CN117808571A - Risk prediction method and device for bank card transaction, computing equipment and storage medium - Google Patents
Risk prediction method and device for bank card transaction, computing equipment and storage medium Download PDFInfo
- Publication number
- CN117808571A CN117808571A CN202211163710.7A CN202211163710A CN117808571A CN 117808571 A CN117808571 A CN 117808571A CN 202211163710 A CN202211163710 A CN 202211163710A CN 117808571 A CN117808571 A CN 117808571A
- Authority
- CN
- China
- Prior art keywords
- bank card
- card account
- target
- sample
- bank
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 238000013058 risk prediction model Methods 0.000 claims abstract description 64
- 238000012549 training Methods 0.000 claims abstract description 52
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 25
- 238000012795 verification Methods 0.000 claims description 35
- 230000006399 behavior Effects 0.000 claims description 19
- 238000004891 communication Methods 0.000 claims description 16
- 238000000605 extraction Methods 0.000 claims description 8
- 230000000903 blocking effect Effects 0.000 abstract description 2
- 238000004364 calculation method Methods 0.000 abstract description 2
- 230000002159 abnormal effect Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a risk prediction method, a risk prediction device, a calculation device and a storage medium for bank card transactions. The method comprises the following steps: acquiring a DPI ticket, and identifying a target website identifier and a target bank card account corresponding to the bank card transaction to be generated from the DPI ticket; extracting target website characteristics matched with the target website identification; inputting the characteristics of the target bank card account and the target website into a risk prediction model; the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm; and acquiring risk prediction data to be subjected to bank card transaction, which are output by the risk prediction model. According to the scheme, whether the security risk exists in the bank card transaction to be generated or not is accurately predicted by integrating the website characteristics and the bank side characteristics, a prediction result can be obtained before the transaction occurs, blocking of risk transaction is facilitated, and the data security of an operator side and a bank side can be guaranteed.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a risk prediction method, a risk prediction device, a risk prediction computing device and a risk prediction storage medium for bank card transactions.
Background
With the continuous development of science and technology and society, online transactions have become a common transaction mode for people. The bank card transaction is widely applied to various online transaction scenes by the characteristics of wide application range, convenience, quickness and the like.
To ensure the property security of the user, the banking party typically provides corresponding bank card transaction risk identification measures. For example, in the prior art, after a user inputs a card number and performs a transaction, a bank side detects whether the transaction is safe through the characteristic of the transaction. However, in the prior art, risk identification is performed when or after the transaction occurs, so that the property safety of the user is greatly reduced; and the bank card transaction cannot be accurately protected only according to the information of the bank party.
Disclosure of Invention
The present invention has been made in view of the above problems, and provides a risk prediction method, apparatus, computing device, and storage medium for bank card transactions that overcomes or at least partially solves the above problems.
According to one aspect of the present invention, there is provided a risk prediction method for a bank card transaction, comprising:
acquiring a DPI ticket, and identifying a target website identifier corresponding to a to-be-generated bank card transaction and a target bank card account from the DPI ticket;
extracting target website characteristics matched with the target website identification;
inputting the target bank card account and the target website characteristics into a pre-trained risk prediction model; the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm;
and acquiring risk prediction data to be subjected to bank card transaction, which are output by the risk prediction model.
In an optional implementation manner, the identifying, from the DPI ticket, the target website identifier and the target bank card account corresponding to the bank card transaction to be generated further includes:
extracting a URL from the DPI ticket;
judging whether the URL contains a bank card account or not;
if yes, determining the target website identification based on the URL, and determining the bank card account contained in the URL as the target bank card account.
In an optional implementation manner, the determining whether the URL includes a bank card account further includes:
judging whether the URL contains fields with continuous N characters as numbers or not;
if so, extracting continuous N fields with the characters as numbers, checking the fields, and determining whether the URL contains a bank card account according to a checking result.
In an optional implementation manner, the verifying the field and determining whether the URL includes a bank card account according to a verification result further includes:
verifying the field by adopting a Luhn algorithm, and obtaining a verification result;
if the verification result is true, determining that the URL contains a bank card account; and if the verification result is false, determining that the URL does not contain the bank card account.
In an optional implementation manner, the verifying the field and determining whether the URL includes a bank card account according to a verification result further includes:
extracting the first M characters from the field;
matching the first M characters with an issuer identification code list;
if the first M characters are matched with any one of the issuer identification codes in the issuer identification code list, determining that the URL contains a bank card account; and if the first M characters are not matched with all the card issuing group identification codes in the card issuing group identification code list, determining that the URL does not contain a bank card account.
In an optional implementation manner, the risk prediction model is further obtained by training sample user attribute features and/or sample user network behavior features of a sample bank card account located at an operator side;
the method further comprises: extracting target user attribute characteristics and/or target user network behavior characteristics of the target bank card account from the DPI ticket;
the inputting the target bank card account and the target website features into a pre-trained risk prediction model further comprises: and inputting the target bank card account, the target website characteristic, the target user attribute characteristic and/or the target user network behavior characteristic into a pre-trained risk prediction model.
In an alternative embodiment, the method further comprises:
constructing an initial risk prediction model; the risk prediction model comprises a first sub-model of an operator side, a second sub-model of a bank side and an intermediate processor;
the operator end encrypts a first sample bank card account in the operator end and then sends the encrypted first sample bank card account to the intermediate processor, and the bank end encrypts a second sample bank card account in the bank end and then sends the encrypted second sample bank card account to the intermediate processor;
The intermediate processor identifies the same target sample bank card account from the first sample bank card account and the second sample bank card account, and sends the target sample bank card account to the operator end and the bank end;
the operator side trains the first sub-model by utilizing the sample website characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor;
the bank end trains the second sub-model by utilizing the sample bank side characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor;
the intermediate processor processes the received gradient information and/or loss information to obtain updated gradient information and/or total loss information, and feeds the updated gradient information and/or total loss information back to the operator end and the bank end;
the operator end updates the first sub-model based on the updated gradient information and/or the total loss information, and the bank end updates the second sub-model based on the updated gradient information and/or the total loss information.
According to another aspect of the present invention, there is provided a risk prediction apparatus for a bank card transaction, comprising:
The ticket acquisition module is used for acquiring the DPI ticket;
the identification module is used for identifying a target website identifier corresponding to the bank card transaction to be generated and a target bank card account from the DPI ticket;
the feature extraction module is used for extracting target website features matched with the target website identification;
the input module is used for inputting the target bank card account and the target website characteristics into a pre-trained risk prediction model; the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm;
and the result acquisition module is used for acquiring the risk prediction data which is output by the risk prediction model and is used for generating the bank card transaction.
In an alternative embodiment, the identification module is configured to: extracting a URL from the DPI ticket;
judging whether the URL contains a bank card account or not;
if yes, determining the target website identification based on the URL, and determining the bank card account contained in the URL as the target bank card account.
In an alternative embodiment, the identification module is configured to: judging whether the URL contains fields with continuous N characters as numbers or not;
If so, extracting continuous N fields with the characters as numbers, checking the fields, and determining whether the URL contains a bank card account according to a checking result.
In an alternative embodiment, the identification module is configured to: verifying the field by adopting a Luhn algorithm, and obtaining a verification result;
if the verification result is true, determining that the URL contains a bank card account; and if the verification result is false, determining that the URL does not contain the bank card account.
In an alternative embodiment, the identification module is configured to: extracting the first M characters from the field;
matching the first M characters with an issuer identification code list;
if the first M characters are matched with any one of the issuer identification codes in the issuer identification code list, determining that the URL contains a bank card account; and if the first M characters are not matched with all the card issuing group identification codes in the card issuing group identification code list, determining that the URL does not contain a bank card account.
In an optional implementation manner, the risk prediction model is further obtained by training sample user attribute features and/or sample user network behavior features of a sample bank card account located at an operator side;
The feature extraction module is used for: extracting target user attribute characteristics and/or target user network behavior characteristics of the target bank card account from the DPI ticket;
the input module is used for: and inputting the target bank card account, the target website characteristic, the target user attribute characteristic and/or the target user network behavior characteristic into a pre-trained risk prediction model.
In an alternative embodiment, the apparatus further comprises: the model training module is used for constructing an initial risk prediction model; the risk prediction model comprises a first sub-model of an operator side, a second sub-model of a bank side and an intermediate processor;
the operator end encrypts a first sample bank card account in the operator end and then sends the encrypted first sample bank card account to the intermediate processor, and the bank end encrypts a second sample bank card account in the bank end and then sends the encrypted second sample bank card account to the intermediate processor;
the intermediate processor identifies the same target sample bank card account from the first sample bank card account and the second sample bank card account, and sends the target sample bank card account to the operator end and the bank end;
the operator side trains the first sub-model by utilizing the sample website characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor;
The bank end trains the second sub-model by utilizing the sample bank side characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor;
the intermediate processor processes the received gradient information and/or loss information to obtain updated gradient information and/or total loss information, and feeds the updated gradient information and/or total loss information back to the operator end and the bank end;
the operator end updates the first sub-model based on the updated gradient information and/or the total loss information, and the bank end updates the second sub-model based on the updated gradient information and/or the total loss information.
According to yet another aspect of the present invention, there is provided a computing device comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the risk prediction method of the bank card transaction.
According to still another aspect of the present invention, there is provided a computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the risk prediction method for a bank card transaction described above.
The invention discloses a risk prediction method, a risk prediction device, a calculation device and a storage medium for bank card transactions, wherein the risk prediction device comprises: acquiring a DPI ticket, and identifying a target website identifier and a target bank card account corresponding to the bank card transaction to be generated from the DPI ticket; extracting target website characteristics matched with the target website identification; inputting the characteristics of the target bank card account and the target website into a risk prediction model; the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm; and acquiring risk prediction data to be subjected to bank card transaction, which are output by the risk prediction model. According to the scheme, whether the security risk exists in the bank card transaction to be generated or not is accurately predicted by integrating the website characteristics and the bank side characteristics, a prediction result can be obtained before the transaction occurs, blocking of risk transaction is facilitated, and the data security of an operator side and a bank side can be guaranteed.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 is a schematic flow chart of a risk prediction method for a bank card transaction according to an embodiment of the present invention;
fig. 2 is a flow chart of a target bank card account identification method applied to risk prediction of a bank card transaction according to a second embodiment of the present invention;
fig. 3 is a flowchart of a training method of a risk prediction model applied to risk prediction of a bank card transaction according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a risk prediction device for bank card transactions according to a fourth embodiment of the present invention;
fig. 5 shows a schematic structural diagram of a computing device according to a sixth embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 is a flow chart of a risk prediction method for a bank card transaction according to an embodiment of the present invention. The flowcharts in the present embodiment are not intended to limit the order in which the steps are performed. Some of the steps in the flow chart may be added or subtracted as desired. Specifically, the execution body of the embodiment may be an operator terminal device.
As shown in fig. 1, the method specifically includes the following steps:
step S110, a DPI ticket is obtained, and a target website identifier and a target bank card account corresponding to the bank card transaction to be generated are identified from the DPI ticket.
This step is performed after the user enters the bank card account and before the bank card transaction has not been performed, so that it is possible to predict whether or not a security risk exists for the upcoming bank card transaction before the bank card transaction occurs. Wherein, the upcoming bank card transaction is the bank card transaction to be generated according to the invention.
In the implementation process, the operator terminal device may obtain the DPI (Deep Packet Inspection) ticket of the user. The DPI ticket is generated when the DPI technology is utilized to collect traffic information and detect the depth of the internet data packet. And the related information of the website accessed by the user can be obtained through analyzing the DPI ticket. Relevant information for the accessed website includes, but is not limited to: URL, access time, etc.
After the DPI ticket is obtained, the identification information of the website of the bank card account which is currently input by the user can be determined through analyzing the DPI ticket, the identification information is the target website identification corresponding to the bank card transaction to be generated, and the target website identification can be information of the website address and the like which can uniquely identify the website. The website where the user wants to conduct the bank card transaction is the target website, and the bank card account which the user wants to conduct the bank card transaction uses is the target bank card account, and the bank card account is specifically the bank card number.
Step S120, extracting target website characteristics matched with the target website identification.
After the target website identification is obtained, extracting website characteristics of the corresponding website based on the target website identification, wherein the website characteristics are target website characteristics.
In an alternative embodiment, the targeted website features include, but are not limited to: website attribution feature, website duration feature, user access feature, keyword feature, and ICP record feature.
Further optionally, in order to simplify a subsequent processing procedure and improve risk prediction efficiency, in the embodiment of the present invention, target website data matched with a target website identifier is obtained first when a website feature is generated, and then various target website data are matched with preset suspected risk website data, and the target website feature is generated according to a matching result.
Specifically, the target website data comprise website attributions, and the preset suspected risk website data comprise overseas addresses, and the website attributions are matched with the overseas addresses; if the website attribution is matched, determining that the website attribution is overseas, and determining that the website attribution has suspected risk, wherein the characteristic of the website attribution can be 1; otherwise, the website attribution feature may be 0.
The target website data comprise website duration, and the preset suspected risk website data comprise risk website duration conditions, and the website duration is matched with the risk website duration conditions; if the website duration meets the risk website duration condition, the website duration feature may be 1; otherwise, the website attribution feature may be 0. The duration condition of the risk website may be less than a preset duration.
The target website data comprise user access volume data, the preset suspected risk website data comprise abnormal user access volume conditions, and if the user access volume data meet the abnormal user access volume conditions, the user access volume characteristics can be 1; otherwise, the user access feature may be 0. The abnormal user access amount condition may be obtained according to user access amount data that is marked as an abnormal access website according to history, for example, the abnormal user access amount condition may be: the total user access amount in the preset time period is greater than a first preset threshold, and/or the peak user access amount in the preset time period is greater than a second preset threshold, and/or the average user access amount in the preset time period is greater than a third preset threshold, and so on.
The target website data comprise keywords, the keywords are specifically HTML text information of websites, the preset suspected risk website data comprise risk keyword libraries, and the risk keyword libraries contain at least one risk keyword. Matching the keywords with a risk keyword library, wherein if the keywords are matched with any risk keyword in the risk keyword library, the keyword characteristics can be 1; otherwise, the keyword feature may be 0. The risk keyword library can be constructed manually, and texts in a large number of risk websites can be analyzed based on a machine learning algorithm to extract corresponding risk keywords.
The target website data comprise ICP record information, the preset suspected risk website data comprise risk ICP record conditions, the ICP record information is matched with the risk ICP record conditions, and if the ICP record information meets the risk ICP record conditions, ICP record characteristics can be 1; otherwise, the ICP docket feature may be 0. Wherein, risk ICP recording conditions may be: no ICP docks, and/or business scope does not match keywords in the website.
Step S130, inputting the target bank card account and the target website characteristics into a pre-trained risk prediction model; the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm.
The risk prediction model is generated based on a machine learning algorithm in advance, is obtained through training in advance, and can be used for risk prediction of online bank card transactions. The risk prediction model is trained by adopting a federal learning algorithm, and data adopted in the training process comprises sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end. The bank card account used for training the risk prediction model is a sample bank card account, and the website characteristics of the online transaction website of the sample bank card account are sample website characteristics of the sample bank card account in the training process; the characteristic of the bank end related to the sample bank card account in the training process is the sample bank side characteristic of the sample bank card account. Among other things, bank-side characteristics include, but are not limited to: historical transaction characteristics, account types, account ratings, and the like.
The risk prediction model is trained through the federal learning algorithm, and can fully combine website characteristics of an operator end and bank side characteristics of a bank end to perform risk prediction on the bank card transaction, so that the risk prediction accuracy of the bank card transaction is improved. In addition, the risk prediction model does not directly interact data in the operator side and data in the bank side in the training process, so that the safety of the data of each side is guaranteed.
In an alternative implementation manner, in order to further improve the risk prediction accuracy of the bank card transaction, the risk prediction model in this embodiment is further obtained by training the sample user attribute feature and/or the sample user network behavior feature of the sample bank card account located at the operator side, in addition to the sample website feature of the sample bank card account located at the operator side and the sample bank side feature of the sample bank card account located at the bank side. The embodiment may further extract the target user attribute feature and/or the target user network behavior feature of the target bank card account from the DPI ticket, and input the target bank card account, the target website feature, the target user attribute feature and/or the target user network behavior feature into a pre-trained risk prediction model. Among the user attribute features include, but are not limited to: user identity characteristics, usual ground characteristics, etc.; user network behavior characteristics include, but are not limited to: application characteristics of browsing, browsing time, etc.
Step S140, acquiring risk prediction data to be subjected to bank card transaction, which are output by the risk prediction model.
The risk prediction data to be subjected to the bank card transaction output by the risk prediction model can identify whether the bank card transaction to be subjected to the bank card transaction has a safety risk or not.
In an optional implementation manner, when determining that the bank card transaction to be generated has risk according to the risk prediction data, the bank card transaction to be generated can be prevented from being performed in a corresponding manner; when the fact that the bank card transaction to be generated does not have risk is determined according to the risk prediction data, the bank card transaction to be generated can be normally conducted.
Therefore, the embodiment of the invention identifies the target website identifier and the target bank card account corresponding to the bank card transaction to be generated from the DPI ticket, and obtains the risk prediction data of the bank card transaction to be generated according to the target website characteristic of the target website identifier, the target bank card account and the risk prediction model, so that whether the security risk exists in the bank card transaction to be generated can be accurately predicted by integrating the website characteristic and the bank side characteristic, the prediction result can be obtained before the transaction is generated, and the risk transaction can be conveniently blocked; in addition, the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm, so that on one hand, the prediction accuracy of the risk prediction model is improved, and on the other hand, the data security of the operator end and the bank end is ensured.
Fig. 2 is a flow chart of a target bank card account identification method applied to risk prediction of a bank card transaction according to a second embodiment of the present invention. The flowcharts in the present embodiment are not intended to limit the order in which the steps are performed. Some of the steps in the flow chart may be added or subtracted as desired. Specifically, the execution body of the embodiment may be an operator terminal device.
As shown in fig. 2, the method specifically includes the following steps:
step S210, obtaining the DPI ticket and extracting the URL from the DPI ticket.
Through DPI bill analysis, corresponding website information can be extracted, and particularly URL is extracted from the DPI bill. And after the URL is extracted, judging whether the URL contains a bank card account or not through a subsequent step.
Step S220, judging whether the URL contains fields with continuous N characters as numbers or not; if yes, go to step S230; if not, step S250 is performed.
The number of digits contained in each normal bank card account is counted in advance, and then the value of N is determined according to the counted number of digits.
In an alternative embodiment, whether preset characters exist in the URL or not is judged, and the preset characters comprise fields with continuous N characters as numbers; if yes, go to step S230; if not, step S250 is performed. Specifically, through field analysis of a historical URL containing a bank card account, a preset character is usually contained in front of the bank card account, so that whether the URL contains the bank card account can be accurately determined by adopting the method.
Step S230, extracting continuous N fields with numbers as characters, and checking the fields; if the verification is passed, executing step S240; if the verification is not passed, step S250 is performed.
After extracting the fields with continuous N characters as numbers, further checking the fields to improve the recognition accuracy of the bank card account.
In an alternative embodiment, the Luhn algorithm is used to verify the field and obtain a verification result; if the verification result is true, the verification is passed; if the verification result is false, the verification is failed. Specifically, each digit of the field is traversed according to the traversing sequence from the tail part to the head part of the field, one digit is updated in each traversing, and finally a verification result is determined based on the SUM value and a module of 10. The specific implementation process is as follows:
if the current traversal is odd, SUM _i =SUM _i-1 +P _i The method comprises the steps of carrying out a first treatment on the surface of the Wherein SUM _i To traverse SUM value, P obtained after the ith digit _i SUM for the value of the i-th digit of the current traversal _0 =0。
If the current traversal is even, determine 2*P _i Whether greater than 9, if so, SUM _i =SUM _i-1 +2*P _i -9; if not, SUM _i =SUM _i-1 +2*P _i 。
Obtaining SUM after traversal is completed _N N is the number of digits contained in the field, i.e., the total number of bits traversed. Then calculate SUM _N And a modulus of 10, if the modulus is 0, represents SUM _N Being divisible by 10, the verification result is true; otherwise, represent SUM _N And cannot be divided by 10, the verification result is false.
In another alternative embodiment, the first M characters are extracted from the field and matched with the list of issuer identification codes; if the first M characters are matched with any card issuing row identification code in the card issuing row identification code list, determining that the URL contains a bank card account, and checking to pass; if the first M characters are not matched with all the card issuing group identification codes in the card issuing group identification code list, the URL is determined to not contain a bank card account, and the verification is not passed. Specifically, the first M characters of the bank card account are usually issuer identification codes (Bank Identification Number, abbreviated as BIN codes), the first M characters of the field are matched with the issuer identification codes of each bank, and if none of the first M characters of the field are matched with the issuer identification codes of each bank, the verification is failed.
In yet another alternative embodiment, the two approaches may be combined. For example, the Luhn algorithm may be adopted to verify the field, if the verification result is true, the verification is further performed through the issuer identification code, and if the issuer identification code passes the verification, the step S240 is executed; or, the verification may be performed by the issuer identification code, if the verification is performed by the Luhn algorithm, and if the verification result is true, step S240 is performed.
Step S240, determining that the URL contains a bank card account, determining a target website identifier based on the URL, and determining the bank card account contained in the URL as the target bank card account.
If the URL contains a field with continuous N characters being numbers and the field passes verification, determining that the URL contains a bank card account, that is, the field is a bank card account, then taking the bank card account as a target bank card account, and taking the URL as a target website identifier.
Step S250, determining that the URL does not include a bank card account.
If the URL does not contain the continuous N fields with the characters being numbers, determining that the URL does not contain the bank card account; or if the URL contains a field with continuous N characters as numbers, but the field is not verified, determining that the URL does not contain the bank card account.
Therefore, the embodiment of the invention firstly judges whether the URL contains the continuous N fields with the characters as numbers, and if so, the field is further checked through the Luhn algorithm and/or the issuer identification code, so that the target bank card account can be accurately identified from the URL.
Example III
Fig. 3 is a flowchart of a training method of a risk prediction model applied to risk prediction of a bank card transaction according to a third embodiment of the present invention; the flowcharts in the present embodiment are not intended to limit the order in which the steps are performed. Some of the steps in the flow chart may be added or subtracted as desired.
As shown in fig. 3, the method specifically includes the following steps:
step S310, constructing an initial risk prediction model; the risk prediction model comprises a first sub-model at an operator side, a second sub-model at a bank side and an intermediate processor.
The risk prediction model includes a first sub-model, a second sub-model, and an intermediate processor. The first sub-model is located at the operator end, and the second sub-model is located at the bank end. The embodiment of the invention is not limited to a specific model structure, for example, the first sub-model and the second sub-model may be a neural network model including a plurality of convolution layers, and the like.
Step S320, the operator terminal encrypts the first sample bank card account in the operator terminal and sends the encrypted first sample bank card account to the intermediate processor, and the bank terminal encrypts the second sample bank card account in the bank terminal and sends the encrypted second sample bank card account to the intermediate processor.
In the embodiment of the invention, the operator end and the bank end sample bank card account overlap more, and the corresponding feature overlap is less, so that the embodiment of the invention adopts a longitudinal federal algorithm for training.
Sample alignment of the operator side and the bank side is performed by this step in advance before training. Specifically, a bank card account for model training acquired by an operator terminal is a first sample bank card account, and a bank card account for model training acquired by a bank terminal is a second sample bank card account. The method for acquiring the bank card account of the first sample by the operator side may refer to the method for acquiring the bank card account from the DPI ticket in other method embodiments, which is not described herein in detail; the bank end can extract a second sample bank card account according to the database.
The operator end and the bank end encrypt respective sample bank card accounts and send the encrypted sample bank card accounts to the intermediate processor, so that the operator end and the bank end cannot directly communicate, and the safety of unique data of both parties is ensured. The embodiment of the invention does not limit a specific encryption algorithm, for example, the intermediate processor can respectively send public keys to the operator terminal and the bank terminal, and the operator terminal and the bank terminal use the public keys to carry out encryption processing.
In step S330, the intermediate processor identifies the same target sample bank card account from the first sample bank card account and the second sample bank card account, and sends the target sample bank card account to the operator end and the bank end.
The intermediate processor can decrypt the received sample bank card account data by using the private key, and compare the data of the first sample bank card account with the data of the second sample bank card account after decryption so as to identify a sample bank card account shared by the operator end and the bank end from the data of the first sample bank card account and the data of the second sample bank card account, wherein the sample bank card account is the target sample bank card account. The target sample bank card account is a first sample bank card account and a second sample bank card account. And then the intermediate processor sends the target sample bank card account to the operator end and the bank end, so that the operator end and the bank end cannot know the data of which the other side is not overlapped, and the safety of the data of the two sides is ensured.
Step S340, the operator end trains the first sub-model by utilizing the sample website characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor.
The training sample of the first sub-model includes sample website features of the target sample bank card account, wherein the sample website features include, but are not limited to: website attribution feature, website duration feature, user access feature, keyword feature, and ICP record feature. The extraction manner of the sample website features may refer to the extraction manner of the target website features in the first embodiment, which is not described in detail in the embodiments of the present invention.
In an alternative embodiment, the training sample of the first sub-model may further comprise sample user attribute features and/or sample user network behavior features of the target sample bank card account. The specific content of the sample user attribute feature and/or the sample user network behavior feature may refer to the description of the user attribute feature and/or the sample user network behavior feature in the first embodiment, which is not described in detail in the embodiments of the present invention.
The operator side encrypts the training intermediate results, such as gradient information and/or loss information, and sends the training intermediate results to the intermediate processor.
Step S350, the bank end trains the second sub-model by utilizing the sample bank side characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor.
Wherein, the bank side characteristic includes: transaction information (such as transaction amount, transaction time, transaction place, etc.) recorded at the bank end, user portrait data at the bank end, and the like. The operator side encrypts the training intermediate results, such as gradient information and/or loss information, and sends the training intermediate results to the intermediate processor.
In step S360, the intermediate processor processes the received gradient information and/or loss information to obtain updated gradient information and/or total loss information, and feeds back the updated gradient information and/or total loss information to the operator side and the bank side.
The intermediate processor updates the gradient according to the received gradient information, and feeds the updated gradient information back to the operator end and the bank end for the next training. And/or the intermediate processor processes the received loss information to obtain total loss information, judges whether the total loss information meets a loss convergence condition or whether the total loss information currently reaches an iteration number threshold, if so, ends training, and if not, feeds back the total loss information to an operator side and a bank side so as to facilitate the next training.
In step S370, the operator terminal updates the first sub-model based on the updated gradient information and/or the total loss information, and the bank terminal updates the second sub-model based on the updated gradient information and/or the total loss information.
The training of the risk prediction model can be realized through continuous iteration of the steps S340-S370, and the training is finished when the preset iteration times or the total loss value meet the preset conditions, so that the trained risk prediction model is obtained.
Therefore, the embodiment of the invention constructs the risk prediction model comprising the first sub-model of the operator end, the second sub-model of the bank end and the intermediate processor, carries out longitudinal federal training on the first sub-model and the second sub-model of the bank end, carries out encryption transmission on intermediate data in the training process and processes the intermediate data by the intermediate processor, thereby ensuring the safety of the data of the operator end and the bank end.
Example IV
Fig. 4 is a schematic structural diagram of a risk prediction device for bank card transactions according to a fourth embodiment of the present invention. The device may be located at the operator end. As shown in fig. 4, the apparatus 400 includes: ticket acquisition module 410, identification module 420, feature extraction module 430, input module 440, and result acquisition module 450.
A ticket acquiring module 410, configured to acquire a DPI ticket;
the identifying module 420 is configured to identify, from the DPI ticket, a target website identifier and a target bank card account corresponding to a bank card transaction to be generated;
a feature extraction module 430, configured to extract a target website feature that matches the target website identifier;
the input module 440 is configured to input the target bank card account and the target website feature into a pre-trained risk prediction model; the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm;
and the result obtaining module 450 is used for obtaining the risk prediction data to be subjected to the bank card transaction, which is output by the risk prediction model.
In an alternative embodiment, the identification module is configured to: extracting a URL from the DPI ticket;
judging whether the URL contains a bank card account or not;
if yes, determining the target website identification based on the URL, and determining the bank card account contained in the URL as the target bank card account.
In an alternative embodiment, the identification module is configured to: judging whether the URL contains fields with continuous N characters as numbers or not;
If so, extracting continuous N fields with the characters as numbers, checking the fields, and determining whether the URL contains a bank card account according to a checking result.
In an alternative embodiment, the identification module is configured to: verifying the field by adopting a Luhn algorithm, and obtaining a verification result;
if the verification result is true, determining that the URL contains a bank card account; and if the verification result is false, determining that the URL does not contain the bank card account.
In an alternative embodiment, the identification module is configured to: extracting the first M characters from the field;
matching the first M characters with an issuer identification code list;
if the first M characters are matched with any one of the issuer identification codes in the issuer identification code list, determining that the URL contains a bank card account; and if the first M characters are not matched with all the card issuing group identification codes in the card issuing group identification code list, determining that the URL does not contain a bank card account.
In an optional implementation manner, the risk prediction model is further obtained by training sample user attribute features and/or sample user network behavior features of a sample bank card account located at an operator side;
The feature extraction module is used for: extracting target user attribute characteristics and/or target user network behavior characteristics of the target bank card account from the DPI ticket;
the input module is used for: and inputting the target bank card account, the target website characteristic, the target user attribute characteristic and/or the target user network behavior characteristic into a pre-trained risk prediction model.
In an alternative embodiment, the apparatus further comprises: the model training module is used for constructing an initial risk prediction model; the risk prediction model comprises a first sub-model of an operator side, a second sub-model of a bank side and an intermediate processor;
the operator end encrypts a first sample bank card account in the operator end and then sends the encrypted first sample bank card account to the intermediate processor, and the bank end encrypts a second sample bank card account in the bank end and then sends the encrypted second sample bank card account to the intermediate processor;
the intermediate processor identifies the same target sample bank card account from the first sample bank card account and the second sample bank card account, and sends the target sample bank card account to the operator end and the bank end;
the operator side trains the first sub-model by utilizing the sample website characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor;
The bank end trains the second sub-model by utilizing the sample bank side characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor;
the intermediate processor processes the received gradient information and/or loss information to obtain updated gradient information and/or total loss information, and feeds the updated gradient information and/or total loss information back to the operator end and the bank end;
the operator end updates the first sub-model based on the updated gradient information and/or the total loss information, and the bank end updates the second sub-model based on the updated gradient information and/or the total loss information.
Therefore, the embodiment of the invention identifies the target website identifier and the target bank card account corresponding to the bank card transaction to be generated from the DPI ticket, and obtains the risk prediction data of the bank card transaction to be generated according to the target website characteristic of the target website identifier, the target bank card account and the risk prediction model, so that whether the security risk exists in the bank card transaction to be generated can be accurately predicted by integrating the website characteristic and the bank side characteristic, the prediction result can be obtained before the transaction is generated, and the risk transaction can be conveniently blocked; in addition, the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm, so that on one hand, the prediction accuracy of the risk prediction model is improved, and on the other hand, the data security of the operator end and the bank end is ensured.
Example five
A fifth embodiment of the present invention provides a non-volatile computer storage medium, where at least one executable instruction is stored, where the computer executable instruction may perform the risk prediction method for a bank card transaction in any of the foregoing method embodiments.
Example six
Fig. 5 shows a schematic structural diagram of a computing device according to a sixth embodiment of the present invention. The specific embodiments of the present invention are not limited to a particular implementation of a computing device.
As shown in fig. 5, the computing device may include: a processor 502, a communication interface (Communications Interface) 504, a memory 506, and a communication bus 508.
Wherein: processor 502, communication interface 504, and memory 506 communicate with each other via communication bus 508. A communication interface 504 for communicating with network elements of other devices, such as clients or other servers. The processor 502 is configured to execute the program 510, and may specifically perform the relevant steps in the embodiment of the risk prediction method for a bank card transaction.
In particular, program 510 may include program code including computer-operating instructions.
The processor 502 may be a central processing unit CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included by the computing device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
A memory 506 for storing a program 510. Memory 506 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory. Program 510 may be specifically configured to cause processor 502 to perform the steps in the risk prediction method for a bank card transaction described above.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components according to embodiments of the present invention may be implemented in practice using a microprocessor or Digital Signal Processor (DSP). The present invention can also be implemented as an apparatus or device program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present invention may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.
Claims (10)
1. A risk prediction method for a bank card transaction, comprising:
acquiring a DPI ticket, and identifying a target website identifier corresponding to a to-be-generated bank card transaction and a target bank card account from the DPI ticket;
Extracting target website characteristics matched with the target website identification;
inputting the target bank card account and the target website characteristics into a pre-trained risk prediction model; the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm;
and acquiring risk prediction data to be subjected to bank card transaction, which are output by the risk prediction model.
2. The method of claim 1, wherein identifying, from the DPI ticket, a target website identifier and a target bank card account corresponding to a bank card transaction to be performed further comprises:
extracting a URL from the DPI ticket;
judging whether the URL contains a bank card account or not;
if yes, determining the target website identification based on the URL, and determining the bank card account contained in the URL as the target bank card account.
3. The method of claim 2, wherein the determining whether the URL includes a bank card account further comprises:
judging whether the URL contains fields with continuous N characters as numbers or not;
If so, extracting continuous N fields with the characters as numbers, checking the fields, and determining whether the URL contains a bank card account according to a checking result.
4. The method of claim 3, wherein verifying the field and determining whether the URL includes a bank card account based on the verification result further comprises:
verifying the field by adopting a Luhn algorithm, and obtaining a verification result;
if the verification result is true, determining that the URL contains a bank card account; and if the verification result is false, determining that the URL does not contain the bank card account.
5. The method according to claim 3 or 4, wherein verifying the field and determining whether the URL includes a bank card account according to a result of the verification further comprises:
extracting the first M characters from the field;
matching the first M characters with an issuer identification code list;
if the first M characters are matched with any one of the issuer identification codes in the issuer identification code list, determining that the URL contains a bank card account; and if the first M characters are not matched with all the card issuing group identification codes in the card issuing group identification code list, determining that the URL does not contain a bank card account.
6. The method according to any of claims 1-4, wherein the risk prediction model is further obtained by training of sample user attribute features and/or sample user network behavior features of a sample bank card account located at the operator side;
the method further comprises: extracting target user attribute characteristics and/or target user network behavior characteristics of the target bank card account from the DPI ticket;
the inputting the target bank card account and the target website features into a pre-trained risk prediction model further comprises: and inputting the target bank card account, the target website characteristic, the target user attribute characteristic and/or the target user network behavior characteristic into a pre-trained risk prediction model.
7. The method according to any one of claims 1-4, further comprising:
constructing an initial risk prediction model; the risk prediction model comprises a first sub-model of an operator side, a second sub-model of a bank side and an intermediate processor;
the operator end encrypts a first sample bank card account in the operator end and then sends the encrypted first sample bank card account to the intermediate processor, and the bank end encrypts a second sample bank card account in the bank end and then sends the encrypted second sample bank card account to the intermediate processor;
The intermediate processor identifies the same target sample bank card account from the first sample bank card account and the second sample bank card account, and sends the target sample bank card account to the operator end and the bank end;
the operator side trains the first sub-model by utilizing the sample website characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor;
the bank end trains the second sub-model by utilizing the sample bank side characteristics of the target sample bank card account, encrypts gradient information and/or loss information in the training process and sends the encrypted gradient information and/or loss information to the intermediate processor;
the intermediate processor processes the received gradient information and/or loss information to obtain updated gradient information and/or total loss information, and feeds the updated gradient information and/or total loss information back to the operator end and the bank end;
the operator end updates the first sub-model based on the updated gradient information and/or the total loss information, and the bank end updates the second sub-model based on the updated gradient information and/or the total loss information.
8. A risk prediction apparatus for a bank card transaction, comprising:
The ticket acquisition module is used for acquiring the DPI ticket;
the identification module is used for identifying a target website identifier corresponding to the bank card transaction to be generated and a target bank card account from the DPI ticket;
the feature extraction module is used for extracting target website features matched with the target website identification;
the input module is used for inputting the target bank card account and the target website characteristics into a pre-trained risk prediction model; the risk prediction model is obtained by training sample website characteristics of a sample bank card account at an operator end and sample bank side characteristics of the sample bank card account at a bank end through a federal learning algorithm;
and the result acquisition module is used for acquiring the risk prediction data which is output by the risk prediction model and is used for generating the bank card transaction.
9. A computing device, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to perform operations corresponding to the risk prediction method for a bank card transaction according to any one of claims 1-7.
10. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the method for risk prediction of a bank card transaction according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211163710.7A CN117808571A (en) | 2022-09-23 | 2022-09-23 | Risk prediction method and device for bank card transaction, computing equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211163710.7A CN117808571A (en) | 2022-09-23 | 2022-09-23 | Risk prediction method and device for bank card transaction, computing equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117808571A true CN117808571A (en) | 2024-04-02 |
Family
ID=90420570
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211163710.7A Pending CN117808571A (en) | 2022-09-23 | 2022-09-23 | Risk prediction method and device for bank card transaction, computing equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117808571A (en) |
-
2022
- 2022-09-23 CN CN202211163710.7A patent/CN117808571A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2635275C1 (en) | System and method of identifying user's suspicious activity in user's interaction with various banking services | |
| JP4886371B2 (en) | Biometric authentication method and system | |
| WO2020253467A1 (en) | Blockchain system-based data processing method, system and device | |
| CN110489415B (en) | Data updating method and related equipment | |
| CN108847931B (en) | Block chain key generation method and device based on biological identification result | |
| CN113268768B (en) | Desensitization method, device, equipment and medium for sensitive data | |
| CN107451819A (en) | A kind of auth method and device based on user's operation behavior feature | |
| CN111444232A (en) | Method for mining digital currency exchange address and storage medium | |
| CN108133373A (en) | Seek the method and device for the adventure account for relating to machine behavior | |
| CN111124421B (en) | Abnormal contract data detection method and device for blockchain intelligent contract | |
| Barua et al. | Swindle: Predicting the probability of loan defaults using catboost algorithm | |
| CN107846393B (en) | Real person authentication method and device | |
| CN105335630B (en) | Personal identification method and identity recognition device | |
| CN116361840B (en) | Bank self-service equipment data security management system | |
| CN116319089B (en) | Dynamic weak password detection method, device, computer equipment and medium | |
| KR20220101952A (en) | Apparatus and method for detecting illegal transactions of bitcoin | |
| CN111784342A (en) | Centralized payment dynamic monitoring management system based on big data | |
| CN117808571A (en) | Risk prediction method and device for bank card transaction, computing equipment and storage medium | |
| Bisogni et al. | Multibiometric score-level fusion through optimization and training | |
| Arp et al. | Privacy-Enhanced Fraud Detection with Bloom Filters | |
| CN113191766B (en) | Method, device and equipment for verifying payment behavior safety based on cloud computing | |
| US11706253B2 (en) | Semi-automatic rule generator | |
| CN114792007A (en) | Code detection method, device, equipment, storage medium and computer program product | |
| CN111383027A (en) | Account case-involved detection method, device, equipment and storage medium | |
| JP2007323116A (en) | Card-less settlement terminal equipment, card-less settlement host, and card-less settlement system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |