CN114445088A - Method and device for judging fraudulent conduct, electronic equipment and storage medium - Google Patents
Method and device for judging fraudulent conduct, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114445088A CN114445088A CN202210037379.8A CN202210037379A CN114445088A CN 114445088 A CN114445088 A CN 114445088A CN 202210037379 A CN202210037379 A CN 202210037379A CN 114445088 A CN114445088 A CN 114445088A
- Authority
- CN
- China
- Prior art keywords
- buried point
- point data
- risk
- data
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000006399 behavior Effects 0.000 claims abstract description 70
- 238000004590 computer program Methods 0.000 claims description 18
- 238000012544 monitoring process Methods 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 230000001960 triggered effect Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004931 aggregating effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
- G06Q30/0185—Product, service or business identity fraud
Landscapes
- Business, Economics & Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Finance (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention provides a method and a device for judging fraudulent behaviors, electronic equipment and a storage medium, wherein the method comprises the following steps: collecting buried point data of a target application; the buried point data is data collected through a buried point program when the operation behavior of a user on the target application triggers the buried point program in the target application; determining the risk type of the buried point data; acquiring a target risk judgment condition corresponding to the risk type; and when the buried point data meets the target risk judgment condition, judging that the operation behavior of the user corresponding to the buried point data on the target application is a fraud behavior. The embodiment of the invention judges the operation behavior of the user by flexibly setting the embedded point and self-defining the risk judgment condition, thereby realizing real-time and comprehensive monitoring and early warning of the operation with high fraud risk of the target application.
Description
Technical Field
The embodiment of the invention relates to the technical field of networks, in particular to a method for judging fraudulent conduct, a device for judging fraudulent conduct, electronic equipment and a storage medium.
Background
With the rapid development of internet technology, various internet applications are generated in the market, the application requirements of online payment and transaction are increased year by year, and various practical application scenes are complicated. For financial or other applications with online transactions, the risk of fraud is also increasing.
At present, anti-fraud monitoring is mostly based on page query of current high-risk data, the high-risk data are single, monitoring items and monitoring indexes cannot be expanded practically, security prevention of fraud groups cannot be carried out in time, the fraud groups are found afterwards, and then lack and omission are checked, and early warning and judgment on fraud are difficult to carry out before the fraud occurs.
Disclosure of Invention
The embodiment of the invention provides a method for judging fraudulent behaviors, which aims to solve the problem that the prior art cannot perform early warning and judgment on the fraudulent behaviors in real time.
Correspondingly, the embodiment of the invention also provides a device for judging the fraudulent conduct, which is used for ensuring the realization and the application of the method.
In order to solve the above problem, an embodiment of the present invention discloses a method for determining a fraudulent conduct, where the method includes:
collecting buried point data of a target application; the buried point data is data collected through a buried point program when the operation behavior of a user on the target application triggers the buried point program in the target application;
determining the risk type of the buried point data;
acquiring a target risk judgment condition corresponding to the risk type;
and when the buried point data accords with the target risk judgment condition, judging that the operation behavior of the user corresponding to the buried point data on the target application is a fraud behavior.
Optionally, the determining the risk type of the buried point data includes:
acquiring a data identifier corresponding to the buried point data; the data identification is obtained by marking when the buried point program collects the buried point data;
and determining the risk type of the buried point data according to the data identification.
Optionally, the obtaining a target risk judgment condition corresponding to the risk type includes:
acquiring a risk judgment condition; the risk judgment condition has a corresponding rule type;
and acquiring a risk judgment condition with the rule type being the same as the risk type as a target risk judgment condition.
Optionally, after the determining that the operation behavior of the user corresponding to the buried point data on the target application is a fraudulent behavior when the buried point data meets the target risk determination condition, the method further includes:
generating statistical information according to the buried point data, the risk type and the target risk judgment condition;
and adopting the statistical information to carry out early warning.
Optionally, the buried point data at least includes one of device information, an IP address, location information, and network information of the terminal device where the target application is located.
Optionally, the method further comprises:
counting the times of fraudulent behaviors in each area;
and when the frequency of the area with the fraudulent conduct exceeds a preset threshold value, early warning is carried out on the area.
The embodiment of the invention also discloses a device for judging the fraudulent conduct, which comprises:
the buried point data acquisition module is used for acquiring buried point data of the target application; the buried point data is data collected through a buried point program when the operation behavior of a user on the target application triggers the buried point program in the target application;
the risk type determining module is used for determining the risk type of the buried point data;
a target risk judgment condition obtaining module, configured to obtain a target risk judgment condition corresponding to the risk type;
and the fraud behavior judging module is used for judging that the operation behavior of the user corresponding to the buried point data on the target application is fraud behavior when the buried point data meets the target risk judgment condition.
Optionally, the risk type determining module is configured to obtain a data identifier corresponding to the buried point data; the data identification is obtained by marking when the buried point program collects the buried point data;
and determining the risk type of the buried point data according to the data identification.
Optionally, the target risk judgment condition obtaining module is configured to obtain a target risk judgment condition corresponding to the risk type, and includes:
acquiring a risk judgment condition; the risk judgment condition has a corresponding rule type;
and acquiring a risk judgment condition with the rule type being the same as the risk type as a target risk judgment condition.
Optionally, the apparatus further comprises:
generating statistical information according to the buried point data, the risk type and the target risk judgment condition;
and adopting the statistical information to carry out early warning.
Optionally, the buried point data at least includes one of device information, an IP address, location information, and network information of the terminal device where the target application is located.
Optionally, the apparatus further comprises:
counting the times of fraudulent behaviors in each area;
and when the frequency of the area with the fraudulent conduct exceeds a preset threshold value, early warning is carried out on the area.
The embodiment of the invention discloses electronic equipment, which comprises a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is executed by the processor, the steps of the method for judging the fraud are realized.
The embodiment of the invention discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when being executed by a processor, the computer program realizes the steps of the method for judging the fraudulent conduct.
The embodiment of the invention has the following advantages:
in the embodiment of the invention, when the embedded point program in the target application is triggered by the operation behavior of the user on the target application, the embedded point data collected by the embedded point program is obtained, then the risk type of the embedded point data is determined, the target risk judgment condition corresponding to the risk type is obtained, the embedded point data is further judged according to the target risk judgment condition, and when the embedded point data accords with the target risk judgment condition, the operation behavior of the user corresponding to the embedded point data on the target application is judged to be the fraudulent behavior. The embodiment of the invention judges the operation behavior of the user by flexibly setting the embedded point and self-defining the risk judgment condition, thereby realizing real-time and comprehensive monitoring and early warning of the operation with high fraud risk of the target application.
Drawings
FIG. 1 is a flow chart of the steps of one embodiment of a method of determining fraud of the present invention;
FIG. 2 is a flow chart illustrating an embodiment of a fraud determination method of the present invention;
FIG. 3 is a flow chart illustrating another fraud determination method embodiment of the present invention;
FIG. 4 is a flow chart illustrating another fraud determination method embodiment of the present invention;
fig. 5 is a block diagram of an embodiment of a fraud determination apparatus according to the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
For the purpose of better understanding of the embodiments of the present invention, the technical terms or terminology used in the embodiments of the present invention are further described as follows:
elastic search: the elastic search is an Apache Lucene (TM) -based open source search engine, and in both open source and proprietary fields, Lucene can be considered as the most advanced, best-performance and most fully-functional search engine library so far, naturally supports large data storage, has good expansion performance, and can facilitate statistics and log time-series data storage and analysis.
Kafka: kafka is a high-throughput distributed publish-subscribe messaging system that can handle all the action flow data of a consumer in a web site.
Flume: the flash is a high-availability, high-reliability and distributed system for acquiring, aggregating and transmitting mass logs provided by Cloudera, and supports various data senders customized in the log system for collecting data; at the same time, flash provides the ability to simply process data and write to various data recipients (customizable).
Flink: apache Flink is a framework and distributed processing engine for stateful computation of unbounded and bounded data streams. Flink is designed to run in all common clustered environments, performing calculations at memory speed and any scale.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a method for determining fraud according to the present invention is shown, which may specifically include the following steps:
in a specific implementation, the target application may be various types of software or applications such as a bank, an e-commerce, an online transaction, and the like, which is not limited by the embodiment of the present invention. The operation behavior data of the target application by the user can be collected by presetting buried points in the target application. Specifically, the buried point program may be preset at a position where the target application may have an abnormal operation, and when the operation of the user is triggered to the buried point, the buried point may collect buried point data corresponding to the operation, and the buried point program may be a program independently attached to the target application, or may be executable program code embedded in the target application for collecting the buried point data. The manner of presetting the buried point to acquire the buried point data in the target application may be various realizable manners in the prior art, which is not limited in the embodiment of the present invention.
In an exemplary embodiment, the buried point data at least includes one of device information, an IP address, location information, and network information of a terminal device where the target application is located.
In an example, a buried point may be set in a registration interface of a target application, when a user performs operations such as registering an account in the registration interface of the target application, if the buried point is triggered, the buried point data corresponding to the user's operations may be collected, if the buried point is set in a registration control in the registration interface, and when the user clicks the registration control, the buried point program may collect the buried point data. Specifically, the buried point data may include device information, an IP address, location information, network information, and the like of a terminal device operated by a current target application, where the device information may be hardware information of the terminal device, and may include a processor, a memory, a hardware address, and the like, the location information may be geographic location information acquired by the terminal device having a Positioning function such as a Global Positioning System (GPS), and the network information may include network environment information where the terminal device is currently located, such as network service provider information, wireless fidelity (WIFI) information, and the like. The terminal device comprises a mobile phone, a tablet computer, a PC and the like which can run a target application.
in an exemplary embodiment, the step 102 of determining the risk type of the buried point data includes:
acquiring a data identifier corresponding to the buried point data; the data identification is obtained by marking when the buried point program collects the buried point data;
and determining the risk type of the buried point data according to the data identification.
In a specific implementation, there may be a large number of different types of data of the buried point, so that when collecting the data of the buried point, the data of the buried point may be marked, specifically, the data of the buried point may be marked as different types, for example, when the collected data of the buried point is an IP address, the data identification mark of the data of the buried point may be marked as IP-type data of the buried point, and when the collected data of the buried point is device information, the data identification mark of the data of the buried point may be marked as device-type, and the like. Further, the risk type corresponding to the buried point data may be determined according to the data identification of the buried point data, such as when the buried point data is in an IP class, the buried point data may be determined as a risk type related to a network, when the buried point data is in a device class, the buried point data may be determined as a risk type related to a device operation, and the like. Of course, the data identifier may also be other identifiers for distinguishing the buried point data, and the risk type may be divided according to actual requirements, which is not limited in this embodiment of the present invention.
103, acquiring a target risk judgment condition corresponding to the risk type;
in a specific implementation, the corresponding target risk judgment condition may be obtained according to a risk type of the buried point data, and the risk type may correspond to a plurality of different target risk judgment conditions.
In an exemplary embodiment, the step 103 of obtaining the target risk judgment condition corresponding to the risk type includes:
acquiring a risk judgment condition; the risk judgment condition has a corresponding rule type;
and acquiring a risk judgment condition with the rule type being the same as the risk type as a target risk judgment condition.
In a specific implementation, the embodiment of the present invention may be applied to a monitoring platform, where the monitoring platform may store a plurality of different risk judgment conditions, and the risk judgment conditions have corresponding rule types, where the rule types may also be referred to as risk indicators, and specifically may include judgment rules for malicious attacks, risk operations, counterfeit risks, intermediary risks, blacklists, and the like. The malicious attack may include that the user performs malicious operations on the target application by using an external program such as a registry, for example, frequently registering an account and frequently modifying an account password by using the registry, the risk operations may include that the user performs operations on the target application when there is a risk in an operating environment of the target application, the fraud risk may include disguising an IP address by using a third-party program or disguising an account password, and the like, and the determination rule of the intermediary risk and the blacklist may include comparing the user with a preset intermediary list and a blacklist library and the like.
The risk judgment condition may be set for different rule types, for example: 1. aiming at the behavior of malicious registration of the user, a risk judgment condition can be set as follows: whether the registration times of the same IP address exceeds a preset threshold value within a specified time or not; 2. aiming at the behavior of malicious access of the user, a risk judgment condition can be set as follows: whether the number of times of initiating access by the same user exceeds a preset threshold value in a specified time or not; in addition, the risk judgment conditions can be combined or superposed, for example, when a certain area frequently has a fraudulent behavior, the corresponding risk judgment conditions can be set for the high-risk area, for example, whether the user whose position information is located in village a in the buried point data has a malicious registration or a malicious access behavior or the like is judged.
In a specific implementation, a risk judgment condition with the same rule type and risk type may be used as a target risk judgment condition, where the rule type and the risk type may be the same, which means that the rule type and the risk type belong to the same class, for example, when both the rule type and the risk type belong to a network class. The risk judgment condition with the same rule type as the risk type may be one or more, that is, the target risk judgment condition may be one or more, may be independent, or may be superimposed.
And step 104, when the buried point data meets the target risk judgment condition, judging that the operation behavior of the user corresponding to the buried point data on the target application is a fraud behavior.
After the target risk judgment condition is obtained, the buried point data can be judged according to the target risk judgment condition, and when the buried point data meets the target risk judgment condition, the operation behavior of the user corresponding to the buried point data on the target application is judged to be a fraud behavior.
In an example, the collected data of the buried point is assumed to be data corresponding to a transaction operation of a user, the data of the buried point may be determined as a risk type related to the transaction, a target risk judgment condition corresponding to the transaction may be obtained to judge the data of the buried point, if the number of transactions of the user in a preset time exceeds a preset threshold, and if the number of transactions of the user exceeds the preset threshold, the transaction behavior of the user is determined to be a fraud behavior.
In an exemplary embodiment, after the step 104, when the buried point data meets the target risk judgment condition, and after determining that an operation behavior of a user corresponding to the buried point data on the target application is a fraudulent behavior, the method further includes:
generating statistical information according to the buried point data, the risk type and the target risk judgment condition;
and adopting the statistical information to carry out early warning.
In the specific implementation, after the operation behavior of the user corresponding to the buried point data on the target application is judged to be a fraudulent behavior, the buried point data, the risk type and the target risk judgment condition may be recorded, and specifically, user information of the user, including an account number, a password and the like, and detailed information of a terminal device used by the user, including a device identifier, location information, network information and the like, may be recorded; and generating statistical information according to the recorded information, and displaying the statistical information in a large screen display mode and the like.
In an exemplary embodiment, the method further comprises:
counting the times of fraudulent behaviors in each area;
and when the frequency of the area with the fraudulent conduct exceeds a preset threshold value, early warning is carried out on the area.
Specifically, the area may also be monitored and counted, the number of times of the fraudulent conduct occurring in the specific area may be counted, and when the number of times of the fraudulent conduct occurring in a certain area exceeds a preset threshold, the area may be pre-warned, specifically, the use condition of the current user in the area on the target application may be displayed in real time, or the area is marked with a preset color in a large screen, and a specific pre-warning method is not limited in the embodiment of the present invention.
In the embodiment of the invention, when the operating behavior of a user on a target application is triggered by a buried point program in the target application, the buried point data collected by the buried point program is obtained, then the risk type of the buried point data is determined, a target risk judgment condition corresponding to the risk type is obtained, the buried point data is further judged according to the target risk judgment condition, and when the buried point data meets the target risk judgment condition, the operating behavior of the user corresponding to the buried point data on the target application is judged to be a fraud behavior. The embodiment of the invention judges the operation behavior of the user by flexibly setting the embedded point and self-defining the risk judgment condition, thereby realizing real-time and comprehensive monitoring and early warning of the operation with high fraud risk of the target application.
In an example, referring to fig. 2, a schematic flow chart of an embodiment of a method for determining a fraud behavior of the present invention is shown, and the method may be specifically divided into three parts, namely, an APP (target application) front-end system, a risk front-end system, and an anti-fraud system, and specifically may include the following flows:
1. specifically, the APP pre-positioning may be to set a buried point in the target application, store the set buried point, and when a user operates the target application to trigger a preset buried point event, collect corresponding buried point data;
2. the risk pre-positioning specifically comprises the steps of uniformly collecting the collected data of the buried points, classifying the data of the buried points, determining the risk type corresponding to the data of the buried points, and acquiring a target risk judgment rule corresponding to the data of the buried points;
3. the anti-fraud system can specifically judge the data of the buried point according to the target risk judgment rule, and when the data of the buried point conforms to the target risk judgment rule, the user operation behavior corresponding to the data of the buried point can be judged to be a fraud behavior; furthermore, the risk type and the judgment rule corresponding to the buried point data can be recorded, and the corresponding user information and the information of the terminal equipment can be obtained, so that the statistics and the analysis of the fraudulent behavior can be carried out.
In another example, referring to fig. 3, a flowchart illustrating another fraud determination method embodiment of the present invention is shown, where behavior data of a user to a target application may be obtained, where the behavior data may include an IP address, location information, device information, network information, and the like; constructing data buried points according to the behavior data, specifically, analyzing the behavior data, and setting the data buried points at positions where high-risk operations such as fraudulent behaviors and the like may occur to the target application by a user; and then collecting and storing the data of the buried points in real time, classifying the data of the buried points, determining the risk types corresponding to the data of the buried points, acquiring target risk judgment rules corresponding to the data of the buried points, judging the data of the buried points according to the target risk judgment rules, and counting the operation behaviors and information corresponding to the data of the buried points and early warning and displaying the operation behaviors and the information in a large monitoring screen when the data of the buried points accord with the target risk judgment rules.
In order to make those skilled in the art better understand the technical solutions of the embodiments of the present invention, the embodiments of the present invention are described below by way of an example and with reference to fig. 4.
Referring to fig. 4, a flow chart of another fraud determination method embodiment of the present invention is shown. In one example, as shown in fig. 4, by setting a buried point in a target APP or H5 (target application), a buried point program collects a large amount of buried point data, and uses Flume as a collector of the buried point data to collect and transmit the buried point data in real time; adding the buried point data collected in the flash into a Kafka message queue; the method comprises the following steps that a Flink calculation engine reads buried point data messages in a kafka message queue in batch and analyzes and processes the buried point data, and specifically comprises the following steps: determining the risk type of the buried point data, acquiring a target risk judgment condition corresponding to the buried point data, judging the buried point data according to the target risk judgment condition, and storing the buried point data with fraudulent behaviors into an elastic search; the Elasticissearch can count the data of the buried points, find out the data needing early warning display and carry out large-screen early warning display.
In the exemplary embodiment, the flash is used as a collector of the buried point data, the buried point data can be reliably collected and transmitted in real time, the flash calculation engine can be used for reading the buried point data in the Kafka message queue in batch, processing the buried point data in real time and storing the data in the Elasticsearch, the mass data is combined with condition query, the millisecond-level or second-level return data, and the query retrieval speed is high. The real-time monitoring and early warning of the fraudulent behavior of the user can be realized.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 5, a block diagram of a structure of an embodiment of the apparatus for determining fraud according to the present invention is shown, and the embodiment of the present invention may specifically include the following modules:
a buried point data acquisition module 501, configured to acquire buried point data of a target application; the buried point data is data collected through a buried point program when the operation behavior of a user on the target application triggers the buried point program in the target application;
a risk type determining module 502, configured to determine a risk type of the buried point data;
a target risk judgment condition obtaining module 503, configured to obtain a target risk judgment condition corresponding to the risk type;
and a fraud determination module 504, configured to determine, when the buried point data meets the target risk determination condition, that an operation behavior of the user corresponding to the buried point data on the target application is a fraud behavior.
Optionally, the risk type determining module 502 is configured to obtain a data identifier corresponding to the buried point data; the data identification is obtained by marking when the buried point program collects the buried point data;
and determining the risk type of the buried point data according to the data identification.
Optionally, the target risk judgment condition obtaining module 503 is configured to obtain a target risk judgment condition corresponding to the risk type, and includes:
acquiring a risk judgment condition; the risk judgment condition has a corresponding rule type;
and acquiring a risk judgment condition with the rule type being the same as the risk type as a target risk judgment condition.
Optionally, the apparatus further comprises:
generating statistical information according to the buried point data, the risk type and the target risk judgment condition;
and adopting the statistical information to carry out early warning.
Optionally, the buried point data at least includes one of device information, an IP address, location information, and network information of the terminal device where the target application is located.
Optionally, the apparatus further comprises:
counting the times of fraudulent behaviors in each area;
and when the frequency of the area with the fraudulent conduct exceeds a preset threshold value, early warning is carried out on the area.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiment of the invention discloses electronic equipment, which comprises a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is executed by the processor, the steps of the method for judging the fraudulent conduct are realized.
The embodiment of the invention discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps of the embodiment of the method for judging the fraud are realized.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The method for determining a fraudulent conduct, the device for determining a fraudulent conduct, the electronic device and the storage medium provided by the present invention are described in detail above, and a specific example is applied in the present document to explain the principle and the implementation of the present invention, and the description of the above example is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A method for determining fraud, the method comprising:
collecting buried point data of a target application; the buried point data is data collected through a buried point program when the operation behavior of a user on the target application triggers the buried point program in the target application;
determining the risk type of the buried point data;
acquiring a target risk judgment condition corresponding to the risk type;
and when the buried point data meets the target risk judgment condition, judging that the operation behavior of the user corresponding to the buried point data on the target application is a fraud behavior.
2. The method of claim 1, wherein said determining a risk type for said landfill data comprises:
acquiring a data identifier corresponding to the buried point data; the data identification is obtained by marking when the buried point program collects the buried point data;
and determining the risk type of the buried point data according to the data identification.
3. The method according to claim 2, wherein the obtaining of the target risk judgment condition corresponding to the risk type includes:
acquiring a risk judgment condition; the risk judgment condition has a corresponding rule type;
and acquiring a risk judgment condition with the rule type being the same as the risk type as a target risk judgment condition.
4. The method according to claim 1, wherein after determining that the operation behavior of the user corresponding to the buried point data on the target application is a fraudulent behavior when the buried point data meets the target risk determination condition, the method further comprises:
generating statistical information according to the buried point data, the risk type and the target risk judgment condition;
and carrying out early warning by adopting the statistical information.
5. The method of claim 1, wherein the buried point data comprises at least one of device information, IP address, location information and network information of a terminal device where the target application is located.
6. The method of claim 1, further comprising:
counting the times of fraudulent behaviors in each area;
and when the frequency of the area with the fraudulent conduct exceeds a preset threshold value, early warning is carried out on the area.
7. An apparatus for determining fraud, the apparatus comprising:
the buried point data acquisition module is used for acquiring buried point data of the target application; the buried point data is data collected through a buried point program when the operation behavior of a user on the target application triggers the buried point program in the target application;
the risk type determining module is used for determining the risk type of the buried point data;
a target risk judgment condition obtaining module, configured to obtain a target risk judgment condition corresponding to the risk type;
and the fraud behavior judging module is used for judging that the operation behavior of the user corresponding to the buried point data on the target application is fraud behavior when the buried point data meets the target risk judgment condition.
8. The apparatus of claim 7, wherein the risk type determination module is configured to:
acquiring a data identifier corresponding to the buried point data; the data identification is obtained by marking when the buried point program collects the buried point data;
and determining the risk type of the buried point data according to the data identification.
9. An electronic device, comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, the computer program, when executed by the processor, implementing the steps of the method of determining fraud according to any one of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of determining fraud according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210037379.8A CN114445088A (en) | 2022-01-13 | 2022-01-13 | Method and device for judging fraudulent conduct, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210037379.8A CN114445088A (en) | 2022-01-13 | 2022-01-13 | Method and device for judging fraudulent conduct, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114445088A true CN114445088A (en) | 2022-05-06 |
Family
ID=81368674
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210037379.8A Pending CN114445088A (en) | 2022-01-13 | 2022-01-13 | Method and device for judging fraudulent conduct, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114445088A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115860751A (en) * | 2023-02-27 | 2023-03-28 | 天津金城银行股份有限公司 | Anti-fraud analysis processing method and device and electronic equipment |
| CN116611069A (en) * | 2023-05-05 | 2023-08-18 | 廊坊市瀚通科技有限公司 | Abnormality analysis method and AI decision system for digital business software application |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106875078A (en) * | 2016-08-03 | 2017-06-20 | 阿里巴巴集团控股有限公司 | transaction risk detection method, device and equipment |
| CN110675263A (en) * | 2019-09-27 | 2020-01-10 | 支付宝(杭州)信息技术有限公司 | Risk identification method and device for transaction data |
| WO2020107756A1 (en) * | 2018-11-27 | 2020-06-04 | 深圳前海微众银行股份有限公司 | Credit anti-fraud method, system, device and computer-readable storage medium |
| CN111274094A (en) * | 2020-02-04 | 2020-06-12 | 上海携程商务有限公司 | Interface early warning method, system, equipment and storage medium |
| CN111738558A (en) * | 2020-05-27 | 2020-10-02 | 平安科技(深圳)有限公司 | Behavior risk recognition visualization method, behavior risk recognition visualization device, behavior risk recognition equipment and storage medium |
| CN112165488A (en) * | 2020-09-28 | 2021-01-01 | 杭州安恒信息安全技术有限公司 | Risk assessment method, device and equipment and readable storage medium |
| CN112162908A (en) * | 2020-09-30 | 2021-01-01 | 中国工商银行股份有限公司 | Program call link monitoring implementation method and device based on bytecode injection technology |
| CN112199267A (en) * | 2020-11-12 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Behavior log acquisition method and device |
| CN113014623A (en) * | 2021-02-05 | 2021-06-22 | 招联消费金融有限公司 | Method and device for processing real-time streaming data of embedded point, computer equipment and storage medium |
| CN113610535A (en) * | 2021-07-29 | 2021-11-05 | 浙江惠瀜网络科技有限公司 | Risk monitoring method and device suitable for consumption staging business process |
-
2022
- 2022-01-13 CN CN202210037379.8A patent/CN114445088A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106875078A (en) * | 2016-08-03 | 2017-06-20 | 阿里巴巴集团控股有限公司 | transaction risk detection method, device and equipment |
| WO2020107756A1 (en) * | 2018-11-27 | 2020-06-04 | 深圳前海微众银行股份有限公司 | Credit anti-fraud method, system, device and computer-readable storage medium |
| CN110675263A (en) * | 2019-09-27 | 2020-01-10 | 支付宝(杭州)信息技术有限公司 | Risk identification method and device for transaction data |
| CN111274094A (en) * | 2020-02-04 | 2020-06-12 | 上海携程商务有限公司 | Interface early warning method, system, equipment and storage medium |
| CN111738558A (en) * | 2020-05-27 | 2020-10-02 | 平安科技(深圳)有限公司 | Behavior risk recognition visualization method, behavior risk recognition visualization device, behavior risk recognition equipment and storage medium |
| CN112165488A (en) * | 2020-09-28 | 2021-01-01 | 杭州安恒信息安全技术有限公司 | Risk assessment method, device and equipment and readable storage medium |
| CN112162908A (en) * | 2020-09-30 | 2021-01-01 | 中国工商银行股份有限公司 | Program call link monitoring implementation method and device based on bytecode injection technology |
| CN112199267A (en) * | 2020-11-12 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Behavior log acquisition method and device |
| CN113014623A (en) * | 2021-02-05 | 2021-06-22 | 招联消费金融有限公司 | Method and device for processing real-time streaming data of embedded point, computer equipment and storage medium |
| CN113610535A (en) * | 2021-07-29 | 2021-11-05 | 浙江惠瀜网络科技有限公司 | Risk monitoring method and device suitable for consumption staging business process |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115860751A (en) * | 2023-02-27 | 2023-03-28 | 天津金城银行股份有限公司 | Anti-fraud analysis processing method and device and electronic equipment |
| CN116611069A (en) * | 2023-05-05 | 2023-08-18 | 廊坊市瀚通科技有限公司 | Abnormality analysis method and AI decision system for digital business software application |
| CN116611069B (en) * | 2023-05-05 | 2024-03-08 | 天翼安全科技有限公司 | Abnormality analysis method and AI decision system for digital business software application |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106992994B (en) | Automatic monitoring method and system for cloud service | |
| CN111786950B (en) | Network security monitoring method, device, equipment and medium based on situation awareness | |
| CN110535702B (en) | Alarm information processing method and device | |
| CN107819631B (en) | Equipment anomaly detection method, device and equipment | |
| CN112003838B (en) | Network threat detection method, device, electronic device and storage medium | |
| CN114445088A (en) | Method and device for judging fraudulent conduct, electronic equipment and storage medium | |
| CN113726780B (en) | Network monitoring method and device based on situation awareness and electronic equipment | |
| CN110210213B (en) | Method and device for filtering malicious sample, storage medium and electronic device | |
| CN110677384B (en) | Phishing website detection method and device, storage medium and electronic device | |
| CN111866016A (en) | Log analysis method and system | |
| CN108600172B (en) | Method, device and equipment for detecting database collision attack and computer readable storage medium | |
| CN110149319B (en) | APT organization tracking method and device, storage medium and electronic device | |
| CN108322350B (en) | Service monitoring method and device and electronic equipment | |
| CN110188538B (en) | Method and device for detecting data by adopting sandbox cluster | |
| CN109815702B (en) | Software behavior safety detection method, device and equipment | |
| CN111611519A (en) | Method and device for detecting personal abnormal behaviors | |
| CN111158926B (en) | Service request analysis method, device and equipment | |
| CN105825130B (en) | A kind of information security method for early warning and device | |
| JP2019159431A (en) | Evaluation program, evaluation method, and evaluation device | |
| CN112347457A (en) | Abnormal account detection method and device, computer equipment and storage medium | |
| CN113609202A (en) | Data processing method and device | |
| CN110224975B (en) | APT information determination method and device, storage medium and electronic device | |
| CN117319001A (en) | Network security assessment method, device, storage medium and computer equipment | |
| CN115471336A (en) | Abnormity detection method and device of transaction system and server | |
| CN115659351A (en) | Information security analysis method, system and equipment based on big data office |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |