WO2020251386A1 - Recherche d'appartenance d'une adresse ip à un groupe territorial sur la base de données de transactions - Google Patents
Recherche d'appartenance d'une adresse ip à un groupe territorial sur la base de données de transactions Download PDFInfo
- Publication number
- WO2020251386A1 WO2020251386A1 PCT/RU2019/000424 RU2019000424W WO2020251386A1 WO 2020251386 A1 WO2020251386 A1 WO 2020251386A1 RU 2019000424 W RU2019000424 W RU 2019000424W WO 2020251386 A1 WO2020251386 A1 WO 2020251386A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- addresses
- territorial
- cluster
- address
- transactions
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
Definitions
- the claimed solution relates generally to the field of data processing, and in particular to a method and system for finding the belonging of IP addresses to territorial clusters based on transactional data.
- IP address An increasing proportion of transactions are conducted by clients on remote service channels in which the only parameter that allows determining the actual location of the client is the IP address.
- directories that map a specific IP address to a city.
- Such reference books do not allow to fully solve problems where it is necessary to understand the territorial location of the client. For example, in the case of combating fraud, when it is necessary to determine the territorial proximity between two client sessions close in time in a remote service channel, executed with different IP addresses.
- the main reason is that directories are outdated, IP addresses can also pass to other providers, the principle of writing the names of settlements is also not formalized in relation to IP addresses (the same city often has several spellings), accuracy for IP mobile operator addresses are extremely low.
- SUBSTITUTE SHEET (RULE 26) the use of the user's geo-position and means of performing transactions to analyze points of the assumed location, which does not allow obtaining segmented information about the territorial belonging of the client to a particular cluster corresponding to the most frequently used IP-addresses, which will make it possible to more quickly determine the user's location.
- the technical problem or technical problem to be solved using the claimed invention is the formation of clusters indicating the territorial affiliation of IP addresses.
- the technical result is to ensure the location of the participants in the transaction using the used IP addresses when they are assigned to a given territorial cluster.
- An additional technical result is to increase the speed of determining the meta location of the user due to the formed clusters corresponding to the territorial distribution of IP addresses.
- the claimed result is achieved due to a computer-implemented method for searching for the belonging of an IP address to a territorial cluster based on transaction data, which is performed using a processor and contains the steps at which:
- the vertices are IP addresses
- the edges are the number of transfers for a certain period of time between senders and recipients using the corresponding IP addresses
- transaction data is obtained from transaction execution devices.
- the devices are: mobile devices, ATMs, POS terminals, or combinations thereof.
- the transaction data further comprises the user's geo-coordinates.
- the claimed solution is also implemented by a computer system comprising at least one processor and a memory storing instructions executed by the processor for implementing the above method.
- FIG. 1 illustrates a block diagram of the implementation of the claimed method.
- FIG. 2 illustrates an example of building a graph based on IP addresses.
- FIG. 3 to FIG. 4 illustrate examples of formed clusters.
- FIG. 1 shows the process of performing the claimed method (100) for searching for an IP address belonging to a territorial cluster.
- transaction data is collected, which may include the history of spending, the history of logins to the Internet bank, the client's devices, the client's financial behavior, account balances, etc.
- the user's transaction data contains the IP-addresses of users in the XXX.XXX.XXX.XXX format involved in money transfers, in particular p2p transactions (Payer-to-payer).
- Transaction data typically comes from transaction processing devices such as ATMs, POS terminals, mobile devices of users with a transaction application installed, etc.
- a graph is built (step 103), the vertices of which are IP addresses of the class xxx.xxx.xxx, the edges are the number of transfers within a certain period of time between clients using such IP addresses
- a clustering algorithm is applied to the constructed graph (eg, label propagation - https://en.wikipedia.org/wiki/Label_Propagation_Algorithm).
- the clustering algorithm of the graph vertices allows you to assign an IP address to a specific cluster. This grouping makes it possible to identify the IP addresses used by clients who have social and financial connections with each other (transactions, messaging via the Internet, etc.).
- the graph construction algorithm can be implemented based on the algorithm disclosed in the article “Community Detection via Semi-Synchronous Label Propagation Algorithms” (arXiv: 1103.4450vl, 03/23/2011).
- the polygon boundaries can be determined by a method similar to the mapping of the range of living organisms (contour method), in which linear boundaries of the range are plotted on the map, forming a contour line of the entire territory within which a client can be found who has shown transactional activity. Additionally, the center of the polygon is determined (the median of the coordinates of the points included in the polygon) and, if an outlier is found in the data (the coordinate allocated from the total sample by the client and determined by the “three sigma rule”), the polygon is rebuilt without outliers.
- a territorial cluster is a polygon defined by geo-coordinates on the earth's surface, built on the basis of customer data using an IP address with a calculated cluster and by which the exact geo-coordinates of the location are known (for example, when visiting a bank office) (105).
- the received IP address is compared with the formed territorial clusters, and when the corresponding IP address is identified in a particular cluster, the client is assigned a territorial location within a given cluster.
- the determination of the most frequently used IP address by a client can be performed by analyzing its transactional activity for a given period of time, for example, a day, a week, a month, etc.
- personal identifiers of clients can be used, for example, passport data that identifies the territorial registration of clients.
- Examples of formed clusters are shown in FIG. 3 to FIG. 4.
- 10,000 clients were selected from each cluster, and for each client its average habitat was calculated (based on the use of ATMs and POS terminals). The points are plotted on a geographic map and divided into clusters formed.
- the created method (100) for clustering clients allows, according to the history of logins to the Internet bank (IP-addresses), to divide clients according to belonging to a geographic community, without using knowledge of their geo-coordinates.
- IP-addresses IP-addresses
- SUBSTITUTE SHEET (RULE 26) (find out the balances of funds, make transfers, etc.).
- customers using both a mobile application and an ATM network cash in / out, mobile bank connection, etc.
- the compiled algorithm makes it possible to use knowledge about the behavior of customers using both ATMs and a mobile application, while enriching customer profiles that do not leave a geographical footprint.
- the possibility of applicability of models, in which there is a need to understand the actual location of the client is realized for those who use only the Internet bank with the geolocation determination module disabled.
- the results of the clustering operation can be used as an additional feature to improve the efficiency of the transaction scoring model.
- customers are more likely to make transfers to customers who are located in the same geographic area with the sender.
- a pattern of behavior is more often observed in which the sender and the recipient are at a far distance from each other: the scammers do not always know the location of the victim and it is difficult to pick up the recipient's client from the same region as the sender.
- the feature of the same geographic location of the sender and the recipient has a strong impact on reducing false positives of the anti-fraud system.
- FIG. 5 shows an example of a general view of a computing system (200) based on a computing device (200), which provides the implementation of the claimed method (100).
- the device (200) can be part of a computer system, for example, a server that processes the necessary data to implement the method (100).
- the computing device (200) contains one or more processors (201) united by a common data bus, memory means such as RAM (202) and ROM (203), input / output interfaces (204), devices input / output (205), and a device for networking (206).
- processors (201) united by a common data bus
- memory means such as RAM (202) and ROM (203)
- input / output interfaces (204) input / output interfaces
- devices input / output a device for networking
- the memory means can be the available amount of memory of the graphics card or graphics processor.
- RAM (202) is a random access memory and is intended for storing machine-readable instructions executed by the processor (201) for performing the necessary operations for logical data processing.
- RAM (202) contains executable instructions of the operating system and corresponding software components (applications, software modules, etc.).
- ROM (203) is one or more persistent storage devices such as a hard disk drive (HDD), solid state data storage device (SSD), flash memory (EEPROM, NAND, etc.), optical storage media ( CD-R / RW, DVD-R / RW, BlueRay Disc, MD), etc.
- HDD hard disk drive
- SSD solid state data storage device
- EEPROM electrically erasable programmable read-only memory
- NAND flash memory
- optical storage media CD-R / RW, DVD-R / RW, BlueRay Disc, MD, etc.
- I / O interfaces (204) are used to organize the operation of the components of the device (200) and to organize the operation of external connected devices.
- the choice of the appropriate interfaces depends on the specific version of the computing device, which can be, but are not limited to: PCI, AGP, PS / 2, IrDa, FireWire, LPT, COM, SATA, IDE, Lightning, USB (2.0, 3.0, 3.1, micro, mini, type C), TRS / Audio jack (2.5, 3.5, 6.35), HDMI, DVI, VGA, Display Port, RJ45, RS232, etc.
- I / O means for example, a keyboard, display (monitor), touch display, touch pad, joystick, mouse manipulator, light pen, stylus, touch panel, trackball, speakers, microphone, augmented reality, optical sensors, tablet, light indicators, projector, camera, biometric identification (retina scanner, fingerprint scanner, voice recognition module), etc.
- the networking means (206) allows the device (200) to transmit data via an internal or external computer network, for example, Intranet, Internet, LAN, and the like.
- One or more means (206) can be used, but not limited to: Ethernet card, GSM modem, GPRS modem, LTE modem, 5G modem, satellite communication module, NFC module, Bluetooth and / or BLE module, Wi-Fi module, and dr.
- satellite navigation aids can also be used as part of the device (200), for example, GPS, GLONASS, BeiDou, Galileo.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Cette invention concerne un procédé et un système de recherche d'appartenance d'adresses IP à des groupes territoriaux sur la base de données de transactions. Le résultat technique consiste en la possibilité de déterminer la localisation de participants à une transaction à l'aide d'adresses IP utilisées lors de leur rattachement à un groupe territorial donné. Le procédé comprend les étapes consistant à: obtenir des données sur les transactions des utilisateurs comprenant des adresses IP d'expéditeurs et de destinataires de transactions; effectuer un tri de la fréquence d'utilisation des adresses IP et du nombre de transactions entre lesdites adresses IP; générer un graphique sur la base des données de tri, dans lequel les sommets sont les adresses IP et les arêtes sont le nombre de transferts pour une période prédéterminée entre les expéditeurs et les destinataires utilisant les adresses IP correspondantes; effectuer une construction de groupes territoriaux sur la base du graphique généré, chaque groupe comprenant plusieurs adresses IP; obtenir des informations de transaction d'utilisateur comprenant au moins l'adresse IP; rechercher l'adresse IP obtenue dans la groupe territorial et, dans le cas où l'adresse IP est trouvée, attribuer un groupe territorial correspondant à l'utilisateur.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2019118544 | 2019-06-14 | ||
RU2019118544A RU2713761C1 (ru) | 2019-06-14 | 2019-06-14 | Способ и система поиска принадлежности ip-адреса территориальному кластеру на основе данных транзакций |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020251386A1 true WO2020251386A1 (fr) | 2020-12-17 |
Family
ID=69625536
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/RU2019/000424 WO2020251386A1 (fr) | 2019-06-14 | 2019-06-14 | Recherche d'appartenance d'une adresse ip à un groupe territorial sur la base de données de transactions |
Country Status (3)
Country | Link |
---|---|
EA (1) | EA201991423A1 (fr) |
RU (1) | RU2713761C1 (fr) |
WO (1) | WO2020251386A1 (fr) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008070415A2 (fr) * | 2006-11-14 | 2008-06-12 | Deepdive Technologies Inc. | Appareil et procédé de collecte d'informations réparties dans un réseau |
US20100022254A1 (en) * | 2008-07-22 | 2010-01-28 | Bank Of America Corporation | Location-Based Authentication of Mobile Device Transactions |
US20120066062A1 (en) * | 2010-08-06 | 2012-03-15 | Visa U.S.A. Inc. | Systems and Methods to Present Triggers for Real-Time Offers |
US20130246342A1 (en) * | 2012-02-02 | 2013-09-19 | Patrick Faith | Multi-Source, Multi-Dimensional, Cross-Entity, Multimedia Centralized Personal Information Database Platform Apparatuses, Methods and Systems |
US9641604B1 (en) * | 2013-05-16 | 2017-05-02 | Ca, Inc. | Ranking candidate servers in order to select one server for a scheduled data transfer |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9189549B2 (en) * | 2010-11-08 | 2015-11-17 | Microsoft Technology Licensing, Llc | Presenting actions and providers associated with entities |
AU2013277083A1 (en) * | 2012-02-22 | 2015-01-22 | Visa International Service Association | Intelligent consumer service terminal apparatuses, methods and systems |
-
2019
- 2019-06-14 RU RU2019118544A patent/RU2713761C1/ru active
- 2019-06-14 WO PCT/RU2019/000424 patent/WO2020251386A1/fr active Application Filing
- 2019-07-10 EA EA201991423A patent/EA201991423A1/ru unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008070415A2 (fr) * | 2006-11-14 | 2008-06-12 | Deepdive Technologies Inc. | Appareil et procédé de collecte d'informations réparties dans un réseau |
US20100022254A1 (en) * | 2008-07-22 | 2010-01-28 | Bank Of America Corporation | Location-Based Authentication of Mobile Device Transactions |
US20120066062A1 (en) * | 2010-08-06 | 2012-03-15 | Visa U.S.A. Inc. | Systems and Methods to Present Triggers for Real-Time Offers |
US20130246342A1 (en) * | 2012-02-02 | 2013-09-19 | Patrick Faith | Multi-Source, Multi-Dimensional, Cross-Entity, Multimedia Centralized Personal Information Database Platform Apparatuses, Methods and Systems |
US9641604B1 (en) * | 2013-05-16 | 2017-05-02 | Ca, Inc. | Ranking candidate servers in order to select one server for a scheduled data transfer |
Also Published As
Publication number | Publication date |
---|---|
EA201991423A1 (ru) | 2020-12-30 |
RU2713761C1 (ru) | 2020-02-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106803168B (zh) | 一种异常转账侦测方法和装置 | |
US20140067656A1 (en) | Method and system for fraud risk estimation based on social media information | |
US9787640B1 (en) | Using hypergraphs to determine suspicious user activities | |
EP3320512B1 (fr) | Analyse de profilage de série chronologique d'attribut mobile | |
WO2018120427A1 (fr) | Procédé, appareil et dispositif d'estimation de risques sur la base d'un service de localisation, et support d'informations | |
US10521856B1 (en) | Categorizing financial transactions based on spending patterns | |
CN109690608A (zh) | 外推信任得分中的趋势 | |
US9542710B1 (en) | Categorizing financial transactions based on business preferences | |
US20140257932A1 (en) | Segment assignment optimization engine | |
US20210209604A1 (en) | Method, System, and Computer Program Product for Detecting Group Activities in a Network | |
CN110224859A (zh) | 用于识别团伙的方法和系统 | |
EP4229611A1 (fr) | Système, procédé et produit programme d'ordinateur pour une détection d'anomalie d'activité de réseau d'utilisateur | |
Ackland et al. | Political homophily on the web | |
US9438626B1 (en) | Risk scoring for internet protocol networks | |
RU2713761C1 (ru) | Способ и система поиска принадлежности ip-адреса территориальному кластеру на основе данных транзакций | |
US20160012450A1 (en) | Identification of alternate modes of customer service based on indoor positioning system detection of physical customer presence | |
EA040193B1 (ru) | Способ и система поиска принадлежности ip-адреса территориальному кластеру на основе данных транзакций | |
RU2699577C1 (ru) | Способ и система поиска мошеннических транзакций | |
CN114331463A (zh) | 基于线性回归模型的风险识别方法及其相关设备 | |
Gupta et al. | Pendulating or resonating? a case of echo-chambers in twitter | |
CN113661682B (zh) | 控制网络中的访问的方法、系统和计算机可读介质 | |
Gayo-Avello | Political opinion | |
RU2728953C1 (ru) | Способ и система определения схожести векторных представлений участников транзакций | |
Nandalal et al. | Smart system for women safety in cyberspace by fake profile detection | |
RU2770568C1 (ru) | Способ и система анализа финансовой активности торговых точек |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19932702 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19932702 Country of ref document: EP Kind code of ref document: A1 |