CN117372043A

CN117372043A - Data anomaly determination method, device, equipment and medium

Info

Publication number: CN117372043A
Application number: CN202311379922.3A
Authority: CN
Inventors: 方磊; 李中杰; 赵睿; 黄平汇
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2023-10-23
Filing date: 2023-10-23
Publication date: 2024-01-09

Abstract

The disclosure provides a data anomaly determination method, a device, equipment and a storage medium, which can be applied to the technical fields of artificial intelligence and finance. The method comprises the following steps: acquiring N types of index data related to an approval process aiming at a target object, wherein N is an integer greater than or equal to 2; aggregating each type of index data by using a preset aggregation method to obtain an aggregation index value of each type of index data, wherein the preset aggregation method is determined according to the type of the index data; invoking a preset verification scheme to screen a target verification scheme aiming at a target object from the preset verification schemes, wherein the preset verification scheme is preset in a management system aiming at the risk level of the target object; and determining a verification result based on the target verification scheme and the aggregate index value, wherein the verification result is used for representing whether the index data is abnormal or not.

Description

Data anomaly determination method, device, equipment and medium

Technical Field

The present disclosure relates to the field of artificial intelligence and financial technology, and more particularly, to a data anomaly determination method, apparatus, device, medium, and program product.

Background

With the progress of society and the development of economy, various enterprises have put forward various kinds of financial products in order to satisfy the development of economy. With the increasing number of financial products, the demands of enterprise customers for financial products are increasing. In the process of applying for financial products by enterprise clients, the application submitted by the enterprise clients needs to be approved, and the follow-up operation can be performed only under the condition that the approval passes.

In the implementation of the present disclosure, it is found that in the existing application approval process for financial products, strict inspection of information of enterprise clients is required by manual work; for some client information which cannot be shared, different systems are required to be logged in to check the information. In the existing information examination mode, through manual examination, although targeted examination and approval of different enterprise clients can be ensured, the manual examination efficiency is low, and the completion condition of examination and approval work in the examination and approval process is difficult to comprehensively grasp.

Disclosure of Invention

In view of the foregoing, the present disclosure provides a data anomaly determination method, apparatus, device, medium, and program product.

According to a first aspect of the present disclosure, a data anomaly determination method, apparatus, device, storage medium are provided. The method comprises the following steps: acquiring N types of index data related to an approval process aiming at a target object, wherein N is an integer greater than or equal to 2; aggregating each type of index data by using a preset aggregation method to obtain an aggregation index value of each type of index data, wherein the preset aggregation method is determined according to the type of the index data; invoking a preset verification scheme to screen a target verification scheme aiming at a target object from the preset verification schemes, wherein the preset verification scheme is preset in a management system aiming at the risk level of the target object; and determining a verification result based on the target verification scheme and the aggregate index value, wherein the verification result is used for representing whether the index data is abnormal or not.

According to an embodiment of the present disclosure, the preset verification scheme includes: the method comprises the steps of presetting a type check index and an index threshold corresponding to the preset type check index;

the data anomaly determination method further comprises the following steps:

determining a risk level of the target object by using the risk control model; screening target type check indexes corresponding to the risk levels of the target objects from preset type check indexes and screening index thresholds corresponding to the target type check indexes from index thresholds corresponding to the preset type check indexes according to the risk levels of the target objects; and determining the target type check index and an index threshold corresponding to the target type check index as a target check scheme.

According to an embodiment of the present disclosure, determining a verification result based on a target verification scheme and an aggregation index value includes:

determining an aggregation index value of the index data of the target type according to the target type check index; and comparing the aggregate index value with an index threshold value corresponding to the target type check index to obtain a check result.

According to an embodiment of the present disclosure, the data anomaly determination method further includes:

and classifying the index data by using the classification model to obtain classified index data.

According to an embodiment of the present disclosure, the classified index data includes: basic attribute class data;

the method for aggregating the index data of each type by using a preset aggregation method to obtain an aggregation index value of the index data of each type comprises the following steps:

determining a preset aggregation method as a real-time aggregation calculation method according to the basic attribute data; and aggregating the basic attribute data by using a real-time aggregation calculation method to obtain an aggregation index value of the basic attribute data.

According to an embodiment of the present disclosure, the classified index data includes: comment class data and stream class data;

the method for aggregating the index data of each type by using a preset aggregation method to obtain an aggregation index value of the index data of each type comprises the following steps: determining a preset aggregation method to be a distributed aggregation calculation method according to comment data and stream data; and respectively aggregating the comment data and the stream data by using a distributed aggregation calculation method to obtain an aggregation index value of the comment data and an aggregation index value of the stream data.

under the condition that the verification result is determined to be used for representing that the index data are normal, the approval process enters the next link; and under the condition that the verification result is determined to be used for representing the abnormality of the index data, the approval process is stopped.

A second aspect of the present disclosure provides a data anomaly determination device including:

the acquisition module is used for acquiring N types of index data related to the approval process aiming at the target object, wherein N is an integer greater than or equal to 2;

the aggregation module is used for aggregating each type of index data by using a preset aggregation method to obtain an aggregation index value of each type of index data, wherein the preset aggregation method is determined according to the type of the index data;

the calling module is used for calling a preset verification scheme to screen a target verification scheme aiming at a target object from the preset verification schemes, wherein the preset verification scheme is preset in a management system aiming at the risk level of the target object; and

the determining module is used for determining a checking result based on the target checking scheme and the aggregate index value, wherein the checking result is used for representing whether the index data is abnormal or not.

A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the data anomaly determination method described above.

A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described data anomaly determination method.

The fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described data anomaly determination method.

According to the embodiment of the disclosure, the index data of the target object associated with the approval process is aggregated by using a preset aggregation method to obtain the aggregation index value, and the verification result used for representing whether the index data is abnormal is determined by combining the target verification scheme of the screened target object, so that personalized verification of the target object can be realized, and meanwhile, the verification result can be accurately determined. The data anomaly determination method can improve the processing efficiency of the examination and approval process, determine whether the index data associated with the examination and approval process is abnormal or not in any examination and approval process, obtain the verification result in real time, and be favorable for comprehensively grasping the completion condition of examination and approval work in the whole examination and approval service.

Drawings

The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:

FIG. 1 schematically illustrates an application scenario diagram of a data anomaly determination method, apparatus, device, medium, and program product according to an embodiment of the present disclosure;

FIG. 2 schematically illustrates a flow chart of a data anomaly determination method according to an embodiment of the present disclosure;

FIG. 3 schematically illustrates a flow chart of a method of determining a verification result based on a target verification scheme and an aggregate indicator value, in accordance with an embodiment of the disclosure;

fig. 4 schematically shows a block diagram of a data abnormality determining apparatus according to an embodiment of the present disclosure.

FIG. 5 schematically illustrates a schematic diagram of an application data anomaly determination device according to an embodiment of the present disclosure; and

fig. 6 schematically illustrates a block diagram of an electronic device adapted to implement a data anomaly determination method according to an embodiment of the present disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.

Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).

In the technical solution of the present disclosure, the related user information (including, but not limited to, user personal information, user image information, user equipment information, such as location information, etc.) and data (including, but not limited to, data for analysis, stored data, displayed data, etc.) are information and data authorized by the user or sufficiently authorized by each party, and the related data is collected, stored, used, processed, transmitted, provided, disclosed, applied, etc. and processed, all in compliance with the related laws and regulations and standards of the related country and region, necessary security measures are taken, no prejudice to the public order, and corresponding operation entries are provided for the user to select authorization or rejection.

In the technical scheme of the embodiment of the disclosure, the authorization or consent of the user is obtained before the personal information of the user is obtained or acquired.

In the process of implementing the present disclosure, it is found that in the existing financial product application process, a worker is required to perform an artificial authenticity inspection on customer information, and the worker is required to log in different systems in the verification process to obtain different information required for verification, which results in low working efficiency. Meanwhile, because manual verification can be generally performed only when a product is applied, after the verification is passed for the first time, the information of an enterprise client is not verified in real time. Therefore, the repeated labor of manual processing can be saved through the data anomaly determination method, and the authenticity verification can be carried out in any link in the service process of the financial product, so that the working efficiency is improved on one hand, and on the other hand, the risk is effectively prevented and controlled through the authenticity examination of all links.

The embodiment of the disclosure provides a data anomaly determination method, which comprises the following steps: acquiring N types of index data related to an approval process aiming at a target object, wherein N is an integer greater than or equal to 2; aggregating each type of index data by using a preset aggregation method to obtain an aggregation index value of each type of index data, wherein the preset aggregation method is determined according to the type of the index data; invoking a preset verification scheme to screen a target verification scheme aiming at a target object from the preset verification schemes, wherein the preset verification scheme is preset in a management system aiming at the risk level of the target object; and determining a verification result based on the target verification scheme and the aggregate index value, wherein the verification result is used for representing whether the index data is abnormal or not.

Fig. 1 schematically illustrates an application scenario diagram of a data anomaly determination method, apparatus, device, medium, and program product according to an embodiment of the present disclosure.

As shown in fig. 1, the application scenario 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 is a medium used to provide a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

The user may interact with the server 105 through the network 104 using at least one of the first terminal device 101, the second terminal device 102, the third terminal device 103, to receive or send messages, etc. Various communication client applications, such as a shopping class application, a web browser application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only) may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.

The first terminal device 101, the second terminal device 102, the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.

The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by the user using the first terminal device 101, the second terminal device 102, and the third terminal device 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.

It should be noted that the data anomaly determination method provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the data anomaly determination device provided by the embodiments of the present disclosure may be generally provided in the server 105. The data anomaly determination method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105. Accordingly, the data anomaly determination apparatus provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105.

It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

The data anomaly determination method of the disclosed embodiment will be described in detail below by way of fig. 2 to 3 based on the scenario described in fig. 1.

Fig. 2 schematically illustrates a flow chart of a data anomaly determination method according to an embodiment of the present disclosure.

As shown in fig. 2, the data anomaly determination method 200 of this embodiment includes operations S210 to S240.

In operation S210, N-type index data associated with the approval process for the target object is acquired, where N is an integer greater than or equal to 2.

According to embodiments of the present disclosure, the target object may be an enterprise applying for use of a financial product.

According to the embodiment of the disclosure, the index data may be obtained through different data sources, including retrieving, by the server, historical data of the target object, and obtaining, by the interface, credit data of the target object, where the historical data may be a historical operating state, historical running information, and the like of the target object pre-stored in the financial product provider system, and the credit data may be renting and returning situations of other financial products in a certain period of the target object.

For example, an enterprise a applies for a financial product to a bank B, before authorizing the use, B needs to evaluate whether a qualifies for using the financial product through various index data of a, where various index data of a can be obtained by pre-storing a historical operating state of the enterprise in line B and querying historical credit information of a through an interface.

In operation S220, each type of index data is aggregated by using a preset aggregation method to obtain an aggregation index value of each type of index data, where the preset aggregation method is determined according to the type of the index data.

According to the embodiment of the disclosure, the preset aggregation method may include a real-time aggregation method, a distributed aggregation method, and the like, and different aggregation methods may be applied to process different types of index data, so as to obtain a processed result, and use the processed result as an aggregation index value.

For example, the various index data of the a may include first-class index data, second-class index data, third-class index data, and the like, and the bank B processes the different index data by using different aggregation methods to obtain a processing result, that is, the first-class index data and the third-class index data may be respectively processed by using a real-time aggregation method to obtain a first aggregation index value and a third aggregation index value, and the second-class index data may be processed by using a distributed aggregation method to obtain a second aggregation index value.

In operation S230, a preset verification scheme is invoked to screen a target verification scheme for a target object from among the preset verification schemes, wherein the preset verification scheme is preconfigured in the management system for a risk level of the target object.

According to the embodiment of the disclosure, the preset verification scheme may be a personalized verification scheme set by a manager according to different target objects, and may be preconfigured in the management system. After determining the risk level of the target object, screening a target verification scheme corresponding to the risk level according to the risk level of the target object, wherein the screened target verification scheme comprises personalized approval standards for the current target object.

For example, according to the operating condition of a and the flowing condition of the past year, a target verification scheme aiming at the target object a is screened from preset verification schemes in the row B, indexes, including the credit loss condition and the financial quality, of the approval of the qualification of using the financial product of a are predefined in the target verification scheme, and the qualification of using the financial product of a is approved subsequently through the target verification scheme.

In operation S240, a verification result is determined based on the target verification scheme and the aggregate index value, wherein the verification result is used to characterize whether the index data is abnormal.

According to the embodiment of the disclosure, after the target verification scheme is determined, the verification result is obtained by comparing the aggregation index value corresponding to the corresponding index data with the threshold value corresponding to the preset index data according to the preset index data contained in the target verification scheme.

For example, after determining the index of the subsequent approval of A, comparing the index with the corresponding threshold value in the preset verification scheme according to the two items of the confidence loss condition and the financial quality in the aggregate index value, and if the two items of index data are lower than the preset threshold value, indicating that the index data corresponding to the confidence loss condition and the financial quality of A are in a normal range; if a certain index data exceeds a preset threshold value, the corresponding index data of A is indicated to be abnormal.

According to an embodiment of the present disclosure, a preset verification scheme includes: the method comprises the steps of presetting a type check index and an index threshold corresponding to the preset type check index.

The data anomaly determination method may further include: determining a risk level of the target object by using the risk control model; screening target type check indexes corresponding to the risk levels of the target objects from preset type check indexes and screening index thresholds corresponding to the target type check indexes from index thresholds corresponding to the preset type check indexes according to the risk levels of the target objects; and determining the target type check index and an index threshold corresponding to the target type check index as a target check scheme.

According to the embodiment of the disclosure, a risk control model is used for carrying out risk rating on a target object to obtain risk grades integrating various index data. After the risk level is determined, the corresponding target verification scheme can be screened according to the risk level. The target verification scheme may include a preset target type verification index and an index threshold corresponding to the preset target type verification index

According to the embodiment of the disclosure, the importance degree, the asset condition and the like of different target objects can be classified according to the risk levels of the target objects, and different target verification schemes are configured according to different risk levels. In different target verification schemes, the verification rule may be determined according to the risk level of the target object, for example, some verification indexes may be screened, and thresholds are set for the verification indexes, where the index thresholds corresponding to each verification index are all customized within the total standard limiting threshold range, and may be experience values determined according to accumulated experience in manual inspection.

For example, after a certain enterprise a applies for a financial product to a certain bank B, B obtains various index data of a, and then determines the risk level of a by using a risk control model, for example, the asset condition of a is general, but the industry in which a is currently a rapidly developing industry, the risk level of B for a will be lower than that of a certain enterprise C in which the same asset condition is but the overall industry development speed is slow. Or D is a long-term partner of B, D is in its leading position in the industry, then the risk level of D will be lower. According to different risk levels, proper index data can be selected from the index data to serve as a target type check index of the current risk level. For example, the registered capital and transaction amount are selected as target type verification indicators for enterprises a and D, and a threshold is determined for the registered capital and transaction amount, and the threshold may not exceed a total standard limit threshold range. And taking the threshold value corresponding to the registered capital and the transaction amount as a target verification scheme of the target object of the risk level of enterprises A and D.

According to the method and the device for verifying the enterprise customers, the risk level of the target object is assessed through the risk control model, and the target verification scheme corresponding to the risk level is used as the verification standard of the target object, so that personalized verification of the enterprise customers with different importance degrees and different backgrounds is achieved, and by providing the personalized verification scheme, for example, for the enterprise customers with lower risk level, the approval process can be simplified and the experience of the enterprise customers can be improved by reducing the verification index; for enterprise clients with higher risk levels, the enterprise clients with higher risk levels are more comprehensively audited by adding check indexes until all acquired index data are covered, so that the risk required to be born by a financial product provider is reduced.

FIG. 3 schematically illustrates a flow chart of a method of determining a verification result based on a target verification scheme and an aggregate indicator value, in accordance with an embodiment of the disclosure.

As shown in fig. 3, the method 340 of determining a verification result according to the embodiment includes operations S341 to S342 based on the target verification scheme and the aggregate index value.

In operation S341, an aggregate index value of the index data of the target type is determined according to the target type check index.

According to the embodiment of the disclosure, the aggregation index value of the index data corresponding to the target type check index can be screened according to the target type check index and used as the aggregation index value of the index data of the target type.

According to the embodiment of the disclosure, after the target verification scheme is determined, according to the target type verification index, selecting the data of the corresponding type from the N types of index data related to the approval process aiming at the target object, and selecting the aggregation index value of the target type of index data, wherein the aggregation index value of the target type of index data is obtained by aggregating the target type of index data by using a preset aggregation method.

For example, after determining that the transaction amount is one of the target type verification indexes after determining the target verification scheme of a certain enterprise a, screening the transaction amount index from N types of index data associated with the approval process for the target object a, and selecting an aggregation index value of the transaction amount of a obtained by aggregating index data corresponding to the transaction amount index by using a preset aggregation method.

In operation S342, the aggregation index value is compared with the index threshold corresponding to the target type verification index to obtain a verification result.

For example, after obtaining the aggregate index value of the transaction amount of A, comparing the aggregate index value with the index threshold corresponding to the transaction amount check index, and obtaining the check result after comparing all target type check indexes.

According to the embodiment of the disclosure, after the target verification scheme of the target object is determined, the aggregate index value of the index data corresponding to the target type verification index in the target verification scheme is compared with the corresponding threshold value to obtain a verification result, and whether the approval process of the target object can be continued or immediately ended can be accurately determined through the verification result.

According to an embodiment of the present disclosure, the data anomaly determination method further includes: and classifying the index data by using the classification model to obtain classified index data.

According to the embodiment of the disclosure, the classified historical index data can be used for training a classification model, and the acquired index data is classified by using the classification model to obtain classified index data.

For example, the classified index data may include target object basic information, target object association relationship, target object financial situation, target object financing guarantee situation, target object trust loss situation, target object public opinion situation, target object business financing requirement, etc. The basic information of the target object may include a management state of the target object, real receipts of the target object, registered receipts of the target object, actual controllers of the target object, and the like. The target object financial situation may include a target object financial statement, or the like.

According to the embodiment of the disclosure, the index data is classified through the classification model, so that the classified index data is obtained, the category definition of the index data can be realized, and the risk level of the target object is conveniently determined by using the risk control model.

the method for aggregating the index data of each type by using a preset aggregation method to obtain an aggregation index value of the index data of each type comprises the following steps: determining a preset aggregation method as a real-time aggregation calculation method according to the basic attribute data; and aggregating the basic attribute data by using a real-time aggregation calculation method to obtain an aggregation index value of the basic attribute data.

According to the embodiment of the disclosure, the basic attribute class data can comprise data such as basic information of a target object, association relation of the target object, financial condition of the target object, financing guarantee condition of the target object and the like.

According to embodiments of the present disclosure, the real-time aggregate computing method may be Flink, clickhouse or the like. Wherein, using the Flink for real-time aggregate computation comprises: basic aggregation operations include summation, counting, minimum, maximum and average. These operations may be used to make statistics and analyses on the stream data, such as calculating average financial performance of the target object per month, etc.; grouping aggregation operation, which is to group stream data according to specified fields and aggregate each group, for example, the association relation of the target object can be grouped according to the association relation, and then the total transaction amount of the target object and the object corresponding to each association relation is calculated respectively; and window aggregation operation, which can divide stream data according to time windows and aggregate the data in each window. For example, each hour of data may be placed into a time window and the average access volume within each window calculated; the aggregation function may be defined according to the actual requirement, for example, an aggregation function may be defined, which is used to calculate the index data of the target object related to the risk.

According to the embodiment of the disclosure, the state information of the target object is represented by the basic attribute data, and belongs to static information, and the real-time aggregation calculation method is selected when the static information is processed because the real-time aggregation calculation method can provide higher timeliness, higher calculation efficiency and greater flexibility.

According to the embodiment of the disclosure, the comment class data can comprise data such as target object distrust situations, target object public opinion situations and the like; the pipeline class data may include data such as target object business financing requirements.

According to embodiments of the present disclosure, the distributed aggregation computing method may be Hadoop or the like. The K-Means algorithm is realized by using Hadoop, is an unsupervised learning algorithm and is mainly used for calculating data aggregation and classifying similar points of data into the same data cluster.

According to the embodiment of the disclosure, the comment class data and the pipeline class data represent the dynamic state of the target object within a period of time, and belong to dynamic information, and the distributed aggregation calculation method can efficiently process large-scale data and better utilize distributed calculation resources. In distributed aggregation computing, the map operation is used to translate local data, while the aggregation/merge class operation requires the use of data from other computing nodes, which requires a shuffle operation to merge the data from different partitions together and to re-slice the data according to the keys required for the aggregation operation. Thus, the distributed aggregation calculation can distribute data to different nodes for calculation, so that the calculation efficiency is improved. Meanwhile, the distributed computation also has elasticity and expandability, and computing nodes can be increased or decreased according to the needs so as to adapt to the data processing requirements of different scales. Therefore, the dynamic information selection distributed aggregation calculation method can better meet the requirement of data processing.

According to embodiments of the present disclosure, the approval process may include investigation, investigation review, inspection, and the like. Under the condition that index data of the current approval link is normal, the approval can enter the next link; under the condition that index data of the current approval link is abnormal, the whole approval process is directly terminated.

For example, when the approval of a certain enterprise a has already been performed in the investigation and review phase and the index data is normal, the approval enters the review phase; and in the inspection stage, the index data is abnormal, the inspection flow is terminated, and the application for using the financial product is not approved.

According to the embodiment of the disclosure, by applying the data anomaly determination method to the whole approval process, the authenticity of index data associated with the approval process can be inspected at any link of applying for financial products, so that risks can be effectively prevented and controlled, and the process processing efficiency is improved.

Based on the data anomaly determination method, the disclosure also provides a data anomaly determination device. The device will be described in detail below in connection with fig. 4.

As shown in fig. 4, the data anomaly determination apparatus 400 of this embodiment includes an acquisition module 410, an aggregation module 420, a calling module 430, and a first determination module 440.

The obtaining module 410 is configured to obtain N types of index data associated with an approval process for a target object, where N is an integer greater than or equal to 2. In an embodiment, the obtaining module 410 may be configured to perform the operation S210 described above, which is not described herein.

The aggregation module 420 is configured to aggregate each type of index data by using a preset aggregation method, where the preset aggregation method is determined according to the type of the index data, to obtain an aggregate index value of each type of index data. In an embodiment, the aggregation module 420 may be configured to perform the operation S220 described above, which is not described herein.

The calling module 430 is configured to call a preset verification scheme to screen a target verification scheme for a target object from the preset verification schemes, where the preset verification scheme is preconfigured in the management system for a risk level of the target object. In an embodiment, the calling module 430 may be configured to perform the operation S230 described above, which is not described herein.

The first determining module 440 is configured to determine a verification result based on the target verification scheme and the aggregate indicator value, where the verification result is used to characterize whether the indicator data is abnormal. In an embodiment, the first determining module 440 may be configured to perform the operation S240 described above, which is not described herein.

According to an embodiment of the present disclosure, the data anomaly determination apparatus 400 further includes a second determination module, a screening module, and a third determination module.

And the second determining module is used for determining the risk level of the target object by using the risk control model.

And the screening module is used for screening the target type check index corresponding to the risk level of the target object from preset type check indexes and screening the index threshold corresponding to the target type check index from index threshold corresponding to the preset type check index according to the risk level of the target object.

And the third determining module is used for determining the target type check index and the index threshold corresponding to the target type check index as a target check scheme.

According to an embodiment of the present disclosure, the first determination module 440 includes a first determination sub-module and a comparison sub-module.

And the first determining submodule is used for determining an aggregation index value of the index data of the target type according to the target type check index.

And the comparison sub-module is used for comparing the aggregation index value with an index threshold value corresponding to the target type check index to obtain a check result.

According to an embodiment of the present disclosure, the data anomaly determination device 400 further includes a classification module.

And the classification module is used for classifying the index data by using the classification model to obtain classified index data.

According to an embodiment of the present disclosure, the aggregation module 420 includes a second determination sub-module and a second aggregation sub-module.

And the second determining submodule is used for determining that the preset aggregation method is a real-time aggregation calculation method according to the basic attribute data.

And the second aggregation sub-module is used for aggregating the basic attribute data by utilizing a real-time aggregation calculation method to obtain an aggregation index value of the basic attribute data.

According to an embodiment of the present disclosure, the aggregation module 420 further includes a third determination sub-module and a second aggregation sub-module.

And the third determination submodule is used for determining that the preset aggregation method is a distributed aggregation calculation method according to the comment data and the pipeline data.

And the second aggregation sub-module is used for respectively aggregating the comment data and the stream data by using a distributed aggregation calculation method to obtain an aggregation index value of the comment data and an aggregation index value of the stream data.

According to an embodiment of the present disclosure, the data anomaly determination device 400 further includes a flow continuation module and a flow suspension module.

The flow continuing module is used for allowing the approval flow to enter the next link under the condition that the verification result is determined to be used for representing the normal index data.

And the flow suspension module is used for suspending the approval flow under the condition that the verification result is determined to be used for representing the abnormality of the index data.

Any of the acquisition module 410, the aggregation module 420, the invocation module 430, and the first determination module 440 may be combined in one module to be implemented, or any of them may be split into multiple modules, according to embodiments of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the acquisition module 410, the aggregation module 420, the invocation module 430, and the first determination module 440 may be implemented, at least in part, as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging circuitry, or in any one of or a suitable combination of any of the three. Alternatively, at least one of the acquisition module 410, the aggregation module 420, the invocation module 430, and the first determination module 440 may be at least partially implemented as computer program modules, which when executed, may perform the respective functions.

Fig. 5 schematically shows a schematic diagram of an application data anomaly determination device according to an embodiment of the present disclosure.

As shown in fig. 5, when the data anomaly determination device is applied, an interface may be provided externally, in the subsequent links of the approval process, such as investigation, investigation and review, etc., the data anomaly determination device may be called through the interface, a data verification request is sent to the data anomaly determination device, the data anomaly determination device obtains, according to the target object in the data verification request, index data related to the approval process for the target object, classifies the index data by using a classification model, aggregates the classified index data by using a preset aggregation method, obtains an aggregate index value of each type of index data, and invokes a preset verification scheme, so that the target verification scheme for the target object is screened from the preset verification schemes, and a verification result is determined based on the target verification scheme and the aggregate index value, and is fed back to the subsequent links of the approval process, such as investigation and review, etc. The check result is used for representing whether the index data is abnormal or not. When the feedback verification result represents that the index data is normal, the result can be determined to be normal, and the approval process enters the next link; when the feedback verification result represents that the index data is abnormal, the result is abnormal, and the approval process is stopped.

According to the embodiment of the disclosure, in any link in the whole approval process, the data anomaly determination device can be called through the interface to verify target object index data, and if the verification result represents that the index data is anomalous, the approval process can be stopped, so that risks borne by financial product providers are reduced.

As shown in fig. 6, an electronic device 600 according to an embodiment of the present disclosure includes a processor 601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. The processor 601 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 601 may also include on-board memory for caching purposes. The processor 601 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure.

In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 600 are stored. The processor 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604. The processor 601 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 602 and/or the RAM 603. Note that the program may be stored in one or more memories other than the ROM 602 and the RAM 603. The processor 601 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.

According to an embodiment of the present disclosure, the electronic device 600 may also include an input/output (I/O) interface 605, the input/output (I/O) interface 605 also being connected to the bus 604. The electronic device 600 may also include one or more of the following components connected to the I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.

The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.

According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 602 and/or RAM 603 and/or one or more memories other than ROM 602 and RAM 603 described above.

Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to perform the methods provided by embodiments of the present disclosure.

The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 601. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of signals over a network medium, and downloaded and installed via the communication section 609, and/or installed from the removable medium 611. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 601. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.

The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims

1. A data anomaly determination method, comprising:

acquiring N types of index data related to an approval process aiming at a target object, wherein N is an integer greater than or equal to 2;

aggregating each type of index data by using a preset aggregation method to obtain an aggregation index value of each type of index data, wherein the preset aggregation method is determined according to the type of the index data;

invoking a preset verification scheme to screen a target verification scheme aiming at the target object from the preset verification schemes, wherein the preset verification scheme is preset in a management system aiming at the risk level of the target object; and

And determining a verification result based on the target verification scheme and the aggregation index value, wherein the verification result is used for representing whether the index data is abnormal or not.

2. The method of claim 1, wherein the preset verification scheme comprises: the method comprises the steps of presetting a type check index and an index threshold corresponding to the preset type check index;

the method further comprises the steps of:

determining a risk level of the target object by using a risk control model;

screening a target type check index corresponding to the risk level of the target object from the preset type check index and screening an index threshold corresponding to the target type check index from the index threshold corresponding to the preset type check index according to the risk level of the target object;

and determining the target type check index and the index threshold corresponding to the target type check index as the target check scheme.

3. The method of claim 2, wherein the determining a verification result based on the target verification scheme and the aggregate indicator value comprises:

determining an aggregation index value of the index data of the target type according to the target type check index;

And comparing the aggregate index value with the index threshold value corresponding to the target type check index to obtain a check result.

4. The method of claim 1, further comprising:

and classifying the index data by using a classification model to obtain classified index data.

5. The method of claim 4, wherein the categorized index data comprises: basic attribute class data;

the step of aggregating each type of index data by using a preset aggregation method to obtain an aggregation index value of each type of index data comprises the following steps:

determining that the preset aggregation method is a real-time aggregation calculation method according to the basic attribute data;

and aggregating the basic attribute data by using the real-time aggregation calculation method to obtain an aggregation index value of the basic attribute data.

6. The method of claim 4, wherein the categorized index data comprises: comment class data and stream class data;

Determining that the preset aggregation method is a distributed aggregation calculation method according to the comment data and the pipeline data;

and respectively aggregating the comment data and the stream data by using the distributed aggregation calculation method to obtain an aggregation index value of the comment data and an aggregation index value of the stream data.

7. The method of any one of claims 1-6, further comprising:

under the condition that the verification result is used for representing that the index data are normal, the approval process enters the next link;

and under the condition that the verification result is determined to be used for representing the abnormality of the index data, the approval process is stopped.

8. A data anomaly determination device, comprising:

the system comprises a calling module, a verification module and a verification module, wherein the calling module is used for calling a preset verification scheme so as to screen a target verification scheme aiming at the target object from the preset verification scheme, and the preset verification scheme is preset in a management system aiming at the risk level of the target object; and

And the first determining module is used for determining a checking result based on the target checking scheme and the aggregation index value, wherein the checking result is used for representing whether the index data is abnormal or not.

9. An electronic device, comprising:

one or more processors;

storage means for storing one or more programs,

wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-7.

10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-7.

11. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 7.