successful in matching.
For example, in order to calculate the pairing fraud path information ratio, it is necessary to determine the approximate fraud path information statistic and the migration fraud path information statistic, so that the pairing fraud path information ratio is calculated based on the ratio of the approximate fraud path information statistic and the migration fraud path information statistic. Because a target rogue path feature in an optimized rogue path feature community corresponds to a target rogue path information, artificial intelligence monitoring system 100 may determine a first rogue path information statistic based on a number of target rogue path features in a first target optimized rogue path feature community and a second rogue path information statistic based on a number of target rogue path features in a second target optimized rogue path feature community. The artificial intelligence monitoring system 100 can determine the approximate fraud path information statistic based on the number of successful pairing fraud path information combinations, for example, when the number of successful pairing fraud path information combinations is 6 pairs, the approximate fraud path information statistic is 6. Then, the artificial intelligence monitoring system 100 may use, as the migration fraud path information statistic, a fraud path information statistic with a smaller number of the first fraud path information statistic and the second fraud path information statistic, and use a ratio of the approximate fraud path information statistic and the migration fraud path information statistic as a pairing fraud path information ratio. Further, when the ratio of the paired fraudulent conduct information is greater than the preset ratio threshold, it may be determined that the fraudulent conduct data pairing information of the corresponding first fraudulent conduct data and the second fraudulent conduct data is successful in pairing. When the matching fraud path information proportion is not greater than the preset proportion threshold, the fraud event data matching information of the corresponding first fraud event data and the second fraud event data can be determined to be matching failure. The preset proportion threshold value can be set according to actual needs.
For example, assuming that the preset proportion threshold is 80%, the first fraud event data includes 8 fraud path information, the second fraud event data includes 10 fraud path information, and the number of approximate fraud path information combinations between the first fraud event data and the second fraud event data is 7. Then, the approximate fraudulent path information statistic between the first fraudulent event data and the second fraudulent event data is 7, the migration fraudulent path information statistic is 8, and the pairing fraudulent path information ratio is 87.5% >80%, so that it can be determined that the first fraudulent event data and the second fraudulent event data are approximate fraudulent event data, and the fraudulent event data pairing information is successful.
In this embodiment, the fraud path information statistic with a smaller number of the first fraud path information statistic and the second fraud path information statistic is used as the migration fraud path information statistic, and an accurate pairing fraud path information ratio can be obtained based on the approximate fraud path information statistic and the migration fraud path information statistic. Thus, even if one fraud data is a simple extension of another fraud data, it can be determined that the two fraud data comprise the same content and are similar fraud data.
In an embodiment of the independent concept, the step S222 comprises:
(1) and acquiring first fraud event data statistics corresponding to the first abnormal business behavior big data and acquiring second fraud event data statistics corresponding to the second abnormal business behavior big data.
(2) The lesser number of the first and second fraud data statistics is used as the migration fraud data statistic.
(3) And determining approximate fraud event data statistics for the successfully paired fraud event data combination quantity based on the fraud event data pairing information, and obtaining the approximate fraud event data overlap rate based on the approximate fraud event data statistics and the migration fraud event data statistics.
(4) And when the data overlapping rate of the approximate fraud event is greater than the target overlapping rate, determining that the data pairing information is approximate to the big data of the abnormal business behavior.
(5) And when the data overlapping rate of the approximate fraud event is not greater than the target overlapping rate, determining that the data pairing information is abnormal business behavior big data and is not approximate.
For example, to calculate the approximate fraud data overlap rate, the approximate fraud data statistics and the migration fraud data statistics need to be determined such that the approximate fraud data overlap rate is calculated based on a ratio of the approximate fraud data statistics and the migration fraud data statistics. The artificial intelligence monitoring system 100 can determine approximate fraud event data statistics for the number of successfully paired fraud event data combinations based on the fraud event data pairing information, e.g., the approximate fraud event data statistics is 10 when the number of successfully paired fraud event data combinations is 10 pairs. The artificial intelligence monitoring system 100 may obtain a first fraud event data statistic corresponding to the first abnormal business behavior big data, obtain a second fraud event data statistic corresponding to the second abnormal business behavior big data, and use a fraud event data statistic with a smaller number of the first fraud event data statistic and the second fraud event data statistic as a migration fraud event data statistic. Thus, the artificial intelligence monitoring system 100 can use the ratio of the approximate fraud data statistic and the migration fraud data statistic as the approximate fraud data overlap rate. When the overlap rate of the approximate fraud event data is greater than the target overlap rate, it can be determined that the data pairing information of the first abnormal business behavior big data and the second abnormal business behavior big data is approximate to the abnormal business behavior big data. When the approximate fraud event data overlapping rate is not greater than the target overlapping rate, it may be determined that the data pairing information of the first abnormal business behavior big data and the second abnormal business behavior big data is not approximate to the abnormal business behavior big data. The target overlapping rate can be set according to actual needs.
For example, assuming that the target overlap ratio is 80%, the first abnormal traffic behavior big data includes 50 pieces of first fraud event data, the second abnormal traffic behavior big data includes 100 pieces of second fraud event data, and the number of approximate fraud event data combinations between the first abnormal traffic behavior big data and the second abnormal traffic behavior big data is 42. Then, the approximate fraud event data statistic between the first abnormal business behavior big data and the second abnormal business behavior big data is 42, the migration fraud path information statistic is 50, and the pairing fraud path information ratio is 84% >80%, so that it can be determined that the first abnormal business behavior big data and the second abnormal business behavior big data are approximate abnormal business behavior big data, and the data pairing information is that the abnormal business behavior big data are approximate.
In this embodiment, the fraud event data statistic with a smaller number of the first fraud event data statistic and the second fraud event data statistic is used as the migration fraud event data statistic, and the approximate fraud event data overlap rate is obtained based on the approximate fraud event data statistic and the migration fraud event data statistic. Therefore, even if one abnormal business behavior big data is simply expanded to another abnormal business behavior big data, the two abnormal business behavior big data can be determined to comprise the same content and be approximate abnormal business behavior big data.
In an embodiment of the independent concept, the method further comprises: when the data pairing information is similar to the abnormal business behavior big data, the second abnormal business behavior big data is forbidden to be displayed to the related user object cloud business service system 200 corresponding to the first abnormal business behavior big data, and the first abnormal business behavior big data is forbidden to be displayed to the related user object cloud business service system 200 corresponding to the second abnormal business behavior big data.
For example, when the data pairing information is that the abnormal business behavior big data is approximate, it indicates that the first abnormal business behavior big data and the second abnormal business behavior big data are approximate abnormal business behavior big data. Then, the artificial intelligence monitoring system 100 may prohibit displaying the second abnormal business behavior big data to the relevant user object cloud business service system 200 corresponding to the first abnormal business behavior big data, and prohibit displaying the first abnormal business behavior big data to the relevant user object cloud business service system 200 corresponding to the second abnormal business behavior big data, thereby avoiding repeatedly displaying the abnormal business behavior big data to the same user.
In an embodiment of independent concept, on the basis of the foregoing embodiment, the present application further provides an optimal configuration method based on big data and fraud interception, and the method may include the following steps.
Step a110, determining a corresponding first fraud protection evaluation value based on a plurality of fraud interception events of each simulated fraud path behavior in a first simulated fraud path behavior cluster generated after configuring each fraud protection rule correspondingly added to a to-be-protected migration fraud path corresponding to the target abnormal service behavior big data, and selecting a preset number of a plurality of simulated fraud path behaviors from the arrangement information of the first fraud protection evaluation value to form a second simulated fraud path behavior cluster.
Step a120, performing feature extraction on the multiple fraud interception events of each simulated fraud path behavior in the second simulated fraud path behavior cluster to obtain multiple fraud interception calling features corresponding to each simulated fraud path behavior.
Step a130, determining a corresponding second fraud protection evaluation value based on a plurality of fraud interception invocation features of each simulated fraudulent path behavior in the second simulated fraudulent path behavior cluster.
Step a140, based on the ranking information of the second fraud protection evaluation value of each simulated fraudulent path behavior in the second simulated fraudulent path behavior cluster, respectively executing instruction optimization configuration of the fraud protection instruction of each simulated fraudulent path behavior.
The simulated fraudulent path behavior may refer to a fraudulent path behavior which is paired with each configuration of the to-be-protected migration fraudulent path and is targeted for each added fraud protection rule, and the fraudulent interception event may be used to characterize a recording event condition when the fraudulent interception is generated. The fraud protection rating value may be used to indicate the effectiveness of the interception protection in generating fraud interception events. The fraud interception call feature may be used to represent a fraud interception call field at the time of the generation of the fraud interception event.
In this embodiment, in step a140, instruction optimization configuration of the fraud protection instruction for each simulated fraudulent path behavior may be respectively executed based on the ranking information of the second fraud protection evaluation value of each simulated fraudulent path behavior in the second simulated fraudulent path behavior cluster, so that the hierarchy of the fraud protection instruction for each simulated fraudulent path behavior may be sequentially configured according to the priority numerical order of the second fraud protection evaluation values, and therefore, in the subsequent fraud processing, interception processing may be performed on a simulated fraudulent path behavior with a higher fraud protection evaluation value, so that the pertinence and the precision of the fraud protection instruction may be ensured.
Based on the above steps, in this embodiment, the fraud interception event is used for determining the first fraud protection evaluation value, and the fraud interception call feature with the same feature is synchronously called when the second fraud protection evaluation value is determined, so that the data processing amount is reduced, the optimization efficiency can be improved by a multi-stage fraud protection evaluation value determination method, and further determining the second fraud protection evaluation value based on the fraud interception call feature can further improve the reliability of determining the fraud protection evaluation value and reduce the configuration difficulty of the fraud protection instruction, so that the simulated fraud path behavior can be screened based on the first fraud protection evaluation value and the second fraud protection evaluation value, and the reliability of the fraud protection instruction is ensured by performing fraud protection instruction optimization configuration.
In an embodiment of the independent concept, for step a110, the first simulated fraudulent path behavior cluster is obtained by:
and a substep A111, obtaining simulated fraud process data of each simulated fraud node of simulated fraud application service generated by simulating the migration fraud path to be protected corresponding to the target abnormal business behavior big data after configuring each fraud protection rule added correspondingly.
And a substep A112, determining each simulated cheating routing object corresponding to the simulated cheating application service according to the simulated cheating process data of each simulated cheating node, and respectively determining a target simulated cheating routing object with synchronous cheating behavior with the current simulated cheating routing object from the simulated cheating process data of the rest simulated cheating nodes for each simulated cheating routing object.
In the substep a113, a fraud relationship vector search is performed on the current simulated fraud routing object, and a fraud relationship vector search is performed on the target simulated fraud routing object, so as to obtain a first search fraud relationship vector of the current simulated fraud routing object and a second search fraud relationship vector of the target simulated fraud routing object, respectively.
And a substep A114, generating a fraud relationship synchronization vector of each current simulated fraud routing object and the corresponding target simulated fraud routing object according to the first searching fraud relationship vector and the second searching fraud relationship vector.
And a substep A115, analyzing each current simulated fraudulent route object and the corresponding target simulated fraudulent route object respectively according to the fraudulent relation synchronization vector, performing time sequence splicing on the simulated and generated fraudulent route object clusters to obtain a plurality of combined fraudulent route object clusters, and generating and applying a fraudulent route knowledge network for generating simulated fraudulent application service for each combined fraudulent route object cluster based on the knowledge network generation application.
And a substep a116, obtaining a corresponding simulated fraudulent path behavior according to the fraudulent path combination information corresponding to the fraudulent routing knowledge network, and using the simulated fraudulent path behavior as a first simulated fraudulent path behavior cluster.
In this embodiment, the simulated fraud application service may be an application service corresponding to a simulated fraud plan preset in the migration fraud path to be protected 200 corresponding to the target abnormal business behavior big data, and the simulated fraud mode may be adaptively selected. Each simulated fraud node may characterize a different flow node for the simulated fraud process.
In this embodiment, the simulated fraudulent route object may be understood as a route object that simulates a simulated fraudulent path generated in a fraudulent process.
In this embodiment, the first fraud search relationship vector and the second fraud search relationship vector respectively include relationship description information of fraud map relationships corresponding to the first fraud search relationship vector and the second fraud search relationship vector.
By means of the design, each simulated cheating route object of each simulated cheating node and the target simulated cheating route object with synchronous cheating behavior with the current simulated cheating route object are determined, so that after a cheating relationship vector is searched based on the incidence relation between the simulated cheating route object and the target simulated cheating route object, the application is generated through the knowledge network for analysis, the judgment reliability of the simulated cheating path behavior of the simulated cheating application service on the cheating map relation in the simulated cheating mode can be improved, and the reliability of the simulated cheating path behavior identification is improved.
In an embodiment of the independent concept, still with respect to step a110, each fraud interception event that simulates the behavior of a fraud path may be obtained by the following detailed implementation:
and a substep a117, for each simulated fraudulent path behavior in the first simulated fraudulent path behavior cluster, querying a fraudulent interception event related to a fraudulent flow for simulating the fraudulent path behavior from a fraudulent interception event data block of the fraudulent interception execution network.
Wherein the fraud interception execution network may be configured to determine the first fraud protection rating value based on the fraud interception event. For example, a large number of samples of the fraud interception event and the corresponding fraud protection evaluation value may be collected in advance to perform artificial intelligence training, so that a fraud interception execution network may be obtained, and the obtained fraud interception execution network may have a capability of predicting the fraud protection evaluation value.
And a substep A118, when the fraud flow simulating the fraud path behavior is a fraud flow corresponding to the fraud interception execution network and the fraud flow is not queried in the fraud interception event data group of the fraud interception execution network, converting the fraud flow log data of the fraud flow into a fraud flow structural feature, and performing key feature analysis on the fraud flow structural feature to obtain a key structural feature.
And a substep A119, performing feature analysis on the attribute information of the fraudulent flow to obtain attribute features of the fraudulent flow, fusing the attribute features of the fraudulent flow and the key structural features, and tracing the event track of the mapping track features to obtain a fraudulent interception event simulating the behavior of a fraudulent path.
As a possible example, for step a115, in the process of generating a rogue routing knowledge network simulating a rogue application service for each combined rogue routing object cluster based on the knowledge network generation application, the following exemplary sub-steps may be implemented, which are described in detail below.
And a substep A1151, extracting the combined fraud characteristics of each combined fraud routing object cluster based on the knowledge network generation application, inputting the combined fraud characteristics of the combined fraud routing object cluster into a prediction network for prediction, and outputting an evaluation metric value of the combined fraud characteristics of the combined fraud routing object cluster in each fraud path combined information.
And a substep A1152, obtaining a fraud routing knowledge network simulating fraud application service according to the evaluation metric value of the combined fraud characteristics of the combined fraud routing object cluster in each fraud path combined information.
For example, if the evaluation metric value of the combined fraud feature of the combined fraud routing object cluster in a certain fraud path combination information a is greater than the set evaluation metric value, it indicates that the fraud routing knowledge network is the fraud path combination information a, so as to facilitate the selection of the subsequent fraud protection instruction. For example, fraud protection instructions corresponding to different fraud path combination information may be selected.
Optionally, the knowledge network generation application may be obtained by training a sample data set configured in advance and sample fraud path combination information corresponding to each sample data in the sample data set based on an artificial intelligence model, where the sample data is a sample fraud routing object cluster.
For example, in an embodiment of an independent concept, for step a120, when the fraud interception event is a single interception event, the fraud response coefficients respectively corresponding to a plurality of fraud interception events and the corresponding fraud interception events may be fused and calculated to obtain a plurality of fraud interception invocation features corresponding to each simulated fraud path behavior.
For another example, in another possible case, when the fraud interception event is a composite interception event, the fraud reaction coefficients respectively corresponding to the multiple fraud interception events and the multiple interception event features of the corresponding fraud interception events are subjected to fusion calculation, and the fusion calculation results are integrated to obtain multiple fraud interception invocation features corresponding to each simulated fraud path behavior.
In another independently contemplated embodiment, for step a120, a reference interception event of the simulated fraudulent path behavior may be obtained for each simulated fraudulent path behavior in the second cluster of simulated fraudulent path behaviors, and the reference interception event is associated with each generated candidate interception event.
For example, when the fraud interception event and the reference interception event are single interception events, the fraud reaction coefficients respectively corresponding to the multiple reference interception events and the corresponding reference interception events are subjected to fusion calculation to obtain multiple fraud interception calling features corresponding to each simulated fraud path behavior. On the basis, the fraud reaction coefficients respectively corresponding to the plurality of fraud interception events and the corresponding fraud interception events can be subjected to fusion calculation to obtain a plurality of fraud interception calling characteristics corresponding to each simulated fraud path behavior.
For another example, in another embodiment of an independent concept, when the fraud interception event and the reference interception event are composite interception events, performing fusion calculation on the fraud reaction coefficients respectively corresponding to the plurality of reference interception events and the plurality of interception event features of the corresponding reference interception events, integrating the obtained fusion calculation results of the plurality of interception event features corresponding to the reference interception events to obtain a plurality of fraud interception call features corresponding to each simulated fraud path behavior, performing fusion calculation on the fraud reaction coefficients respectively corresponding to the plurality of fraud interception events and the plurality of interception event features of the corresponding fraud interception events, and integrating the obtained fusion calculation results of the plurality of interception event features corresponding to the fraud interception events to obtain a plurality of fraud call features corresponding to each simulated fraud path behavior.
For example, in an independently contemplated embodiment, step a130 may be implemented by the following exemplary sub-steps, which are described in detail below.
The substep a131 determines a corresponding third fraud protection evaluation value based on a plurality of fraud interception calling features of each simulated fraud path behavior in the second simulated fraud path behavior cluster and an association relationship between the plurality of fraud interception calling features.
And a substep A132, fusing a plurality of fraud interception calling characteristics for simulating the fraud path behaviors, and fusing the mapping track characteristics and knowledge point information of the knowledge network to obtain knowledge point vectors corresponding to the simulated fraud path behaviors.
The substep a133, mapping the knowledge point vector from the knowledge point vector space to the fraud protection evaluation value space, to obtain a fourth fraud protection evaluation value corresponding to the simulated fraud path behavior.
In the substep a134, the third fraud protection evaluation value and the fourth fraud protection evaluation value of each simulated fraudulent path behavior in the second simulated fraudulent path behavior cluster are integrated and calculated to obtain a corresponding second fraud protection evaluation value.
For example, the sub-step a131 is realized by the following steps.
(1) Performing the following for each simulated fraudulent path behaviour in the second cluster of simulated fraudulent path behaviours:
(2) combining a plurality of fraud interception calling features simulating fraud path behaviors according to at least one of the following modes to obtain corresponding target calling features:
1) and performing fusion calculation on the fraud interception calling features corresponding to at least two fraud interception events, and taking the fusion calculation result as the corresponding target calling feature.
2) And performing fusion calculation on the fraud interception calling feature corresponding to the at least one fraud interception event and the fraud interception calling feature corresponding to the at least one reference interception event, and taking the fusion calculation result as the corresponding target calling feature.
3) And performing fusion calculation on the fraud interception calling features respectively corresponding to the at least two reference interception events, and taking the obtained fusion calculation result as the corresponding target calling features, wherein the fraud interception calling features used in each combination are partially or completely different, so as to form a plurality of target calling features for simulating the behavior of a fraud path.
4) And integrating the plurality of fraud interception events and the plurality of reference interception events by taking preset coefficients corresponding to the plurality of fraud interception events and the plurality of reference interception events as integration coefficients to obtain second integrated calculation information.
5) And taking the first integrated calculation information as a third fraud protection evaluation value simulating the fraudulent path behaviors, or integrating the sum of the first integrated calculation information and the second integrated calculation information, and taking the integration result as the third fraud protection evaluation value simulating the fraudulent path behaviors.
Therefore, a series of integration is carried out by combining the reference interception events so as to consider the conditions of different dimensions, and therefore the judgment accuracy of the third fraud protection evaluation value can be improved.
Fig. 3 is a schematic diagram illustrating a hardware structure of an artificial intelligence monitoring system 100 for implementing the big data fraud prevention-based information processing method according to an embodiment of the present application, and as shown in fig. 3, the artificial intelligence monitoring system 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a communication unit 140.
In a specific implementation process, at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120, so that the processor 110 may execute the big data fraud prevention-based information processing method according to the above method embodiment, the processor 110, the machine-readable storage medium 120, and the communication unit 140 are connected through the bus 130, and the processor 110 may be configured to control a transceiving action of the communication unit 140, so as to perform data transceiving with the cloud service system 200.
For a specific implementation process of the processor 110, reference may be made to the above-mentioned various method embodiments executed by the artificial intelligence monitoring system 100, which implement principles and technical effects similar to each other, and this embodiment is not described herein again.
In addition, an embodiment of the present application further provides a readable storage medium, where a computer execution instruction is preset in the readable storage medium, and when a processor executes the computer execution instruction, the above anti-fraud information processing method based on big data is implemented.
Finally, it should be understood that the examples in this specification are only intended to illustrate the principles of the examples in this specification. Other variations are also possible within the scope of this description. Accordingly, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be seen as matching the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims (10)

1. An information processing method for preventing fraud based on big data is characterized in that the method is applied to an artificial intelligence monitoring system, the artificial intelligence monitoring system is in communication connection with a plurality of cloud service systems, and the method comprises the following steps:
acquiring target abnormal business behavior big data of the artificial intelligence monitoring system, determining candidate fraud event data from the target abnormal business behavior big data, extracting fraud path information from the candidate fraud event data and migration fraud event data corresponding to the candidate fraud event data respectively, generating fraud path characteristics corresponding to each fraud path information, and obtaining an optimized fraud path characteristic group corresponding to the candidate fraud event data and a migration fraud path characteristic group corresponding to the migration fraud event data; the optimized fraud path feature group comprises fraud path features corresponding to target fraud path information in candidate fraud event data respectively, and the migration fraud path feature group comprises fraud path features corresponding to migration fraud path information in migration fraud event data respectively;
matching the target fraudulent path information and the migration fraudulent path information based on the path characteristic linking degree between the target fraudulent path information and the migration fraudulent path information, and generating a migration attribute characteristic corresponding to the target fraudulent path information based on the successfully matched target fraudulent path information and the migration linking degree of the migration fraudulent path information;
fusing the migration attribute characteristics and the fraud path characteristics corresponding to the same target fraud path information to obtain corresponding fused fraud path characteristics, and updating the optimized fraud path characteristic group based on the fused fraud path characteristics to obtain an optimized fraud path characteristic group;
and obtaining a to-be-protected migration fraud path corresponding to the target abnormal business behavior big data based on the optimized fraud path characteristic group corresponding to the candidate fraud event data so as to perform protection configuration on the to-be-protected migration fraud path.
2. The big data fraud prevention-based information processing method according to claim 1, wherein the pairing of the target fraudulent path information and the migration fraudulent path information based on the path feature engagement degree between the target fraudulent path information and the migration fraudulent path information comprises:
calculating the path characteristic connection degrees between the fraud path characteristics corresponding to the current target fraud path information and the fraud path characteristics corresponding to each migration fraud path information respectively to obtain a plurality of path characteristic connection degrees corresponding to the current target fraud path information;
and when the maximum path characteristic engagement degree is smaller than the target engagement degree, taking the migration fraud path information corresponding to the maximum path characteristic engagement degree as the migration fraud path information matched with the current target fraud path information.
3. The big data fraud prevention-based information processing method according to claim 2, wherein the taking the migration fraud path information corresponding to the maximum path feature engagement degree as the migration fraud path information paired with the current target fraud path information includes:
and when the migration fraud path information corresponding to the maximum path characteristic connection degree and the migration connection degree of the current target fraud path information are greater than the target connection degree, taking the migration fraud path information corresponding to the maximum path characteristic connection degree as the migration fraud path information matched with the current target fraud path information.
4. The big-data-based anti-fraud information processing method according to claim 1, wherein the migration fraud event data corresponding to the candidate fraud event data includes at least one of forward fraud event data and backward fraud event data corresponding to the candidate fraud event data, the migration fraud path information corresponding to the forward fraud event data is forward fraud path information, the migration fraud path information corresponding to the backward fraud event data is backward fraud path information, and the migration attribute feature includes at least one of a forward migration attribute feature and a backward migration attribute feature;
the generating of the migration attribute characteristics corresponding to the target fraudulent path information based on the successfully paired target fraudulent path information and the migration engagement degree of the migration fraudulent path information includes:
when the successfully paired migration fraud path information is forward fraud path information of the target fraud path information, generating forward migration attribute characteristics corresponding to the target fraud path information based on the successfully paired target fraud path information and the migration engagement degree of the migration fraud path information;
and when the successfully paired migration fraud path information is backward fraud path information of the target fraud path information, generating backward migration attribute characteristics corresponding to the target fraud path information based on the successfully paired target fraud path information and the migration engagement degree of the migration fraud path information.
5. The big-data-based anti-fraud information processing method according to claim 4, wherein the current migration attribute feature is a forward migration attribute feature or a backward migration attribute feature, and the current migration attribute feature corresponding to the target fraudulent path information is generated based on the target fraudulent path information successfully paired and the migration connectivity of the migration fraudulent path information, including:
generating initial migration attribute characteristics corresponding to each target fraudulent path information based on the successfully paired target fraudulent path information and the migration linking degree of the migration fraudulent path information; the initial migration attribute feature has a migration behavior tag;
clustering initial migration attribute characteristics corresponding to the same migration behavior tag to obtain clustering members corresponding to each migration behavior tag;
counting the characteristic quantity of the initial migration attribute characteristics in the same clustering member to obtain the target characteristic quantity corresponding to each clustering member;
taking the migration behavior label corresponding to the clustering member with the maximum target characteristic quantity as a target migration behavior label;
and adaptively updating each initial migration attribute characteristic based on the target migration behavior label to obtain the current migration attribute characteristic corresponding to each target fraud path information.
6. The big-data-based anti-fraud information processing method according to claim 5, wherein the adaptively updating each initial migration attribute feature based on the target migration behavior tag to obtain a current migration attribute feature corresponding to each target fraud path information includes:
adaptively updating each initial migration attribute characteristic based on the target migration behavior tag to obtain a temporary migration attribute characteristic corresponding to each target fraud path information;
performing structural conversion on each temporary migration attribute feature to obtain a current migration attribute feature corresponding to each target fraud path information;
the performing structural conversion on each temporary migration attribute feature to obtain a current migration attribute feature corresponding to each target fraudulent path information includes:
acquiring temporary migration attribute characteristics with migration risk loss smaller than target risk loss from each temporary migration attribute characteristic as key migration attribute characteristics, and randomly assigning the key migration attribute characteristics as random migration attribute characteristics;
and carrying out structural conversion on the random migration attribute characteristics and the temporary migration attribute characteristics with the migration risk loss not less than the target risk loss to obtain the current migration attribute characteristics corresponding to each target fraud path information.
7. The big data fraud prevention-based information processing method according to any one of claims 1-6, wherein the method further comprises:
determining a corresponding first fraud protection evaluation value based on a plurality of fraud interception events of each simulated fraud path behavior in a first simulated fraud path behavior cluster generated after each fraud protection rule is configured on the migration fraud path to be protected corresponding to the target abnormal service behavior big data, and selecting a plurality of simulated fraud path behaviors in a preset number from the arrangement information of the first fraud protection evaluation value to form a second simulated fraud path behavior cluster;
extracting features of a plurality of fraud interception events of each simulated fraud path behavior in the second simulated fraud path behavior cluster to obtain a plurality of fraud interception calling features corresponding to each simulated fraud path behavior;
determining a corresponding second fraud protection evaluation value based on a plurality of fraud interception calling characteristics of each simulated fraud path behavior in the second simulated fraud path behavior cluster;
and respectively executing instruction optimization configuration of the fraud protection instruction of each simulated fraud path behavior based on the arrangement information of the second fraud protection evaluation value of each simulated fraud path behavior in the second simulated fraud path behavior cluster.
8. The big-data fraud prevention-based information processing method according to claim 7, wherein each fraud interception event that simulates the behavior of a fraud path is obtained by:
for each simulated fraudulent path behavior in the first simulated fraudulent path behavior cluster, querying a fraudulent interception event related to a fraudulent flow of the simulated fraudulent path behavior from a corresponding fraudulent interception event data group of a fraudulent interception execution network; wherein the fraud interception execution network is configured to determine the first fraud protection evaluation value based on the fraud interception event;
when the fraud flow simulating the fraud path behavior is a fraud flow corresponding to the fraud interception execution network and the fraud flow is not inquired from a fraud interception event data group of the fraud interception execution network, converting fraud flow log data of the fraud flow into fraud flow structural features, and performing key feature analysis on the fraud flow structural features to obtain key structural features;
and performing feature analysis on the attribute information of the fraudulent flow to obtain attribute features of the fraudulent flow, fusing the attribute features of the fraudulent flow and the key structural features, and tracing the event track of the mapping track features to obtain the fraudulent interception event simulating the behavior of the fraudulent path.
9. The big-data fraud prevention-based information processing method according to claim 1, wherein the first simulated fraudulent path behavior cluster is obtained by:
obtaining simulated fraud process data of each simulated fraud node of simulated fraud application service generated by simulating the migration fraud path to be protected corresponding to the target abnormal business behavior big data after configuring each fraud protection rule added correspondingly;
determining each simulated cheating routing object corresponding to the simulated cheating application service according to the simulated cheating process data of each simulated cheating node, and respectively determining a target simulated cheating routing object with synchronous cheating behavior with the current simulated cheating routing object from the rest simulated cheating process data of the simulated cheating nodes for each simulated cheating routing object;
carrying out fraud relationship vector search on the current simulated fraud routing object, and carrying out fraud relationship vector search on the target simulated fraud routing object to respectively obtain a first search fraud relationship vector of the current simulated fraud routing object and a second search fraud relationship vector of the target simulated fraud routing object, wherein the first search fraud relationship vector and the second search fraud relationship vector respectively comprise relationship description information of respective corresponding fraud map relationship;
generating a fraud relation synchronization vector of each current simulated fraud routing object and the corresponding target simulated fraud routing object according to the first searching fraud relation vector and the second searching fraud relation vector;
analyzing each current simulated fraudulent route object and the corresponding target simulated fraudulent route object according to the fraud relation synchronization vector, performing time sequence splicing on the simulated and generated fraudulent route object clusters to obtain a plurality of combined fraudulent route object clusters, and generating application on each combined fraudulent route object cluster based on a knowledge network to generate a fraudulent route knowledge network of the simulated fraudulent application service;
and acquiring corresponding simulated fraudulent path behaviors according to the fraudulent path combination information corresponding to the fraudulent routing knowledge network, and using the simulated fraudulent path behaviors as the first simulated fraudulent path behavior cluster.
10. An artificial intelligence monitoring system, comprising a processor and a machine-readable storage medium, wherein the machine-readable storage medium is used for storing computer instructions, and the processor is used for executing the computer instructions in the machine-readable storage medium to execute the big data anti-fraud information processing method according to any one of claims 1-9.
CN202110855284.2A 2021-07-28 2021-07-28 Big data fraud prevention based information processing method and artificial intelligence monitoring system Withdrawn CN113421105A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110855284.2A CN113421105A (en) 2021-07-28 2021-07-28 Big data fraud prevention based information processing method and artificial intelligence monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110855284.2A CN113421105A (en) 2021-07-28 2021-07-28 Big data fraud prevention based information processing method and artificial intelligence monitoring system

Publications (1)

Publication Number Publication Date
CN113421105A true CN113421105A (en) 2021-09-21

Family

ID=77718425

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110855284.2A Withdrawn CN113421105A (en) 2021-07-28 2021-07-28 Big data fraud prevention based information processing method and artificial intelligence monitoring system

Country Status (1)

Country Link
CN (1) CN113421105A (en)

Similar Documents

Publication Publication Date Title
CN110147387B (en) Root cause analysis method, root cause analysis device, root cause analysis equipment and storage medium
US10282542B2 (en) Information processing apparatus, information processing method, and computer readable medium
CN113360349A (en) Information optimization method based on big data and cloud service and artificial intelligence monitoring system
US11055210B2 (en) Software test equipment and software testing method
CN111669281B (en) Alarm analysis method, device, equipment and storage medium
WO2017007727A1 (en) Parallelized network traffic flow availability simulation using stochastic process and traffic engineering algorithms
CN110689084B (en) Abnormal user identification method and device
CN113688382B (en) Attack intention mining method based on information security and artificial intelligence analysis system
CN116415206B (en) Operator multiple data fusion method, system, electronic equipment and computer storage medium
CN113391943A (en) Micro-service fault root cause positioning method and device based on cause and effect inference
CN115514657B (en) Network modeling method, network problem analysis method and related equipment
CN108959048A (en) The method for analyzing performance of modular environment, device and can storage medium
CN112906206A (en) Digital twin model construction method and device
JP2012186667A (en) Network fault detection apparatus, network fault detection method of network fault detection apparatus, and network fault detection program
CN115048370A (en) Artificial intelligence processing method for big data cleaning and big data cleaning system
CN113312556A (en) Cloud service mining method based on 5G interconnection big data and big data pushing system
CN113421105A (en) Big data fraud prevention based information processing method and artificial intelligence monitoring system
CN116361974A (en) Data source importance discriminating method based on highway service and data network
CN115994682A (en) Multi-view alignment method for batch trace and process model of event log
CN111343105B (en) Cutoff identification method and device based on deep learning
CN113297582A (en) Safety portrait generation method based on information safety big data and big data system
CN113098884A (en) Network security monitoring method based on big data, cloud platform system and medium
CN114911677A (en) Monitoring method and device for containers in cluster and computer readable storage medium
CN114338441A (en) Analysis method for intelligently identifying service link based on service flow
CN112699435A (en) Building safety detection method and building safety detection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210921