EP3523772A1 - Système de détection de fraude dans un flux de données - Google Patents

Système de détection de fraude dans un flux de données

Info

Publication number
EP3523772A1
EP3523772A1 EP17791591.5A EP17791591A EP3523772A1 EP 3523772 A1 EP3523772 A1 EP 3523772A1 EP 17791591 A EP17791591 A EP 17791591A EP 3523772 A1 EP3523772 A1 EP 3523772A1
Authority
EP
European Patent Office
Prior art keywords
data
fraud
real time
layer
data stream
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP17791591.5A
Other languages
German (de)
English (en)
French (fr)
Inventor
Yannis MAZZER
Olivier CAELEN
Titouan CHARY
Joris CALOUD
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Worldline SA
Original Assignee
Worldline SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Worldline SA filed Critical Worldline SA
Publication of EP3523772A1 publication Critical patent/EP3523772A1/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing

Definitions

  • the present invention relates to the field of security of sensitive data transfers and in particular the security of banking exchanges. More specifically, the present invention relates to a system for detecting fraud in a data stream.
  • Securing sensitive data is a major challenge for many sectors, particularly in the banking sector, where payment / transaction security is constantly being tested. While the technological evolution of IT infrastructures provides means to fight against fraud or piracy of sensitive data, it also allows hackers to develop new methods for the illegal or fraudulent recovery of data.
  • the present invention aims to overcome some disadvantages of the prior art by providing a system for detecting fraud during a data exchange during a banking transaction, in particular.
  • a computer system for detecting fraud in a data stream comprising at least one data lake for storing large volumes of data with variable structures, in the form of a distributed database, for uses and miscellaneous analytics, a platform that contains at least one production environment that includes at least one self-adaptive hardware and software architecture that includes a plurality of stored fraud control templates, a test engine, and updates fraud control templates at least one memory for storing data, at least one processor, a "real time" processing layer of the data stream and a service layer, said layers being connected by a communication means, each of the layers comprising less hardware and software implementing a micro-service running on the hardware computer hardware processor that to respectively enable to verify and / or control in real time the flow of data and to manage in the service layer the processed data, resulting from the "real time” processing, said self-adaptive architecture being characterized in that it comprises also
  • an output of the "real-time” layer is connected to the input of the on-line training set and the output of the training set is connected to an input of the processing layer.
  • "Real time” to form a loop learning structure.
  • the on-line learning package includes micro-services, each in charge of re-training fraud control models deployed in the "real-time” processing layer, and a redeployment system for redeploying automatically.
  • the fraud control models retrained and updated in the microservices of the "real-time” processing layer in charge of their use.
  • the "real-time" processing layer includes a configuration server for continuously updating the parameters of the fraud control models managed by the micro-services of said processing layer in "real time”.
  • the redeployment system of the on-line training set comprises a central service capable of receiving a notification from a micro-service of said training set when a model has been re-trained, said service central in turn notifying the micro-services of the "real-time" processing layer which are concerned by the update of the parameters, via a REST API which will reload the parameters in the configuration server of the processing layer in " real time ", said server then distributing the parameters to the micro-services concerned.
  • the structuring of the self-adapting architecture into micro-services, communicating with each other by passing messages makes it possible to split the data flow processing chain, into a given number N of micro-services, said number N corresponding to the number of types of processing to be performed to respond to a given request, and to multiply the number of instances of a given type of service to allow scalability and ensure continuity of service in the event that a instance is interrupted to perform a given configuration.
  • the fraud detection system also includes a new development environment. control models and / or fraud verification of the data flow in the production environment.
  • the development environment comprises a hardware hardware architecture and deployment software composed of at least one modeling engine for developing and testing the control models, said modeling engine being connected to a distributed computing engine "Map / reduce” configured to load production data into the development environment and enable "real-time” evaluation of new control models and, a data flow deployer in charge of deploying models in the production environment.
  • a hardware hardware architecture and deployment software composed of at least one modeling engine for developing and testing the control models, said modeling engine being connected to a distributed computing engine "Map / reduce” configured to load production data into the development environment and enable "real-time” evaluation of new control models and, a data flow deployer in charge of deploying models in the production environment.
  • the data flow deployer uses a descriptive file of the data flows stored in the data lake to orchestrate the different micro-services of the platform.
  • the deployment of fraud control data patterns is provided through a code repository controller that queries the modeling engine against certain code repositories to detect changes to the stream.
  • any continuous deployment of control models and algorithms, from the development environment, in the production environment is supervised by a person.
  • the data redeployment system includes means for implementing and configuring an online learning set based on the data analysis model.
  • the fraud detection system includes a control device for analyzing information emitted by the "real-time" processing layer and containing dated events relating to fraud cases, and activating an alarm signal. if fraudulent data is detected to alert an administrator or supervisor of the attempted fraud.
  • the fraud detection system is used for the securing of sensitive data in a service system comprising at least one database and at least one request processing platform associated with the sensitive data, said system for detecting sensitive data. fraud playing the role of secure interface between the database and the query processing platform.
  • FIG. 1 represents the diagram of the structure of the fraud detection system in one embodiment
  • FIG. 2 represents the diagram of the use of the structure of the fraud detection system in a system comprising a database and a request processing platform associated with sensitive data, according to one embodiment
  • FIGS. 3a and 3b respectively represent the schemas of the structure of the platform of the fraud detection system and the development environment of the platform, according to one embodiment
  • FIGS. 4a and 4b respectively represent the diagrams of the structure of the production environment of the platform and of the layer "real-time” processing and the training set, according to one embodiment
  • the present invention relates to a system (1, Figure 1) for detecting a fraudulent action in a data stream.
  • the system (1) for detecting fraud in a data stream comprises at least one data lake (4) for storing large volumes of data with variable structures, in the form of a database distributed, for various uses and analyzes, a platform (10) that contains at least one production environment (3, FIG. 4a) comprising at least one self-adaptive hardware and software architecture comprising a plurality of stored fraud control templates, an engine for testing and updating fraud control models, at least one memory for storing data, at least one processor, a layer (31, FIGS. 1, 2 and 4a, for example) for processing in "time" the data stream and a service layer (33), said layers being connected by a communication means, each of the layers comprising at least hardware and software implementing a micro-service.
  • said self-adaptive architecture being characterized in that it also comprises an on-line training set (32) connected to the "real-time” processing layer (31) to re-train and update real-time models fraud control stored in the "real-time” processing layer (31). It will thus be understood that the data processed by the "real time” processing layer (31) are copied into the online learning set (32) to perform a retraining (or relearning) of the control models that govern the detection of fraud in the processing layer in "real time”.
  • the structure (32) or training set and the processing layer (31) in "real time” are connected to form a loop.
  • the fraud control system is not exclusive to the detection of bank fraud, which is only a particular case of fraud, but generally relates to the detection of fraud in a data stream.
  • the data may, for example and without limitation, be related to an industrial process, for example in the control of machines or a nuclear reactor.
  • fraud any action to steal sensitive information or data and / or to falsify such information or data during a transaction or transit through the data stream.
  • transaction is meant, in a general manner, an exchange of information or data between two entities, for example and in a non-limiting manner, a user and a service provider (energy supplier, etc.) or equipment , a factory producing electric motors and a plant using said engines in machines.
  • the lake (4) of data is the repository or system where data are stored, for example and in a nonlimiting manner from a database.
  • Different sources for example and without limitation a telephone, a payment terminal or a bank continuously transmit a data stream to the platform (10) of the fraud detection system which then proceeds to the processing, the flow of data. each source, to check whether said stream contains fraudulent data or not. In the case where fraudulent data are detected, the event is dated and contained in information transmitted by the processing layer (31) in "real time".
  • Said information is then transferred to a control device which activates an alarm signal which may be, for example and without limitation, a sound or a message, to warn an administrator or supervisor of an attempted fraud.
  • an alarm signal which may be, for example and without limitation, a sound or a message, to warn an administrator or supervisor of an attempted fraud.
  • the data is transferred for operation.
  • the hardware hardware architecture of the self-adaptive architecture comprises at least one distributed computing engine, preferably a computing cluster.
  • Distributed computing consists of starting a calculation or a process on several processors of a computer hardware architecture, for example a central computer unit. Independent instructions can thus be processed in parallel by the different microprocessors.
  • the data is processed in real time in the production environment (3) of the self-adaptive architecture and more precisely in the "real-time" layer.
  • the micro-services (m) of said layer see for example FIG. 4b, are small-sized autonomous functional applications with a functional perimeter (that is to say the complete list of functionalities and their exhaustive description) delimited.
  • the micro services communicate with each other by exchanging data or messages via a message queue system, preferably an MQ type of messaging middleware (for "message queue" in English).
  • Messaging middleware can be with or without a broker.
  • MQ middleware with broker to translate a message of the formal messaging protocol of the micro-service sender to the formal messaging protocol of the recipient micro-service of said message.
  • the message is transmitted from one micro-service to another without translation of said message.
  • the format of the messages exchanged between the micro-services is independent of the different formal messaging protocols of the micro-services, in order to allow the interpretation of said messages by the messaging protocols of said micro-services, and this, whatever the language used by these microservices.
  • the formats JSON Notation Object derived from JavaScript
  • XML extensible markup language
  • a programming interface for example and in a nonlimiting manner a REST API, is used in the architecture for the orchestration of micro-services and for the support functions.
  • the support functions which are also micro-services, are functions implemented for the proper functioning of the control platform (10), for example and without limitation the configuration update or the updating of the control model settings. These support functions meet the non-functional needs of the platform and do not implement a given functional perimeter.
  • Non-functional need means any need for the proper functioning of the platform.
  • the REST (Representational State Transfer) -based REST API is suitable for distributed data systems.
  • the server sends a response that gives information on the propensity of this response to be cached, such as freshness, its creation date, if it should be kept in the future. This allows clients to not make unnecessary queries and also to improve the extensibility of the servers;
  • code on demand code-on-demand
  • clients have the possibility of executing scripts obtained from the server. This makes it possible to avoid processing only on the server side and thus enables the customer's functionalities to evolve over time.
  • micro-services (m) makes it possible to cutting the data flow processing chain into a given number N of micro-services (m), said number N corresponding to the number of types of processing to be performed to respond to a request.
  • N corresponding to the number of types of processing to be performed to respond to a request.
  • the type of processing to be performed relates to the calculation of aggregates on transactions of a cardholder over the last twenty-four hours in a type of merchant
  • a single micro-service (m ) is used to perform the calculation. If one wishes to calculate the aggregates over the last forty-eight hours, then a second microservice is put to contribution.
  • This micro-services architecture (m) based on the passage of messages, makes it possible to multiply the number of instances of a given type of service to allow in particular the scaling up, in the case where one wishes to interrupt an instance, that is to say the interruption of the flow of data towards said instance, to perform a given configuration, for example to reload its parameters.
  • micro-services architecture we mean a software architecture from which a complex set of applications is broken down into several independent and weakly coupled processes, called micro-services (m) and communicating with each other via a message system, by example an API.
  • Service instance refers to a fraud control or data analysis or calculation model.
  • Each micro-service is particularly, at least, in charge of the start-up and operation (for example the support functions) of at least one fraud control model or program.
  • Model learning or training involves estimating the parameters to correctly describe a process based on input data.
  • the parameter to be estimated may be the weight or coefficient of the variables or input data.
  • the weight of a variable or input data defined by a real value, determines the importance of the variable or data input: the larger the weight of the variable or data, the more variable or input data is influential in the description of the process.
  • Random forests are sets of decision trees, each tree being distinguished from the others by the subsample of data, from the data stream from, for example, a bank terminal or any other source and on which it is driven.
  • a decision tree or decision tree is a structure for predicting values taken by a variable based on a set of variables called variables or input data.
  • the decision tree is in the form of a hierarchy of which each element is called node, the initial node being called root.
  • Each node corresponds to a decision as to the value of the variable to be predicted, for example the weight of a data item in the fraud detection, the decision being taken according to the value of the input data.
  • an estimate of the important parameters for fraud detection in the case of the random forest model then consists, for example, in averaging the estimates from the different decision trees.
  • the model of the neural network can be used.
  • Neural networks implement the principle of induction, that is to say by experience. By confronting with specific situations, a neural network will infer an integrated decision system whose generic character is a function of the number of learning cases encountered and their complexity in relation to the complexity of the problem encountered. Neural networks play an important role in several areas ranging from the classification of animal species or physical phenomena to the improvement of teaching techniques and the recognition of patterns in image processing. In particular, neural networks are widely used in the treatment of problems of a statistical nature, that is problems involving the processing of a very large number of data. For example, and without limitation, neural networks can help in making decisions about a stock purchase.
  • the neural network consists of a structure called a formal neuron.
  • the formal neuron is designed as a controller with at least one input, one output, and one transfer function that transforms the input data into output data according to specific rules. For example and in a nonlimiting manner, a neuron can sum the input data, compare the resulting sum with a threshold value, and respond by emitting a signal if this sum is greater than or equal to this threshold.
  • the input data for example from the terminals, are considered input variables and arrive at the node, each with a given weight called connection weight or synaptic coefficient. This coefficient is an important parameter in the description of the efficiency of signal transmission from one neuron to another.
  • the learning phase in the case of a model based on neural networks will consist, for example, in determining the synaptic weights to obtain optimal efficiency.
  • the neural network is able to detect fraud according to the rules defining the criteria of fraud. If the neural network works with real numbers, the answer translates a probability of certainty. For example and in a non-limiting manner, if the process consists in determining whether a data entered by a user is fraudulent, the result of the neural network can be: 1 for "the data entered by the user is fraudulent", 0 for " the data is not fraudulent "or 0.7 for” the data is almost certainly fraudulent ", in which case the model can be re-trained to be more precise.
  • the expert rule template can be used for fraud detection.
  • the model uses a database of facts, essentially consisting of events relating to cases of fraud already encountered for example, and a rule base for reasoning to produce new facts or events until the fraud is detected.
  • the model used for fraud detection is the graph exploration model.
  • a graph is a network or set of nodes, called vertices, connected to each other by at least one segment (called an edge) or an arrow (called an arc).
  • An edge For example, a decision tree is a special case of a graph.
  • the input data stream is distributed over all the nodes of the graph.
  • the exploration of the graph then consists of passing the graph through the data by applying the weight of each edge or arc as well as the activation functions, for example the sigmoidal functions associated with each node.
  • the node activation function makes the weighted sum of the input data and returns the output result.
  • the exploration of the nodes is done step by step from an initial node by means of an algorithm in order to find patterns or characteristics according to predetermined criteria and to extract the maximum of knowledge to detect them. fraud.
  • the processed data which does not contain fraudulent information is then stored in at least one memory of the service layer (33) before being transferred for operation.
  • an output of the "real-time” layer (31) is connected to the input of the on-line training set (32) and the output of the training set (32) is connected to an input of the processing layer (31) in "real time” to form a loop learning structure, as shown in Figures 1, 2 or 4a for example.
  • the use of a loop structure in the autoadaptative architecture allows control models to be adapted to real-time data flows and effectively reduces the risk that a model managed by a micro-service ( m) given is not adapted to control the data contained in said stream. Such a situation may make the system (1) more vulnerable to fraud.
  • a loop structure in such an architecture comprising micro-services may make it vulnerable to fraud control in the data streams transmitted in real time, because of the absence training and updating models.
  • the autoadaptive architecture thus offers an advantage compared to a "lambda-architecture" type of architecture. Indeed a "lambda-architecture", like the auto-adaptive architecture, allows massive data processing and consists of three layers.
  • Said architecture comprises a "real time” processing layer, a service layer and a “batch processing” layer.
  • the "batch processing” layer generally connected to a data lake and the service layer, plays the same role as the control pattern learning set (32) except that models is not done in real time.
  • the models are indeed reparametered or replaced once during a defined period, for example and without limitation once a day or once a month as needed.
  • the data on which these models have been parameterized is therefore not updated continuously. This is a disadvantage when one wants, in real time, adapt the control models to changes in the information contained in the data stream, to prevent fraudulent action.
  • the on-line training set (32) comprises micro-services (m), as shown in FIG.
  • the redeployment system (320) comprises a central service that receives a notification from a micro-service, included in the training set (32) and is in charge of driving a control model, when said model has been retrained.
  • the central service of the redeployment system (320) in turn notifies the micro-services (m) of the "real-time” processing layer (32) which are concerned, by updating the parameters, via a REST API which will reload the parameters into a configuration server (310) included in the "real-time” processing layer. Said server (310) will then distribute the parameters to the microservices (m) concerned.
  • the parameters of the fraud control models managed by the micro-services (m) of the "real-time” processing layer (31) are thus continuously updated by the configuration server (310).
  • the data redeployment system (320) further includes means for implementing and configuring an online learning set (32) based on the data analysis model.
  • the system (320) activates a program whose implementation on a computer hardware architecture processor allows to cut and configure two learning subsets, each composed of the micro-services (m) of the main learning set, the microservices (m) being in charge either of the learning of the model of random forests or learning the model of the neural network.
  • the fraud detection system (1) also includes an environment (2) for real-time development of new control models and / or fraud verification of the data flow in the environment (3) of production.
  • the development environment is separate from the production environment. This configuration, even if it allows to secure the system, lacks responsiveness. Indeed, the data used to test the fraud control models are not updated continuously, it is then not excluded that at least one model developed in the environment (2) fails to takes into account certain criteria to detect any fraud, once it is used in the environment (3) of production.
  • the development environment (2) of the present invention thus makes it possible to have a system that is secure and responsive to changes in the data stream, as will be seen in the following description.
  • the development environment (2) comprises a hardware and software deployment architecture consisting of at least one modeling engine (21) for developing and testing the control models, said engine (21) for modeling being connected to a distributed map / reduce engine (20) configured to load production data into the development environment (2) and allow time evaluation real new control models; and a data flow deployer (22) in charge of deploying the models in the data stream supported in the production environment (3).
  • the distributed computing engine "map / reduce” comprises at least one computer hardware cutting unit for cutting the stream of data read in small volumes and distribute them in a first series of computer hardware units able to perform parallel calculations .
  • Each calculation unit of the first series implements a function called "map" which consists of sending the data read as input pairs (key, value).
  • a key is an element included in the data. For example and without limitation, if the data consists of a sentence, the words that make up the sentence can be defined as keys.
  • the value, for its part, is a number, for example 1 or 2. It can be used to define the amount of element that composes a key, for example.
  • the pairs (key, value) have been sent, they are transferred to a second series of computer hardware units of parallel computation.
  • the calculation units of this second series then implement a so-called "reduce” function which consists in grouping the pairs having identical keys and storing them in a memory.
  • the data is then loaded from said memory into the modeling engine, for the development of calculation models in functions of the pairs (key, value).
  • the data flow deployer (22) uses a data flow descriptive file, stored in the data lake, to orchestrate the various microservices of the platform (10).
  • a data stream is loaded into the data lake, from a database for example, the information relating to the data flow is automatically entered in the descriptive file of said data stream and their address, c ' that is, the processing layer where said data is to be conveyed.
  • the deployer (22) reads the different addresses entered in the descriptive file and transfers the data in the corresponding micro-services.
  • the deployment of fraud control data patterns is provided through a code repository controller that queries the modeling engine (21) against certain code repositories to detect changes made to them. to the flow.
  • any continuous deployment of control models and algorithms, derived from the development environment (2), in the production environment (3) may be supervised by a person according to the use case of the detection system (1). This action can be performed to prevent a model or malicious code is introduced into the environment (3) of production.
  • the detection system (1) when used for the control of information relating to a bank card and its user, the control process can take place within the framework of a security standard.
  • a security standard such as the PCI DSS (Payment Card Industry Security Standard) standard.
  • PCI DSS Payment Card Industry Security Standard
  • a supervisor can, in this context, perform a check templates or control codes to detect any attempt to change the information relating to a particular user, for example.
  • the fraud detection system (1) for securing sensitive data in a service system (5) comprising at least one data base (52) and at least one data processing platform (53). queries associated with the sensitive data, said fraud detection system (1) acting as a secure interface between the database (52) of the data and the request processing platform (53).
  • the system (5) of services may comprise a client interface (50) by means of a client enters data to access a particular service included in a service platform (51).
  • the data entered by the customer is stored in a database (52) of data and then transferred to the data lake (4) of the fraud detection system (1).
  • the data is then routed to the "real time" processing layer (31) for analysis.
  • the alarm device of the detection system (1) sends a signal to a supervisor to inform him of the attempted fraud. If, on the contrary, the data are not fraudulent, the result of the request is transferred to the service layer (33).
  • the request processing platform (53) of the service system (5) makes a call of the result and processes the client request.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Computer Security & Cryptography (AREA)
  • Debugging And Monitoring (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)
EP17791591.5A 2016-10-07 2017-10-09 Système de détection de fraude dans un flux de données Pending EP3523772A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1659717A FR3057378B1 (fr) 2016-10-07 2016-10-07 Systeme de detection de fraude dans un flux de donnees
PCT/EP2017/075688 WO2018065629A1 (fr) 2016-10-07 2017-10-09 Système de détection de fraude dans un flux de données

Publications (1)

Publication Number Publication Date
EP3523772A1 true EP3523772A1 (fr) 2019-08-14

Family

ID=57796512

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17791591.5A Pending EP3523772A1 (fr) 2016-10-07 2017-10-09 Système de détection de fraude dans un flux de données

Country Status (4)

Country Link
EP (1) EP3523772A1 (zh)
CN (1) CN110036404A (zh)
FR (1) FR3057378B1 (zh)
WO (1) WO2018065629A1 (zh)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11062315B2 (en) 2018-04-25 2021-07-13 At&T Intellectual Property I, L.P. Fraud as a service
US11477220B2 (en) * 2019-05-13 2022-10-18 Feedzai—Consultadoria e Inovação Tecnológica, S.A. Adaptive threshold estimation for streaming data
FR3099614B1 (fr) * 2019-08-01 2021-10-01 Worldline Mécanisme de détection de fraudes dans un environnement antagoniste
FR3104866B1 (fr) * 2019-12-13 2023-11-24 Accumulateurs Fixes Plateforme de services pour les systèmes de contrôle-commande industriels et son procédé d’utilisation.
CN111813721B (zh) * 2020-07-15 2022-09-09 深圳鲲云信息科技有限公司 神经网络数据处理方法、装置、设备及存储介质
CN112422576A (zh) * 2020-11-24 2021-02-26 北京数美时代科技有限公司 支持实时反欺诈业务的分层在线架构装置、设备
CN114035887A (zh) * 2021-10-13 2022-02-11 北京能科瑞元数字技术有限公司 基于容器技术的微服务一站式管控平台

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2001249276A2 (en) * 2000-03-24 2001-10-08 Access Business Group International Llc System and method for detecting fraudulent transactions
US7089592B2 (en) * 2001-03-15 2006-08-08 Brighterion, Inc. Systems and methods for dynamic detection and prevention of electronic fraud
US8676726B2 (en) * 2010-12-30 2014-03-18 Fair Isaac Corporation Automatic variable creation for adaptive analytical models
CN103714479A (zh) * 2012-10-09 2014-04-09 四川欧润特软件科技有限公司 银行个人业务欺诈行为实时智能化集中监控的方法和系统
RU2599943C2 (ru) * 2015-02-20 2016-10-20 Закрытое акционерное общество "Лаборатория Касперского" Способ оптимизации системы обнаружения мошеннических транзакций

Also Published As

Publication number Publication date
FR3057378B1 (fr) 2022-03-18
WO2018065629A1 (fr) 2018-04-12
FR3057378A1 (fr) 2018-04-13
CN110036404A (zh) 2019-07-19

Similar Documents

Publication Publication Date Title
WO2018065629A1 (fr) Système de détection de fraude dans un flux de données
US10346211B2 (en) Automated transition from non-neuromorphic to neuromorphic processing
US20210273958A1 (en) Multi-stage anomaly detection for process chains in multi-host environments
US10095552B2 (en) Automated transfer of objects among federated areas
CN110663030A (zh) 用于处理极端数据的边缘设备、系统和方法
US20190340614A1 (en) Cognitive methodology for sequence of events patterns in fraud detection using petri-net models
WO2021152262A1 (fr) Procede de surveillance de donnees echangees sur un reseau et dispositif de detection d'intrusions
WO2023109483A1 (en) Defending deep generative models against adversarial attacks
Fadi et al. A survey on blockchain and artificial intelligence technologies for enhancing security and privacy in smart environments
JP2023511514A (ja) ニューラル・フロー・アテステーション
WO2019106186A1 (fr) Plate-forme de tracabilite securisee de donnees
Gilbert Artificial intelligence for autonomous networks
US11487650B2 (en) Diagnosing anomalies detected by black-box machine learning models
Mishra et al. Blockchain and IoT based infrastructure for secure smart city using deep learning algorithm with dingo optimization
US20220358030A1 (en) Blockchain System for Source Code Testing and Script Generation with Artificial Intelligence
US20210383194A1 (en) Using negative evidence to predict event datasets
Ali et al. ICS-IDS: application of big data analysis in AI-based intrusion detection systems to identify cyberattacks in ICS networks
US11295177B2 (en) Ensemble weak support vector machines
AU2021218217A1 (en) Systems and methods for preventative monitoring using AI learning of outcomes and responses from previous experience.
Karthikeyan et al. Retracted: An efficient stacking model with SRPF classifier technique for intrusion detection system
Perwej A Potent Technique for Identifying Fake Accounts on Social Platforms
US20230315842A1 (en) Dynamically blocking credential attacks using identity intelligence
US20240193612A1 (en) Actionable insights for resource transfers
US20220358031A1 (en) Blockchain System for Source Code Testing and Script Generation with Artificial Intelligence
Stavast Prediction of energy consumption using historical data and twitter

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190409

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

RIN1 Information on inventor provided before grant (corrected)

Inventor name: CALOUD, JORIS

Inventor name: CAELEN, OLIVIER

Inventor name: CHARY, TITOUAN

Inventor name: MAZZER, YANNIS

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20210630

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230527