CN113468142A - Data transfer request processing method, device, equipment and storage medium - Google Patents
Data transfer request processing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113468142A CN113468142A CN202110756656.6A CN202110756656A CN113468142A CN 113468142 A CN113468142 A CN 113468142A CN 202110756656 A CN202110756656 A CN 202110756656A CN 113468142 A CN113468142 A CN 113468142A
- Authority
- CN
- China
- Prior art keywords
- data transfer
- behavior
- terminal
- transfer request
- feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/214—Database migration support
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application discloses a data transfer request processing method, a device, equipment and a storage medium, wherein the method comprises the following steps: receiving a data transfer request sent by a terminal; acquiring data transfer attribute characteristics, target behavior characteristics and behavior time sequence characteristics corresponding to a terminal; the data transfer attribute characteristic, the target behavior characteristic and the behavior time sequence characteristic are characteristics in a first preset time period before the terminal has abnormal behaviors, and the abnormal behaviors are behaviors of the terminal in a second preset time period before the data transfer request; determining the probability value of the terminal in the lost state according to the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics; the data transfer request is processed based on a probability value, wherein the probability value that the terminal is in a lost state can be determined through an artificial intelligence technology. The method and the device can accurately judge whether the terminal is in the loss state, so that illegal data transfer requests can be intercepted when the terminal is determined to be in the loss state.
Description
Technical Field
The present application relates to the field of internet data processing technologies, and in particular, to a method, an apparatus, a device, and a storage medium for processing a data transfer request.
Background
When the mobile phone of the user is in a lost state, the risk of acquiring the account balance of the user by the cracked password exists, and economic loss is caused to the user. In addition, some application program parties storing account balances need to carry out loss compensation on users, so that certain economic losses are caused to the application program parties; in the related art, in order to avoid such a situation, it is usually determined whether a user sending a data transfer request is a legal user through a small amount of features such as data transfer amount, and such a determination strategy is single and is not systematic, and it is difficult to accurately determine whether a data transfer requester is legal, and it is also impossible to accurately determine whether a terminal is in a lost state, and it is impossible to accurately intercept an illegal data transfer request.
Therefore, it is necessary to provide a method, an apparatus, a device and a storage medium for processing a data transfer request, which can accurately determine whether a terminal is in a lost state, and perform different processing on the data transfer request according to the magnitude of the probability value; therefore, when the terminal is determined to be in a lost state, the illegal data transfer request can be intercepted, and economic loss to a legal user of the terminal is avoided.
Disclosure of Invention
The application provides a data transfer request processing method, a data transfer request processing device and a storage medium, which can accurately judge whether a terminal is in a lost state or not, and intercept an illegal data transfer request when the terminal is determined to be in the lost state, so that economic loss caused to a legal user of the terminal is avoided.
In one aspect, the present application provides a data transfer request processing method, where the method includes:
receiving a data transfer request sent by a terminal;
acquiring data transfer attribute characteristics, target behavior characteristics and behavior time sequence characteristics corresponding to the terminal; the data transfer attribute feature, the target behavior feature and the behavior timing feature are features in a first preset time period before the terminal has abnormal behavior, and the abnormal behavior is the behavior of the terminal in a second preset time period before the data transfer request;
determining a probability value of the terminal in a lost state according to the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics;
processing the data transfer request based on the probability value.
Another aspect provides a data transfer request processing apparatus, including:
the data transfer request receiving module is used for receiving a data transfer request sent by a terminal;
the characteristic acquisition module is used for acquiring data transfer attribute characteristics, target behavior characteristics and behavior time sequence characteristics corresponding to the terminal; the data transfer attribute feature, the target behavior feature and the behavior timing feature are features in a first preset time period before the terminal has abnormal behavior, and the abnormal behavior is the behavior of the terminal in a second preset time period before the data transfer request;
a probability value determining module, configured to determine a probability value that the terminal is in a lost state according to the data transfer attribute feature, the target behavior feature, and the behavior timing feature;
and the request processing module is used for processing the data transfer request based on the probability value.
Another aspect provides a data transfer request processing apparatus, which includes a processor and a memory, where at least one instruction or at least one program is stored in the memory, and the at least one instruction or the at least one program is loaded by the processor and executed to implement the data transfer request processing method described above.
Another aspect provides a computer storage medium storing at least one instruction or at least one program, which is loaded and executed by a processor to implement the data transfer request processing method as described above.
Another aspect provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to execute to implement the data transfer request processing method as described above.
The data transfer request processing method, device, equipment and storage medium provided by the application have the following technical effects:
after receiving a data transfer request sent by a terminal, acquiring data transfer attribute characteristics, target behavior characteristics and behavior time sequence characteristics in a first preset time period before an abnormal behavior exists in the terminal, wherein the abnormal behavior is the behavior of the terminal in a second preset time period before the data transfer request, determining the probability value of the terminal in a lost state through the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics, accurately judging whether the terminal is in the lost state, and performing different processing on the data transfer request according to the probability value; therefore, when the terminal is determined to be in a lost state, the illegal data transfer request can be intercepted, and economic loss to a legal user of the terminal is avoided.
Drawings
In order to more clearly illustrate the technical solutions and advantages of the embodiments of the present application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of a data transfer request processing system according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a data transfer request processing method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a method for acquiring a data transfer attribute feature, a target behavior feature, and a behavior timing feature corresponding to a terminal according to an embodiment of the present application;
fig. 4 is a flowchart illustrating a method for determining a probability value that the terminal is in a lost state according to an embodiment of the present application;
FIG. 5 is a schematic flow chart diagram illustrating a method for determining a target feature according to an embodiment of the present application;
fig. 6 is a schematic flowchart of a method for processing the data transfer request based on a probability value according to an embodiment of the present application;
fig. 7 is a schematic flowchart of another method for processing the transaction request based on probability values according to an embodiment of the present application;
fig. 8 is a flowchart illustrating a method for processing the data transfer request based on the risk score according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a blockchain system according to an embodiment of the present disclosure;
FIG. 10 is a block diagram according to an embodiment of the present disclosure;
fig. 11 is a schematic flowchart of a method for storing data transfer attribute characteristics, target behavior characteristics, and behavior timing characteristics according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a data transfer request processing apparatus according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
Artificial Intelligence (AI) is a theory, method, technique and application system that uses a digital computer or a machine controlled by a digital computer to simulate, extend and expand human Intelligence, perceive the environment, acquire knowledge and use the knowledge to obtain the best results. In other words, artificial intelligence is a comprehensive technique of computer science that attempts to understand the essence of intelligence and produce a new intelligent machine that can react in a manner similar to human intelligence. Artificial intelligence is the research of the design principle and the realization method of various intelligent machines, so that the machines have the functions of perception, reasoning and decision making. The artificial intelligence technology is a comprehensive subject and relates to the field of extensive technology, namely the technology of a hardware level and the technology of a software level. The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a voice processing technology, a natural language processing technology, machine learning/deep learning, automatic driving, intelligent traffic and the like.
Specifically, the scheme provided by the embodiment of the application relates to the field of machine learning of artificial intelligence. Machine Learning (ML) is a multi-domain cross discipline, and relates to a plurality of disciplines such as probability theory, statistics, approximation theory, convex analysis, algorithm complexity theory and the like. The special research on how a computer simulates or realizes the learning behavior of human beings so as to acquire new knowledge or skills and reorganize the existing knowledge structure to continuously improve the performance of the computer. Machine learning is the core of artificial intelligence, is the fundamental approach for computers to have intelligence, and is applied to all fields of artificial intelligence. According to the method and the device, the state type prediction model can be constructed through machine learning, and the loss state of the terminal can be predicted.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Referring to fig. 1, fig. 1 is a schematic diagram of a data transfer request processing system according to an embodiment of the present application, and as shown in fig. 1, the data transfer request processing system may include at least a server 01 and a client 02.
Specifically, in this embodiment of the present disclosure, the server 01 may include an independently operating server, or a distributed server, or a server cluster composed of a plurality of servers, and may also be a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), and a big data and artificial intelligence platform. The server 01 may comprise a network communication unit, a processor, a memory, etc. Specifically, the server 01 may be configured to process the data transfer request sent by the client 02 according to the probability value that the client 02 is in the loss state.
Specifically, in the embodiment of the present disclosure, the client 02 may include a type of physical device such as a smart phone, a desktop computer, a tablet computer, a notebook computer, a digital assistant, a smart wearable device, a smart speaker, a vehicle-mounted terminal, and a smart television, but is not limited thereto, and may also include software running in the physical device, such as a web page provided by some service providers to a user, or an application provided by the service providers to the user. Specifically, the client 02 may be configured to send a data transfer request to the server 01.
A data transfer request processing method of the present application is described below, and fig. 2 is a schematic flow chart of a data transfer request processing method provided in an embodiment of the present application, and the present specification provides method operation steps as described in the embodiment or the flow chart, but more or less operation steps may be included based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In practice, the system or server product may be implemented in a sequential or parallel manner (e.g., parallel processor or multi-threaded environment) according to the embodiments or methods shown in the figures. Specifically, as shown in fig. 2, the method is applied to a server, and the method may include:
s201: and receiving a data transfer request sent by the terminal.
In the embodiments of the present specification, the data transfer request may be a transfer request or a payment request; the data transfer request may be a request sent by a target application in the terminal, the target application being an application having a transfer function and/or a payment function.
S203: acquiring data transfer attribute characteristics, target behavior characteristics and behavior time sequence characteristics corresponding to the terminal; the data transfer attribute feature, the target behavior feature, and the behavior timing feature are features of the terminal in a first preset time period before an abnormal behavior exists, and the abnormal behavior is a behavior of the terminal in a second preset time period before the data transfer request.
In the embodiment of the present specification, the abnormal behavior may be a sensitive behavior, including behaviors of inputting an error password for many times, binding a bank card for many times, modifying a password for many times, and the like; when the terminal has abnormal behavior in a second preset time period before the data transfer request, the probability that the operator of the terminal is a non-rule sub is high, that is, the probability that the terminal is in a lost state is high. At this time, the characteristics of the terminal in a first preset time period before the abnormal behavior are obtained, so that whether the terminal is in a lost state or not is judged.
In the embodiments of the present specification, the data transfer attribute characteristics may include characteristics such as data transfer time, data transfer amount, and data transfer frequency; the target behavior characteristics can comprise behaviors of clicking a wallet in a payment page, a nine-square case, payment management, checking a bank card, clicking a card back (a bank card identifier), adding a bank card and the like; the behavior temporal characteristics may include a temporal sequence of the target behavior and associated behaviors of the target behavior; for example, before clicking a wallet or clicking an input password, an illegal user may query a file such as a memo of the terminal for information such as a payment password and a bank card password, so as to determine whether the terminal is in a lost state according to the behavior timing characteristics. According to the method and the device, the state information of the terminal can be accurately judged by combining the data transfer attribute characteristic, the target behavior characteristic and the behavior time sequence characteristic corresponding to the terminal, namely whether an operator corresponding to the terminal is an illegal user or not can be accurately judged.
The first preset time period and the second preset time period may be set according to actual conditions, for example, the first preset time period may be 20 minutes, 30 minutes, and the like, and the second preset time period may be 5 minutes, 10 minutes, and the like. The first preset time period and the second preset time period may be the same or different.
In an embodiment of the present specification, the data transfer attribute feature, the target behavior feature, and the behavior timing feature may be features in the target application; the local server can comprise a wind control quasi-real-time system, a cache database and an offline data table; as shown in fig. 3, the obtaining of the data transfer attribute feature, the target behavior feature, and the behavior timing feature corresponding to the terminal may include:
s2031: the terminal sends the click behavior data to a wind control quasi-real-time system (tssd) through a target application program;
in the embodiment of the present specification, in order to ensure accuracy and integrity of data, the wind control near real-time system may compare and test the sampled click behavior with an actual click behavior, and when the comparison is consistent, the wind control near real-time system stores the received click behavior data.
In the embodiment of the specification, for a target application program, the click data volume is extremely large, and the number of times per day can reach 20 hundred million; in order to reduce the interface interaction frequency, click behavior data corresponding to a preset number of click behaviors can be sent to the wind control quasi-real-time system each time; therefore, the tssd interface can bear, and interface faults caused by overlarge data volume are avoided; the preset number can be set according to actual conditions, for example, 10 clicks can be set to transmit data in a udp protocol.
S2033: the wind control quasi-real-time system counts the data of the plurality of click behaviors, and calculates the click times of each click behavior in a preset time period, so as to determine the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics;
in the embodiments of the present specification, the preset time period may be 24 hours, 12 hours, 6 hours, 1 hour, or the like. The click behavior data is data corresponding to the click behavior of the user in the target application program; the target application program can be one or more, and the clicking behaviors can comprise a first clicking behavior for determining a data transfer value, a second clicking behavior for determining an account of a transfer party, a third clicking behavior for inputting a password, a fourth clicking behavior for viewing a memo and/or acquiring a password by a mailbox and the like; and calculating the times of each click behavior in real time in the data transfer process of the user.
In this specification, the data transfer attribute feature may include a data transfer value determined according to a click behavior, a transfer party account, and other features; the target behavior characteristics can comprise characteristics such as a first click behavior, a second click behavior, a third click behavior, a fourth click behavior, the number of times of each click behavior and the like; the behavior time sequence feature may be a click time feature corresponding to the third click behavior and the fourth click behavior. For example, when the clicking user is an illegal user, the number of the transferring party accounts inputted by the clicking user is possibly multiple, and the data transfer value is large; the corresponding third click behavior may be multiple times, and when the third click behavior occurs, a fourth click behavior may occur multiple times.
S2035: the wind control quasi-real-time system writes the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics back to a cache database (ckv);
in the embodiment of the present specification, the write back of tssd to ckv will be delayed, and the delay time can be shortened to the maximum extent, for example, 15 seconds.
S2037: taking the data transfer list as a dimension, and sending the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics in the cache database to an offline data table (twd) by the cache database;
in the embodiment of the present specification, since the storage space of the cache database is limited, and new data may continuously overwrite old data, the data in the cache database needs to be sent to an offline data table for long-time storage.
In a specific embodiment, the storage method of the data transfer attribute feature, the target behavior feature and the behavior timing feature is as shown in fig. 9, the wechat application program transmits the corresponding click behavior data to the near-real-time system, and if the data access is slow, other data transfer dimension features can be selected for data transmission; then the data is written back to a cache database through a quasi-real-time system, and in practical application, the write-back can be triggered through sensitive behaviors; and finally storing the data into an offline data table (twd).
In an embodiment of this specification, before obtaining the data transfer attribute feature, the target behavior feature, and the behavior timing feature corresponding to the terminal, the method further includes:
judging whether the terminal has abnormal behavior in a second preset time period before the data transfer request;
in some embodiments, if there is no abnormal behavior, the method further comprises:
and responding and processing the data transfer request.
In an embodiment of this specification, the acquiring of the data transfer attribute feature, the target behavior feature, and the behavior timing feature corresponding to the terminal includes:
and if the abnormal behavior exists, acquiring the data transfer attribute characteristic, the target behavior characteristic and the behavior time sequence characteristic of the terminal in a first preset time period before the abnormal behavior.
In the embodiment of the present specification, when the terminal has an abnormal behavior, whether the terminal is in a lost state can be quickly and accurately determined according to the data transfer attribute feature, the target behavior feature, and the behavior timing feature corresponding to the terminal.
S205: and determining the probability value of the terminal in the lost state according to the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics.
In the embodiment of the present specification, that the terminal is in a lost state means that a current operator corresponding to the terminal is an illegal user, and whether the illegal user is operating the terminal can be determined according to the probability value that the terminal is in the lost state, so that subsequent interception of an illegal data transfer request is facilitated.
In some embodiments, as shown in fig. 4, the determining the probability value that the terminal is in the loss state according to the data transition attribute feature, the target behavior feature and the behavior timing feature includes:
s2051: determining target characteristics according to the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics;
in some embodiments, as shown in fig. 5, the determining the target feature according to the plurality of data transfer attribute features, the plurality of target behavior features, and the plurality of behavior timing features includes:
s20511: calculating the information value of each data transfer attribute feature, each target behavior feature and each behavior time sequence feature, wherein the information value represents the prediction capability of the feature on the state type of the terminal;
s20513: and determining the target characteristic according to the information value.
In the embodiment of the present specification, the Information Value (Information Value) is mainly used for measuring the relevance of a binary target variable and a categorical variable, and is used as an index for measuring the prediction capability of the variables in model development. The larger the information value of the feature, the stronger the predictive ability thereof.
Specifically, in an embodiment of the present specification, the determining the target feature according to the information value includes:
and determining the characteristic of which the information value is greater than a preset information threshold value in the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics as the target characteristic.
In the embodiment of the present specification, the feature with the stronger prediction capability may be determined as the target feature by a method of setting a preset information threshold.
Specifically, in an embodiment of the present specification, the determining the target feature according to the information value includes:
determining the priority of each data transfer attribute feature, each target behavior feature and each behavior time sequence feature according to the information values of each data transfer attribute feature, each target behavior feature and each behavior time sequence feature;
and determining the characteristic with the priority higher than the preset level in the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics as the target characteristic.
In the embodiment of the present specification, the priority may be set from high to low according to the size of the information value corresponding to each feature, so as to determine the target feature according to the priority of the feature; the characteristics of the information values in the preset range may be set to the same priority. For example, one or more levels of features having higher priority may be determined as target features according to the number requirements of the target features.
In the embodiment of the present specification, a specific calculation method of the information value is as follows:
as shown in table 1 below, assuming that there is a classified or binned independent variable X, there are three classifications a \ B \ C, and a 0-1 binary dependent variable y, the frequency distributions obtained are as follows, the first column is X, two and three columns are 0,1 is the number of rows under each value of X, P _0 is the ratio of X to y 0, for example, when X is a, P _0 is 100/600, P _1 is the ratio of X to y 1, and the last column is the logarithm of P _0 divided by P _ 1.
TABLE 1 frequency distribution chart
The information value calculation formula obtained according to the frequency distribution table is as follows:
where IV is an information value, P0i is P _0 on the ith row in the table, the information value is actually a weighted sum of terminal logarithm ratios of the security state and the lost state corresponding to each x, and the information value in this example is: 0.5348.
in this embodiment, the correspondence between the information value and the prediction capability is shown in table 2 below:
table 2: information value range & variable predictive power
| Range of information values | Predictive power |
| <-0.02 | Without predictive power |
| 0.02-0.10 | Weak (weak) |
| 0.10-0.30 | Medium and high grade |
| >0.30 | High strength |
S2053: and determining the probability value of the lost state of the terminal according to the target characteristics.
In some embodiments, the determining the probability value that the terminal is in the loss state according to the target feature includes:
inputting the target characteristics into a state type prediction model to obtain a probability value of the terminal in a lost state; and the probability value represents the state type of the terminal, and the state type prediction model is constructed and obtained on the basis of the sample target characteristics of the sample terminal marked with the state type label.
In some embodiments, the training method of the state class prediction model includes:
acquiring sample target characteristics of a sample terminal marked with a state class label, wherein the sample terminal comprises a positive sample terminal and a negative sample terminal;
based on the sample target characteristics, performing state class recognition training of the sample terminal by using a preset machine learning model;
in the state class identification training, adjusting the model parameters of the preset machine learning model until the state class label output by the preset machine learning model is matched with the input sample target characteristic;
determining a machine learning model corresponding to the current model parameter as the state class prediction model; the current model parameters are model parameters when the output state class labels are matched with the input sample target characteristics.
In the embodiment of the description, the preset machine learning model may be a logistic regression model, the logistic regression is a generalized linear regression analysis model, is one of discrete selection method models, is often used in the fields of data mining, credit prediction and the like, and has fewer related features, simpler algorithm logic and shorter judgment time compared with other models, and the risk of each data transfer is quickly judged under the condition that the WeChat payment mass data transfer is satisfied. Instead of the logistic regression model, models such as a Gradient Boosting Machine (gbm), a distributed Gradient Boosting (xgboost), a Light Gradient Boosting Machine (Light gbm), and the like may be used.
In the modeling samples, the label data come from cases of complaint loss of a historical user mobile phone, after manual investigation and moral risk elimination, the cases are judged to be effective cases, the stolen data transfer list of the cases is used as a negative sample of model training, and the label value is 0. And the normal data transfer sheet of the normal user (the user who does not complain about the mobile phone loss) is taken as a positive sample of the model training, and the label value is 1. In the labeled samples, the ratio of positive and negative samples used for model training is about 10:1, and a binary classification mode of a logistic regression model is used for training. Both positive and negative sample data can be obtained through an off-line data table (twd).
In the embodiment of the present specification, in the model training process, the probability value may be calculated by the following formula based on the target feature:
wherein x1,x2Are all target characteristics, beta1,β2Are respectively a feature x1,x2Corresponding coefficients, b, beta0All are constants, b is a preset constant, p is a probability value, and l is a logistic regression index. Continuously adjusting the coefficient and beta corresponding to the characteristic in the model training process0And enabling the l to reach the target index, and determining each parameter corresponding to the target index as a model parameter.
In the embodiments of the present specification, the characteristic coefficient β may be determined by a maximum likelihood estimation algorithm0,β1,β2. The principle of the maximum likelihood estimation algorithm is as follows:
with the sample results known, the parameters that are most likely to lead to such results are back-extrapolated. The model is determined, the parameters are unknown, the results are observed through a plurality of experiments, and the probability that a certain parameter value can be obtained by utilizing the experiment results to enable the sample to appear is maximum, so the method is called as 'maximum likelihood estimation'.
S207: and processing the data transfer request based on the probability value.
In some embodiments, the probability value may be any value between 0-1.
In some embodiments, as shown in fig. 6, the processing the data transfer request based on the probability value includes:
s2071: and when the probability value is greater than or equal to a preset probability threshold value, intercepting the data transfer request.
In this embodiment of the present specification, the preset probability threshold may be a critical value of a terminal state category, and may be set according to an actual situation.
In an embodiment of the present specification, as shown in fig. 6, the processing the data transfer request based on the probability value includes:
s2073: and when the probability value is smaller than the preset probability threshold value, responding to the data transfer request.
In the embodiment of the present specification, whether a terminal is in a lost state can be quickly and accurately determined by the data transfer attribute feature, the target behavior feature, and the behavior timing feature, and whether interception is performed can be returned within 20 milliseconds; and when the terminal is determined to be in a lost state, the data transfer request is quickly intercepted, so that the losses of a terminal legal user and a target application program party are effectively reduced, the claim range can be improved by the target application program party, and the user experience is improved.
In an embodiment of this specification, as shown in fig. 7, before the processing the data transfer request based on the probability value, the method further includes:
s206: acquiring a password acquisition mode corresponding to the data transfer request;
correspondingly, the processing the data transfer request based on the probability value includes:
s20701: converting the probability value into a risk score based on the password acquisition mode;
in the embodiment of the present specification, the prediction capability results of different features are different for different application scenarios. Different application scenes can be distinguished according to a password obtaining mode, such as multiple password attempts, password modification by binding a bank card and the like, and the probability value is converted into a risk score; acquiring abnormal behaviors of the password (such as password trial for multiple times, password modification by binding a bank card and the like) as conditions to trigger judgment of an interception strategy; if the trigger condition is not met, the strategy is not judged, unnecessary strategy judgment time in data transfer is avoided, and delay is reduced.
In an embodiment of the present specification, a method of converting a probability value into a risk score (score) includes:
1) direct multiplication by 100/1000, etc.;
2) the traditional risk model grading conversion mode of the credit industry is as follows:
three parameters are involved:
1. reference Odds: the bad-good ratio corresponds to the real default probability one by one, and the default probability can be calculated, for example, bad is 2, good is 1, Odds is bad/good is 2, and the default probability is bad/(bad + good) is 2/(2+1) is 67%. Wherein, bad means illegal user, good means legal user.
2. Reference score: the corresponding score at baseline Odds.
PDO: (Points to Double the Odds): odds (bad to good ratio) becomes 2 times, the score is decreased.
Next, a formula for calculating the probability and the score can be solved, as follows:
to illustrate with specific numbers, assuming a desired base score (base _ score) of 600, the corresponding Odds (bad to good ratio) is 1: 50. and when Odds is expanded 2-fold to 2: at 50, the risk score (credit score) decreases by 20 to 580 points (PDO 20). Then:
wherein A and B are constants.
S20703: and processing the data transfer request based on the risk score.
In some embodiments, processing the data transfer request based on the risk score includes:
and processing the data transfer request based on the risk score and the attribute information corresponding to the data transfer request.
In this embodiment of the present specification, the attribute information corresponding to the data transfer request may include information of a data transfer counterpart, time, amount, and the like, for example, the score may be combined with time to determine a prediction result, and when the risk score is higher than a preset score threshold and the data transfer time is early in the morning, it may be determined that the terminal is in a lost state. The preset score threshold value can be set according to actual conditions. According to the method and the device, the grading can be combined with abnormal dimensions of the transferred party account, time, amount, frequency and the like of the data to make strategies, and the strategies under each subdivision scene are integrated into a unified strategy system for identifying the lost state of the terminal, so that the accuracy of identifying the state information of the terminal is further improved.
In some embodiments, as shown in fig. 8, the processing the data transfer request based on the risk score includes:
s207031: determining the state types of the terminal based on the risk scores, wherein the state types comprise a loss state and a non-loss state;
s207033: and processing the data transfer request according to the state type of the terminal.
In an embodiment of the present specification, the processing the data transfer request according to the status type of the terminal includes:
when the terminal is in a lost state, intercepting the data transfer request;
and when the terminal is in a non-lost state, responding to the data transfer request.
In an embodiment of the present specification, the method may further include:
and storing the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics corresponding to the terminal based on a block chain system, wherein the block chain system comprises a plurality of nodes, and a point-to-point network is formed among the nodes.
In some embodiments, the blockchain system may be the structure shown in fig. 9, a Peer-To-Peer (P2P) network is formed among a plurality of nodes, and the P2P Protocol is an application layer Protocol operating on top of a Transmission Control Protocol (TCP). In the blockchain system, any machine such as a server and a terminal can be added to become a node, and the node comprises a hardware layer, a middle layer, an operating system layer and an application layer.
The functions of each node in the blockchain system shown in fig. 9 involve:
1) routing, a basic function that a node has, is used to support communication between nodes.
Besides the routing function, the node may also have the following functions:
2) the application is used for being deployed in a block chain, realizing specific services according to actual service requirements, recording data related to the realization functions to form recording data, carrying a digital signature in the recording data to represent a source of task data, and sending the recording data to other nodes in the block chain system, so that the other nodes add the recording data to a temporary block when the source and integrity of the recording data are verified successfully.
3) And the Block chain comprises a series of blocks (blocks) which are mutually connected according to the generated chronological order, new blocks cannot be removed once being added into the Block chain, and recorded data submitted by nodes in the Block chain system are recorded in the blocks.
In some embodiments, the Block Structure (Block Structure) may be the Structure shown in fig. 10, where each Block includes a hash value of the Block storage data transfer record (hash value of the Block) and a hash value of the previous Block, and the blocks are connected by the hash values to form a Block chain. The block may include information such as a time stamp at the time of block generation. A block chain (Blockchain), which is essentially a decentralized database, is a string of data blocks associated by using cryptography, and each data block contains related information for verifying the validity (anti-counterfeiting) of the information and generating a next block.
As can be seen from the technical solutions provided by the embodiments of the present specification, after receiving a data transfer request sent by a terminal, the embodiments of the present specification obtain a data transfer attribute feature, a target behavior feature, and a behavior timing feature in a first preset time period before an abnormal behavior exists in the terminal, where the abnormal behavior is a behavior of the terminal in a second preset time period before the data transfer request, and determine a probability value of the terminal being in a lost state through the data transfer attribute feature, the target behavior feature, and the behavior timing feature, so as to accurately determine whether the terminal is in the lost state, and perform different processing on the data transfer request according to the magnitude of the probability value; therefore, when the terminal is determined to be in a lost state, the illegal data transfer request can be intercepted, and economic loss to a legal user of the terminal is avoided.
An embodiment of the present application further provides a data transfer request processing apparatus, as shown in fig. 12, the apparatus includes:
a data transfer request receiving module 1210, configured to receive a data transfer request sent by a terminal;
a characteristic obtaining module 1220, configured to obtain a data transfer attribute characteristic, a target behavior characteristic, and a behavior timing characteristic corresponding to the terminal; the data transfer attribute feature, the target behavior feature and the behavior timing feature are features of the terminal in a first preset time period before an abnormal behavior exists, and the abnormal behavior is a behavior of the terminal in a second preset time period before the data transfer request;
a probability value determining module 1230, configured to determine a probability value that the terminal is in a lost state according to the data transfer attribute feature, the target behavior feature, and the behavior timing feature;
the request processing module 1240 is configured to process the data transfer request based on the probability value.
In some embodiments, the request processing module may include:
and the interception processing unit is used for intercepting the data transfer request when the probability value is greater than or equal to a preset probability threshold value.
In some embodiments, the apparatus may further comprise:
a password obtaining mode obtaining module, configured to obtain a password obtaining mode corresponding to the data transfer request;
the request processing module may include:
a conversion unit, configured to convert the probability value into a risk score based on the password acquisition manner;
and the data transfer request processing unit is used for processing the data transfer request based on the risk score.
In some embodiments, the data transfer request processing unit may include:
a state type determining subunit, configured to determine a state type of the terminal based on the risk score, where the state type includes a lost state and a non-lost state;
and the data transfer request processing subunit is used for processing the data transfer request according to the state type of the terminal.
In some embodiments, the data transfer attribute feature, the target behavior feature and the behavior timing feature are all multiple, and the probability value determining module may include:
the target characteristic determining unit is used for determining target characteristics according to the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics;
and the first probability value determining unit is used for determining the probability value of the terminal in the lost state according to the target characteristics.
In some embodiments, the target feature determination unit may include:
an information value operator unit, configured to calculate an information value of each data transfer attribute feature, each target behavior feature, and each behavior timing feature, where the information value represents a prediction capability of the feature on a state category of the terminal;
and the target characteristic determining subunit is used for determining the target characteristic according to the information value.
In some embodiments, the probability value determination module may include:
a second probability value determining unit, configured to input the target feature into a state type prediction model to obtain a probability value of the terminal in a lost state; and the probability value represents the state type of the terminal, and the state type prediction model is constructed and obtained on the basis of the sample target characteristics of the sample terminal marked with the state type label.
The device and method embodiments in the device embodiment described are based on the same inventive concept.
The embodiment of the present application provides a data transfer request processing device, which includes a processor and a memory, where the memory stores at least one instruction or at least one program, and the at least one instruction or at least one program is loaded and executed by the processor to implement the data transfer request processing method provided by the above method embodiment.
Embodiments of the present application further provide a computer storage medium, where the storage medium may be disposed in a terminal to store at least one instruction or at least one program for implementing a data transfer request processing method in the method embodiments, and the at least one instruction or the at least one program is loaded and executed by the processor to implement the data transfer request processing method provided in the method embodiments.
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to execute to implement the data transfer request processing method as described above.
Alternatively, in the present specification embodiment, the storage medium may be located at least one network server among a plurality of network servers of a computer network. Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The memory described in the embodiments of the present disclosure may be used to store software programs and modules, and the processor may execute various functional applications and data processing by operating the software programs and modules stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system, application programs needed by functions and the like; the storage data area may store data created according to use of the apparatus, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory may also include a memory controller to provide the processor access to the memory.
The data transfer request processing method provided by the embodiment of the application can be executed in a mobile terminal, a computer terminal, a server or a similar operation device. Taking an example of the data transfer request running on a server, fig. 13 is a hardware structure block diagram of the server of the data transfer request processing method provided in the embodiment of the present application. As shown in fig. 13, the server 1300 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 1310 (the processors 1310 may include but are not limited to Processing devices such as a microprocessor MCU or a programmable logic device FPGA), a memory 1330 for storing data, and one or more storage media 1320 (e.g., one or more mass storage devices) for storing applications 1323 or data 1322. The memory 1330 and the storage medium 1320 may be, among other things, transient storage or persistent storage. The program stored in the storage medium 1320 may include one or more modules, each of which may include a series of instruction operations for the server. Further, the central processor 1310 may be configured to communicate with the storage medium 1320, and execute a series of instruction operations in the storage medium 1320 on the server 1300. The server 1300 may also include one or more power supplies 1360, one or more wired or wireless network interfaces 1350, one or more input-output interfaces 1340, and/or one or more operating systems 1321 such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
Input/output interface 1340 may be used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the server 1300. In one example, i/o Interface 1340 includes a Network adapter (NIC) that may be coupled to other Network devices via a base station to communicate with the internet. In one example, the input/output interface 1340 can be a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
It will be understood by those skilled in the art that the structure shown in fig. 13 is only an illustration and is not intended to limit the structure of the electronic device. For example, server 1300 may also include more or fewer components than shown in FIG. 13, or have a different configuration than shown in FIG. 13.
As can be seen from the embodiments of the data transfer request processing method, the data transfer request processing device, the server, or the storage medium provided by the present application, after receiving a data transfer request sent by a terminal, the present application obtains a data transfer attribute feature, a target behavior feature, and a behavior timing feature in a first preset time period before an abnormal behavior exists in the terminal, where the abnormal behavior is a behavior of the terminal in a second preset time period before the data transfer request, and determines a probability value of the terminal in a lost state through the data transfer attribute feature, the target behavior feature, and the behavior timing feature, so as to accurately determine whether the terminal is in the lost state, and perform different processing on the data transfer request according to the size of the probability value; therefore, when the terminal is determined to be in a lost state, the illegal data transfer request can be intercepted, and economic loss to a legal user of the terminal is avoided.
It should be noted that: the sequence of the embodiments of the present application is only for description, and does not represent the advantages and disadvantages of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus, device, and storage medium embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for relevant points.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer storage medium, and the above storage medium may be a read-only memory, a magnetic disk, an optical disk, or the like.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (10)
1. A method for processing a data transfer request, the method comprising:
receiving a data transfer request sent by a terminal;
acquiring data transfer attribute characteristics, target behavior characteristics and behavior time sequence characteristics corresponding to the terminal; the data transfer attribute feature, the target behavior feature and the behavior timing feature are features in a first preset time period before the terminal has abnormal behavior, and the abnormal behavior is the behavior of the terminal in a second preset time period before the data transfer request;
determining a probability value of the terminal in a lost state according to the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics;
processing the data transfer request based on the probability value.
2. The method of claim 1, wherein the processing the data transfer request based on the probability value comprises:
and when the probability value is greater than or equal to a preset probability threshold value, intercepting the data transfer request.
3. The method of claim 1, wherein prior to processing the data transfer request based on the probability value, the method further comprises:
acquiring a password acquisition mode corresponding to the data transfer request;
correspondingly, the processing the data transfer request based on the probability value includes:
converting the probability value into a risk score based on the password acquisition mode;
processing the data transfer request based on the risk score.
4. The method of claim 3, wherein processing the data transfer request based on the risk score comprises:
determining state categories of the terminal based on the risk scores, wherein the state categories comprise a loss state and a non-loss state;
and processing the data transfer request according to the state type of the terminal.
5. The method according to any one of claims 1 to 4, wherein the data transition attribute feature, the target behavior feature and the behavior timing feature are all plural, and the determining the probability value that the terminal is in the loss state according to the data transition attribute feature, the target behavior feature and the behavior timing feature comprises:
determining target characteristics according to the data transfer attribute characteristics, the target behavior characteristics and the behavior time sequence characteristics;
and determining the probability value of the terminal in the lost state according to the target characteristics.
6. The method of claim 5, wherein determining the target characteristics from the plurality of data transfer attribute characteristics, the plurality of target behavior characteristics, and the plurality of behavior timing characteristics comprises:
calculating an information value of each data transfer attribute feature, each target behavior feature and each behavior time sequence feature, wherein the information value represents the prediction capability of the feature on the state category of the terminal;
and determining the target characteristic according to the information value.
7. The method of claim 5, wherein the determining the probability value that the terminal is in the lost state according to the target feature comprises:
inputting the target characteristics into a state category prediction model to obtain a probability value of the terminal in a lost state; the probability value represents the state type of the terminal, and the state type prediction model is constructed and obtained on the basis of the sample target characteristics of the sample terminal marked with the state type label.
8. A data transfer request processing apparatus, characterized in that the apparatus comprises:
the data transfer request receiving module is used for receiving a data transfer request sent by a terminal;
the characteristic acquisition module is used for acquiring data transfer attribute characteristics, target behavior characteristics and behavior time sequence characteristics corresponding to the terminal; the data transfer attribute feature, the target behavior feature and the behavior timing feature are features in a first preset time period before the terminal has abnormal behavior, and the abnormal behavior is the behavior of the terminal in a second preset time period before the data transfer request;
a probability value determining module, configured to determine a probability value that the terminal is in a lost state according to the data transfer attribute feature, the target behavior feature, and the behavior timing feature;
and the request processing module is used for processing the data transfer request based on the probability value.
9. A data transfer request processing apparatus, characterized in that the apparatus comprises a processor and a memory, wherein at least one instruction or at least one program is stored in the memory, and the at least one instruction or the at least one program is loaded and executed by the processor to implement the data transfer request processing method according to any one of claims 1 to 7.
10. A computer storage medium having at least one instruction or at least one program stored therein, the at least one instruction or the at least one program being loaded and executed by a processor to implement the data transfer request processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110756656.6A CN113468142A (en) | 2021-07-05 | 2021-07-05 | Data transfer request processing method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110756656.6A CN113468142A (en) | 2021-07-05 | 2021-07-05 | Data transfer request processing method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113468142A true CN113468142A (en) | 2021-10-01 |
Family
ID=77878088
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110756656.6A Pending CN113468142A (en) | 2021-07-05 | 2021-07-05 | Data transfer request processing method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468142A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114119012A (en) * | 2021-11-25 | 2022-03-01 | 广州运通数达科技有限公司 | Digital resource transfer control method, apparatus, computer device and storage medium |
-
2021
- 2021-07-05 CN CN202110756656.6A patent/CN113468142A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114119012A (en) * | 2021-11-25 | 2022-03-01 | 广州运通数达科技有限公司 | Digital resource transfer control method, apparatus, computer device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230325724A1 (en) | Updating attribute data structures to indicate trends in attribute data provided to automated modelling systems | |
| CN111681091B (en) | Financial risk prediction method and device based on time domain information and storage medium | |
| CN113610239B (en) | Feature processing method and feature processing system for machine learning | |
| CN111401700A (en) | Data analysis method, device, computer system and readable storage medium | |
| CN111291125B (en) | Data processing method and related equipment | |
| CN113313479A (en) | Payment service big data processing method and system based on artificial intelligence | |
| CN114693409A (en) | Product matching method, device, computer equipment, storage medium and program product | |
| CN114676423A (en) | Data processing method and server for dealing with cloud computing office threats | |
| CN113177851B (en) | Method and device for storing certificate of online insurance transaction, electronic equipment and storage medium | |
| CN113468142A (en) | Data transfer request processing method, device, equipment and storage medium | |
| CN113850669A (en) | User grouping method and device, computer equipment and computer readable storage medium | |
| CN111259975B (en) | Method and device for generating classifier and method and device for classifying text | |
| CN116701896A (en) | Image tag determining method, image tag determining device, computer device, and storage medium | |
| CN111091198A (en) | Data processing method and device | |
| CN114048512B (en) | Method and device for processing sensitive data | |
| CN113011968B (en) | Account state detection method and device, storage medium and electronic equipment | |
| CN112347102B (en) | Multi-table splicing method and multi-table splicing device | |
| CN111459990B (en) | Object processing method, system, computer readable storage medium and computer device | |
| JP2023516035A (en) | A method and system for processing data with varying temporal characteristics to generate predictions about management arrangements using a random forest classifier | |
| CN112950382A (en) | Transaction business matching method and device, electronic equipment and medium | |
| CN110837847A (en) | User classification method and device, storage medium and server | |
| CN113515383B (en) | System resource data distribution method and device | |
| CN118260683B (en) | Big data-based anti-fraud model training method and system | |
| CN118569650A (en) | Small risk control model construction method, application method and system | |
| CN118152874A (en) | Customer classification method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |