CN113988885B - Identification method, device, equipment and storage medium for customer behavior security - Google Patents

Identification method, device, equipment and storage medium for customer behavior security Download PDF

Info

Publication number
CN113988885B
CN113988885B CN202111266340.5A CN202111266340A CN113988885B CN 113988885 B CN113988885 B CN 113988885B CN 202111266340 A CN202111266340 A CN 202111266340A CN 113988885 B CN113988885 B CN 113988885B
Authority
CN
China
Prior art keywords
security
client
behavior
fraud prevention
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111266340.5A
Other languages
Chinese (zh)
Other versions
CN113988885A (en
Inventor
徐祥瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202111266340.5A priority Critical patent/CN113988885B/en
Publication of CN113988885A publication Critical patent/CN113988885A/en
Application granted granted Critical
Publication of CN113988885B publication Critical patent/CN113988885B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • G06F18/232Non-hierarchical techniques
    • G06F18/2321Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
    • G06F18/23213Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/03Credit; Loans; Processing thereof

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Probability & Statistics with Applications (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method, a device, equipment and a storage medium for identifying behavior security of a client, wherein the method comprises the following steps: through preliminary judgment on the appointed behavior of the client, after the judgment result is the trigger identification request, the corresponding first basic information and historical behavior are obtained, and the corresponding security assessment model is obtained to carry out security level assessment. The invention has the beneficial effects that: the method and the device realize the identification of different clients by using different security assessment models, improve the accuracy of the identification, and realize different assessment standards for different clients so as to improve the experience of the clients.

Description

Identification method, device, equipment and storage medium for customer behavior security
Technical Field
The present invention relates to the field of security information, and in particular, to a method, an apparatus, a device, and a storage medium for identifying security of a client's behavior.
Background
At present, the anti-fraud identification in the industry is mainly used for identifying the implementation fraudsters, mainly in the links of credit card application, card swiping consumption, loan application and loan withdrawal, and mainly used for preventing the client from fraudulence to the bank, and does not consider the situation that the client is fraudulently used by other people. In addition, the existing fraud recognition logic is in some indiscriminate recognition modes, classification judgment is not carried out according to basic information of clients, but fraud is considered as long as triggering is carried out, and the indiscriminate fraud recognition modes can cause low recognition accuracy and reduce experience of clients.
Disclosure of Invention
The invention mainly aims to provide a recognition method, a device, equipment and a storage medium for customer behavior safety, aiming at solving the problem that an indiscriminate fraud recognition mode can cause low recognition accuracy.
The invention provides a method for identifying the behavior security of a client, which comprises the following steps:
detecting whether a specified behavior of a client triggers an identification request;
If the identification request is triggered, acquiring the geographic position of the client, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
Calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
judging whether the first safe score is larger than the average value of all the second safe scores;
If yes, obtaining the fraud prevention level of the first basic information according to a preset corresponding table; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
Acquiring a security assessment model corresponding to the fraud prevention level from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
and inputting the appointed behavior into the security assessment model for calculation to obtain the security level of the client.
Further, before the step of obtaining the security assessment model corresponding to the first basic information fraud prevention level from the preset model library, the method further includes:
Acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
Obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
And respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
Further, after the step of inputting the specified behavior into the preset security assessment model to obtain the security level of the client, the method further includes:
Judging whether the security level is greater than a preset security level;
if the security level is greater than the preset security level, calculating transaction delay time corresponding to the security level according to a formula t=f (x i) +b; wherein t represents transaction delay time, f (x i) represents a functional relation between the security level and the corresponding time, b represents a minimum value of the transaction delay time, and x i represents the security level of the ith client;
setting a corresponding time tag for the corresponding client according to the transaction delay time;
And acquiring the time point when the appointed action occurs, and setting the time point for permitting the transaction for the client based on the time tag.
Further, after the step of obtaining the time point when the specified action occurs and setting the time point when the transaction is permitted for the client based on the time tag, the method further includes:
detecting whether the time tag has a pause transaction request sent by the client or a third person bound with the client within the time specified by the time tag;
If the suspension transaction request exists, determining that the appointed action of the client is not effective.
Further, the step of detecting whether the specified behavior of the client triggers the identification request includes:
acquiring each dimension index of the appointed behavior of the client;
detecting whether each dimension index exceeds a standard value defined by each dimension;
And judging whether the identification request is triggered according to the detection result.
Further, before the step of obtaining the fraud prevention level of the first basic information according to the preset mapping table, the method further includes:
Acquiring second basic information of a plurality of users and a target user which is fraudulent among the plurality of users;
clustering the plurality of users according to the second basic information of each user to obtain a plurality of clustered user sets;
setting corresponding fraud prevention grades for each user set according to the percentages of the target users in the user sets;
and establishing the preset corresponding table according to the clustering information corresponding to the user set and the corresponding fraud prevention level.
Further, before the step of obtaining the security assessment model corresponding to the fraud prevention level from the preset model library, the method further includes:
acquiring training sets corresponding to each fraud prevention level; wherein the training set comprises a plurality of corresponding behaviors;
respectively inputting each training set into different initial models for training;
According to the formula Calculating a loss value of each initial model based on the corresponding training set; where n represents the number of behaviors in the kth training set, R qk represents the predicted fraud prevention level for the qth behavior in the kth training set, R qk represents the actual fraud prevention level for the qth behavior in the kth training set, λ is a constant, x qk represents the qth behavior in the kth training set;
and adjusting parameters of the initial model based on the loss value corresponding to the initial model, and obtaining a security evaluation model corresponding to each fraud prevention level after adjustment.
The invention also provides a device for identifying the behavior safety of the client, which comprises the following steps:
The detection module is used for detecting whether the appointed behavior of the client triggers an identification request or not;
The position acquisition module is used for acquiring the geographic position of the client if the identification request is triggered, and acquiring the first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
The calculation module is used for calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
the judging module is used for judging whether the first safe score is larger than the average value of all the second safe scores;
The grade acquisition module is used for acquiring the fraud prevention grade of the first basic information according to a preset corresponding table if yes; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
the model acquisition module is used for acquiring a security assessment model corresponding to the fraud prevention grade from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
And the input module is used for inputting the appointed behavior into the security assessment model for calculation to obtain the security level of the client.
Further, the method further comprises the following steps:
The training set acquisition module is used for acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
Obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
And respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
The invention also provides a computer device comprising a memory storing a computer program and a processor implementing the steps of any of the methods described above when the processor executes the computer program.
The invention also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method of any of the preceding claims.
The invention has the beneficial effects that: through preliminary judgment on the appointed behavior of the client, after the judgment result is the trigger identification request, the corresponding first basic information and the corresponding historical behavior are obtained, and the corresponding safety evaluation model is obtained to evaluate the safety level, so that different clients are identified by using different safety evaluation models, the accuracy degree of identification is improved, and in addition, different evaluation standards for different clients are realized, and the experience of the client is improved.
Drawings
FIG. 1 is a flow chart of a method for identifying customer behavior security according to an embodiment of the invention;
FIG. 2 is a schematic block diagram of a customer behavior security identification device according to an embodiment of the present invention;
Fig. 3 is a schematic block diagram of a computer device according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that, in the embodiments of the present invention, all directional indicators (such as up, down, left, right, front, and back) are merely used to explain the relative positional relationship, movement conditions, and the like between the components in a specific posture (as shown in the drawings), if the specific posture is changed, the directional indicators correspondingly change, and the connection may be a direct connection or an indirect connection.
The term "and/or" is herein merely an association relation describing an associated object, meaning that there may be three relations, e.g., a and B, may represent: a exists alone, A and B exist together, and B exists alone.
Furthermore, descriptions such as those referred to as "first," "second," and the like, are provided for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implying an order of magnitude of the indicated technical features in the present disclosure. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present invention.
Referring to fig. 1, the invention proposes a method for identifying the behavior security of a client, comprising:
s1: detecting whether a specified behavior of a client triggers an identification request;
S2: if the identification request is triggered, acquiring the geographic position of the client, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
S3: calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
S4: judging whether the first safe score is larger than the average value of all the second safe scores;
S5: if yes, obtaining the fraud prevention level of the first basic information according to a preset corresponding table; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
S6: acquiring a security assessment model corresponding to the fraud prevention level from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
s7: and inputting the appointed behavior into the preset security assessment model to obtain the security level of the client.
As described above in step S1, it is detected whether the identification request is triggered by a specified behavior of the client. The rule triggered is a preset rule, for example, the designated action may be when a customer generates a large amount of money for transfer, a large amount of credit card for consumption, or when a customer generates frequent transfers or transactions in a short time. That is, the dimension values of the respective dimensions, and if only one dimension value is larger than the set standard value, the specified behavior of the client is considered to trigger the identification request.
If the identification request is triggered, the geographic location of the client is obtained, and the first basic information and a plurality of historical behaviors of the client are obtained based on the geographic location as described in the step S2; the plurality of historical behaviors at least comprise transaction amount intervals of the clients in the geographic positions, the first basic information is client information in a pre-existing database, and the first basic information comprises information such as identity information, historical credit, transaction habits, account balance and the like of the clients. The historical behavior refers to the transaction behavior before the client, and can be the transaction behavior in a period of time, for example, the transaction behavior in the last year or the last month, and because the first basic information of the client and the historical behavior of the client contain the transaction habit of the user, different fraud identification can be performed on the user, so that the experience of the client is further improved. The transaction amount interval is an amount interval in which the transaction occurs in each geographic position before the client occurs in the appointed behavior, so that whether the appointed behavior of the client is safe or not can be judged based on the amount interval in each geographic position.
As described in step S3, the first safe score of the specified behavior and the second safe score corresponding to each historical behavior are calculated according to a preset safe score algorithm. That is, whether the current specified behavior is similar to the previous historical behavior of the client, that is, whether the specified behavior is a normal operation for the client is judged by calculating a first security score of the specified behavior and a second security score corresponding to each of the historical behaviors. The preset safe score algorithm may be to perform weighted sum calculation on behaviors (i.e., specified behaviors and historical behaviors), that is, each dimension of the behaviors is multiplied by a weight of a corresponding dimension and summed, so as to obtain a first safe score of the specified behaviors and a second safe score corresponding to each historical behavior.
As described in the above step S4, it is determined whether the first safe score is greater than the average of all the second safe scores. The first security score is compared with the average value of all the second security scores, so that the discreteness of the first security score can be obtained, the average value is subtracted from the first security score to obtain a security difference, a threshold value is preset, when the security difference is larger than the threshold value, the current operation of the client is considered to be safe, therefore, the security level of the client needs to be calculated for further judgment, when the security difference is smaller than or equal to the threshold value, the current operation of the client is considered to be unsafe, therefore, calculation is not needed, the client is not required to conduct calculation, the trade is conducted frequently, the possibility of fraud is small for the trade habit of the client, and in order to improve the experience of the client, the client can be considered to be regarded as normal trade without detection.
If yes, the preset corresponding table of the fraud prevention level of the first basic information is preset according to different types of clients, specifically, a weighted sum may be performed in advance according to each dimension of the basic information of the clients to obtain corresponding fraud prevention scores, the corresponding table is a corresponding relationship between the fraud prevention scores and the fraud prevention levels, the corresponding fraud prevention levels are preset for each fraud prevention score, and it should be noted that each dimension may include identity dimensions, common terminals, etc., for example, the identity dimensions may include students, teachers, employees, agriculture, forestry, fishermen, enterprise owners, individual industrial merchants, public officers, investors, enterprise high-level, then different scores are defined for each identity, and the common transaction terminal also defines different scores, and then obtains the fraud prevention level of the first basic information according to the weighted sum. The corresponding table may also define a corresponding fraud prevention level according to the identity information, that is, one identity information corresponds to one fraud prevention level, which is not limited in the present application, and the corresponding fraud prevention level may be obtained according to the first basic information.
As described in the step S6, a security evaluation model corresponding to the fraud prevention level is obtained from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output. And a security evaluation model corresponding to the fraud prevention level is found out to evaluate the client, so that the classification and identification of the client are realized, and the requirements of clients of different categories are met. The safety evaluation model is a neural network model.
And as described in the step S7, the specified behavior is input into the preset security assessment model to obtain the security level of the client. After the security evaluation model corresponding to the first basic information is obtained, the designated behavior is directly input, and the corresponding security level can be obtained, so that different clients can be identified by using different security evaluation models, the accuracy of identification is improved, and in addition, different evaluation standards for different clients are realized, and the experience of the clients is improved.
In one embodiment, before the step S6 of obtaining the security assessment model corresponding to the first basic information fraud prevention level from the preset model library, the method further includes:
S501: acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
S502: obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
s503: and respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
In one embodiment, training of different fraud prevention levels of the security assessment model is achieved, namely a training set is obtained, then the fraud prevention levels of the training data are obtained based on the preset corresponding table according to the first basic information of the training data, and training subsets corresponding to the fraud prevention levels are obtained through clustering, wherein the clustering mode can be clustering through K-Means clustering, mean shift clustering and other clustering modes. And then training the initial model by the training subsets respectively, thereby obtaining the security assessment model corresponding to each fraud prevention level. Training of different fraud prevention grades of the security assessment model is achieved, so that the final identification effect is better, and user experience is improved.
In one embodiment, after the step S7 of inputting the specified behavior into a preset security assessment model to obtain the security level of the client, the method further includes:
s801: judging whether the security level is greater than a preset security level;
S802: if the security level is greater than the preset security level, calculating transaction delay time corresponding to the security level according to a formula t=f (x i) +b; wherein t represents transaction delay time, f (x i) represents a functional relation between the security level and the corresponding time, b represents a minimum value of the transaction delay time, and x i represents the security level of the ith client;
S803: setting a corresponding time tag for the corresponding client according to the transaction delay time;
S804: and acquiring the time point when the appointed action occurs, and setting the time point for permitting the transaction for the client based on the time tag.
As described in the above steps S801 to S804, it is realized that a transaction delay time is set for each client corresponding to the blacklist according to the security level, that is, the calculation is performed according to the formula t=f (x i) +b, where the value range of x i in the f (x i) function should be set to be greater than a certain value, that is, the security level value does not exceed the preset security level, and it is considered that the transaction delay time is not a fraud condition, that is, the transaction delay time should not be set, and in addition, the f (x i) function may be a primary function, a secondary function, or a compound function, which is not limited by the present application, and it should be explained that the f (x i) function should be an increasing function increasing with the value of x i, that is, with the increase of the security level, the duration of the corresponding transaction delay time is also longer. And acquiring the time point when the appointed action occurs, and setting the time point for permitting the transaction for the client based on the time tag. In one particular embodiment, if the corresponding transaction delay time in the time stamp is 6 hours, the time at which the specified action occurs is 2021, 8, 27, 22:00, and 2021, 8, 28, 4:00.
In one embodiment, after step S804, where the time point at which the specified action occurs is obtained, and a time point at which the transaction is permitted is set for the client based on the time stamp, the method further includes:
S8051: detecting whether the time tag has a pause transaction request sent by the client or a third person bound with the client within the time specified by the time tag;
s8052: if the suspension transaction request exists, determining that the appointed action of the client is not effective.
As described in the above steps S8051 to S8052, reauthentication of the specified behavior is achieved. That is, a short message or other means is sent to the customer within the time specified by the time stamp, and the customer's information is received within this time, wherein if there is a request to suspend the transaction from the customer or a third person who binds to the customer, the specified action is deemed to be cancelled. If the transaction request is confirmed by the client or a third person bound with the client, the time in the time tag can be properly reduced, and the client experience is improved.
In one embodiment, the step S1 of detecting whether the specified behavior of the client triggers the identification request includes:
S101: acquiring each dimension index of the appointed behavior of the client;
S102: detecting whether each dimension index exceeds a standard value defined by each dimension;
s103: and judging whether the identification request is triggered according to the detection result.
As described in the above steps S101 to S103, the determination as to whether the identification request is triggered is implemented. The method comprises the steps of firstly obtaining each dimension index of a specified behavior of a client, wherein the obtaining mode can be obtained through a crawler technology, each dimension index comprises identity information of the client, a common transaction terminal, a transaction time period, the same account transaction frequency, the geographic position of a client initiating transaction, the geographic position of a transaction counterpart, each geographic position and sum interval, the transaction and sum interval, the account type of the transaction counterpart and the like, and whether each dimension index exceeds a standard value defined by each dimension is detected. The standard value is a preset value, and when at least one dimension index exceeds the corresponding standard value, the client is considered to have fraudulent safety, so that further judgment is needed, namely the recognition request is considered to be triggered, and if no dimension index exceeds the corresponding standard value, the recognition request is not triggered. Therefore, each behavior is not required to be identified, and the operation amount of the system is reduced.
In one embodiment, before step S5 of obtaining the fraud prevention level of the first basic information according to a preset mapping table, the method further includes:
S401: acquiring second basic information of a plurality of users and a target user which is fraudulent among the plurality of users;
S402: clustering the plurality of users according to the second basic information of each user to obtain a plurality of clustered user sets;
s403: setting corresponding fraud prevention grades for each user set according to the percentages of the target users in the user sets;
s404: and establishing the preset corresponding table according to the clustering information corresponding to the user set and the corresponding fraud prevention level.
As described in the above steps S401 to S404, the establishment of the preset correspondence table is achieved. I.e. obtaining second basic information of a plurality of users and a target user of said plurality of users that is rogue. Because some groups are easy to cheat, each user needs to be clustered according to a preset clustering method according to the second basic information, and the preset clustering method can be any one of K-Means clustering, mean shift clustering and the like. Corresponding fraud prevention grades are set for each user set according to the percentages of the target users in the user sets, and the corresponding fraud prevention grades can be set according to the corresponding percentages of the target users in the user sets, so that corresponding preset corresponding tables are set.
In one embodiment, before the step S6 of obtaining the security assessment model corresponding to the fraud prevention level from the preset model library, the method further includes:
s511: acquiring training sets corresponding to each fraud prevention level; wherein the training set comprises a plurality of corresponding behaviors;
S512: respectively inputting each training set into different initial models for training;
S513: according to the formula Calculating a loss value of each initial model based on the corresponding training set; where n represents the number of behaviors in the kth training set, R qk represents the predicted fraud prevention level for the qth behavior in the kth training set, R qk represents the actual fraud prevention level for the qth behavior in the kth training set, λ is a constant, x qk represents the qth behavior in the kth training set;
s514: and adjusting parameters of the initial model based on the loss value corresponding to the initial model, and obtaining a security evaluation model corresponding to each fraud prevention level after adjustment.
As described in the above steps S511-S514, where λ is used as the penalty term of the overfitting, the overfitting problem in the training process can be solved, so that an optimized loss value can be obtained. Training is carried out through corresponding generation of the countermeasure network model until the loss value reaches a preset value. Thus, training of the security assessment model corresponding to each fraud prevention level is completed.
The invention has the beneficial effects that: through preliminary judgment on the appointed behavior of the client, after the judgment result is the trigger identification request, the corresponding first basic information and the corresponding historical behavior are obtained, and the corresponding safety evaluation model is obtained to evaluate the safety level, so that different clients are identified by using different safety evaluation models, the accuracy degree of identification is improved, and in addition, different evaluation standards for different clients are realized, and the experience of the client is improved.
Referring to fig. 2, the present invention provides an identification device for customer behavior security, comprising:
a detection module 10, configured to detect whether a specified behavior of a client triggers an identification request;
The location obtaining module 20 is configured to obtain a geographic location where the client is located if the identification request is triggered, and obtain first basic information and a plurality of historical behaviors of the client based on the geographic location; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
The calculating module 30 is configured to calculate a first safe score of the specified behavior and a second safe score corresponding to each historical behavior according to a preset safe score algorithm;
a determining module 40, configured to determine whether the first safe score is greater than an average of all the second safe scores;
The level obtaining module 50 is configured to obtain a fraud prevention level of the first basic information according to a preset mapping table if yes; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
the model obtaining module 60 is configured to obtain a security evaluation model corresponding to the fraud prevention level from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
and the input module 70 is used for inputting the specified behavior into the security assessment model for calculation to obtain the security level of the client.
In one embodiment, the identification device of the behavior security of the client further comprises:
The training set acquisition module is used for acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
Obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
And respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
Referring to fig. 3, in an embodiment of the present application, there is further provided a computer device, which may be a server, and an internal structure thereof may be as shown in fig. 3. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing various first basic information and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, may implement the method for identifying the security of the behavior of the client according to any one of the embodiments described above.
It will be appreciated by those skilled in the art that the architecture shown in fig. 3 is merely a block diagram of a portion of the architecture in connection with the present inventive arrangements and is not intended to limit the computer devices to which the present inventive arrangements are applicable.
The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, can implement the method for identifying the behavior security of the client according to any of the above embodiments.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by hardware associated with a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium provided by the present application and used in embodiments may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual speed data rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that comprises the element.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Wherein artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) is the theory, method, technique, and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend, and expand human intelligence, sense the environment, acquire knowledge, and use knowledge to obtain optimal results.
Artificial intelligence infrastructure technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and other directions.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (9)

1. A method for identifying security of a customer's behavior, comprising:
detecting whether a specified behavior of a client triggers an identification request;
If the identification request is triggered, acquiring the geographic position of the client, and acquiring first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
Calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
judging whether the first safe score is larger than the average value of all the second safe scores;
If yes, obtaining the fraud prevention level of the first basic information according to a preset corresponding table; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
Acquiring a security assessment model corresponding to the fraud prevention level from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
inputting the appointed behavior into the security assessment model for calculation to obtain the security level of the client;
before the step of obtaining the security assessment model corresponding to the fraud prevention level from a preset model library, the method further comprises the following steps:
acquiring training sets corresponding to each fraud prevention level; wherein the training set comprises a plurality of corresponding behaviors;
respectively inputting each training set into different initial models for training;
According to the formula Calculating a loss value of each initial model based on the corresponding training set; where n represents the number of behaviors in the kth training set, R qk represents the predicted fraud prevention level for the qth behavior in the kth training set, R qk represents the actual fraud prevention level for the qth behavior in the kth training set, λ is a constant, x qk represents the qth behavior in the kth training set;
and adjusting parameters of the initial model based on the loss value corresponding to the initial model, and obtaining a security evaluation model corresponding to each fraud prevention level after adjustment.
2. The method for identifying behavioral safety of a client according to claim 1, further comprising, prior to the step of obtaining a security assessment model corresponding to the first basic information fraud prevention level from a preset model library:
Acquiring a training set; the training set comprises a plurality of training data, wherein the training data comprises first basic information, first behaviors and corresponding security levels of corresponding clients;
Obtaining fraud prevention levels of the training data based on the preset corresponding table according to the first basic information of the training data, and clustering to obtain training subsets corresponding to the fraud prevention levels;
And respectively inputting the training subsets into an untrained initial model for training to obtain a security assessment model corresponding to each fraud prevention level.
3. The method for identifying the security of the behavior of a client according to claim 1, wherein after the step of inputting the specified behavior into the security assessment model set in advance to obtain the security level of the client, further comprising:
Judging whether the security level is greater than a preset security level;
if the security level is greater than the preset security level, calculating transaction delay time corresponding to the security level according to a formula t=f (x i) +b; wherein t represents transaction delay time, f (x i) represents a functional relation between the security level and the corresponding time, b represents a minimum value of the transaction delay time, and x i represents the security level of the ith client;
Setting corresponding time labels for corresponding clients according to the transaction delay time;
And acquiring the time point when the appointed action occurs, and setting the time point for permitting the transaction for the client based on the time tag.
4. The method for identifying behavioral safety of a customer according to claim 3, wherein after the step of obtaining a point in time at which the specified behavior occurs and setting a point in time at which a transaction is permitted for the customer based on the time stamp, further comprising:
detecting whether the time tag has a pause transaction request sent by the client or a third person bound with the client within the time specified by the time tag;
If the suspension transaction request exists, determining that the appointed action of the client is not effective.
5. The method for identifying security of a client's behavior according to claim 1, wherein the step of detecting whether the client's specified behavior triggers an identification request comprises:
acquiring each dimension index of the appointed behavior of the client;
detecting whether each dimension index exceeds a standard value defined by each dimension;
And judging whether the identification request is triggered according to the detection result.
6. The method for identifying behavioral safety of a client according to claim 1, wherein before the step of obtaining the fraud prevention level of the first basic information according to a preset correspondence table, the method further comprises:
Acquiring second basic information of a plurality of users and a target user which is fraudulent among the plurality of users;
clustering the plurality of users according to the second basic information of each user to obtain a plurality of clustered user sets;
setting corresponding fraud prevention grades for each user set according to the percentages of the target users in the user sets;
and establishing the preset corresponding table according to the clustering information corresponding to the user set and the corresponding fraud prevention level.
7. A customer behavioural secure identification device for performing the method of any one of claims 1 to 6, comprising:
The detection module is used for detecting whether the appointed behavior of the client triggers an identification request or not;
The position acquisition module is used for acquiring the geographic position of the client if the identification request is triggered, and acquiring the first basic information and a plurality of historical behaviors of the client based on the geographic position; wherein the plurality of historical behaviors includes at least a transaction amount interval for the customer at the geographic location;
The calculation module is used for calculating a first security score of the appointed behavior and a second security score corresponding to each historical behavior according to a preset security score algorithm;
the judging module is used for judging whether the first safe score is larger than the average value of all the second safe scores;
The grade acquisition module is used for acquiring the fraud prevention grade of the first basic information according to a preset corresponding table if yes; wherein, the preset corresponding table stores the corresponding relation between various basic information and fraud prevention level in advance;
the model acquisition module is used for acquiring a security assessment model corresponding to the fraud prevention grade from a preset model library; each security assessment model is trained by taking various behaviors of the corresponding clients for preventing fraud levels as input and taking the corresponding security levels as output;
and the input module is used for inputting the appointed behavior into the security assessment model for calculation to obtain the security level of the client.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
CN202111266340.5A 2021-10-28 2021-10-28 Identification method, device, equipment and storage medium for customer behavior security Active CN113988885B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111266340.5A CN113988885B (en) 2021-10-28 2021-10-28 Identification method, device, equipment and storage medium for customer behavior security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111266340.5A CN113988885B (en) 2021-10-28 2021-10-28 Identification method, device, equipment and storage medium for customer behavior security

Publications (2)

Publication Number Publication Date
CN113988885A CN113988885A (en) 2022-01-28
CN113988885B true CN113988885B (en) 2024-05-17

Family

ID=79743836

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111266340.5A Active CN113988885B (en) 2021-10-28 2021-10-28 Identification method, device, equipment and storage medium for customer behavior security

Country Status (1)

Country Link
CN (1) CN113988885B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115691034A (en) * 2022-11-01 2023-02-03 广东职业技术学院 Intelligent household abnormal condition warning method, system and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020082579A1 (en) * 2018-10-25 2020-04-30 深圳壹账通智能科技有限公司 Risk review and approval method, device, storage medium, and server
US10778681B1 (en) * 2019-04-12 2020-09-15 Capital One Services, Llc Using common identifiers related to location to link fraud across mobile devices
CN111950889A (en) * 2020-08-10 2020-11-17 中国平安人寿保险股份有限公司 Client risk assessment method and device, readable storage medium and terminal equipment
CN112668859A (en) * 2020-12-23 2021-04-16 平安普惠企业管理有限公司 Big data based customer risk rating method, device, equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10521786B2 (en) * 2005-04-26 2019-12-31 Spriv Llc Method of reducing fraud in on-line transactions
US11875350B2 (en) * 2019-09-12 2024-01-16 Visa International Service Association Systems and methods for improved fraud detection

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020082579A1 (en) * 2018-10-25 2020-04-30 深圳壹账通智能科技有限公司 Risk review and approval method, device, storage medium, and server
US10778681B1 (en) * 2019-04-12 2020-09-15 Capital One Services, Llc Using common identifiers related to location to link fraud across mobile devices
CN111950889A (en) * 2020-08-10 2020-11-17 中国平安人寿保险股份有限公司 Client risk assessment method and device, readable storage medium and terminal equipment
CN112668859A (en) * 2020-12-23 2021-04-16 平安普惠企业管理有限公司 Big data based customer risk rating method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN113988885A (en) 2022-01-28

Similar Documents

Publication Publication Date Title
Woodford Modeling imprecision in perception, valuation, and choice
CN108921708B (en) Insurance service optimization method, insurance service optimization device and storage medium
CA2821095C (en) System and method for detecting fraudulent account access and transfers
Duffie Measuring corporate default risk
CN113988885B (en) Identification method, device, equipment and storage medium for customer behavior security
Keith The interpretation, assessment and conservation of ecological communities
CN110852714A (en) Salary improvement data management system applied to decoration service platform
Fashoto et al. Hybrid methods for credit card fraud detection using K-means clustering with hidden Markov model and multilayer perceptron algorithm
Laske et al. Do fines deter unethical behavior? The effect of systematically varying the size and probability of punishment
CN111144899A (en) Method and device for identifying false transactions and electronic equipment
Abdelsalam Asymmetric effect of monetary policy in emerging countries: The case of Egypt
Devaki et al. Credit card fraud detection using time series analysis
CN109785207A (en) A kind of ways and means of crime prevention prediction discovery
Levanon The law of police entrapment: Critical evaluation and policy analysis
CN111598568A (en) Abnormal transaction identification method based on multi-transaction object multi-dimensional credit management
CN116630020A (en) Risk assessment method and device, storage medium and electronic equipment
CN113256422B (en) Method and device for identifying bin account, computer equipment and storage medium
CN113409137B (en) Credit loan risk control method, system, equipment and storage medium
Cardozo et al. Peace COrP: Learning to solve conflicts between contexts
CN114240605A (en) Loan calculation method and device, computer equipment and storage medium
WO2021130991A1 (en) Fraud detection system, fraud detection method, and program
CN110751567A (en) Vehicle information processing method, device, computer equipment and storage medium
Hoch et al. Discrimination for the Sake of Fairness: Fairness by Design and Its Legal Framework
Lee A data mining approach using transaction patterns for card fraud detection
CN109377213A (en) Self-service card Activiation method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant