CN113886780B - Client information verification method, device, medium and electronic equipment - Google Patents

Client information verification method, device, medium and electronic equipment Download PDF

Info

Publication number
CN113886780B
CN113886780B CN202111169120.0A CN202111169120A CN113886780B CN 113886780 B CN113886780 B CN 113886780B CN 202111169120 A CN202111169120 A CN 202111169120A CN 113886780 B CN113886780 B CN 113886780B
Authority
CN
China
Prior art keywords
abnormal
systems
client information
cluster
new rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111169120.0A
Other languages
Chinese (zh)
Other versions
CN113886780A (en
Inventor
徐晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202111169120.0A priority Critical patent/CN113886780B/en
Publication of CN113886780A publication Critical patent/CN113886780A/en
Application granted granted Critical
Publication of CN113886780B publication Critical patent/CN113886780B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The disclosure relates to the field of artificial intelligence and information security, and discloses a client information verification method, a client information verification device, a client information verification medium and electronic equipment. The method comprises the following steps: obtaining abnormal client information checked by a rule set in a rule engine; model training is carried out according to abnormal client information, and a risk model is obtained; for each system, acquiring the quantity proportion of the abnormal client information in all the systems of the abnormal client information checked by the rule set; determining candidate abnormal systems according to the quantity ratio; acquiring system related information; generating system characteristic data according to the system related information; determining an anomaly system based on the system feature data and the candidate anomaly system; when a new rule adding request is received, generating a new rule set; and checking the new rule by using the risk model, and starting a new rule set for the abnormal system according to the checking of the new rule. The method reduces the labor cost for configuring the rules for multiple systems and considers the safety and efficiency of the online of the new rules.

Description

Client information verification method, device, medium and electronic equipment
Technical Field
The disclosure relates to the technical field of artificial intelligence and information security, in particular to a client information verification method, a client information verification device, a client information verification medium and electronic equipment.
Background
Currently, customer information of some financial systems, such as banking systems, needs to meet the supervision requirement, so each system has its own verification rule, the same rule needs to be implemented multiple times on a large number of systems, and results are inconsistent due to differences in rule understanding of different system developers, so that a large amount of manpower is required to evaluate and develop when one rule is adjusted, and the consumed manpower and material resource costs are large.
Disclosure of Invention
In the technical field of artificial intelligence and information security, in order to solve the technical problems, the purpose of the present disclosure is to provide a method, a device, a medium and an electronic device for checking client information.
According to an aspect of the present disclosure, there is provided a client information verification method, the method being performed by a rule engine for verifying client information reported to a plurality of systems, the method comprising:
for each system in the plurality of systems, obtaining abnormal client information which passes the verification of the rule set in the rule engine, wherein the abnormal client information is the client information with corresponding abnormal behavior records in the system, and when the abnormal behavior is generated by a client, each system in the plurality of systems generates the abnormal behavior record corresponding to the client information of the client;
Performing model training according to the acquired abnormal client information to obtain a client information verification risk model;
For each system, acquiring the quantity proportion of the abnormal client information which passes the verification of the rule set in the rule engine in all the abnormal client information in the system;
according to the number duty ratio corresponding to each system, determining a candidate abnormal system in the systems;
Acquiring system related information corresponding to the systems respectively;
Generating system characteristic data corresponding to each system according to the system related information;
Determining an anomaly system from the plurality of systems based on the system feature data and the candidate anomaly system, the anomaly system comprising the candidate anomaly system;
when a new rule adding request carrying a new rule is received, generating a new rule set comprising the new rule and the rule set;
And verifying the new rule by using the client information verification risk model, and starting the new rule set for the abnormal system according to the new rule through verification so as to verify by using the new rule set when uploading client information to the abnormal system.
According to another aspect of the present disclosure, there is provided a client information verification apparatus, the apparatus being located in a rule engine for verifying client information reported to a plurality of systems, the apparatus comprising:
A first obtaining module configured to obtain, for each of the plurality of systems, abnormal client information that has passed verification of a rule set in the rule engine, the abnormal client information being client information in the system for which a corresponding abnormal behavior record exists, each of the plurality of systems generating an abnormal behavior record corresponding to the client information of the client when the client generates an abnormal behavior;
the training module is configured to perform model training according to the acquired abnormal client information to obtain a client information verification risk model;
A quantity-to-ratio acquisition module configured to acquire, for each system, a quantity-to-ratio of the abnormal client information that has passed the verification of the rule set in the rule engine to all abnormal client information in the system;
The first determining module is configured to determine candidate abnormal systems in the systems according to the number proportion corresponding to each system;
A second acquisition module configured to acquire system-related information corresponding to the plurality of systems, respectively;
the first generation module is configured to generate system characteristic data corresponding to each system according to the system related information;
A second determination module configured to determine an anomaly system among the plurality of systems based on the system characteristic data and the candidate anomaly system, the anomaly system including the candidate anomaly system;
A second generation module configured to generate a new rule set including the new rule and the rule set when a new rule addition request carrying the new rule is received;
And the starting module is configured to verify the new rule by using the client information verification risk model, and start the new rule set for the abnormal system according to the new rule through verification so as to verify by using the new rule set when uploading client information to the abnormal system.
According to another aspect of the present disclosure, there is provided a computer readable program medium storing computer program instructions which, when executed by a computer, cause the computer to perform the method as described above.
According to another aspect of the present disclosure, there is provided an electronic device including:
A processor;
A memory having stored thereon computer readable instructions which, when executed by the processor, implement a method as described above.
The technical scheme provided by the embodiment of the disclosure can comprise the following beneficial effects:
For the client information verification method, the device, the medium and the electronic equipment provided by the disclosure, the method is executed by a rule engine, the rule engine is used for verifying client information reported to a plurality of systems, and the method comprises the following steps: for each system in the plurality of systems, obtaining abnormal client information which passes the verification of the rule set in the rule engine, wherein the abnormal client information is the client information with corresponding abnormal behavior records in the system, and when the abnormal behavior is generated by a client, each system in the plurality of systems generates the abnormal behavior record corresponding to the client information of the client; performing model training according to the acquired abnormal client information to obtain a client information verification risk model; for each system, acquiring the quantity proportion of the abnormal client information which passes the verification of the rule set in the rule engine in all the abnormal client information in the system; according to the number duty ratio corresponding to each system, determining a candidate abnormal system in the systems; acquiring system related information corresponding to the systems respectively; generating system characteristic data corresponding to each system according to the system related information; determining an anomaly system from the plurality of systems based on the system feature data and the candidate anomaly system, the anomaly system comprising the candidate anomaly system; when a new rule adding request carrying a new rule is received, generating a new rule set comprising the new rule and the rule set; and verifying the new rule by using the client information verification risk model, and starting the new rule set for the abnormal system according to the new rule through verification so as to verify by using the new rule set when uploading client information to the abnormal system.
According to the method, the unified rule engine is used for verifying the client information reported to the systems, so that when the rule is newly added, the rule is only required to be added in a concentrated mode, the rule is not required to be set for each system independently, and the labor cost is greatly reduced; meanwhile, through firstly acquiring the abnormal customer information which passes the verification, then, training the abnormal customer information to obtain a customer information verification risk model, on the one hand, firstly determining a candidate abnormal system according to the quantity proportion of the abnormal customer information which passes the verification in each system, then, determining an abnormal system according to the system characteristic data and the candidate abnormal system, and finally, when a new rule needs to be online, enabling the new rule in the abnormal system only if the new rule passes the verification, wherein other systems except the abnormal system can directly enable the new rule, and the online safety and the online efficiency of the new rule are considered.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a system architecture diagram illustrating a method of customer information verification according to an exemplary embodiment;
FIG. 2 is a flow chart illustrating a method of customer information verification according to an exemplary embodiment;
FIG. 3 is a flow chart illustrating a determination of candidate anomaly systems based on a corresponding number of system duty cycles, according to an example embodiment;
FIG. 4 is a flowchart illustrating the determination of an anomaly system among a plurality of systems, according to an example embodiment;
FIG. 5 is a block diagram of a customer information verification device, according to an exemplary embodiment;
FIG. 6 is an exemplary block diagram of an electronic device implementing the above-described customer information verification method, according to an exemplary embodiment;
Fig. 7 is a program product for implementing the above-described client information verification method according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the invention. Rather, they are merely examples of apparatus and methods consistent with aspects of the invention as detailed in the accompanying claims.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities.
The present disclosure first provides a client information verification method. The client information verification is a method for judging the validity of the client information. The customer information here may be information that needs to be used in various fields or various types of platforms. For example, the customer information may be information for use at a banking system to which the customer submits the customer information, and the banking system may evaluate its risk status so that it may be determined whether to transact a loan for the customer. Therefore, it is necessary to judge the validity of the client information uploaded to the system. In the related art, each system uses a set of rules of client information, so that the maintenance cost is high; the client information verification method provided by the disclosure can efficiently and rapidly realize the configuration of rules and can ensure the safety.
The client information verification method provided by the disclosure can be applied to various fields in which client information needs to be verified.
The implementation terminal of the present disclosure may be any device having operation, processing and communication functions, where the device may be connected to an external device, and used for receiving or transmitting data, and may specifically be a portable mobile device, for example, a smart phone, a tablet computer, a notebook computer, a PDA (Personal DIGITAL ASSISTANT), etc., or may be a fixed device, for example, a computer device, a field terminal, a desktop computer, a server, a workstation, etc., or may be a collection of multiple devices, such as a physical infrastructure of cloud computing or a server cluster.
Alternatively, the implementation terminal of the present disclosure may be a server or a physical infrastructure of cloud computing.
Fig. 1 is a system architecture diagram illustrating a client information verification method according to an exemplary embodiment. As shown in fig. 1, the system architecture includes a personal computer 110, an information verification server 120, a first system server 130, a second system server 140, and a third system server 150. The personal computer 110 and the information verification server 120, and the information verification server 120 and each system server are connected by communication links, and can be used for transmitting or receiving data. The information verification server 120 is an implementation terminal in this embodiment, on which a rule engine is deployed, where the rule engine includes a rule set, a client capable of accessing each system server is disposed on the personal computer 110, and the rule engine continuously verifies client information reported by the personal computer 110 to the system servers, and each system server is provided with a system. When a client information verification method provided in the present disclosure is applied to the system architecture shown in fig. 1, the method may be executed by a rule engine in the information verification server 120, and the execution process may be as follows: first, the information verification server 120 acquires, from each system server, abnormal client information that has passed the verification of the rule set in the rule engine, where the abnormal client information was previously passed the verification of the rule engine, but the corresponding client has generated client information of abnormal behavior in the corresponding system, which may cause a problem in the reliability of the rule engine; next, the information verification server 120 trains and obtains a client information verification risk model by using the abnormal client information; then, the information verification server 120 determines the number proportion of verification passing through the rule set in the abnormal client information of each system, and determines candidate abnormal systems according to the corresponding number proportion of each system; next, the information verification server 120 also acquires system-related information from each system server, generates corresponding system feature data using the system-related information, and determines an abnormal system among the plurality of systems based on the system feature data; then, after the system maintainer submits a new rule adding request on a certain system server, the information verification server 120 obtains a new rule in the new rule adding request and generates a new rule set including the new rule and the rule set; next, the information verification server 120 verifies the new rule using the client information verification risk model; finally, when the verification is passed, a new rule set is started in the abnormal system, and when the personal computer 110 uploads the client information to the abnormal system, the rule engine on the information verification server 120 verifies the client information by using the new rule set; and when the verification is not passed or before a verification result is obtained, the original rule set is used for verifying the client information uploaded to the abnormal system.
It should be noted that fig. 1 is only one embodiment of the present disclosure. Although in this embodiment the rule engine and the system are each located on a single server, in other embodiments the rule engine and/or at least one system may each be located on a server cluster consisting of multiple servers; although in this embodiment, only three systems are shown, it is readily understood that the rules engine may also verify customer information uploaded to more systems at the same time; although in this embodiment the rule engine and the system are located on different servers, in other embodiments the rule engine and at least one system may be located on the same server; although in the embodiment, only one terminal device is shown capable of reporting client information to a plurality of systems, it is easy to understand that there may be a plurality of terminal devices reporting client information to a plurality of systems, and the client information reported by each terminal device needs to be checked by a rule engine; although in the present embodiment, each system is disposed on a server, in other embodiments, the systems may also be located on other types of terminal devices, and the types of terminal devices on which each system is located may be different. The present disclosure is not limited thereto, nor should the scope of the present disclosure be limited thereby.
Fig. 2 is a flow chart illustrating a method of customer information verification according to an exemplary embodiment. The client information verification method provided in this embodiment is executed by a rule engine, where the rule engine is used to verify client information reported to multiple systems, and the rule engine may be located in a server, so that the client information verification method may be executed by the server, as shown in fig. 2, and includes the following steps:
step 210, for each system in the plurality of systems, obtaining anomalous customer information that has passed the verification of the rule set in the rule engine.
The abnormal client information is the client information with the corresponding abnormal behavior record in the system, and when the abnormal behavior of the client is generated by each system in the systems, the abnormal behavior record corresponding to the client information of the client is generated.
The rule set includes a plurality of rules. Each system in the multi-system can be a system in the same industry, and can also be a system in different industries. For example, each system may be a system in the banking industry, and there may be a case where a part of each system belongs to the banking industry and another part of each system belongs to the insurance industry.
The rule engine continuously receives the client information reporting request and verifies the client information to be reported to the system, so that the rule engine is a transfer station for each system to acquire the client information. The use of the customer information may be different in each system. For example, in one system, customer information may be used to transact loans and in another system, customer information may be used to transact insurance. After the client information passes the verification of the rule set in the rule engine, the rule engine forwards the client information to the system of the client information report request instruction.
The client information is any information related to the client, and can be information actively reported by the client or client information collected by the App in the process of using the App by the client.
For example, the system may be various financial software systems such as a banking system, checking the customer information may be used to determine whether to allow loans to be issued to customers, and one rule in the rule set may be to determine whether the number of WIFI used for logging in the same account is smaller than the predetermined number of WIFI, whether the number of types of mobile phone models logged in by the same account at different times is smaller than the predetermined number of types, and so on.
The abnormal behavior may be, for example, a customer illegitimate behavior, a customer loan violation, etc.
And 220, performing model training according to the acquired abnormal client information to obtain a client information verification risk model.
The abnormal customer information is used as sample data to train the model, and the customer information verification risk model can be constructed based on various algorithms. The customer information verification risk model may be used to verify rules.
In one embodiment, the customer information verification risk model is a generative countermeasure network model that is used to generate virtual anomaly customer information and verify rules based on the virtual anomaly customer information.
Specifically, the virtual abnormal client information is fictitious abnormal client information, and may be similar to, but not exactly the same as, the abnormal client information; for example, the client information includes the number of WIFI used by the same account, and if in one piece of abnormal client information, the number of WIFI used by the same account is 5, in one piece of virtual abnormal client information, the number of WIFI used by the same account may be 6. It is easy to understand that both the abnormal client information and the virtual abnormal client information may include a plurality of features and feature values corresponding to the respective features.
Step 230, for each system, obtaining the number of abnormal client information in all the systems, wherein the abnormal client information passes the verification of the rule set in the rule engine.
Some clients have also generated abnormal behavior in the system because client information corresponding to a plurality of clients submitted has been obtained in the system, and therefore, the system also generates and saves abnormal behavior records corresponding to the client information of these clients, which are abnormal client information.
And 240, determining candidate abnormal systems in the systems according to the number duty ratio corresponding to each system.
In one embodiment, the determining the candidate abnormal system in the systems according to the number ratio corresponding to each system includes: sequencing the systems according to the corresponding number duty ratio from large to small; the system ordered in the first preset number is used as the candidate abnormal system.
Because the larger the corresponding number of the systems is, the worse the verification effect of the rule engine on the client information in the system is, in the embodiment, the accuracy of determining the candidate abnormal systems is improved by taking the corresponding number of the systems with the largest number of the corresponding number of the systems as the candidate abnormal systems.
FIG. 3 is a flow chart illustrating a determination of candidate anomaly systems based on a corresponding number of system duty cycles, according to an example embodiment. As shown in fig. 3, the method comprises the following steps:
Step 310 determines the number of systems with the number duty cycle greater than a predetermined number duty cycle threshold.
The predetermined number of duty ratios threshold is a threshold set in advance according to expert experience, and in all the systems, there may be at least one system corresponding to a number of duty ratios greater than the predetermined number of duty ratios threshold, and other systems corresponding to a number of duty ratios not exceeding the predetermined number of duty ratios threshold.
Step 320, if the number is greater than the predetermined number, arbitrarily selecting a predetermined number of systems from the systems with the number ratio greater than the predetermined number ratio threshold as candidate abnormal systems.
The predetermined number is similar to the predetermined number duty cycle threshold, and may be a threshold empirically set by an expert.
And when the number of the corresponding systems with the number of the ratios larger than the preset number of the ratio threshold values is larger than the preset number, randomly selecting the preset number of the systems from the systems.
And 330, if the number is less than or equal to the preset number, taking the system with the number ratio greater than the preset number ratio threshold as the candidate abnormal system.
In the present embodiment, only when the number of systems whose number ratio is greater than the predetermined number ratio threshold does not exceed the predetermined number, all systems whose number ratio is greater than the predetermined number ratio threshold are regarded as the candidate abnormal systems; and when the number of the systems whose number ratio is larger than the predetermined number ratio threshold exceeds the predetermined number, arbitrarily selecting a predetermined number of systems from the systems as candidate abnormal systems. Therefore, the number of candidate abnormal systems is limited, and the accuracy of the selected candidate abnormal systems is ensured.
And step 250, acquiring system related information corresponding to the systems respectively.
The system-related information may be any information related to the system, for example, the system-related information may be a system-related log, a system development document, or the like. The system-related information may include function information of the system, attribute information of the system, and the like. The system-related information may be obtained directly from the system, or may be obtained from other terminal devices storing the system-related information.
And 260, generating system characteristic data corresponding to each system according to the system related information.
The system-related information may include, for example, log records generated by the system over a period of time, and the corresponding generated system characteristic data may be an average of the number of logs generated daily; the system-related information may further include a code amount of the system and a record of the system test, and then the corresponding generated system characteristic data may be a ratio of the code amount of the system to the number of system tests.
Step 270, determining an abnormal system from the plurality of systems based on the system characteristic data and the candidate abnormal system.
The anomaly system includes the candidate anomaly system.
In one embodiment, the determining an anomaly system from the plurality of systems based on the system characteristic data and the candidate anomaly system includes: establishing a feature vector corresponding to each system feature data; determining the similarity between the feature vector of the candidate abnormal system and each other feature vector; determining a feature vector with the similarity being greater than a predetermined similarity threshold as a target feature vector; and taking the system corresponding to the target feature vector in the systems as an abnormal system.
The system characteristic data comprises a plurality of characteristic values corresponding to the system characteristics; arranging the characteristic values according to a specified system characteristic arrangement sequence to obtain characteristic vectors; the similarity between feature vectors may be calculated based on cosine similarity or euclidean distance.
FIG. 4 is a flowchart illustrating a determination of an anomaly system among a plurality of systems, according to an example embodiment.
As shown in fig. 4, the method comprises the following steps:
in step 410, a feature vector corresponding to each system feature data is established.
Feature vectors may be established based on feature values in the system feature data.
Step 420, a plurality of feature vectors are obtained from the feature vectors as cluster centers, and a cluster corresponding to each cluster center is established.
A specified number of feature vectors may be randomly selected as the cluster center, a cluster being a collection of feature vectors.
Step 430, the cluster partitioning step is iteratively performed until the cluster center is no longer changed.
The cluster division step includes: for each feature vector, determining a cluster center closest to the feature vector, and adding the feature vector into a cluster corresponding to the cluster center; and determining the center of the new cluster corresponding to each cluster according to the feature vector in each cluster.
And iteratively executing the cluster division step unless the newly determined new cluster center is the same as the cluster center determined before executing the current cluster division step.
The new cluster center corresponding to each cluster may be determined by calculating an average value of feature vectors in each cluster.
And step 440, taking the cluster to which the feature vector corresponding to the system feature data of the candidate abnormal system belongs as an abnormal cluster, and determining the abnormal system in the systems according to the abnormal cluster.
In one embodiment, the determining an abnormal system from the plurality of systems according to the abnormal cluster includes: and taking a system corresponding to the feature vector in the abnormal cluster as an abnormal system.
In one embodiment, the determining an abnormal system from the plurality of systems according to the abnormal cluster includes: and selecting a preset number of systems at will from the systems corresponding to the feature vectors in the abnormal cluster to serve as abnormal systems.
In one embodiment, the determining an abnormal system from the plurality of systems according to the abnormal cluster includes: acquiring the priority corresponding to each system by inquiring the corresponding relation table of the system and the priority; and determining a system with the corresponding priority reaching the designated priority from the systems corresponding to the feature vectors in the abnormal cluster as an abnormal system.
For example, the priority of the system may be classified into 3 high, medium, and low priorities, and a system having a priority higher than the medium may be regarded as an abnormal system.
In one embodiment, the abnormal clusters are a plurality of, and the determining an abnormal system in the systems according to the abnormal clusters includes: acquiring cluster radius of each abnormal cluster, wherein the cluster radius is an average value of distances between feature vectors in the abnormal clusters and cluster centers of the abnormal clusters; determining an average value of cluster radii of the abnormal clusters as an average cluster radius; carrying out fusion treatment on each abnormal cluster to obtain an integrated abnormal cluster; determining a cluster center of the integrated abnormal cluster according to the feature vector in the integrated abnormal cluster; acquiring a feature vector, of which the distance from the cluster center of the integrated abnormal cluster to the cluster center of the integrated abnormal cluster is smaller than the average cluster radius, from the integrated abnormal cluster; and taking the system corresponding to the obtained feature vector and the candidate abnormal system as an abnormal system.
In this embodiment, for a scene of multiple abnormal clusters, an integrated abnormal cluster is obtained by fusing the multiple abnormal clusters, and then a feature vector is selected according to an average cluster radius, so that an abnormal system is selected.
Step 280, when a new rule adding request carrying a new rule is received, generating a new rule set comprising said new rule and said rule set.
That is, the new rule set includes the new rule and the old rule in the rule set.
And 290, checking the new rule by using the client information checking risk model, and starting the new rule set for the abnormal system according to the new rule through checking, so that the new rule set is used for checking when the client information is uploaded to the abnormal system.
It is readily understood that the customer information verification risk model is used to verify rules that are used to verify customer information. The client information verification risk model can verify the rule by generating virtual abnormal client information, specifically, the client information verification risk model generates virtual abnormal client information similar to the abnormal client information, and then judges whether the new rule can reject the virtual abnormal client information or not, so that verification is realized.
In one embodiment, after generating a new rule set comprising a new rule and the rule set upon receiving a new rule addition request carrying the new rule, the method further comprises: the new rule set is enabled for other systems of the plurality of systems than the exception system to utilize the new rule set for verification when uploading customer information to the other systems.
In this embodiment, after receiving the new rule adding request, the new rule set is directly started for other systems except for the abnormal system, so that the security of the new rule is ensured, and meanwhile, the online efficiency of the new rule is improved.
In one embodiment, after verifying the new rule using the customer information verification risk model and enabling the new rule set for the exception system based on the new rule passing verification, the method further comprises: and deleting the rule set.
In this embodiment, the original rule set is deleted after the new rule set is started, so that the consumption of storage space is saved.
In one embodiment, the method further comprises:
determining a normal system from the systems according to the number duty ratio corresponding to each system;
after generating a new rule set comprising the new rule and the rule set upon receiving a new rule addition request carrying the new rule, the method further comprises:
The new rule set is enabled for the normal system of the plurality of systems to verify with the new rule set when uploading customer information to the normal system.
In summary, according to the client information verification method provided in the embodiment of fig. 2, by verifying the client information reported to the multiple systems by using the unified rule engine, when a rule is newly added, only the rule is added to the rule set of the rule engine, and the rule is not required to be set for each system separately, so that the labor cost is greatly reduced; meanwhile, through firstly acquiring the abnormal customer information which passes the verification, then, training the abnormal customer information to obtain a customer information verification risk model, on the one hand, firstly determining a candidate abnormal system according to the quantity proportion of the abnormal customer information which passes the verification in each system, then, determining an abnormal system according to the system characteristic data and the candidate abnormal system, and finally, when a new rule needs to be online, enabling the new rule in the abnormal system only if the new rule passes the verification, wherein other systems except the abnormal system can directly enable the new rule, and the online safety and the online efficiency of the new rule are considered.
The present disclosure also provides a client information verification device, and the following is an embodiment of the device of the present disclosure.
FIG. 5 is a block diagram illustrating a customer information verification device in a rules engine for verifying customer information reported to multiple systems, according to an exemplary embodiment.
As shown in fig. 5, the apparatus 500 includes:
A first obtaining module 510 configured to obtain, for each of the plurality of systems, abnormal client information that has passed the verification of the rule set in the rule engine, the abnormal client information being client information in the system for which a corresponding abnormal behavior record exists, each of the plurality of systems generating an abnormal behavior record corresponding to the client information of the client when the client generates an abnormal behavior;
the training module 520 is configured to perform model training according to the obtained abnormal client information to obtain a client information verification risk model;
A quantity-to-ratio acquisition module 530 configured to acquire, for each system, a quantity-to-ratio of the abnormal customer information that has passed the verification of the rule set in the rule engine to all abnormal customer information in the system;
a first determining module 540 configured to determine a candidate abnormal system among the plurality of systems according to the number duty ratio corresponding to each system;
A second acquiring module 550 configured to acquire system related information corresponding to the plurality of systems, respectively;
A first generation module 560 configured to generate system feature data corresponding to each system according to the system-related information;
A second determination module 570 configured to determine an anomaly system among the plurality of systems based on the system characteristic data and the candidate anomaly system, the anomaly system including the candidate anomaly system;
a second generation module 580 configured to generate a new rule set comprising the new rule and the rule set upon receiving a new rule addition request carrying the new rule;
And an enabling module 590 configured to verify the new rule by using the client information verification risk model, and enable the new rule set for the abnormal system according to the new rule passing the verification, so as to verify by using the new rule set when uploading client information to the abnormal system.
According to a third aspect of the present disclosure, there is also provided an electronic device capable of implementing the above method.
Those skilled in the art will appreciate that the various aspects of the invention may be implemented as a system, method, or program product. Accordingly, aspects of the invention may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 6, the electronic device 600 is in the form of a general purpose computing device. Components of electronic device 600 may include, but are not limited to: the at least one processing unit 610, the at least one memory unit 620, and a bus 630 that connects the various system components, including the memory unit 620 and the processing unit 610.
Wherein the storage unit stores program code that is executable by the processing unit 610 such that the processing unit 610 performs steps according to various exemplary embodiments of the present invention described in the above-described "example methods" section of the present specification.
The storage unit 620 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 621 and/or cache memory 622, and may further include Read Only Memory (ROM) 623.
The storage unit 620 may also include a program/utility 624 having a set (at least one) of program modules 625, such program modules 625 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 630 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 800 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 600, and/or any device (e.g., router, modem, etc.) that enables the electronic device 600 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 650, such as with the display unit 640. Also, electronic device 600 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 660. As shown, network adapter 660 communicates with other modules of electronic device 600 over bus 630. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 600, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
According to a fourth aspect of the present disclosure, there is also provided a computer readable storage medium having stored thereon a program product capable of implementing the method described herein above. In some possible embodiments, the various aspects of the invention may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the invention as described in the "exemplary methods" section of this specification, when said program product is run on the terminal device.
Referring to fig. 7, a program product 700 for implementing the above-described method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
Furthermore, the above-described drawings are only schematic illustrations of processes included in the method according to the exemplary embodiment of the present invention, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
It is to be understood that the invention is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (10)

1. A method for verifying customer information, the method being performed by a rules engine for verifying customer information reported to a plurality of systems, the method comprising:
for each system in the plurality of systems, obtaining abnormal client information which passes the verification of the rule set in the rule engine, wherein the abnormal client information is the client information with corresponding abnormal behavior records in the system, and when the abnormal behavior is generated by a client, each system in the plurality of systems generates the abnormal behavior record corresponding to the client information of the client;
Performing model training according to the acquired abnormal client information to obtain a client information verification risk model;
For each system, acquiring the quantity proportion of the abnormal client information which passes the verification of the rule set in the rule engine in all the abnormal client information in the system;
according to the number duty ratio corresponding to each system, determining a candidate abnormal system in the systems;
Acquiring system related information corresponding to the systems respectively;
Generating system characteristic data corresponding to each system according to the system related information;
Determining an anomaly system from the plurality of systems based on the system feature data and the candidate anomaly system, the anomaly system comprising the candidate anomaly system;
when a new rule adding request carrying a new rule is received, generating a new rule set comprising the new rule and the rule set;
And verifying the new rule by using the client information verification risk model, and starting the new rule set for the abnormal system according to the new rule through verification so as to verify by using the new rule set when uploading client information to the abnormal system.
2. The method of claim 1, wherein determining a candidate anomaly system among the plurality of systems based on the number of corresponding to each system comprises:
Determining a number of systems for which the number duty cycle is greater than a predetermined number duty cycle threshold;
If the number is larger than the preset number, randomly selecting a preset number of systems from the systems with the number ratio larger than the preset number ratio threshold as candidate abnormal systems;
And if the number is smaller than or equal to the preset number, taking the system with the number ratio larger than the preset number ratio threshold as the candidate abnormal system.
3. The method of claim 1, wherein the determining an anomaly system from the plurality of systems based on the system characteristic data and the candidate anomaly system comprises:
Establishing a feature vector corresponding to each system feature data;
determining the similarity between the feature vector of the candidate abnormal system and each other feature vector;
determining a feature vector with the similarity being greater than a predetermined similarity threshold as a target feature vector;
And taking the system corresponding to the target feature vector in the systems as an abnormal system.
4. The method of claim 1, wherein the determining an anomaly system from the plurality of systems based on the system characteristic data and the candidate anomaly system comprises:
Establishing a feature vector corresponding to each system feature data;
Acquiring a plurality of feature vectors from the feature vectors as cluster centers, and establishing clusters corresponding to each cluster center;
Iteratively performing a cluster partitioning step until a cluster center is no longer changed, the cluster partitioning step comprising: for each feature vector, determining a cluster center closest to the feature vector, and adding the feature vector into a cluster corresponding to the cluster center; determining a new cluster center corresponding to each cluster according to the feature vector in each cluster;
and taking the cluster to which the feature vector corresponding to the system feature data of the candidate abnormal system belongs as an abnormal cluster, and determining the abnormal system in the systems according to the abnormal cluster.
5. The method of claim 4, wherein determining an anomaly system from the plurality of systems based on the anomaly cluster comprises:
acquiring the priority corresponding to each system by inquiring the corresponding relation table of the system and the priority;
And determining a system with the corresponding priority reaching the designated priority from the systems corresponding to the feature vectors in the abnormal cluster as an abnormal system.
6. The method of claim 4, wherein the plurality of exception clusters, wherein determining an exception system from the plurality of systems based on the exception clusters, comprises:
Acquiring cluster radius of each abnormal cluster, wherein the cluster radius is an average value of distances between feature vectors in the abnormal clusters and cluster centers of the abnormal clusters;
determining an average value of cluster radii of the abnormal clusters as an average cluster radius;
Carrying out fusion treatment on each abnormal cluster to obtain an integrated abnormal cluster;
Determining a cluster center of the integrated abnormal cluster according to the feature vector in the integrated abnormal cluster;
acquiring a feature vector, of which the distance from the cluster center of the integrated abnormal cluster to the cluster center of the integrated abnormal cluster is smaller than the average cluster radius, from the integrated abnormal cluster;
and taking the system corresponding to the obtained feature vector and the candidate abnormal system as an abnormal system.
7. The method according to claim 1, wherein the method further comprises:
determining a normal system from the systems according to the number duty ratio corresponding to each system;
after generating a new rule set comprising the new rule and the rule set upon receiving a new rule addition request carrying the new rule, the method further comprises:
The new rule set is enabled for the normal system of the plurality of systems to verify with the new rule set when uploading customer information to the normal system.
8. A client information verification apparatus, the apparatus being located in a rules engine for verifying client information reported to a plurality of systems, the apparatus comprising:
A first obtaining module configured to obtain, for each of the plurality of systems, abnormal client information that has passed verification of a rule set in the rule engine, the abnormal client information being client information in the system for which a corresponding abnormal behavior record exists, each of the plurality of systems generating an abnormal behavior record corresponding to the client information of the client when the client generates an abnormal behavior;
the training module is configured to perform model training according to the acquired abnormal client information to obtain a client information verification risk model;
A quantity-to-ratio acquisition module configured to acquire, for each system, a quantity-to-ratio of the abnormal client information that has passed the verification of the rule set in the rule engine to all abnormal client information in the system;
The first determining module is configured to determine candidate abnormal systems in the systems according to the number proportion corresponding to each system;
A second acquisition module configured to acquire system-related information corresponding to the plurality of systems, respectively;
the first generation module is configured to generate system characteristic data corresponding to each system according to the system related information;
A second determination module configured to determine an anomaly system among the plurality of systems based on the system characteristic data and the candidate anomaly system, the anomaly system including the candidate anomaly system;
A second generation module configured to generate a new rule set including the new rule and the rule set when a new rule addition request carrying the new rule is received;
And the starting module is configured to verify the new rule by using the client information verification risk model, and start the new rule set for the abnormal system according to the new rule through verification so as to verify by using the new rule set when uploading client information to the abnormal system.
9. A computer readable program medium, characterized in that it stores computer program instructions, which when executed by a computer, cause the computer to perform the method according to any one of claims 1 to 7.
10. An electronic device, the electronic device comprising:
A processor;
A memory having stored thereon computer readable instructions which, when executed by the processor, implement the method of any of claims 1 to 7.
CN202111169120.0A 2021-09-30 2021-09-30 Client information verification method, device, medium and electronic equipment Active CN113886780B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111169120.0A CN113886780B (en) 2021-09-30 2021-09-30 Client information verification method, device, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111169120.0A CN113886780B (en) 2021-09-30 2021-09-30 Client information verification method, device, medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN113886780A CN113886780A (en) 2022-01-04
CN113886780B true CN113886780B (en) 2024-06-25

Family

ID=79005509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111169120.0A Active CN113886780B (en) 2021-09-30 2021-09-30 Client information verification method, device, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113886780B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110363417A (en) * 2019-07-02 2019-10-22 北京淇瑀信息科技有限公司 Financial risks strategy-generating method, device and electronic equipment
CN111144697A (en) * 2019-11-29 2020-05-12 泰康保险集团股份有限公司 Data processing method, data processing device, storage medium and electronic equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111343162B (en) * 2020-02-14 2021-10-08 深圳壹账通智能科技有限公司 System secure login method, device, medium and electronic equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110363417A (en) * 2019-07-02 2019-10-22 北京淇瑀信息科技有限公司 Financial risks strategy-generating method, device and electronic equipment
CN111144697A (en) * 2019-11-29 2020-05-12 泰康保险集团股份有限公司 Data processing method, data processing device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN113886780A (en) 2022-01-04

Similar Documents

Publication Publication Date Title
US11416373B2 (en) Providing debug information on production containers using debug containers
CN110826071B (en) Software vulnerability risk prediction method, device, equipment and storage medium
US11314451B2 (en) Method and apparatus for storing data
CN112100079B (en) Test method and system based on simulation data calling and electronic equipment
CN110858172A (en) Automatic test code generation method and device
CN109672722B (en) Data deployment method and device, computer storage medium and electronic equipment
CN109271358A (en) Data summarization method, querying method, device, equipment and storage medium
CN112148582B (en) Policy testing method and device, computer readable medium and electronic equipment
CN110348471B (en) Abnormal object identification method, device, medium and electronic equipment
US20230040564A1 (en) Learning Causal Relationships
CN111324441A (en) Operating environment switching method and device, computer equipment and storage medium
CN113793139A (en) Payment abnormity processing method, processing device, storage medium and electronic equipment
CN110034979A (en) A kind of proxy resources monitoring method, device, electronic equipment and storage medium
CN111582649B (en) Risk assessment method and device based on user APP single-heat coding and electronic equipment
US20220179764A1 (en) Multi-source data correlation extraction for anomaly detection
CN112615909A (en) Method for storing data in cascade storage server cluster and related equipment
CN111913861A (en) Performance test method, device, equipment and medium of Internet of things system
CN113886780B (en) Client information verification method, device, medium and electronic equipment
CN114895879B (en) Management system design scheme determining method, device, equipment and storage medium
EP4365808A1 (en) Data verification method and apparatus
CN115022201B (en) Data processing function test method, device, equipment and storage medium
WO2023138923A1 (en) Failure prediction using informational logs and golden signals
US20180004629A1 (en) Run time smf/rmf statistical formula methodology for generating enhanced workload data points for customer profiling visualization
US10649869B2 (en) Burn process data retrieval and notification
CN115190008B (en) Fault processing method, fault processing device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant