CN115935342A - Service safety monitoring method and device - Google Patents

Service safety monitoring method and device Download PDF

Info

Publication number
CN115935342A
CN115935342A CN202211433363.5A CN202211433363A CN115935342A CN 115935342 A CN115935342 A CN 115935342A CN 202211433363 A CN202211433363 A CN 202211433363A CN 115935342 A CN115935342 A CN 115935342A
Authority
CN
China
Prior art keywords
data
cross
domain
business
user account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211433363.5A
Other languages
Chinese (zh)
Inventor
何鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202211433363.5A priority Critical patent/CN115935342A/en
Publication of CN115935342A publication Critical patent/CN115935342A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The application provides a service safety monitoring method and a device, wherein the method comprises the following steps: acquiring full-link multidimensional monitoring data of a target user account in a cross-domain operation business processing process; determining the current multi-class cross-domain risk level of the target user account according to a preset safety monitoring classification model and full-link multi-dimensional monitoring data; determining service data according to the current multi-class cross-domain risk grade; and finishing the cross-domain operation business processing process of the target user account according to the business data. Therefore, the method can more accurately identify the cross-domain problem, thereby avoiding the problem on the technical level.

Description

Service safety monitoring method and device
Technical Field
The present application relates to the field of service monitoring, and in particular, to a service security monitoring method and apparatus.
Background
In the exhibition activities in various fields, the division into different zones, that is, the division into different departments for administration and account access is generally performed according to the zone, so as to avoid various disadvantages caused by the cross-zone operation. However, in practice, some people have to reserve regulations for interest, and therefore, various preventive measures are not taken by enterprises in various large fields. Among them, a method of performing area division based on location information of a client is one.
However, in practice, it is found that although the account has a regional attribute, the user does not, so the user can hide from the sea and achieve his or her own purpose by using the account taken remotely. On the basis of the above, how to prevent the recurrence of such cross-domain events is an urgent need for a method capable of solving the problem at the technical level.
Disclosure of Invention
The embodiment of the application aims to provide a service safety monitoring method and a service safety monitoring device, which can more accurately identify cross-domain problems, thereby avoiding the problems on the technical level.
A first aspect of the embodiments of the present application provides a method for monitoring service security, including:
acquiring full-link multidimensional monitoring data of a target user account in a cross-domain operation business processing process;
determining the current multi-class cross-domain risk grade of the target user account according to a preset safety monitoring classification model and the full-link multi-dimensional monitoring data;
determining service data according to the current multi-class cross-domain risk grade;
and finishing the cross-domain operation service processing process of the target user account according to the service data.
In the implementation process, the method can preferentially acquire full-link multidimensional monitoring data of the target user account in the cross-domain operation business processing process; then, determining the current multi-class cross-domain risk level of the target user account according to a preset safety monitoring classification model and full-link multi-dimensional monitoring data; then, determining service data according to the current multi-class cross-domain risk grade; and finally, finishing the cross-domain operation business processing process of the target user account according to the business data. Therefore, the method can more accurately identify the cross-domain problem, thereby avoiding the problem on the technical level.
Further, the acquiring full-link multidimensional monitoring data of the target user account in the cross-domain operation service processing process includes:
monitoring change data of a latitude attributive place city, change data of an order attributive place, equipment fingerprint change data of the target user account, change data of the IP attributive place and position change time difference in the cross-domain operation business processing process;
and summarizing the change data of the longitude and latitude attributive place city, the change data of the order attributive place, the equipment fingerprint change data, the change data of the IP attributive place city and the position change time difference to obtain full-link multi-dimensional monitoring data.
Further, the determining the service data according to the current multi-class cross-domain risk level includes:
judging that the cross-domain operation business processing process needs to be suspended according to the current multi-class cross-domain risk grade;
if not, determining the current business risk coefficient, the business application limit and the business application interest rate according to the current multi-class cross-domain risk grade;
and summarizing the current business risk coefficient, the business application quota and the business application interest rate to obtain business data.
Further, the method further comprises:
when the cross-domain operation business processing process needs to be suspended, suspending the cross-domain operation business processing process;
and outputting safety prompt information aiming at the target user account.
Further, before the acquiring full-link multidimensional monitoring data of the target user account in the cross-domain operation business processing process, the method further comprises:
constructing an original classification model;
acquiring unsupervised learning sample data and supervised learning sample data;
and training the original classification model through the unsupervised learning sample data and the supervised learning sample data to obtain a safety monitoring classification model.
A second aspect of the embodiments of the present application provides a service security monitoring apparatus, where the service security monitoring apparatus includes:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring full-link multidimensional monitoring data of a target user account in the cross-domain operation business processing process;
the first determining unit is used for determining the current multi-class cross-domain risk level of the target user account according to a preset safety monitoring classification model and the full-link multi-dimensional monitoring data;
a second determining unit, configured to determine service data according to the current multi-class cross-domain risk level;
and the processing unit is used for finishing the cross-domain operation service processing process of the target user account according to the service data.
In the implementation process, the device can acquire full-link multidimensional monitoring data of the target user account in the cross-domain operation business processing process through the acquisition unit; determining, by a first determining unit, a current multi-class cross-domain risk level of the target user account according to a preset security monitoring classification model and the full-link multi-dimensional monitoring data; determining business data according to the current multi-class cross-domain risk grade through a second determining unit; and finishing the cross-domain operation service processing process of the target user account according to the service data through a processing unit. Therefore, the device can more accurately identify the cross-domain problem, and the problem is avoided on the technical level.
Further, the acquisition unit includes:
the monitoring subunit is used for monitoring the change data of the latitude attributive place city, the change data of the order attributive place, the equipment fingerprint change data of the login target user account, the change data of the IP attributive place city and the position change time difference of the target user account in the cross-domain operation business processing process;
and the first collecting subunit is used for collecting the change data of the longitude and latitude attributive place city, the change data of the order attributive place, the equipment fingerprint change data, the change data of the IP attributive place city and the position change time difference to obtain full-link multi-dimensional monitoring data.
Further, the second determination unit includes:
a judging subunit, configured to judge whether to suspend the cross-domain operation service processing procedure according to the current multi-class cross-domain risk level;
a determining subunit, configured to determine a current business risk coefficient, a business application amount, and a business application interest rate according to the current multi-class cross-domain risk level when it is determined that the cross-domain operation business processing process does not need to be suspended;
and the second collecting subunit is used for collecting the current business risk coefficient, the business application amount and the business application interest rate to obtain business data.
Further, the second determination unit includes:
the determining subunit is further configured to suspend the cross-domain operation service processing procedure when it is determined that the cross-domain operation service processing procedure needs to be suspended;
and the output subunit is used for outputting the safety prompt information aiming at the target user account.
Further, the service security monitoring apparatus further includes:
the construction unit is used for constructing an original classification model before acquiring full-link multidimensional monitoring data of a target user account in a cross-domain operation business processing process;
the acquisition unit is used for acquiring unsupervised learning sample data and supervised learning sample data;
and the training unit is used for training the original classification model through the unsupervised learning sample data and the supervised learning sample data to obtain a safety monitoring classification model.
A third aspect of embodiments of the present application provides an electronic device, including a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the service security monitoring method described in any one of the first aspect of the embodiments of the present application.
A fourth aspect of the present embodiment provides a computer-readable storage medium, which stores computer program instructions, where the computer program instructions, when read and executed by a processor, perform the service security monitoring method according to any one of the first aspect of the present embodiment.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of a service security monitoring method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another service security monitoring method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a service security monitoring apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of another service security monitoring apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example 1
Referring to fig. 1, fig. 1 is a schematic flow chart of a service security monitoring method provided in this embodiment. The service safety monitoring method comprises the following steps:
s101, acquiring full-link multidimensional monitoring data of a target user account in a cross-domain operation business processing process.
S102, determining the current multi-class cross-domain risk level of the target user account according to a preset safety monitoring classification model and full-link multi-dimensional monitoring data.
S103, determining service data according to the current multi-class cross-domain risk grade.
And S104, completing the cross-domain operation business processing process of the target user account according to the business data. In this embodiment, there are features of separate operations in different places and replacement of the mobile phone terminal in the cross-domain operation process.
In this embodiment, the method can be applied to the financial field.
In this embodiment, the change of the city to which the latitude and longitude belongs is monitored. The system adds detection points on the key path, for example, adds the first acquisition of longitude and latitude at an entrance, adds the second acquisition of longitude and latitude on a page needing operator identity verification, can compare the comparison of the longitude and latitude twice, and can judge whether the change in different places exists or not according to the change of interval time and the area where the longitude and latitude are located. The situation of the change is recorded here.
In the present embodiment, the change of the order attribution is monitored. In the process of face verification, the operation of a client must be completed at this time, the longitude and latitude acquired on the page is the position of the client, and if regional change occurs between the longitude and latitude and the last time, the attribution of an order can be influenced. The calculation of order attribution is performed again. The actual geographic position of the client is ensured to be consistent with the final order attribution.
In this embodiment, changes in the fingerprint of the device are monitored. Normally, customers often operate on a terminal. But operation on different terminals does not necessarily allow for fraudulent behavior. It is often normal practice to perform a full flow operation on a terminal. There may be abnormal behavior in operation on different terminals.
In this embodiment, the change of the IP home city is monitored. The mobile phone IP information is usually geographic information obtained based on base stations and wifi positioning, and although the accuracy of the IP information is not high, the accuracy of the IP information in the local city is very high. The city of the Ip home location does not change, but the longitude and latitude information changes in different cities, which indicates that the mobile phone GPS positioning function of the client is maliciously tampered.
In this embodiment, the length of the position change time difference is monitored. It is reasonable to scale the above variations, for example, the customer may change cities within hours, and the customer may be moving in the vehicle and in the geographic location. If the ip home city and the latitude and longitude home city change synchronously and are reasonable changes in reasonable time difference. If the city span is still large in a short time, there is a potential for fraud. The time difference dimension is a dimension that corrects the rationality of the change in geographic location.
In this embodiment, the execution subject of the method may be a computing device such as a computer and a server, and is not limited in this embodiment.
In this embodiment, an execution subject of the method may also be an intelligent device such as a smart phone and a tablet computer, which is not limited in this embodiment.
Therefore, the service security monitoring method described in this embodiment can identify the cross-domain problem more accurately, thereby avoiding the occurrence of the problem in the technical aspect.
Example 2
Referring to fig. 2, fig. 2 is a schematic flow chart of a service security monitoring method provided in this embodiment. The service safety monitoring method comprises the following steps:
s201, constructing an original classification model.
S202, obtaining unsupervised learning sample data and supervised learning sample data.
S203, training the original classification model through unsupervised learning sample data and supervised learning sample data to obtain a safety monitoring classification model.
S204, monitoring the change data of the latitude attribution city, the change data of the order attribution place, the equipment fingerprint change data of the login target user account, the change data of the IP attribution city and the position change time difference of the target user account in the cross-domain operation business processing process.
S205, summarizing the change data of the longitude and latitude home city, the change data of the order home city, the equipment fingerprint change data, the change data of the IP home city and the position change time difference to obtain full-link multi-dimensional monitoring data.
And S206, determining the current multi-class cross-domain risk level of the target user account according to the preset safety monitoring classification model and the full-link multi-dimensional monitoring data.
S207, judging whether the cross-domain operation business processing process needs to be suspended according to the current multi-class cross-domain risk grade, if so, executing the steps S211 to S212; if not, steps S208-S210 are executed.
And S208, determining the current business risk coefficient, the business application limit and the business application interest rate according to the current multi-class cross-domain risk grade.
S209, summarizing the current business risk coefficient, the business application quota and the business application interest rate to obtain business data.
S210, the cross-domain operation business processing process of the target user account is completed according to the business data.
And S211, suspending the cross-domain business processing process.
And S212, outputting safety prompt information aiming at the target user account.
In this embodiment, there are features of separate operations in different places and replacement of the mobile phone terminal in the cross-domain operation process.
In this embodiment, the change of the city to which the latitude and longitude belongs is monitored. The system adds detection points on the key path, for example, adds the first acquisition of longitude and latitude on an entrance, adds the second acquisition of longitude and latitude on a page needing the identity verification of an operator, can compare the comparison of the longitude and latitude twice, and can determine whether the change in different places exists according to the change of the interval time and the area where the longitude and latitude are located. The situation of the change is recorded here.
In the present embodiment, the change of the order attribution is monitored. In the human face verification link, the operation of the client must be completed at this time, the latitude and longitude acquired on the page is the position of the client, and if regional change occurs with the last latitude and longitude, the attribution of the order can be influenced. The calculation of order attribution is performed again. The actual geographic position of the client is ensured to be consistent with the final order attribution.
In this embodiment, the device fingerprint is monitored for changes. Normally, a customer will often operate on a terminal. But operation on different terminals does not necessarily allow for fraudulent behavior. It is often normal practice to perform a full flow operation on a terminal. There may be abnormal behavior in operation on different terminals.
In this embodiment, the change of the IP home city is monitored. The mobile phone IP information is usually geographic information obtained based on base stations and wifi positioning, and although the accuracy of the IP information is not high, the accuracy of the IP information in the local city is very high. The city of the Ip home location does not change, but the longitude and latitude information changes in different cities, which indicates that the mobile phone GPS positioning function of the client is maliciously tampered.
In this embodiment, the length of the position change time difference is monitored. It is reasonable to scale the above variations, for example, the customer may change cities within hours, and the customer may be moving in the vehicle and in the geographic location. If the ip home city and the latitude and longitude home city change synchronously and are reasonable changes in reasonable time difference. If the city span is still large in a short time, there is a potential for fraud. The time difference dimension is a dimension that corrects the rationality of the change in geographic location.
In this embodiment, each dimension cannot uniquely determine that a customer has fraud. But the reliability of the qualitative sense is greatly enhanced by combining a plurality of dimensions. And the tracking of the full link is combined by continuously collecting the data information of the dimensions. Manual inspection is added in the subsequent process. The method becomes a sample of supervised learning and unsupervised learning in machine learning, and determines the multi-class cross-domain risk grade of a client by inputting dimensional data to client data through a training classification model. The classification model can use algorithms such as decision trees, random forests, k nearest neighbor support, support vector machines, logistic regression and the like. The following table is a training sample for machine learning based on the results of subsequent process feedback and manual determination after data collection.
Figure BDA0003945943640000091
In this embodiment, the method may determine the cross-domain risk through the steps of data collection, data cleaning, feature extraction, data transformation, model training, and testing of a sample to predict the cross-domain risk.
In the present embodiment, description of data: the fingerprint change of the equipment, the city change of the IP attribution, the longitude and latitude change and the city change of the order attribution have 2 values, 1 represents that the order attribution is changed, and 0 represents that the order attribution is not changed. The city change time difference level is a multi-valued dimension and is divided into 1-5 levels, and the higher the level is, the longer the time difference is. The dimension discretization of a continuous type is beneficial to the later classification learning.
In this embodiment, the quasi-real-time determination result may intervene to some extent in the subsequent process of the application according to the severity of the grade. For example, the risk coefficient of the client's incoming part is increased, the amount of the service application is reduced, the interest rate of the service application is increased, and even the service application is terminated. These feedbacks play a positive role in reducing the risk and bad rates of banking systems. The influence weight of the result in the system is adjusted, and meanwhile, the weight can be further finely adjusted by combining other dimensions such as customer managers, cities and the like in historical events.
In this embodiment, the execution subject of the method may be a computing device such as a computer and a server, and is not limited in this embodiment.
In this embodiment, an execution subject of the method may also be an intelligent device such as a smart phone and a tablet computer, which is not limited in this embodiment.
Therefore, the service security monitoring method described in this embodiment can identify the cross-domain problem more accurately, thereby avoiding the occurrence of the problem in the technical aspect.
Example 3
Referring to fig. 3, fig. 3 is a schematic structural diagram of a service security monitoring apparatus provided in this embodiment. As shown in fig. 3, the service security monitoring apparatus includes:
an obtaining unit 310, configured to obtain full-link multidimensional monitoring data of a target user account in a cross-domain operation service processing process;
a first determining unit 320, configured to determine a current multi-class cross-domain risk level of the target user account according to a preset security monitoring classification model and full-link multi-dimensional monitoring data;
a second determining unit 330, configured to determine service data according to the current multi-class cross-domain risk level;
and the processing unit 340 is configured to complete a cross-domain operation service processing process of the target user account according to the service data.
In this embodiment, for the explanation of the service security monitoring apparatus, reference may be made to the description in embodiment 1 or embodiment 2, and details are not repeated in this embodiment.
It can be seen that, by implementing the service security monitoring apparatus described in this embodiment, the cross-domain problem can be identified more accurately, so as to avoid the occurrence of such problems in the technical aspect.
Example 4
Referring to fig. 4, fig. 4 is a schematic structural diagram of a service security monitoring apparatus provided in this embodiment. As shown in fig. 4, the service security monitoring apparatus includes:
an obtaining unit 310, configured to obtain full-link multidimensional monitoring data of a target user account in a cross-domain operation service processing process;
a first determining unit 320, configured to determine a current multi-class cross-domain risk level of the target user account according to a preset security monitoring classification model and full-link multi-dimensional monitoring data;
a second determining unit 330, configured to determine service data according to the current multi-class cross-domain risk level;
and the processing unit 340 is configured to complete a cross-domain operation service processing process of the target user account according to the service data.
As an optional implementation manner, the obtaining unit 310 includes:
a monitoring subunit 311, configured to monitor change data of a city to which the target user account belongs via a latitude in a cross-domain operation service processing process, change data of an order attribution, device fingerprint change data of a login target user account, change data of an IP attribution city, and a location change time difference;
the first summarizing subunit 312 is configured to summarize the change data of the longitude and latitude home city, the change data of the order home city, the device fingerprint change data, the change data of the IP home city, and the position change time difference, so as to obtain full-link multidimensional monitoring data.
As an alternative embodiment, the second determining unit 330 includes:
a judging subunit 331, configured to judge whether to suspend the cross-domain operation service processing process according to the current multi-class cross-domain risk level;
a determining subunit 332, configured to determine, according to the current multi-class cross-domain risk level, a current business risk coefficient, a business application quota, and a business application interest rate when it is determined that the cross-domain operation business processing process does not need to be suspended;
the second summarizing subunit 333 is configured to summarize the current business risk coefficient, the business application quota and the business application interest rate to obtain business data.
As an alternative embodiment, the second determining unit 330 includes:
the determining subunit 332 is further configured to suspend the cross-domain operation service processing procedure when it is determined that the cross-domain operation service processing procedure needs to be suspended;
and the output subunit 334 is configured to output security prompt information for the target user account.
As an optional implementation manner, the service security monitoring apparatus further includes:
the construction unit 350 is configured to construct an original classification model before acquiring full-link multidimensional monitoring data of a target user account in a cross-domain operation business processing process;
an obtaining unit 360, configured to obtain unsupervised learning sample data and supervised learning sample data;
and a training unit 370, configured to train the original classification model through unsupervised learning sample data and supervised learning sample data, to obtain a safety monitoring classification model.
In this embodiment, for the explanation of the service security monitoring apparatus, reference may be made to the description in embodiment 1 or embodiment 2, and details are not repeated in this embodiment.
Therefore, the service safety monitoring device described in this embodiment can identify the cross-domain problem more accurately, thereby avoiding the occurrence of such problems in the technical aspect.
The embodiment of the present application provides an electronic device, which includes a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the service security monitoring method in embodiment 1 or embodiment 2 of the present application.
An embodiment of the present application provides a computer-readable storage medium, which stores computer program instructions, and when the computer program instructions are read and executed by a processor, the method for monitoring service security in embodiment 1 or embodiment 2 of the present application is executed.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. A service security monitoring method is characterized by comprising the following steps:
acquiring full-link multidimensional monitoring data of a target user account in a cross-domain operation business processing process;
determining the current multi-class cross-domain risk level of the target user account according to a preset safety monitoring classification model and the full-link multi-dimensional monitoring data;
determining service data according to the current multi-class cross-domain risk grade;
and finishing the cross-domain operation service processing process of the target user account according to the service data.
2. The service security monitoring method of claim 1, wherein the acquiring full-link multidimensional monitoring data of the target user account in a cross-domain operation service processing process comprises:
monitoring change data of a latitude attributive place city, change data of an order attributive place, equipment fingerprint change data of the target user account, change data of the IP attributive place and position change time difference in the cross-domain operation business processing process;
and summarizing the change data of the longitude and latitude home city, the change data of the order home city, the equipment fingerprint change data, the change data of the IP home city and the position change time difference to obtain full-link multidimensional monitoring data.
3. The business security monitoring method of claim 1, wherein the determining business data according to the current multi-class cross-domain risk level comprises:
judging whether the cross-domain operation business processing process needs to be suspended or not according to the current multi-class cross-domain risk grade;
if not, determining the current business risk coefficient, the business application limit and the business application interest rate according to the current multi-class cross-domain risk grade;
and summarizing the current business risk coefficient, the business application amount and the business application interest rate to obtain business data.
4. The traffic safety monitoring method according to claim 1, wherein the method further comprises:
when the cross-domain operation business processing process needs to be suspended, suspending the cross-domain operation business processing process;
and outputting safety prompt information aiming at the target user account.
5. The service security monitoring method according to claim 1, wherein before the acquiring full-link multidimensional monitoring data of the target user account in the cross-domain operation service processing process, the method further comprises:
constructing an original classification model;
acquiring unsupervised learning sample data and supervised learning sample data;
and training the original classification model through the unsupervised learning sample data and the supervised learning sample data to obtain a safety monitoring classification model.
6. A service security monitoring apparatus, wherein the service security monitoring apparatus comprises:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring full-link multidimensional monitoring data of a target user account in a cross-domain operation business processing process;
the first determining unit is used for determining the current multi-class cross-domain risk level of the target user account according to a preset safety monitoring classification model and the full-link multi-dimensional monitoring data;
a second determining unit, configured to determine service data according to the current multi-class cross-domain risk level;
and the processing unit is used for finishing the cross-domain operation business processing process of the target user account according to the business data.
7. The service security monitoring device according to claim 6, wherein the obtaining unit comprises:
a monitoring subunit, configured to monitor change data of a city to which the target user account belongs via a latitude in a cross-domain operation service processing process, change data of an order attribution, device fingerprint change data of a login target user account, change data of the IP attribution city, and a location change time difference;
and the first collecting subunit is used for collecting the change data of the longitude and latitude attributive place city, the change data of the order attributive place, the equipment fingerprint change data, the change data of the IP attributive place city and the position change time difference to obtain full-link multi-dimensional monitoring data.
8. The traffic safety monitoring device according to claim 6, wherein the second determining unit comprises:
a judging subunit, configured to judge whether to suspend the cross-domain operation service processing procedure according to the current multi-class cross-domain risk level;
a determining subunit, configured to determine a current business risk coefficient, a business application amount, and a business application interest rate according to the current multi-class cross-domain risk level when it is determined that the cross-domain operation business processing process does not need to be suspended;
and the second collecting subunit is used for collecting the current business risk coefficient, the business application amount and the business application interest rate to obtain business data.
9. An electronic device, characterized in that the electronic device comprises a memory for storing a computer program and a processor for executing the computer program to cause the electronic device to perform the traffic security monitoring method of any of claims 1 to 5.
10. A readable storage medium, wherein computer program instructions are stored in the readable storage medium, and when the computer program instructions are read and executed by a processor, the method for service security monitoring according to any one of claims 1 to 5 is performed.
CN202211433363.5A 2022-11-16 2022-11-16 Service safety monitoring method and device Pending CN115935342A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211433363.5A CN115935342A (en) 2022-11-16 2022-11-16 Service safety monitoring method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211433363.5A CN115935342A (en) 2022-11-16 2022-11-16 Service safety monitoring method and device

Publications (1)

Publication Number Publication Date
CN115935342A true CN115935342A (en) 2023-04-07

Family

ID=86696970

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211433363.5A Pending CN115935342A (en) 2022-11-16 2022-11-16 Service safety monitoring method and device

Country Status (1)

Country Link
CN (1) CN115935342A (en)

Similar Documents

Publication Publication Date Title
EP3343422B1 (en) Systems and methods for detecting resources responsible for events
US10831827B2 (en) Automatic extraction of user mobility behaviors and interaction preferences using spatio-temporal data
US9392463B2 (en) System and method for detecting anomaly in a handheld device
US20200364586A1 (en) Explanation reporting based on differentiation between items in different data groups
KR101825023B1 (en) Risk early warning method and device
CN109033973B (en) Monitoring and early warning method and device and electronic equipment
KR20180013998A (en) Account theft risk identification method, identification device, prevention and control system
EP3407232B1 (en) Spatiotemporal authentication
CN109063969B (en) Account risk assessment method and device
CN110245487B (en) Account risk identification method and device
KR20170030201A (en) Method for calculating an error rate of alarm
US9600391B2 (en) Operations management apparatus, operations management method and program
US20180181973A1 (en) Method of determining crowd dynamics
CA3149824A1 (en) Determining a fraud risk score associated with a transaction
CN112819611A (en) Fraud identification method, device, electronic equipment and computer-readable storage medium
US20220194404A1 (en) Method and system for warning drivers in orders with high risk
CN113642926A (en) Method and device for risk early warning, electronic equipment and storage medium
KR102259838B1 (en) Apparatus and method for building a blacklist of cryptocurrencies
Hamdy et al. Criminal act detection and identification model
CN115935342A (en) Service safety monitoring method and device
Wan et al. Link-based event detection in email communication networks
Al-Jumeily et al. The development of fraud detection systems for detection of potentially fraudulent applications
WO2023076553A1 (en) Systems and methods for improved detection of network attacks
CN115471258A (en) Violation behavior detection method and device, electronic equipment and storage medium
CN109785207A (en) A kind of ways and means of crime prevention prediction discovery

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination