CN117670363A - Early warning method, device, equipment and storage medium - Google Patents
Early warning method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117670363A CN117670363A CN202311667385.2A CN202311667385A CN117670363A CN 117670363 A CN117670363 A CN 117670363A CN 202311667385 A CN202311667385 A CN 202311667385A CN 117670363 A CN117670363 A CN 117670363A
- Authority
- CN
- China
- Prior art keywords
- early warning
- clustering
- warning rule
- transaction data
- rules
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000001960 triggered effect Effects 0.000 claims abstract description 28
- 230000000875 corresponding effect Effects 0.000 claims description 30
- 238000004590 computer program Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 8
- 230000002596 correlated effect Effects 0.000 claims description 4
- 238000004422 calculation algorithm Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000003064 k means clustering Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000007635 classification algorithm Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011144 upstream manufacturing Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the disclosure discloses an early warning method, device, equipment and storage medium, comprising the following steps: acquiring transaction data; comparing the transaction data with each early warning rule group in an early warning rule set in sequence, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data; and if the transaction data meets the early warning rule in any early warning rule group, generating early warning information. Compared with the method that the early warning rule groups are obtained by clustering the early warning rules triggered by the historical risk transaction data, the method can improve the early warning generation efficiency, more quickly identify the risk transaction and reduce the property loss of the user.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of early warning, in particular to an early warning method, device, equipment and storage medium.
Background
Risk early warning identification is an important part in an intelligent anti-risk system, early warning generation efficiency is a key whether risk behaviors can be intercepted and prevented in real time, and a more efficient mode is needed to help bank users avoid risks and reduce losses.
Disclosure of Invention
The embodiment of the disclosure provides an early warning method, device, equipment and storage medium, which improve the early warning generation efficiency.
In a first aspect, an early warning method is provided, including:
acquiring transaction data;
comparing the transaction data with each early warning rule group in an early warning rule set in sequence, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data;
and if the transaction data meets the early warning rule in any early warning rule group, generating early warning information.
In a second aspect, an early warning device is provided, including:
the data acquisition module is used for acquiring transaction data;
the data comparison module is used for sequentially comparing the transaction data with each early warning rule group in an early warning rule set, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data;
and the early warning information generation module is used for generating early warning information if the transaction data meets the early warning rules in any early warning rule group.
In a third aspect, an electronic device is provided, the electronic device comprising:
at least one processor; and;
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the pre-warning method provided in the first aspect above.
In a fourth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the early warning method provided in the first aspect of the embodiments of the present disclosure.
The embodiment of the disclosure provides an early warning method, device, equipment and storage medium, comprising the following steps: acquiring transaction data; comparing the transaction data with each early warning rule group in an early warning rule set in sequence, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data; and if the transaction data meets the early warning rule in any early warning rule group, generating early warning information. In the prior art, when rules are compared, the rules are sequentially processed, and if the rules with frequent early warning trigger disasters, the early warning generation time is longer. The early warning method disclosed by the embodiment of the disclosure fuses a clustering algorithm, realizes the priority ordering of fraud rules, and firstly compares and identifies rules with high priority when new transaction data exist, so that a more efficient early warning generation method is constructed, the early warning generation efficiency can be improved, risk transactions can be identified more quickly, and the property loss of users is reduced.
It should be understood that the description in this section is not intended to identify key or critical features of the disclosed embodiments, nor is it intended to be used to limit the scope of the disclosed embodiments. Other features of the embodiments of the present disclosure will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings required for the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a flowchart of an early warning method according to a first embodiment of the disclosure;
FIG. 2 is a flowchart of a K-Means-based anti-fraud early warning identification method provided in an embodiment of the present disclosure;
FIG. 3 is a flow chart of a K-Means priority based class-based implementation provided in accordance with an embodiment of the present disclosure;
fig. 4 is a flowchart of another early warning method according to the second embodiment of the disclosure;
fig. 5 is a schematic structural diagram of an early warning device according to a third embodiment of the disclosure;
fig. 6 presents a schematic view of the structure of an electronic device used to implement an embodiment of the present disclosure.
Detailed Description
In order that those skilled in the art will better understand the aspects of the embodiments of the present disclosure, a technical solution of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments, not all embodiments of the present disclosure. All other embodiments, which may be made by one of ordinary skill in the art without undue burden from the disclosed embodiments, are intended to be within the scope of the disclosed embodiments.
It should be noted that the terms "first," "second," and the like in the description of the embodiments and the claims and the above-described drawings are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the disclosed embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, in the technical scheme of the present disclosure, the acquisition, storage, use, processing, etc. of the data all conform to the relevant regulations of the national laws and regulations.
Example 1
Fig. 1 is a flowchart of an early warning method provided in a first embodiment of the disclosure, where the method may be applied to early warning a risk, and the method may be performed by an early warning device, where the early warning device may be implemented in a form of hardware and/or software, and the early warning device may be configured in an electronic device. As shown in fig. 1, the method includes:
s110, acquiring transaction data.
In this embodiment, the transaction data may be a data file generated by the user during the transaction.
S120, sequentially comparing the transaction data with each early warning rule group in the early warning rule set, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data.
After the transaction data is obtained, the transaction data can be compared with each early warning rule in the early warning rule set in sequence. The early warning can be persistent data generated when the rules are triggered, the data are used for checking personnel identification risks and identifying fraud, the rules can be the basis for early warning generation, the early warning rules can comprise various transaction characteristics, the early warning rule set comprises a plurality of early warning rule groups which are arranged from high to low according to priority, and the priority of each early warning rule group is positively correlated with the triggering times of the early warning rules in the corresponding early warning rule groups in the historical risk transaction data.
It should be explained that the early warning rule set can be obtained by clustering early warning rules triggered by historical risk transaction data, wherein the clustering can be a K-Means clustering algorithm, a K-Means clustering algorithm or a K-Means clustering algorithm, and is a clustering analysis algorithm for iterative solution. Clustering is a process of classifying and organizing data into data members that are similar in some way, and is a technique of finding such an internal structure, and the clustering technique is often called unsupervised learning.
In this embodiment, the priority classification of the early warning rule may be obtained through a K-Means algorithm.
And S130, if the transaction data meets the early warning rule in any early warning rule group, generating early warning information.
In this embodiment, by judging the obtained transaction data and the early warning rule group, when the transaction data meets the early warning rule in any early warning rule group, early warning information can be generated to prompt the user in time.
The embodiment provides an early warning method, which comprises the following steps: acquiring transaction data; comparing the transaction data with each early warning rule group in an early warning rule set in sequence, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data; and if the transaction data meets the early warning rule in any early warning rule group, generating early warning information. The early warning method provided by the embodiment can improve early warning generation efficiency, more quickly identify risk transactions and reduce property loss of users.
As an optional embodiment of the present embodiment, the early warning method provided in this embodiment further includes:
a1 Acquiring historical risk transaction data and counting the triggering times of each early warning rule in the historical risk transaction data.
In this embodiment, historical risk transaction data may be acquired, where the historical risk transaction data may be transaction data for which risk problems have occurred.
Specifically, after the historical risk transaction data is obtained, the triggering times of each early warning rule in the historical risk transaction data can be counted. The triggering times can be the times of the pre-warning rules which are triggered in the historical transaction data.
b1 Determining the number of the clustering centers and selecting the corresponding number of early warning rules as the clustering centers.
Specifically, after the statistics of the triggering times of each early warning rule in the historical risk transaction data is completed, the number of clustering centers can be determined according to the statistics data of the triggering times, and the early warning rules with the corresponding number are determined according to the number of the clustering centers and serve as the centers of the clusters.
The number of the cluster centers is N, and the number of the early warning rules of the cluster centers is N.
c1 Clustering the early warning rules according to the clustering centers, updating the clustering centers in the clustering process, and obtaining the early warning rule set after the clustering is completed.
In this embodiment, after the number of the cluster centers and the number of the early warning rules of the cluster centers are determined, the data with the same number as the cluster centers can be randomly selected from the historical transaction data to serve as the initial cluster centers, and the distances between each point and the initial cluster centers are calculated.
Following the above description, it is selected which group it now belongs to based on each point and each center point distance; next, selecting the mass center of each group as a new center point according to the grouped points; and iterating until the central point is unchanged, and obtaining the early warning rule set after clustering is completed.
Optionally, the determining the number of cluster centers includes:
a2 Counting the maximum of the number of pre-warning rules triggered simultaneously in a single risk transaction.
Specifically, after the transaction data are obtained, counting the number of the pre-warning rules triggered in each transaction data, and selecting the maximum value of the number of the triggering rules in the single transaction data.
The number of the early warning rules triggered by the transaction A is 3 times, the number of the early warning rules triggered by the transaction B is 4 times, the number of the early warning rules triggered by the transaction C is 5 times, and the maximum value of the number of the early warning rules triggered simultaneously in a single risk transaction is 5.
b2 And determining the number of the clustering centers according to the result of dividing the total number of the early warning rules and the maximum value.
It can be appreciated that after the maximum value of the number of pre-warning rules triggered simultaneously in a single risk transaction is obtained, the total number of pre-warning rules may be divided by the maximum value. The number of clustering centers can be determined by the result of dividing the total number of the early warning rules by the maximum value.
The maximum value of the number of the early warning rules triggered simultaneously in a single risk transaction is 5, the total number of the early warning rules is 20, and the number of the clustering centers can be 4.
According to the technical scheme, the priority of the early warning rules is ordered through a clustering algorithm, and the ordered early warning rules are used for early warning. Taking a bank anti-fraud scene as an example, fig. 2 is a flowchart of an anti-fraud early warning identification method based on K-Means, and as shown in fig. 2, the overall implementation thought of the embodiment is that through transactions which have been identified as having risks in the past, rules which need to be compared are classified and grouped in priority based on a K-Means classification algorithm, then after new transaction data is taken from an upstream system, rule comparison is performed according to the sequence, early warning information is generated, and fraud is identified. The transaction of the rule is not triggered, and the transaction is normally ended.
Fig. 3 is a flowchart of implementation of classification based on K-Means priority according to the present embodiment, and as shown in fig. 3, early warning recognition is performed by using a determined priority rule. And obtaining the current new transaction from an upstream system, grouping according to the priority determined in the first step, comparing the classification groups with the highest priority of each newly obtained transaction, and generating early warning to identify risks if a rule is triggered.
The technical scheme of the embodiment is based on a K-Means classification algorithm, the rules used at present are classified and grouped according to priority, when new transactions come, the rules of the first priority group are preferentially compared, if fraud is caused, the rules can be rapidly triggered, early warning information is generated, fraud is identified, and interception processing is faster. The invention improves the overall working efficiency of business personnel and can reduce the property loss of bank users.
Example two
Fig. 4 is a flowchart of another early warning method according to the second embodiment of the present disclosure, where the embodiments of the present disclosure are further optimized and expanded based on the foregoing embodiments. As shown in fig. 4, the method includes:
s210, acquiring transaction data.
S220, sequentially comparing the transaction data with each early warning rule group in the early warning rule set, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data.
And S230, if the transaction data meets the early warning rule in any early warning rule group, generating early warning information.
S240, acquiring historical risk transaction data and counting the triggering times of each early warning rule in the historical risk transaction data.
S250, determining the number of the clustering centers and selecting the corresponding number of early warning rules as the clustering centers.
And S260, for each early warning rule, calculating the distance between the triggering times of the early warning rule and the triggering times corresponding to each clustering center, and dividing the early warning rule into early warning rule groups corresponding to the clustering centers with the closest triggering times of the early warning rule.
In this embodiment, after the historical risk transaction data is obtained, the triggering times of each early warning rule may be counted. After the statistics of the triggering times of each early warning rule is completed, the distance between the triggering times of each early warning rule and the triggering times corresponding to each clustering center can be calculated, and the early warning rules can be grouped according to the distance of the triggering times.
Specifically, the distance between the triggering times of each early warning rule and the triggering times corresponding to each clustering center is calculated, for the triggering times of single early warning rules, the clustering center with the shortest triggering times of the triggering times and the clustering center is selected as the grouping of the early warning rules, and the grouping result of the early warning rules at one time can be obtained by calculating the distance and selecting the shortest distance of all the early warning rules.
S270, updating each clustering center and returning to execute the operation of calculating distance and dividing each early warning rule until the triggering times corresponding to the clustering centers before and after updating each early warning rule group are not changed, clustering is completed, and each early warning rule group forms an early warning rule set.
Specifically, a grouping result of the early warning rules is obtained once, the centroid in each grouping result can be used as a new clustering center, and the distance between the triggering times of each early warning rule and the triggering times corresponding to the new clustering center is calculated.
And then, the shortest distance between the triggering times of each early warning rule and the triggering times corresponding to the new clustering center is selected, and the early warning rule set to which each early warning rule belongs is reclassified until the triggering times corresponding to the clustering centers before and after updating each early warning rule group are not changed, at this time, clustering is completed, and each early warning rule group obtained in the last time is determined to be a final early warning rule set.
For example, k=2 cluster centers are selected, rule a (trigger 50 times) and rule B (trigger 10 times), respectively, rules of about 50 triggers are grouped into a first group, and rules of about 10 triggers are grouped into a second group. The average value of the triggering times of each rule in the first group is 40, and the center is updated to be a rule with 40 triggering times (or 40 times closest) of any one (any one) in the group; and updating the center to a rule with 15 triggering times (or 15 closest times) of any one (any one) in the group when the triggering times average value of each rule in the second group is 15, and then performing a second round of clustering until the triggering times of the clustering center are not changed any more, and finishing the clustering.
Optionally, updating each cluster center includes:
a3 For a single early warning rule group, calculating the average value of the triggering times of the early warning rules in the early warning rule group;
in this embodiment, after the preliminary grouping of the early warning rules is completed, an average value of the trigger times in the divided early warning rule groups may be calculated.
b3 Any one of the early warning rules with the triggering times equal to or closest to the average value in the early warning rule group is used as an updated clustering center of the early warning rule group.
Specifically, after the average value of the triggering times of the early warning rules is obtained, the early warning rules with the triggering times equal to or closest to the average triggering times of the current early warning rule group in the early warning rule group can be used as a new clustering center.
It should be noted that, the priority of the final obtained early warning rule group is positively correlated with the triggering times of the early warning rules in the corresponding early warning rule group in the historical risk transaction data. The triggering times of the early warning rules in the early warning rule group can be the average value of the triggering times or the triggering times corresponding to the clustering center.
For example, k=2 cluster centers are selected, the triggering times of the early warning rules of the cluster centers of the first group are 35 times, and the triggering times of the early warning rules of the second group are 10 times, so that the priority of the early warning rules of the cluster centers of the first group is higher than the priority of the early warning rules of the second group.
The embodiment of the disclosure provides an early warning method, which comprises the following steps: transaction data is obtained. And comparing the transaction data with each early warning rule group in the early warning rule set in sequence, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data. And if the transaction data meets the early warning rules in any early warning rule group, generating early warning information. And acquiring historical risk transaction data and counting the triggering times of each early warning rule in the historical risk transaction data. And determining the number of the clustering centers and selecting the corresponding number of early warning rules as the clustering centers. And for each early warning rule, calculating the distance between the triggering times of the early warning rule and the triggering times corresponding to each clustering center, and dividing the early warning rule into early warning rule groups corresponding to the clustering centers with the closest triggering times of the early warning rule. Updating each clustering center and returning to execute the operation of calculating distance and dividing each early warning rule until the triggering times corresponding to the clustering centers before and after updating each early warning rule group are not changed, clustering is completed, each early warning rule group forms an early warning rule set, and risk transaction can be recognized more quickly by the early warning method provided by the embodiment, so that the early warning generation efficiency is improved.
Example III
Fig. 5 is a schematic structural diagram of an early warning device according to a third embodiment of the disclosure. As shown in fig. 5, the apparatus includes: the system comprises a data acquisition module 310, a data comparison module 320 and an early warning information generation module 330.
Wherein, the data acquisition module 310 is configured to acquire transaction data;
the data comparison module 320 is configured to compare the transaction data with each early warning rule group in an early warning rule set in sequence, where the early warning rule set includes a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data;
the early warning information generating module 330 is configured to generate early warning information if the transaction data meets the early warning rule in any early warning rule group.
The third embodiment of the disclosure provides an early warning device, which improves early warning generation efficiency, more quickly identifies risk transactions, and reduces property loss of users.
Further, the device further comprises:
the triggering frequency acquisition module is used for acquiring historical risk transaction data and counting the triggering frequency of each early warning rule in the historical risk transaction data;
the cluster center determining module is used for determining the number of cluster centers and selecting the corresponding number of early warning rules as the cluster centers;
the early warning rule acquisition module is used for clustering the early warning rules according to the clustering centers, updating the clustering centers in the clustering process and obtaining the early warning rule set after the clustering is completed.
Further, the cluster center determining module may be further configured to;
counting the maximum value of the number of early warning rules triggered simultaneously in a single risk transaction;
and determining the number of the clustering centers according to the result of dividing the total number of the early warning rules by the maximum value.
Further, the early warning rule acquisition module may further include:
the early warning rule grouping sub-module is used for respectively calculating the distance between the triggering times of the early warning rules and the triggering times corresponding to the clustering centers for each early warning rule, and dividing the early warning rules into early warning rule groups corresponding to the clustering centers with the closest triggering times of the early warning rules;
and the early warning rule set determining submodule is used for updating each clustering center and returning to execute the operation of calculating distance and dividing each early warning rule until the triggering times corresponding to the clustering centers before and after updating each early warning rule group are not changed, clustering is completed, and each early warning rule group forms the early warning rule set.
Optionally, the early warning rule set determining submodule may be further configured to:
for a single early warning rule group, calculating the average value of the triggering times of the early warning rules in the early warning rule group;
and taking any one of the early warning rules with the triggering times equal to or closest to the average value in the early warning rule group as an updated clustering center of the early warning rule group.
Further, the priority of each early warning rule group is positively correlated with the triggering times of the early warning rules in the corresponding early warning rule group in the historical risk transaction data.
The early warning device provided by the embodiment of the disclosure can execute the early warning method provided by any embodiment of the disclosure, and has the corresponding functional modules and beneficial effects of the execution method.
Example IV
Fig. 6 shows a schematic diagram of an electronic device 10 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the embodiments of the disclosure described and/or claimed herein.
As shown in fig. 6, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microprocessor, etc. The processor 11 performs the various methods and processes described above, such as the pre-warning method.
In some embodiments, the pre-warning method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the pre-warning method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the pre-warning method in any other suitable way (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of embodiments of the present disclosure may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the disclosed embodiments, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the embodiments of the present disclosure may be performed in parallel, may be performed sequentially, or may be performed in a different order, so long as the desired result of the technical solution of the embodiments of the present disclosure is achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the embodiments of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the embodiments of the present disclosure are intended to be included within the scope of the embodiments of the present disclosure.
Claims (10)
1. An early warning method is characterized by comprising the following steps:
acquiring transaction data;
comparing the transaction data with each early warning rule group in an early warning rule set in sequence, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data;
and if the transaction data meets the early warning rule in any early warning rule group, generating early warning information.
2. The method as recited in claim 1, further comprising:
acquiring historical risk transaction data and counting the triggering times of each early warning rule in the historical risk transaction data;
determining the number of the clustering centers and selecting the early warning rules with the corresponding number as the clustering centers;
clustering the early warning rules according to the clustering centers, updating the clustering centers in the clustering process, and obtaining the early warning rule set after the clustering is completed.
3. The method of claim 2, wherein the determining the number of cluster centers comprises:
counting the maximum value of the number of early warning rules triggered simultaneously in a single risk transaction;
and determining the number of the clustering centers according to the result of dividing the total number of the early warning rules by the maximum value.
4. The method according to claim 2, wherein clustering each of the early warning rules according to each of the cluster centers, updating each of the cluster centers during the clustering, and obtaining the set of early warning rules after the clustering is completed, comprises;
for each early warning rule, respectively calculating the distance between the triggering times of the early warning rule and the triggering times corresponding to each clustering center, and dividing the early warning rule into early warning rule groups corresponding to the clustering centers with the closest triggering times of the early warning rule;
updating each clustering center and returning to execute the operation of calculating distance and dividing each early warning rule until the triggering times corresponding to the clustering centers before and after updating each early warning rule group are not changed, clustering is completed, and each early warning rule group forms the early warning rule set.
5. The method of claim 4, wherein updating each of the cluster centers comprises:
for a single early warning rule group, calculating the average value of the triggering times of the early warning rules in the early warning rule group;
and taking any one of the early warning rules with the triggering times equal to or closest to the average value in the early warning rule group as an updated clustering center of the early warning rule group.
6. The method of claim 1, wherein the priority of each of the alert rule groups is positively correlated with the number of triggers of the alert rules in the corresponding alert rule group in the historical risk transaction data.
7. An early warning device, characterized by comprising:
the data acquisition module is used for acquiring transaction data;
the data comparison module is used for sequentially comparing the transaction data with each early warning rule group in an early warning rule set, wherein the early warning rule set comprises a plurality of early warning rule groups arranged from high to low according to priority, and each early warning rule group is obtained by clustering early warning rules triggered by historical risk transaction data;
and the early warning information generation module is used for generating early warning information if the transaction data meets the early warning rules in any early warning rule group.
8. The apparatus of claim 7, further comprising:
the triggering frequency acquisition module is used for acquiring historical risk transaction data and counting the triggering frequency of each early warning rule in the historical risk transaction data;
the cluster center determining module is used for determining the number of cluster centers and selecting the corresponding number of early warning rules as the cluster centers;
the early warning rule acquisition module is used for clustering the early warning rules according to the clustering centers, updating the clustering centers in the clustering process and obtaining the early warning rule set after the clustering is completed.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the pre-warning method of any one of claims 1-6.
10. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when executed by a processor, implements the pre-warning method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311667385.2A CN117670363A (en) | 2023-12-06 | 2023-12-06 | Early warning method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311667385.2A CN117670363A (en) | 2023-12-06 | 2023-12-06 | Early warning method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117670363A true CN117670363A (en) | 2024-03-08 |
Family
ID=90074754
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311667385.2A Pending CN117670363A (en) | 2023-12-06 | 2023-12-06 | Early warning method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117670363A (en) |
-
2023
- 2023-12-06 CN CN202311667385.2A patent/CN117670363A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116049146B (en) | Database fault processing method, device, equipment and storage medium | |
| CN112632251B (en) | Reply content generation method, device, equipment and storage medium | |
| CN116340831B (en) | Information classification method and device, electronic equipment and storage medium | |
| CN116471174B (en) | Log data monitoring system, method, device and storage medium | |
| CN116668264A (en) | Root cause analysis method, device, equipment and storage medium for alarm clustering | |
| CN117670363A (en) | Early warning method, device, equipment and storage medium | |
| CN115794473A (en) | Root cause alarm positioning method, device, equipment and medium | |
| CN115665783A (en) | Abnormal index tracing method and device, electronic equipment and storage medium | |
| CN115333783A (en) | API call abnormity detection method, device, equipment and storage medium | |
| CN113360688B (en) | Method, device and system for constructing information base | |
| CN117609311A (en) | Service degradation method, device, equipment and storage medium | |
| CN115578583B (en) | Image processing method, device, electronic equipment and storage medium | |
| CN116166501B (en) | Log verification method and device, electronic equipment and storage medium | |
| CN117608896A (en) | Transaction data processing method and device, electronic equipment and storage medium | |
| CN116502841A (en) | Event processing method and device, electronic equipment and medium | |
| CN117635272A (en) | Object recommendation method and device, electronic equipment and storage medium | |
| CN117611324A (en) | Credit rating method, apparatus, electronic device and storage medium | |
| CN116090704A (en) | Energy management method, device, equipment and medium for business tenant | |
| CN117609723A (en) | Object identification method and device, electronic equipment and storage medium | |
| CN115643182A (en) | Flow detection method and device and electronic equipment | |
| CN113836242A (en) | Data processing method and device, electronic equipment and readable storage medium | |
| CN117493060A (en) | Database component anomaly detection method, device, equipment and medium | |
| CN115619413A (en) | Method, device, equipment and storage medium for determining abnormal transactions | |
| CN117670362A (en) | Employee control account identification method, device, equipment and medium | |
| CN114764598A (en) | Event clustering method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |