CN118245827A - Financial transaction abnormal data control method and system based on Internet of things - Google Patents
Financial transaction abnormal data control method and system based on Internet of things Download PDFInfo
- Publication number
- CN118245827A CN118245827A CN202410676718.6A CN202410676718A CN118245827A CN 118245827 A CN118245827 A CN 118245827A CN 202410676718 A CN202410676718 A CN 202410676718A CN 118245827 A CN118245827 A CN 118245827A
- Authority
- CN
- China
- Prior art keywords
- financial transaction
- behavior
- target user
- data
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 108
- 238000000034 method Methods 0.000 title claims abstract description 88
- 230000006399 behavior Effects 0.000 claims abstract description 349
- 239000013598 vector Substances 0.000 claims abstract description 128
- 230000008569 process Effects 0.000 claims abstract description 43
- 238000001514 detection method Methods 0.000 claims abstract description 38
- 238000004138 cluster model Methods 0.000 claims abstract description 28
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 18
- 238000007621 cluster analysis Methods 0.000 claims abstract description 17
- 238000012545 processing Methods 0.000 claims description 28
- 238000012986 modification Methods 0.000 claims description 21
- 230000004048 modification Effects 0.000 claims description 21
- 230000005856 abnormality Effects 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 6
- 230000000903 blocking effect Effects 0.000 claims description 5
- 230000006855 networking Effects 0.000 claims 1
- 230000005540 biological transmission Effects 0.000 abstract description 15
- 238000010276 construction Methods 0.000 abstract description 5
- 238000004590 computer program Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 13
- 238000004364 calculation method Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000003542 behavioural effect Effects 0.000 description 3
- 230000008713 feedback mechanism Effects 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000013135 deep learning Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000007781 pre-processing Methods 0.000 description 2
- 241000287196 Asthenes Species 0.000 description 1
- 241000282326 Felis catus Species 0.000 description 1
- 230000004931 aggregating effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Economics (AREA)
- Computer Security & Cryptography (AREA)
- Development Economics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Technology Law (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to the technical field of the Internet of things, and provides a financial transaction abnormal data control method and system based on the Internet of things, wherein the method comprises the following steps: acquiring financial transaction behavior data of a local user in a preset historical time period, converting the financial transaction behavior data into behavior vectors, carrying out cluster analysis on the behavior vectors to construct a local cluster model, and sending private model parameters of the cluster model to an Internet of things federation server; updating a local clustering model according to the global model parameters to detect whether the financial transaction behavior of the local user is abnormal; and if detecting that the financial transaction behavior of the target user is abnormal, carrying out alarm treatment on the target user. According to the invention, the model for detecting the abnormal behavior is constructed through federal learning, and only the transmission of model parameters is involved in the model construction and detection process, so that the transmission of original data is avoided, the risk of data leakage is reduced, the privacy protection of the original data is improved, and the data security of the abnormal data control process of financial transactions is improved.
Description
Technical Field
The invention relates to the technical field of the Internet of things, in particular to a financial transaction abnormal data control method and system based on the Internet of things.
Background
With the rapid development of modern informatization technology and the increasing risk of network attacks, enterprises are caused to face more and more security threats. In order to ensure the safety and reliability of business operation and prevent the occurrence of security events caused by malicious operation or negligence of internal staff, timely and accurate monitoring of staff behavioral anomalies is particularly necessary for enterprise operation. The staff behavior anomaly detection is to identify possible abnormal behaviors in staff operation by monitoring and analyzing the financial transaction behaviors of staff of an enterprise, and early warn the abnormal behaviors in time to prevent internal threat events.
At present, common employee behavior anomaly detection methods comprise a rule-based detection method, a machine learning-based detection method, a deep learning-based detection method and the like, wherein the rule-based detection mode is limited by fixed rules, flexibility is lacking, an infinite novel attack means and hidden anomaly behaviors are difficult to adapt, and the application range is limited; the detection method based on machine learning or deep learning can be used for adaptively learning a novel attack means, has high flexibility, but needs a large amount of data as training samples, and needs to utilize a large amount of original data in the modeling and detection processes, so that privacy protection of the original data is absent, and the risk of data leakage exists.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention provides a financial transaction abnormal data control method and system based on the Internet of things, which are used for solving the technical problems that the original data is not subjected to privacy protection in the existing financial transaction abnormal data control mode, and data leakage is easy to cause.
The technical scheme for solving the technical problems is as follows: a financial transaction abnormal data control method based on the Internet of things comprises the following steps:
Acquiring financial transaction behavior data of a local target user in a preset historical time period, and converting the financial transaction behavior data into behavior vectors;
Performing cluster analysis on the behavior vector to construct a cluster model corresponding to the target user, and sending private model parameters of the cluster model to an internet of things federation server so that the internet of things federation server returns global model parameters according to the private model parameters;
acquiring global model parameters issued by the internet of things federation server, updating the clustering model according to the global model parameters, and detecting whether the financial transaction behavior of the target user is abnormal or not by utilizing the updated clustering model;
and if detecting that the financial transaction behavior of the target user is abnormal, carrying out alarm treatment on the target user.
According to the method for controlling abnormal data of financial transaction based on the Internet of things, the method for converting the financial transaction behavior data into behavior vectors comprises the following steps:
Extracting financial transaction behaviors of the target user and operation objects corresponding to the financial transaction behaviors from the financial transaction behavior data;
performing splicing processing on the financial transaction behaviors and the operation objects to obtain behavior characteristics of the financial transaction behavior data;
Mapping the behavior characteristics based on a preset behavior library to obtain behavior vectors corresponding to the financial transaction behavior data; the behavior library is obtained based on the union of the total financial transaction behaviors of the target user and the total operation objects after being spliced.
According to the method for controlling abnormal data of financial transactions based on the internet of things, the clustering analysis is performed on the behavior vectors to construct a clustering model corresponding to the target user, and the method comprises the following steps:
acquiring a user role of the target user, classifying the behavior vector of the target user according to the user role, and obtaining a behavior vector set corresponding to the user role;
Performing cluster analysis on the behavior vectors in the behavior vector set to construct a cluster model corresponding to the target user; the private model parameters of the clustering model comprise class center vectors corresponding to the user roles, and the class center vectors are obtained by performing clustering analysis on the behavior vectors in the behavior vector set corresponding to the user roles.
According to the method for controlling abnormal data of financial transaction based on the internet of things, the method for detecting whether the abnormal state exists in the financial transaction behavior of the target user by using the updated clustering model comprises the following steps:
Acquiring target financial transaction behavior data to be detected by the target user, and converting the target financial transaction behavior data into a target behavior vector of the target user; the target financial transaction behavior data are arranged according to the operation time sequence;
Sliding window processing is carried out on the target behavior vector based on a preset sliding step length, and cosine similarity between the target behavior vector in a time window and model parameters of the updated clustering model is calculated in the sliding window processing process so as to determine threat degrees of the target user;
and determining whether the financial transaction behavior of the target user is abnormal according to the threat degree.
According to the method for controlling abnormal data of financial transaction based on the internet of things, if abnormal financial transaction behavior of the target user is detected, alarm treatment is carried out on the target user, and the method comprises the following steps:
If the financial transaction behavior of the target user is abnormal, determining an alarm level corresponding to the abnormal financial transaction behavior of the target user according to the threat level;
Performing alarm treatment on the target user according to the treatment measures corresponding to the alarm grades; the treatment measures comprise account forced offline, account limited login and account blocking.
According to the method for controlling abnormal data of financial transaction based on the internet of things, the method for acquiring the financial transaction behavior data of the local target user in the preset historical time period comprises the following steps:
Acquiring historical financial transaction behavior data of a local target user, and carrying out structural processing on the historical financial transaction behavior data to obtain structural data corresponding to the financial transaction behavior of the target user;
And based on the operation time sequence of the historical financial transaction behavior data, segmenting the structured data according to a preset duration to obtain the financial transaction behavior data of the target user in a preset historical time period.
According to the method for controlling abnormal data of financial transaction based on the internet of things provided by the invention, if abnormal financial transaction behavior of the target user is detected, after alarm treatment is carried out on the target user, the method further comprises the following steps:
Acquiring a weight modification factor corresponding to the alarm level, and sending the weight modification factor to the internet of things federation server so that the internet of things federation server modifies the weight of the private model parameter of the client corresponding to the target user according to the weight modification factor; the weights are used to calculate the global model parameters.
The invention also provides a financial transaction abnormal data control system based on the Internet of things, which comprises the following steps:
The data processing module is used for acquiring financial transaction behavior data of a local target user in a preset historical time period and converting the financial transaction behavior data into behavior vectors;
The modeling module is used for carrying out cluster analysis on the behavior vector to construct a cluster model corresponding to the target user, and sending private model parameters of the cluster model to an internet of things federation server so that the internet of things federation server returns global model parameters according to the private model parameters;
The anomaly detection module is used for acquiring global model parameters issued by the federation server of the Internet of things, updating the clustering model according to the global model parameters, and detecting whether the financial transaction behavior of the target user is abnormal or not by utilizing the updated clustering model;
And the financial transaction abnormality control module is used for carrying out alarm treatment on the target user if detecting that the financial transaction behavior of the target user is abnormal.
The present invention also provides an electronic device including: a memory for storing a computer software program; and the processor is used for reading and executing the computer software program so as to realize the financial transaction abnormal data control method based on the Internet of things.
The invention also provides a non-transitory computer readable storage medium, wherein the storage medium stores a computer software program, and the computer software program realizes the financial transaction abnormal data control method based on the Internet of things according to any one of the above when being executed by a processor.
The invention also provides a computer program product, which comprises a computer program, and the computer program realizes the financial transaction abnormal data control method based on the Internet of things when being executed by a processor.
The beneficial effects of the invention are as follows: acquiring financial transaction behavior data of a local user in a preset historical time period, converting the financial transaction behavior data into behavior vectors, carrying out cluster analysis on the behavior vectors to construct a local cluster model, and sending private model parameters of the cluster model to an Internet of things federation server; updating a local clustering model according to the global model parameters to detect whether the financial transaction behavior of the local user is abnormal; and if detecting that the financial transaction behavior of the target user is abnormal, carrying out alarm treatment on the target user. According to the invention, the model for detecting the abnormal behavior is constructed through federal learning, and only the transmission of model parameters is involved in the model construction and detection process, so that the transmission of original data is avoided, the risk of data leakage is reduced, the privacy protection of the original data is improved, and the data security of the abnormal data control process of financial transactions is improved.
Drawings
FIG. 1 is one of the flowcharts of the abnormal data control method for financial transactions based on the Internet of things provided by the invention;
FIG. 2 is a schematic diagram of a federally learned distributed architecture provided by an embodiment of the present invention;
FIG. 3 is a modeling flow chart provided by an embodiment of the present invention;
FIG. 4 is a second flowchart of a method for controlling abnormal data of financial transactions based on the Internet of things provided by the invention;
FIG. 5 is a third flowchart of a method for controlling abnormal data of financial transactions based on the Internet of things provided by the invention;
FIG. 6 is a block diagram of the financial transaction anomaly data control system based on the Internet of things provided by the invention;
fig. 7 is a schematic diagram of an embodiment of an electronic device according to an embodiment of the present invention;
Fig. 8 is a schematic diagram of an embodiment of a computer readable storage medium according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of the present invention, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more of the described features. In the description of the present invention, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
In the description of the present invention, the term "for example" is used to mean "serving as an example, instance, or illustration. Any embodiment described as "for example" in this disclosure is not necessarily to be construed as preferred or advantageous over other embodiments. The following description is presented to enable any person skilled in the art to make and use the invention. In the following description, details are set forth for purposes of explanation. It will be apparent to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and processes have not been described in detail so as not to obscure the description of the invention with unnecessary detail. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
The invention discloses a financial transaction abnormal data control method based on the Internet of things, which is applied to a client and specifically comprises steps 100 to 400, wherein the steps comprise the following steps:
Fig. 1 is one of flowcharts of a financial transaction abnormal data control method based on the internet of things according to an embodiment of the present invention. Referring to fig. 1, the method for controlling abnormal data of financial transactions based on the internet of things provided by the embodiment of the invention may include:
Step 100, acquiring financial transaction behavior data of a local target user in a preset historical time period, and converting the financial transaction behavior data into behavior vectors;
step 200, performing aggregate analysis on the behavior vector to construct a clustering model corresponding to the target user, and sending private model parameters of the clustering model to the internet of things federation server so that the internet of things federation server returns global model parameters according to the private model parameters;
Step 300, obtaining global model parameters issued by the internet of things federation server, updating a clustering model according to the global model parameters, and detecting whether the financial transaction behavior of the target user is abnormal or not by using the updated clustering model.
And 400, if the abnormal financial transaction behavior of the target user is detected, carrying out alarm treatment on the target user.
Optionally, financial transaction behavior data of the target user local to the client in a preset time period is obtained, and the financial transaction behavior data is converted into a behavior vector. It is known that the target users may include one or more, and when the target users include a plurality of target users, the acquired financial transaction behavior data includes financial transaction behavior data of each target user within a preset historical period, and the financial transaction behavior data of any target user corresponds to a behavior vector.
Optionally, the financial transaction behavior data corresponding to the same target user in the preset historical time period may include one or more financial transaction behaviors, where the one or more financial transaction behaviors correspond to behavior vectors of the target user. In one embodiment, the behavior vectors of different target users have the same dimension, the dimension of the behavior vector is related to the duration of the preset historical time period, and illustratively, the longer the duration, the more financial transaction behaviors can be generated by the target users in the time period, the larger the dimension of the corresponding behavior vector, and the dimension of the behavior vector can be determined according to the maximum number of financial transaction behaviors which can be generated by the target users in the time period of the preset time period.
Optionally, based on the behavior vector of the target user, a local clustering model of the client corresponding to the target user is constructed by performing cluster analysis on the behavior vector corresponding to the financial transaction behavior of the target user, and the private model parameters of the clustering model are sent to the federation server of the internet of things. And then acquiring global model parameters issued by the internet of things federation server, updating a local clustering model according to the global model parameters, and detecting whether the financial transaction behavior of the local target user is abnormal or not by using the updated clustering model. The global model parameters are determined by the federation server of the internet of things according to private model parameters uploaded by each client, the clients update the local cluster model according to the global model parameters issued by the federation server of the internet of things, and particularly update the private model parameters of the local cluster model, wherein the update mode comprises, but is not limited to, replacing the private model parameters by using the global model parameters.
Specifically, the federation server of the internet of things is responsible for receiving private model parameters of all clients participating in federation learning, determining global model parameters according to the received private model parameters of each client, and issuing the global model parameters to each client. Optionally, global model parameters corresponding to different clients may be the same or different, and when different clients correspond to the same global model parameters, the global model parameters issued by the federal server of the internet of things may be optimal parameters selected from private model parameters reported by each client by the federal server of the internet of things, or model parameters obtained by weighting calculation of the private model parameters reported by each client by the federal server of the internet of things; when global model parameters corresponding to different clients are different, the global model parameters can also be obtained by adjusting private model parameters reported by each client by the internet of things federation server, and the adjustment mode of the private model parameters of the clients by the internet of things federation server includes, but is not limited to, fine adjustment of private model parameters of other clients according to optimal parameters in the private model parameters reported by each client.
Further, each client participating in federation learning updates a local clustering model according to global model parameters issued by a federation server of the internet of things, detects whether the financial transaction behaviors of each local target user are abnormal or not by using the updated clustering model, specifically updates model parameters of the constructed clustering model by using global model parameters issued by the federation server of the internet of things, detects financial transaction behavior data of the local target user by using the clustering model after parameter updating, and accordingly determines whether the financial transaction behaviors of the local target user are abnormal or not.
In the federal learning process, the construction of the clustering model and the detection of abnormal behaviors only relate to the transmission of model parameters, and the adopted original data only exist locally, so that the privacy safety of the original data can be protected, the risk of data leakage is reduced, and the data safety in the modeling and detection processes is improved.
Further, if it is detected that the financial transaction behavior of the target user is abnormal, alarm treatment is performed on the target user, for example, account forced offline is performed on an account of the target user, account restricted login is performed on the account, or account blocking is performed on the account.
In the embodiment of the invention, the client converts financial transaction behavior data of a local user into behavior vectors, thereby constructing a clustering model, and sending private model parameters to the internet of things federation server, wherein the internet of things federation server determines global model parameters according to the private model parameters of each client, and sends the global model parameters to the client, the client detects abnormality of the financial transaction behavior of the local user according to the global model parameters sent by the internet of things federation server, and if abnormality of the financial transaction behavior of a target user is detected, alarm treatment is carried out on the target user. Therefore, the embodiment of the invention constructs the model for detecting the abnormal behavior through federal learning, only relates to the transmission of model parameters in the model construction and detection process, avoids the transmission of original data, reduces the risk of data leakage, and improves the privacy protection of the original data, thereby improving the data security of the abnormal data control process of the financial transaction based on the Internet of things.
Optionally, in step 100, acquiring financial transaction behavior data of the local target user in a preset historical time period specifically includes:
Step 101, acquiring historical financial transaction behavior data of a local target user, and carrying out structural processing on the historical financial transaction behavior data to obtain structural data corresponding to the financial transaction behavior of the target user;
step 102, segmenting the structured data according to a preset duration based on the operation time sequence of the historical financial transaction behavior data to obtain the financial transaction behavior data of the target user in a preset historical time period.
When acquiring financial transaction behavior data of a local target user in a preset historical time period, firstly acquiring the historical financial transaction behavior data of the local target user, and carrying out structural processing on the historical financial transaction behavior data to obtain structural data corresponding to the financial transaction behavior of the target user. Based on the operation time sequence of the historical financial transaction behavior data, the financial transaction behavior data after the structuring processing is segmented according to preset time length, and the financial transaction behavior data of the target user in a preset historical time period is obtained, wherein the preset time length is the time length corresponding to the preset historical time period.
The local financial transaction behaviors of the user at the client side are generally recorded by the database, the local client side comprises a local device, a remote host, a remote database and other operation types, and the data formats of the recorded financial transaction behaviors of the user can be different due to the differences of the systems and the host types of different client sides, and the data format of the financial transaction behaviors of the user is structured, so that the unified data standard and format are facilitated, and the subsequent processing is facilitated.
In one embodiment, the structured financial transaction data includes a data source, an operation user identifier, an operation time, a financial transaction and an operation object, where the data source is a local host, a remote host or a remote database, and the operation user is illustratively "open XX", the data source is a local host, the financial transaction is for example "open", the operation object is for example "Document/", the operation time is for example "XX minutes XX seconds when XX is for example" XX year XX month XX day XX ", and the financial transaction data of the user" open XX "is for XX seconds when XX year XX month XX is for" open ".
Optionally, in step 100, converting the financial transaction behavior data of the target user into a behavior vector may further include:
step 103, extracting the financial transaction behaviors of the target user in the financial transaction behavior data and the operation objects corresponding to the financial transaction behaviors;
step 104, splicing the financial transaction behaviors and the operation objects to obtain behavior characteristics of financial transaction behavior data;
step 105, mapping behavior characteristics based on a preset behavior library to obtain behavior vectors corresponding to financial transaction behavior data; the behavior library is obtained based on the union of the total financial transaction behaviors of the target user and the total operation objects after being spliced.
Firstly, extracting financial transaction behaviors of a target user in financial transaction behavior data and an operation object acted by the financial transaction behaviors, performing splicing processing on the financial transaction behaviors and the operation object to obtain behavior characteristics of the financial transaction behavior data for the target, and mapping the extracted behavior characteristics based on a preset behavior library to obtain a behavior vector corresponding to the financial transaction behavior data of the target user. The preset behavior library is obtained by combining right financial transaction behaviors of the target user and the full operation objects after splicing.
Specifically, the financial transaction behavior data corresponding to the same target user may include one or more financial transaction behaviors, where the plurality of financial transaction behaviors may act on the same or different operation objects, the same repeated financial transaction behavior may be performed on the same operation object multiple times, and different financial transaction behaviors may be performed on the same operation object multiple times, and the same financial transaction behavior may be performed repeatedly on different operation objects multiple times.
For the behavior library, different clients all have their own behavior library, which is obtained by collecting the behavior characteristics of the local target user. Specifically, acquiring the total financial transaction behaviors of all target users of a local client and the operation objects pointed by the financial transaction behaviors, splicing the financial transaction behaviors and the operation objects pointed by the financial transaction behaviors to obtain the behavior characteristics of the target users, and then merging the behavior characteristics of different target users to obtain a behavior library of the client. The behavior library of any client contains all financial transaction behaviors which can be generated locally by the client and all operation objects which can be pointed to by any financial transaction behaviors.
In one embodiment, the extraction of financial transaction actions and operational objects may be implemented based on structured processed financial transaction action data. Optionally, the types of financial transaction behaviors on different types of hosts are few, so that the financial transaction behaviors and the operation objects can be spliced to obtain richer variations of the financial transaction behaviors and the financial transaction behavior objects as marks for staff behavior distinction. The operation data of the user is segmented according to time periods or login sessions, financial transaction behavior data of the user in a certain time period is regarded as one sample, and the sample is converted into a behavior vector.
When the behavior vector is converted, financial transaction behaviors and operation objects of all users in a client host are collected in advance, the financial transaction behaviors are combined and numbered, and a behavior library of the users is built. And mapping the samples according to the behavior library.
Illustratively, the behavior library of a certain client is shown in the following table 1:
Table 1:
;
Table 2:
;
In the vector conversion process, if the sample X is the financial transaction behavior of the sheet XX in a certain historical time, the financial transaction behavior comprises three behaviors of cd A, cat C and ssh E. Then the sample X is mapped to a behavior vector with its corresponding behavior number column labeled 1, indicating that the sample X has this financial transaction activity occurring. The behavior number column corresponding to the behavior of the financial transaction where the other sample X does not exist is labeled 0, as shown in the above table 2, and the behavior vector corresponding to the sample X is: "1,0,1,0,1,...,0".
Optionally, in step 200, a cluster analysis is performed on the behavior vector to construct a cluster model corresponding to the target user, which specifically includes:
Step 201, obtaining a user role of a target user, and classifying behavior vectors of the target user according to the user role to obtain a behavior vector set corresponding to the user role;
Step 202, performing cluster analysis on the behavior vectors in the behavior vector set to construct a cluster model corresponding to the target user; the private model parameters of the clustering model comprise class center vectors corresponding to the user roles, and the class center vectors are obtained by performing clustering analysis on the behavior vectors in the behavior vector set corresponding to the user roles.
For the same client, different target users may have different user roles, different user roles have larger differences in financial transaction behaviors, and the same user roles have larger commonalities in financial transaction behaviors, so that clustering analysis is performed on the financial transaction behaviors of the same user roles when a clustering model is constructed.
Specifically, first, the user roles of each target user are acquired, and the user roles may be divided according to units and/or positions and/or roles to which the target user belongs. Classifying the behavior vectors of the target users according to the user roles of the target users to obtain behavior vector sets corresponding to the user roles, dividing the behavior vectors of the target users with the same user roles into the same behavior vector set, and dividing the behavior vectors of the target users with different user roles into different behavior vector sets. And performing cluster analysis on the behavior vectors in the same behavior vector set aiming at each divided behavior vector set, so as to construct a cluster model corresponding to the target user of the client. The private model parameters of the clustering model of the client comprise class center vectors corresponding to the user roles, and the class center vectors are obtained by performing clustering analysis on the behavior vectors in the behavior vector set corresponding to the user roles.
Optionally, the local modeling process of the client is a process of obtaining cluster centroids of financial transaction behavior data under each category according to the roles of the users. Class centroid calculations are performed according to the following formula (1), e.g. the clustering center for role class 1 is:
;
In the case of the formula (1), And (3) representing a class center vector of the first user role, wherein Num represents the number of users contained in the user role, and the dimension of the vector is N, namely the dimension of a behavior library of the users.Is the value of the first dimension of the i-th sample,Is the value of the nth dimension of the ith sample. And aggregating and normalizing the behavior vectors of all users in the user roles to obtain the mass centers of the clustering clusters of the user roles, wherein the mass centers of the clustering clusters are the class center vectors. And calculating a clustering center according to the mode aiming at the category corresponding to each user role, and thus, the modeling of the local client can be completed.
Illustratively, a user character includes three users, namely a user A, a user B and a user C, and after the financial transaction behavior data are converted into behavior vectors, the three obtained behavior vectors are respectively:
1,0,1,0,1,...,0;1,1,1,0,1,...,0;1,0,1,0,0,...,0。
According to the calculation mode of the cluster centroid, the first dimension value of the three behavior vectors is 1,1 and 1 respectively, and then the first dimension value of the cluster center is . The values of the first dimension are respectively 0,1 and 0, and the value of the second dimension of the clustering center isThe values of the clustering centers of other dimensions can be calculated in sequence, and finally, the category center vector under the category is obtained.
Optionally, after the client obtains the category center vectors of each category, the category center vectors and the behavior vectors corresponding to the financial transaction behavior data used as samples for cluster analysis are sent to each internet of things federation server, and the internet of things federation server models according to the category center vectors and the behavior vectors sent by each client to obtain the global model parameters.
Specifically, in the federation modeling process, the federation server of the internet of things initializes federation parameters first, and the weight parameters are set according to the number of hosts participating in federation calculation and the number of host samples when the federation parameters are executed for the first time, and generally, the calculation mode of the ith host weight is shown in the following formula (2):
;
where M is the number of client hosts participating in federal learning. The more the sample data amount generated by the client host in the federation learning process, the larger the corresponding weight is in federation learning, and the sum of the weights of all the client hosts is 1 in initialization.
When the federation server of the internet of things federates modeling, the federation weight of each client host is loaded according to the obtained class center vector and sample data of each client, and the private model parameters of the local model of the ith client host are set asThen at each ofThe local cluster parameters including the j-th user role are set asFor each user role j in the federation model, the clustering center vector is calculated according to the following formula (3):
;
In the federal modeling process, a class center vector is corresponding to each user role class, and the class center vector is calculated based on private model parameters output by each client host, and original financial transaction behavior data is not directly used, so that the privacy of the financial transaction behavior of the user can be ensured in the modeling process. Namely, the class center vector serving as the global model parameter is obtained by weighting and calculating the class center vectors of the same user role reported by different clients.
Optionally, in step 300, a local clustering model is updated according to global model parameters issued by a federation server of the internet of things, and whether the financial transaction behaviors of local target users are abnormal or not is detected by using the updated clustering model, which specifically includes:
Step 301, obtaining target financial transaction behavior data to be detected by a target user, and converting the target financial transaction behavior data into a target behavior vector of the target user; the target financial transaction behavior data are arranged according to the operation time sequence;
Step 302, sliding window processing is carried out on the target behavior vector based on a preset sliding step length, and cosine similarity between the target behavior vector in a time window and model parameters of the updated clustering model is calculated in the sliding window processing process so as to determine threat degrees of target users;
step 303, determining whether the financial transaction behavior of the target user is abnormal according to the threat level.
When the client detects abnormality of the local financial transaction behavior of the target user, firstly, the financial transaction behavior data to be detected of the target user is obtained as a sample to be detected, the financial transaction behavior data can be a history record of the financial transaction behavior which is newly generated by the target user, and the financial transaction behavior data as the sample to be detected is converted into a corresponding behavior vector, namely a target behavior vector.
Further, sliding window processing is carried out on the target behavior vector based on a preset sliding step length, cosine similarity between the target behavior vector in the time window and model parameters of the updated clustering model is calculated in the sliding window processing process, and threat degree of abnormal financial transaction behaviors of the target user is determined based on the cosine similarity. And determining whether the financial transaction behavior of the target user is abnormal according to the threat degree.
For example, if the threat level of the target user is greater than the preset threshold, the financial transaction behavior of the target user is abnormal, otherwise, if the threat level of the target user is less than or equal to the preset threshold, the financial transaction behavior of the target user is not abnormal.
Optionally, when the client performs abnormal detection on the financial transaction behaviors of the users locally, firstly, a sample to be detected is obtained, and the size and the sliding step length of a preset sliding window are set, so that financial transaction behavior data of each local user in the sample to be detected are arranged according to a time sequence. Taking the size of the sliding window as 10 as an example, adopting a sliding window processing mode, for each user i, moving the sliding window to the earliest 10 financial transaction behaviors of the user i, merging the behavior vectors corresponding to the financial transaction behaviors of the users in the sliding window, and marking the merged behavior vectors as a behavior vector X. Global model parameter issued by federation server based on Internet of thingsThe cosine similarity of the user i and the global model parameter is calculated according to the following formula:
;
The threat degree of the behavior vector X is as follows: And then sliding the time window by one frame according to the time sequence, removing the earliest action vector in the time window, adding the action vector, and repeating the threat degree calculation process until the detection of the financial transaction actions of all users in the sample to be detected is completed. The sliding window size can be configured according to actual detection requirements, namely, according to the quantity of financial transaction behaviors required by detecting whether the financial transaction behaviors are abnormal, the sliding window size is determined, and therefore whether any user in the window has abnormal financial transaction behaviors can be detected according to the financial transaction behaviors of the user.
The existing financial transaction abnormal data control method based on the Internet of things lacks a dynamic updating mechanism and an abnormal measurement mechanism, and for the dynamic updating mechanism, most of the financial transaction abnormal data control methods based on the Internet of things are analyzed and detected according to a set detection rule, and usually the detection methods are solidified by taking a specified algorithm or processing process as a carrier to carry out deterministic abnormal detection and cannot be dynamically adjusted according to actual situation requirements. Especially in the distributed anomaly detection process, the modeling process cannot be dynamically adjusted well according to the anomaly detection condition, the parameter weight of the detection node is optimized, a feedback mechanism is not established for the result by the detection model, similar behaviors report anomalies repeatedly, and some anomaly behaviors may even affect the overall modeling accuracy. For an abnormal measurement mechanism, some behaviors may not be attack behaviors, but in the detection process, no matter whether the risk of the financial transaction behavior is high or low, the detection result only feeds back two conditions of normal or abnormal, the measurement mechanism for the abnormal behavior is lacking, the importance and the risk of the behavior are difficult to determine, and the security manager is puzzled.
The embodiment of the invention solves the problems of privacy protection and data security in the model establishment process by establishing the distributed anomaly detection under the federal learning architecture. And meanwhile, a model feedback mechanism is established, the model parameters are dynamically adjusted according to the abnormal recognition result, and the model parameters are dynamically updated, so that the model parameters are better suitable for controlling abnormal data of financial transactions based on the Internet of things under streaming data. And detecting by adopting a sliding window mode, verifying the data for multiple times, and giving a refined judgment result of the risk degree according to the verification result, thereby improving the credibility and the referenceability of the abnormal detection result.
Specifically, in step 400, if it is detected that the financial transaction behavior of the target user is abnormal, alarm handling is performed on the target user, including:
Step 401, if the financial transaction behavior of the target user is abnormal, determining an alarm level corresponding to the abnormal financial transaction behavior of the target user according to the threat level;
Step 402, carrying out alarm treatment on the target user according to the treatment measures corresponding to the alarm levels; the treatment measures comprise forced account number offline, account number limit login and account number blocking and disabling
If the financial transaction behavior of the target user is abnormal, determining an alarm grade corresponding to the abnormal financial transaction behavior of the target user according to the calculated threat degree, and carrying out alarm treatment on the target user according to treatment measures corresponding to the alarm grade, wherein the treatment measures comprise but are not limited to account forced offline, account limited login and account blocking.
Further, step 402 further includes:
step 403, obtaining a weight modification factor corresponding to the alarm level, and sending the weight modification factor to the federal server of the internet of things; the internet of things federation server modifies the weight of the private model parameter of the client corresponding to the target user according to the weight modification factor; the weights are used to calculate global model parameters.
Different alarm levels correspond to different weight modification factors, the weight modification factors corresponding to the alarm levels are obtained and sent to the internet of things federation server, and the internet of things federation server modifies the private model parameter weights of the clients corresponding to the target users according to the weight modification factors. The weight modified by the federation server of the internet of things is the weight used for calculating the global model parameters, namely the parameters involved in the formula (3). It is to be understood that, for different clients, the weight modification factors corresponding to the same alarm level may be the same or different, and are not specifically limited herein.
By dynamically adjusting the weight of the model parameters, the influence of the risk points on the class center vector in the modeling process can be proposed, and the higher the degree of behavioral abnormality, the more the degree of behavioral abnormality deviates from the clustering center, the cluster center in the modeling process is deviated, and the model precision is finally influenced.
In one embodiment, based on the federal learning distributed architecture shown in fig. 2, the financial transaction abnormal data control method based on the internet of things provided by the embodiment of the invention presents a form of total multiple components in the whole detection process, and local hosts of a plurality of clients are connected with the federal server of the internet of things to complete detection of abnormal behaviors in a mode of division work and cooperation.
Specifically, referring to the modeling flow based on federal learning shown in fig. 3, physical isolation and data isolation exist in local hosts of a plurality of clients, only model parameters are transmitted with a federal server of the internet of things, the federal server of the internet of things performs federal modeling based on private model parameters reported by each client to form a model parameter matrix, global model parameters are determined to issue each client, and abnormal data control of financial transactions based on the internet of things is performed locally in the clients of the user.
When the client controls abnormal data of financial transactions based on the Internet of things locally, a sliding window processing mode is adopted, a sample to be detected is verified for a plurality of times, when abnormal behaviors are detected, corresponding weight modification factors are reported to the Internet of things federal server according to alarm levels of the abnormal behaviors, the Internet of things federal server dynamically adjusts the weights of the client according to the weight modification factors, and therefore a model feedback mechanism is established, and influences of risk point data on model accuracy are removed in a modeling process.
Further, referring to the abnormal data control flow of financial transaction based on the internet of things shown in fig. 4, the local host of the client may take the financial transaction behavior data of the local user and perform preprocessing, where the preprocessing includes structuring and standardizing the financial transaction behavior data of different sources. Based on the processed financial transaction behavior data, the financial transaction behavior data is converted into behavior vectors through behavior mapping, so that local modeling is performed, a local clustering model is obtained, and local private model parameters are transmitted into an Internet of things federation server. It should be noted that, in order to ensure uniformity of data formats received by the federation server of the internet of things, when the local private model parameters are transmitted to each client, format conversion needs to be performed on the transmitted model parameters, and the model parameters are converted into federation data formats preset by the federation server of the internet of things. And initializing or updating the weight of each client host according to the private model parameters transmitted by each client by the internet of things federation server, and calculating based on the private model parameters to obtain global model parameters and transmitting the global model parameters back to the client. The local host of the client performs abnormality detection on financial transaction behaviors of the local user based on global model parameters issued by the federal server of the Internet of things, performs alarm processing on the abnormal behaviors according to alarm levels of the abnormal behaviors when the abnormal behaviors are detected, and transmits weight modification factors corresponding to the alarm levels to the federal server of the Internet of things. And the internet of things federation server modifies and updates the weight of the client according to the weight modification factor transmitted by the client.
In the process of transferring the model parameters, the model parameters can be transmitted after being encrypted by adopting modes such as differential privacy, homomorphic encryption and the like. The local modeling process of the local host of the client and the federal modeling process of the federal server of the internet of things can refer to the descriptions in the above embodiments, and are not repeated here.
In this embodiment, based on the federal learning architecture, no transmission of any original data is designed in the modeling process based on abnormal data control of financial transactions of the internet of things, only model parameters are transmitted, and the transmission of the model parameters can also be encrypted in a manner of non-plaintext data, so that data leakage caused by the transmission of the original data in the modeling process is avoided.
Further, based on a model parameter dynamic adjustment mechanism of a financial transaction abnormal data control result based on the Internet of things, the clustering center is updated in real time, the model detection performance is continuously optimized, the influence of abnormal behaviors on the clustering center in the modeling process is further reduced, and the detection accuracy is improved.
For abnormal behaviors, the evaluation of the abnormal degree is refined, a plurality of alarm levels are set, different treatment measures are adopted according to different alarm levels, the modeling process is optimized and adjusted according to different alarm degrees, the expression capability of alarm results is improved, and the interpretation and treatment capability of abnormal behavior alarms is improved.
Based on fig. 5, the embodiment of the invention provides a financial transaction abnormal data control method based on the internet of things, which is applied to a federation server of the internet of things and comprises the following steps of S1-S2:
S1, obtaining private model parameters sent by each client; the private model parameters are obtained by constructing a clustering model by a client based on the behavior vector; the behavior vector is obtained by converting the acquired financial transaction behavior data of the target user in a preset historical time period by the client;
s2, determining global model parameters according to the private model parameters, and issuing the global model parameters to each client; and the client updates the clustering model according to the global model parameters, and detects whether the financial transaction behavior of the local target user is abnormal or not by utilizing the updated clustering model.
The method comprises the steps of obtaining private model parameters sent by each client, wherein the private model parameters are obtained by constructing a clustering model by the client based on behavior vectors, the private model parameters are model parameters of the clustering model, and the behavior vectors used for constructing the clustering model are obtained by converting financial transaction behavior data of an obtained local target user in a preset historical time period by the client. The client acquires financial transaction behavior data of one or more local target users in a preset historical time period, converts the financial transaction behavior data of each target user into behavior vectors corresponding to the target users, and builds a clustering model based on the converted behavior vectors, so that private model parameters of the local modeling are obtained.
Further, global model parameters are determined according to private model parameters of all clients, the global model parameters are issued to all clients, the clients update local clustering models according to the global model parameters issued by the internet of things federation server, and whether the financial transaction behaviors of all local target users are abnormal or not is detected by utilizing the updated clustering models.
In the embodiment, in the modeling and detection process of abnormal data control of financial transactions based on the Internet of things through federal learning, only the transmission of model parameters is involved, so that the transmission of original financial transaction behavior data is avoided, the data leakage caused by data transmission in the modeling and detection process is avoided, the risk of data leakage is reduced, and the data security is improved.
The abnormal data control system of financial transaction based on the Internet of things, which is provided by the invention, is described below, and the abnormal data control system of financial transaction based on the Internet of things, which is described below, and the abnormal data control method of financial transaction based on the Internet of things, which is described above, can be correspondingly referred to each other.
As shown in fig. 6, fig. 6 is a block diagram of a financial transaction abnormal data control system based on the internet of things, provided by the invention, the financial transaction abnormal data control system based on the internet of things comprises:
the data processing module 601 is configured to obtain financial transaction behavior data of a local target user in a preset historical time period, and convert the financial transaction behavior data into a behavior vector;
the modeling module 602 is configured to perform cluster analysis on the behavior vector to construct a cluster model corresponding to the target user, and send a private model parameter of the cluster model to an internet of things federation server, so that the internet of things federation server returns a global model parameter according to the private model parameter;
The anomaly detection module 603 is configured to obtain global model parameters issued by the federation server of the internet of things, update the cluster model according to the global model parameters, and detect whether the financial transaction behavior of the target user is abnormal by using the updated cluster model;
And the financial transaction abnormality control module 604 is configured to perform alarm handling on the target user if abnormality in the financial transaction behavior of the target user is detected.
According to the embodiment of the invention, the model for detecting the abnormal behavior is constructed through federal learning, and only the transmission of model parameters is involved in the model construction and detection process, so that the transmission of original data is avoided, the risk of data leakage is reduced, the privacy protection of the original data is improved, and the data security of the abnormal data control process of financial transactions is improved.
Referring to fig. 7, fig. 7 is a schematic diagram of an embodiment of an electronic device according to an embodiment of the invention. As shown in fig. 7, an embodiment of the present invention provides an electronic device 700, including a memory 710, a processor 720, and a computer program 711 stored in the memory 710 and executable on the processor 720, wherein the processor 720 executes the computer program 711 to implement the following steps:
Acquiring financial transaction behavior data of a local target user in a preset historical time period, and converting the financial transaction behavior data into behavior vectors;
Performing cluster analysis on the behavior vector to construct a cluster model corresponding to the target user, and sending private model parameters of the cluster model to an internet of things federation server so that the internet of things federation server returns global model parameters according to the private model parameters;
acquiring global model parameters issued by the internet of things federation server, updating the clustering model according to the global model parameters, and detecting whether the financial transaction behavior of the target user is abnormal or not by utilizing the updated clustering model;
and if detecting that the financial transaction behavior of the target user is abnormal, carrying out alarm treatment on the target user.
Referring to fig. 8, fig. 8 is a schematic diagram of an embodiment of a computer readable storage medium according to an embodiment of the invention. As shown in fig. 8, the present embodiment provides a computer-readable storage medium 800 having stored thereon a computer program 811, which computer program 811 when executed by a processor performs the steps of:
Acquiring financial transaction behavior data of a local target user in a preset historical time period, and converting the financial transaction behavior data into behavior vectors;
Performing cluster analysis on the behavior vector to construct a cluster model corresponding to the target user, and sending private model parameters of the cluster model to an internet of things federation server so that the internet of things federation server returns global model parameters according to the private model parameters;
acquiring global model parameters issued by the internet of things federation server, updating the clustering model according to the global model parameters, and detecting whether the financial transaction behavior of the target user is abnormal or not by utilizing the updated clustering model;
and if detecting that the financial transaction behavior of the target user is abnormal, carrying out alarm treatment on the target user.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and for those portions of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. The financial transaction abnormal data control method based on the Internet of things is characterized by comprising the following steps of:
Acquiring financial transaction behavior data of a local target user in a preset historical time period, and converting the financial transaction behavior data into behavior vectors;
Performing cluster analysis on the behavior vector to construct a cluster model corresponding to the target user, and sending private model parameters of the cluster model to an internet of things federation server so that the internet of things federation server returns global model parameters according to the private model parameters;
acquiring global model parameters issued by the internet of things federation server, updating the clustering model according to the global model parameters, and detecting whether the financial transaction behavior of the target user is abnormal or not by utilizing the updated clustering model;
and if detecting that the financial transaction behavior of the target user is abnormal, carrying out alarm treatment on the target user.
2. The method for controlling abnormal data of financial transaction based on internet of things according to claim 1, wherein the converting the financial transaction behavior data into a behavior vector comprises:
Extracting financial transaction behaviors of the target user and operation objects corresponding to the financial transaction behaviors from the financial transaction behavior data;
performing splicing processing on the financial transaction behaviors and the operation objects to obtain behavior characteristics of the financial transaction behavior data;
Mapping the behavior characteristics based on a preset behavior library to obtain behavior vectors corresponding to the financial transaction behavior data; the behavior library is obtained based on the union of the total financial transaction behaviors of the target user and the total operation objects after being spliced.
3. The method for controlling abnormal data of financial transactions based on the internet of things according to claim 1, wherein the performing cluster analysis on the behavior vector to construct a cluster model corresponding to the target user includes:
acquiring a user role of the target user, classifying the behavior vector of the target user according to the user role, and obtaining a behavior vector set corresponding to the user role;
Performing cluster analysis on the behavior vectors in the behavior vector set to construct a cluster model corresponding to the target user; the private model parameters of the clustering model comprise class center vectors corresponding to the user roles, and the class center vectors are obtained by performing clustering analysis on the behavior vectors in the behavior vector set corresponding to the user roles.
4. The method for controlling abnormal data of financial transactions based on the internet of things according to claim 1, wherein the detecting whether the abnormal behavior of the financial transaction of the target user exists by using the updated clustering model comprises:
Acquiring target financial transaction behavior data to be detected by the target user, and converting the target financial transaction behavior data into a target behavior vector of the target user; the target financial transaction behavior data are arranged according to the operation time sequence;
Sliding window processing is carried out on the target behavior vector based on a preset sliding step length, and cosine similarity between the target behavior vector in a time window and model parameters of the updated clustering model is calculated in the sliding window processing process so as to determine threat degrees of the target user;
and determining whether the financial transaction behavior of the target user is abnormal according to the threat degree.
5. The method for controlling abnormal data of financial transaction based on internet of things according to claim 4, wherein if detecting that there is an abnormality in the financial transaction behavior of the target user, performing alarm handling on the target user comprises:
If the financial transaction behavior of the target user is abnormal, determining an alarm level corresponding to the abnormal financial transaction behavior of the target user according to the threat level;
Performing alarm treatment on the target user according to the treatment measures corresponding to the alarm grades; the treatment measures comprise account forced offline, account limited login and account blocking.
6. The method for controlling abnormal data of financial transaction based on internet of things according to claim 5, wherein the obtaining the local financial transaction behavior data of the target user in the preset historical time period comprises:
Acquiring historical financial transaction behavior data of a local target user, and carrying out structural processing on the historical financial transaction behavior data to obtain structural data corresponding to the financial transaction behavior of the target user;
And based on the operation time sequence of the historical financial transaction behavior data, segmenting the structured data according to a preset duration to obtain the financial transaction behavior data of the target user in a preset historical time period.
7. The method for controlling abnormal data of financial transaction based on internet of things according to claim 6, wherein if detecting that there is an abnormality in the financial transaction behavior of the target user, after performing alarm handling on the target user, further comprising:
Acquiring a weight modification factor corresponding to the alarm level, and sending the weight modification factor to the internet of things federation server so that the internet of things federation server modifies the weight of the private model parameter of the client corresponding to the target user according to the weight modification factor; the weights are used to calculate the global model parameters.
8. The utility model provides a financial transaction abnormal data control system based on thing networking which characterized in that includes:
The data processing module is used for acquiring financial transaction behavior data of a local target user in a preset historical time period and converting the financial transaction behavior data into behavior vectors;
The modeling module is used for carrying out cluster analysis on the behavior vector to construct a cluster model corresponding to the target user, and sending private model parameters of the cluster model to an internet of things federation server so that the internet of things federation server returns global model parameters according to the private model parameters;
The anomaly detection module is used for acquiring global model parameters issued by the federation server of the Internet of things, updating the clustering model according to the global model parameters, and detecting whether the financial transaction behavior of the target user is abnormal or not by utilizing the updated clustering model;
And the financial transaction abnormality control module is used for carrying out alarm treatment on the target user if detecting that the financial transaction behavior of the target user is abnormal.
9. An electronic device, comprising:
A memory for storing a computer software program;
And the processor is used for reading and executing the computer software program so as to realize the financial transaction abnormal data control method based on the Internet of things according to any one of claims 1 to 7.
10. A non-transitory computer readable storage medium, wherein a computer software program is stored in the storage medium, and when executed by a processor, the computer software program implements the method for controlling abnormal data of financial transactions based on the internet of things according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410676718.6A CN118245827B (en) | 2024-05-29 | 2024-05-29 | Financial transaction abnormal data control method and system based on Internet of things |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410676718.6A CN118245827B (en) | 2024-05-29 | 2024-05-29 | Financial transaction abnormal data control method and system based on Internet of things |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118245827A true CN118245827A (en) | 2024-06-25 |
| CN118245827B CN118245827B (en) | 2024-08-27 |
Family
ID=91564140
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410676718.6A Active CN118245827B (en) | 2024-05-29 | 2024-05-29 | Financial transaction abnormal data control method and system based on Internet of things |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118245827B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113919513A (en) * | 2021-10-22 | 2022-01-11 | 全球能源互联网研究院有限公司南京分公司 | Method and device for aggregating security of federated learning and electronic equipment |
| WO2022237194A1 (en) * | 2021-05-10 | 2022-11-17 | 深圳前海微众银行股份有限公司 | Abnormality detection method and apparatus for accounts in federal learning system, and electronic device |
| CN117237100A (en) * | 2023-08-30 | 2023-12-15 | 中国工商银行股份有限公司 | Transaction risk prediction method, device and system based on federal learning |
| CN117591860A (en) * | 2023-11-28 | 2024-02-23 | 上海上湖信息技术有限公司 | Data anomaly detection method and device |
| CN117592096A (en) * | 2023-11-03 | 2024-02-23 | 华侨大学 | Abnormal financial account detection method and device based on federal learning privacy protection |
| CN117670364A (en) * | 2023-12-06 | 2024-03-08 | 中国农业银行股份有限公司 | Abnormal transaction identification method, device, equipment and storage medium |
-
2024
- 2024-05-29 CN CN202410676718.6A patent/CN118245827B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022237194A1 (en) * | 2021-05-10 | 2022-11-17 | 深圳前海微众银行股份有限公司 | Abnormality detection method and apparatus for accounts in federal learning system, and electronic device |
| CN113919513A (en) * | 2021-10-22 | 2022-01-11 | 全球能源互联网研究院有限公司南京分公司 | Method and device for aggregating security of federated learning and electronic equipment |
| CN117237100A (en) * | 2023-08-30 | 2023-12-15 | 中国工商银行股份有限公司 | Transaction risk prediction method, device and system based on federal learning |
| CN117592096A (en) * | 2023-11-03 | 2024-02-23 | 华侨大学 | Abnormal financial account detection method and device based on federal learning privacy protection |
| CN117591860A (en) * | 2023-11-28 | 2024-02-23 | 上海上湖信息技术有限公司 | Data anomaly detection method and device |
| CN117670364A (en) * | 2023-12-06 | 2024-03-08 | 中国农业银行股份有限公司 | Abnormal transaction identification method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118245827B (en) | 2024-08-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11005872B2 (en) | Anomaly detection in cybersecurity and fraud applications | |
| US20200379868A1 (en) | Anomaly detection using deep learning models | |
| US20210360000A1 (en) | System and method for intelligent agents for decision support in network identity graph based identity management artificial intelligence systems | |
| CN111107072B (en) | Authentication graph embedding-based abnormal login behavior detection method and system | |
| US20170018030A1 (en) | System and Method for Determining Credit Worthiness of a User | |
| US11586609B2 (en) | Abnormal event analysis | |
| CN111782484B (en) | Anomaly detection method and device | |
| CN110636066B (en) | Network security threat situation assessment method based on unsupervised generative reasoning | |
| Haffar et al. | Explaining predictions and attacks in federated learning via random forests | |
| CN110162958B (en) | Method, apparatus and recording medium for calculating comprehensive credit score of device | |
| WO2022245706A1 (en) | Fault detection and mitigation for aggregate models using artificial intelligence | |
| CN116502171B (en) | Network security information dynamic detection system based on big data analysis algorithm | |
| CN118245827B (en) | Financial transaction abnormal data control method and system based on Internet of things | |
| CN117670359A (en) | Abnormal transaction data identification method and device, storage medium and electronic equipment | |
| CN117575595A (en) | Payment risk identification method, device, computer equipment and storage medium | |
| CN115797047A (en) | Intelligent customer operation risk assessment method and system | |
| Zhang et al. | GAN-based abnormal transaction detection in Bitcoin | |
| Ranga et al. | Log anomaly detection using sequential convolution neural networks and Dual-LSTM model | |
| CN116668045A (en) | Multi-dimensional network security comprehensive early warning method and system | |
| CN118802310A (en) | Abnormal behavior detection method, device, equipment, storage medium and program product | |
| Baklanov et al. | Vote aggregation techniques in the Geo-Wiki crowdsourcing game: a case study | |
| CN117807590B (en) | Information security prediction and monitoring system and method based on artificial intelligence | |
| US12079992B1 (en) | Utilizing machine learning and digital embedding processes to generate digital maps of biology and user interfaces for evaluating map efficacy | |
| US11361537B2 (en) | Enhanced collection of training data for machine learning to improve worksite safety and operations | |
| CN113807977B (en) | Method, system, equipment and medium for detecting support attack based on dynamic knowledge graph |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |