CN115061880A - Dynamic risk monitoring method, equipment and computer readable medium - Google Patents

Dynamic risk monitoring method, equipment and computer readable medium Download PDF

Info

Publication number
CN115061880A
CN115061880A CN202210768097.5A CN202210768097A CN115061880A CN 115061880 A CN115061880 A CN 115061880A CN 202210768097 A CN202210768097 A CN 202210768097A CN 115061880 A CN115061880 A CN 115061880A
Authority
CN
China
Prior art keywords
risk
target user
application
user
characteristic data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210768097.5A
Other languages
Chinese (zh)
Inventor
王冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Zhangmen Science and Technology Co Ltd
Original Assignee
Shanghai Zhangmen Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Zhangmen Science and Technology Co Ltd filed Critical Shanghai Zhangmen Science and Technology Co Ltd
Priority to CN202210768097.5A priority Critical patent/CN115061880A/en
Publication of CN115061880A publication Critical patent/CN115061880A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data

Abstract

The scheme detects the overall flow of an application server providing service for an application program, acquires the characteristic data of a target user of the application program when the overall flow meets a first trigger condition, and judges whether risks exist according to the characteristic data. According to the scheme, when the risk is monitored, an observation object is enlarged to the application server providing service for the application program, the risk condition is identified by detecting the whole flow of the application server, and the monitoring is not directly started aiming at specific characteristics of a specific user, so that another new wind control system is set up from a macroscopic angle, and the risk prevention and control on the application program product are more three-dimensional and comprehensive.

Description

Dynamic risk monitoring method, equipment and computer readable medium
Technical Field
The present application relates to the field of information technology, and in particular, to a method, an apparatus, and a computer-readable medium for dynamically monitoring risks.
Background
Wind management refers to the risk manager taking various measures and methods to eliminate or reduce the various possibilities of occurrence of risk events, or the risk controller reducing the losses caused when the risk events occur. However, there are always things that cannot be controlled and risks always exist. As a risk manager, various measures are taken to reduce the possibility of occurrence of a risk event, or to control the possible loss within a certain range so as to avoid the loss which is hard to bear when the risk event occurs.
With the development of the internet, the operation process of various internet products also faces huge wind control pressure, driven by benefits, and some users always want to break through a wind control system to obtain illegal profits. In the current risk dynamic monitoring scheme, all users are directly switched in, and monitoring is directly started based on specific characteristics of some users. For example, in the financial field, monitoring is started when an abnormality in information such as credit behavior of a specific user is detected, and the feature data of the user is analyzed to determine whether or not there is a risk. Although the method can realize risk monitoring, the method is directly switched in from the perspective of a user, is difficult to comprehensively monitor potential risks systematically and stereoscopically, and lacks protection on the product macroscopically.
Disclosure of Invention
An object of the present application is to provide a method, a device and a computer readable medium for risk dynamic monitoring.
To achieve the above object, some embodiments of the present application provide a method for dynamically monitoring risk, wherein the method includes:
detecting overall traffic of an application server serving an application program;
and when the overall flow meets a first trigger condition, acquiring characteristic data of a target user of the application program, and judging whether risks exist according to the characteristic data.
Some embodiments of the present application also provide a dynamic risk monitoring device, wherein the device comprises a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the device to perform the dynamic risk monitoring method.
Furthermore, some embodiments of the present application also provide a computer readable medium having stored thereon computer program instructions executable by a processor to implement the method for dynamic risk monitoring.
In the dynamic risk monitoring scheme provided by the embodiment of the application, the overall flow of an application server providing service for an application program is detected, and when the overall flow meets a first trigger condition, the characteristic data of a target user of the application program is acquired, and whether risk exists is judged according to the characteristic data. According to the scheme, when the risk is monitored, an observation object is enlarged to the application server providing service for the application program, the risk condition is identified by detecting the whole flow of the application server, and the monitoring is not directly started aiming at specific characteristics of a specific user, so that another new wind control system is set up from a macroscopic angle, and the risk prevention and control on the application program product are more three-dimensional and comprehensive.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:
fig. 1 is a processing flow chart of a method for dynamically monitoring risks according to an embodiment of the present application;
fig. 2 is a processing flow chart when a scheme provided by an embodiment of the present application is used to implement a best effort improved risk control for an application product;
fig. 3 is a schematic structural diagram of an apparatus for a risk dynamic monitoring method in an embodiment of the present application;
the same or similar reference numbers in the drawings identify the same or similar elements.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In a typical configuration of the present application, the terminal, the devices serving the network each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, which include both non-transitory and non-transitory, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer program instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The embodiment of the application provides a dynamic risk monitoring method, when the method monitors risks, an observation object is expanded to an application server providing services for an application program, identification of risk conditions is triggered through detection of the whole flow of the application server, monitoring is not directly started according to specific characteristics of a specific user, and therefore another new wind control system is set up from a macroscopic angle, and risk prevention and control of the application program product are more three-dimensional and comprehensive.
In an actual scenario, an execution main body of the method may be user equipment, or equipment formed by integrating the user equipment and network equipment through a network, or may also be an application program running on the above equipment, where the user equipment includes but is not limited to various terminal devices such as a computer, a mobile phone, a tablet computer, a smart watch, a bracelet, and the like, and the network equipment includes but is not limited to implementations such as a network host, a single network server, a plurality of network server sets, or a computer set based on cloud computing, and may be used to implement part of processing functions when setting an alarm clock. Here, the Cloud is made up of a large number of hosts or web servers based on Cloud Computing (Cloud Computing), which is a type of distributed Computing, one virtual computer consisting of a collection of loosely coupled computers.
Fig. 1 shows a processing flow of a risk dynamic monitoring method provided in an embodiment of the present application, where the method at least includes the following processing steps:
step S101 detects the overall traffic of an application server that provides services for an application.
And step S102, when the overall flow rate meets a first trigger condition, acquiring characteristic data of a target user of the application program, and judging whether risks exist according to the characteristic data.
For an application, a corresponding application server needs to be deployed to provide a corresponding service for a user using the application. For example, for a social application program, when a user logs in an account of the social application program, the user needs to provide the account and a password to a corresponding application server, so that the application server can verify the account and the password. For example, when a user sends a chat message to other users, the chat message is sent to the application server, and the application server forwards the chat message to other users.
The application server receives or sends corresponding data during the process of providing service for the application program, where the data all belong to the overall traffic described in this embodiment, for example, a login authentication request received from a user in the foregoing scenario, a response after login authentication succeeds or fails, a message sending request including chat message content, a chat message sent to a target user, and the like. When the overall flow is detected, the specific content of the overall flow may be detected according to the requirement of the actual scene, for example, the number of various messages such as requests and responses may be counted, or the size of the data amount included in the various messages may be counted. The overall traffic detected in this step may be all data received and sent by the application server in the process of providing services for the application program, or may be a part of data determined according to a preset rule.
In some embodiments of the present application, the overall traffic detected in this step may include a preset type of traffic for users in a preset group of applications to interact with the application server. The preset group at least comprises a plurality of users of the application program, namely a part of users in all users of the application program. For example, if the groups are divided by gender, the preset group may be a male user or a female user, and if the groups are divided by service functions, the preset group may be determined according to the service associated with the traffic, for example, the preset group may be a user who logs in an account within a period of time, or a user who uses a specific function of an application within a period of time, and the like. The preset type of traffic refers to one type of preset traffic, and may be, for example, traffic for a user to send a login authentication request, traffic for a user to send a chat message, and the like, and may be specifically set according to requirements of an actual scene. Thus, based on the above understanding, the overall traffic may be the traffic sent by the male user or the female user of the application when sending chat messages to other users, or may be the traffic of all login authentication requests sent by users who have attempted to login to the application account within the latest period of time, and the like.
It will be understood by those skilled in the art that the specific contents of the above-mentioned preset groups and preset types are only examples, and other forms based on similar principles, which are present or come out later, should be included in the scope of the present application if they can be applied to the present application, and are included herein by reference. For example, the preset group may also be set as a group where all users are located, and the preset type may also be set as a type corresponding to all interactive data, where the overall traffic is all the traffic received and sent by the application server.
In an actual scenario, a preset group and/or a preset type may be determined according to a corresponding service scenario. For example, for a service scenario B1, a preset group G1 and a preset type T1 may be set to correspond to each other, so that one overall traffic a1 that needs to be detected may be determined, and for a service scenario B2, a preset group G2 and a preset type T2 may also be set to correspond to each other, so that another overall traffic a2 that needs to be detected may be determined. Thereby, a plurality of different overall flows can be detected.
And comparing and judging different overall flows with the corresponding first trigger conditions, if any overall flow meets the corresponding first trigger condition, triggering the start of monitoring, acquiring the characteristic data of the target user of the application program, and judging whether risks exist according to the characteristic data. Therefore, the risk monitoring is started more frequently, more systematic and three-dimensional risk monitoring is realized, and a new wind control system is built from another angle.
Whether the overall flow meets the first triggering condition or not can be judged by combining the algorithm model, and when the output result of the algorithm model reaches a certain threshold value, the corresponding overall flow can be judged to meet the first triggering condition, so that the dynamic monitoring of the risk is started. For example, when the overall traffic in a certain scene service rapidly increases and the increase amplitude exceeds a threshold, dynamic risk monitoring is started, the feature data of the target user of the application program is obtained, and whether a risk exists is determined according to the feature data.
In some embodiments of the present application, in addition to the starting manner based on the overall flow triggering, the dynamic monitoring of the risk may also be based on the time triggering manner, and when the current time meets the second triggering condition, the dynamic monitoring of the risk may also be started, the feature data of the target user of the application program may be obtained, and whether the risk exists may be determined according to the feature data. The second trigger condition may be based on a preset time interval, for example, the second trigger condition may be set to be that the time interval reaches one hour, so that the scheme may start dynamic monitoring of the risk every other hour. The starting modes of dynamic monitoring are enriched by the aid of the starting modes of two kinds of monitoring, one is a time-based mode, and the other is an application server overall flow-based mode, so that the starting modes are more diverse and flexible, the triggering and starting can be carried out more frequently, and the dynamic monitoring of risks is more three-dimensional and comprehensive.
When the scheme of the embodiment of the application carries out dynamic risk monitoring, a target user of the application program can be determined first, and then characteristic data of the target user can be obtained. The target user is a user to be identified who needs to identify whether the risk exists during the risk monitoring, and can select part of users from all users as the target user according to a preset selection mode according to the requirement setting of the risk monitoring. For example, when a demand is identified for the risk of the user's order-swiping behavior, a user whose transaction number exceeds a preset value in a certain period of time may be selected from all users as a target user.
In an actual scenario, a list of a target user may be obtained first, where the list includes identification information of the target user. The representation information may be any information capable of uniquely identifying the user identity, for example, in this embodiment, a user id may be used as the representation information, and the list of the target user is a list including a plurality of user ids.
After the identification information of the target user is obtained, the feature data of the target user can be queried from a feature library according to the identification information. The feature library stores user feature data, and can acquire required data, such as data related to user portrait, user behavior and the like, based on a preset feature data acquisition rule. When the feature library stores feature data, the identification information of a user can be used as a main key, so that the feature data corresponding to a target user can be quickly inquired from the feature library through the identification information such as the user id.
After the feature data of the target user are obtained, the feature data can be calculated based on a preset algorithm model, a calculation result is obtained, and whether risks exist or not is determined according to the calculation result.
In order to make the calculation more efficient, the feature data may be subjected to the dimension reduction processing and then calculated. The dimensionality reduction processing is to retain important features of high-dimensionality data, remove noise or unimportant features, reduce the dimensionality of the data, reduce the storage space occupied by the data, facilitate mass storage of the data, reduce the computational complexity of subsequent processing and improve the data processing efficiency. The algorithm for performing the dimension reduction processing may be set according to the requirement of the actual scene, and for example, commonly used dimension reduction algorithms include PCA (Principal Component Analysis), FA (Factor Analysis), LDA (Linear Discriminant Analysis), and the like.
Taking the above-mentioned dynamic risk monitoring scenario of the social application as an example, before the dimension reduction processing is performed on the feature data of the target user, the feature data may include feature data of multiple dimensions, such as registration time, number of active days, number of chatting times, number of active days from the last time, gender, number of times of using a function in the social application, duration of using a function in the social application, and the like.
In some embodiments of the present application, when the determination result indicates that there is a risk, the method may further provide the risk information to a subsequent interface for subsequent processing. The subsequent interface may be services such as other penalties, notifications, alarms and the like related to the wind control, so as to limit the seed users with risks or related personnel thereof, or notify by adopting a visual means (such as monitoring reports, notification messages and the like), thereby reducing or avoiding actual damage of the risks to the product. When the embodiment adopts a visual means to notify, the method can support real-time generation and display or off-line generation and display of the statistical data of the risk judgment result. Specifically, the statistical data may be presented using a visualization effect graph; or the statistical data may be presented using a structured data table. When the relevant user or person is restricted, the behavior of using the application program may be restricted, for example, the target user is restricted to only receive the chat message but not send the chat message, or the target user is restricted to not log in the application program account within a preset time period.
In order to make the subsequent processing more targeted, when the judgment result is that the risk exists, the existing risk information can be subjected to numerical processing to obtain a risk score, and then the risk information is provided to a corresponding subsequent interface for subsequent processing according to the risk score. For example, when the risk score is low, the notification can be performed by adopting a mode of generating a report, producing a visual graph and the like, and other limitations are not performed on the target user; when the risk score is high, restrictions may be placed on the target user in addition to the notification, such as restricting chat messaging, restricting login accounts, restricting transfer credits, and the like. Through carrying out numerical processing on the existing risks, the hazards possibly brought by the risks are quantized more finely, and convenient conditions are provided for carrying out fine-grained subsequent processing on subsequent interfaces, so that the risks can be avoided more reasonably and effectively.
In dynamic risk monitoring of an application product, a scenario as shown in fig. 2 may be employed, which includes a boot engine 210, an operator service 220, and a subsequent interface 230. The design of the starting engine 210 may be similar to a scheduling engine, and in order to meet requirements of a service scenario and the like, the subsequent dynamic monitoring processing is started after a certain triggering condition is met. The design of the starter engine may include the following two parts:
1. the basic engine, mainly based on time setting, may set some preset starting conditions, and automatically invokes operator service 220 to start dynamic monitoring when the starting conditions are met. For example, once every hour, corresponding to the aforementioned second trigger condition.
2. The comprehensive engine mainly refers to condition judgment in a mode of combining an algorithm model and the like, and when the algorithm model reaches a certain threshold value, dynamic monitoring is started. For example, when the traffic flow rate of a scene reaches a threshold, the engine may initiate dynamic monitoring by invoking operator service 220, which corresponds to the aforementioned first trigger condition.
The operator service 220 calculates the feature data of the target user collected after the starting engine is started, determines whether the risk exists according to the calculation result after the calculation is performed through a certain algorithm model, and transmits the feature data to the subsequent interface 230 to perform the next operation if the risk exists. The operator service may have the following sub-modules:
1. a target user module is selected. The module is mainly used for screening target users and locking the target users according to the calling of the starting engine.
2. A user characteristics module is collected. After the target user is selected by the previous module, the module may go to the feature library to collect the feature data of the target user, and collect and sort the feature data.
3. And an algorithm calculation module. The collected characteristic data is calculated according to a certain algorithm model, the model can be designed off-line or generated on-line in real time, and the calculation result is used for judging the risk condition.
4. And a risk judgment module. This module makes a risk decision for the selected target user based on the calculation result of the previous module and neatly transfers the decided result to the subsequent interface 230.
The follow-up interface 230 has a function of starting from the top, and provides the operator service acquisition result to an appropriate follow-up service, for example, when the risk score is high, a penalty service is provided to a wind control system, so as to perform risk control on these target users, for example, lowering the authority level, limiting the functional use, and the like, and if the risk score is not high, a record can be made, and a report, a visual graph, or a notification to related personnel can be performed.
Based on the same inventive concept, the embodiment of the present application further provides a device for dynamically monitoring risk, and the corresponding method of the device may be the method for dynamically monitoring risk in the foregoing embodiment, and the principle of solving the problem is similar to that of the method. The device comprises a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the device to perform the aforementioned risk dynamic monitoring method.
The device may be a user device, or a device formed by integrating the user device and a network device through a network, or may also be an application program running on the device, where the user device includes but is not limited to a computer, a mobile phone, a tablet computer, a smart watch, a bracelet, and other various terminal devices, and the network device includes but is not limited to a network host, a single network server, multiple network server sets, or a computer set based on cloud computing, and may be used to implement part of a processing function when setting an alarm clock. Here, the Cloud is made up of a large number of hosts or web servers based on Cloud Computing (Cloud Computing), which is a type of distributed Computing, one virtual computer consisting of a collection of loosely coupled computers.
Fig. 3 shows a structure of a device suitable for implementing the method and/or technical solution in the embodiment of the present application, where the device 300 includes a Central Processing Unit (CPU)301, which can perform various suitable actions and processes according to a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage portion 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data necessary for system operation are also stored. The CPU 301, ROM 302, and RAM 303 are connected to each other via a bus 304. An Input/Output (I/O) interface 305 is also connected to bus 304.
The following components are connected to the I/O interface 305: an input portion 306 including a keyboard, a mouse, a touch screen, a microphone, an infrared sensor, and the like; an output section 307 including a Display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), an LED Display, an OLED Display, and the like, and a speaker; a storage portion 308 comprising one or more computer-readable media such as a hard disk, optical disk, magnetic disk, semiconductor memory, or the like; and a communication section 309 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 309 performs communication processing via a network such as the internet.
In particular, the methods and/or embodiments in the embodiments of the present application may be implemented as computer software programs. For example, embodiments disclosed herein include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. The computer program performs the above-described functions defined in the method of the present application when executed by the Central Processing Unit (CPU) 301.
It should be noted that the computer readable medium described herein can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart or block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer-readable medium carries one or more computer program instructions that are executable by a processor to implement the methods and/or aspects of the embodiments of the present application as described above.
To sum up, when the scheme provided by the embodiment of the application monitors risks, an observation object is expanded to an application server providing services for an application program, identification of risk conditions is triggered through detection of the whole flow of the application server, instead of directly starting monitoring aiming at specific characteristics of a specific user, so that another new wind control system is set up from a macroscopic angle, and the risk prevention and control of the application program product are more three-dimensional and comprehensive.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, as an Application Specific Integrated Circuit (ASIC), a general purpose computer or any other similar hardware device. In some embodiments, the software programs of the present application may be executed by a processor to implement the above steps or functions. Likewise, the software programs (including associated data structures) of the present application may be stored in a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. Additionally, some of the steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the apparatus claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.

Claims (10)

1. A method for dynamic risk monitoring, wherein the method comprises:
detecting overall traffic of an application server serving an application program;
and when the overall flow meets a first trigger condition, acquiring characteristic data of a target user of the application program, and judging whether risks exist according to the characteristic data.
2. The method of claim 1, wherein the overall traffic comprises a preset type of traffic for a user in a preset group of applications to interact with the application server, the preset group comprising at least a plurality of users of the applications.
3. The method of claim 2, wherein the preset group and/or preset type is determined according to a corresponding service scenario.
4. The method of claim 1, wherein the method further comprises:
and when the current time meets a second trigger condition, acquiring the characteristic data of the target user of the application program, and judging whether risks exist according to the characteristic data.
5. The method of any of claims 1 to 4, wherein obtaining feature data of a target user of the application and determining whether a risk exists based on the feature data comprises:
determining a target user of the application;
acquiring characteristic data of the target user;
calculating the characteristic data based on a preset algorithm model to obtain a calculation result;
and determining whether the risk exists according to the calculation result.
6. The method of claim 5, wherein determining a target user of the application comprises:
acquiring a list of target users, wherein the list comprises identification information of the target users;
acquiring feature data of the target user, including:
and inquiring feature data of the target user from a feature library according to the identification information.
7. The method of any of claims 1-4, wherein the method further comprises:
and when the judgment result is that the risk exists, providing the information to a subsequent interface for subsequent processing according to the existing risk information.
8. The method according to claim 7, wherein when the determination result is that there is a risk, providing information about the risk to a subsequent interface for subsequent processing includes:
when the judgment result shows that the risk exists, carrying out numerical processing on the existing risk information to obtain a risk value;
and providing the risk information to a corresponding subsequent interface for subsequent processing according to the risk score.
9. A dynamic risk monitoring device comprising a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the device to perform the method of any one of claims 1 to 8.
10. A computer readable medium having stored thereon computer program instructions executable by a processor to implement the method of any one of claims 1 to 8.
CN202210768097.5A 2022-07-01 2022-07-01 Dynamic risk monitoring method, equipment and computer readable medium Pending CN115061880A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210768097.5A CN115061880A (en) 2022-07-01 2022-07-01 Dynamic risk monitoring method, equipment and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210768097.5A CN115061880A (en) 2022-07-01 2022-07-01 Dynamic risk monitoring method, equipment and computer readable medium

Publications (1)

Publication Number Publication Date
CN115061880A true CN115061880A (en) 2022-09-16

Family

ID=83203371

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210768097.5A Pending CN115061880A (en) 2022-07-01 2022-07-01 Dynamic risk monitoring method, equipment and computer readable medium

Country Status (1)

Country Link
CN (1) CN115061880A (en)

Similar Documents

Publication Publication Date Title
JP6127150B2 (en) Send notifications to multiple devices associated with a user
US11074652B2 (en) System and method for model-based prediction using a distributed computational graph workflow
JP2017174375A (en) Risk early warning method and apparatus
CN110995781B (en) Praise information processing method, device and system
CN113157545A (en) Method, device and equipment for processing service log and storage medium
CN113315828B (en) Traffic recording method and device, traffic recording equipment and storage medium
CN109992473A (en) Monitoring method, device, equipment and the storage medium of application system
CN112115026A (en) Server cluster monitoring method and device, electronic equipment and readable storage medium
CN114327803A (en) Method, apparatus, device and medium for accessing machine learning model by block chain
CN111597065A (en) Method and device for collecting equipment information
CN110727563A (en) Cloud service alarm method and device for preset customer
CN114153703A (en) Micro-service exception positioning method and device, electronic equipment and program product
CN116431731A (en) Data asynchronous export method, device, equipment and storage medium thereof
CN115187364A (en) Method and device for monitoring deposit risk under bank distributed scene
CN110781500A (en) Data wind control system and method
CN115061880A (en) Dynamic risk monitoring method, equipment and computer readable medium
US20220058745A1 (en) System and method for crowdsensing-based insurance premiums
CN114995914A (en) Picture data processing method and device, computer equipment and storage medium
CN114338684A (en) Energy management system and method
WO2021055964A1 (en) System and method for crowd-sourced refinement of natural phenomenon for risk management and contract validation
KR101553923B1 (en) Apparatus and method for analyzing system usage
CN112003833A (en) Abnormal behavior detection method and device
CN110677271A (en) Big data alarm method, device, equipment and storage medium based on ELK
CN115080855A (en) Risk user identification method, equipment and computer readable medium
CN114650252B (en) Routing method and device based on enterprise service bus and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination