CN113487427A - Transaction risk identification method, device and system - Google Patents
Transaction risk identification method, device and system Download PDFInfo
- Publication number
- CN113487427A CN113487427A CN202110426378.8A CN202110426378A CN113487427A CN 113487427 A CN113487427 A CN 113487427A CN 202110426378 A CN202110426378 A CN 202110426378A CN 113487427 A CN113487427 A CN 113487427A
- Authority
- CN
- China
- Prior art keywords
- transaction
- nodes
- node
- data
- community
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000010586 diagram Methods 0.000 claims abstract description 33
- 230000002159 abnormal effect Effects 0.000 claims description 25
- 238000012545 processing Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 13
- 238000012216 screening Methods 0.000 claims description 9
- 238000013079 data visualisation Methods 0.000 claims description 7
- 238000013500 data storage Methods 0.000 claims description 5
- 238000000638 solvent extraction Methods 0.000 claims 1
- 230000002123 temporal effect Effects 0.000 claims 1
- 238000012546 transfer Methods 0.000 abstract description 41
- 230000002265 prevention Effects 0.000 abstract 1
- 238000004422 calculation algorithm Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 11
- 230000006870 function Effects 0.000 description 9
- 230000006399 behavior Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 238000001914 filtration Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000009833 condensation Methods 0.000 description 1
- 230000005494 condensation Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000003012 network analysis Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000010223 real-time analysis Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/389—Keeping log of transactions for guaranteeing non-repudiation of a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a transaction risk identification method, a device, equipment and a storage medium, wherein the method comprises the following steps: acquiring a transaction network diagram; carrying out community division on the transaction network graph to obtain the total node number of each community; selecting nodes with the entry degree and the exit degree of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located; and identifying the nodes with the transaction risks according to preset identification indexes in the target node set, wherein the preset identification indexes are used for representing the transaction risks of the nodes. By adopting the technical scheme of the embodiment of the invention, the problems that the illegal fund transfer prevention rule is easy to learn, contains more subjective factors of experts and is easy to identify errors or careless can be solved, and the identification accuracy of transaction risks can be effectively improved.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a transaction risk identification method, device and system.
Background
The development of the internet technology brings convenience and also brings risk hidden danger. Illegal fund transfer activities usually wash large black money by means of legal financial networks, seriously destroy free competition among economic main bodies of the market, and bring negative influence on stable economic order. The anti-illegal fund transfer technology works out corresponding strategies through analyzing the abnormal user behavior mode, thereby capturing suspicious fund gathering behaviors and a transfer relation network and adding suspicious illegal fund transfer users into a blacklist system. The existing anti-illegal fund transfer technology mainly utilizes a big data processing open source framework to carry out real-time analysis and monitoring on data and an offline blacklist system, thereby identifying some abnormal transactions and disposing related users.
However, most of the anti-illegal fund transfer modes are monitored based on preset anti-illegal fund transfer rules, so that the rules are easy to learn and master on one hand, and on the other hand, the rules mostly contain subjective factors of experts, so that the problems of identification errors or omission are easy to occur.
Disclosure of Invention
The embodiment of the application provides a transaction risk identification method, a transaction risk identification device and a transaction risk identification storage medium, which are used for solving the problems that an anti-illegal fund transfer rule is easy to learn and mostly contains subjective factors of experts, and identification errors or omission easily occur, and the identification accuracy of transaction risks can be effectively improved.
In order to solve the above technical problem, the embodiments of the present specification are implemented as follows:
in a first aspect, a transaction risk identification method is provided, including:
acquiring a transaction network graph, wherein nodes in the transaction network graph are used for representing accounts, and edges connecting two nodes are used for representing that a transaction relation exists between the two nodes;
carrying out community division on the transaction network graph to obtain the total node number of each community;
selecting nodes with the degree of entry and the degree of exit of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located;
and identifying the nodes with transaction risks in the target node set according to preset identification indexes, wherein the preset identification indexes are used for representing the transaction risks in the nodes.
In a second aspect, a transaction risk identification device is provided, comprising:
the system comprises a transaction network graph acquisition unit, a transaction network graph acquisition unit and a transaction processing unit, wherein nodes in the transaction network graph are used for representing accounts, and edges connecting two nodes are used for representing that a transaction relation exists between the two nodes;
the community dividing unit is used for carrying out community division on the transaction network graph to obtain the total node number of each community;
the target node set generating unit is used for selecting nodes of which the in-degree and the out-degree are both greater than corresponding preset thresholds to form a target node set, and the preset thresholds are related to the total number of nodes of a community in which the nodes are located;
and the transaction risk identification unit is used for identifying the nodes with the transaction risks in the target node set according to preset identification indexes, and the preset identification indexes are used for representing the transaction risks in the nodes.
In a third aspect, a transaction risk identification system is provided, comprising:
the user data uplink module is used for uploading user transaction data and encrypted user identity data to the block chain;
the blockchain access module is used for acquiring the user transaction data and the encrypted user identity data from the blockchain;
the data storage module is used for decrypting the encrypted user identity data to obtain decrypted user identity data and storing the user transaction data and the decrypted user identity data into a relational database;
the data visualization module is used for determining the transaction relationship among the user accounts and acquiring a transaction network graph according to the user transaction data and the decrypted user identity data;
the transaction risk identification module is used for acquiring the transaction network diagram, carrying out community division on the transaction network diagram and acquiring the total node number of each community; selecting nodes with the degree of entry and the degree of exit of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located; and identifying the nodes with transaction risks in the target node set according to preset identification indexes.
In a fourth aspect, an electronic device is provided, which is applied to an application server, and includes:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring a transaction network graph, wherein nodes in the transaction network graph are used for representing accounts, and edges connecting two nodes are used for representing that a transaction relation exists between the two nodes;
carrying out community division on the transaction network graph to obtain the total node number of each community;
selecting nodes with the degree of entry and the degree of exit of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located;
and identifying the nodes with transaction risks in the target node set according to preset identification indexes, wherein the preset identification indexes are used for representing the transaction risks in the nodes.
In a fifth aspect, a computer-readable storage medium is presented, the computer-readable storage medium storing one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to:
acquiring a transaction network graph, wherein nodes in the transaction network graph are used for representing accounts, and edges connecting two nodes are used for representing that a transaction relation exists between the two nodes;
carrying out community division on the transaction network graph to obtain the total node number of each community;
selecting nodes with the degree of entry and the degree of exit of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located;
and identifying the nodes with transaction risks in the target node set according to preset identification indexes, wherein the preset identification indexes are used for representing the transaction risks in the nodes.
According to the technical scheme provided by the embodiment, the data processing is carried out on the transaction network graph for representing the transaction relationship among the users, and the screening and the identification of the transaction risk nodes are carried out according to the conditions of the nodes, the edges and the like in the transaction network graph. Compared with the method adopting the preset anti-illegal fund transfer rule, the identification basis of the scheme is the objective characteristic of abnormal transactions, and the active learning of the identification rule and the omission of the identification result are avoided. In addition, the scheme also determines a preset threshold according to the total number of the nodes of the community where the nodes are located, and screens the nodes according to whether the degree of entry and the degree of exit of the nodes are both larger than the corresponding preset threshold.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flow chart of a transaction risk identification method provided in a first embodiment of the present specification.
Fig. 2a is a schematic diagram of a transaction network diagram provided in the first embodiment of the present specification.
FIG. 2b is a schematic illustration of an abnormal fund structure for a consolidated transfer into a relationship.
FIG. 2c is a schematic diagram of a chain anomaly funding structure.
Fig. 3 is a schematic flow chart of a transaction risk identification method provided in the second embodiment of the present specification.
Fig. 4 is a data flow diagram of a specific implementation process provided in the second embodiment of the present specification.
Fig. 5 is a flowchart of uplink user data according to a second embodiment of the present disclosure.
Fig. 6 is a schematic diagram of a specific implementation process of a transaction risk identification method provided in the third embodiment of the present specification.
Fig. 7 is a block diagram of a transaction risk identification device provided in a fourth embodiment of the present specification.
Fig. 8 is a block diagram of a transaction risk identification system provided in a fifth embodiment of the present specification.
Fig. 9 is a schematic structural diagram of an electronic device provided in a sixth embodiment of the present specification.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to solve the problems that the anti-illegal fund transfer rule is easy to learn and often contains subjective factors of experts, and identification errors or omission easily occur, a first embodiment of the present specification relates to a transaction risk identification method, as shown in fig. 1, including the following steps:
s101: acquiring a transaction network graph, wherein nodes in the transaction network graph are used for representing accounts, and edges connecting two nodes are used for representing that a transaction relation exists between the two nodes;
s102: carrying out community division on the transaction network graph to obtain the total node number of each community;
s103: selecting nodes with the entry degree and the exit degree of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located;
s104: and identifying the nodes with the transaction risks according to preset identification indexes in the target node set, wherein the preset identification indexes are used for representing the transaction risks of the nodes.
In step S101, the trading network graph is a directed graph generated according to the trading behavior of the user, belongs to a topological graph structure, and is a set of nodes and edges. Typically, the transaction information is abstracted as nodes in a directed graph and the transaction request data is abstracted as edges in the directed graph. In the transaction network diagram in the embodiment of the present specification, as shown in fig. 2a, nodes are used to represent accounts, edges connecting two nodes are used to represent that a transaction relationship exists between the two nodes, and arrow directions of the edges are used to represent a fund flow direction. For example, when a fund transaction is performed between account a and account B, specifically account a transfers X amount of fund to account B, the transaction relationship between account a and account B in the transaction network diagram is: node A → node B. Wherein arrows "→" indicate a flow of funds.
In step S102, the community discovery is a popular and mature technology currently applied to social network analysis, and mainly refers to discovering groups or sub-networks with close internal connections and sparse external connections in a network to form a plurality of sub-communities, mining the communities, discovering connections and rules hidden in the network, and predicting the behavior of the network.
There are many community discovery algorithms, such as the Louvain algorithm, Newman fast algorithm, CNM algorithm, and MSG-MV algorithm. Taking a community discovery algorithm-Louvain algorithm based on modularity as an example, the implementation process of the Louvain algorithm comprises 2 stages:
in the stage 1, each node is regarded as an independent community, the only condition that the node p 'can be combined with the adjacent node q' is that nonnegative modularity gain can be brought after combination, and a preliminary community division result is generated after the stage is finished;
in the stage 2, nodes in the same community are compressed into a new node, the sum of internal edge weights of the community is converted into a self-surrounding edge weight of the new node, the sum of edge weights of the community is converted into an edge weight between the corresponding new nodes, then, the method in the stage 1 is used for dividing the new network graph, node iterative condensation is carried out along the direction enabling the modularity Q to be optimal, and when the Q is maximum and does not change any more, the algorithm converges.
After the trading network graph is subjected to community division, a plurality of communities are obtained, and then the total number of nodes included in each community, namely the total number of the nodes, can be obtained. If the community 1 includes 20 nodes in total, the total number of the nodes of the community 1 is 20, and the community 2 includes 50 nodes in total, and the total number of the nodes of the community 2 is 50.
In step S103, in the trading network graph, the degree of a node refers to the number of edges associated with the node. Degree is divided into in-degree and out-degree according to the direction of the edge. In-degree is the number of edges that end at a node and out-degree is the number of edges that start at a node. The out-degree and in-degree of a node can be obtained by calculating the number of edges starting from and ending at the node.
The node with the entry degree and the exit degree of the node larger than the corresponding preset threshold values is selected, namely for the entry degree, the preset threshold values are preset entry degree threshold values, for the exit degree, the preset threshold values are preset exit degree threshold values, the preset entry degree threshold values and the preset exit degree threshold values can be the same or different, but are related to the total number of the nodes of the community where the node is located, and can be one fraction of the total number of the nodes of the community where the node is located.
For example, the total node number of the community 1 is 20, and the total node number of the community 2 is 50, then for the node in the community 1, the preset in-degree threshold value and the preset out-degree threshold value may be one tenth of the total node number, that is, 20/10 is 2, and a node with both in-degree and out-degree greater than 2 is selected as the target node; for the nodes in the community 2, the preset in-degree threshold and the preset out-degree threshold may be one tenth of the total number of the nodes, that is, 50/10 is 5, and the nodes with in-degree and out-degree both greater than 5 are selected as the target nodes, and so on. And forming a target node set by the target nodes meeting the conditions in all communities.
In one example, before performing community division on the transaction network graph, filtering nodes in the transaction network graph, and performing community division on the filtered remaining nodes. The conditions of the filter node may be: nodes whose in-degree and out-degree are both 1 and whose transaction relationship only occurs between the two nodes are removed from the transaction network graph. If the node A and the node B have a transaction behavior mutually, the node A pays a fund to the node B, the node B pays a fund to the node A, and the node B also pays a fund to the node C. For node a, both the in-degree and the out-degree are 1, and only the node B in the transaction relationship with node a, node a may be removed from the transaction network graph. For node B, the in degree is 1, but the out degree is 2, then node B remains in the trading network graph. If the node D and the node E have two transaction behaviors mutually, namely the node D pays two funds to the node E, the node E pays two funds to the node D, and for the node D and the node E, the in-degree and the out-degree are both 2 and are both kept in the transaction network graph.
The transfer island is a node of the type, namely, mutual transfer exists between two account numbers, but no transfer relation exists between the two account numbers and other account numbers, and the risk of illegal fund transfer of the account numbers is low, so that the account numbers can be removed in advance before the transaction risk is identified subsequently, the processing amount of the subsequent identification process is reduced, and the identification speed is improved.
In step S104, the preset identification index may be an index for characterizing the transaction risk existing in the node, for example, the preset identification index may be a central point breakage rate, that is, a ratio of the transfer-out amount to the transfer-in amount. Taking the intermediary account responsible for illegal fund transfer as an example, most of the money transferred in the intermediary account is transferred out through various means, and the central breakage rate of the intermediary account is close to 1. That is, if the central breakage rate of an account is 1 or close to 1, there is a high possibility that the account is an account in which an illegal money transfer action exists. It should be noted that, in practical applications, when screening accounts with illegal fund transfer behaviors, the central point breakage rate may be in a range close to 1, for example, 0.8 to 1.2.
In an example, the preset identification index may be a transaction time entropy, and in the embodiment of the present specification, the transaction time entropy is defined as an average time interval during which transactions occur within a preset time period, it may be understood that an illegal fund transfer transaction is usually completed in a short time, so the transaction time entropy may be used as an identification index of a transaction risk, and a node whose transaction time entropy is smaller than a preset transaction time entropy threshold may be identified as a node having a transaction risk, where if the preset transaction time entropy threshold may be 2s, that is, if the transaction time entropy of a certain node is smaller than 2s, the node is determined as the node having a transaction risk.
Wherein the transaction time entropy is obtained by the following steps: acquiring the transaction frequency of the node in a preset time period, wherein the transaction frequency of the node A is 3 times within 5 minutes; and then obtaining 2 time intervals of 3 transactions, wherein if the time interval between the first transaction and the second transaction is 1s, and the time interval between the second transaction and the third transaction is 2s, the average time interval is (1+2)/2 ═ 1.5s, that is, the transaction time entropy of the node A is 1.5s, and if the preset transaction time entropy threshold is 2s, the node A has a transaction risk.
When the transaction risk is identified by using the embodiment, the data processing is carried out on the transaction network graph for representing the transaction relationship among users, and the screening and the identification of the transaction risk nodes are carried out according to the conditions of the nodes, the edges and the like in the transaction network graph. Compared with the method adopting the preset anti-illegal fund transfer rule, the identification basis of the scheme is the objective characteristic of abnormal transactions, and the active learning of the identification rule and the omission of the identification result are avoided. In addition, the scheme also determines a preset threshold according to the total number of the nodes of the community where the nodes are located, and screens the nodes according to whether the degree of entry and the degree of exit of the nodes are both larger than the corresponding preset threshold.
As an example, after the transaction risk identification is completed, the identified node with the risk of illegal fund transfer, the node with the risk of illegal fund transfer and the abnormal transaction relationship may be combined into an abnormal fund structure, for example, fig. 2b shows an abnormal fund structure representing a centralized transfer relationship, and fig. 2c shows a chained abnormal fund structure. The abnormal fund structure may be used to screen node transaction risk. For example, the network structure and the abnormal fund structure of each community in the transaction network diagram can be compared through an image comparison technology, and the community with smaller structural similarity can be used as an abnormal community, so that the preliminary screening of the node transaction risk is realized.
It can be understood that the abnormal fund structure generated by the actual transaction risk node identification has stronger instantaneity, and when the abnormal fund structure is used for node transaction risk screening, the identification speed of the node transaction risk can be effectively improved.
The second embodiment of the present specification relates to a method for identifying transaction risk, which further explains step 101 in the first embodiment, explains the acquisition process of a transaction network diagram, fig. 3 shows a step flow thereof, fig. 4 shows a data flow thereof, and the following explains with reference to fig. 3 and 4:
s301: acquiring user data from a blockchain, wherein the user data comprises user transaction data and encrypted user identity data;
s302: decrypting the user identity data to obtain decrypted user identity data;
s303: and acquiring the transaction network graph according to the user transaction data and the decrypted user identity data.
In step S201, the existing internet anti-illegal fund transfer technology has some disadvantages, such as user data leakage caused by malicious hacking or internal personnel leakage, data islanding between enterprises or between various departments within an enterprise, and the like. Storing user data in a blockchain can effectively solve the above problems.
In the illegal fund transfer risk identification scenario, as shown in fig. 5, user data is linked, and the user data includes user identity data and user transaction data. The user transaction data, including transaction address, amount, transaction time, etc., can be inquired in a public and transparent way. After receiving user data, firstly judging whether the user is user identity data or not, if so, performing hash calculation, and taking the obtained hash value as a unique identifier of the user and serving as data to be uplink. If not, the uplink data is regarded as the uplink waiting data. And packaging the two parts of data to be linked, and then carrying out data linking, and carrying out transaction broadcasting and block consensus process. After the consensus phase is completed, the blocks of each block chain node are kept consistent. The user data at this time becomes data that is admitted and traceable by each blockchain node.
After the synchronization of the total amount of historical block data is completed, the block chain network can be accessed by calling an interactive interface to perform data interaction with the block chain. When transaction risk identification is required, a block chain can be accessed at any block chain link point to acquire user data. It will be appreciated that this approach breaks the data barriers between departments. For the definition of the statistical aperture, a set of uniform data specifications can be formed, and the quality of service data is effectively improved.
In step S302, the encrypted user identity information may be decrypted by using a hash algorithm, and due to the irreversibility of the blockchain, even though other people access the blockchain to obtain the user data, the other people cannot restore the privacy data of the user, such as the registered name, the phone number, the mailbox, and the like, so as to protect privacy. If security problems such as data leakage occur, the loss brought to users can be reduced.
In step S303, the user transaction data may include customer financial data, credit contract information, account number funds transactions, and the like. Each account node may correspond to an account record, which may be a personal account or an organization account, and if the account record is an organization account, an organization may include a plurality of accounts. When the transaction network graph is generated, the network graph can be generated according to the transaction records of the account numbers, and the account numbers involved in each transaction are connected with each other.
It can be understood that the characteristics of decentralized block chain and open autonomy can effectively solve the data island problem of big data wind control, so that information is openly and transparently transmitted to all users. On the premise of ensuring the encryption of sensitive information, each block chain node has the authority to access the data, and the communication cost of each department for the data use is reduced. In addition, in the block chain, user data is recorded and stored by all block chain link points together, and each block chain node can participate in data check and make a certificate for the data together, so that the authenticity of the data can be effectively improved.
A third embodiment of the present specification relates to a transaction risk identification method, which is a specific example, as shown in fig. 5, and includes:
(1) user data uplink:
a plurality of macroblock nodes uplink user data, including a separation of user identity data and user transaction data. The user transaction data comprises a transaction address, an amount, transaction time and the like. And carrying out hash calculation on the user identity information before uplink, wherein the obtained hash value is used as the unique identifier of the user. And packaging the two parts of data, and performing the transaction broadcasting and block consensus process on the data uplink. After the consensus phase is completed, the blocks of each node are kept consistent. The uplink user data becomes data that each node acknowledges and is traceable to.
(2) Accessing the data on the chain:
after the client node is established, the whole amount of historical block data needs to be synchronized, and after the whole amount of historical block data is synchronized, the block chain network can be accessed by calling an interaction interface to perform data interaction with the block chain. Each member can access the user data on the blockchain through the local self-building node.
(3) And (3) user data storage:
after downloading the user data on the chain, the user data may be stored in a relational database, such as MySQL, for further data visualization and data analysis.
(4) Data visualization:
echarts can be used for data visualization to obtain a transaction network graph, a circular node in the transaction network graph represents a user address, and the transfer relation between two nodes can be obtained by performing pairwise grouping summation calculation on the transfer relation data on the chain. The pointing of the arrows in the trading network diagram represents the transfer relationship after the group summation,
(5) transaction risk identification:
the method mainly adopts a multi-dimensional threshold filtering algorithm, firstly, nodes with a large number of transfer islands (two account numbers have mutual transfer but have no transfer relation with other account numbers) are locked, and the nodes are filtered. After filtering, the node size is greatly reduced. And then carrying out community division on the nodes by using a community discovery algorithm-Louvain algorithm based on modularity. The node with low risk of illegal fund transfer is removed by limiting the node in-degree and out-degree in the community where the node is located. In addition, trade risk identification may be performed using the centroid breakage rate. If the central breakage rate of a node is close to 1, the node has a great risk of illegal fund transfer. The transaction time entropy can also be used for transaction risk identification, namely, the average interval of transactions occurring in unit time is selected, and the transaction within a shorter time period is selected for time risk calculation. If the transaction time entropy is smaller in a transaction network, the more concentrated the time representing the transaction is, the more likely the illegal fund transfer action is performed by the illegal fund transfer group.
A fourth embodiment of the present specification relates to a transaction risk identification device 700, as shown in fig. 7, including: a transaction network diagram obtaining unit 701, a community dividing unit 702, a target node set generating unit 703 and a transaction risk identifying unit 704, wherein the functions of the modules are described in detail as follows:
a transaction network graph obtaining unit 701, configured to obtain a transaction network graph, where a node in the transaction network graph is used to represent an account, and an edge connecting two nodes is used to represent that a transaction relationship exists between the two nodes;
a community dividing unit 702, configured to perform community division on the transaction network graph, to obtain a total node number of each community;
a target node set generating unit 703, configured to select nodes whose in-degree and out-degree are greater than corresponding preset thresholds, to form a target node set, where the preset thresholds are related to the total number of nodes in a community in which the nodes are located;
and the transaction risk identification unit 704 is configured to identify a node with a transaction risk in the target node set according to a preset identification index, where the preset identification index is used to represent the transaction risk existing in the node.
Further, in the transaction risk recognition device 700 provided in the embodiment of the present invention, the preset recognition index includes a transaction time entropy, and the transaction risk recognition unit 704 includes:
and the transaction time entropy risk identification subunit is used for identifying the node with the transaction time entropy smaller than the preset transaction time entropy threshold as the node with the transaction risk.
Further, in the transaction risk recognition apparatus 700 according to the embodiment of the present invention, the transaction risk recognition unit 704 further includes:
the transaction frequency acquisition subunit is used for acquiring the transaction frequency of the node in a preset time period;
and the transaction time entropy acquisition subunit is used for determining an average time interval according to the time interval and the transaction frequency of transactions in a preset time period, and taking the average time interval as the transaction time entropy.
Further, the transaction risk recognition device 700 according to the embodiment of the present invention further includes:
and the filtering unit is used for filtering out the nodes of which the in-degree and the out-degree are both 1 and the transaction relation only occurs between the two nodes.
Further, in the transaction risk recognition apparatus 700 according to the embodiment of the present invention, the transaction network diagram obtaining unit 701 includes:
the user data acquisition subunit is used for acquiring user data from the block chain, wherein the user data comprises user transaction data and encrypted user identity data;
the decryption subunit is used for decrypting the user identity data to obtain decrypted user identity data;
and the transaction network diagram acquisition subunit is used for acquiring the transaction network diagram according to the user transaction data and the decrypted user identity data.
Further, the transaction risk recognition device 700 according to the embodiment of the present invention further includes:
and the abnormal fund structure determining unit is used for forming an abnormal fund structure by using the identified node with the illegal fund transfer risk, the identified node with the illegal fund transfer risk and the identified node with the abnormal transaction relation, and the abnormal fund structure is used for screening the node illegal fund transfer risk.
It can be understood that the abnormal fund structure generated by the actual transaction risk node identification has stronger instantaneity, and when the abnormal fund structure is used for node transaction risk screening, the identification speed of the node transaction risk can be effectively improved.
When the device of the embodiment is used for identifying the transaction risk, the data processing is carried out on the transaction network graph for representing the transaction relationship among users, and the screening and the identification of the transaction risk nodes are carried out according to the conditions of the nodes, the edges and the like in the transaction network graph. Compared with the method adopting the preset anti-illegal fund transfer rule, the identification basis of the scheme is the objective characteristic of abnormal transactions, and the active learning of the identification rule and the omission of the identification result are avoided. In addition, the scheme also determines a preset threshold according to the total number of the nodes of the community where the nodes are located, and screens the nodes according to whether the degree of entry and the degree of exit of the nodes are both larger than the corresponding preset threshold.
A sixth embodiment of the present specification relates to a transaction risk identification system 800, as shown in fig. 8, including: a user data uplink module 801, a block chain access module 802, a data storage module 803, a data visualization module 804, and a transaction risk identification module 805, wherein the functions of the modules are described in detail as follows:
a user data uplink module 801, configured to upload user transaction data and encrypted user identity data to a block chain;
a blockchain access module 802, configured to obtain user transaction data and encrypted user identity data from a blockchain;
a data storage module 803, configured to decrypt the encrypted user identity data to obtain decrypted user identity data, and store the user transaction data and the decrypted user identity data in a relational database;
the data visualization module 804 is used for determining the transaction relationship between the user accounts and acquiring a transaction network diagram according to the user transaction data and the decrypted user identity data;
the transaction risk identification module 805 is configured to obtain a transaction network diagram, perform community division on the transaction network diagram, and obtain a total node number of each community; selecting nodes with the entry degree and the exit degree of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located; and identifying the nodes with transaction risks according to preset identification indexes in the target node set.
It should be noted that each module referred to in the embodiments of the present description is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, and may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present invention, the unit which is not so closely related to solve the technical problem proposed by the present invention is not introduced in the above embodiment, but it does not indicate that there is no other unit in the above embodiment.
A seventh embodiment of the present specification relates to an electronic apparatus, as shown in fig. 9. On the hardware level, the electronic device comprises a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (peripheral component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the transaction risk identification device on a logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
acquiring a transaction network graph, wherein nodes in the transaction network graph are used for representing accounts, and edges connecting two nodes are used for representing that a transaction relation exists between the two nodes;
carrying out community division on the transaction network graph to obtain the total node number of each community;
selecting nodes with the entry degree and the exit degree of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located;
and identifying the nodes with the transaction risks according to preset identification indexes in the target node set, wherein the preset identification indexes are used for representing the transaction risks of the nodes.
The transaction risk identification method provided by the embodiment of the present specification can be applied to or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The steps of a method disclosed in connection with the embodiments of the present specification may be embodied directly in a hardware decoding processor, or in a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
This specification embodiment also proposes a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by an electronic device comprising a plurality of application programs, are capable of causing the electronic device to perform a transaction risk identification method, and in particular to perform:
acquiring a transaction network graph, wherein nodes in the transaction network graph are used for representing accounts, and edges connecting two nodes are used for representing that a transaction relation exists between the two nodes;
carrying out community division on the transaction network graph to obtain the total node number of each community;
selecting nodes with the entry degree and the exit degree of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located;
and identifying the nodes with the transaction risks according to preset identification indexes in the target node set, wherein the preset identification indexes are used for representing the transaction risks of the nodes.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, apparatus, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Claims (10)
1. A transaction risk identification method, comprising:
acquiring a transaction network graph, wherein nodes in the transaction network graph are used for representing accounts, and edges connecting two nodes are used for representing that a transaction relation exists between the two nodes;
carrying out community division on the transaction network graph to obtain the total node number of each community;
selecting nodes with the degree of entry and the degree of exit of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located;
and identifying the nodes with transaction risks in the target node set according to preset identification indexes, wherein the preset identification indexes are used for representing the transaction risks in the nodes.
2. The method of claim 1, wherein the preset identification metric comprises a transaction time entropy;
the node that has the transaction risk is discerned according to predetermineeing the identification index, includes:
and identifying the node with the transaction time entropy smaller than a preset transaction time entropy threshold value as the node with the transaction risk.
3. The method according to claim 1 or 2, wherein the transaction temporal entropy is obtained by:
acquiring the transaction frequency of the node in a preset time period;
determining an average time interval according to the time interval of the transaction in the preset time period and the transaction frequency, and taking the average time interval as the transaction time entropy.
4. The method of claim 1, wherein prior to the community partitioning the transaction network graph, further comprising:
the filter-out is a node where the in-degree and out-degree of the node are both 1 and the transaction relationship only occurs between two nodes.
5. The method of claim 1, wherein obtaining the transaction network map comprises:
acquiring user data from a blockchain, wherein the user data comprises user transaction data and encrypted user identity data;
decrypting the user identity data to obtain decrypted user identity data;
and acquiring the transaction network graph according to the user transaction data and the decrypted user identity data.
6. The method of claim 1, further comprising:
and forming an abnormal fund structure by using the identified node with the transaction risk, the node with the abnormal transaction relation with the node with the transaction risk and the abnormal transaction relation, wherein the abnormal fund structure is used for screening the node transaction risk.
7. A transaction risk identification device, comprising:
the system comprises a transaction network graph acquisition unit, a transaction network graph acquisition unit and a transaction processing unit, wherein nodes in the transaction network graph are used for representing accounts, and edges connecting two nodes are used for representing that a transaction relation exists between the two nodes;
the community dividing unit is used for carrying out community division on the transaction network graph to obtain the total node number of each community;
the target node set generating unit is used for selecting nodes of which the in-degree and the out-degree are both greater than corresponding preset thresholds to form a target node set, and the preset thresholds are related to the total number of nodes of a community in which the nodes are located;
and the transaction risk identification unit is used for identifying the nodes with the transaction risks in the target node set according to preset identification indexes, and the preset identification indexes are used for representing the transaction risks in the nodes.
8. A transaction risk identification system, comprising:
the user data uplink module is used for uploading user transaction data and encrypted user identity data to the block chain;
the blockchain access module is used for acquiring the user transaction data and the encrypted user identity data from the blockchain;
the data storage module is used for decrypting the encrypted user identity data to obtain decrypted user identity data and storing the user transaction data and the decrypted user identity data into a relational database;
the data visualization module is used for determining the transaction relationship among the user accounts and acquiring a transaction network graph according to the user transaction data and the decrypted user identity data;
the transaction risk identification module is used for acquiring the transaction network diagram, carrying out community division on the transaction network diagram and acquiring the total node number of each community; selecting nodes with the degree of entry and the degree of exit of the nodes larger than corresponding preset thresholds to form a target node set, wherein the preset thresholds are related to the total number of the nodes in the community where the nodes are located; and identifying the nodes with transaction risks in the target node set according to preset identification indexes.
9. An electronic device, comprising: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the method according to any one of claims 1 to 6.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110426378.8A CN113487427B (en) | 2021-04-20 | 2021-04-20 | Transaction risk identification method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110426378.8A CN113487427B (en) | 2021-04-20 | 2021-04-20 | Transaction risk identification method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113487427A true CN113487427A (en) | 2021-10-08 |
| CN113487427B CN113487427B (en) | 2024-06-25 |
Family
ID=77933387
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110426378.8A Active CN113487427B (en) | 2021-04-20 | 2021-04-20 | Transaction risk identification method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113487427B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113837874A (en) * | 2021-11-22 | 2021-12-24 | 北京芯盾时代科技有限公司 | Data identification method and device, storage medium and electronic equipment |
| CN114077968A (en) * | 2021-11-17 | 2022-02-22 | 税友信息技术有限公司 | Data risk identification method and related device |
| CN115345736A (en) * | 2022-07-14 | 2022-11-15 | 南京金威诚融科技开发有限公司 | Financial transaction abnormal behavior detection method |
| CN115713334A (en) * | 2022-11-28 | 2023-02-24 | 武汉利楚商务服务有限公司 | Transaction data monitoring method and device |
| CN116340090A (en) * | 2023-02-09 | 2023-06-27 | 中科南京软件技术研究院 | Method, device, equipment and storage medium for identifying software based on interaction sequence |
| CN117745288A (en) * | 2024-02-20 | 2024-03-22 | 中国信息通信研究院 | Method, device, equipment and medium for visualizing blockchain transaction data |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2015203474A1 (en) * | 2012-07-23 | 2015-07-16 | Facebook, Inc. | Structured search queries based on social-graph information |
| CN107590504A (en) * | 2017-07-31 | 2018-01-16 | 阿里巴巴集团控股有限公司 | Abnormal main body recognition methods and device, server |
| WO2018013566A1 (en) * | 2016-07-11 | 2018-01-18 | Visa International Service Association | Machine learning and prediction using graph communities |
| CN108228706A (en) * | 2017-11-23 | 2018-06-29 | 中国银联股份有限公司 | For identifying the method and apparatus of abnormal transaction corporations |
| US20200136923A1 (en) * | 2018-10-28 | 2020-04-30 | Netz Forecasts Ltd. | Systems and methods for prediction of anomalies |
| CN111309788A (en) * | 2020-03-08 | 2020-06-19 | 山西大学 | Community structure discovery method and system for bank customer transaction network |
| CN111476662A (en) * | 2020-04-13 | 2020-07-31 | 中国工商银行股份有限公司 | Anti-money laundering identification method and device |
| CN111831923A (en) * | 2020-07-14 | 2020-10-27 | 北京芯盾时代科技有限公司 | Method, device and storage medium for identifying associated specific account |
| CN112395351A (en) * | 2020-11-19 | 2021-02-23 | 平安普惠企业管理有限公司 | Visual identification group complaint risk method, device, computer equipment and medium |
| CN112463983A (en) * | 2020-12-01 | 2021-03-09 | 天翼电子商务有限公司 | Anti-money laundering criminal identification method based on community division and graph convolution |
| CN112508723A (en) * | 2021-02-05 | 2021-03-16 | 北京淇瑀信息科技有限公司 | Financial risk prediction method and device based on automatic preferential modeling and electronic equipment |
| US20210112087A1 (en) * | 2019-10-11 | 2021-04-15 | Secureworks Corp. | Systems and methods for distributed extended common vulnerabilities and exposures data management |
| CN113159793A (en) * | 2020-12-09 | 2021-07-23 | 同盾控股有限公司 | Data processing method and device, electronic equipment and computer storage medium |
| CN117611335A (en) * | 2023-11-15 | 2024-02-27 | 中银金融科技有限公司 | Financial risk identification method, apparatus, electronic device and storage medium |
-
2021
- 2021-04-20 CN CN202110426378.8A patent/CN113487427B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2015203474A1 (en) * | 2012-07-23 | 2015-07-16 | Facebook, Inc. | Structured search queries based on social-graph information |
| WO2018013566A1 (en) * | 2016-07-11 | 2018-01-18 | Visa International Service Association | Machine learning and prediction using graph communities |
| CN107590504A (en) * | 2017-07-31 | 2018-01-16 | 阿里巴巴集团控股有限公司 | Abnormal main body recognition methods and device, server |
| CN108228706A (en) * | 2017-11-23 | 2018-06-29 | 中国银联股份有限公司 | For identifying the method and apparatus of abnormal transaction corporations |
| US20200136923A1 (en) * | 2018-10-28 | 2020-04-30 | Netz Forecasts Ltd. | Systems and methods for prediction of anomalies |
| US20210112087A1 (en) * | 2019-10-11 | 2021-04-15 | Secureworks Corp. | Systems and methods for distributed extended common vulnerabilities and exposures data management |
| CN111309788A (en) * | 2020-03-08 | 2020-06-19 | 山西大学 | Community structure discovery method and system for bank customer transaction network |
| CN111476662A (en) * | 2020-04-13 | 2020-07-31 | 中国工商银行股份有限公司 | Anti-money laundering identification method and device |
| CN111831923A (en) * | 2020-07-14 | 2020-10-27 | 北京芯盾时代科技有限公司 | Method, device and storage medium for identifying associated specific account |
| CN112395351A (en) * | 2020-11-19 | 2021-02-23 | 平安普惠企业管理有限公司 | Visual identification group complaint risk method, device, computer equipment and medium |
| CN112463983A (en) * | 2020-12-01 | 2021-03-09 | 天翼电子商务有限公司 | Anti-money laundering criminal identification method based on community division and graph convolution |
| CN113159793A (en) * | 2020-12-09 | 2021-07-23 | 同盾控股有限公司 | Data processing method and device, electronic equipment and computer storage medium |
| CN112508723A (en) * | 2021-02-05 | 2021-03-16 | 北京淇瑀信息科技有限公司 | Financial risk prediction method and device based on automatic preferential modeling and electronic equipment |
| CN117611335A (en) * | 2023-11-15 | 2024-02-27 | 中银金融科技有限公司 | Financial risk identification method, apparatus, electronic device and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 范晖;夏清国;乌伟;: "基于节点效益纳什均衡的网络社区发现算法", 计算机工程与设计, no. 10, 16 October 2016 (2016-10-16) * |
| 黄恒笛: "基于机器学习的洗钱风险辨识方法研究", 《中国优秀硕士学位论文全文数据库社会科学Ⅰ辑》, no. 2, 15 February 2024 (2024-02-15) * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114077968A (en) * | 2021-11-17 | 2022-02-22 | 税友信息技术有限公司 | Data risk identification method and related device |
| CN113837874A (en) * | 2021-11-22 | 2021-12-24 | 北京芯盾时代科技有限公司 | Data identification method and device, storage medium and electronic equipment |
| CN113837874B (en) * | 2021-11-22 | 2022-04-12 | 北京芯盾时代科技有限公司 | Data identification method and device, storage medium and electronic equipment |
| CN115345736A (en) * | 2022-07-14 | 2022-11-15 | 南京金威诚融科技开发有限公司 | Financial transaction abnormal behavior detection method |
| CN115345736B (en) * | 2022-07-14 | 2023-12-29 | 上海即科智能技术集团有限公司 | Abnormal behavior detection method for financial transaction |
| CN115713334A (en) * | 2022-11-28 | 2023-02-24 | 武汉利楚商务服务有限公司 | Transaction data monitoring method and device |
| CN116340090A (en) * | 2023-02-09 | 2023-06-27 | 中科南京软件技术研究院 | Method, device, equipment and storage medium for identifying software based on interaction sequence |
| CN117745288A (en) * | 2024-02-20 | 2024-03-22 | 中国信息通信研究院 | Method, device, equipment and medium for visualizing blockchain transaction data |
| CN117745288B (en) * | 2024-02-20 | 2024-05-14 | 中国信息通信研究院 | Method, device, equipment and medium for visualizing blockchain transaction data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113487427B (en) | 2024-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113487427A (en) | Transaction risk identification method, device and system | |
| KR102179152B1 (en) | Client authentication using social relationship data | |
| CN109598505B (en) | Quality data processing method and device based on block chain | |
| US20190386834A1 (en) | Blockchain management apparatus, blockchain management method, and program | |
| CN110035105B (en) | Screen recording evidence obtaining method and system based on block chain and electronic equipment | |
| CN108734028B (en) | Data management method based on block chain, block chain link point and storage medium | |
| CN111898148A (en) | Information supervision method and device based on block chain | |
| CN111160814A (en) | User risk assessment method, device and system based on multi-party security calculation | |
| CN111523890A (en) | Data processing method and device based on block chain, storage medium and equipment | |
| CN109166040B (en) | Transaction auditing method, device, equipment and storage medium based on block chain | |
| CN106529953B (en) | Method and device for risk identification of business attributes | |
| CN111523849A (en) | Resource transaction auditing method and device and server | |
| CN111817859A (en) | Data sharing method, device, equipment and storage medium based on zero knowledge proof | |
| CN111476640A (en) | Authentication method, system, storage medium and big data authentication platform | |
| CN112291321B (en) | Service processing method, device and system | |
| CN113656497A (en) | Data verification method and device based on block chain | |
| CN105184559A (en) | System and method for payment | |
| CN112261427A (en) | Malicious node identification method and device and electronic equipment | |
| CN111865594A (en) | Block chain based product testing method and system, electronic equipment and storage medium | |
| CN111309801A (en) | Method and device for fragmenting alliance chain | |
| CN106649343B (en) | Network data information processing method and equipment | |
| CN114721749A (en) | Voting method and device based on block chain, storage medium and electronic equipment | |
| CN110008081B (en) | Interactive data processing method and device | |
| CN113204476A (en) | User behavior data security detection method | |
| CN112508571A (en) | Data processing method and device based on block chain, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |