CN114358912A - An anomaly detection method based on federated learning and risk weight fusion - Google Patents

An anomaly detection method based on federated learning and risk weight fusion Download PDF

Info

Publication number
CN114358912A
CN114358912A CN202111362361.7A CN202111362361A CN114358912A CN 114358912 A CN114358912 A CN 114358912A CN 202111362361 A CN202111362361 A CN 202111362361A CN 114358912 A CN114358912 A CN 114358912A
Authority
CN
China
Prior art keywords
model
client
machine learning
training
bank
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111362361.7A
Other languages
Chinese (zh)
Other versions
CN114358912B (en
Inventor
王楠
张大林
刘娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
Original Assignee
Beijing Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University filed Critical Beijing Jiaotong University
Priority to CN202111362361.7A priority Critical patent/CN114358912B/en
Publication of CN114358912A publication Critical patent/CN114358912A/en
Application granted granted Critical
Publication of CN114358912B publication Critical patent/CN114358912B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明提供了一种基于联邦学习的风险权重融合的异常检测方法。该方法包括:将参与联邦学习的各银行机构视为客户端,各个客户端分别建立机器学习模型,在每轮迭代中,各个客户端的机器学习模型利用本地数据样本集迭代训练后,提取参数更新信息和本轮次训练的风险权重信息,并上传至中央服务器;中央服务器将接收到的所有参数更新信息融合各客户端的风险权重信息进行安全聚合后,下发联合模型参数更新信息给各个客户端,各个客户端根据接收的联合模型更新信息进行本地的机器学习模型的参数更新。本发明通过风险权值聚合的方式强化提取相应参与方的优势特征,在金融欺诈识别等异常检测领域,对于异常数据检测的准确率和召回率进行提升。

Figure 202111362361

The present invention provides an anomaly detection method based on federated learning and risk weight fusion. The method includes: treating each banking institution participating in federated learning as a client, each client establishes a machine learning model respectively, and in each round of iteration, after the machine learning model of each client is iteratively trained with a local data sample set, extracting parameters to update information and the risk weight information of this round of training, and upload them to the central server; the central server fuses all the received parameter update information with the risk weight information of each client for secure aggregation, and sends the joint model parameter update information to each client. , each client updates the parameters of the local machine learning model according to the received joint model update information. The invention strengthens the extraction of the advantageous features of the corresponding participants by means of risk weight aggregation, and improves the accuracy and recall rate of abnormal data detection in the field of abnormal detection such as financial fraud identification.

Figure 202111362361

Description

一种基于联邦学习的风险权重融合的异常检测方法An anomaly detection method based on federated learning and risk weight fusion

技术领域technical field

本发明涉及金融数据安全检测技术领域,尤其涉及一种基于联邦学习的风险权重融合的异常检测方法。The invention relates to the technical field of financial data security detection, in particular to an anomaly detection method based on federated learning and risk weight fusion.

背景技术Background technique

随着互联网的普及,金融场景更深地融入到人们的日常生活中,以提供便捷的服务,然而金融欺诈也在利用新技术不断扩张,给金融机构和消费者带来了巨大的损失。传统的基于统计和规则的风控方式无法有效地检测变化多端的欺诈模式,机器学习和深度学习技术为金融交易欺诈检测提供了新的思路,并已在多领域场景验证其有效性。机器学习模型检测效果通常依赖大量的数据集,然而金融数据有着天然的敏感和隐私性,不同机构的数据无法直接收集和处理,限制了机器学习技术在金融领域的应用。因此,研究如何在保障数据隐私安全的条件下进行机器学习模型的训练具有重要的价值。With the popularity of the Internet, financial scenarios are more deeply integrated into people's daily lives to provide convenient services. However, financial fraud is also expanding using new technologies, causing huge losses to financial institutions and consumers. Traditional statistical and rule-based risk control methods cannot effectively detect changing fraud patterns. Machine learning and deep learning technologies have provided new ideas for financial transaction fraud detection, and their effectiveness has been verified in multi-domain scenarios. The detection effect of machine learning models usually relies on a large number of data sets. However, financial data is naturally sensitive and private, and data from different institutions cannot be directly collected and processed, which limits the application of machine learning technology in the financial field. Therefore, it is of great value to study how to train machine learning models under the condition of ensuring data privacy and security.

基于隐私安全的金融数据检测使用方案包括多方安全计算、同态加密及差分隐私等,这些技术分别从多方数据安全交互、数据加密和数据扰动方面保障数据隐私,但是数据仍然会流出本地,存在泄露风险。基于数据保留在机构本地而改用模型参数聚合的方式,通过创新的方式地保护了用户数据的隐私安全。有学者进一步将联邦学习扩展应用范围分为横向联邦学习、纵向联邦学习和联邦迁移学习。Financial data detection and application schemes based on privacy security include multi-party secure computing, homomorphic encryption and differential privacy, etc. These technologies ensure data privacy from the aspects of multi-party data security interaction, data encryption and data disturbance, but the data will still flow out of the local, there is leakage risk. Based on the fact that the data is kept locally in the organization, the model parameter aggregation method is used instead, which protects the privacy and security of user data in an innovative way. Some scholars further divide the extended application scope of federated learning into horizontal federated learning, vertical federated learning and federated transfer learning.

现有技术中的一种将联邦学习应用到金融欺诈检测方面的方法为:将联邦学习应用于信用卡欺诈检测,通过联合多机构数据训练,与传统欺诈检测方法在AUC指标上对比提升了10%。将纵向联邦学习结合基于有界约束的逻辑回归算法应用于信用评分预测,由于联邦学习带来的数据丰富使得AUC和Kolmogorov-Smirnov(KS)统计数据的性能得到了显著改善。A method of applying federated learning to financial fraud detection in the prior art is: applying federated learning to credit card fraud detection, through joint multi-agency data training, compared with traditional fraud detection methods, the AUC index is improved by 10% . Applying longitudinal federated learning combined with a bounded constraint-based logistic regression algorithm to credit score prediction, the performance of AUC and Kolmogorov-Smirnov (KS) statistics is significantly improved due to the data enrichment brought by federated learning.

上述现有技术中的一种将联邦学习应用到金融欺诈检测方面的方法的缺点为:该方法基于联邦学习思想将各个机构模型视作同等地位,使用均值方式进行简单参数聚合,没有针对各机构数据集和模型的个性化特点做具体分析和研究,这样导致中央模型训练和收敛速度慢,对欺诈样本敏感度低,欺诈识别准确率和召回率较低。One of the above-mentioned methods of applying federated learning to financial fraud detection has the disadvantage that: this method treats each institutional model as an equal status based on the federated learning idea, uses the mean method to perform simple parameter aggregation, and does not target each institution. The individual characteristics of datasets and models are specifically analyzed and studied, which results in slow training and convergence of the central model, low sensitivity to fraud samples, and low fraud identification accuracy and recall.

发明内容SUMMARY OF THE INVENTION

本发明的实施例提供了一种基于联邦学习的风险权重融合的异常检测方法,以实现有效地提高金融欺诈检测的效果。Embodiments of the present invention provide an anomaly detection method based on federated learning and risk weight fusion, so as to effectively improve the effect of financial fraud detection.

为了实现上述目的,本发明采取了如下技术方案。In order to achieve the above objects, the present invention adopts the following technical solutions.

一种基于联邦学习的风险权重融合的异常检测方法,包括:An anomaly detection method based on federated learning and risk weight fusion, including:

将参与联邦学习的各银行机构视为客户端,各个客户端分别建立相同结构的机器学习模型,各个机器学习模型的初始参数由中央参数服务器下发;Each banking institution participating in federated learning is regarded as a client, each client establishes a machine learning model with the same structure, and the initial parameters of each machine learning model are issued by the central parameter server;

在每轮迭代中,各个客户端的机器学习模型利用本地数据样本集迭代训练后,提取参数更新信息和本轮次训练的风险权重信息,将参数更新信息和风险权重信息上传至中央服务器;In each iteration, after the machine learning model of each client is iteratively trained using the local data sample set, the parameter update information and the risk weight information of this round of training are extracted, and the parameter update information and risk weight information are uploaded to the central server;

所述中央服务器将接收到的所有参数更新信息融合各客户端的风险权重信息进行安全聚合后,下发联合模型参数更新信息给各个客户端,各个客户端根据接收的联合模型更新信息进行本地的机器学习模型的参数更新,每个客户端分别利用自己的机器学习模型进行本地数据的异常检测。After the central server fuses all the received parameter update information with the risk weight information of each client for security aggregation, it issues the joint model parameter update information to each client, and each client performs a local machine according to the received joint model update information. The parameters of the learning model are updated, and each client uses its own machine learning model to detect anomalies in local data.

优选地,所述的将参与联邦学习的各银行机构视为客户端,各个客户端分别建立相同结构的机器学习模型,各个机器学习模型的初始参数由中央参数服务器下发,包括:Preferably, each banking institution participating in the federated learning is regarded as a client, each client establishes a machine learning model with the same structure, and the initial parameters of each machine learning model are issued by the central parameter server, including:

设固定一组各本地的银行机构做为联邦学习的参与者,将各银行机构视为客户端,各个客户端分别建立自己的机器学习模型,各个机器学习模型的结构相同,由中央参数服务器下发的初始化参数相同,训练中各客户端借助中央参数服务器进行参数信息安全聚合与同步,每个客户端独立利用自己的机器学习模型进行本地数据的异常检测,所有客户端的机器学习模型经过通信迭代形成中央联合异常检测模型。Assume a fixed group of local banking institutions as participants in federated learning, consider each banking institution as a client, and each client establishes its own machine learning model. The structure of each machine learning model is the same. The initialization parameters sent are the same. During training, each client uses the central parameter server to securely aggregate and synchronize parameter information. Each client independently uses its own machine learning model to detect anomalies in local data. The machine learning models of all clients are iterated through communication. Form a central joint anomaly detection model.

优选地,所述的在每轮迭代中,各个客户端的机器学习模型利用本地数据样本集迭代训练后,提取参数更新信息和本轮次训练的风险权重信息,将参数更新信息和风险权重信息上传至中央服务器,包括:Preferably, in each iteration, after the machine learning model of each client is iteratively trained using the local data sample set, the parameter update information and the risk weight information of this round of training are extracted, and the parameter update information and risk weight information are uploaded. to a central server, including:

设固定C家银行参与联合模型训练,每个银行机构都有一个本地的数据样本集,第c个银行机构的数据样本集为DcSuppose fixed C banks participate in joint model training, each banking institution has a local data sample set, and the data sample set of the c-th banking institution is D c :

Figure BDA0003359385240000021
Figure BDA0003359385240000021

Figure BDA0003359385240000022
是特征向量,
Figure BDA0003359385240000023
是标签,nc表示参与联邦学习的第c个银行机构的数据集的大小,C为银行机构的总数;
Figure BDA0003359385240000022
is the eigenvector,
Figure BDA0003359385240000023
is the label, n c represents the size of the dataset of the c-th banking institution participating in federated learning, and C is the total number of banking institutions;

在每一轮训练迭代t=1,2,…中,每家银行机构在基于自己数据样本集上进行机器学习模型训练,计算本轮训练的参数更新信息

Figure BDA0003359385240000031
计算本轮训练的风险权重信息:模型准确率
Figure BDA0003359385240000032
和针对欺诈严重程度的权重调节策略sc,将
Figure BDA0003359385240000033
和sc上传至中央参数服务器。In each round of training iteration t=1,2,..., each banking institution conducts machine learning model training based on its own data sample set, and calculates the parameter update information of this round of training
Figure BDA0003359385240000031
Calculate the risk weight information for this round of training: model accuracy
Figure BDA0003359385240000032
and a weight-adjusted strategy s c for fraud severity, which will
Figure BDA0003359385240000033
and s c are uploaded to the central parameter server.

优选地,所述的每家银行机构在基于自己数据样本集上进行机器学习模型训练,计算本轮训练的参数更新信息

Figure BDA0003359385240000034
计算本轮训练的风险权重信息:模型准确率
Figure BDA0003359385240000035
和针对欺诈严重程度的权重调节策略sc,将
Figure BDA0003359385240000036
和sc上传至中央参数服务器进行安全聚合,包括:Preferably, each banking institution conducts machine learning model training based on its own data sample set, and calculates the parameter update information for this round of training
Figure BDA0003359385240000034
Calculate the risk weight information for this round of training: model accuracy
Figure BDA0003359385240000035
and a weight-adjusted strategy s c for fraud severity, which will
Figure BDA0003359385240000036
and s c are uploaded to the central parameter server for secure aggregation, including:

1):

Figure BDA0003359385240000037
代表第c家银行机构第t轮训练中获得的参数更新信息,具体计算公式如下:1):
Figure BDA0003359385240000037
Represents the parameter update information obtained in the t-th round of training of the c-th banking institution. The specific calculation formula is as follows:

Figure BDA0003359385240000038
Figure BDA0003359385240000038

其中,wt-1代表上一轮次联合模型参数,

Figure BDA0003359385240000039
代表本轮次第c家银行进行本地机器学习模型训练迭代生成的新的模型参数,各客户端端本地完成多次迭代,
Figure BDA00033593852400000310
代表完成整个联合训练轮次迭代的所有梯度更新之后的参数;Among them, w t-1 represents the joint model parameters of the previous round,
Figure BDA0003359385240000039
On behalf of the c-th bank in this round, the new model parameters generated by the local machine learning model training iteration, each client completes multiple iterations locally,
Figure BDA00033593852400000310
Represents the parameters after completing all gradient updates for the entire joint training round iteration;

针对每次梯度下降训练过程,本地机器学习模型参数根据数据样本集上测试的损失按照学习速率η进行梯度更新,具体计算公式如下:For each gradient descent training process, the parameters of the local machine learning model are updated gradiently according to the loss tested on the data sample set according to the learning rate η. The specific calculation formula is as follows:

Figure BDA00033593852400000311
Figure BDA00033593852400000311

Figure BDA00033593852400000312
代表第c家银行本地数据集训练时模型的平均损失对当前参数
Figure BDA00033593852400000313
的梯度,损失值Lc(xc,yc;wt)由每个数据样本的损失在该银行数据集所有样本上求均值而得,具体计算公式如下:
Figure BDA00033593852400000312
Represents the average loss of the model when training on the local dataset of the cth bank versus the current parameters
Figure BDA00033593852400000313
The gradient of , the loss value L c (x c , y c ; w t ) is obtained by averaging the loss of each data sample over all samples in the bank data set, and the specific calculation formula is as follows:

Figure BDA00033593852400000314
Figure BDA00033593852400000314

其中,l(xi,yi;wt)代表单个样本的损失,Dc代表第c家银行的数据集样本空间,nc代表第c家银行的数据集样本数量;Among them, l(x i , yi ; w t ) represents the loss of a single sample, D c represents the sample space of the data set of the c th bank, and n c represents the number of data set samples of the c th bank;

2)计算模型准确率

Figure BDA00033593852400000315
2) Calculate the model accuracy
Figure BDA00033593852400000315

模型准确率

Figure BDA0003359385240000041
代表某家银行该轮次训练所得本地机器学习模型预测正确数量所占样本总量的比例,具体计算公式如下:Model accuracy
Figure BDA0003359385240000041
It represents the proportion of the correct number of local machine learning models predicted by a bank in this round of training to the total number of samples. The specific calculation formula is as follows:

Figure BDA0003359385240000042
Figure BDA0003359385240000042

Figure BDA0003359385240000043
代表模型正确预测出的欺诈样本数量,
Figure BDA0003359385240000044
代表模型错误预测为欺诈样本的数量,
Figure BDA0003359385240000045
代表模型正确预测出的良性样本数量,
Figure BDA0003359385240000046
代表模型错误预测为良性样本的数量;
Figure BDA0003359385240000043
represents the number of fraud samples correctly predicted by the model,
Figure BDA0003359385240000044
represents the number of samples that the model incorrectly predicted as fraudulent,
Figure BDA0003359385240000045
represents the number of benign samples correctly predicted by the model,
Figure BDA0003359385240000046
Represents the number of benign samples incorrectly predicted by the model;

计算各客户端本地数据集欺诈严重程度数值scCalculate the fraud severity value s c of each client's local data set:

各银行机构计算本地数据集欺诈样本严重程度数值为S(s1,s2……sC),欺诈严重程度参数sC与数据集大小、数据集包含的欺诈样本比例和欺诈金额正相关;Each banking institution calculates the value of the severity of fraud samples in the local dataset as S(s 1 , s 2 ...... s C ), and the fraud severity parameter s C is positively related to the size of the dataset, the proportion of fraud samples contained in the dataset, and the amount of fraud;

设共C家银行机构参与联邦训练,则在中央参数服务器聚合参数梯度信息时,第c家银行机构的本地机器学习模型的更新代入欺诈程度权重值的计算方法如下:Assuming that a total of C banking institutions participate in the federated training, when the central parameter server aggregates the parameter gradient information, the update of the local machine learning model of the c-th banking institution is substituted into the calculation method of the fraud degree weight value as follows:

Figure BDA0003359385240000047
Figure BDA0003359385240000047

公式(6)中,分子sc代表第c家银行数据集的欺诈严重级别,分母

Figure BDA0003359385240000048
代表所有参与联邦训练的银行数据集的欺诈级别总和,rc为第c家银行数据集的欺诈严重程度权值;In formula (6), the numerator sc represents the fraud severity level of the data set of the cth bank, and the denominator
Figure BDA0003359385240000048
Represents the sum of the fraud levels of all the bank datasets participating in the federation training, and rc is the fraud severity weight of the c -th bank dataset;

3)各客户端每轮次训练后中央参数服务器计算融合风险权重信息的各客户端的机器学习模型更新信息,即:3) After each round of training of each client, the central parameter server calculates the update information of the machine learning model of each client that fuses the risk weight information, namely:

Figure BDA0003359385240000049
Figure BDA0003359385240000049

公式(7)中,

Figure BDA00033593852400000410
代表第c家银行机构该轮次训练的风险权重,融合后面的本地机器学习模型参数更新信息
Figure BDA00033593852400000411
生成最终要聚合的欺诈检测模型参数更新信息
Figure BDA00033593852400000412
In formula (7),
Figure BDA00033593852400000410
Represents the risk weight of the c-th banking institution for this round of training, and integrates the following local machine learning model parameter update information
Figure BDA00033593852400000411
Generate the final aggregated fraud detection model parameter update information
Figure BDA00033593852400000412

优选地,所述的中央服务器将接收到的所有参数更新信息融合各客户端的风险权重信息进行安全聚合后,下发联合模型参数更新信息给各个客户端,各个客户端根据接收的联合模型更新信息进行本地的机器学习模型的参数更新,包括:Preferably, after the central server fuses all the received parameter update information with the risk weight information of each client for security aggregation, it sends the joint model parameter update information to each client, and each client updates the information according to the received joint model. Perform local machine learning model parameter updates, including:

联合训练中,中央联合异常检测模型的学习目标是:In joint training, the learning objectives of the central joint anomaly detection model are:

Figure BDA0003359385240000051
Figure BDA0003359385240000051

公式(8)代表最小化联合模型在所有银行数据集上面的平均损失,其中l(x,y;w)代表联合模型在所有数据集上面的平均损失,n代表所有银行数据集总的样本数量,l(xi,yi;w)代表联合模型在第i个样本上面的损失值;Formula (8) represents minimizing the average loss of the joint model on all bank data sets, where l(x, y; w) represents the average loss of the joint model on all data sets, and n represents the total sample size of all bank data sets , l(x i , y i ; w) represents the loss value of the joint model on the i-th sample;

根据数据集大小在各本地机器学习模型的分布特点,中央联合异常检测模型优化目标函数为:According to the distribution characteristics of the data set size in each local machine learning model, the optimization objective function of the central joint anomaly detection model is:

Figure BDA0003359385240000052
Figure BDA0003359385240000052

公式(9)中nc代表该银行拥有的本地数据集样本数量,n代表所有银行的数据集样本数量之和,Lc(xc,yc;w)代表联合模型在第c家银行数据集的样本上面的平均损失值,定义为:In formula (9), n c represents the number of samples in the local dataset owned by the bank, n represents the sum of the number of samples in the dataset of all banks, and L c (x c , y c ; w) represents the data of the joint model in the cth bank The average loss value over the samples of the set, defined as:

Figure BDA0003359385240000053
Figure BDA0003359385240000053

nc代表第c家银行拥有的本地数据集样本数量,l(xi,yi;w)代表联合模型在第c家银行数据集中第i个样本上面的损失值;n c represents the number of samples in the local dataset owned by the c-th bank, and l( xi , y i ; w) represents the loss value of the joint model on the i-th sample in the c-th bank’s dataset;

中央服务器将收到的各个客户端上传的参数更新信息融合风险权重信息进行安全聚合,得到联合模型参数更新信息,计算公式如下:The central server fuses the received parameter update information uploaded by each client with the risk weight information for secure aggregation, and obtains the joint model parameter update information. The calculation formula is as follows:

Figure BDA0003359385240000054
Figure BDA0003359385240000054

公式(11)中wt-1是上一轮训练的联合模型参数,

Figure BDA0003359385240000055
代表本轮次训练第c家银行本地机器学习模型的风险权重,
Figure BDA0003359385240000056
代表第c家银行本轮次迭代产生的模型参数更新信息。In formula (11), w t-1 is the joint model parameter of the previous round of training,
Figure BDA0003359385240000055
represents the risk weight of the local machine learning model of the c-th bank trained in this round,
Figure BDA0003359385240000056
Represents the model parameter update information generated by the current iteration of the cth bank.

wt即为本轮次更新后的联合模型参数;w t is the joint model parameter after this round of updating;

中央服务器将联合模型参数更新信息下发给各个客户端,各个客户端根据接收的联合模型参数更新信息进行本地的机器学习模型的更新,得到更新后的中央联合异常检测模型;上述流程将进行T轮迭代,直至整体中央联合异常检测模型达到收敛指标。The central server sends the joint model parameter update information to each client, and each client updates the local machine learning model according to the received joint model parameter update information, and obtains the updated central joint anomaly detection model; the above process will perform T Iterates until the overall central joint anomaly detection model reaches the convergence index.

由上述本发明的实施例提供的技术方案可以看出,本发明的方法通过风险权值聚合的方式强化提取相应参与方的优势特征,抑制提取各方劣势特征,从而改善模型训练迭代的流程及提升最终模型的性能。尤其是在金融欺诈识别等异常检测领域,对于异常数据检测的准确率和召回率进行提升。It can be seen from the technical solutions provided by the above embodiments of the present invention that the method of the present invention strengthens the extraction of the advantageous features of the corresponding participants by means of risk weight aggregation, and suppresses the extraction of the disadvantaged features of all parties, thereby improving the model training iteration process and process. Improve the performance of the final model. Especially in the field of anomaly detection such as financial fraud identification, the accuracy and recall rate of abnormal data detection are improved.

本发明附加的方面和优点将在下面的描述中部分给出,这些将从下面的描述中变得明显,或通过本发明的实践了解到。Additional aspects and advantages of the present invention will be set forth in part in the following description, which will become apparent from the following description, or may be learned by practice of the present invention.

附图说明Description of drawings

为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.

图1为本发明实施例提供的一种基于联邦学习的风险权重融合的异常检测方法的实现原理图;FIG. 1 is a schematic diagram of an implementation of an anomaly detection method based on federated learning risk weight fusion provided by an embodiment of the present invention;

图2为本发明实施例提供的一种基于联邦学习的风险权重融合的异常检测方法的处理流程图。FIG. 2 is a processing flowchart of an anomaly detection method based on federated learning risk weight fusion provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面详细描述本发明的实施方式,所述实施方式的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施方式是示例性的,仅用于解释本发明,而不能解释为对本发明的限制。Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and are only used to explain the present invention, but not to be construed as a limitation of the present invention.

本技术领域技术人员可以理解,除非特意声明,这里使用的单数形式“一”、“一个”、“所述”和“该”也可包括复数形式。应该进一步理解的是,本发明的说明书中使用的措辞“包括”是指存在所述特征、整数、步骤、操作、元件和/或组件,但是并不排除存在或添加一个或多个其他特征、整数、步骤、操作、元件、组件和/或它们的组。应该理解,当我们称元件被“连接”或“耦接”到另一元件时,它可以直接连接或耦接到其他元件,或者也可以存在中间元件。此外,这里使用的“连接”或“耦接”可以包括无线连接或耦接。这里使用的措辞“和/或”包括一个或更多个相关联的列出项的任一单元和全部组合。It will be understood by those skilled in the art that the singular forms "a", "an", "the" and "the" as used herein can include the plural forms as well, unless expressly stated otherwise. It should be further understood that the word "comprising" used in the description of the present invention refers to the presence of stated features, integers, steps, operations, elements and/or components, but does not preclude the presence or addition of one or more other features, Integers, steps, operations, elements, components and/or groups thereof. It will be understood that when we refer to an element as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Furthermore, "connected" or "coupled" as used herein may include wirelessly connected or coupled. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.

本技术领域技术人员可以理解,除非另外定义,这里使用的所有术语(包括技术术语和科学术语)具有与本发明所属领域中的普通技术人员的一般理解相同的意义。还应该理解的是,诸如通用字典中定义的那些术语应该被理解为具有与现有技术的上下文中的意义一致的意义,并且除非像这里一样定义,不会用理想化或过于正式的含义来解释。It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It should also be understood that terms such as those defined in general dictionaries should be understood to have meanings consistent with their meanings in the context of the prior art and, unless defined as herein, are not to be taken in an idealized or overly formal sense. explain.

为便于对本发明实施例的理解,下面将结合附图以几个具体实施例为例做进一步的解释说明,且各个实施例并不构成对本发明实施例的限定。In order to facilitate the understanding of the embodiments of the present invention, the following will take several specific embodiments as examples for further explanation and description in conjunction with the accompanying drawings, and each embodiment does not constitute a limitation to the embodiments of the present invention.

本发明实施例基于联邦学习(Federated Learning,FL)的风险权重聚合算法架构,解决数据训练过程中的数据孤岛问题,将各机构业务敏感数据在本地进行训练,并利用联邦学习架构在保证数据隐私的前提下构建中央联合异常检测模型,实现多源敏感数据模型融合学习。训练过程中基于卷积神经网络(Convolutional Neural Networks,CNN)进行各机构本地机器学习模型搭建,并提出风险权值聚合方式(Risk Weight FederatedAggregation,称为FedRWA)聚合各本地机器学习模型参数,使得中央联合异常检测模型能够精准获取各本地数据集欺诈风险特征,提升模型训练效果。The embodiment of the present invention is based on the risk weight aggregation algorithm architecture of Federated Learning (FL), solves the data island problem in the data training process, trains the business sensitive data of each institution locally, and uses the federated learning architecture to ensure data privacy. On the premise of building a central joint anomaly detection model, it realizes the fusion learning of multi-source sensitive data models. During the training process, the local machine learning model of each institution is built based on Convolutional Neural Networks (CNN), and a Risk Weight Federated Aggregation (called FedRWA) is proposed to aggregate the parameters of each local machine learning model, so that the central The joint anomaly detection model can accurately obtain the fraud risk characteristics of each local dataset and improve the model training effect.

本发明实施例提供的一种基于联邦学习的风险权重融合的异常检测方法的实现原理图如图1所示,具体处理流程如图2所示,包括如下的处理步骤:A schematic diagram of the implementation of an anomaly detection method based on federated learning and risk weight fusion provided by an embodiment of the present invention is shown in FIG. 1 , and a specific processing flow is shown in FIG. 2 , including the following processing steps:

步骤S10:将参与联邦学习的各银行机构视为客户端,各客户端建立相同网络结构的机器学习模型,中央参数服务器初始化机器学习模型的参数,并下发给各个客户端。Step S10 : each banking institution participating in the federated learning is regarded as a client, each client establishes a machine learning model with the same network structure, and the central parameter server initializes the parameters of the machine learning model and distributes it to each client.

步骤S20:在每轮迭代中,各个客户端的机器学习模型利用本地数据样本集训练迭代k次之后,提取参数更新信息,将参数更新信息融合本地风险权重信息,并加密处理后上传至中央服务器。Step S20: In each round of iteration, after the machine learning model of each client uses the local data sample set to train for k times, the parameter update information is extracted, the parameter update information is fused with the local risk weight information, and encrypted and uploaded to the central server.

步骤S30:中央服务器将接收到的所有参数更新信息及各客户端风险权重信息进行安全聚合后,下发联合模型更新信息给各个客户端,各个客户端根据接收的联合模型更新机制进行本地的机器学习模型的参数更新。Step S30: After the central server securely aggregates all the received parameter update information and the risk weight information of each client, it sends the joint model update information to each client, and each client performs a local machine according to the received joint model update mechanism. Parameter updates for the learned model.

重复执行上述步骤S20和步骤S30的迭代训练过程,直至各个客户端的机器学习模型收敛为止。然后,每个客户端利用训练好的机器学习模型进行本地的异常检测。The iterative training process of the above steps S20 and S30 is repeatedly performed until the machine learning model of each client converges. Then, each client utilizes the trained machine learning model for local anomaly detection.

上述步骤S10具体包括:设固定一组各本地的银行机构做为联邦学习的参与者,将各银行机构视为客户端,各个客户端分别建立自己的机器学习模型,各个机器学习模型的结构相同,初始化参数相同,所不同的是训练迭代过程中模型的具体参数。各个客户端通过通信网络与中央参数服务器连接和通信,训练中各客户端借助中央参数服务器进行参数信息安全聚合与同步。The above step S10 specifically includes: setting a fixed group of local banking institutions as participants in the federated learning, considering each banking institution as a client, each client establishing its own machine learning model, and the structure of each machine learning model is the same , the initialization parameters are the same, the difference is the specific parameters of the model during the training iteration process. Each client connects and communicates with the central parameter server through the communication network. During training, each client uses the central parameter server to safely aggregate and synchronize parameter information.

每个客户端独立利用自己的机器学习模型进行本地数据的异常检测,所有客户端的机器学习模型将在后续步骤经过通信迭代形成中央联合异常检测模型。Each client independently uses its own machine learning model for anomaly detection of local data, and the machine learning models of all clients will form a central joint anomaly detection model through communication iterations in subsequent steps.

上述步骤S20具体包括:设固定C家银行参与联合模型训练,每个银行机构都有一个本地的数据样本集,第c个银行机构的数据样本集为DcThe above-mentioned step S20 specifically includes: setting fixed C banks to participate in the joint model training, each banking institution has a local data sample set, and the data sample set of the c-th banking institution is D c :

Figure BDA0003359385240000081
Figure BDA0003359385240000081

Figure BDA0003359385240000082
是特征向量,
Figure BDA0003359385240000083
是标签,nc表示参与联邦学习的第c个银行机构的数据集的大小,C为银行机构的总数。
Figure BDA0003359385240000082
is the eigenvector,
Figure BDA0003359385240000083
is the label, n c represents the size of the dataset of the c-th banking institution participating in federated learning, and C is the total number of banking institutions.

由于不同的银行机构持有的数据集往往具有不同的特征,即他们具有不同数据集大小、不同的欺诈标签数量、不同的欺诈严重程度等。因此引入基于风险权重调节的联邦训练模型参数聚合策略,更好地捕获不同银行机构的欺诈样本特征。主要包括如下:Since the datasets held by different banking institutions tend to have different characteristics, i.e. they have different dataset sizes, different numbers of fraud labels, different fraud severity, etc. Therefore, a federated training model parameter aggregation strategy based on risk weight adjustment is introduced to better capture the characteristics of fraud samples from different banking institutions. Mainly include the following:

1)针对模型准确率

Figure BDA0003359385240000084
的权重调节策略:1) For model accuracy
Figure BDA0003359385240000084
The weight adjustment strategy of:

在联合模型聚合参数信息时,将各本地机器学习模型在该轮次训练中基于本地数据测试得到的模型准确率

Figure BDA0003359385240000085
作为权值,有效提取训练良好的本地机器学习模型信息,并加速整体模型的迭代收敛。When the joint model aggregates parameter information, the model accuracy obtained by each local machine learning model in this round of training based on local data testing
Figure BDA0003359385240000085
As weights, it effectively extracts well-trained local machine learning model information and accelerates the iterative convergence of the overall model.

2)针对欺诈严重程度的权重调节策略rc2) Weight adjustment strategy rc for fraud severity:

由于各银行机构在日常业务中遭受到的欺诈攻击数量、频次、金额不同,其收集到的数据集中分布着不同数量、不同程度欺诈的用户样本。银行对小额、简单欺诈风险尚能应对,但对于团伙大额欺诈等造成严重影响的欺诈行为是零容忍的。所以我们提出基于欺诈严重程度的风险权重调节策略rc,让联合模型在训练过程中重点吸收严重欺诈数据样本训练生成的模型,从而创建能够识别严重欺诈行为的共享模型,让参与联邦训练的所有银行机构从中受益。Due to the different number, frequency and amount of fraudulent attacks suffered by various banking institutions in their daily business, the collected data sets are distributed with different numbers and degrees of fraudulent user samples. Banks can still deal with small and simple fraud risks, but have zero tolerance for fraudulent behaviors such as gang large-value fraud that have serious impacts. Therefore, we propose a risk weight adjustment strategy rc based on the severity of fraud, so that the joint model will focus on absorbing the model generated by the training of serious fraud data samples during the training process, so as to create a shared model that can identify serious fraud, and let all participants in the federation training Banking institutions benefit from it.

将数据集样本欺诈严重程度进行风险级别划分或权值规则设定,可根据金融机构实际业务场景进行设置,以下列举一种划分方式:The severity of fraud in the dataset samples is divided into risk levels or weight rules, which can be set according to the actual business scenarios of financial institutions. The following is a classification method:

将各银行机构的数据样本集的风险级别定义为五级:The risk level of the data sample set of each banking institution is defined as five levels:

1级:数据集中没有欺诈样本,或者仅有微量小额欺诈样本,例如短时逾期样本;Level 1: There are no fraudulent samples in the data set, or there are only a small amount of fraudulent samples, such as short-term overdue samples;

2级:数据集中存在少量欺诈样本,欺诈金额较小,属于银行业务运营可以应对的日常信用风险。Level 2: There are a small number of fraudulent samples in the data set, and the amount of fraud is small, which is a daily credit risk that banking operations can deal with.

3级:数据集中包含较多欺诈样本,欺诈金额较小,但需银行关注并防范欺诈风险。Level 3: There are many fraud samples in the data set, and the amount of fraud is small, but the bank needs to pay attention to and prevent fraud risks.

4级:数据集中包含较多欺诈样本,且存在欺诈金额较大的个例,对银行业务产生一定影响,需要重点分析与防范。Level 4: There are many fraud samples in the data set, and there are individual cases with a large amount of fraud, which have a certain impact on the banking business and need to focus on analysis and prevention.

5级:数据集中包含团伙欺诈等数量多、金额大、发生频繁的样本案例,对应业务产生严重影响,需要进行问题溯源和调查防范。Level 5: The data set contains gang fraud and other sample cases with a large number, a large amount, and frequent occurrences, which have a serious impact on the corresponding business, and need to be traced to the source of the problem and investigated and prevented.

根据各银行机构的数据样本集训练本地机器学习模型得到的参数更新信息及其风险权重确定各银行机构的欺诈检测模型参数更新信息t。在每一轮通信迭代t=1,2,…中,每家银行机构在基于自己数据样本集上进行机器学习模型训练,计算本轮训练的参数更新信息

Figure BDA0003359385240000091
并计算本轮训练的风险权重信息包括本地模型准确率
Figure BDA0003359385240000092
和数据集欺诈严重程度sc,融合
Figure BDA0003359385240000093
sc作为欺诈检测模型参数更新信息上传至中央参数服务器。The parameter update information t of each banking institution's fraud detection model is determined according to the parameter update information and its risk weight obtained by training the local machine learning model on the data sample set of each banking institution. In each round of communication iteration t=1,2,..., each banking institution conducts machine learning model training based on its own data sample set, and calculates the parameter update information of this round of training
Figure BDA0003359385240000091
And calculate the risk weight information of this round of training, including the local model accuracy
Figure BDA0003359385240000092
and dataset fraud severity sc , fused
Figure BDA0003359385240000093
s c is uploaded to the central parameter server as the parameter update information of the fraud detection model.

1):

Figure BDA0003359385240000094
代表第c家银行机构第t轮训练中获得的参数更新信息,如公式所示。1):
Figure BDA0003359385240000094
Represents the parameter update information obtained in the t-th round of training for the c-th banking institution, as shown in the formula.

Figure BDA0003359385240000095
Figure BDA0003359385240000095

其中,wt-1代表上一轮次联合模型参数,

Figure BDA0003359385240000096
代表本轮次第c家银行进行本地机器学习模型训练迭代生成的新的模型参数。根据本地机器学习模型训练时随机梯度下降批次大小B和数据集迭代次数E的不同,
Figure BDA0003359385240000097
代表完成一整个训练轮次迭代的所有梯度更新之后的参数。Among them, w t-1 represents the joint model parameters of the previous round,
Figure BDA0003359385240000096
New model parameters generated iteratively by local machine learning model training on behalf of the c-th bank in this round. According to the difference between the stochastic gradient descent batch size B and the number of dataset iterations E when the local machine learning model is trained,
Figure BDA0003359385240000097
Represents the parameters after completing all gradient updates for an entire training epoch.

针对每次梯度下降训练过程,本地机器学习模型参数根据私有数据集上测试的损失按照学习速率η进行梯度更新。如公式所示:For each gradient descent training process, the local machine learning model parameters are gradient updated at the learning rate η based on the loss tested on the private dataset. As the formula shows:

Figure BDA0003359385240000098
Figure BDA0003359385240000098

Figure BDA0003359385240000099
代表第c家银行本地数据集训练时模型的平均损失对当前参数
Figure BDA00033593852400000910
的梯度,损失值Lc(xc,yc;wt)由每个数据样本的损失在该银行数据集所有样本上求均值而得,如公式所示。
Figure BDA0003359385240000099
Represents the average loss of the model when training on the local dataset of the cth bank versus the current parameters
Figure BDA00033593852400000910
The gradient of , the loss value L c (x c , y c ; w t ) is obtained by averaging the loss of each data sample over all samples in the bank dataset, as shown in the formula.

Figure BDA00033593852400000911
Figure BDA00033593852400000911

其中,l(xi,yi;wt)代表单个样本的损失,Dc代表第c家银行的数据集样本空间,nc代表第c家银行的数据集样本数量。Among them, l(x i , yi ; w t ) represents the loss of a single sample, D c represents the dataset sample space of the cth bank, and nc represents the number of dataset samples of the cth bank.

2)针对每个客户端每轮训练的风险权重信息说明如下:2) The risk weight information for each round of training for each client is described as follows:

a)计算模型准确率

Figure BDA0003359385240000101
a) Calculate the model accuracy
Figure BDA0003359385240000101

模型准确率

Figure BDA0003359385240000102
代表某家银行该轮次训练所得本地机器学习模型预测正确数量所占样本总量的比例。具体计算公式如下:Model accuracy
Figure BDA0003359385240000102
It represents the proportion of the correct number of predictions made by the local machine learning model of a bank in this round of training to the total sample. The specific calculation formula is as follows:

Figure BDA0003359385240000103
Figure BDA0003359385240000103

Figure BDA0003359385240000104
代表模型正确预测出的欺诈样本数量,
Figure BDA0003359385240000105
代表模型错误预测为欺诈样本的数量,
Figure BDA0003359385240000106
代表模型正确预测出的良性样本数量,
Figure BDA0003359385240000107
代表模型错误预测为良性样本的数量。
Figure BDA0003359385240000104
represents the number of fraud samples correctly predicted by the model,
Figure BDA0003359385240000105
represents the number of samples that the model incorrectly predicted as fraudulent,
Figure BDA0003359385240000106
represents the number of benign samples correctly predicted by the model,
Figure BDA0003359385240000107
Represents the number of samples that the model incorrectly predicted as benign.

b)计算各客户端本地数据集欺诈(或异常)严重程度级别sc和权重rc b ) Calculate the fraud (or anomaly) severity level s c and weight rc of each client's local dataset:

设各银行机构的数据集欺诈样本严重程度为s(s1,s2……sC),共C家银行机构参与联邦训练,则在联合模型聚合参数梯度信息时,则第c家银行机构的本地机器学习模型的更新代入欺诈程度权重值的计算方法如下:Suppose the severity of the fraud samples in the dataset of each banking institution is s(s 1 , s 2 ...... s C ), and a total of C banking institutions participate in the federal training, then when the joint model aggregates the parameter gradient information, then the c th banking institution The update of the local machine learning model is substituted into the calculation method of the fraud degree weight value as follows:

Figure BDA0003359385240000108
Figure BDA0003359385240000108

公式(6)中,分子sc代表第c家银行数据集的欺诈严重级别,分母

Figure BDA0003359385240000109
代表所有参与联邦训练的银行数据集的欺诈级别总和。rc即为第c家银行数据集的欺诈严重程度权值。In formula (6), the numerator sc represents the fraud severity level of the data set of the cth bank, and the denominator
Figure BDA0003359385240000109
Represents the sum of fraud levels across all datasets of banks participating in federation training. rc is the fraud severity weight of the cth bank dataset.

例如3家银行参与联邦训练,他们本地数据集欺诈严重程序标记为1级,3级和5级,则聚合第2家银行本地机器学习模型将代入权重值For example, 3 banks participate in federated training, and their local datasets are marked with serious fraud procedures as level 1, level 3 and level 5, then the aggregated local machine learning model of the second bank will substitute the weight value

r2=3/1+3+5=1/3.r 2 =3/1+3+5=1/3.

3)各客户端每轮次训练后中央参数服务器计算融合风险权重信息的本地机器学习模型更新信息进行聚合。即:3) After each round of training of each client, the central parameter server calculates and aggregates the local machine learning model update information fused with risk weight information. which is:

Figure BDA00033593852400001010
Figure BDA00033593852400001010

公式(7)中,

Figure BDA00033593852400001011
代表第c家银行机构该轮次训练的风险权重,融合后面的本地机器学习模型参数更新信息
Figure BDA00033593852400001012
生成最终联合模型进行聚合的欺诈检测模型参数更新信息
Figure BDA00033593852400001013
In formula (7),
Figure BDA00033593852400001011
Represents the risk weight of the c-th banking institution for this round of training, and integrates the following local machine learning model parameter update information
Figure BDA00033593852400001012
Fraud detection model parameter update information for generating the final joint model for aggregation
Figure BDA00033593852400001013

上述步骤S30具体包括:联合训练中,中央联合异常检测模型的学习目标是:The above step S30 specifically includes: in the joint training, the learning objectives of the central joint anomaly detection model are:

Figure BDA0003359385240000111
Figure BDA0003359385240000111

公式(8)代表最小化联合模型在所有银行数据集上面的平均损失,其中l(x,y;w)代表联合模型在所有数据集上面的平均损失,n代表所有银行数据集总的样本数量,l(xi,yi;w)代表联合模型在第i个样本上面的损失值。Formula (8) represents minimizing the average loss of the joint model on all bank data sets, where l(x, y; w) represents the average loss of the joint model on all data sets, and n represents the total sample size of all bank data sets , l(x i , y i ; w) represents the loss value of the joint model on the i-th sample.

根据数据集大小在各本地机器学习模型的分布特点,中央联合异常检测模型优化目标函数可改写为:According to the distribution characteristics of the data set size in each local machine learning model, the optimization objective function of the central joint anomaly detection model can be rewritten as:

Figure BDA0003359385240000112
Figure BDA0003359385240000112

公式(9)中nc代表该银行拥有的本地数据集样本数量,n代表所有银行的数据集样本数量之和。Lc(xc,yc;w)代表联合模型在第c家银行数据集的样本上面的平均损失值。定义为:In formula (9), n c represents the number of local data set samples owned by the bank, and n represents the sum of the data set samples of all banks. L c (x c , y c ; w) represents the average loss value of the joint model over the samples of the c-th bank dataset. defined as:

Figure BDA0003359385240000113
Figure BDA0003359385240000113

nc代表第c家银行拥有的本地数据集样本数量,l(xi,yi;w)代表联合模型在第c家银行数据集中第i个样本上面的损失值。n c represents the number of samples in the local dataset owned by the c-th bank, and l( xi , y i ; w) represents the loss value of the joint model on the i-th sample in the c-th bank's dataset.

在本方法中,中央服务器将收到的各个客户端上传的参数更新信息融合风险权重信息进行安全聚合,得到联合模型参数更新信息,将联合模型参数更新信息下发给各个客户端,各个客户端根据接收的联合模型参数更新信息进行本地的机器学习模型的更新,得到更新后的中央联合异常检测模型。In this method, the central server fuses the received parameter update information uploaded by each client with the risk weight information for security aggregation, obtains the joint model parameter update information, and issues the joint model parameter update information to each client. The local machine learning model is updated according to the received joint model parameter update information, and an updated central joint anomaly detection model is obtained.

Figure BDA0003359385240000114
Figure BDA0003359385240000114

公式(11)中wt-1是上一轮训练的联合模型参数,

Figure BDA0003359385240000115
代表本轮次训练第c家银行本地机器学习模型的风险权重,
Figure BDA0003359385240000116
代表第c家银行本轮次迭代产生的模型参数更新信息。wt即为本轮次更新后的联合模型参数。In formula (11), w t-1 is the joint model parameter of the previous round of training,
Figure BDA0003359385240000115
represents the risk weight of the local machine learning model of the c-th bank trained in this round,
Figure BDA0003359385240000116
Represents the model parameter update information generated by the current iteration of the cth bank. w t is the joint model parameter after this round of updating.

上述流程将进行T轮迭代,直至整体中央联合异常检测模型达到收敛指标。The above process will go through T rounds of iterations until the overall central joint anomaly detection model reaches the convergence index.

以上算法记为:风险权重调节的联邦聚合算法(Risk Weight FederatedAggregation,称为FedRWA)。The above algorithm is recorded as: Risk Weight Federated Aggregation (Risk Weight Federated Aggregation, called FedRWA).

综上所述,与现有技术在联合模型训练时将参与各方同等对待相比,本发明的方法能够在联合模型训练过程中根据各参与方的模型和数据集的特征进行具体分析,通过风险权值聚合的方式强化提取相应参与方的优势特征,抑制提取各方劣势特征,从而改善模型训练迭代的流程及提升最终模型的性能。尤其是在金融欺诈识别等异常检测领域,对于异常数据检测的准确率和召回率进行提升。To sum up, compared with the prior art that treats all parties equally during joint model training, the method of the present invention can specifically analyze the characteristics of each participant's model and data set during the joint model training process. The aggregation of risk weights strengthens the extraction of the advantageous features of the corresponding participants and suppresses the extraction of the disadvantaged features of all parties, thereby improving the model training iteration process and improving the performance of the final model. Especially in the field of anomaly detection such as financial fraud identification, the accuracy and recall rate of abnormal data detection are improved.

本发明实施例针对各机构模型在训练过程中的具体表现,如本地数据验证准确率

Figure BDA0003359385240000121
来进行多模型参数的加权聚合。这样在模型参数聚合时能有效提取各机构中训练效果较好的模型参数更新信息,加速整体模型训练的迭代收敛,缩短训练所需时间。The embodiment of the present invention is aimed at the specific performance of each institutional model in the training process, such as the local data verification accuracy rate
Figure BDA0003359385240000121
to perform weighted aggregation of multiple model parameters. In this way, when the model parameters are aggregated, the update information of the model parameters with better training effect in each institution can be effectively extracted, the iterative convergence of the overall model training can be accelerated, and the time required for training can be shortened.

本发明实施例针对各机构数据集中欺诈样本的统计特征和欺诈严重程度特征进行分析,定义欺诈风险权值分级模型,依据不同的风险权值对各机构模型参数进行有偏聚合。通过精准提取各机构数据集的欺诈样本特征进行模型参数聚合,有效提升中央联合异常检测模型对欺诈样本识别能力,从而提高金融欺诈检测的效果,能够有效检出大额欺诈样本。The embodiment of the present invention analyzes the statistical characteristics and fraud severity characteristics of fraud samples in each institution's data set, defines a fraud risk weight classification model, and performs biased aggregation of each institution model parameter according to different risk weights. By accurately extracting the characteristics of fraud samples from each institution's datasets for model parameter aggregation, the ability of the central joint anomaly detection model to identify fraud samples can be effectively improved, thereby improving the effect of financial fraud detection and effectively detecting large-amount fraud samples.

本领域普通技术人员可以理解:附图只是一个实施例的示意图,附图中的模块或流程并不一定是实施本发明所必须的。Those of ordinary skill in the art can understand that the accompanying drawing is only a schematic diagram of an embodiment, and the modules or processes in the accompanying drawing are not necessarily necessary to implement the present invention.

通过以上的实施方式的描述可知,本领域的技术人员可以清楚地了解到本发明可借助软件加必需的通用硬件平台的方式来实现。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus a necessary general hardware platform. Based on this understanding, the technical solutions of the present invention can be embodied in the form of software products in essence or the parts that make contributions to the prior art. The computer software products can be stored in storage media, such as ROM/RAM, magnetic disks, etc. , CD, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in various embodiments or some parts of the embodiments of the present invention.

本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于装置或系统实施例而言,由于其基本相似于方法实施例,所以描述得比较简单,相关之处参见方法实施例的部分说明即可。以上所描述的装置及系统实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the apparatus or system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts. The apparatus and system embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, It can be located in one place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above description is only a preferred embodiment of the present invention, but the protection scope of the present invention is not limited to this. Substitutions should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.

Claims (5)

1. An anomaly detection method based on risk weight fusion of federal learning is characterized by comprising the following steps:
taking each bank organization participating in federal learning as a client, respectively establishing machine learning models with the same structure by each client, and issuing initial parameters of each machine learning model by a central parameter server;
in each iteration, after the machine learning model of each client side is iteratively trained by using a local data sample set, extracting parameter updating information and risk weight information of the current iteration of training, and uploading the parameter updating information and the risk weight information to a central server;
and the central server fuses all the received parameter updating information with the risk weight information of each client for safety aggregation, and then sends the combined model parameter updating information to each client, each client updates the parameters of the local machine learning model according to the received combined model updating information, and each client performs anomaly detection on local data by using the own machine learning model.
2. The method according to claim 1, wherein the step of regarding each banking institution participating in federal learning as a client, each client respectively establishes a machine learning model with the same structure, and initial parameters of each machine learning model are issued by a central parameter server, comprises:
a group of local bank organizations are set as participants of federal learning, the bank organizations are regarded as clients, the clients respectively establish own machine learning models, the structures of the machine learning models are the same, initialization parameters issued by a central parameter server are the same, the clients perform parameter information safety aggregation and synchronization by means of the central parameter server during training, each client independently utilizes the own machine learning model to perform local data anomaly detection, and the machine learning models of all the clients form a central combined anomaly detection model through communication iteration.
3. The method of claim 1, wherein in each iteration, after the machine learning model of each client is iteratively trained by using the local data sample set, extracting parameter update information and risk weight information of the current round of training, and uploading the parameter update information and the risk weight information to the central server, the method comprises:
c fixed banks are set to participate in the joint model training, each bank organization has a local data sample set, and the data sample set of the C bank organization is Dc
Figure FDA0003359385230000011
Figure FDA0003359385230000012
Is a vector of the features of the image,
Figure FDA0003359385230000013
is a label, ncRepresenting the size of a data set of the C-th banking institution participating in federal learning, wherein C is the total number of the banking institutions;
in each round of training iteration t being 1,2, …, each banking institution performs machine learning model training on the basis of own data sample set, and calculates parameter updating information of the round of training
Figure FDA0003359385230000021
Calculating the risk weight information of the training of the current round: model accuracy
Figure FDA0003359385230000022
And a weight adjustment policy s for the severity of fraudcWill be
Figure FDA0003359385230000023
And scAnd uploading to a central parameter server.
4. The method of claim 3, wherein the step of removing the substrate comprises removing the substrate from the substrateEach bank organization conducts machine learning model training on the basis of own data sample set and calculates the parameter updating information of the current training
Figure FDA0003359385230000024
Calculating the risk weight information of the training of the current round: model accuracy
Figure FDA0003359385230000025
And a weight adjustment policy s for the severity of fraudcWill be
Figure FDA0003359385230000026
And scUploading to a central parameter server for security aggregation, comprising:
1):
Figure FDA0003359385230000027
representing the parameter updating information obtained in the t round of training of the c-th banking institution, the specific calculation formula is as follows:
Figure FDA0003359385230000028
wherein, wt-1Representing the parameters of the combined model in the previous round,
Figure FDA0003359385230000029
representing the new model parameters generated by local machine learning model training iteration performed by the c-th bank in the turn, each client locally completes multiple iterations,
Figure FDA00033593852300000210
representing the parameters after all gradient updates for the entire joint training round iteration are completed;
for each gradient descent training process, the local machine learning model parameters are subjected to gradient updating according to the loss tested on the data sample set and the learning rate eta, and the specific calculation formula is as follows:
Figure FDA00033593852300000211
Figure FDA00033593852300000212
representing the average loss of the model to the current parameter when the c-th bank local data set is trained
Figure FDA00033593852300000213
Gradient of (2), loss value Lc(xc,yc;wt) The loss of each data sample is averaged over all samples of the bank data set, and the specific calculation formula is as follows:
Figure FDA00033593852300000214
wherein, l (x)i,yi;wt) Representing the loss of a single sample, DcSample space of data set, n, representing the c-th bankcA data set sample number representing a c-th bank;
2) calculating model accuracy
Figure FDA00033593852300000215
Model accuracy
Figure FDA0003359385230000031
Representing the proportion of the predicted correct number of the local machine learning model obtained by the training of the round of a certain bank to the total amount of the samples, the specific calculation formula is as follows:
Figure FDA0003359385230000032
Figure FDA0003359385230000033
representing the number of fraud samples correctly predicted by the model,
Figure FDA0003359385230000034
the representative model mispredicts to the number of rogue samples,
Figure FDA0003359385230000035
representing the number of benign samples that the model correctly predicts,
Figure FDA0003359385230000036
representing the number of samples the model mispredicted as benign;
calculating fraud severity value s of each client local data setc
Each banking institution calculates a local data set fraud sample severity value S (S)1,s2……sC) Fraud severity parameter sCPositively correlated with the size of the data set, the proportion of fraud samples contained in the data set and the amount of fraud;
if a C bank institution participates in federal training, when a central parameter server aggregates parameter gradient information, the calculation method of substituting the update of the local machine learning model of the C bank institution into the fraud degree weight value is as follows:
Figure FDA0003359385230000037
in formula (6), the molecule scRepresenting the fraud severity level, denominator, of the c-th bank data set
Figure FDA0003359385230000038
Sum of fraud levels, r, representing all bank data sets participating in federal trainingcThe fraud severity weight of the data set of the c-th bank;
3) after each round of training of each client, the central parameter server calculates the machine learning model update information of each client fusing the risk weight information, namely:
Figure FDA0003359385230000039
in the formula (7), the first and second groups,
Figure FDA00033593852300000310
representing the risk weight of the c-th banking institution in the round of training, fusing the parameter updating information of the subsequent local machine learning model
Figure FDA00033593852300000311
Generating fraud detection model parameter updates to be aggregated eventually
Figure FDA00033593852300000312
5. The method according to claim 3 or 4, wherein the central server performs security aggregation by fusing all the received parameter update information with risk weight information of each client, and then issues the associated model parameter update information to each client, and each client performs parameter update of the local machine learning model according to the received associated model update information, including:
in the joint training, the learning targets of the central joint anomaly detection model are as follows:
Figure FDA0003359385230000041
equation (8) represents minimizing the average loss of the federated model over all the bank data sets, where l (x, y; w) represents the average loss of the federated model over all the data sets, n represents the number of samples aggregated over all the bank data sets, and l (x)i,yi(ii) a w) represents the loss value of the combined model above the ith sample;
according to the distribution characteristics of the data set size in each local machine learning model, the optimization objective function of the central combined anomaly detection model is as follows:
Figure FDA0003359385230000042
n in formula (9)cRepresenting the number of local data set samples owned by the bank, n representing the sum of the number of data set samples for all banks, Lc(xc,yc(ii) a w) represents the average loss value of the federation model over the sample of the set of family c bank data, defined as:
Figure FDA0003359385230000043
ncrepresenting the number of local data set samples owned by the c-th bank, l (x)i,yi(ii) a w) represents the loss value of the federation model on the ith sample in the c bank dataset;
the central server carries out safety aggregation on the received parameter updating information uploaded by each client and the risk weight information to obtain the parameter updating information of the combined model, and the calculation formula is as follows:
Figure FDA0003359385230000044
w in formula (11)t-1Is the combined model parameter of the previous round of training,
Figure FDA0003359385230000045
representing the risk weight of the local machine learning model of the c-th bank in the training round,
Figure FDA0003359385230000046
and representing the updated information of the model parameters generated by the current iteration of the c-th bank. w is atThe parameters are the parameters of the combined model after the updating of the round;
the central server sends the combined model parameter updating information to each client, and each client updates a local machine learning model according to the received combined model parameter updating information to obtain an updated central combined anomaly detection model; the above process will perform T-round iteration until the overall central combined anomaly detection model reaches the convergence index.
CN202111362361.7A 2021-11-17 2021-11-17 Abnormality detection method for risk weight fusion based on federal learning Active CN114358912B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111362361.7A CN114358912B (en) 2021-11-17 2021-11-17 Abnormality detection method for risk weight fusion based on federal learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111362361.7A CN114358912B (en) 2021-11-17 2021-11-17 Abnormality detection method for risk weight fusion based on federal learning

Publications (2)

Publication Number Publication Date
CN114358912A true CN114358912A (en) 2022-04-15
CN114358912B CN114358912B (en) 2024-10-15

Family

ID=81095574

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111362361.7A Active CN114358912B (en) 2021-11-17 2021-11-17 Abnormality detection method for risk weight fusion based on federal learning

Country Status (1)

Country Link
CN (1) CN114358912B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114723071A (en) * 2022-04-26 2022-07-08 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) A federated learning method and device based on client classification and information entropy
CN114785605A (en) * 2022-04-28 2022-07-22 中国电信股份有限公司 Method, device and equipment for determining network anomaly detection model and storage medium
CN114912705A (en) * 2022-06-01 2022-08-16 南京理工大学 Optimization method for heterogeneous model fusion in federated learning
CN114926154A (en) * 2022-07-20 2022-08-19 江苏华存电子科技有限公司 Protection switching method and system for multi-scene data identification
CN115170565A (en) * 2022-09-06 2022-10-11 浙商银行股份有限公司 Image fraud detection method and device based on automatic neural network architecture search
CN115880086A (en) * 2022-11-02 2023-03-31 中电信数智科技有限公司 A Method for Predicting Abnormal Financial Expenditure Behavior Based on Distributed Model Training
CN116703553A (en) * 2023-08-07 2023-09-05 浙江鹏信信息科技股份有限公司 Financial anti-fraud risk monitoring method, system and readable storage medium
CN117274274A (en) * 2023-10-10 2023-12-22 北京交通大学 Priori knowledge-based domain generalization medical image segmentation method and system
WO2024039301A1 (en) * 2022-08-19 2024-02-22 National University Of Singapore Federation of scoring systems

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111105240A (en) * 2019-12-12 2020-05-05 中国科学院深圳先进技术研究院 Resource-sensitive combined financial fraud detection model training method and detection method
CN113033712A (en) * 2021-05-21 2021-06-25 华中科技大学 Multi-user cooperative training people flow statistical method and system based on federal learning
CN113112027A (en) * 2021-04-06 2021-07-13 杭州电子科技大学 Federal learning method based on dynamic adjustment model aggregation weight
CN113609521A (en) * 2021-07-27 2021-11-05 广州大学 Federated learning privacy protection method and system based on countermeasure training

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111105240A (en) * 2019-12-12 2020-05-05 中国科学院深圳先进技术研究院 Resource-sensitive combined financial fraud detection model training method and detection method
CN113112027A (en) * 2021-04-06 2021-07-13 杭州电子科技大学 Federal learning method based on dynamic adjustment model aggregation weight
CN113033712A (en) * 2021-05-21 2021-06-25 华中科技大学 Multi-user cooperative training people flow statistical method and system based on federal learning
CN113609521A (en) * 2021-07-27 2021-11-05 广州大学 Federated learning privacy protection method and system based on countermeasure training

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JING JIANG ET. AL: ""Decentralized Knowledge Acquisition for Mobile Internet Applications"", 《WORLD WIDE WEB(2020)》, pages 2653 - 2669 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114723071A (en) * 2022-04-26 2022-07-08 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) A federated learning method and device based on client classification and information entropy
CN114723071B (en) * 2022-04-26 2023-04-07 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Federal learning method and device based on client classification and information entropy
CN114785605B (en) * 2022-04-28 2023-12-12 中国电信股份有限公司 Determination method, device, equipment and storage medium of network anomaly detection model
CN114785605A (en) * 2022-04-28 2022-07-22 中国电信股份有限公司 Method, device and equipment for determining network anomaly detection model and storage medium
CN114912705A (en) * 2022-06-01 2022-08-16 南京理工大学 Optimization method for heterogeneous model fusion in federated learning
CN114926154A (en) * 2022-07-20 2022-08-19 江苏华存电子科技有限公司 Protection switching method and system for multi-scene data identification
WO2024039301A1 (en) * 2022-08-19 2024-02-22 National University Of Singapore Federation of scoring systems
CN115170565A (en) * 2022-09-06 2022-10-11 浙商银行股份有限公司 Image fraud detection method and device based on automatic neural network architecture search
CN115170565B (en) * 2022-09-06 2022-12-27 浙商银行股份有限公司 Image fraud detection method and device based on automatic neural network architecture search
CN115880086A (en) * 2022-11-02 2023-03-31 中电信数智科技有限公司 A Method for Predicting Abnormal Financial Expenditure Behavior Based on Distributed Model Training
CN116703553B (en) * 2023-08-07 2023-12-05 浙江鹏信信息科技股份有限公司 Financial anti-fraud risk monitoring method, system and readable storage medium
CN116703553A (en) * 2023-08-07 2023-09-05 浙江鹏信信息科技股份有限公司 Financial anti-fraud risk monitoring method, system and readable storage medium
CN117274274A (en) * 2023-10-10 2023-12-22 北京交通大学 Priori knowledge-based domain generalization medical image segmentation method and system

Also Published As

Publication number Publication date
CN114358912B (en) 2024-10-15

Similar Documents

Publication Publication Date Title
CN114358912A (en) An anomaly detection method based on federated learning and risk weight fusion
CN108960833B (en) A method, device and storage medium for identifying abnormal transactions based on heterogeneous financial characteristics
US10754936B1 (en) Behavioral profiling method and system to authenticate a user
US10091180B1 (en) Behavioral profiling method and system to authenticate a user
Quah et al. Real-time credit card fraud detection using computational intelligence
CN108734380B (en) Risk account determination method and device and computing equipment
Kawa et al. Credit risk assessment from combined bank records using federated learning
Tam et al. Federated noisy client learning
CN109344583B (en) Threshold determination and body verification method and device, electronic equipment and storage medium
CN111325619A (en) A method and device for updating a credit card fraud detection model based on joint learning
CN112801780B (en) Method, device and system for identifying overseas and overseas risk clients based on federal learning
CN110084609B (en) Transaction fraud behavior deep detection method based on characterization learning
WO2022142903A1 (en) Identity recognition method and apparatus, electronic device, and related product
Badawi et al. Detection of money laundering in bitcoin transactions
US20230186311A1 (en) Fraud Detection Methods and Systems Based on Evolution-Based Black-Box Attack Models
CN114817946A (en) A Federated Learning Gradient Boosting Decision Tree Training Method Based on Trusted Execution Environment
CN117633500A (en) Risk anti-fraud identification method, device, equipment and storage medium
CN114492827A (en) Block chain technology-based federated learning model watermark reinforcement method and application
CN111260372A (en) Resource transfer user group determination method, device, computer equipment and storage medium
Khodabakhshi et al. Fraud detection in banking using knn (k-nearest neighbor) algorithm
CN112907354A (en) Intelligent matching system for automobile financial products
Wang Analysis of financial business model towards big data and its applications
Daliri et al. Vector Result Rate (VRR): A Novel Method for Fraud Detection in Mobile Payment Systems
CN113393316B (en) Loan overall process accurate wind control and management system based on massive big data and core algorithm
Lian et al. Find: privacy-enhanced federated learning for intelligent fake news detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant