CN113988885B - Identification method, device, equipment and storage medium for customer behavior security - Google Patents
Identification method, device, equipment and storage medium for customer behavior security Download PDFInfo
- Publication number
- CN113988885B CN113988885B CN202111266340.5A CN202111266340A CN113988885B CN 113988885 B CN113988885 B CN 113988885B CN 202111266340 A CN202111266340 A CN 202111266340A CN 113988885 B CN113988885 B CN 113988885B
- Authority
- CN
- China
- Prior art keywords
- security
- client
- behavior
- fraud prevention
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000006399 behavior Effects 0.000 claims description 121
- 238000012549 training Methods 0.000 claims description 85
- 230000002265 prevention Effects 0.000 claims description 80
- 230000001960 triggered effect Effects 0.000 claims description 15
- 238000013210 evaluation model Methods 0.000 claims description 13
- 230000009471 action Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 11
- 238000004422 calculation algorithm Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 7
- 239000000725 suspension Substances 0.000 claims description 3
- 230000003542 behavioural effect Effects 0.000 claims 4
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 7
- 238000013473 artificial intelligence Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000011156 evaluation Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000003064 k means clustering Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 150000001875 compounds Chemical group 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
- G06Q30/0185—Product, service or business identity fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/232—Non-hierarchical techniques
- G06F18/2321—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
- G06F18/23213—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/03—Credit; Loans; Processing thereof
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- General Engineering & Computer Science (AREA)
- Finance (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Probability & Statistics with Applications (AREA)
- Entrepreneurship & Innovation (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method, a device, equipment and a storage medium for identifying behavior security of a client, wherein the method comprises the following steps: through preliminary judgment on the appointed behavior of the client, after the judgment result is the trigger identification request, the corresponding first basic information and historical behavior are obtained, and the corresponding security assessment model is obtained to carry out security level assessment. The invention has the beneficial effects that: the method and the device realize the identification of different clients by using different security assessment models, improve the accuracy of the identification, and realize different assessment standards for different clients so as to improve the experience of the clients.
Description
Technical Field
The present invention relates to the field of security information, and in particular, to a method, an apparatus, a device, and a storage medium for identifying security of a client's behavior.
Background
At present, the anti-fraud identification in the industry is mainly used for identifying the implementation fraudsters, mainly in the links of credit card application, card swiping consumption, loan application and loan withdrawal, and mainly used for preventing the client from fraudulence to the bank, and does not consider the situation that the client is fraudulently used by other people. In addition, the existing fraud recognition logic is in some indiscriminate recognition modes, classification judgment is not carried out according to basic information of clients, but fraud is considered as long as triggering is carried out, and the indiscriminate fraud recognition modes can cause low recognition accuracy and reduce experience of clients.
Disclosure of Invention
The invention mainly aims to provide a recognition method, a device, equipment and a storage medium for customer behavior safety, aiming at solving the problem that an indiscriminate fraud recognition mode can cause low recognition accuracy.
The invention provides a method for identifying the behavior security of a client, which comprises the following steps:
detecting whether a specified behavior of a client triggers an identification request;
If the identification request is triggered, acquiring the geographic position of the client, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
Calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
judging whether the first safe score is larger than the average value of all the second safe scores;
If yes, obtaining the fraud prevention level of the first basic information according to a preset corresponding table; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
Acquiring a security assessment model corresponding to the fraud prevention level from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
and inputting the appointed behavior into the security assessment model for calculation to obtain the security level of the client.
Further, before the step of obtaining the security assessment model corresponding to the first basic information fraud prevention level from the preset model library, the method further includes:
Acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
Obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
And respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
Further, after the step of inputting the specified behavior into the preset security assessment model to obtain the security level of the client, the method further includes:
Judging whether the security level is greater than a preset security level;
if the security level is greater than the preset security level, calculating transaction delay time corresponding to the security level according to a formula t=f (x i) +b; wherein t represents transaction delay time, f (x i) represents a functional relation between the security level and the corresponding time, b represents a minimum value of the transaction delay time, and x i represents the security level of the ith client;
setting a corresponding time tag for the corresponding client according to the transaction delay time;
And acquiring the time point when the appointed action occurs, and setting the time point for permitting the transaction for the client based on the time tag.
Further, after the step of obtaining the time point when the specified action occurs and setting the time point when the transaction is permitted for the client based on the time tag, the method further includes:
detecting whether the time tag has a pause transaction request sent by the client or a third person bound with the client within the time specified by the time tag;
If the suspension transaction request exists, determining that the appointed action of the client is not effective.
Further, the step of detecting whether the specified behavior of the client triggers the identification request includes:
acquiring each dimension index of the appointed behavior of the client;
detecting whether each dimension index exceeds a standard value defined by each dimension;
And judging whether the identification request is triggered according to the detection result.
Further, before the step of obtaining the fraud prevention level of the first basic information according to the preset mapping table, the method further includes:
Acquiring second basic information of a plurality of users and a target user which is fraudulent among the plurality of users;
clustering the plurality of users according to the second basic information of each user to obtain a plurality of clustered user sets;
setting corresponding fraud prevention grades for each user set according to the percentages of the target users in the user sets;
and establishing the preset corresponding table according to the clustering information corresponding to the user set and the corresponding fraud prevention level.
Further, before the step of obtaining the security assessment model corresponding to the fraud prevention level from the preset model library, the method further includes:
acquiring training sets corresponding to each fraud prevention level; wherein the training set comprises a plurality of corresponding behaviors;
respectively inputting each training set into different initial models for training;
According to the formula Calculating a loss value of each initial model based on the corresponding training set; where n represents the number of behaviors in the kth training set, R qk represents the predicted fraud prevention level for the qth behavior in the kth training set, R qk represents the actual fraud prevention level for the qth behavior in the kth training set, λ is a constant, x qk represents the qth behavior in the kth training set;
and adjusting parameters of the initial model based on the loss value corresponding to the initial model, and obtaining a security evaluation model corresponding to each fraud prevention level after adjustment.
The invention also provides a device for identifying the behavior safety of the client, which comprises the following steps:
The detection module is used for detecting whether the appointed behavior of the client triggers an identification request or not;
The position acquisition module is used for acquiring the geographic position of the client if the identification request is triggered, and acquiring the first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
The calculation module is used for calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
the judging module is used for judging whether the first safe score is larger than the average value of all the second safe scores;
The grade acquisition module is used for acquiring the fraud prevention grade of the first basic information according to a preset corresponding table if yes; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
the model acquisition module is used for acquiring a security assessment model corresponding to the fraud prevention grade from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
And the input module is used for inputting the appointed behavior into the security assessment model for calculation to obtain the security level of the client.
Further, the method further comprises the following steps:
The training set acquisition module is used for acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
Obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
And respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
The invention also provides a computer device comprising a memory storing a computer program and a processor implementing the steps of any of the methods described above when the processor executes the computer program.
The invention also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method of any of the preceding claims.
The invention has the beneficial effects that: through preliminary judgment on the appointed behavior of the client, after the judgment result is the trigger identification request, the corresponding first basic information and the corresponding historical behavior are obtained, and the corresponding safety evaluation model is obtained to evaluate the safety level, so that different clients are identified by using different safety evaluation models, the accuracy degree of identification is improved, and in addition, different evaluation standards for different clients are realized, and the experience of the client is improved.
Drawings
FIG. 1 is a flow chart of a method for identifying customer behavior security according to an embodiment of the invention;
FIG. 2 is a schematic block diagram of a customer behavior security identification device according to an embodiment of the present invention;
Fig. 3 is a schematic block diagram of a computer device according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that, in the embodiments of the present invention, all directional indicators (such as up, down, left, right, front, and back) are merely used to explain the relative positional relationship, movement conditions, and the like between the components in a specific posture (as shown in the drawings), if the specific posture is changed, the directional indicators correspondingly change, and the connection may be a direct connection or an indirect connection.
The term "and/or" is herein merely an association relation describing an associated object, meaning that there may be three relations, e.g., a and B, may represent: a exists alone, A and B exist together, and B exists alone.
Furthermore, descriptions such as those referred to as "first," "second," and the like, are provided for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implying an order of magnitude of the indicated technical features in the present disclosure. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present invention.
Referring to fig. 1, the invention proposes a method for identifying the behavior security of a client, comprising:
s1: detecting whether a specified behavior of a client triggers an identification request;
S2: if the identification request is triggered, acquiring the geographic position of the client, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
S3: calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
S4: judging whether the first safe score is larger than the average value of all the second safe scores;
S5: if yes, obtaining the fraud prevention level of the first basic information according to a preset corresponding table; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
S6: acquiring a security assessment model corresponding to the fraud prevention level from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
s7: and inputting the appointed behavior into the preset security assessment model to obtain the security level of the client.
As described above in step S1, it is detected whether the identification request is triggered by a specified behavior of the client. The rule triggered is a preset rule, for example, the designated action may be when a customer generates a large amount of money for transfer, a large amount of credit card for consumption, or when a customer generates frequent transfers or transactions in a short time. That is, the dimension values of the respective dimensions, and if only one dimension value is larger than the set standard value, the specified behavior of the client is considered to trigger the identification request.
If the identification request is triggered, the geographic location of the client is obtained, and the first basic information and a plurality of historical behaviors of the client are obtained based on the geographic location as described in the step S2; the plurality of historical behaviors at least comprise transaction amount intervals of the clients in the geographic positions, the first basic information is client information in a pre-existing database, and the first basic information comprises information such as identity information, historical credit, transaction habits, account balance and the like of the clients. The historical behavior refers to the transaction behavior before the client, and can be the transaction behavior in a period of time, for example, the transaction behavior in the last year or the last month, and because the first basic information of the client and the historical behavior of the client contain the transaction habit of the user, different fraud identification can be performed on the user, so that the experience of the client is further improved. The transaction amount interval is an amount interval in which the transaction occurs in each geographic position before the client occurs in the appointed behavior, so that whether the appointed behavior of the client is safe or not can be judged based on the amount interval in each geographic position.
As described in step S3, the first safe score of the specified behavior and the second safe score corresponding to each historical behavior are calculated according to a preset safe score algorithm. That is, whether the current specified behavior is similar to the previous historical behavior of the client, that is, whether the specified behavior is a normal operation for the client is judged by calculating a first security score of the specified behavior and a second security score corresponding to each of the historical behaviors. The preset safe score algorithm may be to perform weighted sum calculation on behaviors (i.e., specified behaviors and historical behaviors), that is, each dimension of the behaviors is multiplied by a weight of a corresponding dimension and summed, so as to obtain a first safe score of the specified behaviors and a second safe score corresponding to each historical behavior.
As described in the above step S4, it is determined whether the first safe score is greater than the average of all the second safe scores. The first security score is compared with the average value of all the second security scores, so that the discreteness of the first security score can be obtained, the average value is subtracted from the first security score to obtain a security difference, a threshold value is preset, when the security difference is larger than the threshold value, the current operation of the client is considered to be safe, therefore, the security level of the client needs to be calculated for further judgment, when the security difference is smaller than or equal to the threshold value, the current operation of the client is considered to be unsafe, therefore, calculation is not needed, the client is not required to conduct calculation, the trade is conducted frequently, the possibility of fraud is small for the trade habit of the client, and in order to improve the experience of the client, the client can be considered to be regarded as normal trade without detection.
If yes, the preset corresponding table of the fraud prevention level of the first basic information is preset according to different types of clients, specifically, a weighted sum may be performed in advance according to each dimension of the basic information of the clients to obtain corresponding fraud prevention scores, the corresponding table is a corresponding relationship between the fraud prevention scores and the fraud prevention levels, the corresponding fraud prevention levels are preset for each fraud prevention score, and it should be noted that each dimension may include identity dimensions, common terminals, etc., for example, the identity dimensions may include students, teachers, employees, agriculture, forestry, fishermen, enterprise owners, individual industrial merchants, public officers, investors, enterprise high-level, then different scores are defined for each identity, and the common transaction terminal also defines different scores, and then obtains the fraud prevention level of the first basic information according to the weighted sum. The corresponding table may also define a corresponding fraud prevention level according to the identity information, that is, one identity information corresponds to one fraud prevention level, which is not limited in the present application, and the corresponding fraud prevention level may be obtained according to the first basic information.
As described in the step S6, a security evaluation model corresponding to the fraud prevention level is obtained from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output. And a security evaluation model corresponding to the fraud prevention level is found out to evaluate the client, so that the classification and identification of the client are realized, and the requirements of clients of different categories are met. The safety evaluation model is a neural network model.
And as described in the step S7, the specified behavior is input into the preset security assessment model to obtain the security level of the client. After the security evaluation model corresponding to the first basic information is obtained, the designated behavior is directly input, and the corresponding security level can be obtained, so that different clients can be identified by using different security evaluation models, the accuracy of identification is improved, and in addition, different evaluation standards for different clients are realized, and the experience of the clients is improved.
In one embodiment, before the step S6 of obtaining the security assessment model corresponding to the first basic information fraud prevention level from the preset model library, the method further includes:
S501: acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
S502: obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
s503: and respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
In one embodiment, training of different fraud prevention levels of the security assessment model is achieved, namely a training set is obtained, then the fraud prevention levels of the training data are obtained based on the preset corresponding table according to the first basic information of the training data, and training subsets corresponding to the fraud prevention levels are obtained through clustering, wherein the clustering mode can be clustering through K-Means clustering, mean shift clustering and other clustering modes. And then training the initial model by the training subsets respectively, thereby obtaining the security assessment model corresponding to each fraud prevention level. Training of different fraud prevention grades of the security assessment model is achieved, so that the final identification effect is better, and user experience is improved.
In one embodiment, after the step S7 of inputting the specified behavior into a preset security assessment model to obtain the security level of the client, the method further includes:
s801: judging whether the security level is greater than a preset security level;
S802: if the security level is greater than the preset security level, calculating transaction delay time corresponding to the security level according to a formula t=f (x i) +b; wherein t represents transaction delay time, f (x i) represents a functional relation between the security level and the corresponding time, b represents a minimum value of the transaction delay time, and x i represents the security level of the ith client;
S803: setting a corresponding time tag for the corresponding client according to the transaction delay time;
S804: and acquiring the time point when the appointed action occurs, and setting the time point for permitting the transaction for the client based on the time tag.
As described in the above steps S801 to S804, it is realized that a transaction delay time is set for each client corresponding to the blacklist according to the security level, that is, the calculation is performed according to the formula t=f (x i) +b, where the value range of x i in the f (x i) function should be set to be greater than a certain value, that is, the security level value does not exceed the preset security level, and it is considered that the transaction delay time is not a fraud condition, that is, the transaction delay time should not be set, and in addition, the f (x i) function may be a primary function, a secondary function, or a compound function, which is not limited by the present application, and it should be explained that the f (x i) function should be an increasing function increasing with the value of x i, that is, with the increase of the security level, the duration of the corresponding transaction delay time is also longer. And acquiring the time point when the appointed action occurs, and setting the time point for permitting the transaction for the client based on the time tag. In one particular embodiment, if the corresponding transaction delay time in the time stamp is 6 hours, the time at which the specified action occurs is 2021, 8, 27, 22:00, and 2021, 8, 28, 4:00.
In one embodiment, after step S804, where the time point at which the specified action occurs is obtained, and a time point at which the transaction is permitted is set for the client based on the time stamp, the method further includes:
S8051: detecting whether the time tag has a pause transaction request sent by the client or a third person bound with the client within the time specified by the time tag;
s8052: if the suspension transaction request exists, determining that the appointed action of the client is not effective.
As described in the above steps S8051 to S8052, reauthentication of the specified behavior is achieved. That is, a short message or other means is sent to the customer within the time specified by the time stamp, and the customer's information is received within this time, wherein if there is a request to suspend the transaction from the customer or a third person who binds to the customer, the specified action is deemed to be cancelled. If the transaction request is confirmed by the client or a third person bound with the client, the time in the time tag can be properly reduced, and the client experience is improved.
In one embodiment, the step S1 of detecting whether the specified behavior of the client triggers the identification request includes:
S101: acquiring each dimension index of the appointed behavior of the client;
S102: detecting whether each dimension index exceeds a standard value defined by each dimension;
s103: and judging whether the identification request is triggered according to the detection result.
As described in the above steps S101 to S103, the determination as to whether the identification request is triggered is implemented. The method comprises the steps of firstly obtaining each dimension index of a specified behavior of a client, wherein the obtaining mode can be obtained through a crawler technology, each dimension index comprises identity information of the client, a common transaction terminal, a transaction time period, the same account transaction frequency, the geographic position of a client initiating transaction, the geographic position of a transaction counterpart, each geographic position and sum interval, the transaction and sum interval, the account type of the transaction counterpart and the like, and whether each dimension index exceeds a standard value defined by each dimension is detected. The standard value is a preset value, and when at least one dimension index exceeds the corresponding standard value, the client is considered to have fraudulent safety, so that further judgment is needed, namely the recognition request is considered to be triggered, and if no dimension index exceeds the corresponding standard value, the recognition request is not triggered. Therefore, each behavior is not required to be identified, and the operation amount of the system is reduced.
In one embodiment, before step S5 of obtaining the fraud prevention level of the first basic information according to a preset mapping table, the method further includes:
S401: acquiring second basic information of a plurality of users and a target user which is fraudulent among the plurality of users;
S402: clustering the plurality of users according to the second basic information of each user to obtain a plurality of clustered user sets;
s403: setting corresponding fraud prevention grades for each user set according to the percentages of the target users in the user sets;
s404: and establishing the preset corresponding table according to the clustering information corresponding to the user set and the corresponding fraud prevention level.
As described in the above steps S401 to S404, the establishment of the preset correspondence table is achieved. I.e. obtaining second basic information of a plurality of users and a target user of said plurality of users that is rogue. Because some groups are easy to cheat, each user needs to be clustered according to a preset clustering method according to the second basic information, and the preset clustering method can be any one of K-Means clustering, mean shift clustering and the like. Corresponding fraud prevention grades are set for each user set according to the percentages of the target users in the user sets, and the corresponding fraud prevention grades can be set according to the corresponding percentages of the target users in the user sets, so that corresponding preset corresponding tables are set.
In one embodiment, before the step S6 of obtaining the security assessment model corresponding to the fraud prevention level from the preset model library, the method further includes:
s511: acquiring training sets corresponding to each fraud prevention level; wherein the training set comprises a plurality of corresponding behaviors;
S512: respectively inputting each training set into different initial models for training;
S513: according to the formula Calculating a loss value of each initial model based on the corresponding training set; where n represents the number of behaviors in the kth training set, R qk represents the predicted fraud prevention level for the qth behavior in the kth training set, R qk represents the actual fraud prevention level for the qth behavior in the kth training set, λ is a constant, x qk represents the qth behavior in the kth training set;
s514: and adjusting parameters of the initial model based on the loss value corresponding to the initial model, and obtaining a security evaluation model corresponding to each fraud prevention level after adjustment.
As described in the above steps S511-S514, where λ is used as the penalty term of the overfitting, the overfitting problem in the training process can be solved, so that an optimized loss value can be obtained. Training is carried out through corresponding generation of the countermeasure network model until the loss value reaches a preset value. Thus, training of the security assessment model corresponding to each fraud prevention level is completed.
The invention has the beneficial effects that: through preliminary judgment on the appointed behavior of the client, after the judgment result is the trigger identification request, the corresponding first basic information and the corresponding historical behavior are obtained, and the corresponding safety evaluation model is obtained to evaluate the safety level, so that different clients are identified by using different safety evaluation models, the accuracy degree of identification is improved, and in addition, different evaluation standards for different clients are realized, and the experience of the client is improved.
Referring to fig. 2, the present invention provides an identification device for customer behavior security, comprising:
a detection module 10, configured to detect whether a specified behavior of a client triggers an identification request;
The location obtaining module 20 is configured to obtain a geographic location where the client is located if the identification request is triggered, and obtain first basic information and a plurality of historical behaviors of the client based on the geographic location; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
The calculating module 30 is configured to calculate a first safe score of the specified behavior and a second safe score corresponding to each historical behavior according to a preset safe score algorithm;
a determining module 40, configured to determine whether the first safe score is greater than an average of all the second safe scores;
The level obtaining module 50 is configured to obtain a fraud prevention level of the first basic information according to a preset mapping table if yes; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
the model obtaining module 60 is configured to obtain a security evaluation model corresponding to the fraud prevention level from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
and the input module 70 is used for inputting the specified behavior into the security assessment model for calculation to obtain the security level of the client.
In one embodiment, the identification device of the behavior security of the client further comprises:
The training set acquisition module is used for acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
Obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
And respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
Referring to fig. 3, in an embodiment of the present application, there is further provided a computer device, which may be a server, and an internal structure thereof may be as shown in fig. 3. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing various first basic information and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, may implement the method for identifying the security of the behavior of the client according to any one of the embodiments described above.
It will be appreciated by those skilled in the art that the architecture shown in fig. 3 is merely a block diagram of a portion of the architecture in connection with the present inventive arrangements and is not intended to limit the computer devices to which the present inventive arrangements are applicable.
The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, can implement the method for identifying the behavior security of the client according to any of the above embodiments.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by hardware associated with a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium provided by the present application and used in embodiments may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual speed data rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that comprises the element.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Wherein artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) is the theory, method, technique, and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend, and expand human intelligence, sense the environment, acquire knowledge, and use knowledge to obtain optimal results.
Artificial intelligence infrastructure technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and other directions.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (9)
1. A method for identifying security of a customer's behavior, comprising:
detecting whether a specified behavior of a client triggers an identification request;
If the identification request is triggered, acquiring the geographic position of the client, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
Calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
judging whether the first safe score is larger than the average value of all the second safe scores;
If yes, obtaining the fraud prevention level of the first basic information according to a preset corresponding table; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
Acquiring a security assessment model corresponding to the fraud prevention level from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
inputting the appointed behavior into the security assessment model for calculation to obtain the security level of the client;
before the step of obtaining the security assessment model corresponding to the fraud prevention level from a preset model library, the method further comprises the following steps:
acquiring training sets corresponding to each fraud prevention level; wherein the training set comprises a plurality of corresponding behaviors;
respectively inputting each training set into different initial models for training;
According to the formula Calculating a loss value of each initial model based on the corresponding training set; where n represents the number of behaviors in the kth training set, R qk represents the predicted fraud prevention level for the qth behavior in the kth training set, R qk represents the actual fraud prevention level for the qth behavior in the kth training set, λ is a constant, x qk represents the qth behavior in the kth training set;
and adjusting parameters of the initial model based on the loss value corresponding to the initial model, and obtaining a security evaluation model corresponding to each fraud prevention level after adjustment.
2. The method for identifying behavioral safety of a client according to claim 1, further comprising, prior to the step of obtaining a security assessment model corresponding to the first basic information fraud prevention level from a preset model library:
Acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
Obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
And respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
3. The method for identifying the security of the behavior of a client according to claim 1, wherein after the step of inputting the specified behavior into the security assessment model set in advance to obtain the security level of the client, further comprising:
Judging whether the security level is greater than a preset security level;
if the security level is greater than the preset security level, calculating transaction delay time corresponding to the security level according to a formula t=f (x i) +b; wherein t represents transaction delay time, f (x i) represents a functional relation between the security level and the corresponding time, b represents a minimum value of the transaction delay time, and x i represents the security level of the ith client;
Setting corresponding time labels for corresponding clients according to the transaction delay time;
And acquiring the time point when the appointed action occurs, and setting the time point for permitting the transaction for the client based on the time tag.
4. The method for identifying behavioral safety of a customer according to claim 3, wherein after the step of obtaining a point in time at which the specified behavior occurs and setting a point in time at which a transaction is permitted for the customer based on the time stamp, further comprising:
detecting whether the time tag has a pause transaction request sent by the client or a third person bound with the client within the time specified by the time tag;
If the suspension transaction request exists, determining that the appointed action of the client is not effective.
5. The method for identifying security of a client's behavior according to claim 1, wherein the step of detecting whether the client's specified behavior triggers an identification request comprises:
acquiring each dimension index of the appointed behavior of the client;
detecting whether each dimension index exceeds a standard value defined by each dimension;
And judging whether the identification request is triggered according to the detection result.
6. The method for identifying behavioral safety of a client according to claim 1, wherein before the step of obtaining the fraud prevention level of the first basic information according to a preset correspondence table, the method further comprises:
Acquiring second basic information of a plurality of users and a target user which is fraudulent among the plurality of users;
clustering the plurality of users according to the second basic information of each user to obtain a plurality of clustered user sets;
setting corresponding fraud prevention grades for each user set according to the percentages of the target users in the user sets;
and establishing the preset corresponding table according to the clustering information corresponding to the user set and the corresponding fraud prevention level.
7. A customer behavioural secure identification device for performing the method of any one of claims 1 to 6, comprising:
The detection module is used for detecting whether the appointed behavior of the client triggers an identification request or not;
The position acquisition module is used for acquiring the geographic position of the client if the identification request is triggered, and acquiring the first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
The calculation module is used for calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
the judging module is used for judging whether the first safe score is larger than the average value of all the second safe scores;
The grade acquisition module is used for acquiring the fraud prevention grade of the first basic information according to a preset corresponding table if yes; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
the model acquisition module is used for acquiring a security assessment model corresponding to the fraud prevention grade from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
and the input module is used for inputting the appointed behavior into the security assessment model for calculation to obtain the security level of the client.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111266340.5A CN113988885B (en) | 2021-10-28 | 2021-10-28 | Identification method, device, equipment and storage medium for customer behavior security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111266340.5A CN113988885B (en) | 2021-10-28 | 2021-10-28 | Identification method, device, equipment and storage medium for customer behavior security |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113988885A CN113988885A (en) | 2022-01-28 |
CN113988885B true CN113988885B (en) | 2024-05-17 |
Family
ID=79743836
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111266340.5A Active CN113988885B (en) | 2021-10-28 | 2021-10-28 | Identification method, device, equipment and storage medium for customer behavior security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113988885B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115691034A (en) * | 2022-11-01 | 2023-02-03 | 广东职业技术学院 | Intelligent household abnormal condition warning method, system and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020082579A1 (en) * | 2018-10-25 | 2020-04-30 | 深圳壹账通智能科技有限公司 | Risk review and approval method, device, storage medium, and server |
US10778681B1 (en) * | 2019-04-12 | 2020-09-15 | Capital One Services, Llc | Using common identifiers related to location to link fraud across mobile devices |
CN111950889A (en) * | 2020-08-10 | 2020-11-17 | 中国平安人寿保险股份有限公司 | Client risk assessment method and device, readable storage medium and terminal equipment |
CN112668859A (en) * | 2020-12-23 | 2021-04-16 | 平安普惠企业管理有限公司 | Big data based customer risk rating method, device, equipment and storage medium |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10521786B2 (en) * | 2005-04-26 | 2019-12-31 | Spriv Llc | Method of reducing fraud in on-line transactions |
US11875350B2 (en) * | 2019-09-12 | 2024-01-16 | Visa International Service Association | Systems and methods for improved fraud detection |
-
2021
- 2021-10-28 CN CN202111266340.5A patent/CN113988885B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020082579A1 (en) * | 2018-10-25 | 2020-04-30 | 深圳壹账通智能科技有限公司 | Risk review and approval method, device, storage medium, and server |
US10778681B1 (en) * | 2019-04-12 | 2020-09-15 | Capital One Services, Llc | Using common identifiers related to location to link fraud across mobile devices |
CN111950889A (en) * | 2020-08-10 | 2020-11-17 | 中国平安人寿保险股份有限公司 | Client risk assessment method and device, readable storage medium and terminal equipment |
CN112668859A (en) * | 2020-12-23 | 2021-04-16 | 平安普惠企业管理有限公司 | Big data based customer risk rating method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN113988885A (en) | 2022-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Woodford | Modeling imprecision in perception, valuation, and choice | |
CN108921708B (en) | Insurance service optimization method, insurance service optimization device and storage medium | |
CA2821095C (en) | System and method for detecting fraudulent account access and transfers | |
Duffie | Measuring corporate default risk | |
CN113988885B (en) | Identification method, device, equipment and storage medium for customer behavior security | |
Keith | The interpretation, assessment and conservation of ecological communities | |
CN110852714A (en) | Salary improvement data management system applied to decoration service platform | |
Fashoto et al. | Hybrid methods for credit card fraud detection using K-means clustering with hidden Markov model and multilayer perceptron algorithm | |
Laske et al. | Do fines deter unethical behavior? The effect of systematically varying the size and probability of punishment | |
CN111144899A (en) | Method and device for identifying false transactions and electronic equipment | |
Abdelsalam | Asymmetric effect of monetary policy in emerging countries: The case of Egypt | |
Devaki et al. | Credit card fraud detection using time series analysis | |
CN109785207A (en) | A kind of ways and means of crime prevention prediction discovery | |
Levanon | The law of police entrapment: Critical evaluation and policy analysis | |
CN111598568A (en) | Abnormal transaction identification method based on multi-transaction object multi-dimensional credit management | |
CN116630020A (en) | Risk assessment method and device, storage medium and electronic equipment | |
CN113256422B (en) | Method and device for identifying bin account, computer equipment and storage medium | |
CN113409137B (en) | Credit loan risk control method, system, equipment and storage medium | |
Cardozo et al. | Peace COrP: Learning to solve conflicts between contexts | |
CN114240605A (en) | Loan calculation method and device, computer equipment and storage medium | |
WO2021130991A1 (en) | Fraud detection system, fraud detection method, and program | |
CN110751567A (en) | Vehicle information processing method, device, computer equipment and storage medium | |
Hoch et al. | Discrimination for the Sake of Fairness: Fairness by Design and Its Legal Framework | |
Lee | A data mining approach using transaction patterns for card fraud detection | |
CN109377213A (en) | Self-service card Activiation method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |