CN116468281A - Abnormal user group identification method and device, storage medium and electronic equipment - Google Patents

Abnormal user group identification method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN116468281A
CN116468281A CN202310471250.2A CN202310471250A CN116468281A CN 116468281 A CN116468281 A CN 116468281A CN 202310471250 A CN202310471250 A CN 202310471250A CN 116468281 A CN116468281 A CN 116468281A
Authority
CN
China
Prior art keywords
user
abnormal
user group
nodes
isomorphic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310471250.2A
Other languages
Chinese (zh)
Inventor
徐天石
戴卫宇
符国辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongdun Technology Co ltd
Original Assignee
Tongdun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongdun Technology Co ltd filed Critical Tongdun Technology Co ltd
Priority to CN202310471250.2A priority Critical patent/CN116468281A/en
Publication of CN116468281A publication Critical patent/CN116468281A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9536Search customisation based on social or collaborative filtering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/01Social networking
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Economics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Marketing (AREA)
  • Educational Administration (AREA)
  • Game Theory and Decision Science (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Development Economics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The disclosure provides an abnormal user group identification method, an abnormal user group identification device, a storage medium and electronic equipment, and relates to the technical field of data processing. The abnormal user group identification method comprises the following steps: constructing an abnormal composition by taking a user and personal information related to the user as nodes and taking an association relationship between the user and the personal information as an edge; constructing an isomorphic graph taking the user as a node according to the association relation among different users connected to the same personal information in the different graph; clustering the user nodes in the isomorphic graph to obtain a plurality of user groups; and determining a risk score of the user group according to a preset index, and determining whether the user group is an abnormal user group according to the risk score. The method and the device reduce the difficulty in identifying the abnormal user group.

Description

Abnormal user group identification method and device, storage medium and electronic equipment
Technical Field
The disclosure relates to the technical field of data processing, and in particular relates to an abnormal user group identification method, an abnormal user group identification device, a computer readable storage medium and electronic equipment.
Background
An abnormal user group refers to a group of associated abnormal users that may be illegally infringed on the benefit of others. For example, in the field of internet finance, an abnormal group of users may appear as a rogue team, which normally appears as having very many online transactions, which, because they are virtual, need to be done by processing data. Therefore, in the process of processing financial data, in order to reduce user loss caused by rogue partner malicious tampering and attack of the financial data, anti-fraud behavior of the financial transaction is formed. Such as: in financial loans, transaction fraud and other financial behaviors, the information of the user is usually required to be checked, analyzed and identified so as to manage and control risks, and the rights and interests of the user are protected to the greatest extent; alternatively, on an e-commerce or social platform, the same organization or person may create a large number of "small numbers" for e-commerce, fan-commerce, etc., which also form an abnormal user group.
In the related technology, the knowledge graph is adopted to identify the abnormal user group, and the traditional knowledge graph application method mainly extracts node characteristics by calculating shortest paths, diffusion convergence, node importance and the like. In recent years, there are many studies on the heterograms, however, in the related art, the heterograms have problems of sparse data, heterograms of nodes and edges, and the like, so that the recognition of the abnormal user group based on the heterograms is difficult.
Disclosure of Invention
The disclosure provides an abnormal user group identification method, an abnormal user group identification device, a computer readable storage medium and electronic equipment, so as to reduce the identification difficulty of an abnormal user group at least to a certain extent.
According to a first aspect of the present disclosure, there is provided an abnormal user group identification method, including: constructing an abnormal composition by taking a user and personal information related to the user as nodes and taking an association relationship between the user and the personal information as an edge; constructing an isomorphic graph taking the user as a node according to the association relation among different users connected to the same personal information in the different graph; clustering the user nodes in the isomorphic graph to obtain a plurality of user groups; and determining a risk score of the user group according to a preset index, and determining whether the user group is an abnormal user group according to the risk score.
In one embodiment, the constructing an abnormal pattern with the user and the personal information related to the user as nodes and the association relationship between the user and the personal information as edges includes: constructing an abnormal composition by taking a user and personal information related to the user as nodes and taking a relation between the user and the personal information and a relation between different users as edges; correspondingly, the constructing an isomorphic graph with the user as a node according to the association relation between different users connected to the same personal information in the heteromorphic graph comprises: and constructing an isomorphic graph taking the user as a node according to the association relation between different users connected to the same personal information in the heteromorphic graph and the association relation between different users directly connected.
In one embodiment, before the clustering of the user nodes in the isomorphic graph to obtain a plurality of user groups, the method further includes: according to the preset edge weights of the two users in the different association relations in the different composition, accumulating the preset edge weights of the two users in the different composition in each association relation to obtain the edge weights between the two users in the isomorphic diagram.
In one embodiment, the method further comprises: and when the edge weight between two users in the isomorphic graph is greater than an edge weight threshold, taking the edge weight threshold as the edge weight between the two users in the isomorphic graph.
In one embodiment, the clustering the user nodes in the isomorphic graph to obtain a plurality of user groups includes: and clustering the user nodes in the isomorphic graph by adopting a Leiden community discovery algorithm with weight to obtain a plurality of user groups.
In one embodiment, the clustering the user nodes in the isomorphic graph by using the Leiden community discovery algorithm with weight to obtain a plurality of user groups includes: based on the principle of increasing the quality function, carrying out rapid local movement on the user nodes in the isomorphic diagram to obtain a first clustering result; combining the user nodes in the first clustering result based on the principle of increasing the quality function to obtain a second clustering result; performing condensation operation on the second clustering result, and initializing the condensation operation on the first clustering result; repeating the steps until the quality function is not increased any more, and obtaining a plurality of groups.
In one embodiment, the determining the risk score of the user group according to the preset index, and determining whether the user group is an abnormal user group according to the risk score, includes: determining each real index value of the user group according to the preset index; according to the preset weight corresponding to the preset index, carrying out weighted summation on each real index value of the user group to obtain a risk score of the user group; acquiring source data of candidate user groups with risk scores higher than a risk threshold value, and analyzing the source data of the candidate user groups to determine the abnormal user group from the candidate user groups; the source data includes credit data and overdue data.
In one embodiment, the preset index includes: average node ranking (PageRank), average local concentration factor, diameter of group, number of nodes of group, number of abnormal users of group, abnormal user duty cycle of group, average weight of association relationship between users in group.
In one embodiment, the method further comprises: constructing an abnormal pattern of the abnormal user group based on the isomorphic diagram of the abnormal user group, and generating a group report to show the characteristics of the abnormal user group; the group report comprises each real index value of the group, the user and/or personal information with the importance degree higher than a preset threshold value in the group and the distribution situation of the user and/or personal information in the group.
According to a second aspect of the present disclosure, there is provided an abnormal user group identification apparatus, comprising: the heterogeneous graph construction module is configured to construct a heterogeneous graph by taking a user and personal information related to the user as nodes and taking an association relationship between the user and the personal information as an edge; the map conversion module is configured to construct an isomorphic map taking the user as a node according to the association relation among different users connected to the same personal information in the heteromorphic map; the clustering module is configured to cluster the user nodes in the isomorphic diagram to obtain a plurality of user groups; the identification module is configured to determine a risk score of the user group according to a preset index, and determine whether the user group is an abnormal user group according to the risk score.
In one embodiment, the heterogeneous graph construction module is further configured to: constructing an abnormal composition by taking a user and personal information related to the user as nodes and taking a relation between the user and the personal information and a relation between different users as edges; correspondingly, the map conversion module is configured to: and constructing an isomorphic graph taking the user as a node according to the association relation between different users connected to the same personal information in the heteromorphic graph and the association relation between different users directly connected.
In one embodiment, the atlas transformation module is further configured to: according to the preset edge weights of the two users in the different association relations in the different composition, accumulating the preset edge weights of the two users in the different composition in each association relation to obtain the edge weights between the two users in the isomorphic diagram.
In one embodiment, the clustering module is configured to: and clustering the user nodes in the isomorphic graph by adopting a Leiden community discovery algorithm with weight to obtain a plurality of user groups.
In one embodiment, the clustering module is configured to: based on the principle of increasing the quality function, carrying out rapid local movement on the user nodes in the isomorphic diagram to obtain a first clustering result; combining the user nodes in the first clustering result based on the principle of increasing the quality function to obtain a second clustering result; performing condensation operation on the second clustering result, and initializing the condensation operation on the first clustering result; repeating the steps until the quality function is not increased any more, and obtaining a plurality of groups.
In one embodiment, the identification module is configured to: determining each real index value of the user group according to the preset index; according to the preset weight corresponding to the preset index, carrying out weighted summation on each real index value of the user group to obtain a risk score of the user group; acquiring source data of candidate user groups with risk scores higher than a risk threshold value, and analyzing the source data of the candidate user groups to determine the abnormal user group from the candidate user groups; the source data includes credit data and overdue data.
In one embodiment, the preset index includes: average node ordering, average LCC, diameter of group, number of nodes of group, number of abnormal users of group, duty ratio of abnormal users of group, average weight of association relation among users in group.
In one embodiment, the abnormal user group identification apparatus further comprises a presentation module configured to: constructing an abnormal pattern of the abnormal user group based on the isomorphic diagram of the abnormal user group, and generating a group report to show the characteristics of the abnormal user group; the group report comprises each real index value of the group, the user and/or personal information with the importance degree higher than a preset threshold value in the group and the distribution situation of the user and/or personal information in the group.
According to a third aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the abnormal user group identification method of the first aspect described above and possible implementations thereof.
According to a fourth aspect of the present disclosure, there is provided an electronic device comprising: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the abnormal user group identification method of the first aspect described above and possible implementations thereof via execution of the executable instructions.
In the scheme, a user and personal information related to the user are taken as nodes, and an association relationship between the user and the personal information is taken as an edge to construct an abnormal composition; constructing an isomorphic graph taking the user as a node according to the association relation among different users connected to the same personal information in the heteromorphic graph; clustering the user nodes in the isomorphic graph to obtain a plurality of user groups; and determining the risk score of the user group according to the preset index, and determining whether the user group is an abnormal user group according to the risk score. Thus, the abnormal user group is identified based on the isomorphic diagram, and the identification difficulty of the abnormal user group is reduced; meanwhile, the isomorphic diagram only comprises one type of nodes and edges, so that the identification of the abnormal user group can be realized by adopting a unified algorithm, and the requirement on the algorithm is reduced.
Drawings
Fig. 1 is a schematic diagram showing a system architecture of an abnormal user group identification method in the present exemplary embodiment;
fig. 2 is a flowchart showing an abnormal user group identification method in the present exemplary embodiment;
FIG. 3 shows an isomerism pictorial intent in this exemplary embodiment;
FIG. 4 shows another heterogeneous pictorial intent in this exemplary embodiment;
Fig. 5 shows a schematic diagram of a transformation from an isomerism diagram to an isomorphism diagram in the present exemplary embodiment;
fig. 6 shows a sub-flowchart of an abnormal user group identification method in the present exemplary embodiment;
fig. 7 shows a schematic diagram of another isomerism map to isomorphism map in the present exemplary embodiment;
fig. 8 shows a schematic diagram of a further isomerism map to isomorphism map in the present exemplary embodiment;
FIG. 9 shows a diagram of a weighted isograph to isograph transformation in the present exemplary embodiment;
FIG. 10 shows a schematic diagram of another weighted isograph to isograph in the present exemplary embodiment;
fig. 11 shows another sub-flowchart of an abnormal user group identification method in the present exemplary embodiment;
FIG. 12 is a flow chart illustrating a method of fraudulent party identification in the present exemplary embodiment;
fig. 13 is a schematic diagram showing a configuration of an abnormal user group identification apparatus in the present exemplary embodiment;
fig. 14 shows a schematic structural diagram of an electronic device in the present exemplary embodiment.
Detailed Description
Exemplary embodiments of the present disclosure will be described more fully hereinafter with reference to the accompanying drawings.
The drawings are schematic illustrations of the present disclosure and are not necessarily drawn to scale. Some of the block diagrams shown in the figures may be functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software, or in hardware modules or integrated circuits, or in networks, processors or microcontrollers. Embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein. The described features, structures, or characteristics of the disclosure may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough description of embodiments of the present disclosure. However, it will be recognized by one skilled in the art that one or more of the specific details may be omitted, or other methods, components, devices, steps, etc. may be used instead of one or more of the specific details in implementing the aspects of the present disclosure.
An iso-graph refers to a graph that contains multiple types of nodes and edges, and the connection relationship between the nodes and edges may also be different. The iso-patterning suffers from two drawbacks:
(1) Data sparseness: nodes and edges in the iso-graph tend to be highly sparse; this means that there may be no direct connection between many nodes or there may be few connections between the two types of nodes. This makes efficient analysis and recognition of data on the iso-graph more difficult;
(2) Heterogeneous nodes and edges: because of the different node and edge types in the heterograms, they may vary greatly in structure, nature, and semantics; this means that the same algorithm or method may not be applicable to all types of nodes and edges, requiring specific processing for each type of node and edge.
In view of the foregoing, exemplary embodiments of the present disclosure first provide an abnormal user group identification method for more accurately identifying an abnormal user group from a plurality of user groups.
The terminology presented herein is explained below.
Entity: anything in the real world is possible, such as: user, and personal information such as business, telephone, mailbox, address, etc.
Relationship: is a relationship between entities in the objective world, such as: relatives among different users, employment (tenure) relationships between users and companies, and the like.
Attributes: is a generic description of entities and relationships, such as: age of the user, sex of the user, investment time of the investment relationship, and investment amount of the investment relationship.
Graph Schema: the Schema of a knowledge graph corresponds to a data model in a domain, and contains meaningful concept types and attributes of the types in the domain. Schema for any one domain is mainly expressed by concept type and type attributes. Here, the graph Schema includes iso-graphs and isomorphic graphs, which are graphs depicting entities, relationships, and their attributes.
Different patterns: graphs having multiple types of nodes and edges.
Isomorphic diagram: there is a graph of the type of node and the type of edge, and only one.
Leiden algorithm: aiming at the defect that the Louvain algorithm possibly generates any community with poor connectivity (even is not connected), an improved algorithm is carried out, and the generated community can be guaranteed to be connected; furthermore, the Leiden algorithm is more efficient than the Louvain algorithm.
Group (group partner, community): a subset of the knowledge-graph is a collection of specific entities and relationships identified from the knowledge-graph based on algorithms or rules, such as: abnormal user group and fraudulent community.
The system architecture and application scenario of the operating environment of the present exemplary embodiment are described below in conjunction with fig. 1.
Fig. 1 shows a schematic diagram of a system architecture, which system architecture 100 may include a terminal 110 and a server 120. The terminal 110 may be a smart phone, a tablet computer, a personal computer, etc., and the terminal 110 may receive personal information input by a user, relationship information with other users, etc. Server 120 may be referred to generally as a background system (e.g., a smart identification service system) that provides services related to abnormal user group identification, and may be a server or a cluster of servers. The terminal 110 and the server 120 may form a connection through a wired or wireless communication link for data interaction.
The abnormal user group identification method in the present exemplary embodiment will be described below with reference to fig. 2, and fig. 2 shows an exemplary flow of the abnormal user group identification method, which may include the following steps S210 to S240:
step S210, constructing an abnormal composition by taking a user and personal information related to the user as nodes and taking an association relationship between the user and the personal information as an edge;
step S220, constructing an isomorphic graph taking users as nodes according to the association relation among different users connected to the same personal information in the heteromorphic graph;
Step S230, clustering the user nodes in the isomorphic diagram to obtain a plurality of user groups;
step S240, determining a risk score of the user group according to the preset index, and determining whether the user group is an abnormal user group according to the risk score.
In the abnormal user group identification method, the abnormal composition is constructed by taking the user and the personal information related to the user as nodes and the association relationship between the user and the personal information as sides; constructing an isomorphic graph taking the user as a node according to the association relation among different users connected to the same personal information in the heteromorphic graph; clustering the user nodes in the isomorphic graph to obtain a plurality of user groups; and determining the risk score of the user group according to the preset index, and determining whether the user group is an abnormal user group according to the risk score. Thus, the abnormal user group is identified based on the isomorphic diagram, and the identification difficulty of the abnormal user group is reduced; meanwhile, the isomorphic diagram only comprises one type of nodes and edges, so that the identification of the abnormal user group can be realized by adopting a unified algorithm, and the requirement on the algorithm is reduced.
Each step in fig. 2 is specifically described below.
Referring to fig. 2, in step S210, an iso-composition is constructed with a user and personal information related to the user as nodes and an association relationship between the user and the personal information as sides.
Wherein the personal information includes a user's phone, mailbox, address, company, IP, device, etc.
In the case that there is one user, the nodes in the heterograms are the user and personal information related to the user, and the edges in the heterograms are the association relationship between the user and the personal information, for example: as shown in fig. 3, the association between the user and the company is tenure (job), the association between the user and the IP is login IP, and the association between the user and the device is use device.
In the case where there are two users, the users in different heterogeneous graphs may be connected to the same personal information; that is, different users in different compositions may be associated with the same personal information, such as: as shown in fig. 4, the association between the user a and the company 1 is the job title, the association between the user a and the IP1 is the login IP, the association between the user a and the device 1 is the use device, the association between the user B and the company 1 is the job title, the association between the user B and the IP2 is the login IP, the association between the user B and the device 2 is the use device, that is, the user a and the user B are the job title (job title) in the same company, and are different users having the association relationship and the association relationship is generated by the company.
In the case where there are more than two users, the heterogeneous map is similar to the case of two users, and will not be described here again.
With continued reference to fig. 2, in step S220, an isomorphic graph with users as nodes is constructed according to the association relationship between different users connected to the same personal information in the isomorphic graph.
The conversion from the different composition to the isomorphic diagram is realized by deleting the nodes of the same personal information connected by different users in the different composition, for example: as shown in fig. 5, in the heterogeneous diagram, user a and user B are connected to the same company, user C and user D are connected to the same home address, and user E and user F are connected to the same home address.
For another example: in the heterogeneous diagram, user G and user H are connected to the same company and the same home address, and user I and user J are connected to the same company and the same home address, then, as shown in fig. 6, user G and user H are directly connected, and user I and user J are connected.
With continued reference to fig. 2, in step S230, the user nodes in the isomorphic diagram are clustered to obtain a plurality of user groups.
The clustering may be implemented by a community discovery algorithm, for example: louvain community discovery algorithm, leiden community discovery algorithm, and the like. Here, communities may be considered as partners, groups.
The flow of the Louvain community discovery algorithm is as follows:
(1) Initially, each node is regarded as an independent community, and the number of communities is the same as the number of nodes;
(2) Combining each node with the adjacent nodes in turn, and calculating whether the maximum modularity gain of each node is greater than 0; if the module degree gain is greater than 0, the node is put into a community where the adjacent node with the maximum module degree gain is located;
(3) Iterating the step (2) until the algorithm is stable, i.e. communities to which all nodes belong are not changed any more;
(4) Compressing all nodes of each community into one node, converting the weight of the nodes in the communities into the weight of a new node ring, and converting the weight between communities into the weight of a new node edge;
(5) Repeating the steps (1) to (3) until the algorithm is stable.
The Louvain community discovery algorithm has a major drawback: any community with poor connectivity (even no connectivity) may be created. To solve this problem, leiden community discovery algorithms have emerged that produce a community guarantee that is connected. Furthermore, the Leiden community discovery algorithm iterates, converging on a partition where all subsets of all communities are locally optimally assigned, and the algorithm is faster than the Louvain community discovery algorithm.
The Leiden community discovery algorithm has the following flow:
(1) Initially, each node is regarded as an independent community, and the number of communities is the same as the number of nodes;
(2) Moving a single node from one community to another community to improve a quality function and obtain a partition;
(3) The partition is improved by adopting the modularity with the weight, and the improved partition is obtained;
(4) Based on the improved partition aggregation network, taking the partition before improvement as a partition result of the aggregation network;
(5) Continuously moving the condensed network nodes until the partitioning result is not improved;
(6) The above steps are repeated until no further improvement is possible.
With continued reference to fig. 2, in step S240, a risk score of the user group is determined according to the preset index, and whether the user group is an abnormal user group is determined according to the risk score.
The preset indexes comprise: average node ranking (PR), average local concentration coefficient (Local clustering coefficient, LCC), diameter of group, number of nodes of group, number of abnormal users of group, abnormal user duty cycle of group, average weight of association between users in group.
Average node ordering: is an algorithm that orders the importance of nodes in a network.
Average local concentration coefficient: is a coefficient used to describe the degree of clustering between vertices in a graph; in particular, refers to the degree of interconnection between adjacent points of a point.
In one embodiment, the sum of the real index values corresponding to the preset indexes of the group can be used as a risk score of the group; the normalization result of the sum of the real index values corresponding to the preset indexes of the group can be used as the risk score of the group; after normalizing the preset indexes of the group, different weights can be given to different preset indexes, and the weighted sum value of the real index values corresponding to the preset indexes of the group is used as a risk score of the group, which is not limited herein.
In one embodiment, a group with a risk score higher than a preset threshold may be determined as an abnormal user group, or a group with a risk score higher than the risk threshold may be determined as a candidate user group, and the abnormal user group is determined from the candidate user group by acquiring credit data of the candidate user group, for example: and the current overdue number in the credit data of the candidate user group A is larger than the maximum overdue number, and/or the overdue bill of the candidate user group A is not the first overdue bill overdue, and/or the overdue bill of the candidate user group A is not the first overdue bill M1 overdue, and/or the overdue bill of the candidate user group A is not the first overdue bill M2 overdue, and/or the overdue bill of the candidate user group A is the historical maximum overdue number, and/or the candidate user group A hits the in-line fraud blacklist, and the like, then the candidate user group A is determined as the abnormal user group.
As the risk score of the group, referring to fig. 6, the step S240 may further include the following steps S610 to S630:
step S610, determining each real index value of the user group according to the preset index.
Wherein, each real index value of the specific group can be calculated by a calculation formula of each preset index.
For example, the local aggregate factor for a node is equal to the number of edges connected between all nodes to which it is connected divided by the maximum number of edges that can be connected between the nodes.
The average local aggregate coefficient, specifically the arithmetic average of the local aggregate coefficients of all nodes; average local concentration coefficientIs shown in the following formula (1):
wherein a represents the number of nodes; i represents a specific node.
And S620, carrying out weighted summation on each real index value of the user group according to preset weights corresponding to the preset indexes to obtain risk scores of the user group.
The preset weight can be obtained according to a normalization result of the historical index value; specifically, the normalized result of the history index value may be used as a preset weight; such as: the corresponding preset weights of the preset indexes shown in table 1 are as follows: 0.1, 0.15, 0.1, 0.05, 0.25, 0.1.
Preset index Preset weight
Average node ordering 0.1
Average LCC 0.15
Diameter of 0.1
Number of nodes 0.05
Number of fraudulent clients 0.25
Group fraud client duty cycle 0.25
Relationship average weights in a group 0.1
TABLE 1
Step S630, source data of candidate user groups with risk scores higher than the risk threshold are obtained, and the source data of the candidate user groups are analyzed to determine abnormal user groups from the candidate user groups.
The source data comprises credit investigation data and overdue data.
Specifically, the abnormal user group may be determined from the candidate user group by determining a current overdue count in the credit data and overdue data, whether the first-term bill overdue, whether the first-term bill M1 overdue, whether the first-term bill M2 overdue, a historical maximum overdue count, whether an intra-line fraud blacklist is hit, and the like.
In practical applications, the source data may be obtained through a financial management system, or may be obtained through a database of a financial institution, which is not limited herein.
In one embodiment, the heterograms include not only the connection between the user and the personal information, but also the connection between different users, and in particular, the step S210 may further include the following steps:
and constructing the heterograms by taking the users and personal information related to the users as nodes and taking the relationship between the users and the personal information and the relationship between different users as edges.
Wherein, the different users connected in the heterograph are users with association relationship, such as: user a is related to user B and/or user a is related to user B as an emergency contact.
Correspondingly, the step S220 may further include the steps of:
and constructing an isomorphic graph taking the users as nodes according to the association relations between different users connected to the same personal information in the isomorphic graph and the association relations between different users directly connected.
The method comprises the steps of deleting nodes of the same personal information connected with different users in an isomorphic diagram, and taking the different users directly connected as user nodes in the isomorphic diagram to realize conversion from the isomorphic diagram to the isomorphic diagram; such as: as shown in fig. 7, in the heterogeneous diagram, the user a and the user B are connected to the same company, the user C and the user D are connected to the same home address, the user E and the user F are connected to the same home address, the user G and the user H are directly connected relatives, and the user I and the user J are directly connected contacts.
For another example: in the heterogeneous diagram shown in fig. 8, the user K is connected to the same company and the same home address as the user L, the user M is connected to the same company and the same home address as the user N, and the user O is a contact relationship and a parent relationship directly connected to the user P.
In one embodiment, after converting the heterogeneous graph into the isomorphic graph, the edge weights in the isomorphic graph are determined according to the heterogeneous graph, and specifically, before the step S230, the method may include the following steps:
according to the preset edge weights of the two users in the different association relations in the different composition, accumulating the preset edge weights of the two users in the different composition under each association relation to obtain the edge weights between the two users in the isomorphic diagram.
The preset edge weight may be determined according to historical feature data of the abnormal user group, for example: the correlation between two users with the same unit address is smaller, but the correlation between two users with the same residence address (or residence address, communication address) is larger, and the property of group or fraud exists, so that the weight of the same unit address relationship can be set smaller, or the weight of the same address relationship of one party is the unit address and the other party is the non-unit address is set smaller; and the relation weight with the non-unit addresses is set to be larger.
For example, as shown in fig. 10, in the iso-graph, for address 1, the relationship between user a, user B and address 1 is a unit address; for address 2, the relationship between user A and address 2 is a unit address, and the relationship between user B and address 2 is a communication address; for address 3, the relationship between user A and address 3 is the communication address, and the relationship between user B and address 3 is the home address; for address 4, the relationship between user A and address 4 is a unit address, and the relationship between user B and address 4 is a residential address; for address 5, the relationship between user A and address 5 is a residence address, and the relationship between user B and address 5 is a household address; for address 6, the relationship between user A and address 6 is a residential address, and the relationship between user B and address 6 is a household address; then, in the isomorphic diagram, the preset edge weights of the user a and the user B in different association relations may be sequentially set to 1, 2, and further, in the isomorphic diagram, the edge weight between the user a and the user B is 10.
Similarly, weights for the same phone, same mailbox, same company, same IP, same device, same relative and same contact relationship in the isomorphic diagram can be set.
It should be noted that this step may be performed simultaneously with step S220, or may be performed after step S220, and is not limited thereto.
In one embodiment, in order to avoid that the same personal information between two users is too much, so that the edge weight is too large and an abnormal value occurs, an edge weight threshold may be set, and in particular, the abnormal user group identification method may further include the following steps:
and when the edge weight between the two users in the isomorphic graph is greater than the edge weight threshold, taking the edge weight threshold as the edge weight between the two users in the isomorphic graph.
For example, the edge weight between the user a and the user B is 10, and the edge weight is too large, which increases the probability of being an outlier, so an edge weight threshold may be set, for example: setting the edge weight threshold to 8, the edge weight between the user a and the user B is not 10 any more, but 8.
In one embodiment, since the Louvain algorithm may generate communities with poor connectivity, the Leiden algorithm is used to perform community identification to ensure all communities are connected, and specifically, the step S230 may further include the following steps:
and clustering the user nodes in the isomorphic graph by adopting a Leiden community discovery algorithm with weight to obtain a plurality of user groups.
The method comprises the steps of measuring whether a clustering result (a plurality of user groups) determined by a Leiden community discovery algorithm is good or not through modularity; the Leiden community discovery algorithm with weight, i.e., the edges in modularity are weighted edges; the calculation of the modularity is shown in the following formula (2):
wherein m represents the total edge number in the network; e, e c Representing the number of edges in community c; k (K) c Representing the degree sum of the c nodes in the community (the number of branches connected by the node c); gamma > 0, the higher the resolution, the more communities, the lower the resolution, the fewer communities.
In one embodiment, referring to fig. 11, community identification using a weighted Leiden community discovery algorithm may include the steps of:
step 1110, based on the principle of increasing the quality function, performing rapid local movement on the user nodes in the isomorphic graph to obtain a first clustering result.
Wherein the mass function Q is shown in the following formula (3):
wherein n is c Representing the number of nodes within community c; e, e c Representing the number of edges in community c; gamma represents a resolution parameter, the density of communities should be at least gamma, and the density between communities should be lower than gamma; the higher the resolution, the more communities, the lower the resolution, and the fewer communities.
And step S1120, combining the user nodes in the first clustering result based on the principle of increasing the quality function to obtain a second clustering result.
Wherein, node merging can produce a node with greater mass, the greater the mass of the node, the greater the diameter of the node.
Step S1130, performing condensation operation on the second clustering result, and initializing the condensation operation on the first clustering result.
The condensation operation means gradually merging the two closest nodes until the two closest nodes cannot be merged.
Step S1140, repeating the above steps until the quality function is not increased any more, thereby obtaining a plurality of groups.
Wherein the quality function is not increased any more, which means that the nodes in the group can not be merged any more, and the division of the group has reached an optimum, so the algorithm can be stopped at this time.
In one embodiment, after determining the abnormal user group, the abnormal user group may be displayed, and specifically, the abnormal user group identification method may further include the following steps:
and constructing an abnormal pattern of the abnormal user group based on the isomorphic diagram of the abnormal user group, and generating a group report to show the characteristics of the abnormal user group.
The group report comprises each real index value of the group, user and/or personal information with importance degree higher than a preset threshold value in the group, and distribution condition of the user and/or personal information in the group.
Here, the isomorphic diagram to isomorphic diagram transformation is the inverse process of the isomorphic diagram to the isomorphic diagram, and will not be repeated here. In addition, the true index value here is the true index value corresponding to the preset index.
The distribution of the user and/or personal information in the group may be determined by counting the distribution of the user and/or personal information, and the specific display mode may take various forms such as a histogram, a graph, etc., which is not limited herein.
In one embodiment, as shown in FIG. 12, the fraudulent party identification method may be implemented by the following process:
step S1210, acquiring source data; the source data comprises feed data, user information, credit investigation data, overdue data, login information and the like;
the feeding means that the data is submitted to a loan company or a system of a bank after being prepared, and the feeding data is data obtained through feeding.
Step S1220, preprocessing and cleaning the source data, removing unavailable data and repeated data, and reserving the available data;
step S1230, processing the source data by adopting a graph Schema to obtain an entity relationship table;
step S1240, constructing an iso-composition according to the entity relation table;
step S1250, converting the isomerism map into an isomorphic map;
Step S1260, carrying out group identification based on the isomorphic diagram to obtain a plurality of user groups;
step S1270, performing risk scoring on a plurality of user groups, performing group analysis and verification on the groups with high risk scoring, and identifying fraudulent groups;
and step S1280, converting the identified fraud group isomorphic diagram into a heterogeneous diagram, and generating a group report for display.
The above description of the fraudulent party identification process is given, and the following description of the abnormal user group identification means is given.
The exemplary embodiment of the disclosure also provides an abnormal user group identification device. Referring to fig. 13, the abnormal user group identification apparatus 1300 may include:
the heterogeneous graph construction module 1310 is configured to construct a heterogeneous graph by taking a user and personal information related to the user as nodes and taking an association relationship between the user and the personal information as an edge;
the map conversion module 1320 is configured to construct an isomorphic map with the users as nodes according to the association relationship between different users connected to the same personal information in the isomorphic map;
the clustering module 1330 is configured to cluster the user nodes in the isomorphic graph to obtain a plurality of user groups;
The identification module 1340 is configured to determine a risk score of the user group according to the preset index, and determine whether the user group is an abnormal user group according to the risk score.
In one embodiment, the heterogeneous map construction module 1310 is further configured to: constructing an abnormal composition by taking a user and personal information related to the user as nodes and taking the relationship between the user and the personal information and the relationship between different users as edges; correspondingly, the atlas transformation module 1320 is configured to: and constructing an isomorphic graph taking the users as nodes according to the association relations between different users connected to the same personal information in the isomorphic graph and the association relations between different users directly connected.
In one embodiment, the atlas transformation module 1320 is further configured to: according to the preset edge weights of the two users in the different association relations in the different composition, accumulating the preset edge weights of the two users in the different composition under each association relation to obtain the edge weights between the two users in the isomorphic diagram.
In one embodiment, the clustering module 1330 is configured to: and clustering the user nodes in the isomorphic graph by adopting a Leiden community discovery algorithm with weight to obtain a plurality of user groups.
In one embodiment, the clustering module 1330 is configured to: based on the principle of increasing the quality function, carrying out rapid local movement on the user nodes in the isomorphic graph to obtain a first clustering result; combining the user nodes in the first clustering result based on the principle of increasing the quality function to obtain a second clustering result; performing condensation operation on the second clustering result, and initializing the condensation operation on the first clustering result; repeating the steps until the quality function is not increased any more, and obtaining a plurality of groups.
In one embodiment, the identification module 1340 is configured to: determining each real index value of the user group according to the preset index; according to preset weights corresponding to the preset indexes, carrying out weighted summation on all the real index values of the user group to obtain risk scores of the user group; acquiring source data of candidate user groups with risk scores higher than a risk threshold value, and analyzing the source data of the candidate user groups to determine abnormal user groups from the candidate user groups; the source data includes credit data and overdue data.
In one embodiment, the preset index includes: average node ordering, average LCC, diameter of group, number of nodes of group, number of abnormal users of group, duty ratio of abnormal users of group, average weight of association relation among users in group.
In one embodiment, the abnormal user group identification apparatus further comprises a display module configured to: constructing an abnormal pattern of the abnormal user group based on the isomorphic diagram of the abnormal user group, and generating a group report to show the characteristics of the abnormal user group; the group report comprises each real index value of the group, the user and/or personal information with the importance degree higher than a preset threshold value in the group, and the distribution situation of the user and/or personal information in the group.
The specific details of each part in the above apparatus are already described in the method part embodiments, and the details not disclosed can refer to the embodiment content of the method part, so that the details are not repeated.
Exemplary embodiments of the present disclosure also provide a computer readable storage medium, which may be implemented in the form of a program product comprising program code for causing an electronic device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the above section of the "exemplary method" when the program product is run on the electronic device. In an alternative embodiment, the program product may be implemented as a portable compact disc read only memory (CD-ROM) and comprises program code and may run on an electronic device, such as a personal computer. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The exemplary embodiments of the present disclosure also provide an electronic device, which may be, for example, the terminal 110 and the server 120 described above. The electronic device may include a processor and a memory. The memory stores executable instructions of the processor, such as program code. The processor performs the abnormal user group identification method in the present exemplary embodiment by executing the executable instructions, such as may perform the method steps of fig. 2.
An electronic device is illustrated in the form of a general purpose computing device with reference to fig. 14. It should be understood that the electronic device 1400 shown in fig. 14 is merely an example and should not be taken as limiting the functionality and scope of use of the disclosed embodiments.
As shown in fig. 14, the electronic device 1400 may include: processor 1410, memory 1420, bus 1430, I/O (input/output) interface 1440, network adapter 1450.
Memory 1420 can include volatile memory such as RAM 1421, cache units 1422, and nonvolatile memory such as ROM 1423. Memory 1420 may also include one or more program modules 1424, such program modules 1424 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. For example, program modules 1424 may include the modules in intent recognition device 900 described above.
Bus 1430 is used to enable connections between the different components of electronic device 1400 and may include a data bus, an address bus, and a control bus.
The electronic device 1400 may communicate with one or more external devices 2000 (e.g., keyboard, mouse, external controller, etc.) via an I/O interface 1440.
The electronic device 1400 may communicate with one or more networks through a network adapter 1450, e.g., the network adapter 1450 may provide mobile communication solutions such as 3G/4G/5G, or wireless communication solutions such as wireless local area networks, bluetooth, near field communications, and the like. The network adapter 1450 may communicate with other modules of the electronic device 1400 through the bus 1430.
Although not shown in fig. 14, other hardware and/or software modules may also be provided in the electronic device 1400, including, but not limited to: displays, microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with exemplary embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system. Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (10)

1. An abnormal user group identification method, comprising:
constructing an abnormal composition by taking a user and personal information related to the user as nodes and taking an association relationship between the user and the personal information as an edge;
constructing an isomorphic graph taking the user as a node according to the association relation among different users connected to the same personal information in the different graph;
clustering the user nodes in the isomorphic graph to obtain a plurality of user groups;
and determining a risk score of the user group according to a preset index, and determining whether the user group is an abnormal user group according to the risk score.
2. The abnormal user group identification method according to claim 1, wherein constructing an abnormal pattern with a user and personal information related to the user as nodes and an association relationship between the user and the personal information as sides comprises:
constructing an abnormal composition by taking a user and personal information related to the user as nodes and taking a relation between the user and the personal information and a relation between different users as edges;
correspondingly, the constructing an isomorphic graph with the user as a node according to the association relation between different users connected to the same personal information in the heteromorphic graph comprises:
And constructing an isomorphic graph taking the user as a node according to the association relation between different users connected to the same personal information in the heteromorphic graph and the association relation between different users directly connected.
3. The method for identifying abnormal user groups according to claim 1, wherein before said clustering the user nodes in the isomorphic graph to obtain a plurality of user groups, the method further comprises:
according to the preset edge weights of the two users in the different association relations in the different composition, accumulating the preset edge weights of the two users in the different composition in each association relation to obtain the edge weights between the two users in the isomorphic diagram.
4. The abnormal user group identification method of claim 3, wherein the method further comprises:
and when the edge weight between two users in the isomorphic graph is greater than an edge weight threshold, taking the edge weight threshold as the edge weight between the two users in the isomorphic graph.
5. The method for identifying abnormal user groups according to claim 1, wherein the clustering the user nodes in the isomorphic graph to obtain a plurality of user groups includes:
And clustering the user nodes in the isomorphic graph by adopting a Leiden community discovery algorithm with weight to obtain a plurality of user groups.
6. The method for identifying abnormal user groups according to claim 5, wherein clustering the user nodes in the isomorphic graph by using a Leiden community discovery algorithm with weights to obtain a plurality of user groups comprises:
based on the principle of increasing the quality function, carrying out rapid local movement on the user nodes in the isomorphic diagram to obtain a first clustering result;
combining the user nodes in the first clustering result based on the principle of increasing the quality function to obtain a second clustering result;
performing condensation operation on the second clustering result, and initializing the condensation operation on the first clustering result;
repeating the steps until the quality function is not increased any more, and obtaining a plurality of groups.
7. The method for identifying an abnormal user group according to claim 1, wherein determining a risk score of the user group according to a preset index, and determining whether the user group is an abnormal user group according to the risk score, comprises:
Determining each real index value of the user group according to the preset index;
according to the preset weight corresponding to the preset index, carrying out weighted summation on each real index value of the user group to obtain a risk score of the user group;
acquiring source data of candidate user groups with risk scores higher than a risk threshold value, and analyzing the source data of the candidate user groups to determine the abnormal user group from the candidate user groups; the source data includes credit data and overdue data.
8. An abnormal user group identification apparatus, comprising:
the heterogeneous graph construction module is configured to construct a heterogeneous graph by taking a user and personal information related to the user as nodes and taking an association relationship between the user and the personal information as an edge;
the map conversion module is configured to construct an isomorphic map taking the user as a node according to the association relation among different users connected to the same personal information in the heteromorphic map;
the clustering module is configured to cluster the user nodes in the isomorphic diagram to obtain a plurality of user groups;
the identification module is configured to determine a risk score of the user group according to a preset index, and determine whether the user group is an abnormal user group according to the risk score.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method of any of claims 1 to 7.
10. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the method of any one of claims 1 to 7 via execution of the executable instructions.
CN202310471250.2A 2023-04-25 2023-04-25 Abnormal user group identification method and device, storage medium and electronic equipment Pending CN116468281A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310471250.2A CN116468281A (en) 2023-04-25 2023-04-25 Abnormal user group identification method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310471250.2A CN116468281A (en) 2023-04-25 2023-04-25 Abnormal user group identification method and device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN116468281A true CN116468281A (en) 2023-07-21

Family

ID=87180625

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310471250.2A Pending CN116468281A (en) 2023-04-25 2023-04-25 Abnormal user group identification method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN116468281A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117575782A (en) * 2024-01-15 2024-02-20 杭银消费金融股份有限公司 Leiden community discovery algorithm-based group fraud identification method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117575782A (en) * 2024-01-15 2024-02-20 杭银消费金融股份有限公司 Leiden community discovery algorithm-based group fraud identification method
CN117575782B (en) * 2024-01-15 2024-05-07 杭银消费金融股份有限公司 Leiden community discovery algorithm-based group fraud identification method

Similar Documents

Publication Publication Date Title
CN108009915B (en) Marking method and related device for fraudulent user community
WO2021174944A1 (en) Message push method based on target activity, and related device
CN111612041B (en) Abnormal user identification method and device, storage medium and electronic equipment
CN110135978B (en) User financial risk assessment method and device, electronic equipment and readable medium
CN111199474B (en) Risk prediction method and device based on network map data of two parties and electronic equipment
CN110148053B (en) User credit line evaluation method and device, electronic equipment and readable medium
CN113011884B (en) Account feature extraction method, device, equipment and readable storage medium
CN111428092B (en) Bank accurate marketing method based on graph model
CN116468281A (en) Abnormal user group identification method and device, storage medium and electronic equipment
US20230012656A1 (en) Systems and methods for automated labeling of subscriber digital event data in a machine learning-based digital threat mitigation platform
CN111369344A (en) Method and device for dynamically generating early warning rule
CN110930242B (en) Reliability prediction method, device, equipment and storage medium
CN111598713A (en) Cluster recognition method and device based on similarity weight updating and electronic equipment
CN113191565B (en) Security prediction method, security prediction device, security prediction medium, and security prediction apparatus
US20240154975A1 (en) Systems and methods for accelerating a disposition of digital dispute events in a machine learning-based digital threat mitigation platform
CN116739605A (en) Transaction data detection method, device, equipment and storage medium
US20210357942A1 (en) Method and apparatus for identifying risky vertices
CN115099875A (en) Data classification method based on decision tree model and related equipment
CN114331665A (en) Training method and device for credit judgment model of predetermined applicant and electronic equipment
US11631144B2 (en) Crowdfunding endorsement using non-internet enabled devices
Wang et al. A novel collective matrix factorization model for recommendation with fine‐grained social trust prediction
CN112348661A (en) Service strategy distribution method and device based on user behavior track and electronic equipment
CN110852392A (en) User grouping method, device, equipment and medium
CN110855641A (en) Community attribute information determination method, device and storage medium
Dixon et al. A Bayesian approach to ranking private companies based on predictive indicators

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination