CN117764590A - Risk identification method, apparatus, device, medium, and program product - Google Patents

Risk identification method, apparatus, device, medium, and program product Download PDF

Info

Publication number
CN117764590A
CN117764590A CN202311778894.2A CN202311778894A CN117764590A CN 117764590 A CN117764590 A CN 117764590A CN 202311778894 A CN202311778894 A CN 202311778894A CN 117764590 A CN117764590 A CN 117764590A
Authority
CN
China
Prior art keywords
risk
grid
position information
geographic position
area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311778894.2A
Other languages
Chinese (zh)
Inventor
任怡雯
廖智
陈家华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202311778894.2A priority Critical patent/CN117764590A/en
Publication of CN117764590A publication Critical patent/CN117764590A/en
Pending legal-status Critical Current

Links

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The disclosure provides a risk identification method, which can be applied to the technical field of information security and the technical field of finance. The method comprises the following steps: obtaining geographic position information corresponding to a target area; encoding the geographic position information, and converting the longitude and latitude of the geographic position information into corresponding grid codes; identifying risk accounts existing in each grid area by utilizing a pre-trained risk identification model; according to the number of risk accounts present in each grid region, the following operations are performed using a pre-trained risk decision model: carrying out risk grade division on each grid region to obtain a risk grade corresponding to each grid region, wherein the risk grade is used for quantifying the risk index of the grid region; and in response to the risk index reaching the risk index threshold, performing risk identification on the grid region reaching the risk index threshold. The present disclosure also provides a risk identification apparatus, device, medium and program product.

Description

Risk identification method, apparatus, device, medium, and program product
Technical Field
The present disclosure relates to the field of information security technology and financial technology, and more particularly, to a risk identification method, apparatus, device, medium, and program product.
Background
Currently, in the identification process of a telecom risk account, the scheme of a risk group partner is gradually updated, an organization situation is gradually formed, and in the fraud process of a highly organized risk group partner, the characteristic of centralized geographic positions, such as abnormal card handling, account opening, funds transfer and other transaction behaviors in a specific area, often occur.
The conventional case-related account identification mode is mainly based on the transaction behavior characteristics of a user, takes account transaction amount, transaction frequency, account information, client information and equipment information as risk identification elements, namely carries out risk identification in the dimension of 'people' or 'equipment', but the identification method cannot effectively identify the case-related risk in the geographical position concentration mode.
Disclosure of Invention
In view of the foregoing, the present disclosure provides risk identification methods, apparatuses, devices, media, and program products that are capable of effectively identifying geographic location-localized risks.
According to a first aspect of the present disclosure, there is provided a risk identification method, comprising: obtaining geographic position information corresponding to a target area; encoding the geographic position information, and converting the longitude and latitude of the geographic position information into corresponding grid codes, wherein each grid code has a unique corresponding grid region; identifying risk accounts existing in each grid area by utilizing a pre-trained risk identification model; according to the number of risk accounts present in each grid region, the following operations are performed using a pre-trained risk decision model: carrying out risk grade division on each grid region to obtain a risk grade corresponding to each grid region, wherein the risk grade is used for quantifying the risk index of the grid region; and in response to the risk index reaching the risk index threshold, performing risk identification on the grid region reaching the risk index threshold.
According to an embodiment of the present disclosure, encoding geographic location information, converting longitude and latitude of the geographic location information into corresponding grid codes, includes: determining longitude and latitude of geographic position information; dividing the range expressed by longitude and latitude into equal grid areas; and converting the longitude and latitude of each grid region into a Geohash character string by using a Geohash algorithm to obtain a grid code corresponding to each grid region.
According to an embodiment of the present disclosure, converting longitude and latitude of each grid region into a Geohash character string by using a Geohash algorithm, to obtain a grid code corresponding to each grid region, including: filling a grid area by adopting a Z-shaped filling method; the longitude is converted to even digits of the Geohash string and the latitude is converted to odd digits of the Geohash string.
According to an embodiment of the present disclosure, obtaining geographic location information corresponding to a target area includes: acquiring static geographic position information of a user in a target area, wherein the static geographic position information comprises geographic position information corresponding to a residence address, a property address and a work unit address of the user; dynamic geographic position information of a user is obtained, wherein the dynamic geographic position information comprises geographic position information corresponding to login behavior, transaction behavior and credit card application behavior of the user.
According to an embodiment of the present disclosure, the method further comprises: according to the number of risk accounts present in each grid region, the following operations are performed using a pre-trained risk decision model: predicting the probability value of the risk account in the next time period of the target area according to the risk level corresponding to each grid area; and (5) formulating a corresponding risk prevention and control strategy according to the probability value.
According to an embodiment of the present disclosure, formulating a corresponding risk prevention and control policy according to the probability value includes: acquiring position migration information of the risk account in response to the probability value reaching a probability value threshold value, and determining a migration position of the risk account in the next time period according to the position migration information; and deploying a risk prevention and control strategy in the grid area corresponding to the migration position, wherein the risk prevention and control strategy is configured with a time attenuation mechanism.
According to an embodiment of the present disclosure, in response to the risk index reaching a risk index threshold, risk identification is performed on a grid region reaching the risk index threshold, including: acquiring the operation time, the operation place and the account IP of the risk account in response to the risk index reaching the risk index threshold; and identifying risk personnel corresponding to the risk account according to the operation time, the operation place and the account IP.
According to an embodiment of the present disclosure, the risk recognition model is configured with at least one of a knowledge graph, a rules engine, a graph algorithm, a clustering algorithm, and a tree model algorithm.
A second aspect of the present disclosure provides a risk identification apparatus, comprising: the acquisition module is used for acquiring geographic position information corresponding to the target area; the coding module is used for coding the geographic position information and converting the longitude and latitude of the geographic position information into corresponding grid codes, wherein each grid code is provided with a unique corresponding grid region; the first identification module is used for identifying risk accounts existing in each grid area by utilizing a pre-trained risk identification model; the division module is used for dividing the risk level of each grid area to obtain a risk level corresponding to each grid area, wherein the risk level is used for quantifying the risk index of the grid area; and the second identification module is used for carrying out risk identification on the grid area reaching the risk index threshold value in response to the risk index reaching the risk index threshold value.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above method.
The risk identification method, the device, the equipment, the medium and the program product provided by the disclosure adopt a geographic position coding mode to convert geographic position information of a target area into grid codes, then identify risk accounts in grid areas corresponding to each grid code by using a man-machine model, divide risk grades according to the number of the risk accounts in each grid area, and formulate corresponding risk strategies according to different grades. Compared with the traditional longitude and latitude expression mode, the geographic position coding can enable data to be reduced and discretized, and high-efficiency retrieval is supported, so that the geographic position information is converted into grid coding, identification of a risk account is facilitated, the grid area is graded, risk indexes of the area can be estimated and quantized, and important risk identification prevention and control are conducted on the area corresponding to the high risk index, namely, the geographical position centralized case-related area, so that occurrence of centralized risk events can be effectively reduced.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a risk identification method according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a risk identification method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart for encoding geographic location information in a risk identification method according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart for generating a trellis code using a Geohash algorithm in a risk identification method according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a flowchart for obtaining geographic location information in a risk identification method according to an embodiment of the present disclosure;
fig. 6 schematically illustrates a flowchart of predicting risk prevention probability values in a risk identification method according to an embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow chart for formulating risk prevention and control strategies in a risk identification method according to an embodiment of the present disclosure;
FIG. 8 schematically illustrates a flow chart for identifying risk personnel according to a risk index in a risk identification method according to an embodiment of the present disclosure;
Fig. 9 schematically illustrates a block diagram of a risk identification apparatus according to an embodiment of the present disclosure; and
fig. 10 schematically illustrates a block diagram of an electronic device adapted to implement a risk identification method according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
It should be noted that the risk identification method and apparatus in the present disclosure may be used in the case of risk identification in the financial field, and may also be used in the case of risk identification in any field other than the financial field, and the application field of the risk identification method and apparatus in the present disclosure is not limited.
In the technical scheme of the invention, the related user information (including but not limited to user personal information, user image information, user equipment information, such as position information and the like) and data (including but not limited to data for analysis, stored data, displayed data and the like) are information and data authorized by a user or fully authorized by all parties, and the processing of the related data such as collection, storage, use, processing, transmission, provision, disclosure, application and the like are all conducted according to the related laws and regulations and standards of related countries and regions, necessary security measures are adopted, no prejudice to the public welfare is provided, and corresponding operation inlets are provided for the user to select authorization or rejection.
The embodiment of the disclosure provides a risk identification method, which comprises the following steps: obtaining geographic position information corresponding to a target area; encoding the geographic position information, and converting the longitude and latitude of the geographic position information into corresponding grid codes, wherein each grid code has a unique corresponding grid region; identifying risk accounts existing in each grid area by utilizing a pre-trained risk identification model; according to the number of risk accounts present in each grid region, the following operations are performed using a pre-trained risk decision model: carrying out risk grade division on each grid region to obtain a risk grade corresponding to each grid region, wherein the risk grade is used for quantifying the risk index of the grid region; and in response to the risk index reaching the risk index threshold, performing risk identification on the grid region reaching the risk index threshold.
According to the risk identification method, geographic position information of a target area is converted into grid codes in a geographic position coding mode, then a man-machine model is utilized to identify risk accounts in grid areas corresponding to each grid code, risk grades are divided according to the number of the risk accounts in each grid area, and corresponding risk strategies are formulated according to different grades. Compared with the traditional longitude and latitude expression mode, the geographic position coding can enable data to be reduced and the data to be discretized and support efficient retrieval, so that the geographic position information is converted into the grid coding to be beneficial to identification of a risk account, the geographic position information is converted into the grid coding to be beneficial to identification of the risk account, the grid region is classified to evaluate and quantify the risk indexes of the region, and the region corresponding to the high risk index, namely the geographical position centralized case-related region, is subjected to key risk identification prevention and control, so that the occurrence of a centralized risk event can be effectively reduced.
Fig. 1 schematically illustrates an application scenario diagram of a risk identification method according to an embodiment of the present disclosure.
As shown in fig. 1, an application scenario 100 according to this embodiment may include terminal devices 101, 102, 103. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that, the risk identification method provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the risk identification apparatus provided by the embodiments of the present disclosure may be generally provided in the server 105. The risk identification method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the risk identification apparatus provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The risk identification method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 8 based on the scenario described in fig. 1.
In this embodiment, for example, a user wants to perform risk identification on risk events in a geographic location set by using the risk identification method in the embodiment of the present disclosure.
Fig. 2 schematically illustrates a flow chart of a risk identification method according to an embodiment of the present disclosure.
As shown in fig. 2, the risk identification method of this embodiment includes operations S210 to S250, and the risk identification method may be performed in a server.
In operation S210, geographical location information corresponding to a target area is acquired.
In this embodiment, first, a national standard area is determined by combining personal information and a behavior log of a user with map data, and then geographic position information corresponding to a target area is obtained, where the geographic position information includes longitude and latitude information of the target area.
In operation S220, the geographical location information is encoded, and the longitude and latitude of the geographical location information are converted into corresponding grid codes, where each grid code has a unique corresponding grid area.
Compared with the traditional longitude and latitude expression mode, the geographic position coding has the advantages of data dimension reduction, data discretization, support of hierarchy, support of efficient retrieval and the like, is low in calculation complexity, saves storage space, and is more suitable for scenes of mass data retrieval and calculation.
The comparison effect of the geographic position code and the traditional longitude and latitude is shown in the following table 1:
table 1: geographical position coding and traditional longitude and latitude comparison effect
In this embodiment, the geographic location information is encoded, so that the longitude and latitude of the geographic location information are converted into the corresponding grid codes, which is beneficial to identification of the risk account.
In operation S230, risk accounts present in each grid region are identified using a pre-trained risk identification model.
In this embodiment, a risk account existing in the grid area is identified by using a pre-trained risk identification model and combining expert rules based on business experience, so as to identify a risk event.
According to the number of risk accounts present in each grid region, the following operations are performed using a pre-trained risk decision model:
in operation S240, risk classification is performed on each grid region, so as to obtain a risk level corresponding to each grid region, where the risk level is used to quantify a risk index of the grid region.
In this embodiment, according to the number of risk accounts existing in each grid region, risk classification is performed on each grid region by using a pre-trained risk determination model, and the risk classification is used to quantify the risk index of the grid region.
For example, a grid region in which no risk account appears is divided into risk-free regions, the corresponding risk index is "0", a grid region in which the number of risk accounts is between 0 and 10 is divided into low risk regions, the corresponding risk index is "1", a grid region in which the number of risk accounts is between 10 and 50 is divided into medium risk regions, the corresponding risk index is "2", a grid region in which the number of risk accounts exceeds 50 is divided into high risk regions, and the corresponding risk index is "3".
In operation S250, in response to the risk index reaching the risk index threshold, risk identification is performed on the grid region reaching the risk index threshold.
In this embodiment, for example, the risk index threshold is set to "3", if the risk index of the grid area reaches the risk index threshold "3", which indicates that there are a large number of risk accounts and involved persons in the grid area, and if it is determined that the grid area is a key area in which involved persons are concentrated, a corresponding wind control policy is implemented for the key area.
Fig. 3 schematically illustrates a flowchart for encoding geographic location information in a risk identification method according to an embodiment of the present disclosure.
As shown in fig. 3, the information extraction method of this embodiment includes operations S310 to S330.
In operation S310, the latitude and longitude of the geographical position information is determined.
In the present embodiment, the latitude of the target area is-90 to 90, and the longitude range of the target area is-180 to 180, for example.
In operation S320, the range represented by the latitude and longitude is divided into equal grid areas.
In this embodiment, the latitude and longitude range is divided into two sub-areas, for example, the latitude and longitude range is divided into two sub-areas of-180 to 0 and 0 to 180, the latitude and longitude range is divided into two sub-areas of-90 to 0 and 0 to 90, each sub-area is divided into two more sub-areas to obtain smaller sub-areas, and the process is repeated until the required precision is reached.
In operation S330, the latitude and longitude of each grid region are converted into a Geohash character string by using a Geohash algorithm, so as to obtain a grid code corresponding to each grid region.
Geohash is a geocode, which is a hierarchical data structure that divides space into grids and then encodes two-dimensional geocoordinates, namely longitude and latitude, into a string of numbers and letters. The Geohash has the advantages of local order preservation and simple realization.
In this embodiment, the latitude and longitude of each grid region are converted into a Geohash character string by using a Geohash algorithm, so as to obtain a grid code corresponding to each grid region.
Fig. 4 schematically illustrates a flowchart for generating a trellis code using a Geohash algorithm in a risk identification method according to an embodiment of the present disclosure.
As shown in fig. 4, the information extraction method of this embodiment includes operations S410 to S420.
In operation S410, the grid region is filled with a "Z" word filling method.
In this embodiment, the grid area is encoded by using the "Z" filling method, so that adjacent geographic positions are also adjacent in the encoded character string, and spatial indexing and comparison are convenient.
In operation S420, the longitude is converted into even digits of the Geohash string, and the latitude is converted into odd digits of the Geohash string.
In this embodiment, the longitude and the latitude are respectively converted into binary representations, then the longitude is placed in an even number bit and the latitude is placed in an odd number bit according to a "Z" word filling method, so as to obtain a binary string, and then the binary string is converted into a Geohash string, so as to obtain a final encoding result.
Fig. 5 schematically illustrates a flowchart for acquiring geographical location information in a risk identification method according to an embodiment of the present disclosure.
As shown in fig. 5, the information extraction method of this embodiment includes operations S510 to S520.
In operation S510, static geographical location information of a user in a target area is acquired, wherein the static geographical location information includes geographical location information corresponding to a residential address, a property address, and a work unit address of the user.
In this embodiment, the residence addresses of the user include a home address, a long-term residence lease address, and the like, the property address is all property addresses registered under the user name, and the work unit is the area where the user works and works.
In operation S520, dynamic geographical location information of the user is acquired, wherein the dynamic geographical location information includes geographical location information corresponding to a login behavior, a transaction behavior, and an application credit card behavior of the user.
In the present embodiment, the residence address, the property address and the work unit address of the user can be obtained by the residence information at the time of user registration, and the login behavior, the transaction behavior and the credit card application behavior of the user can be obtained based on the telephone number and the detection system of the financial institution background
In this embodiment, the static geographic location information and the dynamic geographic location information of the user in the target area are obtained through user authorization.
Fig. 6 schematically illustrates a flowchart of predicting risk prevention probability values in a risk identification method according to an embodiment of the present disclosure.
As shown in fig. 6, the risk identification method of this embodiment includes operations S610 to S620.
According to the number of risk accounts present in each grid region, the following operations are performed using a pre-trained risk decision model:
in operation S610, a probability value of occurrence of a risk account in a next time period of the target area is predicted according to the risk level corresponding to each grid area.
In operation S620, a corresponding risk prevention and control policy is formulated according to the probability value.
In this embodiment, according to the number of risk accounts existing in each grid region, risk level evaluation is performed on the grid region, probability values of risk accounts in the next time period of the target region are predicted, and different personalized prevention and control strategies can be formulated for different probability values.
Fig. 7 schematically illustrates a flowchart for formulating risk prevention and control strategies in a risk identification method according to an embodiment of the present disclosure.
As shown in fig. 7, the risk identification method of this embodiment includes operations S710 to S720.
In operation S710, in response to the probability value reaching the probability value threshold, position migration information of the risk account is acquired, and a migration position in a next time period of the risk account is determined according to the position migration information.
In this embodiment, if the probability of occurrence of the risk account in the target area is high, for example, a preset probability value threshold has been reached, position migration information of the risk account is obtained, and then a migration position of the risk account expected to migrate in a next time period is determined according to the position migration information.
In operation S720, a risk prevention and control policy is deployed in the grid area corresponding to the migration location, where the risk prevention and control policy is configured with a time attenuation mechanism.
In this embodiment, a risk prevention and control policy is deployed in advance for the grid area corresponding to the migration position, the risk prevention and control policy is configured with a time attenuation mechanism, the area risk is attenuated along with time, and after the risk personnel leave, the area wind control policy returns to normal, so that the interference on normal operation is reduced.
Fig. 8 schematically illustrates a flowchart for identifying risk personnel according to risk indices in a risk identification method according to an embodiment of the present disclosure.
As shown in fig. 8, the risk identification method of this embodiment includes operations S810 to S820.
In operation S810, in response to the risk index reaching the risk index threshold, an operation time, an operation place, and an account IP of the risk account are acquired.
In this embodiment, if the risk index of the grid area reaches the risk index threshold, which indicates that a large number of risk accounts and involved persons exist in the grid area, and the grid area is determined to be a key area concentrated by the involved persons, the operation time, the operation location and the account IP corresponding to the risk accounts are obtained.
In this embodiment, the operation time, the operation place and the account IP corresponding to the risk account are obtained through user authorization.
In operation S820, a risk person corresponding to the risk account is identified according to the operation time, the operation place, and the account IP.
In this embodiment, after the operation time, the operation place and the account IP corresponding to the risk account are obtained, targeted identification management and control are performed on the risk personnel corresponding to the risk account.
According to an embodiment of the present disclosure, the risk recognition model is configured with at least one of a knowledge graph, a rules engine, a graph algorithm, a clustering algorithm, and a tree model algorithm.
Knowledge Graph (knowledgegraph): the system is a structured semantic knowledge base for describing concepts and interrelationships thereof in a physical world in a symbolic form, wherein the basic constituent units are entity-relation-entity triples and entity and related attribute-value pairs thereof, and the entities are mutually connected through relations to form a net-shaped knowledge structure.
Rule engine (business rule management system, english name BRMS (i.e. Business Rule Management System)): the method is to abstract the rules of the business system to form a general model. The function is as follows: helping application developers build a standardized set of business rules and algorithms. The rules engine can simplify the business architecture, make business logic easier for the developer to understand, and provide a consistent and easy-to-use tool in a development environment. The main functions are as follows: the difficulty of using complex codes by developers is reduced; reducing the data entry workload; optimizing the realization of the function code, and improving the development efficiency; flexibly expanding the functions of application programs and rapidly introducing new functions; the flexibility of the application is increased.
Graph algorism (Graph algorism): a simple algorithm for obtaining answers using a specially formulated line graph provides a most efficient way to analyze connection data, describing how the graph may be processed to find qualitative or quantitative conclusions. The graph algorithm is based on graph theory, and utilizes the relation between nodes to infer the structure and change of a complex system, so that we can use the algorithms to find hidden information, verify business assumptions and predict behaviors.
Clustering algorithm: that is, a statistical analysis method for researching (sample or index) classification problems, and Clustering (Clustering) is to divide a data set into different classes or clusters according to a specific standard (such as distance), so that the similarity of data objects in the same cluster is as large as possible, and meanwhile, the difference of data objects not in the same cluster is also as large as possible, that is, the data in the same class after Clustering are gathered together as much as possible, and the different classes of data are separated as much as possible. Cluster analysis consists of several patterns (patterns), typically a vector of metrics, or a point in multidimensional space. Cluster analysis is based on similarity, with more similarity between patterns in one cluster than between patterns not in the same cluster.
Tree model algorithm: based on the known data, the tree model algorithm has very strong nonlinear capability by heuristically selecting features to divide the feature space with the learning objective (reducing the error rate of each divided node) as a guide, and making a better decision result with each divided leaf node.
In this embodiment, because the current case-related means is endless, accurate identification is difficult to achieve by relying on the risk identification model algorithm alone, and the accuracy of risk identification can be greatly improved by combining one or more of a knowledge graph, a rule engine, a graph algorithm, a clustering algorithm and a tree model algorithm, so that risk and anomaly prediction of a grid region can be completed.
Based on the risk identification method, the disclosure further provides a risk identification device. The device will be described in detail below in connection with fig. 9.
Fig. 9 schematically shows a block diagram of a risk identification apparatus according to an embodiment of the present disclosure.
As shown in fig. 9, the risk identification apparatus 900 of this embodiment includes an acquisition module 910, a coding module 920, a first identification module 930, a division module 940, and a second identification module 950.
The acquiring module 910 is configured to acquire geographic location information corresponding to a target area. In an embodiment, the first obtaining module 910 may be configured to perform the operation S210 described above, which is not described herein.
The encoding module 920 is configured to encode the geographic location information, and convert the longitude and latitude of the geographic location information into corresponding grid codes, where each grid code has a unique corresponding grid region. In an embodiment, the second obtaining module 920 may be configured to perform the operation S220 described above, which is not described herein.
The first identification module 930 is configured to identify risk accounts existing in each grid area using a pre-trained risk identification model. In an embodiment, the extraction module 930 may be configured to perform the operation S230 described above, which is not described herein.
The dividing module 940 is configured to divide the risk level of each grid region to obtain a risk level corresponding to each grid region, where the risk level is used to quantify a risk index of the grid region. In an embodiment, the fusion module 940 may be configured to perform the operation S240 described above, which is not described herein.
The second identifying module 950 is configured to identify, in response to the risk index reaching the risk index threshold, a risk of the grid area reaching the risk index threshold. In an embodiment, the second identifying module 950 may be used to perform the operation S250 described above, which is not described herein.
According to an embodiment of the disclosure, the risk identification device 900 of the embodiment converts the geographic location information of the target area into grid codes by adopting a geographic location coding manner, and then identifies risk accounts in grid areas corresponding to each grid code by using a man-machine model, classifies risk grades according to the number of the risk accounts in each grid area, and formulates corresponding risk strategies according to different grades. Compared with the traditional longitude and latitude expression mode, the geographic position coding can enable data to be reduced and discretized, and high-efficiency retrieval is supported, so that the geographic position information is converted into grid coding, identification of a risk account is facilitated, the grid area is graded, risk indexes of the area can be estimated and quantized, and important risk identification prevention and control are conducted on the area corresponding to the high risk index, namely, the geographical position centralized case-related area, so that occurrence of centralized risk events can be effectively reduced.
According to an embodiment of the present disclosure, any of the acquisition module 910, the encoding module 920, the first identification module 930, the dividing module 940, and the second identification module 950 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the acquisition module 910, the encoding module 920, the first identification module 930, the partitioning module 940, and the second identification module 950 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging the circuitry, or in any one of or a suitable combination of any of the three implementations of software, hardware, and firmware. Alternatively, at least one of the acquisition module 910, the encoding module 920, the first identification module 930, the dividing module 940, and the second identification module 950 may be at least partially implemented as computer program modules, which when executed, may perform the respective functions.
Fig. 10 schematically illustrates a block diagram of an electronic device adapted to implement a risk identification method according to an embodiment of the disclosure.
As shown in fig. 10, the electronic device 110 according to the embodiment of the present disclosure includes a processor 111 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 112 or a program loaded from a storage section 118 into a Random Access Memory (RAM) 113. Processor 111 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 111 may also include on-board memory for caching purposes. Processor 111 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the disclosure.
In the RAM 113, various programs and data required for the operation of the electronic device 110 are stored. The processor 111, the ROM 112, and the RAM 113 are connected to each other through a bus 114. The processor 111 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 112 and/or the RAM 113. Note that the program may be stored in one or more memories other than the ROM 112 and the RAM 113. The processor 111 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in one or more memories.
According to embodiments of the present disclosure, the electronic device 110 may also include an input/output (I/O) interface 115, the input/output (I/O) interface 115 also being connected to the bus 114. The electronic device 110 may also include one or more of the following components connected to the I/O interface 115: an input section 116 including a keyboard, a mouse, and the like; an output portion 117 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker, and the like; a storage section 118 including a hard disk or the like; and a communication section 119 including a network interface card such as a LAN card, a modem, and the like. The communication section 119 performs communication processing via a network such as the internet. The drive 120 is also connected to the I/O interface 115 as needed. A removable medium 121 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 120 so that a computer program read out therefrom is installed as needed into the storage section 118.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 112 and/or RAM 113 described above and/or one or more memories other than ROM 112 and RAM 113.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to perform the methods provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 111. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of signals over a network medium, and downloaded and installed via the communication part 119, and/or from the removable medium 121. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 119, and/or installed from the removable medium 121. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 111. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (12)

1. A risk identification method, comprising:
obtaining geographic position information corresponding to a target area;
encoding the geographic position information, and converting longitude and latitude of the geographic position information into corresponding grid codes, wherein each grid code has a unique corresponding grid region;
Identifying risk accounts existing in each grid area by utilizing a pre-trained risk identification model;
according to the number of risk accounts present in each grid region, the following operations are performed using a pre-trained risk decision model:
carrying out risk grade division on each grid region to obtain a risk grade corresponding to each grid region, wherein the risk grade is used for quantifying the risk index of the grid region;
and in response to the risk index reaching a risk index threshold, performing risk identification on the grid area reaching the risk index threshold.
2. The risk identification method of claim 1, wherein the encoding the geographic location information, converting the latitude and longitude of the geographic location information into a corresponding grid code, comprises:
determining the longitude and latitude of the geographic position information;
dividing the latitude and longitude representation range into equal grid areas;
and converting the longitude and latitude of each grid region into a Geohash character string by using a Geohash algorithm to obtain a grid code corresponding to each grid region.
3. The risk identification method according to claim 2, wherein the converting the longitude and latitude of each grid area into a Geohash character string by using a Geohash algorithm, to obtain a grid code corresponding to each grid area, includes:
Filling the grid area by adopting a Z-shaped filling method;
and converting the longitude into even digits of the Geohash character string, and converting the latitude into odd digits of the Geohash character string.
4. The risk identification method of claim 1, wherein the acquiring geographic location information corresponding to the target area includes:
acquiring static geographic position information of a user in the target area, wherein the static geographic position information comprises geographic position information corresponding to a residence address, a property address and a work unit address of the user;
and acquiring the dynamic geographic position information of the user, wherein the dynamic geographic position information comprises geographic position information corresponding to login behavior, transaction behavior and credit card application behavior of the user.
5. The risk identification method of claim 1, wherein the method further comprises:
the following operations are performed according to the number of risk accounts existing in each grid area by using a pre-trained risk judgment model:
predicting a probability value of a risk account in the next time period of the target area according to the risk level corresponding to each grid area;
and according to the probability value, a corresponding risk prevention and control strategy is formulated.
6. The risk identification method of claim 5, wherein the formulating a corresponding risk prevention policy according to the probability value comprises:
acquiring position migration information of the risk account in response to the probability value reaching a probability value threshold, and determining a migration position of the risk account in the next time period according to the position migration information;
and deploying a risk prevention and control strategy in the grid area corresponding to the migration position, wherein the risk prevention and control strategy is configured with a time attenuation mechanism.
7. The risk identification method of claim 1, wherein the risk identification of the grid area reaching the risk index threshold in response to the risk index reaching the risk index threshold comprises:
acquiring the operation time, the operation place and the account IP of the risk account in response to the risk index reaching a risk index threshold;
and identifying risk personnel corresponding to the risk account according to the operation time, the operation place and the account IP.
8. The risk identification method according to any one of claims 1 to 7, wherein the risk identification model is configured with at least one of a knowledge graph, a rule engine, a graph algorithm, a clustering algorithm, and a tree model algorithm.
9. A risk identification device comprising:
the acquisition module is used for acquiring geographic position information corresponding to the target area;
the coding module is used for coding the geographic position information and converting the longitude and latitude of the geographic position information into corresponding grid codes, wherein each grid code is provided with a unique corresponding grid area;
the first identification module is used for identifying risk accounts existing in each grid area by utilizing a pre-trained risk identification model;
the division module is used for dividing the risk level of each grid area to obtain a risk level corresponding to each grid area, wherein the risk level is used for quantifying the risk index of the grid area;
and the second identification module is used for carrying out risk identification on the grid area reaching the risk index threshold value in response to the risk index reaching the risk index threshold value.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-8.
12. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 8.
CN202311778894.2A 2023-12-22 2023-12-22 Risk identification method, apparatus, device, medium, and program product Pending CN117764590A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311778894.2A CN117764590A (en) 2023-12-22 2023-12-22 Risk identification method, apparatus, device, medium, and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311778894.2A CN117764590A (en) 2023-12-22 2023-12-22 Risk identification method, apparatus, device, medium, and program product

Publications (1)

Publication Number Publication Date
CN117764590A true CN117764590A (en) 2024-03-26

Family

ID=90309999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311778894.2A Pending CN117764590A (en) 2023-12-22 2023-12-22 Risk identification method, apparatus, device, medium, and program product

Country Status (1)

Country Link
CN (1) CN117764590A (en)

Similar Documents

Publication Publication Date Title
Mai et al. On the opportunities and challenges of foundation models for geospatial artificial intelligence
CN110363449B (en) Risk identification method, device and system
US20200304550A1 (en) Generic Event Stream Processing for Machine Learning
AU2022204452B2 (en) Verification of electronic identity components
CN111783016B (en) Website classification method, device and equipment
Esquivel et al. Spatio-temporal prediction of Baltimore crime events using CLSTM neural networks
CN111309614A (en) A/B test method and device and electronic equipment
CN110135978B (en) User financial risk assessment method and device, electronic equipment and readable medium
Chen et al. Detecting climate change deniers on twitter using a deep neural network
CN110148053B (en) User credit line evaluation method and device, electronic equipment and readable medium
CN112118551A (en) Equipment risk identification method and related equipment
CN112231592A (en) Network community discovery method, device, equipment and storage medium based on graph
US20220171991A1 (en) Generating views for bias metrics and feature attribution captured in machine learning pipelines
US20220172004A1 (en) Monitoring bias metrics and feature attribution for trained machine learning models
US20220108504A1 (en) Systems and methods for generating flood hazard estimation using machine learning model and satellite data
CN115759748A (en) Risk detection model generation method and device and risk individual identification method and device
CN111126422B (en) Method, device, equipment and medium for establishing industry model and determining industry
US20220172101A1 (en) Capturing feature attribution in machine learning pipelines
CN117764590A (en) Risk identification method, apparatus, device, medium, and program product
CN111615178B (en) Method and device for identifying wireless network type and model training and electronic equipment
CN110781314B (en) Hierarchical display method and device of user relationship graph and electronic equipment
CN114638308A (en) Method and device for acquiring object relationship, electronic equipment and storage medium
WO2022115402A1 (en) Staged bias measurements in machine learning pipelines
CN113971406A (en) Network node semantic information mining method and device, storage medium and electronic equipment
Mohammadi et al. STFTiS: Introducing a spatio‐temporal FTiS model to investigate the level of citizens' satisfaction of 311 non‐emergency services

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination