CN113988885A - Method, device, equipment and storage medium for identifying behavior safety of client - Google Patents

Method, device, equipment and storage medium for identifying behavior safety of client Download PDF

Info

Publication number
CN113988885A
CN113988885A CN202111266340.5A CN202111266340A CN113988885A CN 113988885 A CN113988885 A CN 113988885A CN 202111266340 A CN202111266340 A CN 202111266340A CN 113988885 A CN113988885 A CN 113988885A
Authority
CN
China
Prior art keywords
client
security
fraud prevention
level
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111266340.5A
Other languages
Chinese (zh)
Other versions
CN113988885B (en
Inventor
徐祥瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202111266340.5A priority Critical patent/CN113988885B/en
Priority claimed from CN202111266340.5A external-priority patent/CN113988885B/en
Publication of CN113988885A publication Critical patent/CN113988885A/en
Application granted granted Critical
Publication of CN113988885B publication Critical patent/CN113988885B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • G06F18/232Non-hierarchical techniques
    • G06F18/2321Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
    • G06F18/23213Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/03Credit; Loans; Processing thereof

Abstract

The invention provides a method, a device, equipment and a storage medium for identifying the behavior safety of a client, wherein the method comprises the following steps: the method comprises the steps of carrying out preliminary judgment on the appointed behaviors of a client, obtaining corresponding first basic information and historical behaviors after a judgment result is a trigger identification request, and obtaining a corresponding safety evaluation model to evaluate the safety level. The invention has the beneficial effects that: the method and the device have the advantages that different safety assessment models are used for identifying different clients, accuracy of identification is improved, in addition, different assessment standards for different clients are realized, and accordingly, client experience is improved.

Description

Method, device, equipment and storage medium for identifying behavior safety of client
Technical Field
The present invention relates to the field of security information, and in particular, to a method, an apparatus, a device, and a storage medium for identifying behavior security of a client.
Background
At present, anti-fraud identification in the industry is mainly used for identifying cheaters, mainly detection is carried out in the links of credit card application, card swiping consumption, loan application and loan withdrawal, and fraud identification is mainly used for preventing fraud of customers on banks and does not consider the scene that the customers are cheated by other people. The existing fraud identification logics are all indiscriminate identification modes, classification judgment is not carried out according to basic information of a client, fraud is considered as long as triggering is carried out, the indiscriminate fraud identification modes can cause low identification accuracy, and the experience of the client is reduced.
Disclosure of Invention
The invention mainly aims to provide a method, a device, equipment and a storage medium for identifying the behavior safety of a client, and aims to solve the problem that the identification accuracy is not high due to an undifferentiated fraud identification mode.
The invention provides a method for identifying the behavior safety of a client, which comprises the following steps:
detecting whether a specified action of a client triggers an identification request;
if the identification request is triggered, acquiring the geographic position of the client, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval of the customer at the geographic location;
calculating a first safe score of the designated behavior according to a preset safe score algorithm and a second safe score corresponding to each historical behavior;
judging whether the first safe score is larger than the average value of all the second safe scores;
if so, obtaining the fraud prevention grade of the first basic information according to a preset corresponding table; the preset corresponding table stores corresponding relations between various basic information and fraud prevention levels in advance;
acquiring a security evaluation model corresponding to the fraud prevention level from a preset model library; wherein, each security evaluation model is formed by taking various behaviors of the corresponding fraud prevention level client as input and taking the corresponding security level as output training;
and inputting the specified behavior into the security assessment model for calculation to obtain the security level of the client.
Further, before the step of obtaining the security assessment model corresponding to the first basic information fraud prevention level from the preset model library, the method further includes:
acquiring a training set; the training set comprises a plurality of training data, and the training data comprises first basic information, first behaviors and corresponding safety levels of corresponding clients;
obtaining fraud prevention grades of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention grades;
and respectively inputting the training subsets into untrained initial models for training to obtain the security evaluation models corresponding to the fraud prevention levels.
Further, after the step of inputting the specified behavior into the preset security assessment model to obtain the security level of the customer, the method further includes:
judging whether the safety level is greater than a preset safety level or not;
if the security level is greater than the preset security level, f (x) is determined according to the formula t ═ fi) + b, calculating the transaction delay time corresponding to the security level; wherein t represents a transaction delay time, f (x)i) Representing the safety level as a function of the corresponding time, b representing the minimum value of the transaction delay time, xiIndicating the security level of the ith client;
setting a corresponding time label for the corresponding customer according to the transaction delay time;
the time point when the specified action occurs is obtained, and the time point for permitting the transaction is set for the customer based on the time label.
Further, after the step of obtaining a time point when the specified action occurs and setting a time point for the customer to permit the transaction based on the time tag, the method further comprises:
detecting whether a transaction suspension request is sent by the client or a third person bound with the client within the time specified by the time label;
and if the transaction suspension request exists, determining that the designated action of the customer is not effective.
Further, the step of detecting whether the specified action of the client triggers the identification request comprises:
obtaining each dimension index of the appointed behavior of the client;
detecting whether each dimension index exceeds a standard value defined by each dimension;
and judging whether the identification request is triggered or not according to the detection result.
Further, before the step of obtaining the fraud prevention level of the first basic information according to the preset mapping table, the method further includes:
acquiring second basic information of a plurality of users and a target user which is cheated in the plurality of users;
clustering the plurality of users according to the second basic information of each user to obtain a plurality of clustered user sets;
setting corresponding fraud prevention levels for the user sets according to the percentage of the target users in the user sets;
and establishing the preset corresponding table according to the clustering information corresponding to the user set and the corresponding fraud prevention level.
Further, before the step of obtaining the security assessment model corresponding to the fraud prevention level from the preset model library, the method further includes:
acquiring a training set corresponding to each fraud prevention grade; wherein the training set includes a plurality of corresponding behaviors;
inputting each training set into different initial models respectively for training;
according to the formula
Figure BDA0003327096360000031
Calculating a loss value of each initial model based on the corresponding training set; where n represents the number of actions in the kth training set, rqkRepresenting a predicted level of fraud protection for the q-th activity in the kth training set, RqkRepresents the kth training setActual level of fraud protection for the q-th action in (1), λ being a constant, xqkRepresenting the q-th behavior in the k-th training set;
and adjusting parameters of the initial model based on the loss value corresponding to the initial model, and obtaining a safety evaluation model corresponding to each fraud prevention level after adjustment.
The invention also provides a device for identifying the behavior safety of the client, which comprises:
the detection module is used for detecting whether the specified behavior of the client triggers the identification request or not;
the position acquisition module is used for acquiring the geographical position of the client if the identification request is triggered, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographical position; wherein the plurality of historical behaviors includes at least a transaction amount interval of the customer at the geographic location;
the calculation module is used for calculating a first safe score of the specified behavior according to a preset safe score algorithm and a second safe score corresponding to each historical behavior;
the judging module is used for judging whether the first safe score is larger than the average value of all the second safe scores;
the grade acquisition module is used for acquiring a fraud prevention grade of the first basic information according to a preset corresponding table if the first basic information is in the first basic information; the preset corresponding table stores corresponding relations between various basic information and fraud prevention levels in advance;
the model acquisition module is used for acquiring a security evaluation model corresponding to the fraud prevention level from a preset model library; wherein, each security evaluation model is formed by taking various behaviors of the corresponding fraud prevention level client as input and taking the corresponding security level as output training;
and the input module is used for inputting the specified behavior into the security assessment model for calculation to obtain the security level of the client.
Further, still include:
the training set acquisition module is used for acquiring a training set; the training set comprises a plurality of training data, and the training data comprises first basic information, first behaviors and corresponding safety levels of corresponding clients;
obtaining fraud prevention grades of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention grades;
and respectively inputting the training subsets into untrained initial models for training to obtain the security evaluation models corresponding to the fraud prevention levels.
The invention also provides a computer device comprising a memory storing a computer program and a processor implementing the steps of any of the above methods when the processor executes the computer program.
The invention also provides a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method of any of the above.
The invention has the beneficial effects that: the designated behaviors of the customers are preliminarily judged, after the judgment result is that the identification request is triggered, the corresponding first basic information and the corresponding historical behaviors are obtained, and the corresponding safety assessment models are obtained to assess the safety level, so that the different customers are identified by using different safety assessment models, the identification accuracy is improved, in addition, different assessment standards for different customers are realized, and the customer experience is improved.
Drawings
FIG. 1 is a flow chart illustrating a method for identifying behavioral security of a client according to an embodiment of the present invention;
FIG. 2 is a block diagram illustrating the structure of a client behavior-safe identification apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating a structure of a computer device according to an embodiment of the present application.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that all directional indicators (such as up, down, left, right, front, back, etc.) in the embodiments of the present invention are only used to explain the relative position relationship between the components, the motion situation, etc. in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indicator is changed accordingly, and the connection may be a direct connection or an indirect connection.
The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and B, may mean: a exists alone, A and B exist simultaneously, and B exists alone.
In addition, the descriptions related to "first", "second", etc. in the present invention are only for descriptive purposes and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
Referring to fig. 1, the present invention provides a method for identifying behavior security of a client, including:
s1: detecting whether a specified action of a client triggers an identification request;
s2: if the identification request is triggered, acquiring the geographic position of the client, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval of the customer at the geographic location;
s3: calculating a first safe score of the designated behavior according to a preset safe score algorithm and a second safe score corresponding to each historical behavior;
s4: judging whether the first safe score is larger than the average value of all the second safe scores;
s5: if so, obtaining the fraud prevention grade of the first basic information according to a preset corresponding table; the preset corresponding table stores corresponding relations between various basic information and fraud prevention levels in advance;
s6: acquiring a security evaluation model corresponding to the fraud prevention level from a preset model library; wherein, each security evaluation model is formed by taking various behaviors of the corresponding fraud prevention level client as input and taking the corresponding security level as output training;
s7: and inputting the specified behavior into a preset security evaluation model to obtain the security level of the client.
As described in the above step S1, it is detected whether the specified action of the client triggered the identification request. The triggered rule is a preset rule, for example, the specified action may be when the customer has a large cash withdrawal, a large remittance, a large credit card consumption, or when the customer has frequent transfers or transactions in a short time. Namely, the dimension values of the dimensions, and as long as the dimension value of one dimension is larger than a set standard value, the specified action of the client is considered to trigger the identification request.
As described in the above step S2, if the identification request is triggered, obtaining the geographic location of the customer, and obtaining the first basic information and the plurality of historical behaviors of the customer based on the geographic location; the plurality of historical behaviors at least comprise a transaction amount interval of the customer at the geographic position, the first basic information is customer information pre-stored in a database, and the first basic information comprises identity information, historical credit investigation, transaction habits, account balance and other information of the customer. The historical behavior refers to the previous transaction behavior of the client, and may be a transaction behavior in a period of time, for example, a last year or a last month, and since the first basic information of the client and the historical behavior of the client contain the transaction habits of the user, different fraud detections may be made on the user, thereby further improving the experience of the client. The transaction amount interval is an amount interval in which the transaction occurs at each geographic position before the designated behavior of the client occurs, so that whether the designated behavior of the client is safe or not can be judged based on the amount interval at each geographic position.
As described in step S3, the first safe score of the designated behavior and the second safe score corresponding to each historical behavior are calculated according to a preset safe score algorithm. Namely, whether the current designated behavior is similar to the previous historical behavior of the client or not is judged, namely whether the current designated behavior is a normal operation for the client is judged, and the judgment method is to calculate a first safety score of the designated behavior and further judge a second safety score corresponding to each historical behavior. The preset safe score algorithm may be to perform weighting and calculation on behaviors (that is, the designated behavior and the historical behaviors), that is, to multiply each dimension of a behavior by the weight of the corresponding dimension and sum up the products, so as to obtain a first safe score of the designated behavior and a second safe score corresponding to each historical behavior.
As described in step S4, it is determined whether the first safe score is greater than the average of all the second safe scores. The first safety score is compared with the average value of all the second safety scores to obtain the discreteness of the first safety score, the average value is subtracted from the first safety score to obtain a safety difference value, a threshold value is preset, when the safety difference value is larger than the threshold value, the current operation of the client is considered to be safe, so that the safety level of the client needs to be calculated for further judgment, when the safety difference value is smaller than or equal to the threshold value, the current operation of the client is considered to be unsafe, so that calculation is not needed, which means that the client frequently carries out transactions of this type, the transaction habit of the client is relatively low in possibility of fraud occurrence, and in order to improve the experience of the client, detection is not needed and the transaction is considered to be normal.
As described in step S5, if yes, the fraud prevention level of the first basic information is obtained according to a preset correspondence table, which is set in advance according to different types of clients, specifically, a weighted sum may be performed in advance according to each dimension of the basic information of the client to obtain a corresponding fraud prevention score, the correspondence table is a correspondence between the fraud prevention score and the fraud prevention level, the corresponding fraud prevention level is set in advance for each fraud prevention score, it needs to be noted that each dimension may include an identity dimension, a common terminal, and the like, for example, the identity dimension may include students, teachers, employees, agriculture, forestry, animal husbandry, soldiers, business owners, individual industrial merchants, officers, investors, and enterprise high governance, then different scores are defined for each common identity, and different scores are also defined for the transaction terminal, then, a fraud prevention level of the first basic information is obtained according to the weighted sum. The corresponding table may also be a table in which corresponding fraud prevention levels are defined according to the identity information, that is, one identity information corresponds to one fraud prevention level.
As described in step S6, obtaining a security evaluation model corresponding to the fraud prevention level from a preset model library; and each safety evaluation model is formed by taking various behaviors of the client with the corresponding fraud prevention grade as input and taking the corresponding safety grade as output training. And finding out a security evaluation model corresponding to the fraud prevention level to evaluate the client, thereby realizing classification and identification of the client and meeting the requirements of different types of clients. Wherein, the safety evaluation model is a neural network model.
As described in the above step S7, the specified behavior is input into the preset security assessment model, and the security level of the customer is obtained. After the security assessment model corresponding to the first basic information is obtained, the corresponding security level can be obtained by directly inputting the specified behavior, so that different customers can be identified by using different security assessment models, the accuracy of identification is improved, in addition, different assessment standards for different customers are realized, and the customer experience is improved.
In an embodiment, before the step S6 of obtaining the security assessment model corresponding to the first basic information fraud prevention level from the preset model library, the method further includes:
s501: acquiring a training set; the training set comprises a plurality of training data, and the training data comprises first basic information, first behaviors and corresponding safety levels of corresponding clients;
s502: obtaining fraud prevention grades of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention grades;
s503: and respectively inputting the training subsets into untrained initial models for training to obtain the security evaluation models corresponding to the fraud prevention levels.
In an embodiment, training of different fraud prevention levels of a security evaluation model is achieved, that is, a training set is obtained, then, according to the first basic information of each training data, based on the preset correspondence table, fraud prevention levels of each training data are obtained, training subsets corresponding to each fraud prevention level are obtained through clustering, and the clustering mode can be clustering through clustering modes such as K-Means (K-Means) clustering and mean shift clustering. Therefore, training subsets corresponding to all preset dimensions are obtained, then the initial models are respectively trained by all the training subsets, and accordingly the safety evaluation models corresponding to all fraud prevention levels are obtained. The training of different fraud prevention levels of the security assessment model is achieved, so that the final recognition effect is better, and the user experience is improved.
In one embodiment, after the step S7 of inputting the specified behavior into a preset security assessment model and obtaining the security level of the customer, the method further includes:
s801: judging whether the safety level is greater than a preset safety level or not;
s802: if the security level is greater than the preset security level, f (x) is determined according to the formula t ═ fi) + b, calculating the transaction delay time corresponding to the security level; wherein t represents a transaction delay time, f (x)i) Representing the safety level as a function of the corresponding time, b representing the minimum value of the transaction delay time, xiIndicating the security level of the ith client;
s803: setting a corresponding time label for the corresponding customer according to the transaction delay time;
s804: the time point when the specified action occurs is obtained, and the time point for permitting the transaction is set for the customer based on the time label.
As described in the foregoing steps S801 to S804, setting a transaction delay time for each client corresponding to the blacklist according to the security level is implemented, i.e. according to the formula t ═ f (x)i) + b is calculated, where f (x)i) In function xiShould be set to be greater than a certain value, that is, the security level value does not exceed the preset security level, then it is considered not to be a fraud condition, that is, the transaction delay time should not be set, and in addition, f (x) should be seti) The function may be a linear function, a quadratic function, or a complex function, and this is not limited in the present application, and it should be noted that f (x) isi) The function should be with xiThe value of (b) is increased by an increasing function, i.e., as the security level increases, the duration of the transaction delay time corresponding thereto is longer. The time point when the specified action occurs is obtained, and the time point for permitting the transaction is set for the customer based on the time label. In one embodiment, if the transaction delay time in the time tag is 6 hours, the time point when the designated action occurs is 2021, 8 months 27Day 22:00, the point in time at which the transaction is permitted is 2021, 8 months, 28 days 4: 00.
In one embodiment, after the step S804 of obtaining a time point when the specified action occurs and setting a time point for the customer to permit the transaction based on the time tag, the method further includes:
s8051: detecting whether a transaction suspension request is sent by the client or a third person bound with the client within the time specified by the time label;
s8052: and if the transaction suspension request exists, determining that the designated action of the customer is not effective.
As described above in steps S8051-S8052, re-authentication of the specified behavior is achieved. The method comprises the steps of sending a short message or other means to inform a client within the time specified by a time tag, and receiving information of the client within the time, wherein if a transaction suspension request sent by the client or a third person bound with the client exists, the specified action is considered to be cancelled. If the customer or a third person bound with the customer confirms the transaction request, the time in the time tag can be properly reduced, and the customer experience is improved.
In one embodiment, the step S1 of detecting whether the specified action of the client triggers the identification request includes:
s101: obtaining each dimension index of the appointed behavior of the client;
s102: detecting whether each dimension index exceeds a standard value defined by each dimension;
s103: and judging whether the identification request is triggered or not according to the detection result.
As described above in steps S101-S103, a determination is made whether an identification request has been triggered. The method comprises the steps of firstly obtaining each dimension index of an appointed behavior of a client, wherein the obtaining mode can be that the obtaining mode is carried out through a crawler technology, each dimension index comprises identity information of the client, a common transaction terminal, a transaction time period, the same account number transaction frequency, the geographic position of a transaction initiated by the client, the geographic position of a transaction counterpart, an amount interval of each geographic position, an amount interval of the transaction, an account type of the transaction counterpart and the like, and whether each dimension index exceeds a standard value limited by each dimension is detected. The standard value is a preset value, when at least one dimension index exceeds the corresponding standard value, the client is considered to have fraud safety, further judgment is needed, namely the identification request is considered to be triggered, and if no dimension index exceeds the corresponding standard value, the identification request is not triggered. Therefore, each behavior does not need to be identified, and the calculation amount of the system is reduced.
In an embodiment, before the step S5 of obtaining the fraud prevention level of the first basic information according to a preset mapping table, the method further includes:
s401: acquiring second basic information of a plurality of users and a target user which is cheated in the plurality of users;
s402: clustering the plurality of users according to the second basic information of each user to obtain a plurality of clustered user sets;
s403: setting corresponding fraud prevention levels for the user sets according to the percentage of the target users in the user sets;
s404: and establishing the preset corresponding table according to the clustering information corresponding to the user set and the corresponding fraud prevention level.
As described in the above steps S401 to S404, the establishment of the preset mapping table is realized. Namely, second basic information of a plurality of users and a target user which is cheated in the plurality of users are obtained. Since some groups can be easily deceived among the users, each user needs to be clustered, the clustering mode is to perform clustering according to the second basic information according to a preset clustering method, and the preset clustering method can be any one of K-Means (K-Means) clustering, mean shift clustering and the like. And setting corresponding fraud prevention levels for the user sets according to the percentage of the target users in the user sets, wherein the corresponding percentages can embody the fraud prevention capability of the user sets of different types, so that the corresponding fraud prevention levels can be set, and a corresponding preset corresponding table is set.
In an embodiment, before the step S6 of obtaining the security assessment model corresponding to the fraud prevention level from the preset model library, the method further includes:
s511: acquiring a training set corresponding to each fraud prevention grade; wherein the training set includes a plurality of corresponding behaviors;
s512: inputting each training set into different initial models respectively for training;
s513: according to the formula
Figure BDA0003327096360000121
Calculating a loss value of each initial model based on the corresponding training set; where n represents the number of actions in the kth training set, rqkRepresenting a predicted level of fraud protection for the q-th activity in the kth training set, RqkRepresenting the actual level of fraud protection for the q-th activity in the kth training set, λ being a constant, xqkRepresenting the q-th behavior in the k-th training set;
s514: and adjusting parameters of the initial model based on the loss value corresponding to the initial model, and obtaining a safety evaluation model corresponding to each fraud prevention level after adjustment.
As described in steps S511-S514 above, where λ is used as a penalty term for overfitting in the formula, the overfitting problem occurring in the training process can be solved, and thus an optimized loss value can be obtained. And training the confrontation network model through corresponding generation until the loss value reaches a preset value. Therefore, the training of the safety evaluation model corresponding to each fraud prevention grade is completed.
The invention has the beneficial effects that: the designated behaviors of the customers are preliminarily judged, after the judgment result is that the identification request is triggered, the corresponding first basic information and the corresponding historical behaviors are obtained, and the corresponding safety assessment models are obtained to assess the safety level, so that the different customers are identified by using different safety assessment models, the identification accuracy is improved, in addition, different assessment standards for different customers are realized, and the customer experience is improved.
Referring to fig. 2, the present invention provides a device for identifying behavior security of a client, including:
a detection module 10 for detecting whether a specified behavior of a client triggers an identification request;
a location obtaining module 20, configured to obtain a geographic location where the client is located if the identification request is triggered, and obtain first basic information and a plurality of historical behaviors of the client based on the geographic location; wherein the plurality of historical behaviors includes at least a transaction amount interval of the customer at the geographic location;
the calculation module 30 is configured to calculate a first safe score of the designated behavior according to a preset safe score algorithm, and a second safe score corresponding to each historical behavior;
a judging module 40, configured to judge whether the first safe score is greater than an average of all the second safe scores;
a level obtaining module 50, configured to, if yes, obtain a fraud prevention level of the first basic information according to a preset mapping table; the preset corresponding table stores corresponding relations between various basic information and fraud prevention levels in advance;
a model obtaining module 60, configured to obtain a security evaluation model corresponding to the fraud prevention level from a preset model library; wherein, each security evaluation model is formed by taking various behaviors of the corresponding fraud prevention level client as input and taking the corresponding security level as output training;
and the input module 70 is configured to input the specified behavior into the security assessment model for calculation, so as to obtain the security level of the client.
In one embodiment, the device for identifying the safety of the client further comprises:
the training set acquisition module is used for acquiring a training set; the training set comprises a plurality of training data, and the training data comprises first basic information, first behaviors and corresponding safety levels of corresponding clients;
obtaining fraud prevention grades of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention grades;
and respectively inputting the training subsets into untrained initial models for training to obtain the security evaluation models corresponding to the fraud prevention levels.
Referring to fig. 3, a computer device, which may be a server and whose internal structure may be as shown in fig. 3, is also provided in the embodiment of the present application. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer designed processor is used to provide computational and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The memory provides an environment for the operation of the operating system and the computer program in the non-volatile storage medium. The database of the computer device is used for storing various first basic information and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, may implement the method for identifying behavioral security of a client according to any of the above embodiments.
Those skilled in the art will appreciate that the architecture shown in fig. 3 is only a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects may be applied.
The embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the method for identifying the behavior security of a client according to any of the above embodiments may be implemented.
It will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by hardware associated with instructions of a computer program, which may be stored on a non-volatile computer-readable storage medium, and when executed, may include processes of the above embodiments of the methods. Any reference to memory, storage, database, or other medium provided herein and used in the examples may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double-rate SDRAM (SSRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and bus dynamic RAM (RDRAM).
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
The embodiment of the application can acquire and process related data based on an artificial intelligence technology. Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (10)

1. A method for identifying behavioral security of a customer, comprising:
detecting whether a specified action of a client triggers an identification request;
if the identification request is triggered, acquiring the geographic position of the client, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval of the customer at the geographic location;
calculating a first safe score of the designated behavior according to a preset safe score algorithm and a second safe score corresponding to each historical behavior;
judging whether the first safe score is larger than the average value of all the second safe scores;
if so, obtaining the fraud prevention grade of the first basic information according to a preset corresponding table; the preset corresponding table stores corresponding relations between various basic information and fraud prevention levels in advance;
acquiring a security evaluation model corresponding to the fraud prevention level from a preset model library; wherein, each security evaluation model is formed by taking various behaviors of the corresponding fraud prevention level client as input and taking the corresponding security level as output training;
and inputting the specified behavior into the security assessment model for calculation to obtain the security level of the client.
2. The method for identifying the behavioral security of a customer according to claim 1, wherein before the step of obtaining the security assessment model corresponding to the first basic information fraud prevention level from the preset model library, the method further comprises:
acquiring a training set; the training set comprises a plurality of training data, and the training data comprises first basic information, first behaviors and corresponding safety levels of corresponding clients;
obtaining fraud prevention grades of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention grades;
and respectively inputting the training subsets into untrained initial models for training to obtain the security evaluation models corresponding to the fraud prevention levels.
3. The method for identifying the behavioral security of a customer according to claim 1, wherein the step of inputting the specified behavior into the preset security assessment model to obtain the security level of the customer further comprises:
judging whether the safety level is greater than a preset safety level or not;
if the security level is greater than the preset security level, f (x) is determined according to the formula t ═ fi) + b, calculating the transaction delay time corresponding to the security level; wherein t represents a transaction delay time, f (x)i) Representing the safety level as a function of the corresponding time, b representing the minimum value of the transaction delay time, xiIndicating the security level of the ith client;
setting a corresponding time label for the corresponding customer according to the transaction delay time;
the time point when the specified action occurs is obtained, and the time point for permitting the transaction is set for the customer based on the time label.
4. The method for behavioral security identification of a customer according to claim 3, wherein the step of obtaining a point in time at which the specified behavior occurs and setting a point in time for the customer to permit the transaction based on the time stamp further comprises:
detecting whether a transaction suspension request is sent by the client or a third person bound with the client within the time specified by the time label;
and if the transaction suspension request exists, determining that the designated action of the customer is not effective.
5. A method for behavioral-safe recognition of a client according to claim 1, wherein the step of detecting whether a specific behavior of the client triggers a recognition request comprises:
obtaining each dimension index of the appointed behavior of the client;
detecting whether each dimension index exceeds a standard value defined by each dimension;
and judging whether the identification request is triggered or not according to the detection result.
6. The method for identifying the behavioral security of a customer according to claim 1, wherein before the step of obtaining the fraud prevention level of the first basic information according to a preset mapping table, the method further comprises:
acquiring second basic information of a plurality of users and a target user which is cheated in the plurality of users;
clustering the plurality of users according to the second basic information of each user to obtain a plurality of clustered user sets;
setting corresponding fraud prevention levels for the user sets according to the percentage of the target users in the user sets;
and establishing the preset corresponding table according to the clustering information corresponding to the user set and the corresponding fraud prevention level.
7. The method for identifying the behavioral security of a customer according to claim 1, wherein the step of obtaining the security assessment model corresponding to the fraud prevention level from the preset model library further comprises:
acquiring a training set corresponding to each fraud prevention grade; wherein the training set includes a plurality of corresponding behaviors;
inputting each training set into different initial models respectively for training;
according to the formula
Figure FDA0003327096350000031
Calculating a loss value of each initial model based on the corresponding training set; where n represents the number of actions in the kth training set, rqkRepresenting a predicted level of fraud protection for the q-th activity in the kth training set, RqkRepresenting the actual level of fraud protection for the q-th activity in the kth training set, λ being a constant, xqkRepresenting the q-th behavior in the k-th training set;
and adjusting parameters of the initial model based on the loss value corresponding to the initial model, and obtaining a safety evaluation model corresponding to each fraud prevention level after adjustment.
8. An apparatus for identifying a client's behavioral security, comprising:
the detection module is used for detecting whether the specified behavior of the client triggers the identification request or not;
the position acquisition module is used for acquiring the geographical position of the client if the identification request is triggered, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographical position; wherein the plurality of historical behaviors includes at least a transaction amount interval of the customer at the geographic location;
the calculation module is used for calculating a first safe score of the specified behavior according to a preset safe score algorithm and a second safe score corresponding to each historical behavior;
the judging module is used for judging whether the first safe score is larger than the average value of all the second safe scores;
the grade acquisition module is used for acquiring a fraud prevention grade of the first basic information according to a preset corresponding table if the first basic information is in the first basic information; the preset corresponding table stores corresponding relations between various basic information and fraud prevention levels in advance;
the model acquisition module is used for acquiring a security evaluation model corresponding to the fraud prevention level from a preset model library; wherein, each security evaluation model is formed by taking various behaviors of the corresponding fraud prevention level client as input and taking the corresponding security level as output training;
and the input module is used for inputting the specified behavior into the security assessment model for calculation to obtain the security level of the client.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202111266340.5A 2021-10-28 Identification method, device, equipment and storage medium for customer behavior security Active CN113988885B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111266340.5A CN113988885B (en) 2021-10-28 Identification method, device, equipment and storage medium for customer behavior security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111266340.5A CN113988885B (en) 2021-10-28 Identification method, device, equipment and storage medium for customer behavior security

Publications (2)

Publication Number Publication Date
CN113988885A true CN113988885A (en) 2022-01-28
CN113988885B CN113988885B (en) 2024-05-17

Family

ID=

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180039975A1 (en) * 2005-04-26 2018-02-08 Guy Hefetz Method of reducing fraud in on-line transactions
WO2020082579A1 (en) * 2018-10-25 2020-04-30 深圳壹账通智能科技有限公司 Risk review and approval method, device, storage medium, and server
US10778681B1 (en) * 2019-04-12 2020-09-15 Capital One Services, Llc Using common identifiers related to location to link fraud across mobile devices
CN111950889A (en) * 2020-08-10 2020-11-17 中国平安人寿保险股份有限公司 Client risk assessment method and device, readable storage medium and terminal equipment
US20210081948A1 (en) * 2019-09-12 2021-03-18 Visa International Service Association Systems and methods for improved fraud detection
CN112668859A (en) * 2020-12-23 2021-04-16 平安普惠企业管理有限公司 Big data based customer risk rating method, device, equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180039975A1 (en) * 2005-04-26 2018-02-08 Guy Hefetz Method of reducing fraud in on-line transactions
WO2020082579A1 (en) * 2018-10-25 2020-04-30 深圳壹账通智能科技有限公司 Risk review and approval method, device, storage medium, and server
US10778681B1 (en) * 2019-04-12 2020-09-15 Capital One Services, Llc Using common identifiers related to location to link fraud across mobile devices
US20210081948A1 (en) * 2019-09-12 2021-03-18 Visa International Service Association Systems and methods for improved fraud detection
CN111950889A (en) * 2020-08-10 2020-11-17 中国平安人寿保险股份有限公司 Client risk assessment method and device, readable storage medium and terminal equipment
CN112668859A (en) * 2020-12-23 2021-04-16 平安普惠企业管理有限公司 Big data based customer risk rating method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
Jiang et al. Cryptocurrency portfolio management with deep reinforcement learning
Wilcox ‘Stochastically more risk averse:’A contextual theory of stochastic discrete choice under risk
Swicegood et al. Off‐site monitoring systems for predicting bank underperformance: a comparison of neural networks, discriminant analysis, and professional human judgment
Dhamija et al. Financial time series forecasting: comparison of neural networks and ARCH models
Wiese et al. Credit card transactions, fraud detection, and machine learning: Modelling time with LSTM recurrent neural networks
CN108932582B (en) Risk information determination method and device, computer equipment and storage medium
CN112927061B (en) User operation detection method and program product
CN109785117A (en) Air control method, computer readable storage medium and server neural network based
CN110705428B (en) Facial age recognition system and method based on impulse neural network
Caporin et al. Chasing volatility: A persistent multiplicative error model with jumps
Keith The interpretation, assessment and conservation of ecological communities
Leangarun et al. Stock price manipulation detection using a computational neural network model
CN111738441A (en) Prediction model training method and device considering prediction precision and privacy protection
CN113988885A (en) Method, device, equipment and storage medium for identifying behavior safety of client
CN113988885B (en) Identification method, device, equipment and storage medium for customer behavior security
CN115730125A (en) Object identification method and device, computer equipment and storage medium
CN109784655A (en) Interviewer's appraisal procedure, device and computer equipment based on data processing
CN113569611A (en) Image processing method, image processing device, computer equipment and storage medium
CN111340365A (en) Enterprise data processing method and device, computer equipment and storage medium
CN115345727B (en) Method and device for identifying fraudulent loan application
CN113256422B (en) Method and device for identifying bin account, computer equipment and storage medium
CN115809917A (en) Risk rating method and device, electronic equipment and storage medium
Azar et al. A system for forecasting strategic crises: findings and speculations about conflict in the Middle East
CN116071142A (en) Loan qualification evaluation method and device based on artificial intelligence and storage medium
Constantin et al. A new model for estimating the risk of bankruptcy of the insurance companies based on the artificial neural networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant