KR20180060005A - Security System for Cloud Computing Service - Google Patents

Abstract

The present invention proposes a P2P mediating security system for supporting personal information protection in cloud environment. The P2P mediating security system can monitor financial illegality risk in real time as well as protect personal financial information in cloud environment, can apply a block chain application method for distributed ledger management as well as detect a risk by using data mining, deep learning, statistics, SVM, and HMM techniques, analyze a type of insolvency, and predict scoring model statistics, and can realize Hybrid-FRM combining FRM and FDS for enhancing pre-regulation and post-security. The P2P mediating security system comprises: a big-data analysis engine; a business layer; business security analysis layers; a digital forensic layer; and a P2P block chain manager.

Description

[0002] Security system for Cloud Computing Service (P2P)

The present invention relates to a P2P brokerage security system that supports personal information protection in a cloud environment, and more particularly, to a system and method for protecting personal financial information in a cloud environment, monitoring and monitoring financial irregularity risks in real time, In addition to application of block-chain application techniques, it also uses data mining, deep learning, statistics, SVM, and HMM to detect risk, And a P2P mediation security system that supports personal information protection in a cloud environment capable of implementing Hybird-FRM in which FDS is mixed.

Traditionally, traditional lending transactions are forms in which a financial institution receives deposits from customers as intermediaries and provides them to those who need to make loans. In this process, the depositors have been limited to financing intermediaries and are also allowed to use various financial companies such as securities firms and credit card companies. As a result, banks have to raise loans at a higher cost than in the past. In particular, The risk management system has been strengthened, making it difficult for low-income people with low credit ratings to receive loans.

At this time, various forms of financial services using IT technology began to emerge in the financial industry. In particular, a new form of financing, called Crowdfunding, began to attract attention. Cloud funding is a public funding scheme that recruits funds from the public through the Internet and funds that the public invests in are fundraising schemes that return returns in the form of donations or products or services to be produced in the future, .

Meanwhile, the P2P loan business, a new form of fundraising, in which peer-to-peer lending takes place through an online platform, has been growing rapidly, attracting worldwide attention. In the case of such P2P lending business, it can be defined as loan type which is one of various types of cloud funding.

Such P2P loans are conducted in a way that borrowers, P2P loan platforms, and borrowers participate in the market. Through the P2P loan platform, the borrower registers the desired amount, the interest rate and the repayment period, and the investor registers the appropriate loan interest rate and loan amount for the individual borrowing application. The P2P lending platform receives brokerage fees by intermediating the investors and borrowers who supply funds online, intermediates the borrowers and investors, and utilizes a credit rating company or Social Network Service (SNS) Evaluation is carried out. In this way, borrowers who can not be traded are identified, and selected borrowers are linked to individuals who have mutual interests with investors.

Such P2P lending has advantages in terms of profitability, promptness, and convenience. In terms of profitability, unlike existing financial companies, most of the transactions are made via the Internet, so offline sales network and manpower are not required. Relatively low transaction costs will reduce the margin of margin, which will provide low-interest loans to borrowers and high interest rates to investors. There is an advantage. In addition, the risk is lowered because the investor does not fully support the investment to a specific lender but distributes the investment to multiple lenders. In addition, since it is a form of competitive bidding through the Internet in terms of promptness, it is possible for investors to review quickly compared to existing financial support institutions. In addition, since it is unsecured and unsecured, it is advantageous in that it can receive the loan more quickly and easily than the loan examination period of the general financial company which takes a long time in document review.

However, in spite of many advantages as mentioned above, P2P loan system has a problem of information asymmetry about personal credit information, and there is a possibility that the problem of moral hazard and the bad rate increase. For example, the UK sophistication and the success of US prosperity are due to loan broking based on an accurate assessment of the borrower's credit, but the credit rating of a domestic credit rating agency may not be sufficient to identify the borrower's exact creditworthiness. Therefore, it is necessary to overcome the problem of information asymmetry by sharing credit information with financial companies and developing automated processes based on statistical data. In addition, it seems to be one of the important things to note that IT-based lending transactions may be vulnerable to security.

In particular, the conventional P2P lending system is constantly experiencing illegal leakage or exposure to carelessness in a company that collects and manages personal information, and sensitive personal information may cause direct economic damage to an individual, There is a problem that leads to a decline in sales due to the loss of civil and criminal liability for a company that has been leaked or exposed, as well as a fall in the external image.

Registered Patent Registration No. 10-1321408 (Title: Cloud-based SaaS-type security service providing system and method for protecting personal information) Date of Notification: October 23, 2013 Open No. 10-2016-0091188 entitled "Personal Information Management Method and System in Peer-to-Peer Banking Credit Rating Evaluation Using Big Data Analysis." Published Date: August 02, 2016 Published Patent Publication No. 10-2013-0093806 (Title: System and method for notifying personal information leakage in a cloud computing environment. Published date: Aug. 23, 2013) Registered Patent Publication No. 10-1528785 (Title of the invention: Personal information protection system and method based on consent of the owner of the personal information. Date of announcement: June 15, 2015)

Disclosure of Invention Technical Problem [10] Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and an object of the present invention is to provide a P2P brokerage security system that supports personal information protection in a cloud environment, The purpose is to provide.

The present invention provides a P2P mediation security system that supports personal information protection in a cloud environment that can detect the risk and analyze the failure type using data mining, deep learning, statistics, SVM, HMM It has its purpose.

The present invention aims to provide a P2P mediation security system that supports personal information protection in a cloud environment that can implement Hybird-FRM that combines FRM and FDS for pre-regulation and post-security enhancement.

The P2P mediation security system supporting personal information protection in the cloud environment according to the present invention supports the development of an evaluation model through various pattern analysis methods such as data mining, statistics, SVM, and HMM, and real-time risk detection using a deep learning technique And Big-Data Analysis Engine supporting insolvency type analysis tools; Business Layer that supports the rating service of business models such as personal credit rating, real estate collateral, and bad debts and provides API module and interface of pin tech service such as loan management, credit management, management, post management, and litigation preservation; Through the digital forensics, FRM, and FDS for personal information protection of the business layer PINTECH service, real-time monitoring and monitoring of financial irregularity risks are analyzed, the correlation is analyzed through statistical analysis method, and the risk of insolvency and risk is judged , Business Security Analysis Layers that performs preliminary detection of fraudulent transactions through reinterpretation; A business event log that protects the personal information of the Business Layer and Business Security Analysis Layers, and a Digital Forensic Layer that distributes and stores cloud-based data using a 'data key'. And a P2P Block Chain Manager that supports encryption of asymmetric passwords and transaction details when processing transaction details in a public transaction ledger among interested parties when a transaction such as money transfer or settlement occurs through firm banking occurring in the Business Layer .

The P2P mediation security system supporting personal information protection in the cloud environment according to the embodiment of the present invention achieves many effects as follows.

First, the present invention can enhance the protection of personal financial information through distributed processing technology such as identification and non-identification, index, and P2P mediation platform in a cloud environment, and develops various service business models, The analysis of fraud risk management and abnormal financial transaction detection system can be applied to prevent accidents and enhance the detection function.

Second, the present invention can confirm the mutual correspondence through the encryption technique, enhance the transparency in the data efficiency and transaction settlement and processing process through the distributed recording, (Risk management), bond management, and so on, through the analysis of the search pattern through the history information of various sections.

Third, the present invention can predict, evaluate and verify pre- and post-default non-performing loans through systematic management and pattern type analysis, verification, and demonstration through risk management and bond management. As a result, the actual ripple effect on the risk management of the FinTech financial market is expected to be enormous.

Fourth, the present invention is expected to make it difficult for foreign companies to enter the domestic market in a short period of time, but if it is realized, it will have a significant impact on the domestic financial market. Therefore, the system of the present invention for protecting personal information in a cloud environment having the advantages of efficiency, low cost, information and security can reduce the impact of the PinTech market.

Fifthly, the present invention can enhance the information and security of an individual or an enterprise, utilize it as a litigation (evidence) data in case of financial accidents and legal disputes, And financial statements and asset management of enterprises can be operated more efficiently and stably.

Sixth, according to the present invention, Youngseong PinTech company can easily use PinTech service with inherent security and can expand to the overall business of PinTech by providing specialized service.

FIG. 1 is a diagram illustrating a business model of a P2P mediating platform service according to a preferred embodiment of the present invention.
FIG. 2 is a diagram specifically showing a technical configuration of the P2P mediation platform shown in FIG. 1; FIG.
FIG. 3 is a diagram illustrating a technical configuration of a P2P mediation platform architecture according to the present invention in detail. FIG.
FIG. 4 is a diagram illustrating a procedure for preparing forensic preparation for a P2P mediation system in a laaS environment according to the present invention. FIG.
FIG. 5 is a diagram showing the overall data structure of a Mongo DB according to the present invention. FIG.
FIG. 6 is a diagram illustrating a technology configuration of a Security ETL Layer according to the present invention; FIG.
FIG. 7 is a view showing a method for developing a real-time risk detection and monitoring tool through the Big Data Analysis Engine shown in FIG.
FIG. 8 is a diagram showing a block chain structure and a transaction process in the P2P Block Chain Manager shown in FIG. 3. FIG.
FIGS. 9A and 9B are views showing a comparison between a centralized system and a block-chain-based system in the P2P Block Chain Manager shown in FIG.
FIG. 10 is a flowchart showing a P2P firm banking according to the present invention; FIG.
11 is a diagram illustrating a block chain formation of each node in a cloud server according to the present invention.
FIG. 12 is a view showing a transaction chain (distribution ledger) block chain process of a P2P brokerage system according to the present invention; FIG.
13 is a diagram showing a technical configuration of a pin tech service according to the present invention.
FIG. 14 is a flowchart illustrating a personal rating service according to the present invention; FIG.
FIG. 15 is a diagram illustrating a design and research method of a non-performing loan (NPL) rating model according to the present invention. FIG.

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In the following detailed description, one exemplary embodiment of the present invention will be described in order to accomplish the above-mentioned technical problems. And other embodiments which may be presented by the present invention are replaced by descriptions in the constitution of the present invention.

The present invention intends to implement a P2P mediation security system that supports personal information protection in a cloud environment, and will be described in detail below with reference to the drawings.

FIG. 1 is a diagram illustrating a P2P mediation platform service business model according to an exemplary embodiment of the present invention, and FIG. 2 is a diagram illustrating a technical configuration of the P2P mediation platform shown in FIG.

Referring to FIG. 1 and FIG. 2, the P2P mediation platform according to the present invention includes a financial institution, a CB company, a communication company, and other legacy data collected through a security ETL layer of a cloud (IaaS) (Forensic preparedness) + FRM (fraud risk management) + FDS (abnormal financial transaction detection system)}, distributed ledger (block chain), log (system) ㆍ Web) has a technical feature that extracts variables (metrics) for pattern type analysis items of Big-Data Analysis Engine and provides formats that meet requirements.

The above-mentioned Big-Data Analysis Engine sets up monitoring monitoring events that can predict and manage personal infringement accidents and corporation injustices (for example, embezzlement or type) as items, and provides proofs of complaints and lawsuits Item. In addition, it supports real-time risk detection and insolvency type analysis model through various types of statistical analysis such as data analysis, data mining, SVM, HMM, and time series analysis.

In addition, the business layer shown in FIG. 2 supports the rating service of a business model (for example, personal credit rating, real estate collateral, NPL). In this business model, the grades and exceptions of existing credit information providers, SNS, public institution information (for example, the National Tax Service or the four major insurance companies) through personal credit ratings (ASS, BSS) To verify the reliability of the credit rating. (Evaluation model) of the amount of evaluation (purchases / sales) and recovery rate through evaluation of the value of other real estate mortgage loans and the evaluation of bonds against non-performing loans.

Such a business layer provides API modules and interfaces for FinTech services (loan management, credit management, management, post management, litigation maintenance, etc.). In addition, it can reduce the risk of the company through asset quality assessment, asset evaluation and bad debt evaluation through post management (risk management, etc.) support, and can increase the profit and loss of the enterprise through systematic delinquency management and bond management . In addition, standard API modules and interfaces support the development of efficiency, consistency, flexibility, and context-sensitive applications, thereby reducing development costs and time to market.

Business Security Analysis Layers enables Hyundai-FRM that combines digital forensics (forensic readiness), FRM, and FDS for personal information protection of business layer's pin-tec service, real-time monitoring of financial irregularity risks, It is possible to analyze the correlation through statistical analysis methods such as consistency analysis, to detect the risk of insolvency and risk, to detect the illegal transaction behavior through reinterpretation, and to detect the transaction data To improve prediction and accuracy of normal behavior.

Digital Forensic Layer can efficiently store and distribute cloud-based data (regular and irregular) using "Data key" and business event log that can protect personal information of Business Layer and Business Security Analysis Layers. In addition, by storing all event data, log (system ㆍ web), and identification information, important factor values, and cryptographically processed data in the P2P brokerage system, it is possible to obtain information leakage and reliability to users .

P2P Block Chain Manager handles the transactions of public transactions between interested parties (P2P service providers, banks, borrowers / investors, P2P brokerage service users, etc.) Asymmetric ciphers and encryption of transaction details (block chain). (For example, a user authentication number, a product code, a transaction code, and a transaction history), which are key technologies of the block chain, such as elliptic curve encryption, RSA (Rivest Shamir Adleman), job proof, block chain header (timestamp, hash value, Amount, date of occurrence, sender, bank code, processor, sender / receiver, terminal information, etc.).

FIG. 3 is a diagram illustrating a technical configuration of a P2P mediation platform architecture according to the present invention, and FIG. 4 is a diagram illustrating a procedure for preparing forensic preparation for a P2P mediation system in a laaS environment.

Referring to FIGS. 3 and 4, the Business Layer includes a business service such as a PIN tech service (for example, loan management, credit management, management (i.e., accounting), post-management (e.g., risk, delinquency, The Business Security Analysis Layer is a Hybrid-FRM that combines FRM and FDS for pre-regulatory and post-management. Supports core components and interfaces, and supports business models such as loan, real estate, and NPL.

In addition, the Digital Forensic Layer collects collected data for various types of malfunctions and fraud such as distributed data storage by type using "Data key", cloud-based efficient management support, system and web log collection, and prediction of fraud . The Big-Data Analysis Engine supports the development of evaluation models through various pattern analysis methods such as data mining, statistics, SVM, and HMM, and supports real-time risk detection and failure type analysis tools using deep learning techniques. P2P Block Chain Manager supports the distributed branch (block chain) processing technology of transaction details such as settlement-payment, remittance, and bank banking and application technology of block chain (for example, RSA, elliptic curve encryption, etc.) Security ETL Layer is a format that can analyze, verify and distribute block variables such as variable preparation and forensic preparation, block chain (distributed policy), and log data for pattern types for preprocessing and demonstration exceptions. (DB, Document).

As described above, the P2P mediating platform according to the present invention has advantages such as ease of information sharing, minimization of place constraints, efficient use of storage space, and stores personal information using the distributed file system of the cloud computing environment (laaS) Or when the information is exposed or leaked, personal information can be minimally secured by the characteristics of the distributed structure. In addition, network, system and virtualization to protect personal information in cloud environment, storage and management of user distributed data (Mongo DB, Oracle DB), user authentication, block chain (encryption) Forensic preparation also has the ability to collect all business event logs such as platforms.

Meanwhile, the measurement items of the forensic preparation (evidence collection) of the P2P mediation system according to the present invention are shown in Table 1 below.

Account entry Details Business log Cloud laaS

P2P loan management ㆍ Lender and investor authentication
ㆍ Product management and investment management
ㆍ Rating management, investor profit distribution, fee management
ㆍ Loan limit management
ㆍ Accounting (daily transaction, balance by account, cancellation, correction, etc.) Audit information

System log
Timestamp
History



Weblog
User Authentication
Event Activities
Trading / Auditing




Registry
Environmental Information
DB Information Overdue management ㆍ Application for loan, date of loan, amount, number of credit, post-date Deposit (account management) ㆍ Unknown account, deposit and withdrawal, bank balance, cost
Settlement of funds ㆍ Firm banking, interest payment, loan execution, legal expenses, loan transfer account transfer details
Transaction Analysis ㆍ Bullock chain (Distributor), user authentication, electronic signature, etc.

remind Mongo DB is a document-oriented data model that is easy to apply to systems that handle unstructured data because the schema is free. It is important to solve the problem by dividing the data and distributing the nodes by solving the problem caused by the excess storage space of the storage due to the log data being collected and accumulated for a long time or the log data is rapidly increased. Although many databases provide sharding for data partitioning through distributed nodes, existing relational databases such as MySQL have a strict schema structure, which makes it difficult to divide data, and it is difficult to manage and add nodes manually. . This Mongo DB provides AutoSharding function, which allows the user or operator to easily divide data into small chunks and distribute them to multiple shards.

The method of collecting evidence data for Mongo DB is collecting data and collecting data selectively.

The entire data collection includes a single configuration environment (StandAlone method) and a distributed configuration environment (Shading configuration). The single configuration environment method is shown in Table 2 below.

option Explanation --dbpath "path" Data file location (Default: / data / db) --port port number Service Port (Default: 27017) --logpath "path" Log file location (Default: Screen output) --logappend Do not overwrite the server's rebuild log file --replSet "Replica Set Name" Works as a replication set server --shrdsvr Acts as a Shard Server --configsvr Works as a configuration server

An exemplary lookup for the single configuration environment is as follows.

Also, in the distributed configuration environment (Shading configured distributed environment) method, the shard name of the shard member, the host name or the IP address and the port of the shard member can be confirmed by inquiring the shards collection of the config DB. A lookup example of the shards collection in the config DB is as follows.

Next, the data collection method is also composed of a single configuration environment method and a distributed configuration environment method.

In the single configuration environment (StandAlone method), data collection can be performed by DB unit, Collection unit, Key unit, Specific keyword or query result unit, and is shown in Table 3 below.

utility Explanation How to use
mongodump Extract data into files in BSON (binary format of JSON) format in DB and Collection units mongodump -h
Server name or IP: Port -d DB name -c Collection name -o Path to save the result file

mongoexport Extract data from DB, Collection, key unit or specific query result to JSON, CSV format file mongoexport -h
Server name or IP: -d DB name -c Collection name -f key name (multiple keys can be separated by ',') -q {'key': 'key' ) /} -o The resulting file name --csv (if you want csv format results)
find Use when checking data db.Collection.find
({'Key': 'value'}). In this case, if you enter the exact search term to search for 'value' or use / instead of the quotation mark,

In addition, in a distributed configuration environment (Shading configured distributed environment), if you need to analyze deleted records related to specific data or collect detailed logs to understand the changes of the server, you should find the server where the target data is stored. Table 4 shows the results.

command Explanation sh.status ("verbose") You can see the name of the collection and the range of the shard key in which the data is divided, and you can see on which server the data of that range is stored.

The distributed configuration environment method is divided into a data file structure analysis and a log file analysis. In the analysis of the data file structure, the data file is divided into a file storing the meta information of the DB and a file storing the data, as shown in Table 5 below.

Data file classification shape Meta information file It is called Namespace file and it is created with the file name of "[DB name] .ns".
Data file "Save as [DB Name.number]" type file name
If the size of one file exceeds 2GB, the number of the file name increases from 0 to 1, and a new file is created

Meanwhile, the data structure analysis of the Mongo DB in the Data File structure analysis is shown in FIG. 5 and Table 6 below.

Data classification Explanation
Namespace Details It stores meta information such as location of extents used by Namespace, list of deleted records, record size, number, index related information in the form of "DB name.Collxction name". Extent and Record can be parsed to extract data from Namespace files and data files. Extent An Extent is a set of contiguous blocks. An Extent belonging to the same Namespace is linked to a Double Linked List, and each Extent has a Record. Record Record stores data in the form of BSON Document or B-tree and is linked to a related double-linked list of records.

The log file analysis may analyze the log of the Mongo DB server to analyze the recent history of the access list or the change history of the DB, the behavior, and the like. In addition, Mongo DB log has general log, Oplog, startup log, and diagnostic log. Since each log may or may not exist depending on the operation type of Mongo DB, You need to know. Table 7 below shows this in detail.

division Checkable items Explanation
General log Server start / stop, client connection, DB creation / deletion, collection creation / deletion etc. Analysis of server operation type and structure change time and contents of DB
Oplog Replica set is operated in the form of a log that stores the changes of the DB for synchronization between Mongo DB servers Analyze DB changes at a specific point in oplog.rs of local DB or analyze changes by insertion, modification and deletion of data

On the other hand, the deleted record recovery technique of the Oracle database shown above is as follows.

In the Oracle database structure, the table spaces are TEMP, USER, SYSAUX, SYSTEM, EXAMPLE, and UNDOTBS, and data can be accessed using the information of the system tablespace. The table status names are specifically shown in Table 8 below.

Table space name Role TEMP Storing temporary tables and indexes required for SQL processing USER Save user-created objects SYSAUX Save System Information SYSTEM Save data dictionary (save tables and records) EXAMPLE Save Sample Schema UNDOTBS Save undo information

The table space is composed of data blocks, and the system can check the block size, which can be confirmed through the database creation log. The default path is "\ admin \ [DB name] \ bdump \ alert_ database_name.log" where the Oracle database is installed.

In the data block structure, an Oracle data block is composed of a common and variable header, a table directory, a row directory, a free space, and row data.

Component Explanation Common and Variable Header Oracle Version Information Table Directory Data block type, Object ID Row Directory Number of records, Free Space size, offset information of record Free Space Free Space Size Row Data data

The SYSTEM table stores system table information, table column information, and environment settings. This table is also stored in the SYSTEM.DBF file. If the object ID of the system table is known, schema information such as the table name and the column name of the table can be obtained. Table 10 below shows the schema information for the OBJ $ and C_OBJ # tables.

System table name Schema information OBJ $ Table information C_OBJ # Table column name, data type, and data length information

If you mistakenly delete data or mistakenly change the value of data during Oracle DB (relational DBMS) management as mentioned above, if you recognize this error right away, you can return to the original state with the command "Rollback" It is very difficult to recover after a long period of time. In addition, Oracle Flashback is a feature that allows you to return to a specific time or point in time, allowing you to run a specific past query, and check the status of the data at some point in the past without any structural changes to the database.

Auditing is the ability to monitor suspicious database activity and collect historical information, including Statement Auditing, Privilege auditing, and Schema Object Auditing.

FIG. 6 is a diagram illustrating a technology configuration of a security ETL layer according to the present invention.

Referring to FIG. 6, the Security ETL Layer includes a formatted / unstructured data conversion module and the like. The Security ETL Layer converts data based on unstructured data, distributes and stores the data, transforms data in a format for analysis and verification by a request analysis, Management. In addition, the data conversion tool can read data from a text filter (Text Extractor), extract raw text, and use the Text Parser (Text Analyzer) to perform morphological analysis (accuracy), unstructured data classification (similar to Excel text length setting) Trim), and the analysis results can be stored in various predefined formats (Json, Text, XML, etc.) and can be generated and converted using the "Data key". In addition, Batch Job (Batch Analysis) periodically performs conversion according to batch setting. In case of BigData, it is difficult to analyze in real time. In addition, Interactive Job (analysis by user request) performs immediate conversion and makes related setting in Interactive Mgmt.

Particularly, in the present invention, the fixed and unstructured data collected from the cloud environment (other than the network equipment) are indexed to variables (metrics) of various data types such as asymmetric encryption, block chain (distributed policy) (DB, Document) corresponding to the request of the user through the user interface (for example, delimiter, vocabulary, word, etc.). Table 11 below shows an example of the P2P variable (measurement item) index.

ETL variables (metrics) The details Loan classification Housing / real estate funds, business funds, living expenses, charter Warranty classification Comprehensive, limited Types of collateral Apartments, Residential, Other Residential Real Estate,
Land / Forest, Shopping. Tenancy deposit Distributor classification The third person Delinquency classification Interest delinquency, principal delinquency, excess of limit Classification Public servants, soldiers, state-owned enterprises, self-employed, etc. File-by-file transfer Data length and type dh type, Data classification code error,
Inconsistent number of Header, Trailer and Content Repayment method Principal Equal Partial Repayment and Equal Payment, Maturity Date Repayment, Limit Borrowing Principal, interest repayment cycle Monthly, quarterly, semi-annual, yearly Encryption Classification RSA, elliptic curve cryptography, asymmetric, hash

FIG. 7 is a view showing a method for developing a real-time risk detection and monitoring tool through the Big Data Analysis Engine shown in FIG.

Referring to FIG. 7, a regression analysis, a time series analysis, and a consistency analysis are used as approaches for developing a risk detection and failure type analysis tool utilized for data mining and deep learning techniques. That is, the past value of the variable to be predicted is emphasized, and past time series data up to just before the prediction time contain most of the information that can make the predicted value. The time series analysis method that can differentiate the estimation method according to whether the data to be analyzed is stable or not can be largely divided into ARIMA and VAR models according to the univariate or multivariate multivariate analysis. The ARIMA (univariate model) and VAR (multivariate model) are representative for the stable time series, and the time series is stabilized by the difference method or the ECM (univariate) / VECM Multivariate). It is important to check the stability of the time series because it is highly likely that the time series data will have autocorrelation in nature. In spite of the unstable time series variables, the spurious regression, which has an insignificant independent variable, There is a great likelihood that the problem will occur.

Major analysis methodologies according to the time series data type are specifically shown in Table 12 below.

division Univariate variable Multivariate variable Stable (stationary, normal) ARIMA YES Non-stationary (abnormal) ECM VECM

On the other hand, the data mining algorithms mentioned above are presented in detail.

Data mining applications are classified into six categories such as classification, clustering, prediction, outlier detection, regression, and visualization. We used data mining algorithms and methodologies that were used in the study.

A decision tree is an analysis method that classifies decision rules by tree structure. Trees are often used to classify given data. In addition, since the classification process is expressed by reasoning rules based on the tree structure, the researcher can understand and explain the process more easily than other methods such as neural network, discriminant analysis, and regression analysis.

Logistic regression is a representative statistical algorithm used to develop a model for analyzing and predicting which groups of individual observations can be categorized if the objects to be analyzed are divided into two or more groups. If the dependent variable is binary, it has good performance and is suitable for determining the fraud. This is different from the general regression in that it is used in the case of analytical purpose or procedure similar to the general regression analysis but in the case where the dependent variable is the categorical qualitative variable measured by the nominal scale. It has the advantage of being able to inject categorical variables into predictive variables.

SVM (Support Vector Machine) is a method used in map learning. It provides the algorithm used to find the hyperplane that is the most distant from the data among the hyperplanes separating the given data. The reference vector . Minimizing overfitting by maximizing the margin. Linear problem in a new space by using a kernel function, and it takes a long time because the complexity of the calculation becomes large according to the kernel function.

Artificial neural network is a mathematical model that aims to express some characteristics of brain function by computer simulation. There is a disadvantage that it is difficult to know the problem-solving process, although it provides a satisfactory solution by studying the problems that are complicated or unknown.

Self-Organization Map (SOM) provides the ability to learn on its own without giving an exact answer for a given input pattern. The SOM can map complex multidimensional input data with nonlinear relationships that can be easily understood from the primary or secondary data that can not be done by traditional linear statistical methods, and can analyze data similar to independent component analysis. In addition, SOM can map complex multidimensional input data with nonlinear relations, so it can find hidden patterns and present new patterns.

Association rule algorithm is a probability graph model that shows a set of random variables and conditional independence as a graph structure. It has a useful structure for probabilistic inference, and it has the advantage of being able to represent and solve a decision problem under uncertain circumstances.

Discriminant analysis is an algorithm that classifies individuals by measurement variables and searches for independent variables that can explain meaningfully the difference between groups. Independent variable is measured by interval scale or ratio scale, but dependent variable is a method used to analyze the relationship between independent variable and dependent variable when it is measured by category scale.

The HMM (Hidden Markov Model) is a probability statistical model that calculates the probability of appearance of an observed object in state transition probability and state, and estimates generation probability of new data through sequence data. Sequence data with sequence can be used to incorporate temporal concepts, and there is an advantage that the structure is simple and can be transformed into a model suitable for data.

Meanwhile, the fraud detection method disclosed in the present invention is as follows. Table 13 presents data analysis methods for detecting fraud risk.

purpose role Analysis method
User behavior Frequent pattern
(Exploratory modeling) Association / Sequence
Link Analysis
ㆍ Ractor Analysis etc.
user
Characteristics and behavior Classification
(Predictive Modeling) Decision Tree
Clustering Analysis
Neural Analysis, etc. Outlier
(Exploratory modeling) Clustering Analysis
Time Series Analysis

The frequent pattern refers to a pattern that occurs frequently in a data set, and this analysis is referred to as an association rule. Logistic regression analysis identifies whether the relevant variables are significant variables in distinguishing between normal and irregular groups after distinguishing between irregular and normal groups. The variables that have the most influence on the distinction between the normal group and the irregular group are extracted from the significant variables, and the degree of the irregularity is grasped by modeling through the weighting.

Decision trees are a way of extracting meaningful variables based on decision rules and showing them in a tree shape for easy understanding of the relationships between them. This provides decision information on which variable to use based on the combination of the number of variables and the number of variables associated with normal and irregular groups.

The cluster analysis is based on the similarity or relationship between the data, the data existing in one group are similar and the cluster is formed differently from the data in the other group. The higher the similarity in the cluster, To form as heterogeneous as possible.

Link analysis is based on the assumption that all human beings have a link between their relationships in daily life as well as basic relationships such as blood, karma, and delay based on social network theory.

Outliers are data that do not correspond to the general characteristics or behavior of the data. In other words, data that is inconsistent with or significantly different from other data is called outlier or noise. The abnormal value is caused by measurement or error. Data anomalies mean that the attributes and values of the data are out of the expected range, or that the data is far from most values, as well as the average of certain variables, and generally the outlier data is deleted or adjusted to be. There is an assumption that abnormalities in detection of fraud risk contain special information. In other words, since the noise of the data can act as a signal to detect the negative, it can lead to loss of information if it is judged as a general outliers value.

The outlier analysis can be classified into a method that can be confirmed by human eyes and a method which is difficult to visually confirm. The criteria to be confirmed by the naked eye can be grasped by the criteria defined in the law or regulations, or can be grasped through the distribution of data. Data with high-dimensional data or many categorical attributes are difficult to identify with the naked eye and use a statistical approach, a distance-based approach, and a deviation-based approach. do.

As described above, in the present invention, all risk management activities can be consisted of APIs for performing prediction and analysis, and data accumulation, variable generation and processing, and statistical model estimation can be performed in the model verification. In addition, pattern estimation APIs can be used for model estimation, such as data mining, statistics (hypothesis testing, correlation analysis and regression analysis, multiple regression analysis, logistic regression analysis, time series analysis and volcanic analysis) have. In addition, it is possible to design an optimal pattern model for each user group by estimating a decision model suitable for user contents based on various analysis data such as transaction analysis, transaction type, customer orientation, SNS, SMS, post management, New and updated models can be supported.

The Credit Scoring System (CSS) refers to the quantitative evaluation model of the application scoring system (ASS) and the qualitative evaluation model of the behavior scoring system (BSS) Variables that take account of exceptions such as job, marital status, gender, region), financial characteristics (loan purpose, monthly income, credit rating, special records, You can create a pattern type with (measurement item).

Table 14 below shows the individual credit rating factors and utilization ratio (NICE rating information).

Table 15 below shows examples of the types of personal credit rating items (variables) and behavioral rating items (variables). Table 16 shows the items of non-performing type, Respectively.

FIG. 8 is a diagram specifically illustrating a block chain structure and a transaction process in the P2P Block Chain Manager shown in FIG.

Referring to FIG. 8, the present invention introduces a block chain in the case of Bitcoin and solves the problem of double payment by means of a sophisticated design of proof of work and incentive. And suggests a plan. In order to directly utilize the block chain for the service of the financial institution for the development of the restricted block chain, it is necessary to overcome various constraints such as the processing capacity, so a method of developing a limited (private or consortium) block chain in which only specific participants can participate in the network This is being explored. Care should be taken to minimize adverse effects such as investor harm, money laundering, tax evasion, and financial fraud that may arise from the use of digital currencies based on distributed led technology. Distributed and stored transaction logs (Ledgers) in the P2P network All participants participate in recording and approval Unlike cash or physical token transactions in which real objects are transferred, in electronic payment transactions such as electronic money and credit cards, (TTP) that records and approves transactions and, in the case of electronic money, issuers should be responsible for recording and approving transactions as a third party.

FIG. 9A and FIG. 9B are views showing a comparison between a centralized system and a block-chain-based system in a P2P Block Chain Manager shown in FIG. 3, and a block and a block chain structure.

As shown in FIGS. 9A and 9B, the block is recorded in units of JSON, in which the bit coin transaction is collected in about ten minutes, and the block chain is followed by all the blocks until now, All bitcoin transactions are recorded in chronological order.

Specifically, a proof-of-work is a process of verifying the validity of a transaction with a timestamp (= proving that it is the first transaction). The SHA-256 encryption algorithm uses a cryptographic hash (Average operation time: exponentially increasing according to the number of requests of the consecutive 0 bits) and decision of a representative in the majority decision process for proof (only one vote per CPU, Decision = longest node = most effort is put into this node, if the majority of computing power is controlled by honest nodes, the honest chain grows fastest). The proof-of-work method increments the temporary value (nonce) in the block until it finds a hash value such that the block hash result has 0 bits, and once the operation proof condition is reached, the block is fixed until the process is over again , The next proof of process for all the following blocks including that block must be performed again in order to change one block by forming a chain. The timestamp server collects all the transactions in sequence, stamps them as a confirmed transaction, and notifies everyone that the transactions are authenticated and can prevent double transactions. When all transactions occur, they are stamped at the time of block creation every 10 minutes .

In the present invention, as shown in FIG. 10, a block chain (distributed ledger) is applied to a firm banking (payment) part of a brokerage system company operating a P2P loan brokering system. The P2P manager (asset management company) Intermediate broker's goods (loan, real estate, NPL, etc.). At this time, an agreement (lender / manager) about business (commodity) is made. Also, block chain technology is applied to various remittance settlement systems such as financial institution, internet banking, interest, and investment product deposit. The fund transfer / remittance work is carried out, and encryption is considered in the digital signature method for bit coin. In addition, it takes a format (RSA, elliptic curve) for asymmetric encryption and various other cryptographic parts, and stores the final transaction data in the P2P Block Chain Manager when the final transaction is made. It is unidentified by using Data key for stored data. All information can be shared only by individuals and individuals, and intermediary manager is only intermediary. It is possible to strengthen the credibility of the existence of data data, whether it is deleted, whether it is stolen or altered.

In addition, the present invention utilizes a cloud-based Mongo DB and records transaction details (contents of daily transactions (user authentication, document number, transaction amount, transaction balance, sender / receiver, processor, product number, etc.) Transaction history of transaction records in the general ledger (other than the CMS account) can be enhanced by using user authentication, asymmetric cipher, hash and block chain, and by using the data key, It can improve operation and stability.

FIG. 11 is a view showing a block chain formation of each node in a cloud server according to the present invention.

Referring to FIG. 11, a block chain is formed among users of each company (node) of a cloud server, and each user owns authentication and asymmetric key values of a block chain. In addition, there exist nodes such as an asset company that operates a P2P loan brokerage system, a related person who uses a P2P service, and a payment system (bank). In the case of a firm banking transaction history, an asymmetric password and a hash function are used, Technology is used to allocate a distributed ledger to each node.

12 is a diagram showing a transaction chain (distributed origination) block chain process of the P2P intermediary system according to the present invention.

Referring to FIG. 12, when A transfers 50 BTC to B, A creates transaction details including the address of B and the remittance amount. In this transaction history, a hash value is output by a hash function, and the hash value is digitally signed to prove that A sends it by encrypting it with A's private key. After this process, the newly created transaction details are known to all nodes on the network, including the digital signature and public key of A. When transactions are accumulated, they are combined into blocks to approve these transactions. At this time, a block hash algorithm is used to find the hash value of the next block, and a proof of work is performed to find the nonce value. If successful, the block is sent to the entire node. If more than 50% of the nodes agree, the chain is connected to the previous block.

In addition, Table 18 below defines the block head definition and implementation. Table 19 shows the block hash function definition and implementation. Table 20 shows the Mongo DB transaction history data verification method.

FIG. 13 is a diagram showing a technical configuration of the PINTECH service according to the present invention.

Referring to FIG. 13, the IaaS cloud according to the present invention is an environment that can be automated or extended through a script, and a framework can be conveniently created if necessary. Also, in addition to resilience, there is an advantage of paying as much as using the service, the user only paying for the service used, and there is no need to allocate the resource any more.

FIG. 14 is a flowchart illustrating a personal rating service according to the present invention. In Table 21 below, the definition and coverage of each system shown in FIG. 14 are specifically shown.

division Justice Coverage Application Rating System
(Ass: Application Scoring System) A system that supports the examination of loans by calculating the rating from personal transaction information and personal attributes at the time of application of personal loan In case of new, increase, renewal, loan, condition change change of loan Behavior Rating System
(BSS: Behavior Scoring System) A system that supports post-credit management by rating individual transaction types after loan execution Postponement of loan, delinquency management, marketing support

14 and 21, in the present invention, a quantitative evaluation model and a qualitative evaluation model of a behavior scoring system (BSS) are referred to (other than NICE information) to obtain demographic characteristics (for example, age , Financial characteristics (loan purpose, monthly income, credit rating, special records, money laundering), borrower behavior characteristics, and investor behavior characteristics. Tables 22 to 24 below show this in detail. Table 23 shows the credit rating metrics (variables), and Table 24 shows an example of the behavior rating metrics (variables) type.

On the other hand, the design and study of the property rating model will be described in detail with reference to Table 25 below.

As shown in Table 25, the types of basis of the real estate evaluation calculation are classified into individual official land price, apartment Internet real estate price, apartment house price, individual house official land price, new building unit price list, and nearby real estate price. A certified copy of real estate registration is divided into three sections: basic information such as ownership, address, and area, and rights to title, excluding ownership. In the case of real estate (land), the unit price is calculated by examining the official price, the point factor (the rate of change of land price), the individual factor (administration, environment, access), the regional factor and other factors. When calculating the rating model, it grasps the collateral information (location, collateral type, owner, etc.) based on the calculation basis, and grasps the estimated quotation through the analysis of rights (for example, municipal bond, seizure, transfer generation) and value analysis. If it is an auction real estate, it analyzes the winning case analysis, neighboring city price, estimated selling price, and investment income (investment ratio). (Loan amount (amount of loan) × credit risk amount) - amount of realization of collateral) by applying the rate of recognition by collateral among the local factors, applying the value of real estate available collateral,

FIG. 15 is a diagram showing a method of designing and studying a non-performing loan (NPL) rating model according to the present invention.

Referring to FIG. 15, the NPL forecast process standardization classifies the degree of soundness of an asset into five levels: normal, critical, fixed, doubtful, and estimated loss. In addition, the Prediction of Non-Performing Loans is made by evaluating loans, evaluation of fixed assets (real estate, etc.), and evaluation criteria. Table 26 below presents the evaluation items for the failure detection, and Table 27 presents the asset prediction evaluation, respectively.

Claims (4)

In a P2P brokerage security system that supports privacy in a cloud environment,
Big-Data Analysis Engine supports development of evaluation model through various pattern analysis methods such as data mining, statistics, SVM, and HMM and supports real-time risk detection and failure type analysis tool using deep learning technique;
Business Layer that supports the rating service of business models such as personal credit rating, real estate collateral, and bad debts and provides API module and interface of pin tech service such as loan management, credit management, management, post management, and litigation preservation;
Through the digital forensics, FRM, and FDS for personal information protection of the business layer PINTECH service, real-time monitoring and monitoring of financial irregularity risks are analyzed, the correlation is analyzed through statistical analysis method, and the risk of insolvency and risk is judged , Business Security Analysis Layers that performs preliminary detection of fraudulent transactions through reinterpretation;
A business event log that protects the personal information of the Business Layer and Business Security Analysis Layers, and a Digital Forensic Layer that distributes and stores cloud-based data using a 'data key'.
The P2P Block Chain Manager that supports encryption of asymmetric passwords and transaction details when processing transaction details in a public transaction ledger among stakeholders in the event of transactions such as money transfer or settlement through firm banking occurring in the Business Layer P2P mediation security system that supports privacy protection in cloud environment.
The method according to claim 1,
Includes the Security ETL Layer, which supports the creation of variables for pattern types for preprocessing patterns and demonstration exceptions, analysis preparation, forensic preparation, distributed ledger, log data, etc. The P2P mediation security system supports personal information protection in a cloud environment.
3. The method according to claim 1 or 2,
The Digital Forensic Layer collects collected data by using the "Data key", and collects monitoring of various malfunctions and negatives such as system-based and weblog collection, P2P mediation security system that supports privacy protection in a cloud environment.
3. The method according to claim 1 or 2,
The P2P Block Chain Manager supports distributed policy processing technology and block chain application techniques such as settlement-payment, remittance, and bank banking. The P2P brokerage security system supports personal information protection in a cloud environment.

Images