本說明書實施例提供識別二手門號帳戶盜用的風控模型訓練、風控方法、裝置以及設備。
為了使本技術領域的人員更好地理解本說明書中的技術方案,下面將結合本說明書實施例中的附圖,對本說明書實施例中的技術方案進行清楚、完整地描述,顯然,所描述的實施例僅僅是本申請一部分實施例,而不是全部的實施例。基於本說明書實施例,本領域普通技術人員在沒有作出創造性勞動前提下所獲得的所有其他實施例,都應當屬於本申請保護的範圍。
圖1為本說明書實施例提供的一種識別二手門號帳戶盜用的風控模型訓練方法的流程示意圖,該流程可以由伺服器自動執行,某些步驟也可以允許人工干預。
圖1中的流程可以包括以下步驟:
S102:獲取多個帳戶的交易相關資料。
在本說明書實施例中,帳戶比如是搭載於終端上的某個應用的帳戶,比如,協力廠商支付應用的帳戶、銀行應用的帳戶、即時通訊應用的帳戶等。同一應用的不同帳戶之間能夠進行交易,透過交易,引發實際資金或者虛擬物品在交易雙方帳戶之間的轉移。帳戶本身可以是手機號碼;或者,雖然不是手機號碼,但是綁定有手機號碼,利用所綁定的手機號碼,能夠登錄(直接用手機號碼透過簡訊驗證的方式登錄,或者用手機號碼找回帳戶密碼登錄等)帳戶。
在本說明書實施例中,識別二手門號帳戶盜用可以是針對帳戶交易的,也可以是針對帳戶的,本說明書主要以前一種情況為例進行說明,則一筆帳戶交易可以視為一個樣本。一般地,若針對某筆帳戶交易,識別出其屬於二手門號帳戶盜用事件,則相應的帳戶具有風險,可以直接對該帳戶進行管控,以免造成用戶損失。
S104:針對所述交易相關資料包含的歷史的帳戶交易,獲取所述帳戶交易的定性標籤,所述定性標籤表明其對應的帳戶交易是否屬於二手門號帳戶盜用事件。
在本說明書實施例中,定性標籤可以基於人工分析或者用戶主動報案等方式確定,可以認為定性標籤包含的結論是可信的。定性標籤可以以二值(比如0-1等)或者機率值等形式表示。
S106:從所述交易相關資料中提取各所述帳戶交易的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況。
在本說明書實施例中,考慮基於通訊錄的風險特徵,以及基於帳戶靜態資訊的風險特徵,作為識別依據,原因在於,通訊錄和帳戶靜態資訊會直接或者間接地涉及手機號碼,具有較高的參考價值。其中,帳戶靜態資訊可以包括帳戶綁定的手機號碼,以及與帳戶相關的其他帳戶等。
基於通訊錄的風險特徵包括上述的用戶姓名情況一致情況。針對某帳戶交易,可以確定帳戶對應的手機號碼,該手機號碼所屬的通訊錄體系比如包括相應用戶及其好友的手機自帶的通訊錄、當前應用以及屬於同一公司的其他應用或者有合作的第三方應用的通訊錄等,該手機號碼所屬的帳號體系比如包括當前應用的帳號體系等。通訊錄體系與帳戶體系之間的用戶姓名不一致的程度越高,越可能存在二手門號帳戶盜用情況。這類風險特徵具體的提取方式可以是多樣的,比如,可以比較通訊錄資料裡最近3個月添加手機號碼碼對應姓名與帳戶的用戶姓名相似的次數,絕對值越低,則盜用風險越高,據此提取出相應的風險特徵。
基於通訊錄的風險特徵還可以包括更多內容。比如,在通訊錄中,近一段時間內相同用戶的手機號碼碼的變更情況,相同手機號碼碼的用戶姓名變更情況等。
基於帳戶靜態資訊的風險特徵包括上述的手機號碼一致情況。這類風險特徵具體的提取方式可以是多樣的,比如,可以判斷同身份(比如同身份證號、同銀行卡號等)的其他活躍帳戶綁定的手機號碼與當前帳戶綁定的手機號碼是否一致,不一致則盜用風險高,據此提取出相應的風險特徵。
基於帳戶靜態資訊的風險特徵還可以包括更多內容。比如,帳戶相關的其他帳戶所綁定的手機號碼的變更情況等。
前面對通訊錄、帳戶靜態資訊這兩個維度的風險特徵進行了說明,還可以利用更多維度的風險特徵。更多維度比如包括:帳戶活躍度、帳戶異常操作行為、帳戶設備資訊等維度。
例如,對於步驟S106,所述從所述交易相關資料中提取各所述帳戶交易的以下兩類風險特徵,還可以執行:從所述交易相關資料中提取各所述帳戶交易的以下至少一類風險特徵:所用設備上的多帳戶登錄情況、對應的帳戶的簡訊方式登錄情況、對應的帳戶的活躍情況。比如,若所用設備(通常是某用戶的手機)在一天內嘗試登錄的帳戶數量越多,則盜用風險越高;若以往較少透過簡訊方式登錄帳戶,但最近一段時間卻多次嘗試透過簡訊方式登錄帳戶,則盜用風險較高;若帳戶最近一段時間反常地進行交易或者提現等敏感操作,則盜用風險較高。
S108:以獲取的定性標籤和提取的風險特徵作為訓練資料,訓練有監督模型,用以識別二手門號帳戶盜用。
在本說明書實施例中,可以將單筆帳戶交易作為一個訓練用的樣本。在訓練過程中,提取的風險特徵作為有監督模型的輸入資料,有監督模型輸出的預測結果與定性標籤進行比較,若不一致,則對有監督模型進行調整(比如,調整模型結構、調整權重參數等)。如此反覆運算,直至模型符合預期,進而可以投入使用,比如,將模型發佈上線,用於判定線上交易是否屬於二手門號帳戶盜用事件等。
在本說明書實施例中,有監督模型可以是多樣的,其比如基於梯度提升決策樹或者隨機森林等有監督演算法。
透過圖1的方法,無需依賴於通訊營運商提供的手機號碼入網時間和狀態資料,而是可以利用自有的互聯網平臺資料資源,尤其利用了手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、帳戶與同身份的其他帳戶之間的手機號碼一致情況,這兩類與二手門號帳戶盜用密切相關的特徵,從而有利於更為高效地識別二手門號帳戶盜用。
上述訓練過的有監督模型可以投入風控,用於識別二手門號帳戶盜用,基於此,本說明書實施例還提供了一種識別二手門號帳戶盜用的風控方法的流程示意圖,如圖2所示。
圖2中的流程可以包括以下步驟:
S202:獲取待識別的帳戶交易對應的交易相關資料。
在本說明書實施例中,待識別的帳戶交易可以是線上正在進行中的交易,也可以是離線的已經進行完畢的交易。
S204:從所述交易相關資料中提取所述帳戶交易的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況。
S206:將提取的風險特徵輸入上述訓練過的有監督模型進行處理。
S208:根據所述有監督模型處理後輸出的預測結果,確定針對所述帳戶交易的二手門號帳戶盜用識別結果。
在本說明書實施例中,根據識別結果,若判定屬於二手門號帳戶盜用事件,則可以對相應的帳戶進行控制,以及中止該帳戶進行中的交易,以免給用戶帶來損失。
透過圖2的方法,無需依賴於通訊營運商提供的手機號碼入網時間和狀態資料,而是可以利用自有的互聯網平臺資料資源,尤其利用了手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、帳戶與同身份的其他帳戶之間的手機號碼一致情況,這兩類與二手門號帳戶盜用密切相關的特徵,從而有利於更為高效地識別二手門號帳戶盜用。
在本說明書實施例中,對於步驟S204,所述從所述交易相關資料中提取所述帳戶交易的以下兩類風險特徵,還可以執行:從所述交易相關資料中提取所述帳戶交易的以下至少一類風險特徵:所用設備上的多帳戶登錄情況、對應的帳戶的簡訊方式登錄情況、對應的帳戶的活躍情況。
在本說明書實施例中,有監督模型處理後輸出的預測結果能夠反映:所述帳戶交易屬於二手門號帳戶盜用事件的可能性。預測結果比如可以是一個機率值,或者類似機率值的指定取值區間中的一個確定值等。
在實際應用中,可以結合預測結果和其他一些認證措施,來進行風控,以提高方案整體的可靠性,儘量避免誤傷帳戶。
例如,對於步驟S208,所述根據所述有監督模型處理後輸出的預測結果,確定針對所述帳戶交易的二手門號帳戶盜用識別結果,具體可以包括:若所述可能性高於設定閾值,則透過生物特徵和/或銀行卡和/或證件等簡訊驗證以外的認證方式,對所述帳戶交易的操作用戶進行認證,根據認證結果,判定所述帳戶交易是否屬於二手門號帳戶盜用事件;或者,若所述可能性高於設定閾值,則判定所述帳戶交易屬於二手門號帳戶盜用事件。
根據前面的說明,本說明書實施例還提供了一種實際應用場景下,上述風控模型訓練方法和風控方法的一種具體實施方案的流程示意圖,如圖3所示。
圖3中的流程可以包括以下步驟:
獲取帳戶的交易相關資料,將其包含的帳戶交易作為樣本進行黑白樣本打標籤處理;從五個不同維度提取風險特徵,包括:基於帳戶活躍度的風險特徵,(比如帳戶過去90天的交易數量),基於帳戶異常操作行為的風險特徵(比如過去30天內有無簡訊方式嘗試登錄帳戶),基於通訊錄的風險特徵(比如通訊錄內最近三個月內添加手機號碼的用戶姓名與帳戶的用戶姓名相似的次數),基於帳戶靜態資訊的風險特徵(比如同證件其他活躍帳戶與當前帳戶綁定的手機號碼是否一致),基於帳戶靜態資訊的風險特徵(比如同證件其他活躍帳戶與當前帳戶綁定的手機號碼是否一致);得到模型輸入資料X,X是特徵向量,包含各個風險特徵;使用諸如梯度提升決策樹或者隨機森林等演算法生成有監督模型;利用訓練集打標樣本訓練,並評估模型性能,直至模型符合預期;部署模型上線,對線上交易進行打分,判斷線上的當前交易的分值是否是高分;若不是高分,則交易通過,不認為是盜用事件;若是高分,則利用非簡訊方式校驗產品,比如人臉、銀行卡號校驗,判斷該當前交易的操作用戶是否通過校驗,若校驗通過,則交易通過,不認為是盜用事件,若校驗不通過,則交易不通過,認為是盜用事件。
上面主要是以針對帳戶交易為例,對識別二手門號帳戶盜用進行說明的,上述方案的思路也適用於針對帳戶交易以外的其他帳戶操作,比如帳戶登錄、帳戶修改密碼等敏感操作,而且在識別時也並不限於利用有監督模型。基於此,本說明書實施例還提供了另一種識別二手門號帳戶盜用的風控方法的流程示意圖,如圖4所示,圖4中的流程的一部分內容與圖2一致,參照上面對圖2的說明理解即可,不再贅述。
圖4中的流程可以包括以下步驟:
S402:獲取待識別的帳戶操作對應的操作相關資料。
S404:從所述操作相關資料中提取所述帳戶操作的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況。
S406:根據提取的風險特徵,確定針對所述帳戶操作的二手門號帳戶盜用識別結果。
在本說明書實施例中,以提取的風險特徵作為輸入資料,可以採用模型,確定二手門號帳戶盜用識別結果;或者,也可以利用諸如規則運算式等相對簡單直接的規則,確定二手門號帳戶盜用識別結果,有利於降低方案實施成本。比如,若透過規則運算式匹配,確定上述用戶姓名一致情況、手機號碼一致情況不一致均為不一致,則可以直接判定待識別的帳戶操作屬於二手門號帳戶盜用事件。
透過圖4的方法,有利於更為高效地識別二手門號帳戶盜用。
在本說明書實施例中,對於步驟S404,所述從所述操作相關資料中提取所述帳戶操作的以下兩類風險特徵,還可以執行:從所述操作相關資料中提取所述帳戶操作的以下至少一類風險特徵:所用設備上的多帳戶登錄情況、對應的帳戶的簡訊方式登錄情況、對應的帳戶的活躍情況。
基於同樣的思路,本說明書實施例還提供了上述方法對應的裝置,如圖5、圖6、圖7所示。
圖5為本說明書實施例提供的對應於圖1的一種識別二手門號帳戶盜用的風控模型訓練裝置的結構示意圖,所述裝置包括:
第一獲取模組501,獲取多個帳戶的交易相關資料;
第二獲取模組502,針對所述交易相關資料包含的歷史的帳戶交易,獲取所述帳戶交易的定性標籤,所述定性標籤表明其對應的帳戶交易是否屬於二手門號帳戶盜用事件;
提取模組503,從所述交易相關資料中提取各所述帳戶交易的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況;
訓練模組504,以獲取的定性標籤和提取的風險特徵作為訓練資料,訓練有監督模型,用以識別二手門號帳戶盜用。
可選地,所述提取模組503從所述交易相關資料中提取各所述帳戶交易的以下兩類風險特徵,還包括:
所述提取模組503從所述交易相關資料中提取各所述帳戶交易的以下至少一類風險特徵:所用設備上的多帳戶登錄情況、對應的帳戶的簡訊方式登錄情況、對應的帳戶的活躍情況。
可選地,所述有監督模型基於梯度提升決策樹或者隨機森林。
圖6為本說明書實施例提供的對應於圖2的一種識別二手門號帳戶盜用的風控裝置的結構示意圖,所述裝置包括:
獲取模組601,獲取待識別的帳戶交易對應的交易相關資料;
提取模組602,從所述交易相關資料中提取所述帳戶交易的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況;
處理模組603,將提取的風險特徵輸入上述訓練過的有監督模型進行處理;
確定模組604,根據所述有監督模型處理後輸出的預測結果,確定針對所述帳戶交易的二手門號帳戶盜用識別結果。
可選地,所述提取模組602從所述交易相關資料中提取所述帳戶交易的以下兩類風險特徵,還包括:
所述提取模組602從所述交易相關資料中提取所述帳戶交易的以下至少一類風險特徵:所用設備上的多帳戶登錄情況、對應的帳戶的簡訊方式登錄情況、對應的帳戶的活躍情況。
可選地,所述有監督模型處理後輸出的預測結果反映:所述帳戶交易屬於二手門號帳戶盜用事件的可能性;
所述確定模組604根據所述有監督模型處理後輸出的預測結果,確定針對所述帳戶交易的二手門號帳戶盜用識別結果,具體包括:
所述確定模組604若所述可能性高於設定閾值,則透過生物特徵和/或銀行卡和/或證件,對所述帳戶交易的操作用戶進行認證,根據認證結果,判定所述帳戶交易是否屬於二手門號帳戶盜用事件;或者,
若所述可能性高於設定閾值,則判定所述帳戶交易屬於二手門號帳戶盜用事件。
圖7為本說明書實施例提供的對應於圖4的一種識別二手門號帳戶盜用的風控裝置的結構示意圖,所述裝置包括:
獲取模組701,獲取待識別的帳戶操作對應的操作相關資料;
提取模組702,從所述操作相關資料中提取所述帳戶操作的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況;
確定模組703,根據提取的風險特徵,確定針對所述帳戶操作的二手門號帳戶盜用識別結果。
所述提取模組702從所述操作相關資料中提取所述帳戶操作的以下兩類風險特徵,還包括:
可選地,所述提取模組702從所述操作相關資料中提取所述帳戶操作的以下至少一類風險特徵:所用設備上的多帳戶登錄情況、對應的帳戶的簡訊方式登錄情況、對應的帳戶的活躍情況。
基於同樣的思路,本說明書實施例還提供了對應於圖1的一種識別二手門號帳戶盜用的風控模型訓練設備,包括:
至少一個處理器;以及,
與所述至少一個處理器通訊連接的記憶體;其中,
所述記憶體儲存有可被所述至少一個處理器執行的指令,所述指令被所述至少一個處理器執行,以使所述至少一個處理器能夠:
獲取多個帳戶的交易相關資料;
針對所述交易相關資料包含的歷史的帳戶交易,獲取所述帳戶交易的定性標籤,所述定性標籤表明其對應的帳戶交易是否屬於二手門號帳戶盜用事件;
從所述交易相關資料中提取各所述帳戶交易的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況;
以獲取的定性標籤和提取的風險特徵作為訓練資料,訓練有監督模型,用以識別二手門號帳戶盜用。
基於同樣的思路,本說明書實施例還提供了對應於圖2的一種識別二手門號帳戶盜用的風控設備,包括:
至少一個處理器;以及,
與所述至少一個處理器通訊連接的記憶體;其中,
所述記憶體儲存有可被所述至少一個處理器執行的指令,所述指令被所述至少一個處理器執行,以使所述至少一個處理器能夠:
獲取待識別的帳戶交易對應的交易相關資料;
從所述交易相關資料中提取所述帳戶交易的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況;
將提取的風險特徵輸入上述訓練過的有監督模型進行處理;
根據所述有監督模型處理後輸出的預測結果,確定針對所述帳戶交易的二手門號帳戶盜用識別結果。
基於同樣的思路,本說明書實施例還提供了對應於圖4的一種識別二手門號帳戶盜用的風控設備,包括:
至少一個處理器;以及,
與所述至少一個處理器通訊連接的記憶體;其中,
所述記憶體儲存有可被所述至少一個處理器執行的指令,所述指令被所述至少一個處理器執行,以使所述至少一個處理器能夠:
獲取待識別的帳戶操作對應的操作相關資料;
從所述操作相關資料中提取所述帳戶操作的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況;
根據提取的風險特徵,確定針對所述帳戶操作的二手門號帳戶盜用識別結果。
基於同樣的思路,本說明書實施例還提供了對應於圖1的一種非易失性電腦儲存媒體,儲存有電腦可執行指令,所述電腦可執行指令設置為:
獲取多個帳戶的交易相關資料;
針對所述交易相關資料包含的歷史的帳戶交易,獲取所述帳戶交易的定性標籤,所述定性標籤表明其對應的帳戶交易是否屬於二手門號帳戶盜用事件;
從所述交易相關資料中提取各所述帳戶交易的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況;
以獲取的定性標籤和提取的風險特徵作為訓練資料,訓練有監督模型,用以識別二手門號帳戶盜用。
基於同樣的思路,本說明書實施例還提供了對應於圖2的一種非易失性電腦儲存媒體,儲存有電腦可執行指令,所述電腦可執行指令設置為:
獲取待識別的帳戶交易對應的交易相關資料;
從所述交易相關資料中提取所述帳戶交易的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況;
將提取的風險特徵輸入上述訓練過的有監督模型進行處理;
根據所述有監督模型處理後輸出的預測結果,確定針對所述帳戶交易的二手門號帳戶盜用識別結果。
基於同樣的思路,本說明書實施例還提供了對應於圖4的一種非易失性電腦儲存媒體,儲存有電腦可執行指令,所述電腦可執行指令設置為:
獲取待識別的帳戶操作對應的操作相關資料;
從所述操作相關資料中提取所述帳戶操作的以下兩類風險特徵:對應的手機號碼所屬的通訊錄體系與帳戶體系之間的用戶姓名一致情況、對應的帳戶與同身份的其他帳戶之間的手機號碼一致情況;
根據提取的風險特徵,確定針對所述帳戶操作的二手門號帳戶盜用識別結果。
上述對本說明書特定實施例進行了描述。其它實施例在所附申請專利範圍的範圍內。在一些情況下,在申請專利範圍中記載的動作或步驟可以按照不同於實施例中的順序來執行並且仍然可以實現期望的結果。另外,在附圖中描繪的過程不一定要求示出的特定順序或者連續順序才能實現期望的結果。在某些實施方式中,多工處理和並行處理也是可以的或者可能是有利的。
本說明書中的各個實施例均採用遞進的方式描述,各個實施例之間相同相似的部分互相參見即可,每個實施例重點說明的都是與其他實施例的不同之處。尤其,對於裝置、設備、非易失性電腦儲存媒體實施例而言,由於其基本相似於方法實施例,所以描述的比較簡單,相關之處參見方法實施例的部分說明即可。
本說明書實施例提供的裝置、設備、非易失性電腦儲存媒體與方法是對應的,因此,裝置、設備、非易失性電腦儲存媒體也具有與對應方法類似的有益技術效果,由於上面已經對方法的有益技術效果進行了詳細說明,因此,這裡不再贅述對應裝置、設備、非易失性電腦儲存媒體的有益技術效果。
在20世紀90年代,對於一個技術的改進可以很明顯地區分是硬體上的改進(例如,對二極體、電晶體、開關等電路結構的改進)還是軟體上的改進(對於方法流程的改進)。然而,隨著技術的發展,當今的很多方法流程的改進已經可以視為硬體電路結構的直接改進。設計人員幾乎都透過將改進的方法流程程式設計到硬體電路中來得到相應的硬體電路結構。因此,不能說一個方法流程的改進就不能用硬體實體模組來實現。例如,可程式設計邏輯器件(Programmable Logic Device, PLD)(例如現場可程式設計閘陣列(Field Programmable Gate Array,FPGA))就是這樣一種積體電路,其邏輯功能由用戶對器件程式設計來確定。由設計人員自行程式設計來把一個數位系統“集成”在一片PLD上,而不需要請晶片製造廠商來設計和製作專用的積體電路晶片。而且,如今,取代手工地製作積體電路晶片,這種程式設計也多半改用“邏輯編譯器(logic compiler)”軟體來實現,它與程式開發撰寫時所用的軟體編譯器相類似,而要編譯之前的原始代碼也得用特定的程式設計語言來撰寫,此稱之為硬體描述語言(Hardware Description Language,HDL),而HDL也並非僅有一種,而是有許多種,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL (Very-High-Speed Integrated Circuit Hardware Description Language)與Verilog。本領域技術人員也應該清楚,只需要將方法流程用上述幾種硬體描述語言稍作邏輯程式設計並程式設計到積體電路中,就可以很容易得到實現該邏輯方法流程的硬體電路。
控制器可以按任何適當的方式實現,例如,控制器可以採取例如微處理器或處理器以及儲存可由該(微)處理器執行的電腦可讀程式碼(例如軟體或固件)的電腦可讀媒體、邏輯閘、開關、專用積體電路(Application Specific Integrated Circuit,ASIC)、可程式設計邏輯控制器和嵌入微控制器的形式,控制器的例子包括但不限於以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,記憶體控制器還可以被實現為記憶體的控制邏輯的一部分。本領域技術人員也知道,除了以純電腦可讀程式碼方式實現控制器以外,完全可以透過將方法步驟進行邏輯程式設計來使得控制器以邏輯閘、開關、專用積體電路、可程式設計邏輯控制器和嵌入微控制器等的形式來實現相同功能。因此這種控制器可以被認為是一種硬體部件,而對其內包括的用於實現各種功能的裝置也可以視為硬體部件內的結構。或者甚至,可以將用於實現各種功能的裝置視為既可以是實現方法的軟體模組又可以是硬體部件內的結構。
上述實施例闡明的系統、裝置、模組或單元,具體可以由電腦晶片或實體實現,或者由具有某種功能的產品來實現。一種典型的實現設備為電腦。具體的,電腦例如可以為個人電腦、膝上型電腦、蜂巢式電話、相機電話、智慧型電話、個人數位助理、媒體播放機、導航設備、電子郵件設備、遊戲控制台、平板電腦、可穿戴設備或者這些設備中的任何設備的組合。
為了描述的方便,描述以上裝置時以功能分為各種單元分別描述。當然,在實施本說明書時可以把各單元的功能在同一個或多個軟體和/或硬體中實現。
本領域內的技術人員應明白,本說明書實施例可提供為方法、系統、或電腦程式產品。因此,本說明書實施例可採用完全硬體實施例、完全軟體實施例、或結合軟體和硬體方面的實施例的形式。而且,本說明書實施例可採用在一個或多個其中包含有電腦可用程式碼的電腦可用儲存媒體(包括但不限於磁碟記憶體、CD-ROM、光學記憶體等)上實施的電腦程式產品的形式。
本說明書是參照根據本說明書實施例的方法、設備(系統)、和電腦程式產品的流程圖和/或方框圖來描述的。應理解可由電腦程式指令實現流程圖和/或方框圖中的每一流程和/或方框、以及流程圖和/或方框圖中的流程和/或方框的結合。可提供這些電腦程式指令到通用電腦、專用電腦、嵌入式處理機或其他可程式設計資料處理設備的處理器以產生一個機器,使得透過電腦或其他可程式設計資料處理設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能的裝置。
這些電腦程式指令也可儲存在能引導電腦或其他可程式設計資料處理設備以特定方式工作的電腦可讀記憶體中,使得儲存在該電腦可讀記憶體中的指令產生包括指令裝置的製造品,該指令裝置實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能。
這些電腦程式指令也可裝載到電腦或其他可程式設計資料處理設備上,使得在電腦或其他可程式設計設備上執行一系列操作步驟以產生電腦實現的處理,從而在電腦或其他可程式設計設備上執行的指令提供用於實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能的步驟。
在一個典型的配置中,計算設備包括一個或多個處理器(CPU)、輸入/輸出介面、網路介面和記憶體。
記憶體可能包括電腦可讀媒體中的非永久性記憶體,隨機存取記憶體(RAM)和/或非易失性記憶體等形式,如唯讀記憶體(ROM)或快閃記憶體(flash RAM)。記憶體是電腦可讀媒體的示例。
電腦可讀媒體包括永久性和非永久性、可移動和非可移動媒體可以由任何方法或技術來實現資訊儲存。資訊可以是電腦可讀指令、資料結構、程式的模組或其他資料。電腦的儲存媒體的例子包括,但不限於相變記憶體(PRAM)、靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、其他類型的隨機存取記憶體(RAM)、唯讀記憶體(ROM)、電可擦除可程式設計唯讀記憶體(EEPROM)、快閃記憶體或其他記憶體技術、唯讀光碟唯讀記憶體(CD-ROM)、數位多功能光碟(DVD)或其他光學儲存、磁盒式磁帶,磁帶磁磁片儲存或其他磁性存放裝置或任何其他非傳輸媒體,可用於儲存可以被計算設備訪問的資訊。按照本文中的界定,電腦可讀媒體不包括暫存電腦可讀媒體(transitory media),如調製的資料信號和載波。
還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個……”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。
本領域技術人員應明白,本說明書實施例可提供為方法、系統或電腦程式產品。因此,本說明書可採用完全硬體實施例、完全軟體實施例或結合軟體和硬體方面的實施例的形式。而且,本說明書可採用在一個或多個其中包含有電腦可用程式碼的電腦可用儲存媒體(包括但不限於磁碟記憶體、CD-ROM、光學記憶體等)上實施的電腦程式產品的形式。
本說明書可以在由電腦執行的電腦可執行指令的一般上下文中描述,例如程式模組。一般地,程式模組包括執行特定任務或實現特定抽象資料類型的常式、程式、物件、元件、資料結構等等。也可以在分散式運算環境中實踐本說明書,在這些分散式運算環境中,由透過通訊網路而被連接的遠端處理設備來執行任務。在分散式運算環境中,程式模組可以位於包括存放裝置在內的本地和遠端電腦儲存媒體中。
本說明書中的各個實施例均採用遞進的方式描述,各個實施例之間相同相似的部分互相參見即可,每個實施例重點說明的都是與其他實施例的不同之處。尤其,對於系統實施例而言,由於其基本相似於方法實施例,所以描述的比較簡單,相關之處參見方法實施例的部分說明即可。
以上所述僅為本說明書實施例而已,並不用於限制本申請。對於本領域技術人員來說,本申請可以有各種更改和變化。凡在本申請的精神和原理之內所作的任何修改、等同替換、改進等,均應包含在本申請的申請專利範圍之內。The embodiments of the present specification provide risk control model training, risk control methods, devices, and equipment for identifying the theft of second-hand account numbers.
In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be described clearly and completely in conjunction with the drawings in the embodiments of this specification. Obviously, the described The embodiments are only a part of the embodiments of the present application, but not all the embodiments. Based on the embodiments of this specification, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the scope of protection of this application.
FIG. 1 is a schematic flowchart of a risk control model training method for identifying second-hand account misappropriation provided by an embodiment of the present specification. The process may be automatically performed by a server, and certain steps may also allow manual intervention.
The process in Figure 1 may include the following steps:
S102: Obtain transaction related information of multiple accounts.
In the embodiment of the present specification, the account is, for example, an account of an application carried on the terminal, for example, an account of a third-party payment application, an account of a bank application, an account of an instant messaging application, etc. Transactions can be conducted between different accounts of the same application. Through the transaction, the transfer of actual funds or virtual items between the accounts of both parties of the transaction can be triggered. The account itself can be a mobile phone number; or, although it is not a mobile phone number, but is bound to a mobile phone number, using the bound mobile phone number, you can log in (log in directly with the mobile phone number through SMS verification, or use the mobile phone number to retrieve the account Password login, etc.) account.
In the embodiment of the present specification, the identification of second-hand door number account theft can be directed to account transactions or to accounts. This specification mainly describes the previous case as an example, then an account transaction can be regarded as a sample. In general, if an account transaction is identified as a second-hand account misappropriation, the corresponding account is at risk, and the account can be directly controlled to avoid user losses.
S104: Acquire a qualitative label of the account transaction for the historical account transaction included in the transaction-related data, and the qualitative label indicates whether the corresponding account transaction is a second-hand account misappropriation event.
In the embodiment of the present specification, the qualitative label may be determined based on manual analysis or the user's initiative to report the case, and the conclusion contained in the qualitative label may be considered to be credible. Qualitative labels can be expressed in the form of binary values (such as 0-1, etc.) or probability values.
S106: Extract the following two types of risk characteristics of each account transaction from the transaction-related data: the corresponding name of the user between the address book system and the account system to which the corresponding mobile phone number belongs, the corresponding account and the other with the same identity The consistency of mobile phone numbers between accounts.
In the embodiment of this specification, the risk characteristics based on the address book and the risk characteristics based on the static information of the account are considered as the identification basis, because the static information of the address book and the account will directly or indirectly involve the mobile phone number, which has a higher Reference value. Among them, the static information of the account may include the mobile phone number bound to the account, and other accounts related to the account.
The risk characteristics based on the address book include the above-mentioned user name consistency. For an account transaction, the mobile phone number corresponding to the account can be determined. The address book system to which the mobile phone number belongs includes, for example, the address book, current application, and other applications belonging to the same company or the cooperative first The address book of the three-party application, and the account system to which the mobile phone number belongs include, for example, the account system of the current application. The higher the degree of user name inconsistency between the address book system and the account system, the more likely there is a second-hand account theft. The specific extraction methods of this type of risk characteristics can be diverse, for example, you can compare the number of times that the name corresponding to the user name of the account is added to the phone number in the contact book data in the past 3 months. The lower the absolute value, the higher the risk of misappropriation , Accordingly extract the corresponding risk characteristics.
The risk characteristics based on the address book can also include more content. For example, in the address book, the change of the mobile phone number of the same user in the recent period, the change of the name of the user of the same mobile phone number, etc.
The risk characteristics based on the static information of the account include the consistency of the aforementioned mobile phone numbers. The specific extraction methods of such risk characteristics can be diverse, for example, it can be judged whether the mobile phone number bound to other active accounts with the same identity (such as the same ID number, the same bank card number, etc.) is consistent with the mobile phone number bound to the current account , If there is inconsistency, the risk of misappropriation is high, and the corresponding risk characteristics are extracted accordingly.
The risk characteristics based on account static information can also include more content. For example, the changes of mobile phone numbers bound to other accounts related to the account.
The risk characteristics of the two dimensions of the address book and the static information of the account have been described above, and risk characteristics of more dimensions can also be used. More dimensions include: account activity, account abnormal operation behavior, account equipment information and other dimensions.
For example, for step S106, extracting the following two types of risk characteristics of each account transaction from the transaction-related data may also be performed: extracting at least one of the following types of risks of each account transaction from the transaction-related data Features: Multi-account login status on the device used, login status of the corresponding account by SMS, and active status of the corresponding account. For example, if the device you use (usually a user’s mobile phone) attempts to log in with more accounts in a day, the risk of misappropriation is higher; if you haven’t used SMS to log in to your account in the past, but have tried to use SMS for many times in the past If you log in to your account in a way, the risk of misappropriation is higher; if the account has abnormally performed sensitive operations such as transactions or withdrawals in the recent period, the risk of misappropriation is higher.
S108: The acquired qualitative label and the extracted risk characteristics are used as training data, and a supervised model is trained to identify the misappropriation of second-hand account numbers.
In the embodiment of this specification, a single account transaction can be used as a training sample. During the training process, the extracted risk features are used as the input data of the supervised model. The predicted results of the supervised model are compared with the qualitative labels. If they are inconsistent, the supervised model is adjusted (for example, the model structure is adjusted, the weight parameters are adjusted Wait). This operation is repeated until the model meets expectations and can be put into use, for example, the model is released online to determine whether the online transaction is a second-hand account misappropriation event.
In the embodiment of the present specification, the supervised model may be diverse, such as supervised algorithms based on gradient boosting decision tree or random forest.
Through the method of Figure 1, there is no need to rely on the time and status data of the mobile phone number provided by the communication operator, but can use its own Internet platform data resources, especially the mobile phone number belongs to the address book system and the account system. The consistency of the user's name and the consistency of the mobile phone number between the account and other accounts with the same identity are two characteristics that are closely related to the theft of second-hand door number accounts, thereby helping to more effectively identify the second-hand door number account theft.
The above-mentioned trained supervised model can be put into risk control to identify the misappropriation of second-hand door number accounts. Based on this, the embodiments of this specification also provide a schematic flow chart of a risk control method for identifying second-hand door number account theft, as shown in FIG. 2 Show.
The process in Figure 2 may include the following steps:
S202: Obtain transaction-related data corresponding to the account transaction to be identified.
In the embodiment of the present specification, the account transaction to be identified may be an online ongoing transaction or an offline completed transaction.
S204: Extract the following two types of risk characteristics of the account transaction from the transaction-related data: the correspondence of the user name between the address book system to which the corresponding mobile phone number belongs and the account system, the corresponding account and other accounts with the same identity The consistency of the mobile phone numbers.
S206: Input the extracted risk features into the trained supervised model for processing.
S208: According to the prediction result output after the supervised model is processed, determine the identification result of the second-hand door number account theft for the account transaction.
In the embodiment of the present specification, according to the identification result, if it is determined that it is a second-hand account misappropriation event, the corresponding account can be controlled and the ongoing transaction of the account can be suspended to avoid losses to the user.
Through the method of Figure 2, there is no need to rely on the mobile phone number access time and status data provided by the communication operator, but can use its own Internet platform data resources, especially the mobile phone number belongs to the address book system and account system. The consistency of the user's name and the consistency of the mobile phone number between the account and other accounts with the same identity are two characteristics that are closely related to the theft of second-hand door number accounts, thereby helping to more effectively identify the second-hand door number account theft.
In the embodiment of the present specification, for step S204, extracting the following two types of risk characteristics of the account transaction from the transaction-related data may also be performed: extracting the following of the account transaction from the transaction-related data At least one type of risk characteristics: multi-account login on the device used, login by SMS in the corresponding account, and active status of the corresponding account.
In the embodiment of the present specification, the prediction result output after the supervised model processing can reflect that the account transaction belongs to the possibility of a second-hand account misappropriation event. The prediction result may be, for example, a probability value, or a certain value in a specified value interval similar to the probability value.
In actual application, risk control can be combined with the prediction results and some other authentication measures to improve the overall reliability of the scheme and try to avoid accidentally hurting the account.
For example, for step S208, the determination of a second-hand account number misappropriation identification result for the account transaction based on the prediction result output after processing by the supervised model may specifically include: if the probability is higher than a set threshold, Then, through authentication methods other than SMS verification such as biometrics and/or bank cards and/or certificates, the operation user of the account transaction is authenticated, and based on the authentication result, it is determined whether the account transaction is a second-hand account misappropriation event; Or, if the probability is higher than the set threshold, it is determined that the account transaction belongs to a second-hand account misappropriation event.
According to the foregoing description, the embodiments of the present specification also provide a schematic flowchart of a specific implementation of the foregoing risk control model training method and risk control method in an actual application scenario, as shown in FIG. 3.
The process in Figure 3 may include the following steps:
Obtain the transaction related information of the account, and use the account transaction contained in it as a sample for black and white sample labeling; extract risk characteristics from five different dimensions, including: risk characteristics based on account activity, (such as the number of transactions in the account for the past 90 days ), based on the risk characteristics of the account’s abnormal operating behavior (such as whether there is an SMS in the past 30 days to try to log in to the account), based on the risk characteristics of the address book (such as the name of the user who added a mobile phone number and the user of the account in the last three months in the address book) The number of times the name is similar), risk characteristics based on the static information of the account (such as whether the mobile phone number bound to the current account with other active accounts of the same document), risk characteristics based on the static information of the account (such as other active accounts with the same document tied to the current account Whether the specified mobile phone number is consistent); get the model input data X, X is a feature vector, including each risk feature; use an algorithm such as a gradient boosting decision tree or random forest to generate a supervised model; use the training set to mark sample training, and Evaluate the performance of the model until the model meets expectations; deploy the model online and score the online transaction to determine whether the current online transaction score is a high score; if it is not a high score, the transaction passes and is not considered a misappropriation event; if it is a high score , Then use non-SMS to verify the product, such as face and bank card number verification, to determine whether the user of the current transaction passes the verification. If the verification passes, the transaction passes, and it is not considered to be a misappropriation event. If it passes, the transaction will not pass, which is considered an embezzlement.
The above is mainly based on account transactions as an example to explain the identification of second-hand account misappropriation. The ideas of the above scheme are also applicable to other account operations other than account transactions, such as account login, account modification password and other sensitive operations, and in Recognition is not limited to the use of supervised models. Based on this, the embodiment of the present specification also provides a schematic flow chart of another risk control method for identifying the misappropriation of second-hand account numbers. As shown in FIG. 4, part of the flow in FIG. 4 is consistent with that in FIG. 2. The explanation of 2 is sufficient, and will not be repeated here.
The process in Figure 4 may include the following steps:
S402: Obtain operation-related data corresponding to the account operation to be identified.
S404: Extract the following two types of risk characteristics of the account operation from the operation-related data: the correspondence of the user name between the address book system to which the corresponding mobile phone number belongs and the account system, the corresponding account and other accounts with the same identity The consistency of the mobile phone numbers.
S406: According to the extracted risk characteristics, determine a second-hand door number account misappropriation identification result operated on the account.
In the embodiment of this specification, using the extracted risk characteristics as input data, a model can be used to determine the identification result of the misappropriation of the second door account; or, a relatively simple and direct rule such as a rule expression can be used to determine the second door account The misappropriation of identification results will help reduce the cost of implementing the solution. For example, if it is determined that the above-mentioned user name consistency and mobile phone number inconsistency are both inconsistent through rule expression matching, it can be directly determined that the account operation to be identified is a second-hand account misappropriation.
Through the method of FIG. 4, it is more efficient to identify the second-hand account number misappropriation.
In the embodiment of the present specification, for step S404, the following two types of risk characteristics of extracting the account operation from the operation-related data may also be performed: extracting the following of the account operation from the operation-related data At least one type of risk characteristics: multi-account login on the device used, login by SMS in the corresponding account, and active status of the corresponding account.
Based on the same idea, the embodiments of the present specification also provide devices corresponding to the above methods, as shown in FIG. 5, FIG. 6, and FIG. 7.
FIG. 5 is a schematic structural diagram of a risk control model training device for identifying the misappropriation of a second-hand door number account provided by an embodiment of the present specification. The device includes:
The first obtaining module 501 obtains transaction related information of multiple accounts;
The second obtaining module 502 obtains a qualitative label of the account transaction for the historical account transaction included in the transaction-related data, and the qualitative label indicates whether the corresponding account transaction belongs to a second-hand account misappropriation event;
The extraction module 503 extracts the following two types of risk characteristics of each of the account transactions from the transaction-related data: the corresponding name of the user between the address book system to which the corresponding mobile phone number belongs and the account system, the corresponding account and the same Consistency of mobile phone numbers among other accounts of identity;
The training module 504 uses the acquired qualitative labels and the extracted risk features as training data, and trains a supervised model to identify the misappropriation of second-hand account numbers.
Optionally, the extraction module 503 extracts the following two types of risk characteristics of each account transaction from the transaction-related data, and further includes:
The extraction module 503 extracts at least one of the following risk characteristics of each account transaction from the transaction-related data: multi-account login status on the device used, login status of the corresponding account by SMS, and active status of the corresponding account .
Optionally, the supervised model is based on a gradient boosting decision tree or random forest.
FIG. 6 is a schematic structural diagram of a wind control device for identifying the theft of a second-hand door number account provided by an embodiment of the present specification, and the device includes:
Obtaining module 601 to obtain transaction-related data corresponding to account transactions to be identified;
The extraction module 602 extracts the following two types of risk characteristics of the account transaction from the transaction-related data: the corresponding name of the user between the address book system to which the corresponding mobile phone number belongs and the account system, the corresponding account and the same identity The consistency of mobile phone numbers among other accounts of
The processing module 603 inputs the extracted risk characteristics into the trained supervised model for processing;
The determining module 604 determines the second-hand account number misappropriation identification result for the account transaction according to the prediction result output after the supervised model is processed.
Optionally, the extraction module 602 extracts the following two types of risk characteristics of the account transaction from the transaction-related data, and further includes:
The extraction module 602 extracts at least one of the following risk characteristics of the account transaction from the transaction-related data: multiple account logins on the device used, login by SMS in the corresponding account, and active status of the corresponding account.
Optionally, the prediction result output after processing by the supervised model reflects: the possibility that the account transaction belongs to a second-hand account misappropriation event;
The determining module 604 determines the second-hand account number misappropriation identification result for the account transaction according to the prediction result output by the supervised model after processing, which specifically includes:
The determination module 604, if the probability is higher than a set threshold, authenticates the user of the account transaction through biometrics and/or bank cards and/or certificates, and determines the account transaction based on the authentication result Whether it is an incident of second-hand account misappropriation; or,
If the probability is higher than the set threshold, it is determined that the account transaction is a second-hand account misappropriation event.
FIG. 7 is a schematic structural diagram of a wind control device for identifying the misappropriation of a second-hand door number account provided by an embodiment of the present specification. The device includes:
The obtaining module 701 obtains operation related data corresponding to the account operation to be identified;
The extraction module 702 extracts the following two types of risk characteristics of the account operation from the operation-related data: the corresponding user name between the address book system and the account system to which the corresponding mobile phone number belongs, the corresponding account and the same identity The consistency of mobile phone numbers among other accounts of
The determining module 703 determines the identification result of the second-hand door number account theft operating on the account according to the extracted risk characteristics.
The extraction module 702 extracts the following two types of risk characteristics of the account operation from the operation-related data, and further includes:
Optionally, the extraction module 702 extracts at least one of the following risk characteristics of the account operation from the operation-related data: multi-account login on the device used, login by SMS in the corresponding account, and corresponding account Activity.
Based on the same idea, the embodiment of this specification also provides a risk control model training device corresponding to FIG. 1 for identifying the misappropriation of second-hand account numbers, including:
At least one processor; and,
A memory in communication connection with the at least one processor; wherein,
The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to:
Obtain transaction related information of multiple accounts;
For the historical account transactions included in the transaction-related data, obtain a qualitative label of the account transaction, where the qualitative label indicates whether the corresponding account transaction is a second-hand account misappropriation event;
Extract the following two types of risk characteristics of each account transaction from the transaction-related data: the corresponding name of the user between the address book system and the account system to which the corresponding mobile phone number belongs, the corresponding account and the other accounts of the same identity The consistency of mobile phone numbers between
The acquired qualitative labels and extracted risk characteristics are used as training data, and a supervised model is trained to identify the misappropriation of second-hand account numbers.
Based on the same idea, the embodiment of the present specification also provides a risk control device corresponding to FIG. 2 for identifying the theft of a second-hand account, including:
At least one processor; and,
A memory in communication connection with the at least one processor; wherein,
The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to:
Obtain transaction related information corresponding to the account transaction to be identified;
Extract the following two types of risk characteristics of the account transaction from the transaction-related data: the correspondence between the user name of the address book system and the account system to which the corresponding mobile phone number belongs, and between the corresponding account and other accounts of the same identity The consistency of mobile phone numbers of
Input the extracted risk features into the trained supervised model for processing;
According to the prediction result output after the supervised model is processed, the second-hand account number misappropriation identification result for the account transaction is determined.
Based on the same idea, the embodiment of the present specification also provides a risk control device corresponding to FIG. 4 for identifying the misappropriation of second-hand account numbers, including:
At least one processor; and,
A memory in communication connection with the at least one processor; wherein,
The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to:
Obtain the operation related data corresponding to the account operation to be identified;
Extract the following two types of risk characteristics of the account operation from the operation-related data: the correspondence of the user name between the address book system and the account system to which the corresponding mobile phone number belongs, and between the corresponding account and other accounts of the same identity The consistency of mobile phone numbers of
According to the extracted risk characteristics, the second-hand account number misappropriation identification result for the account operation is determined.
Based on the same idea, the embodiment of the present specification also provides a non-volatile computer storage medium corresponding to FIG. 1, which stores computer executable instructions, and the computer executable instructions are set as:
Obtain transaction related information of multiple accounts;
For the historical account transactions included in the transaction-related data, obtain a qualitative label of the account transaction, where the qualitative label indicates whether the corresponding account transaction is a second-hand account misappropriation event;
Extract the following two types of risk characteristics of each account transaction from the transaction-related data: the corresponding name of the user between the address book system and the account system to which the corresponding mobile phone number belongs, the corresponding account and the other accounts of the same identity The consistency of mobile phone numbers between
The acquired qualitative labels and extracted risk characteristics are used as training data, and a supervised model is trained to identify the misappropriation of second-hand account numbers.
Based on the same idea, the embodiment of the present specification also provides a non-volatile computer storage medium corresponding to FIG. 2, which stores computer executable instructions, and the computer executable instructions are set as:
Obtain transaction related information corresponding to the account transaction to be identified;
The following two types of risk characteristics of the account transaction are extracted from the transaction-related data: the correspondence of the user name between the address book system to which the corresponding mobile phone number belongs and the account system, and between the corresponding account and other accounts with the same identity The consistency of mobile phone numbers of
Input the extracted risk features into the trained supervised model for processing;
According to the prediction result output after the supervised model is processed, the second-hand account number misappropriation identification result for the account transaction is determined.
Based on the same idea, the embodiment of the present specification also provides a non-volatile computer storage medium corresponding to FIG. 4, which stores computer executable instructions, and the computer executable instructions are set as:
Obtain the operation related data corresponding to the account operation to be identified;
Extract the following two types of risk characteristics of the account operation from the operation-related data: the correspondence of the user name between the address book system and the account system to which the corresponding mobile phone number belongs, and between the corresponding account and other accounts of the same identity The consistency of mobile phone numbers of
According to the extracted risk characteristics, the identification result of the second-hand door number account theft operating on the account is determined.
The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the attached patent application. In some cases, the actions or steps described in the scope of the patent application may be performed in a different order than in the embodiment and still achieve the desired result. In addition, the processes depicted in the drawings do not necessarily require the particular order shown or sequential order to achieve the desired results. In some embodiments, multiplexing and parallel processing are also possible or may be advantageous.
The embodiments in this specification are described in a progressive manner. The same or similar parts between the embodiments can be referred to each other. Each embodiment focuses on the differences from other embodiments. In particular, for the embodiments of the device, the device, and the non-volatile computer storage medium, since they are basically similar to the method embodiments, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiments.
The devices, equipment, and non-volatile computer storage media and methods provided in the embodiments of the present specification correspond to each other. Therefore, the devices, equipment, and non-volatile computer storage media also have beneficial technical effects similar to the corresponding methods. The beneficial technical effects of the method are described in detail. Therefore, the beneficial technical effects of the corresponding devices, devices, and non-volatile computer storage media will not be repeated here.
In the 1990s, the improvement of a technology can be clearly distinguished from the improvement of hardware (for example, the improvement of the circuit structure of diodes, transistors, switches, etc.) or the improvement of software (for the process flow Improve). However, with the development of technology, the improvement of many methods and processes can be regarded as a direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method and process cannot be achieved with hardware physical modules. For example, a programmable logic device (Programmable Logic Device, PLD) (such as a field programmable gate array (Field Programmable Gate Array, FPGA)) is such an integrated circuit, and its logic function is determined by the user programming the device. It is up to the designer to program a digital system to "integrate" a PLD without having to ask a chip manufacturer to design and manufacture a dedicated integrated circuit chip. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, this kind of programming is also mostly implemented with "logic compiler" software, which is similar to the software compiler used in program development and writing. The original code before compilation must also be written in a specific programming language, which is called the hardware description language (Hardware Description Language, HDL), and HDL is not only one, but there are many, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., Currently the most commonly used are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should also understand that it is easy to obtain the hardware circuit that implements the logic method flow by only slightly programming the method flow using the above hardware description languages and programming it into the integrated circuit.
The controller may be implemented in any suitable manner, for example, the controller may take the form of a microprocessor or processor and a computer-readable medium storing computer-readable program code (such as software or firmware) executable by the (micro)processor , Logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, the memory controller can also be implemented as part of the control logic of the memory. Those skilled in the art also know that, in addition to implementing the controller in a pure computer-readable program code manner, the logic steps of the method steps can be completely controlled to make the controller controlled by logic gates, switches, dedicated integrated circuits, and programmable logic To achieve the same function in the form of a controller and embedded microcontroller. Therefore, such a controller can be regarded as a hardware component, and the device for implementing various functions included therein can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module of the implementation method and a structure in the hardware component.
The system, device, module or unit explained in the above embodiments may be implemented by a computer chip or entity, or by a product with a certain function. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, and a wearable Device or any combination of these devices.
For the convenience of description, when describing the above device, the functions are divided into various units and described separately. Of course, when implementing this specification, the functions of each unit can be implemented in the same software or multiple hardware and/or hardware.
Those skilled in the art should understand that the embodiments of this specification can be provided as methods, systems, or computer program products. Therefore, the embodiments of the present specification may take the form of complete hardware embodiments, complete software embodiments, or embodiments combining software and hardware. Moreover, the embodiments of the present specification may employ computer program products implemented on one or more computer usable storage media (including but not limited to disk memory, CD-ROM, optical memory, etc.) containing computer usable program code form.
This specification is described with reference to the flowcharts and/or block diagrams of the method, device (system), and computer program product according to the embodiments of this specification. It should be understood that each flow and/or block in the flowchart and/or block diagram and a combination of the flow and/or block in the flowchart and/or block diagram may be implemented by computer program instructions. These computer program instructions can be provided to the processors of general-purpose computers, special-purpose computers, embedded processors, or other programmable data processing equipment to produce a machine that allows instructions executed by the processor of the computer or other programmable data processing equipment Means for generating the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and/or block diagrams.
These computer program instructions can also be stored in a computer readable memory that can guide a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory produce a manufactured product including an instruction device The instruction device implements the functions specified in one block or multiple blocks in one flow or multiple flows in the flowchart and/or one block in the block diagram.
These computer program instructions can also be loaded onto a computer or other programmable data processing device, so that a series of operating steps can be performed on the computer or other programmable device to generate computer-implemented processing, and thus on the computer or other programmable device The instructions executed above provide steps for implementing the functions specified in one flow or flow of the flowchart and/or one block or flow of the block diagram.
In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
Memory may include non-permanent memory, random access memory (RAM) and/or non-volatile memory in computer-readable media, such as read-only memory (ROM) or flash memory ( flash RAM). Memory is an example of computer-readable media.
Computer-readable media, including permanent and non-permanent, removable and non-removable media, can be stored by any method or technology. The information can be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM) , Read-only memory (ROM), electrically erasable and programmable read-only memory (EEPROM), flash memory or other memory technologies, read-only disc read-only memory (CD-ROM), digital multifunction Optical discs (DVDs) or other optical storage, magnetic cassette tapes, magnetic tape storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carrier waves.
It should also be noted that the terms "include", "include" or any other variant thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or device that includes a series of elements includes not only those elements, but also includes Other elements not explicitly listed, or include elements inherent to this process, method, commodity, or equipment. Without more restrictions, the element defined by the sentence "include one..." does not exclude that there are other identical elements in the process, method, commodity, or equipment that includes the element.
Those skilled in the art should understand that the embodiments of this specification can be provided as methods, systems, or computer program products. Therefore, this specification may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, this manual can take the form of computer program products implemented on one or more computer usable storage media (including but not limited to disk memory, CD-ROM, optical memory, etc.) containing computer usable program code .
This description can be described in the general context of computer-executable instructions executed by a computer, such as a program module. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. This specification can also be practiced in distributed computing environments in which remote processing devices connected through a communication network perform tasks. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.
The embodiments in this specification are described in a progressive manner. The same or similar parts between the embodiments can be referred to each other. Each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method embodiment.
The above are only examples of this specification, and are not intended to limit this application. For those skilled in the art, the present application may have various modifications and changes. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principle of this application shall be included in the scope of the patent application of this application.
