CN113689291A - Anti-fraud identification method and system based on abnormal movement - Google Patents
Anti-fraud identification method and system based on abnormal movement Download PDFInfo
- Publication number
- CN113689291A CN113689291A CN202111104923.8A CN202111104923A CN113689291A CN 113689291 A CN113689291 A CN 113689291A CN 202111104923 A CN202111104923 A CN 202111104923A CN 113689291 A CN113689291 A CN 113689291A
- Authority
- CN
- China
- Prior art keywords
- behavior
- data
- mining
- fraud
- frequent item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/03—Credit; Loans; Processing thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2465—Query processing support for facilitating data mining operations in structured databases
Abstract
The embodiment of the invention provides an anti-fraud identification method and system based on abnormal movement, which are used for acquiring application behavior process data acquired by a user terminal of a target user in real time in an independent biological characteristic verification process when receiving a service application request of the target user, analyzing the application behavior process data, judging whether the target user has abnormal movement behavior, determining that the target user has abnormal fraud behavior when the target user has the abnormal movement behavior, and otherwise determining that the target user does not have the abnormal fraud behavior. Therefore, the anti-fraud recognition is carried out by taking whether the target user has abnormal mobile behavior as an expanded verification dimension, so that the accuracy of the anti-fraud recognition can be improved, and the condition of missed detection is avoided.
Description
Technical Field
The invention relates to the technical field of anti-fraud identification, in particular to an anti-fraud identification method and system based on abnormal movement.
Background
In the anti-fraud identification process, only the characteristics of the request data content of the service application request initiated by the target user are generally identified at present, the accuracy of the method is low, the dimension of abnormal movement behavior is not considered, and the condition of missing detection often occurs.
Disclosure of Invention
In order to overcome at least the above-mentioned deficiencies in the prior art, the present invention provides an anti-fraud identification method and system based on abnormal movement.
In a first aspect, the present invention provides an anti-fraud identification method based on abnormal movement, applied to an anti-fraud identification system based on abnormal movement, the method including:
when receiving a service application request of a target user, acquiring application behavior process data acquired by a user terminal of the target user in real time in an independent biological characteristic verification process;
analyzing the application behavior process data, and judging whether the target user has abnormal movement behavior;
and when the target user has abnormal movement behaviors, determining that the target user has abnormal fraud behaviors, otherwise, determining that the target user does not have abnormal fraud behaviors.
In a second aspect, the embodiment of the present invention further provides an abnormal movement-based anti-fraud recognition system, which includes a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions, and the machine-executable instructions are loaded and executed by the processor to implement the aforementioned abnormal movement-based anti-fraud recognition method.
According to any one of the above aspects, when receiving a service application request of a target user, acquiring application behavior process data acquired by a user terminal of the target user in real time during an independent biometric authentication process, analyzing the application behavior process data, and judging whether the target user has abnormal mobile behavior, when the target user has the abnormal mobile behavior, determining that the target user has the abnormal fraudulent behavior, otherwise, determining that the target user does not have the abnormal fraudulent behavior. Therefore, the anti-fraud recognition is carried out by taking whether the target user has abnormal mobile behavior as an expanded verification dimension, so that the accuracy of the anti-fraud recognition can be improved, and the condition of missed detection is avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings which are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of an anti-fraud identification method based on abnormal movement according to an embodiment of the present invention;
fig. 2 is a schematic block diagram of a structure of an abnormal movement-based anti-fraud recognition system for implementing the abnormal movement-based anti-fraud recognition method according to an embodiment of the present invention.
Detailed Description
The following description is presented to enable one of ordinary skill in the art to make and use the invention and is provided in the context of a particular application and its requirements. It will be apparent to those skilled in the art that various modifications to the disclosed embodiments are possible, and that the general principles defined in this disclosure may be applied to other embodiments and applications without departing from the spirit and scope of the present disclosure. Thus, the present invention is not limited to the described embodiments, but should be accorded the widest scope consistent with the claims.
The terminology used in the description of the invention herein is for the purpose of describing particular example embodiments only and is not intended to limit the scope of the present invention. As used herein, the singular forms "a", "an" and "the" may include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, components, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, components, and/or groups thereof.
These and other features, aspects, and advantages of the present invention, as well as the methods of operation and functions of the related elements of structure and the combination of parts and economies of manufacture, will become more apparent upon consideration of the following description of the accompanying drawings, all of which form a part of this specification. It is to be understood, however, that the drawings are designed solely for the purposes of illustration and description and are not intended as a definition of the limits of the invention. It should be understood that the drawings are not to scale.
Flow charts are used in the present invention to illustrate operations performed by systems according to some embodiments of the present invention. It should be understood that the operations in the flow diagrams may be performed out of order. Rather, various steps may be processed in reverse order or simultaneously. Further, one or more other operations may be added to the flowchart. One or more operations may also be deleted from the flowchart.
The present invention is described in detail below with reference to the drawings, and the specific operation methods in the method embodiments can also be applied to the apparatus embodiments or the system embodiments.
Fig. 1 is a schematic flow chart of an abnormal movement-based anti-fraud identification method according to an embodiment of the present invention, and the abnormal movement-based anti-fraud identification method is described in detail below.
Step S110, when receiving a service application request of a target user, acquiring application behavior process data acquired by a user terminal of the target user in real time in an independent biological characteristic verification process.
In this embodiment, when a target user initiates a service application request through a user terminal, for example, a credit authentication request or other request that may have a fraudulent behavior, the application behavior process data acquired in real time by the user terminal of the target user during the independent biometric verification process is acquired at this time.
And step S120, analyzing the application behavior process data, and judging whether the target user has abnormal movement behaviors.
Step S130, when the target user has abnormal movement behavior, determining that the target user has abnormal fraud behavior, otherwise determining that the target user does not have abnormal fraud behavior.
In the course of research, the inventor finds that, in the current loan application process of third-party assistance (such as loan agency), the target user is usually required to authenticate in the biometric verification stage, and there is a high possibility that the user terminal will be transferred between the cheating agency and the real target user, and the displacement generated in the state of transferring the user terminal is inevitably much larger than that generated in the state of holding the user terminal. Based on the research, the application judges whether the target user has abnormal movement behavior by analyzing the application behavior process data, so as to determine whether the target user independently completes the application process.
Based on the steps, when a service application request of a target user is received, acquiring application behavior process data acquired by a user terminal of the target user in real time in an independent biological characteristic verification process, analyzing the application behavior process data, judging whether the target user has abnormal moving behavior, determining that the target user has abnormal fraudulent activity when the target user has the abnormal moving behavior, and otherwise determining that the target user does not have the abnormal fraudulent activity. Therefore, the anti-fraud recognition is carried out by taking whether the target user has abnormal mobile behavior as an expanded verification dimension, so that the accuracy of the anti-fraud recognition can be improved, and the condition of missed detection is avoided.
In an exemplary design idea, the application behavior process data includes displacement behavior data of the user terminal in the process of performing independent biometric authentication, and then, for step S120, for example, the displacement behavior data may be analyzed to determine whether a displacement variation value of the user terminal is greater than a preset variation value, when the displacement variation value of the user terminal is greater than the preset variation value, it is determined that the target user has an abnormal movement behavior, otherwise, it is determined that the target user does not have the abnormal movement behavior.
In another exemplary design, the application behavior process data includes real-time video stream data of the target user acquired by the user terminal during the independent biometric authentication, and then, for step S120, for example, image analysis may be performed on each two adjacent frames of images in the real-time video stream data to obtain trajectory change information of any one reference object in each two adjacent frames of images. When the track change information represents that the any one reference object has floating larger than a preset position change value, determining that the target user has abnormal movement behavior, otherwise, determining that the target user does not have abnormal movement behavior.
Also, on the basis of the above description of the embodiments, in order to further perform fraud feature learning based on the foregoing basis, the embodiments of the present invention may further include the following steps.
Step S140, obtaining the historical business operation behavior big data of each target user with abnormal fraud behaviors.
And step S150, analyzing the historical business operation behavior big data, and acquiring target business behavior activity data associated with the abnormal fraudulent behavior.
Step S160, extracting key characteristic information in the target business behavior activity data, binding the key characteristic information with the abnormal fraudulent behavior, and then training a preset artificial intelligence model according to the bound key characteristic information and the abnormal fraudulent behavior to obtain a trained abnormal fraudulent behavior recognition model.
In an exemplary design idea, for step S160, in the process of extracting the key feature information in the target business behavior activity data, the following exemplary steps may be implemented.
Step W11, generating a behavior activity relationship network corresponding to the target business behavior activity data, and acquiring the shared behavior activity associated with the behavior activity relationship network, the past behavior activity session data associated with the shared behavior activity, and the shared annotation data associated with the shared behavior activity.
In an exemplary design approach, the shared annotation data is obtained according to shared state data of the behavioral activity relationship network in the shared behavioral activity.
And step W12, acquiring frequent item mining data associated with the shared behavior activity according to the past behavior activity session data and the shared annotation data based on a frequent item mining model.
In an exemplary design idea, the frequent item mining data represents a target frequent item tag of each behavioral activity data in the shared behavioral activity, and the target frequent item tag of each behavioral activity data represents high-frequency trigger information of each behavioral activity data.
The obtaining of frequent item mining data associated with the shared behavior activity according to the past behavior activity session data and the shared annotation data based on the frequent item mining model described in the above step W12 may include the following embodiments of steps W121 to W123.
And step W121, respectively executing frequent item mining of a first cycle number according to the past behavior activity session data and the relevance data of the shared annotation data based on a frequent item mining model, and obtaining a first frequent item mining variable related to the shared behavior activity.
For example, the relevance data of the past behavioral activity session data and the shared annotation data may refer to specific data information of the existence relevance of the past behavioral activity session data and the shared annotation data.
For example, in an exemplary design concept, the first number of cycles may be three, and any one of the frequent item mining includes one variable fusion and one variable derivation. Accordingly, the step W121 of performing frequent item mining for a first cycle number according to the relevance data of the past behavioral activity session data and the shared annotation data to obtain a first frequent item mining variable associated with the shared behavioral activity may include the following steps W1211 to W1216.
And step W1211, performing first variable fusion on the relevance data of the past behavior activity session data and the shared annotation data to obtain a first fusion variable relevant to the shared behavior activity.
Step W1212, performing first variable derivation on the first fusion variable, and obtaining a first derived variable associated with the shared behavior activity.
And step W1213, performing second variable fusion on the first derivative variable to obtain a second fusion variable associated with the shared behavior activity.
Step W1214, performing second variable derivation on the second fusion variable, and obtaining a second derived variable associated with the shared behavior activity.
And step W1215 of performing third variable fusion on the second derivative variable to obtain a third fused variable associated with the shared behavior activity.
Step W1216, performing third variable derivation on the third fusion variable, and obtaining a first frequent item mining variable associated with the shared behavior activity.
Therefore, based on the variable fusion and the variable derivation, the vector identification precision and the expanded vector reference dimension of the first frequent item mining variable can be improved.
And step W122, respectively executing variable derivation of the first cycle times according to the fusion mining variables related to the first frequent item mining variables, and obtaining second frequent item mining variables related to the sharing behavior activities.
For example, any one variable derivation includes a global variable derivation and a partial variable derivation. Accordingly, the step W122 of respectively performing variable derivation on the first cycle number according to the fusion mining variable related to the first frequent item mining variable to obtain the second frequent item mining variable related to the shared behavior activity may include the following steps W1221 to W1226.
And step W1221, performing first global variable derivation on the fusion mining variable related to the first frequent item mining variable, and obtaining a first derived variable related to the shared behavior activity.
And step W1222, performing fourth variable fusion on the fusion variable of the first derivative variable and the third fusion variable to obtain a fourth fusion variable associated with the shared behavior activity.
And step W1223, performing second global variable derivation on the fourth fusion variable to obtain a second derived variable associated with the shared behavior activity.
Step W1224, performing fifth variable fusion on the fusion variables of the second derivative variables and the second fusion variables, to obtain a fifth fusion variable associated with the shared behavior activity.
And step W1225, performing third global variable derivation on the fifth fusion variable to obtain a third derived variable associated with the shared behavior activity.
And step W1226, performing sixth variable fusion on the fusion variable of the third derivative variable and the first fusion variable to obtain a second frequent item mining variable associated with the shared behavior activity.
And step W123, fusing the second frequent item mining variables to obtain frequent item mining data associated with the sharing behavior activities.
Therefore, based on the variable fusion and the variable derivation, the vector identification precision and the expanded vector reference dimension of the first frequent item mining variable can be improved.
In an exemplary design idea, after obtaining frequent item mining data associated with the shared behavior activity according to the past behavior activity session data and the shared annotation data based on the frequent item mining model described in step W12, the method may further include: and acquiring target fraud mining value data according to the past behavior activity session data and the frequent item mining data based on a fraud mining value evaluation model.
The fraud mining value data can be a learning value parameter in the subsequent fraud feature learning process, the larger the learning value parameter is, the larger the learning weight value is, and the learning weight value can be gradually increased based on the learning value parameter.
For example, the fraud mining value evaluation model comprises at least two variable fusion units, at least two variable aggregation units and a mining value prediction unit which are cascaded. The fraud mining value evaluation model is used for acquiring target fraud mining value data according to the past behavior activity session data and the frequent item mining data, and the specific implementation steps are as follows: configuring the past behavior activity session data and the frequent item mining data to a first variable fusion unit in the fraud mining value evaluation model for processing to obtain an extraction variable generated by the first variable fusion unit; from the subsequent variable fusion unit, configuring the extracted variables generated by the previous variable fusion unit to the subsequent variable fusion unit for processing to obtain the extracted variables generated by the subsequent variable fusion unit; configuring the extracted variables generated by the variable fusion unit at the tail end to a first variable collection unit for processing to obtain collection variables generated by the first variable collection unit; from the subsequent variable collecting unit, configuring the collecting variable generated by the previous variable collecting unit to the subsequent variable collecting unit for processing to obtain the collecting variable generated by the subsequent variable collecting unit; and allocating the collection variables generated by the variable collection unit at the tail end to the mining value prediction unit for prediction to obtain the target fraud mining value data generated by the mining value prediction unit.
In addition, before the obtaining of the frequent item mining data associated with the shared behavior activity according to the past behavior activity session data and the shared annotation data based on the frequent item mining model described in step W12, the method may further include: acquiring at least two example sharing behavior activities, past behavior activity session data respectively associated with the at least two example sharing behavior activities, example sharing annotation data respectively associated with the at least two example sharing behavior activities, and example frequent item mining data respectively associated with the at least two example sharing behavior activities; and carrying out convergence optimization on the example frequent item mining model according to past behavior activity session data respectively associated with the at least two example sharing behavior activities, example sharing annotation data respectively associated with the at least two example sharing behavior activities and example frequent item mining data respectively associated with the at least two example sharing behavior activities, so as to obtain the frequent item mining model.
For example, before the obtaining of the frequent item mining data associated with the shared behavioral activity according to the past behavioral activity session data and the shared annotation data based on the frequent item mining model described in step W12, the method may further include: acquiring at least two example sharing behavior activities, past behavior activity session data respectively associated with the at least two example sharing behavior activities, example sharing annotation data respectively associated with the at least two example sharing behavior activities, and example frequent item mining data respectively associated with the at least two example sharing behavior activities; and performing combined training on an example frequent item mining model and an example fraud mining value prediction model according to past behavior activity session data respectively associated with the at least two example sharing behavior activities, example sharing annotation data respectively associated with the at least two example sharing behavior activities and example frequent item mining data respectively associated with the at least two example sharing behavior activities, so as to obtain the frequent item mining model and the fraud mining value evaluation model.
For example, the step of performing combined training on an example frequent item mining model and an example fraud mining value prediction model according to past behavior activity session data associated with the at least two example shared behavior activities, example sharing annotation data associated with the at least two example shared behavior activities, and example frequent item mining data associated with the at least two example shared behavior activities, to obtain the frequent item mining model and the fraud mining value evaluation model may include the following steps W1001 to W1011.
Step W1001, based on the example frequent item mining model, obtaining benchmarking frequent item mining data associated with a first example shared behavior activity of the at least two example shared behavior activities according to past behavior activity session data associated with the first example shared behavior activity and example shared annotation data associated with the first example shared behavior activity.
Step W1002, based on the example fraud mining value prediction model, obtaining first fraud mining value data according to past behavior activity session data associated with the first example shared behavior activity and benchmarking frequent item mining data associated with the first example shared behavior activity.
Step W1003, according to past behavior activity session data associated with the first example sharing behavior activity and example frequent item mining data associated with the first example sharing behavior activity, obtaining second fraud mining value data; calculating a first convergence evaluation parameter based on the first fraud mining value data and the second fraud mining value data.
Step W1004, optimizing model weight information of the example fraud mining value prediction model according to the first convergence evaluation parameter.
Step W1005, if the optimization result of the model weight information of the example fraud mining value prediction model matches the first training termination requirement, obtaining a first fraud mining value prediction model.
Step W1006, based on the example frequent item mining model, obtaining benchmarking frequent item mining data associated with the second example shared behavior activity according to past behavior activity session data associated with the second example shared behavior activity of the at least two first example shared behavior activities and example shared annotation data associated with the second example shared behavior activity.
Step W1007, based on the first fraud mining value prediction model, obtains third fraud mining value data according to past behavior activity session data associated with the second example shared behavior activity and benchmarking frequent item mining data associated with the second example shared behavior activity.
Step W1008, calculating a second convergence assessment parameter based on the third fraud mining value data, the benchmarking frequent item mining data associated with the second example shared behavior activity, and the example frequent item mining data associated with the second example shared behavior activity.
And step W1009 of optimizing the model weight information of the example frequent item mining model according to the second convergence evaluation parameter.
And step W1010, if the optimization result of the model weight information of the example frequent item mining model matches a second training termination requirement, obtaining a first frequent item mining model.
Step W1011, if the combined training result does not match the target training termination requirement, iteratively performing combined training on the first fraud mining value prediction model and the first frequent item mining model until the combined training result is determined to match the target training termination requirement, and obtaining the fraud mining value evaluation model and the frequent item mining model.
And step W13, according to the frequent item mining data, adding features to the behavior activity relationship network in the sharing behavior activity to obtain key feature segments of the behavior activity relationship network in the sharing behavior activity.
Fig. 2 shows a hardware structure of the abnormal movement based anti-fraud recognition system 100 for implementing the abnormal movement based anti-fraud recognition method, according to an embodiment of the present invention, as shown in fig. 2, the abnormal movement based anti-fraud recognition system 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a communication unit 140.
In some embodiments, the anomalous movement-based anti-fraud identification system 100 may be a single anomalous movement-based anti-fraud identification system or a group of anomalous movement-based anti-fraud identification systems. The set of anti-fraud identification systems based on abnormal movement may be centralized or distributed (e.g., the anti-fraud identification system based on abnormal movement 100 may be a distributed system). In some embodiments, the anomalous movement based anti-fraud identification system 100 may be local or remote. For example, the abnormal movement based anti-fraud identification system 100 may access information and/or data stored in the machine-readable storage medium 120 via a network. As another example, the abnormal movement based anti-fraud identification system 100 may be directly connected to the machine-readable storage medium 120 to access stored information and/or data. In some embodiments, the anomalous movement based anti-fraud identification system 100 may be implemented on a cloud platform. By way of example only, the cloud platform may include a private cloud, a public cloud, a hybrid cloud, a community cloud, a distributed cloud, an internal cloud, a multi-tiered cloud, and the like, or any combination thereof.
Machine-readable storage medium 120 may store data and/or instructions. In some embodiments, the machine-readable storage medium 120 may store data obtained from an external terminal. In some embodiments, the machine-readable storage medium 120 may store data and/or instructions for use by the abnormal movement based anti-fraud identification system 100 in performing or using the exemplary methods described in this disclosure. In some embodiments, the machine-readable storage medium 120 may include mass storage, removable storage, volatile read-write memory, read-only memory (ROM), and the like, or any combination thereof. Exemplary mass storage devices may include magnetic disks, optical disks, solid state disks, and the like. Exemplary removable memory may include flash drives, floppy disks, optical disks, memory cards, compact disks, magnetic tape, and the like. Exemplary volatile read and write memories can include Random Access Memory (RAM). Exemplary RAM may include active random access memory (DRAM), double data rate synchronous active random access memory (DDR SDRAM), passive random access memory (SRAM), thyristor random access memory (T-RAM), and zero capacitance random access memory (Z-RAM), among others. Exemplary read-only memories may include mask read-only memory (MROM), programmable read-only memory (PROM), erasable programmable read-only memory (perrom), electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM), digital versatile disc read-only memory, and the like. In some embodiments, the machine-readable storage medium 120 may be implemented on a cloud platform. By way of example only, the cloud platform may include a private cloud, a public cloud, a hybrid cloud, a community cloud, a distributed cloud, an internal cloud, a multi-tiered cloud, and the like, or any combination thereof.
In a specific implementation process, at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120, so that the processor 110 may execute the anti-fraud identification method based on abnormal movement according to the above method embodiment, the processor 110, the machine-readable storage medium 120, and the communication unit 140 are connected through the bus 130, and the processor 110 may be configured to control the transceiving action of the communication unit 140.
For a specific implementation process of the processor 110, reference may be made to various method embodiments executed by the above-mentioned anti-fraud recognition system 100 based on abnormal movement, which implement principles and technical effects are similar, and this embodiment is not described herein again.
In addition, the embodiment of the present invention further provides a readable storage medium, where the readable storage medium is preset with computer-executable instructions, and when a processor executes the computer-executable instructions, the above anti-fraud identification method based on abnormal movement is implemented.
It should be understood that the foregoing description is for purposes of illustration only and is not intended to limit the scope of the present disclosure. Many modifications and variations will be apparent to those of ordinary skill in the art in light of the description of the invention. However, such modifications and variations do not depart from the scope of the present invention.
While the basic concepts have been described above, it will be apparent to those of ordinary skill in the art in view of this disclosure that the above disclosure is intended to be exemplary only and is not intended to limit the invention. Various modifications, improvements and adaptations of the present invention may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed within the present invention and are intended to be within the spirit and scope of the exemplary embodiments of the present invention.
Also, the present invention has been described using specific terms to describe embodiments of the invention. For example, "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the invention. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some of the features, structures, or characteristics of one or more embodiments of the present invention may be combined as suitable.
Moreover, those skilled in the art will recognize that aspects of the present invention may be illustrated and described in terms of several patentable species or situations, including any new and useful process, machine, article, or material combination, or any new and useful modification thereof. Accordingly, aspects of the present invention may be embodied entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in a combination of hardware and software. The above hardware or software may be referred to as a "unit", "module", or "system". Furthermore, aspects of the present disclosure may take the form of a computer program product embodied in one or more computer-readable media, with computer-readable program code embodied therein.
A computer readable signal medium may comprise a propagated data signal with computer program code embodied therein, for example, on a baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including electro-magnetic, optical, and the like, or any suitable combination. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code on a computer readable signal medium may be propagated over any suitable medium, including radio, electrical cable, fiber optic cable, RF, or the like, or any combination thereof.
Computer program code required for operation of various portions of the present invention may be written in any one or more of a variety of programming languages, including a subject oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, an active programming language such as Python, Ruby, and Groovy, or other programming languages. The program code may run entirely on the user's computer, or as a stand-alone software package on the user's computer, or partly on the user's computer and partly on a remote computer, or entirely on the remote computer or an anomalous movement based anti-fraud identification system. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order in which the elements and sequences of the process are described, the use of letters or other designations herein is not intended to limit the order of the processes and methods of the invention unless otherwise indicated by the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it should be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments of the invention. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing anti-fraud identification system or mobile device based on abnormal movement.
Similarly, it should be noted that in the preceding description of embodiments of the invention, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. Similarly, it should be noted that in the preceding description of embodiments of the invention, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments.
Claims (10)
1. An anti-fraud identification method based on abnormal movement is characterized in that the method is applied to an anti-fraud identification system based on abnormal movement, and comprises the following steps:
when receiving a service application request of a target user, acquiring application behavior process data acquired by a user terminal of the target user in real time in an independent biological characteristic verification process;
analyzing the application behavior process data, and judging whether the target user has abnormal movement behavior;
and when the target user has abnormal movement behaviors, determining that the target user has abnormal fraud behaviors, otherwise, determining that the target user does not have abnormal fraud behaviors.
2. The method for recognizing the fraud prevention based on the abnormal movement as claimed in claim 1, wherein the application behavior process data includes displacement behavior data of the user terminal in the process of performing the independent biometric authentication, and the step of analyzing the application behavior process data and determining whether the target user has the abnormal movement behavior includes:
analyzing the displacement behavior data, and judging whether the displacement change value of the user terminal is larger than a preset change value;
and when the displacement change value of the user terminal is larger than a preset change value, determining that the target user has abnormal movement behavior, otherwise, determining that the target user does not have abnormal movement behavior.
3. The method for recognizing the fraud prevention based on the abnormal movement as claimed in claim 1, wherein the application behavior process data includes real-time video stream data of the target user collected by the user terminal during the process of performing the independent biometric authentication, and the step of analyzing the application behavior process data and determining whether the target user has the abnormal movement behavior includes:
performing image analysis on every two adjacent frames of images in the real-time video stream data to acquire track change information of any one reference object in every two adjacent frames of images;
when the track change information represents that the any one reference object has floating larger than a preset position change value, determining that the target user has abnormal movement behavior, otherwise, determining that the target user does not have abnormal movement behavior.
4. The abnormal movement based anti-fraud identification method according to any of claims 1-3, characterized in that said method further comprises:
acquiring historical business operation behavior big data of each target user with abnormal fraud behaviors;
analyzing the historical business operation behavior big data to obtain target business behavior activity data associated with the abnormal fraudulent behavior;
extracting key characteristic information in the target business behavior activity data, binding the key characteristic information with the abnormal fraudulent behavior, and training a preset artificial intelligence model according to the bound key characteristic information and the abnormal fraudulent behavior to obtain a trained abnormal fraudulent behavior identification model.
5. The abnormal movement-based anti-fraud identification method according to claim 4, wherein said step of extracting key feature information in said target business behavior activity data comprises:
generating a behavior activity relationship network corresponding to the target business behavior activity data, and acquiring shared behavior activity associated with the behavior activity relationship network, past behavior activity session data associated with the shared behavior activity, and shared annotation data associated with the shared behavior activity, wherein the shared annotation data is acquired according to shared state data of the behavior activity relationship network in the shared behavior activity;
based on a frequent item mining model, acquiring frequent item mining data associated with the shared behavior activity according to the past behavior activity session data and the shared annotation data, wherein the frequent item mining data represents a target frequent item label of each behavior activity data in the shared behavior activity, and the target frequent item label of each behavior activity data represents high-frequency trigger information of each behavior activity data;
and according to the frequent item mining data, performing feature addition on the behavior activity relationship network in the shared behavior activity to obtain key feature fragments of the behavior activity relationship network in the shared behavior activity, and summarizing the key feature fragments to obtain key feature information in the target service behavior activity data.
6. The abnormal-movement-based anti-fraud recognition method according to claim 5, wherein the obtaining of frequent-item mining data associated with the shared behavioral activity according to the past behavioral activity session data and the shared annotation data based on the frequent-item mining model comprises:
respectively executing frequent item mining of a first cycle number according to the past behavior activity session data and the relevance data of the shared annotation data based on a frequent item mining model to obtain a first frequent item mining variable related to the shared behavior activity;
respectively executing variable derivation of the first cycle times according to the fusion mining variables related to the first frequent item mining variable to obtain second frequent item mining variables related to the sharing behavior activities;
and fusing the second frequent item mining variables to obtain frequent item mining data associated with the sharing behavior activities.
7. The abnormal-movement-based anti-fraud recognition method according to claim 5, wherein after the frequent-item mining model is used to obtain the frequent-item mining data associated with the shared behavioral activity according to the past behavioral activity session data and the shared annotation data, the method further comprises:
acquiring target fraud mining value data according to the past behavior activity session data and the frequent item mining data based on a fraud mining value evaluation model;
the fraud mining value evaluation model comprises at least two cascaded variable fusion units, at least two cascaded variable collection units and a mining value prediction unit; the obtaining of target fraud mining value data based on the fraud mining value evaluation model according to the past behavior activity session data and the frequent item mining data comprises:
configuring the past behavior activity session data and the frequent item mining data to a first variable fusion unit in the fraud mining value evaluation model for processing to obtain an extraction variable generated by the first variable fusion unit;
from the subsequent variable fusion unit, configuring the extracted variables generated by the previous variable fusion unit to the subsequent variable fusion unit for processing to obtain the extracted variables generated by the subsequent variable fusion unit;
configuring the extracted variables generated by the variable fusion unit at the tail end to a first variable collection unit for processing to obtain collection variables generated by the first variable collection unit; from the subsequent variable collecting unit, configuring the collecting variable generated by the previous variable collecting unit to the subsequent variable collecting unit for processing to obtain the collecting variable generated by the subsequent variable collecting unit;
and allocating the collection variables generated by the variable collection unit at the tail end to the mining value prediction unit for prediction to obtain the target fraud mining value data generated by the mining value prediction unit.
8. The abnormal-movement-based anti-fraud recognition method according to claim 5, wherein before the frequent-item mining model obtains the frequent-item mining data associated with the shared behavioral activity according to the past behavioral activity session data and the shared annotation data, the method further comprises:
acquiring at least two example sharing behavior activities, past behavior activity session data respectively associated with the at least two example sharing behavior activities, example sharing annotation data respectively associated with the at least two example sharing behavior activities, and example frequent item mining data respectively associated with the at least two example sharing behavior activities;
and carrying out convergence optimization on the example frequent item mining model according to past behavior activity session data respectively associated with the at least two example sharing behavior activities, example sharing annotation data respectively associated with the at least two example sharing behavior activities and example frequent item mining data respectively associated with the at least two example sharing behavior activities, so as to obtain the frequent item mining model.
9. The abnormal movement-based anti-fraud recognition method according to claim 7, wherein before the frequent item mining model is used to obtain the frequent item mining data associated with the shared behavioral activity according to the past behavioral activity session data and the shared annotation data, the method further comprises:
acquiring at least two example sharing behavior activities, past behavior activity session data respectively associated with the at least two example sharing behavior activities, example sharing annotation data respectively associated with the at least two example sharing behavior activities, and example frequent item mining data respectively associated with the at least two example sharing behavior activities;
performing combined training on an example frequent item mining model and an example fraud mining value prediction model according to past behavior activity session data respectively associated with the at least two example sharing behavior activities, example sharing annotation data respectively associated with the at least two example sharing behavior activities, and example frequent item mining data respectively associated with the at least two example sharing behavior activities, so as to obtain the frequent item mining model and the fraud mining value evaluation model;
wherein, the performing combined training on an example frequent item mining model and an example fraud mining value prediction model according to past behavior activity session data respectively associated with the at least two example shared behavior activities, example sharing annotation data respectively associated with the at least two example shared behavior activities, and example frequent item mining data respectively associated with the at least two example shared behavior activities to obtain the frequent item mining model and the fraud mining value evaluation model includes:
obtaining benchmarking frequent item mining data associated with a first example sharing behavior activity of the at least two example sharing behavior activities according to past behavior activity session data associated with the first example sharing behavior activity and example sharing annotation data associated with the first example sharing behavior activity based on the example frequent item mining model;
obtaining first fraud mining value data according to past behavior activity session data associated with the first example shared behavior activity and benchmarking frequent item mining data associated with the first example shared behavior activity based on the example fraud mining value prediction model;
obtaining second fraud mining value data according to past behavior activity session data associated with the first example shared behavior activity and example frequent item mining data associated with the first example shared behavior activity;
calculating a first convergence evaluation parameter based on the first fraud mining value data and the second fraud mining value data;
optimizing model weight information for the example fraud mining value prediction model as a function of the first convergence evaluation parameter;
if the optimization result of the model weight information of the example fraud mining value prediction modelMatchingA first training termination requirement to obtain a first fraud mining value prediction model;
obtaining benchmarking frequent item mining data associated with a second example sharing behavior activity of the at least two first example sharing behavior activities according to past behavior activity session data associated with the second example sharing behavior activity and example sharing annotation data associated with the second example sharing behavior activity based on the example frequent item mining model;
acquiring third fraud mining value data according to past behavior activity session data associated with the second example shared behavior activity and benchmarking frequent item mining data associated with the second example shared behavior activity based on the first fraud mining value prediction model;
calculating a second convergence evaluation parameter as a function of the third fraud mining value data, the benchmarking frequent item mining data associated with the second example shared behavior activity, and the example frequent item mining data associated with the second example shared behavior activity;
optimizing model weight information of the example frequent item mining model according to the second convergence evaluation parameter;
if the optimization result of the model weight information of the example frequent item mining model matches a second training termination requirement, obtaining a first frequent item mining model;
and if the combined training result does not match the target training termination requirement, iteratively performing combined training on the first fraud mining value prediction model and the first frequent item mining model until the combined training result is determined to match the target training termination requirement, and obtaining the fraud mining value evaluation model and the frequent item mining model.
10. An anomalous movement-based anti-fraud recognition system, characterized in that it comprises a processor and a machine-readable storage medium, in which are stored machine-executable instructions that are loaded and executed by said processor to implement the anomalous movement-based anti-fraud recognition method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111104923.8A CN113689291B (en) | 2021-09-22 | 2021-09-22 | Anti-fraud identification method and system based on abnormal movement |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111104923.8A CN113689291B (en) | 2021-09-22 | 2021-09-22 | Anti-fraud identification method and system based on abnormal movement |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113689291A true CN113689291A (en) | 2021-11-23 |
| CN113689291B CN113689291B (en) | 2022-11-01 |
Family
ID=78586744
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111104923.8A Active CN113689291B (en) | 2021-09-22 | 2021-09-22 | Anti-fraud identification method and system based on abnormal movement |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113689291B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113835988A (en) * | 2021-11-29 | 2021-12-24 | 杭银消费金融股份有限公司 | Index information prediction method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107239882A (en) * | 2017-05-10 | 2017-10-10 | 平安科技(深圳)有限公司 | Methods of risk assessment, device, computer equipment and storage medium |
| CN107302520A (en) * | 2017-05-15 | 2017-10-27 | 北京明朝万达科技股份有限公司 | A kind of dynamic anti-leak of data and method for early warning and system |
| CN108171123A (en) * | 2017-12-11 | 2018-06-15 | 日立楼宇技术(广州)有限公司 | Dangerous user's identification and the method and apparatus of alarm |
| CN110750774A (en) * | 2019-10-21 | 2020-02-04 | 深圳众赢维融科技有限公司 | Identity recognition method and device |
| CN112016896A (en) * | 2020-08-28 | 2020-12-01 | 平安国际智慧城市科技股份有限公司 | Operation state monitoring method and device and storage medium |
| CN112348519A (en) * | 2020-10-21 | 2021-02-09 | 上海淇玥信息技术有限公司 | Method and device for identifying fraudulent user and electronic equipment |
-
2021
- 2021-09-22 CN CN202111104923.8A patent/CN113689291B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107239882A (en) * | 2017-05-10 | 2017-10-10 | 平安科技(深圳)有限公司 | Methods of risk assessment, device, computer equipment and storage medium |
| WO2018205371A1 (en) * | 2017-05-10 | 2018-11-15 | 平安科技(深圳)有限公司 | Risk assessment method and apparatus, server and storage medium |
| CN107302520A (en) * | 2017-05-15 | 2017-10-27 | 北京明朝万达科技股份有限公司 | A kind of dynamic anti-leak of data and method for early warning and system |
| CN108171123A (en) * | 2017-12-11 | 2018-06-15 | 日立楼宇技术(广州)有限公司 | Dangerous user's identification and the method and apparatus of alarm |
| CN110750774A (en) * | 2019-10-21 | 2020-02-04 | 深圳众赢维融科技有限公司 | Identity recognition method and device |
| CN112016896A (en) * | 2020-08-28 | 2020-12-01 | 平安国际智慧城市科技股份有限公司 | Operation state monitoring method and device and storage medium |
| CN112348519A (en) * | 2020-10-21 | 2021-02-09 | 上海淇玥信息技术有限公司 | Method and device for identifying fraudulent user and electronic equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113835988A (en) * | 2021-11-29 | 2021-12-24 | 杭银消费金融股份有限公司 | Index information prediction method and system |
| CN113835988B (en) * | 2021-11-29 | 2022-02-08 | 杭银消费金融股份有限公司 | Index information prediction method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113689291B (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113689292B (en) | User aggregation identification method and system based on image background identification | |
| US11205276B2 (en) | Object tracking method, object tracking device, electronic device and storage medium | |
| CN109816200B (en) | Task pushing method, device, computer equipment and storage medium | |
| CN113706180B (en) | Method and system for identifying cheating communities | |
| CN113869778B (en) | Unmanned aerial vehicle river course inspection method and system based on city management | |
| CN113592869B (en) | Building curtain wall glass breakage image identification method and alarm system | |
| KR20220076398A (en) | Object recognition processing apparatus and method for ar device | |
| CN109271957B (en) | Face gender identification method and device | |
| CN111723728A (en) | Pedestrian searching method, system and device based on bidirectional interactive network | |
| CN113689291B (en) | Anti-fraud identification method and system based on abnormal movement | |
| CN113674318A (en) | Target tracking method, device and equipment | |
| CN113468017A (en) | Online service state detection method applied to block chain and service server | |
| CN113596061B (en) | Network security vulnerability response method based on block chain technology | |
| CN112330312B (en) | Data processing method based on block chain payment and facial recognition and big data platform | |
| CN112529116B (en) | Scene element fusion processing method, device and equipment and computer storage medium | |
| CN111522570B (en) | Target library updating method and device, electronic equipment and machine-readable storage medium | |
| CN113706181B (en) | Service processing detection method and system based on user behavior characteristics | |
| CN113626807A (en) | Big data-based computer information security processing method and system | |
| CN113297498A (en) | Internet-based food attribute mining method and system | |
| CN113869364A (en) | Image processing method, image processing apparatus, electronic device, and medium | |
| CN113409014A (en) | Big data service processing method based on artificial intelligence and artificial intelligence server | |
| CN113835988B (en) | Index information prediction method and system | |
| CN113382090B (en) | Data sharing method and system based on heterogeneous data | |
| CN112989096B (en) | Face feature migration method, electronic device and storage medium | |
| CN116226778B (en) | Retaining wall structure anomaly analysis method and system based on three-dimensional analysis platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |