WO2022250188A1 - Fraud detection system based on low-level data analysis, and method therefor - Google Patents

Fraud detection system based on low-level data analysis, and method therefor Download PDF

Info

Publication number
WO2022250188A1
WO2022250188A1 PCT/KR2021/006699 KR2021006699W WO2022250188A1 WO 2022250188 A1 WO2022250188 A1 WO 2022250188A1 KR 2021006699 W KR2021006699 W KR 2021006699W WO 2022250188 A1 WO2022250188 A1 WO 2022250188A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
low
financial transaction
transaction
abnormal
Prior art date
Application number
PCT/KR2021/006699
Other languages
French (fr)
Korean (ko)
Inventor
김성수
황희준
이명훈
김미희
Original Assignee
주식회사 유스비
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 유스비 filed Critical 주식회사 유스비
Priority to PCT/KR2021/006699 priority Critical patent/WO2022250188A1/en
Publication of WO2022250188A1 publication Critical patent/WO2022250188A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/04Forecasting or optimisation specially adapted for administrative or management purposes, e.g. linear programming or "cutting stock problem"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Definitions

  • the present invention analyzes financial transaction-related data related to customer media environment information, financial transaction type information, etc. of customers conducting financial transactions at a low level by artificial intelligence to effectively detect abnormal financial transactions.
  • Abnormal finance based on low-level data analysis It relates to a Fraud Detection System (FDS) and its method.
  • FDS Fraud Detection System
  • Fraud Detection System is a security method that collects various information from the payer to create a pattern, then catches the pattern and other abnormal payments and blocks the payment route. It is characterized by active security intervention based on big data. FDS consists of information collection function, analysis and detection function, response function, monitoring and audit function, and is attracting attention as an essential security method at a time when fintech becomes important.
  • the conventional FDS method has a problem in that hackers, voice phishing criminals, and money laundering criminals using cryptocurrency can easily manipulate financial transaction-related data to incapacitate the FDS service.
  • the present invention is an abnormal financial transaction based on low-level data analysis that can effectively detect abnormal financial transactions and automate them with artificial intelligence by analyzing user media environment information, financial transaction type information, etc. of customers conducting financial transactions at a low level. It is to provide a detection system (FDS) and method thereof.
  • FDS detection system
  • the present invention is to provide an abnormal financial transaction detection service based on low-level data analysis suitable for a customer's transaction type by determining a low-level type most suitable for detecting an abnormal financial transaction according to a customer's transaction type.
  • An abnormal financial transaction detection system based on low-level data analysis includes: a data collection unit configured to collect financial transaction-related data related to customer user media environment information and financial transaction type information; a low-level data converter configured to convert the collected data related to financial transactions into low-level data; a low-level data analysis unit configured to analyze the low-level data by an artificial intelligence model; and an abnormal transaction determining unit configured to detect an abnormal transaction based on a low-level analysis result of the artificial intelligence model.
  • the low-level data may include at least one of assembly language, machine language (hex code data, binary code data, etc.) ASCII data, and EBCO data.
  • the low-level data conversion unit includes: a customer transaction type analysis unit configured to analyze a transaction type of the customer based on the financial transaction related data; a low-level type determination unit configured to determine one of a plurality of low-level types including assembly language, hexacode, binary code, ASCII, and EBCO according to the transaction type of the customer; and a low-level conversion unit configured to convert the financial transaction-related data into low-level data corresponding to the low-level type.
  • the low-level data converter includes: a hexacode converter configured to convert the financial transaction-related data into hexacode data; a binary code converter configured to convert the financial transaction-related data into binary code data; an ASCII conversion unit configured to convert the financial transaction-related data into ASCII data; an EBCO conversion unit configured to convert the financial transaction-related data into EBCO data; and an assembly language conversion unit configured to convert the financial transaction related data into assembly language data.
  • the low-level data analysis unit includes: a hexacode-based FDS analysis unit configured to predict a first or more financial transaction probability by extracting features related to an abnormal financial transaction by a hexacode-based artificial intelligence model based on the hexacode data; a binary code-based FDS analyzer configured to predict a second abnormal financial transaction probability by extracting features related to an abnormal financial transaction by a binary code-based artificial intelligence model based on the binary code data; an ASCII-based FDS analysis unit configured to predict a third abnormal financial transaction probability by extracting features related to an abnormal financial transaction by an ASCII-based artificial intelligence model based on the ASCII data; an EBCO-based FDS analyzer configured to predict a fourth abnormal financial transaction probability by extracting features related to an abnormal financial transaction by an EBCO-based artificial intelligence model based on the EBCO data; and an assembly language-based FDS analyzer configured to predict a fifth or higher probability of financial transactions by extracting features related to abnormal financial transactions by an assembly language-based artificial intelligence model
  • the abnormal transaction determining unit may include: a customer transaction type analysis unit configured to analyze a transaction type of the customer based on the financial transaction related data; a weight setting unit configured to set weights of assembly language, machine language (hexadecimal code, binary code, etc.), ASCII, and EBCO according to the transaction type of the customer; and applying the weights to the first or higher financial transaction probability, the second or higher financial transaction probability, the third or higher financial transaction probability, the fourth or higher financial transaction probability, and the fifth or higher financial transaction probability to determine the abnormal transaction.
  • An abnormal transaction determination unit configured to detect may include.
  • An abnormal financial transaction detection method based on low-level data analysis includes: collecting, by a data collection unit, financial transaction-related data related to user media environment information and financial transaction type information of a customer; converting the collected financial transaction-related data into low-level data by a low-level data conversion unit; analyzing the low-level data using an artificial intelligence model by a low-level data analysis unit; and detecting, by an abnormal transaction determination unit, an abnormal transaction based on a low-level analysis result of the artificial intelligence model.
  • the converting the low-level data into low-level data may include: analyzing, by a customer transaction type analyzer, a transaction type of the customer based on the financial transaction related data; Determining, by the low-level type determining unit, one of a plurality of low-level types including assembly language, machine language (Hex code, binary code, etc.), ASCII, and EBCO, according to the transaction type of the customer. step; and converting the financial transaction-related data into low-level data corresponding to the low-level type by a low-level conversion unit.
  • the converting of the low-level data into low-level data may include: converting the financial transaction-related data into hexacode data by a hexacode converter; converting the financial transaction-related data into binary code data by a binary code conversion unit; converting the financial transaction-related data into ASCII data by an ASCII conversion unit; converting the financial transaction-related data into EBCO data by an EBCO conversion unit; and converting the financial transaction-related data into assembly language data by an assembly language conversion unit.
  • the step of analyzing the low-level data extracting features related to abnormal financial transactions by a hexacode-based artificial intelligence model based on the hexacode-based FDS analysis unit based on the hexacode data to obtain a first or higher probability of financial transactions predicting; Predicting a probability of a second or more financial transaction by extracting features related to an abnormal financial transaction by a binary code-based artificial intelligence model based on the binary code data by a binary code-based FDS analysis unit; Predicting a third abnormal financial transaction probability by an ASCII-based FDS analysis unit by extracting features related to an abnormal financial transaction by an ASCII-based artificial intelligence model based on the ASCII data; predicting a fourth abnormal financial transaction probability by extracting features related to abnormal financial transactions by an EBCO-based artificial intelligence model based on the EBCO data by an EBCO-based FDS analysis unit; and extracting features related to abnormal financial transactions by an assembly language-based FDS analysis unit based on the assembly language data based on an assembly language-
  • the detecting of the abnormal transaction may include: analyzing, by a customer transaction type analyzer, a transaction type of the customer based on the financial transaction related data; setting, by a weight setting unit, weights of assembly language, machine language (Hex code, binary code, etc.), ASCII, and EBCO according to the transaction type of the customer; and the abnormal transaction determination unit determines the first or higher probability of financial transaction, the second or higher probability of financial transaction, the third or higher probability of financial transaction, the fourth or higher probability of financial transaction, and the fifth or higher probability of financial transaction. It may include; detecting an abnormal transaction by applying weights.
  • An abnormal financial transaction detection method based on low-level data analysis further includes: analyzing the transaction type of the customer based on the financial transaction-related data by a customer transaction type analyzer; , The step of analyzing the low-level data may include: extracting a plurality of code regions from the low-level data according to the transaction type of the customer; and analyzing the low-level data by setting a weight for each code region according to the transaction type of the customer.
  • a computer program recorded on a computer-readable recording medium is provided to execute the low-level data analysis-based abnormal financial transaction detection method.
  • financial transaction-related data related to user media environment information and financial transaction type information of customers conducting financial transactions are analyzed at a low level using artificial intelligence to effectively detect abnormal financial transactions and to artificially detect them.
  • An abnormal financial transaction detection system and method based on low-level data analysis that can be automated with intelligence are provided.
  • an abnormal financial transaction detection service based on low-level data analysis suitable for the customer's transaction type by determining the most suitable low-level type for detecting abnormal financial transactions according to the customer's transaction type. have.
  • FIG. 1 is a block diagram of an abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention.
  • FIG. 2 is a block diagram of a low-level data converter constituting an abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention.
  • 3 and 4 are exemplary diagrams illustrating that financial transaction-related data is converted into low-level data according to an embodiment of the present invention.
  • FIG. 5 is a block diagram of a low-level data converter constituting an abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention.
  • FIG. 6 is a block diagram showing a low-level data analysis unit, an artificial intelligence model, and an abnormal transaction decision unit constituting an abnormal financial transaction detection system based on low-level data analysis according to another embodiment of the present invention.
  • FIG. 7 is a flowchart of an abnormal financial transaction detection method based on low-level data analysis according to an embodiment of the present invention.
  • step S130 of FIG. 7 is a flowchart illustrating step S130 of FIG. 7 .
  • FIG. 9 is a flowchart illustrating steps S140 and S150 of FIG. 7 .
  • ' ⁇ unit' used in this specification is a unit that processes at least one function or operation, and may mean, for example, software, an FPGA, or a hardware component. Functions provided by ' ⁇ unit' may be performed separately by a plurality of components or may be integrated with other additional components.
  • ' ⁇ unit' in this specification is not necessarily limited to software or hardware, and may be configured to be in an addressable storage medium or configured to reproduce one or more processors.
  • embodiments of the present invention will be described in detail with reference to the drawings.
  • An abnormal financial transaction detection system based on low-level data analysis converts financial transaction-related data related to customer user media environment information and financial transaction type information into low-level data representing one-dimensional information. data), and analyze the low-level data by an artificial intelligence model to detect abnormal transactions.
  • an abnormal financial transaction detection system 100 based on low-level data analysis may include a data collection unit 200 and an abnormal financial transaction detection unit 300 .
  • the data collection unit 200 may be configured to collect financial transaction-related data related to customer user media environment information and financial transaction type information from a customer terminal (not shown).
  • the customer terminal is a terminal used by a customer, and may be, for example, a terminal used by a fintech company, a blockchain exchange, a bank, a securities company, an insurance company, various other financial institutions, or individual customers.
  • User media environment information includes, for example, hardware-related information such as Internet/smartphone/PDA/VM banking (eg, device model name, CPU information, HDD information, MAC information, etc.), application-related information (eg, OS version information, browser information, manufacturer information, security program information, software use information, etc.), network-related information (eg, IP information, VPN information, proxy IP information, connection network information, etc.).
  • hardware-related information such as Internet/smartphone/PDA/VM banking (eg, device model name, CPU information, HDD information, MAC information, etc.)
  • application-related information eg, OS version information, browser information, manufacturer information, security program information, software use information, etc.
  • network-related information eg, IP information, VPN information, proxy IP information, connection network information, etc.
  • the financial transaction type information may include, for example, transaction-related information such as a transaction pattern or transaction tendency, such as a customer's transfer amount, account, time, and access.
  • Data related to financial transactions of customers collected from customer terminals are, for example, application services of fintech companies, e-wallet opening of blockchain exchanges, online banking account opening of banks, securities trading app account opening of securities companies, and online information related to insurance companies. Data for various financial transaction services such as insurance application may be included.
  • the data collection unit 200 may include an input device and/or a receiving device receiving data from a customer terminal.
  • the customer's financial transaction-related data collected by the data collection unit 200 may be transmitted to the abnormal financial transaction detection unit 300 .
  • the abnormal financial transaction detection unit 300 includes a low-level data conversion unit 310, a low-level data analysis unit 320, an artificial intelligence model 330, an abnormal transaction determination unit 340, and an artificial intelligence learning unit 350. can include
  • the low-level data conversion unit 310 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into low-level data.
  • the low-level data conversion unit 310 may convert customer financial transaction-related data into low-level data by, for example, web forensics.
  • the customer's financial transaction-related data is converted into assembly language, machine language (hexacode data, binary code data, etc.), ASCII by the low-level data conversion unit 310 data, and low-level data including at least one of EBCO data.
  • the low-level data conversion unit 310 includes a hexadecimal code conversion unit 312, a binary code conversion unit 314, an ASCII conversion unit 316, an EBCO conversion unit 318, and an assembly language A conversion unit 319 may be included.
  • the hexacode conversion unit 312 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into hexadecimal code data corresponding to a hexadecimal hexadecimal code type.
  • the binary code conversion unit 314 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into binary code data corresponding to a binary code type.
  • the ASCII conversion unit 316 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into ASCII data corresponding to an ASCII code type.
  • the EBCO conversion unit 318 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into EBCO data corresponding to an EBCO code type.
  • the assembly language conversion unit 319 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into assembly language data corresponding to an assembly language code type.
  • 3 and 4 are exemplary diagrams illustrating that financial transaction-related data is converted into low-level data according to an embodiment of the present invention.
  • 3 shows an example of hexacode data
  • FIG. 4 shows an example of binary code data.
  • the artificial intelligence model 330 extracts patterns (10, 20, 30) (40, 50, 60) of a specific area from low-level data, and extracts the extracted patterns (10, 20, 30) (40, 50, 60) can be learned to detect abnormal financial transactions by analyzing the rules.
  • the low-level data analysis unit 320 will be configured to analyze the low-level data converted by the low-level data conversion unit 310 using the artificial intelligence model 330 learned by the artificial intelligence learning unit 350.
  • the artificial intelligence learning unit 350 may learn an artificial intelligence model by converting generally collected customer transaction data into low-level data and extracting features corresponding to patterns of the low-level data.
  • the features learned by the artificial intelligence learning unit 350 include transaction type information such as internet/smart phone/PDA/VM banking related to the transaction data requested by the customer, IP address of the customer terminal, VPN information, proxy IP information, connection network Network information such as information, device information of the customer terminal (device model name, CPU information, HDD information, device type such as MAC information), OS version, browser, manufacturer, security program, application information such as software use, location of the customer terminal Information (Korea, North Korea, China, Russia, etc.), Internet access protocol (TCPIP, UDP, etc.), transaction time, connection maintenance time, transfer amount, transaction pattern/tendency information such as account information, etc. may be included.
  • transaction type information such as internet/smart phone/PDA/VM banking related to the transaction data requested by the customer, IP address of the customer terminal, VPN information, proxy IP information, connection network Network information such as information, device information of the customer terminal (device model name, CPU information, HDD information, device type such as MAC information), OS version, browser, manufacturer, security program
  • the abnormal transaction determination unit 340 may be configured to detect abnormal transactions based on the low-level analysis result of the low-level data analysis unit 320 using the artificial intelligence model 330 .
  • Low-level data is not easy to manipulate to avoid FDS even for hackers with high hacking ability, and when manipulated by a hacker, its inherent characteristics are changed, so it is possible to determine whether or not it has been manipulated.
  • abnormal financial transactions are effectively detected by analyzing user media environment information, financial transaction type information, etc. of customers conducting financial transactions at a low level, and it can be automated with artificial intelligence. .
  • an alarm may be generated to a person in charge of a task related to preventing an abnormal financial transaction.
  • the low-level data conversion unit 310 may include a customer transaction type analysis unit 310a, a low-level type determination unit 310b, and a low-level conversion unit 310c.
  • the customer transaction type analysis unit 310a may be configured to analyze the transaction type of the corresponding customer based on the customer's financial transaction-related data collected by the data collection unit 200 .
  • the customer's transaction type is the transaction request amount, transaction target, type of customer terminal, region (country), and institution to which the customer belongs (fintech company, blockchain exchange, bank, securities company, insurance company, other financial institutions or individual customers) , Internet access protocol type, transaction time type, connection maintenance time type, etc. can be set and classified in various ways.
  • the low-level type determination unit 310b determines a plurality of rows including assembly language, machine language (hexacode, binary code, etc.), ASCII and EBCO according to the customer's specific transaction type analyzed by the customer transaction type analysis unit 310a. It can be configured to determine the low level type of any one of the level types.
  • the low-level type determining unit 310b may learn a low-level type showing the best FDS performance for each transaction type of the customer, and then determine a low-level type that is most suitable for the FDS according to the transaction type of the customer.
  • the low-level conversion unit 310c may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into low-level data corresponding to the low-level type determined by the low-level type determination unit 310b.
  • the FDS service suitable for the customer's transaction type can be provided by determining the low-level type most suitable for the FDS according to the customer's transaction type and converting the customer's financial transaction-related data into the corresponding low-level type.
  • FIG. 6 is a block diagram showing a low-level data analysis unit, an artificial intelligence model, and an abnormal transaction decision unit constituting an abnormal financial transaction detection system based on low-level data analysis according to another embodiment of the present invention.
  • the low-level data analysis unit 320 includes a hexacode-based FDS analysis unit 322, a binary code-based FDS analysis unit 324, an ASCII-based FDS analysis unit 326, A BCO-based FDS analysis unit 328 and an assembly language-based FDS analysis unit 329 may be included.
  • the hexacode-based FDS analysis unit 322 extracts features related to abnormal financial transactions by the hexacode-based artificial intelligence model 332 based on the hexacode data converted by the hexacode conversion unit 312 to obtain the first or higher It can be configured to predict the probability of a financial transaction.
  • the binary code-based FDS analysis unit 324 extracts features related to the abnormal financial transaction by the binary code-based artificial intelligence model 334 based on the binary code data converted by the binary code conversion unit 314, and second or higher It can be configured to predict the probability of a financial transaction.
  • the ASCII-based FDS analysis unit 326 extracts features related to the abnormal financial transaction by the ASCII-based artificial intelligence model 336 based on the ASCII data converted by the ASCII conversion unit 316 to determine the probability of the third abnormal financial transaction. It can be configured to predict.
  • the EBCO-based FDS analysis unit 328 extracts features related to abnormal financial transactions by the EBCO-based artificial intelligence model 338 based on the EBCO data converted by the EBCO conversion unit 318 to determine the fourth or higher probability of financial transactions It can be configured to predict.
  • the assembly language-based FDS analysis unit 329 extracts features related to abnormal financial transactions by the assembly language-based artificial intelligence model 339 based on the assembly language data converted by the assembly language conversion unit 319, and calculates a fifth or higher probability of financial transactions. It can be configured to predict.
  • the abnormal transaction determining unit 340 may include a customer transaction type analyzing unit 342 , a weight setting unit 344 , and an abnormal transaction determining unit 346 .
  • the customer transaction type analyzer 342 analyzes the customer's transaction type based on the customer's financial transaction-related data collected by the data collection unit 200. can be configured to
  • the weight setting unit 344 may be configured to set weights of assembly language, hexacode, binary code, ASCII, and EBCO according to the transaction type of the customer analyzed by the customer transaction type analysis unit 342 .
  • the abnormal transaction determination unit 346 may be configured to detect abnormal transactions by applying the weights set by the weight setting unit 344 to the probability of a plurality of abnormal financial transactions predicted for each of various low-level types.
  • the abnormal transaction determination unit 346 determines the probability of the first abnormal financial transaction predicted by the hexacode-based FDS analysis unit 322 and the second abnormal financial transaction predicted by the binary code-based FDS analysis unit 324 probability, the third or higher financial transaction probability predicted by the ASCII-based FDS analysis unit 326, the fourth or higher financial transaction probability predicted by the EBCO-based FDS analysis unit 328, and the assembly language-based FDS analysis unit 329
  • Abnormal transactions may be detected by applying the weights set by the weight setting unit 344 to the probability of the fifth abnormal financial transaction predicted by the above.
  • FDS services suitable for the customer's transaction type can be provided by combining FDS analysis results of various low-level types by setting and applying weights of various low-level types according to the customer's transaction type. have.
  • the low-level data analysis unit 320 extracts a plurality of code areas from each low-level data for each of various low-level types, and the customer's transaction type analysis unit 342 analyzes An abnormal financial transaction may be detected by setting a weight for each code area according to the transaction type by a weight setting unit.
  • a plurality of code regions extracted from each low-level data may be different for each low-level type.
  • a plurality of code areas extracted from each low-level data and a weight (relationship with ideal financial transaction) of each code area may be determined or set by a learned artificial intelligence model, or may be selected or input by an expert.
  • the hexacode-based FDS analysis unit 322 extracts first code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the hexacode data, and assigns a weight set to each of the first code areas. It can be applied to detect abnormal financial transactions.
  • the first code areas selected from the hexacode data may be changed according to the customer's transaction type, and the weights of the first code areas may also be set differently according to the customer's transaction type.
  • the binary code-based FDS analysis unit 324 extracts second code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the binary code data, and assigns a weight set to each of the second code areas. It can be applied to detect abnormal financial transactions.
  • the second code areas selected from the binary code data may be changed according to the customer's transaction type, and the weights of the second code areas may also be set differently according to the customer's transaction type.
  • the ASCII-based FDS analysis unit 326 extracts third code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the ASCII data, and applies a weight set to each of the third code areas. Abnormal financial transactions can be detected.
  • the third code regions selected from the ASCII data may be changed according to the customer's transaction type, and the weights of the third code regions may also be set differently according to the customer's transaction type.
  • the EBCO-based FDS analysis unit 328 extracts fourth code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the EBCO data, and applies a set weight to each of the fourth code areas to obtain Abnormal financial transactions can be detected.
  • the fourth code areas selected from the EBCO data may be changed according to the customer's transaction type, and the weights of the fourth code areas may also be set differently according to the customer's transaction type.
  • the assembly language-based FDS analysis unit 329 extracts fifth code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the assembly language data, and applies a set weight to each of the fifth code areas. Abnormal financial transactions can be detected.
  • the fifth code regions selected from the assembly language data may be changed according to the customer's transaction type, and the weights of the fifth code regions may also be set differently according to the customer's transaction type.
  • the FDS artificial intelligence model can be learned using general transaction data (learning data) (S110).
  • the artificial intelligence learning unit 350 may learn an artificial intelligence model by converting generally collected customer transaction data into low-level data and extracting features corresponding to patterns of the low-level data.
  • the features learned by the artificial intelligence learning unit 350 include transaction type information such as internet/smart phone/PDA/VM banking related to the transaction data requested by the customer, IP address of the customer terminal, VPN information, proxy IP information, connection network Network information such as information, device information of the customer terminal (device model name, CPU information, HDD information, device type such as MAC information), OS version, browser, manufacturer, security program, application information such as software use, location of the customer terminal Information (Korea, North Korea, China, Russia, etc.), Internet access protocol (TCPIP, UDP, etc.), transaction time, connection maintenance time, transfer amount, transaction pattern/tendency information such as account information, etc. may be included.
  • transaction type information such as internet/smart phone/PDA/VM banking related to the transaction data requested by the customer, IP address of the customer terminal, VPN information, proxy IP information, connection network Network information such as information, device information of the customer terminal (device model name, CPU information, HDD information, device type such as MAC information), OS version, browser, manufacturer, security program
  • the data collection unit 200 provides financial transaction-related data requested by the customer from the customer terminal (eg, fintech company app service, blockchain exchange e-wallet opening, bank online banking account opening, securities company stock trading app account). data) may be collected (S120).
  • financial transaction-related data eg, fintech company app service, blockchain exchange e-wallet opening, bank online banking account opening, securities company stock trading app account. data
  • User media environment information includes, for example, hardware-related information such as Internet/smartphone/PDA/VM banking (eg, device model name, CPU information, HDD information, MAC information, etc.), application-related information (eg, OS version information, browser information, manufacturer information, security program information, software use information, etc.), network-related information (eg, IP information, VPN information, proxy IP information, connection network information, etc.).
  • hardware-related information such as Internet/smartphone/PDA/VM banking (eg, device model name, CPU information, HDD information, MAC information, etc.)
  • application-related information eg, OS version information, browser information, manufacturer information, security program information, software use information, etc.
  • network-related information eg, IP information, VPN information, proxy IP information, connection network information, etc.
  • the financial transaction type information may include, for example, transaction-related information such as a transaction pattern or transaction tendency, such as a customer's transfer amount, account, time, and access.
  • the low-level data conversion unit 310 may convert the customer's financial transaction-related data collected by the data collection unit 200 into low-level data (S130).
  • the low-level data conversion unit 310 may convert customer financial transaction-related data into low-level data by, for example, web forensics.
  • the customer's financial transaction-related data by the low-level data conversion unit 310 includes at least one of assembly language, machine language (hexadecimal code data, binary code data, etc.), ASCII data, and EBCO data. It can be converted into low-level data.
  • the low-level data analysis unit 320 may analyze the low-level data converted by the low-level data conversion unit 310 using the artificial intelligence model 330 learned by the artificial intelligence learning unit 350. (S140).
  • the abnormal transaction determination unit 340 may detect an abnormal transaction based on the low-level analysis result analyzed by the low-level data analysis unit 320 using the artificial intelligence model 330 (S150).
  • Low-level data is not easy to manipulate to avoid FDS even for hackers with high hacking ability, and when manipulated by a hacker, its inherent characteristics are changed, so it is possible to determine whether or not it has been manipulated.
  • abnormal financial transactions are effectively detected by analyzing user media environment information, financial transaction type information, etc. of customers conducting financial transactions at a low level, and it can be automated with artificial intelligence. .
  • an alarm may be generated to a person in charge of a task related to preventing an abnormal financial transaction.
  • step S130 of FIG. 7 is a flowchart illustrating step S130 of FIG. 7 .
  • the customer transaction type analyzer 310a analyzes the customer's transaction type based on the customer's financial transaction-related data collected by the data collection unit 200. It can (S132).
  • the customer's transaction type is the transaction request amount, transaction target, type of customer terminal, region (country), customer's institution (fintech companies, blockchain exchanges, banks, securities companies, insurance companies, etc. Customer), Internet access protocol type, transaction time type, connection maintenance time type, etc.
  • the low-level type determination unit 310b determines the customer's transaction type analyzed by the customer transaction type analysis unit 310a, assembly language, machine language (Hex code, binary code, etc.), a plurality of low-level including ASCII and EBCO. One of the low-level types may be determined (S134).
  • the low-level conversion unit 310c may convert the customer's financial transaction-related data collected by the data collection unit 200 into low-level data corresponding to the low-level type determined by the low-level type determination unit 310b. (S136).
  • an FDS service suitable for the customer's transaction type can be provided by determining the low-level type most suitable for the FDS according to the customer's transaction type and converting the customer's financial transaction-related data into the corresponding low-level type.
  • the low-level data analyzer 320 may analyze low-level data according to various low-level types (S142).
  • the hexacode-based FDS analysis unit 322 extracts features related to abnormal financial transactions by the hexacode-based artificial intelligence model 332 based on the hexacode data converted by the hexacode converter 312 Thus, the first or higher financial transaction probability may be predicted.
  • the binary code-based FDS analysis unit 324 extracts features related to abnormal financial transactions by the binary code-based artificial intelligence model 334 based on the binary code data converted by the binary code conversion unit 314. Thus, the probability of the second or higher financial transaction may be predicted.
  • the ASCII-based FDS analysis unit 326 extracts features related to the abnormal financial transaction by the ASCII-based artificial intelligence model 336 based on the ASCII data converted by the ASCII conversion unit 316, and third or higher You can predict the probability of a financial transaction.
  • the EBCO-based FDS analysis unit 328 extracts features related to abnormal financial transactions by the EBCO-based artificial intelligence model 338 based on the EBCO data converted by the EBCO conversion unit 318 to obtain a fourth or higher You can predict the probability of a financial transaction.
  • the assembly language-based FDS analysis unit 329 extracts features related to abnormal financial transactions by the assembly language-based artificial intelligence model 339 based on the assembly language data converted by the assembly language conversion unit 319, You can predict the probability of a financial transaction.
  • the customer transaction type analysis unit 342 may analyze the transaction type of the customer requesting the financial transaction based on the customer's financial transaction-related data collected by the data collection unit 200 (S144).
  • the weight setting unit 344 may set the weights of assembly language, machine language (Hex code, binary code, etc.), ASCII, and EBCO according to the transaction type of the customer analyzed by the customer transaction type analysis unit 342 (S152).
  • the abnormal transaction determination unit 346 determines the probability of the first or more financial transactions predicted by the hexacode-based FDS analysis unit 322, the probability of the second or more financial transactions predicted by the binary code-based FDS analysis unit 324, and the ASCII-based The third or more financial transaction probability predicted by the FDS analysis unit 326, the fourth or more financial transaction probability predicted by the EBCO-based FDS analysis unit 328, and the second prediction by the assembly language-based FDS analysis unit 329 Abnormal transactions may be detected by applying the weights set by the weight setting unit 344 to the probability of 5 or more financial transactions (S154).
  • FDS services suitable for the customer's transaction type can be provided by combining FDS analysis results of various low-level types by setting and applying weights of various low-level types according to the customer's transaction type. have.
  • the embodiments described above may be implemented as hardware components, software components, and/or a combination of hardware components and software components.
  • the devices, methods and components described in the embodiments may include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate (FPGA) array), programmable logic units (PLUs), microprocessors, or any other device capable of executing and responding to instructions.
  • ALU arithmetic logic unit
  • FPGA field programmable gate
  • PLUs programmable logic units
  • microprocessors or any other device capable of executing and responding to instructions.
  • a processing device may run an operating system and one or more software applications running on the operating system.
  • a processing device may also access, store, manipulate, process, and generate data in response to execution of software.
  • a processing device includes a plurality of processing elements and/or a plurality of types of processing elements. It will be understood that it can include
  • a processing device may include a plurality of processors or a processor and a controller. Also, other processing configurations are possible, such as a parallel processor.
  • Software may include a computer program, code, instructions, or a combination of one or more of the foregoing, which configures a processing device to operate as desired or processes independently or collectively. You can command the device.
  • Software and/or data may be any tangible machine, component, physical device, virtual equipment, computer storage medium or device, intended to be interpreted by or provide instructions or data to a processing device. , or may be permanently or temporarily embodied in a transmitted signal wave. Software may be distributed on networked computer systems and stored or executed in a distributed manner. Software and data may be stored on one or more computer readable media.
  • the method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded on a computer readable medium.
  • Computer readable media may include program instructions, data files, data structures, etc. alone or in combination.
  • Program commands recorded on the medium may be specially designed and configured for the embodiment or may be known and usable to those skilled in computer software.
  • Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tapes, optical media such as CDROMs and DVDs, and ROMs, RAMs, and flash memories.
  • the hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Software Systems (AREA)
  • Human Resources & Organizations (AREA)
  • Development Economics (AREA)
  • Computer Security & Cryptography (AREA)
  • Game Theory and Decision Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Disclosed are a fraud detection system based on low-level data analysis, and a method therefor, the system using artificial intelligence to analyze, at a low level, financial-transaction-related data related to user medium environment information and financial transaction type information about a customer performing a financial transaction, thereby effectively detecting an abnormal financial transaction and automating the detection through the artificial intelligence. A fraud detection system based on low-level data analysis, according to an embodiment of the present invention, comprises: a data collection unit for collecting financial-transaction-related data related to user medium environment information and financial transaction type information about a customer; a low-level data conversion unit for converting the collected financial-transaction-related data into low-level data; a low-level data analysis unit for analyzing the low-level data by means of an artificial intelligence model; and an abnormal transaction determination unit for detecting an abnormal transaction on the basis of the low-level data analysis result of the artificial intelligence model.

Description

로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템 및 그 방법Abnormal financial transaction detection system and method based on low-level data analysis
본 발명은 금융거래를 진행하는 고객의 이용자 매체환경정보, 금융거래 유형 정보 등과 관련된 금융 거래 관련 데이터를 인공지능에 의해 로우레벨에서 분석하여 이상 금융거래를 효과적으로 탐지하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템(FDS; Fraud Detection System) 및 그 방법에 관한 것이다.The present invention analyzes financial transaction-related data related to customer media environment information, financial transaction type information, etc. of customers conducting financial transactions at a low level by artificial intelligence to effectively detect abnormal financial transactions. Abnormal finance based on low-level data analysis It relates to a Fraud Detection System (FDS) and its method.
이상 금융거래 탐지 시스템(FDS; Fraud Detection System)은 결제자의 다양한 정보를 수집해 패턴을 만든 후 패턴과 다른 이상 결제를 잡아내고 결제 경로를 차단하는 보안 방식으로, 보안 솔루션에 의존하던 기존 보안과 달리, 빅데이터를 바탕으로 적극적인 보안 개입을 하는 것이 특징이다. FDS는 정보 수집 기능, 분석 및 탐지 기능, 대응 기능, 모니터링 및 감사 기능으로 구성되어 있으며, 핀테크가 중요해지는 시점에 필수적인 보안 방식으로 주목받고 있다. 종래의 FDS 방식은 해커나 보이스피싱 범죄자, 암호화폐를 활용한 자금세탁 범죄자 등이 어렵지 않게 금융 거래 관련 데이터를 조작하여 FDS 서비스를 무력화할 수 있는 문제를 가지고 있다.Fraud Detection System (FDS) is a security method that collects various information from the payer to create a pattern, then catches the pattern and other abnormal payments and blocks the payment route. It is characterized by active security intervention based on big data. FDS consists of information collection function, analysis and detection function, response function, monitoring and audit function, and is attracting attention as an essential security method at a time when fintech becomes important. The conventional FDS method has a problem in that hackers, voice phishing criminals, and money laundering criminals using cryptocurrency can easily manipulate financial transaction-related data to incapacitate the FDS service.
본 발명은 금융거래를 진행하는 고객의 이용자 매체환경정보, 금융거래 유형 정보 등을 로우레벨에서 분석하여 이상 금융거래를 효과적으로 탐지하고 이를 인공지능으로 자동화 할 수 있는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템(FDS) 및 그 방법을 제공하기 위한 것이다.The present invention is an abnormal financial transaction based on low-level data analysis that can effectively detect abnormal financial transactions and automate them with artificial intelligence by analyzing user media environment information, financial transaction type information, etc. of customers conducting financial transactions at a low level. It is to provide a detection system (FDS) and method thereof.
또한, 본 발명은 고객의 거래 유형에 따라 이상 금융거래 탐지에 가장 적합한 로우레벨 유형을 결정하여 고객의 거래 유형에 적합한 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 서비스를 제공하기 위한 것이다.In addition, the present invention is to provide an abnormal financial transaction detection service based on low-level data analysis suitable for a customer's transaction type by determining a low-level type most suitable for detecting an abnormal financial transaction according to a customer's transaction type.
본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템은: 고객의 이용자 매체환경 정보 및 금융거래 유형 정보와 관련된 금융 거래 관련 데이터를 수집하도록 구성되는 데이터 수집부; 수집된 금융 거래 관련 데이터를 로우레벨 데이터(low-level data)로 변환하도록 구성되는 로우레벨 데이터 변환부; 인공지능 모델에 의해 상기 로우레벨 데이터를 분석하도록 구성되는 로우레벨 데이터 분석부; 및 상기 인공지능 모델의 로우레벨 분석 결과를 기초로 이상 거래를 탐지하도록 구성되는 이상 거래 결정부;를 포함한다.An abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention includes: a data collection unit configured to collect financial transaction-related data related to customer user media environment information and financial transaction type information; a low-level data converter configured to convert the collected data related to financial transactions into low-level data; a low-level data analysis unit configured to analyze the low-level data by an artificial intelligence model; and an abnormal transaction determining unit configured to detect an abnormal transaction based on a low-level analysis result of the artificial intelligence model.
상기 로우레벨 데이터는 어셈블리어, 기계어(헥사코드 데이터, 이진코드 데이터 등) ASCII 데이터, 및 EBCO 데이터 중의 적어도 하나를 포함할 수 있다. The low-level data may include at least one of assembly language, machine language (hex code data, binary code data, etc.) ASCII data, and EBCO data.
상기 로우레벨 데이터 변환부는: 상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하도록 구성되는 고객 거래유형 분석부; 상기 고객의 거래 유형에 따라, 어셈블리어, 헥사코드, 이진코드, ASCII 및 EBCO를 포함하는 복수의 로우레벨 유형들 중 어느 하나의 로우레벨 유형을 결정하도록 구성되는 로우레벨 유형 결정부; 및 상기 금융 거래 관련 데이터를 상기 로우레벨 유형에 해당하는 로우레벨 데이터로 변환하도록 구성되는 로우레벨 변환부;를 포함할 수 있다.The low-level data conversion unit includes: a customer transaction type analysis unit configured to analyze a transaction type of the customer based on the financial transaction related data; a low-level type determination unit configured to determine one of a plurality of low-level types including assembly language, hexacode, binary code, ASCII, and EBCO according to the transaction type of the customer; and a low-level conversion unit configured to convert the financial transaction-related data into low-level data corresponding to the low-level type.
상기 로우레벨 데이터 변환부는: 상기 금융 거래 관련 데이터를 헥사코드 데이터로 변환하도록 구성되는 헥사코드 변환부; 상기 금융 거래 관련 데이터를 이진코드 데이터로 변환하도록 구성되는 이진코드 변환부; 상기 금융 거래 관련 데이터를 ASCII 데이터로 변환하도록 구성되는 ASCII 변환부; 상기 금융 거래 관련 데이터를 EBCO 데이터로 변환하도록 구성되는 EBCO 변환부; 및 상기 금융 거래 관련 데이터를 어셈블리어 데이터로 변환하도록 구성되는 어셈블리어 변환부;를 포함할 수 있다.The low-level data converter includes: a hexacode converter configured to convert the financial transaction-related data into hexacode data; a binary code converter configured to convert the financial transaction-related data into binary code data; an ASCII conversion unit configured to convert the financial transaction-related data into ASCII data; an EBCO conversion unit configured to convert the financial transaction-related data into EBCO data; and an assembly language conversion unit configured to convert the financial transaction related data into assembly language data.
상기 로우레벨 데이터 분석부는: 상기 헥사코드 데이터를 기반으로 헥사코드 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제1 이상 금융거래 확률을 예측하도록 구성되는 헥사코드 기반 FDS 분석부; 상기 이진코드 데이터를 기반으로 이진코드 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제2 이상 금융거래 확률을 예측하도록 구성되는 이진코드 기반 FDS 분석부; 상기 ASCII 데이터를 기반으로 ASCII 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제3 이상 금융거래 확률을 예측하도록 구성되는 ASCII 기반 FDS 분석부; 상기 EBCO 데이터를 기반으로 EBCO 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제4 이상 금융거래 확률을 예측하도록 구성되는 EBCO 기반 FDS 분석부; 및 상기 어셈블리어 데이터를 기반으로 어셈블리어 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제5 이상 금융거래 확률을 예측하도록 구성되는 어셈블리어 기반 FDS 분석부;를 포함할 수 있다.The low-level data analysis unit includes: a hexacode-based FDS analysis unit configured to predict a first or more financial transaction probability by extracting features related to an abnormal financial transaction by a hexacode-based artificial intelligence model based on the hexacode data; a binary code-based FDS analyzer configured to predict a second abnormal financial transaction probability by extracting features related to an abnormal financial transaction by a binary code-based artificial intelligence model based on the binary code data; an ASCII-based FDS analysis unit configured to predict a third abnormal financial transaction probability by extracting features related to an abnormal financial transaction by an ASCII-based artificial intelligence model based on the ASCII data; an EBCO-based FDS analyzer configured to predict a fourth abnormal financial transaction probability by extracting features related to an abnormal financial transaction by an EBCO-based artificial intelligence model based on the EBCO data; and an assembly language-based FDS analyzer configured to predict a fifth or higher probability of financial transactions by extracting features related to abnormal financial transactions by an assembly language-based artificial intelligence model based on the assembly language data.
상기 이상 거래 결정부는: 상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하도록 구성되는 고객 거래유형 분석부; 상기 고객의 거래 유형에 따라 어셈블리어, 기계어(헥사코드, 이진코드 등), ASCII 및 EBCO의 가중치들을 설정하도록 구성되는 가중치 설정부; 및 상기 제1 이상 금융거래 확률, 상기 제2 이상 금융거래 확률, 상기 제3 이상 금융거래 확률, 상기 제4 이상 금융거래 확률, 및 상기 제5 이상 금융거래 확률에 상기 가중치들을 적용하여 이상 거래를 탐지하도록 구성되는 이상 거래 판단부;를 포함할 수 있다.The abnormal transaction determining unit may include: a customer transaction type analysis unit configured to analyze a transaction type of the customer based on the financial transaction related data; a weight setting unit configured to set weights of assembly language, machine language (hexadecimal code, binary code, etc.), ASCII, and EBCO according to the transaction type of the customer; and applying the weights to the first or higher financial transaction probability, the second or higher financial transaction probability, the third or higher financial transaction probability, the fourth or higher financial transaction probability, and the fifth or higher financial transaction probability to determine the abnormal transaction. An abnormal transaction determination unit configured to detect; may include.
본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법은: 데이터 수집부에 의해, 고객의 이용자 매체환경 정보 및 금융거래 유형 정보와 관련된 금융 거래 관련 데이터를 수집하는 단계; 로우레벨 데이터 변환부에 의해, 수집된 금융 거래 관련 데이터를 로우레벨 데이터(low-level data)로 변환하는 단계; 로우레벨 데이터 분석부에 의해, 인공지능 모델을 이용하여 상기 로우레벨 데이터를 분석하는 단계; 및 이상 거래 결정부에 의해, 상기 인공지능 모델의 로우레벨 분석 결과를 기초로 이상 거래를 탐지하는 단계;를 포함한다.An abnormal financial transaction detection method based on low-level data analysis according to an embodiment of the present invention includes: collecting, by a data collection unit, financial transaction-related data related to user media environment information and financial transaction type information of a customer; converting the collected financial transaction-related data into low-level data by a low-level data conversion unit; analyzing the low-level data using an artificial intelligence model by a low-level data analysis unit; and detecting, by an abnormal transaction determination unit, an abnormal transaction based on a low-level analysis result of the artificial intelligence model.
상기 로우레벨 데이터로 변환하는 단계는: 고객 거래유형 분석부에 의해, 상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하는 단계; 로우레벨 유형 결정부에 의해, 상기 고객의 거래 유형에 따라, 어셈블리어, 기계어(헥사코드, 이진코드 등), ASCII 및 EBCO를 포함하는 복수의 로우레벨 유형들 중 어느 하나의 로우레벨 유형을 결정하는 단계; 및 로우레벨 변환부에 의해, 상기 금융 거래 관련 데이터를 상기 로우레벨 유형에 해당하는 로우레벨 데이터로 변환하는 단계;를 포함할 수 있다.The converting the low-level data into low-level data may include: analyzing, by a customer transaction type analyzer, a transaction type of the customer based on the financial transaction related data; Determining, by the low-level type determining unit, one of a plurality of low-level types including assembly language, machine language (Hex code, binary code, etc.), ASCII, and EBCO, according to the transaction type of the customer. step; and converting the financial transaction-related data into low-level data corresponding to the low-level type by a low-level conversion unit.
상기 로우레벨 데이터로 변환하는 단계는: 헥사코드 변환부에 의해, 상기 금융 거래 관련 데이터를 헥사코드 데이터로 변환하는 단계; 이진코드 변환부에 의해, 상기 금융 거래 관련 데이터를 이진코드 데이터로 변환하는 단계; ASCII 변환부에 의해, 상기 금융 거래 관련 데이터를 ASCII 데이터로 변환하는 단계; EBCO 변환부에 의해, 상기 금융 거래 관련 데이터를 EBCO 데이터로 변환하는 단계; 및 어셈블리어 변환부에 의해, 상기 금융 거래 관련 데이터를 어셈블리어 데이터로 변환하는 단계;를 포함할 수 있다.The converting of the low-level data into low-level data may include: converting the financial transaction-related data into hexacode data by a hexacode converter; converting the financial transaction-related data into binary code data by a binary code conversion unit; converting the financial transaction-related data into ASCII data by an ASCII conversion unit; converting the financial transaction-related data into EBCO data by an EBCO conversion unit; and converting the financial transaction-related data into assembly language data by an assembly language conversion unit.
상기 로우레벨 데이터를 분석하는 단계는: 헥사코드 기반 FDS 분석부에 의해, 상기 헥사코드 데이터를 기반으로 헥사코드 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제1 이상 금융거래 확률을 예측하는 단계; 이진코드 기반 FDS 분석부에 의해, 상기 이진코드 데이터를 기반으로 이진코드 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제2 이상 금융거래 확률을 예측하는 단계; ASCII 기반 FDS 분석부에 의해, 상기 ASCII 데이터를 기반으로 ASCII 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제3 이상 금융거래 확률을 예측하는 단계; EBCO 기반 FDS 분석부에 의해, 상기 EBCO 데이터를 기반으로 EBCO 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제4 이상 금융거래 확률을 예측하는 단계; 및 어셈블리어 기반 FDS 분석부에 의해, 상기 어셈블리어 데이터를 기반으로 어셈블리어 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제5 이상 금융거래 확률을 예측하는 단계;를 포함할 수 있다.The step of analyzing the low-level data: extracting features related to abnormal financial transactions by a hexacode-based artificial intelligence model based on the hexacode-based FDS analysis unit based on the hexacode data to obtain a first or higher probability of financial transactions predicting; Predicting a probability of a second or more financial transaction by extracting features related to an abnormal financial transaction by a binary code-based artificial intelligence model based on the binary code data by a binary code-based FDS analysis unit; Predicting a third abnormal financial transaction probability by an ASCII-based FDS analysis unit by extracting features related to an abnormal financial transaction by an ASCII-based artificial intelligence model based on the ASCII data; predicting a fourth abnormal financial transaction probability by extracting features related to abnormal financial transactions by an EBCO-based artificial intelligence model based on the EBCO data by an EBCO-based FDS analysis unit; and extracting features related to abnormal financial transactions by an assembly language-based FDS analysis unit based on the assembly language data based on an assembly language-based artificial intelligence model and predicting a fifth or higher probability of financial transactions.
상기 이상 거래를 탐지하는 단계는: 고객 거래유형 분석부에 의해, 상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하는 단계; 가중치 설정부에 의해, 상기 고객의 거래 유형에 따라 어셈블리어, 기계어(헥사코드, 이진코드 등), ASCII 및 EBCO의 가중치들을 설정하는 단계; 및 이상 거래 판단부에 의해, 상기 제1 이상 금융거래 확률, 상기 제2 이상 금융거래 확률, 상기 제3 이상 금융거래 확률, 상기 제4 이상 금융거래 확률, 및 상기 제5 이상 금융거래 확률에 상기 가중치들을 적용하여 이상 거래를 탐지하는 단계;를 포함할 수 있다.The detecting of the abnormal transaction may include: analyzing, by a customer transaction type analyzer, a transaction type of the customer based on the financial transaction related data; setting, by a weight setting unit, weights of assembly language, machine language (Hex code, binary code, etc.), ASCII, and EBCO according to the transaction type of the customer; and the abnormal transaction determination unit determines the first or higher probability of financial transaction, the second or higher probability of financial transaction, the third or higher probability of financial transaction, the fourth or higher probability of financial transaction, and the fifth or higher probability of financial transaction. It may include; detecting an abnormal transaction by applying weights.
본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법은: 고객 거래유형 분석부에 의해, 상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하는 단계;를 더 포함하고, 상기 로우레벨 데이터를 분석하는 단계는: 상기 고객의 거래 유형에 따라 상기 로우레벨 데이터에서 복수개의 코드 영역들을 추출하는 단계; 및 상기 고객의 거래 유형에 따라 각 코드 영역 별로 가중치를 설정하여 상기 로우레벨 데이터를 분석하는 단계;를 포함할 수 있다.An abnormal financial transaction detection method based on low-level data analysis according to an embodiment of the present invention further includes: analyzing the transaction type of the customer based on the financial transaction-related data by a customer transaction type analyzer; , The step of analyzing the low-level data may include: extracting a plurality of code regions from the low-level data according to the transaction type of the customer; and analyzing the low-level data by setting a weight for each code region according to the transaction type of the customer.
본 발명의 실시예에 따르면, 상기 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법을 실행시키도록 컴퓨터로 판독 가능한 기록 매체에 기록된 컴퓨터 프로그램이 제공된다.According to an embodiment of the present invention, a computer program recorded on a computer-readable recording medium is provided to execute the low-level data analysis-based abnormal financial transaction detection method.
본 발명의 실시예에 의하면, 금융거래를 진행하는 고객의 이용자 매체환경 정보 및 금융거래 유형 정보 등과 관련된 금융 거래 관련 데이터를 인공지능을 이용하여 로우레벨에서 분석하여 이상 금융거래를 효과적으로 탐지하고 이를 인공지능으로 자동화할 수 있는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템 및 그 방법이 제공된다.According to an embodiment of the present invention, financial transaction-related data related to user media environment information and financial transaction type information of customers conducting financial transactions are analyzed at a low level using artificial intelligence to effectively detect abnormal financial transactions and to artificially detect them. An abnormal financial transaction detection system and method based on low-level data analysis that can be automated with intelligence are provided.
또한, 본 발명의 실시예에 의하면, 고객의 거래 유형에 따라 이상 금융거래 탐지에 가장 적합한 로우레벨 유형을 결정하여 고객의 거래 유형에 적합한 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 서비스를 제공할 수 있다.In addition, according to an embodiment of the present invention, it is possible to provide an abnormal financial transaction detection service based on low-level data analysis suitable for the customer's transaction type by determining the most suitable low-level type for detecting abnormal financial transactions according to the customer's transaction type. have.
도 1은 본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템의 구성도이다.1 is a block diagram of an abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention.
도 2는 본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템을 구성하는 로우레벨 데이터 변환부의 구성도이다.2 is a block diagram of a low-level data converter constituting an abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention.
도 3 및 도 4는 본 발명의 실시예에 따라 금융 거래 관련 데이터가 로우레벨 데이터로 변환된 것을 나타낸 예시도이다.3 and 4 are exemplary diagrams illustrating that financial transaction-related data is converted into low-level data according to an embodiment of the present invention.
도 5는 본 발명의 일 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템을 구성하는 로우레벨 데이터 변환부의 구성도이다.5 is a block diagram of a low-level data converter constituting an abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention.
도 6은 본 발명의 다른 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템을 구성하는 로우레벨 데이터 분석부, 인공지능 모델 및 이상 거래 결정부를 나타낸 구성도이다.6 is a block diagram showing a low-level data analysis unit, an artificial intelligence model, and an abnormal transaction decision unit constituting an abnormal financial transaction detection system based on low-level data analysis according to another embodiment of the present invention.
도 7은 본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법의 순서도이다.7 is a flowchart of an abnormal financial transaction detection method based on low-level data analysis according to an embodiment of the present invention.
도 8은 도 7의 단계 S130을 나타낸 순서도이다.8 is a flowchart illustrating step S130 of FIG. 7 .
도 9는 도 7의 단계 S140 및 단계 S150을 나타낸 순서도이다.9 is a flowchart illustrating steps S140 and S150 of FIG. 7 .
본 발명의 이점 및 특징, 그리고 그것들을 달성하는 방법은 첨부되는 도면과 함께 상세하게 후술되어 있는 실시예들을 참조하면 명확해질 것이다. 그러나 본 발명은 이하에서 개시되는 실시예들에 한정되는 것이 아니라 서로 다른 다양한 형태로 구현될 수 있다.Advantages and features of the present invention, and methods of achieving them, will become clear with reference to the detailed description of the following embodiments taken in conjunction with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below and may be implemented in a variety of different forms.
본 발명의 실시예들은 본 발명의 개시가 완전하도록 하고, 본 발명이 속하는 기술분야에서 통상의 지식을 가진 자에게 발명의 범주를 완전하게 알려주기 위해 제공되는 것이며, 본 발명은 청구항의 범주에 의해 정의될 뿐이다. 명세서 전체에 걸쳐 동일 참조 부호는 동일 구성 요소를 지칭한다.Embodiments of the present invention are provided to complete the disclosure of the present invention and to fully inform those skilled in the art of the scope of the invention, and the present invention is governed by the scope of the claims. only to be defined Like reference numbers designate like elements throughout the specification.
본 명세서에서, 어떤 부분이 어떤 구성요소를 "포함"한다고 할 때, 이는 특별히 반대되는 기재가 없는 한 다른 구성요소를 제외하는 것이 아니라 다른 구성요소를 더 포함할 수 있는 것을 의미한다.In this specification, when a certain component is said to "include", it means that it may further include other components, not excluding other components unless otherwise stated.
본 명세서에서 사용되는 '~부'는 적어도 하나의 기능이나 동작을 처리하는 단위로서, 예를 들어 소프트웨어, FPGA 또는 하드웨어 구성요소를 의미할 수 있다. '~부'에서 제공하는 기능은 복수의 구성요소에 의해 분리되어 수행되거나, 다른 추가적인 구성요소와 통합될 수도 있다.'~ unit' used in this specification is a unit that processes at least one function or operation, and may mean, for example, software, an FPGA, or a hardware component. Functions provided by '~unit' may be performed separately by a plurality of components or may be integrated with other additional components.
본 명세서의 '~부'는 반드시 소프트웨어 또는 하드웨어에 한정되지 않으며, 어드레싱할 수 있는 저장 매체에 있도록 구성될 수도 있고, 하나 또는 그 이상의 프로세서들을 재생시키도록 구성될 수도 있다. 이하에서는 도면을 참조하여 본 발명의 실시예에 대해서 구체적으로 설명하기로 한다.'~unit' in this specification is not necessarily limited to software or hardware, and may be configured to be in an addressable storage medium or configured to reproduce one or more processors. Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템은 고객의 이용자 매체환경 정보 및 금융거래 유형 정보와 관련된 금융 거래 관련 데이터를 1차원적인 정보를 나타내는 로우레벨 데이터(low-level data)로 변환하고, 인공지능 모델에 의해 로우레벨 데이터를 분석하여 이상 거래를 탐지하도록 구성된다.An abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention converts financial transaction-related data related to customer user media environment information and financial transaction type information into low-level data representing one-dimensional information. data), and analyze the low-level data by an artificial intelligence model to detect abnormal transactions.
도 1은 본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템의 구성도이다. 도 1을 참조하면, 본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템(100)은 데이터 수집부(200)와, 이상 금융거래 탐지부(300)를 포함할 수 있다.1 is a block diagram of an abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention. Referring to FIG. 1 , an abnormal financial transaction detection system 100 based on low-level data analysis according to an embodiment of the present invention may include a data collection unit 200 and an abnormal financial transaction detection unit 300 .
데이터 수집부(200)는 고객 단말기(도시 생략됨)로부터 고객의 이용자 매체환경 정보 및 금융거래 유형 정보와 관련된 금융 거래 관련 데이터를 수집하도록 구성될 수 있다. 고객 단말기는 고객이 사용하는 단말기로서, 예를 들어 핀테크 업체, 블록체인 거래소, 은행, 증권사, 보험사, 그 밖의 다양한 금융 기관이나 개인 고객이 사용하는 단말기일 수 있다.The data collection unit 200 may be configured to collect financial transaction-related data related to customer user media environment information and financial transaction type information from a customer terminal (not shown). The customer terminal is a terminal used by a customer, and may be, for example, a terminal used by a fintech company, a blockchain exchange, a bank, a securities company, an insurance company, various other financial institutions, or individual customers.
이용자 매체환경 정보는 예를 들어, 인터넷/스마트폰/PDA/VM 뱅킹 등의 하드웨어 관련 정보(예를 들어, 디바이스 모델명, CPU 정보, HDD 정보, MAC 정보 등), 어플리케이션 관련 정보(예를 들어, OS 버전 정보, 브라우저 정보, 제조사 정보, 보안프로그램 정보, 소프트웨어 사용 정보 등), 네트워크 관련 정보(예를 들어, IP 정보, VPN 정보, 프록시 IP 정보, 연결 네트워크 정보 등) 등을 포함할 수 있다. 금융거래 유형 정보는 예를 들어, 고객의 이체 금액, 계좌, 시간, 접속 등의 거래 패턴이나 거래 성향 등의 거래 관련 정보를 포함할 수 있다.User media environment information includes, for example, hardware-related information such as Internet/smartphone/PDA/VM banking (eg, device model name, CPU information, HDD information, MAC information, etc.), application-related information (eg, OS version information, browser information, manufacturer information, security program information, software use information, etc.), network-related information (eg, IP information, VPN information, proxy IP information, connection network information, etc.). The financial transaction type information may include, for example, transaction-related information such as a transaction pattern or transaction tendency, such as a customer's transfer amount, account, time, and access.
고객 단말기로부터 수집되는 고객의 금융 거래 관련 데이터는 예를 들어, 핀테크 업체의 앱 서비스, 블록체인 거래소의 전자지갑 개설, 은행의 온라인 뱅킹 계좌 개설, 증권사의 증권 거래 앱 계좌 개설, 보험사에 관한 온라인 보험 신청 등의 다양한 금융 거래 서비스를 위한 데이터를 포함할 수 있다.Data related to financial transactions of customers collected from customer terminals are, for example, application services of fintech companies, e-wallet opening of blockchain exchanges, online banking account opening of banks, securities trading app account opening of securities companies, and online information related to insurance companies. Data for various financial transaction services such as insurance application may be included.
데이터 수집부(200)는 고객 단말기로부터 데이터를 입력받는 입력 장치 및/또는 수신 장치 등으로 구성될 수 있다. 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터는 이상 금융거래 탐지부(300)로 전달될 수 있다.The data collection unit 200 may include an input device and/or a receiving device receiving data from a customer terminal. The customer's financial transaction-related data collected by the data collection unit 200 may be transmitted to the abnormal financial transaction detection unit 300 .
이상 금융거래 탐지부(300)는 로우레벨 데이터 변환부(310), 로우레벨 데이터 분석부(320), 인공지능 모델(330), 이상 거래 결정부(340), 및 인공지능 학습부(350)를 포함할 수 있다.The abnormal financial transaction detection unit 300 includes a low-level data conversion unit 310, a low-level data analysis unit 320, an artificial intelligence model 330, an abnormal transaction determination unit 340, and an artificial intelligence learning unit 350. can include
로우레벨 데이터 변환부(310)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 로우레벨 데이터(low-level data)로 변환하도록 구성될 수 있다. 로우레벨 데이터 변환부(310)는 예를 들어, 웹 포렌식에 의해 고객의 금융 거래 관련 데이터를 로우레벨 데이터로 변환할 수 있다.The low-level data conversion unit 310 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into low-level data. The low-level data conversion unit 310 may convert customer financial transaction-related data into low-level data by, for example, web forensics.
본 발명의 실시예에서, 로우레벨 데이터 변환부(310)에 의해 고객의 금융 거래 관련 데이터는 어셈블리어(Assembly language), 기계어(헥사코드(Hexacode) 데이터, 이진코드(binary code) 데이터 등), ASCII 데이터, 및 EBCO 데이터 중의 적어도 하나를 포함하는 로우레벨 데이터로 변환될 수 있다.In an embodiment of the present invention, the customer's financial transaction-related data is converted into assembly language, machine language (hexacode data, binary code data, etc.), ASCII by the low-level data conversion unit 310 data, and low-level data including at least one of EBCO data.
도 2는 본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템을 구성하는 로우레벨 데이터 변환부의 구성도이다. 도 1 및 도 2를 참조하면, 로우레벨 데이터 변환부(310)는 헥사코드 변환부(312), 이진코드 변환부(314), ASCII 변환부(316), EBCO 변환부(318), 및 어셈블리어 변환부(319)를 포함할 수 있다.2 is a block diagram of a low-level data converter constituting an abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention. 1 and 2, the low-level data conversion unit 310 includes a hexadecimal code conversion unit 312, a binary code conversion unit 314, an ASCII conversion unit 316, an EBCO conversion unit 318, and an assembly language A conversion unit 319 may be included.
헥사코드 변환부(312)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 16진법의 헥사코드 유형에 해당하는 헥사코드 데이터로 변환하도록 구성될 수 있다.The hexacode conversion unit 312 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into hexadecimal code data corresponding to a hexadecimal hexadecimal code type.
이진코드 변환부(314)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 이진코드 유형에 해당하는 이진코드 데이터로 변환하도록 구성될 수 있다.The binary code conversion unit 314 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into binary code data corresponding to a binary code type.
ASCII 변환부(316)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 ASCII 코드 유형에 해당하는 ASCII 데이터로 변환하도록 구성될 수 있다.The ASCII conversion unit 316 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into ASCII data corresponding to an ASCII code type.
EBCO 변환부(318)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 EBCO 코드 유형에 해당하는 EBCO 데이터로 변환하도록 구성될 수 있다.The EBCO conversion unit 318 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into EBCO data corresponding to an EBCO code type.
어셈블리어 변환부(319)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 어셈블리어 코드 유형에 해당하는 어셈블리어 데이터로 변환하도록 구성될 수 있다.The assembly language conversion unit 319 may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into assembly language data corresponding to an assembly language code type.
도 3 및 도 4는 본 발명의 실시예에 따라 금융 거래 관련 데이터가 로우레벨 데이터로 변환된 것을 나타낸 예시도이다. 도 3은 헥사코드 데이터의 예시도를 나타낸 것이고, 도 4는 이진코드 데이터의 예시도를 나타낸 것이다.3 and 4 are exemplary diagrams illustrating that financial transaction-related data is converted into low-level data according to an embodiment of the present invention. 3 shows an example of hexacode data, and FIG. 4 shows an example of binary code data.
인공지능 모델(330)은 로우레벨 데이터에서 특정 영역의 패턴들(10, 20, 30) (40, 50, 60)을 추출하고, 추출된 패턴들(10, 20, 30) (40, 50, 60)의 규칙들을 분석하여 이상 금융 거래를 탐지하도록 학습될 수 있다.The artificial intelligence model 330 extracts patterns (10, 20, 30) (40, 50, 60) of a specific area from low-level data, and extracts the extracted patterns (10, 20, 30) (40, 50, 60) can be learned to detect abnormal financial transactions by analyzing the rules.
로우레벨 데이터 분석부(320)는 인공지능 학습부(350)에 의해 학습된 인공지능 모델(330)을 이용하여, 로우레벨 데이터 변환부(310)에 의해 변환된 로우레벨 데이터를 분석하도록 구성될 수 있다.The low-level data analysis unit 320 will be configured to analyze the low-level data converted by the low-level data conversion unit 310 using the artificial intelligence model 330 learned by the artificial intelligence learning unit 350. can
인공지능 학습부(350)는 일반적으로 수집되는 고객의 거래 데이터를 로우레벨 데이터로 변환하여 로우레벨 데이터의 패턴들에 해당하는 특징들을 추출하여 인공지능 모델을 학습할 수 있다.The artificial intelligence learning unit 350 may learn an artificial intelligence model by converting generally collected customer transaction data into low-level data and extracting features corresponding to patterns of the low-level data.
인공지능 학습부(350)에 의해 학습되는 특징들은 고객이 요청한 거래 데이터와 관련된 인터넷/스마트폰/PDA/VM 뱅킹 등의 거래 유형 정보, 고객 단말기의 IP 주소, VPN 정보, 프록시 IP 정보, 연결 네트워크 정보 등의 네트워크 정보, 고객 단말기의 기기 정보(디바이스 모델명, CPU 정보, HDD 정보, MAC 정보 등의 기기 종류), OS 버전, 브라우저, 제조사, 보안프로그램, 소프트웨어 사용 등의 어플리케이션 정보, 고객 단말기의 위치 정보(국내, 북한, 중국, 러시아 등), 인터넷 접속 프로토콜(TCPIP, UDP 등), 거래 시간, 접속 유지 시간, 이체 금액, 계좌 정보 등의 거래 패턴/성향 정보 등을 포함할 수 있다.The features learned by the artificial intelligence learning unit 350 include transaction type information such as internet/smart phone/PDA/VM banking related to the transaction data requested by the customer, IP address of the customer terminal, VPN information, proxy IP information, connection network Network information such as information, device information of the customer terminal (device model name, CPU information, HDD information, device type such as MAC information), OS version, browser, manufacturer, security program, application information such as software use, location of the customer terminal Information (Korea, North Korea, China, Russia, etc.), Internet access protocol (TCPIP, UDP, etc.), transaction time, connection maintenance time, transfer amount, transaction pattern/tendency information such as account information, etc. may be included.
이상 거래 결정부(340)는 인공지능 모델(330)을 이용한 로우레벨 데이터 분석부(320)의 로우레벨 분석 결과를 기초로 이상 거래를 탐지하도록 구성될 수 있다.The abnormal transaction determination unit 340 may be configured to detect abnormal transactions based on the low-level analysis result of the low-level data analysis unit 320 using the artificial intelligence model 330 .
로우레벨 데이터는 고도의 해킹 능력을 가지는 해커라 하더라도 FDS 회피를 위한 데이터 조작이 쉽지 않으며, 해커에 의해 조작시에 그 내재된 특징들이 변경되어 조작 여부 또한 파악이 가능하다.Low-level data is not easy to manipulate to avoid FDS even for hackers with high hacking ability, and when manipulated by a hacker, its inherent characteristics are changed, so it is possible to determine whether or not it has been manipulated.
따라서 본 발명의 실시예에 의하면, 해커나 보이스피싱 범죄자, 암호화폐를 활용한 자금세탁 범죄자 등이 FDS 회피를 위해 데이터 조작을 시도하더라도, 데이터 조작을 쉽게 파악할 수 있으며, 통계에 벗어난 행동을 감지하여 이상 금융거래를 정확하게 탐지할 수 있다.Therefore, according to an embodiment of the present invention, even if hackers, voice phishing criminals, money laundering criminals using cryptocurrency, etc. attempt to manipulate data to avoid FDS, the data manipulation can be easily identified, and behaviors that are out of statistics can be detected and Abnormal financial transactions can be accurately detected.
상술한 바와 같은 본 발명의 실시예에 의하면, 금융거래를 진행하는 고객의 이용자 매체환경정보, 금융거래 유형 정보 등을 로우레벨에서 분석하여 이상 금융거래를 효과적으로 탐지하고 이를 인공지능으로 자동화 할 수 있다.According to the embodiment of the present invention as described above, abnormal financial transactions are effectively detected by analyzing user media environment information, financial transaction type information, etc. of customers conducting financial transactions at a low level, and it can be automated with artificial intelligence. .
금융 거래 관련 데이터에 조작이 있거나, 이상 금융 거래에 해당하는 것으로 탐지되면, 이상 금융거래 방지와 관련된 업무를 수행하는 담당자에게 알람이 발생될 수 있다.If there is manipulation of financial transaction-related data or it is detected that the data corresponds to an abnormal financial transaction, an alarm may be generated to a person in charge of a task related to preventing an abnormal financial transaction.
도 5는 본 발명의 일 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템을 구성하는 로우레벨 데이터 변환부의 구성도이다. 도 1 및 도 5를 참조하면, 로우레벨 데이터 변환부(310)는 고객 거래 유형 분석부(310a), 로우레벨 유형 결정부(310b), 및 로우레벨 변환부(310c)를 포함할 수 있다.5 is a block diagram of a low-level data converter constituting an abnormal financial transaction detection system based on low-level data analysis according to an embodiment of the present invention. Referring to FIGS. 1 and 5 , the low-level data conversion unit 310 may include a customer transaction type analysis unit 310a, a low-level type determination unit 310b, and a low-level conversion unit 310c.
고객 거래 유형 분석부(310a)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 기초로 해당 고객의 거래 유형을 분석하도록 구성될 수 있다.The customer transaction type analysis unit 310a may be configured to analyze the transaction type of the corresponding customer based on the customer's financial transaction-related data collected by the data collection unit 200 .
고객의 거래 유형은 거래 요청 금액, 거래 대상, 고객 단말기의 유형, 지역(국가), 고객의 소속 기관(핀테크 업체, 블록체인 거래소, 은행, 증권사, 보험사, 그 밖의 금융 기관이나 개인 고객 여부), 인터넷 접속 프로토콜 유형, 거래 시간 유형, 접속 유지 시간 유형 등에 따라 다양하게 설정되어 분류될 수 있다.The customer's transaction type is the transaction request amount, transaction target, type of customer terminal, region (country), and institution to which the customer belongs (fintech company, blockchain exchange, bank, securities company, insurance company, other financial institutions or individual customers) , Internet access protocol type, transaction time type, connection maintenance time type, etc. can be set and classified in various ways.
로우레벨 유형 결정부(310b)는 고객 거래 유형 분석부(310a)에 의해 분석된 고객의 특정한 거래 유형에 따라, 어셈블리어, 기계어(헥사코드, 이진코드 등), ASCII 및 EBCO를 포함하는 복수의 로우레벨 유형들 중 어느 하나의 로우레벨 유형을 결정하도록 구성될 수 있다.The low-level type determination unit 310b determines a plurality of rows including assembly language, machine language (hexacode, binary code, etc.), ASCII and EBCO according to the customer's specific transaction type analyzed by the customer transaction type analysis unit 310a. It can be configured to determine the low level type of any one of the level types.
로우레벨 유형 결정부(310b)는 고객의 거래 유형 별로 가장 우수한 FDS 성능을 나타내는 로우레벨 유형을 학습한 후, 이를 기반으로 고객의 거래 유형에 따라 FDS에 가장 적합한 로우레벨 유형을 결정할 수 있다.The low-level type determining unit 310b may learn a low-level type showing the best FDS performance for each transaction type of the customer, and then determine a low-level type that is most suitable for the FDS according to the transaction type of the customer.
로우레벨 변환부(310c)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 로우레벨 유형 결정부(310b)에 의해 결정된 로우레벨 유형에 해당하는 로우레벨 데이터로 변환하도록 구성될 수 있다.The low-level conversion unit 310c may be configured to convert the customer's financial transaction-related data collected by the data collection unit 200 into low-level data corresponding to the low-level type determined by the low-level type determination unit 310b. can
도 5의 실시예에 의하면, 고객의 거래 유형에 따라 FDS에 가장 적합한 로우레벨 유형을 결정하여 고객의 금융 거래 관련 데이터를 해당 로우레벨 유형으로 변환하여, 고객의 거래 유형에 적합한 FDS 서비스를 제공할 수 있다.According to the embodiment of FIG. 5, the FDS service suitable for the customer's transaction type can be provided by determining the low-level type most suitable for the FDS according to the customer's transaction type and converting the customer's financial transaction-related data into the corresponding low-level type. can
도 6은 본 발명의 다른 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템을 구성하는 로우레벨 데이터 분석부, 인공지능 모델 및 이상 거래 결정부를 나타낸 구성도이다.6 is a block diagram showing a low-level data analysis unit, an artificial intelligence model, and an abnormal transaction decision unit constituting an abnormal financial transaction detection system based on low-level data analysis according to another embodiment of the present invention.
도 1, 도 2 및 도 6을 참조하면, 로우레벨 데이터 분석부(320)는 헥사코드 기반 FDS 분석부(322), 이진코드 기반 FDS 분석부(324), ASCII 기반 FDS 분석부(326), BCO 기반 FDS 분석부(328), 및 어셈블리어 기반 FDS 분석부(329)를 포함할 수 있다.1, 2 and 6, the low-level data analysis unit 320 includes a hexacode-based FDS analysis unit 322, a binary code-based FDS analysis unit 324, an ASCII-based FDS analysis unit 326, A BCO-based FDS analysis unit 328 and an assembly language-based FDS analysis unit 329 may be included.
헥사코드 기반 FDS 분석부(322)는 헥사코드 변환부(312)에 의해 변환된 헥사코드 데이터를 기반으로 헥사코드 기반 인공지능 모델(332)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제1 이상 금융거래 확률을 예측하도록 구성될 수 있다.The hexacode-based FDS analysis unit 322 extracts features related to abnormal financial transactions by the hexacode-based artificial intelligence model 332 based on the hexacode data converted by the hexacode conversion unit 312 to obtain the first or higher It can be configured to predict the probability of a financial transaction.
이진코드 기반 FDS 분석부(324)는 이진코드 변환부(314)에 의해 변환된 이진코드 데이터를 기반으로 이진코드 기반 인공지능 모델(334)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제2 이상 금융거래 확률을 예측하도록 구성될 수 있다.The binary code-based FDS analysis unit 324 extracts features related to the abnormal financial transaction by the binary code-based artificial intelligence model 334 based on the binary code data converted by the binary code conversion unit 314, and second or higher It can be configured to predict the probability of a financial transaction.
ASCII 기반 FDS 분석부(326)는 ASCII 변환부(316)에 의해 변환된 ASCII 데이터를 기반으로 ASCII 기반 인공지능 모델(336)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제3 이상 금융거래 확률을 예측하도록 구성될 수 있다.The ASCII-based FDS analysis unit 326 extracts features related to the abnormal financial transaction by the ASCII-based artificial intelligence model 336 based on the ASCII data converted by the ASCII conversion unit 316 to determine the probability of the third abnormal financial transaction. It can be configured to predict.
EBCO 기반 FDS 분석부(328)는 EBCO 변환부(318)에 의해 변환된 EBCO 데이터를 기반으로 EBCO 기반 인공지능 모델(338)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제4 이상 금융거래 확률을 예측하도록 구성될 수 있다.The EBCO-based FDS analysis unit 328 extracts features related to abnormal financial transactions by the EBCO-based artificial intelligence model 338 based on the EBCO data converted by the EBCO conversion unit 318 to determine the fourth or higher probability of financial transactions It can be configured to predict.
어셈블리어 기반 FDS 분석부(329)는 어셈블리어 변환부(319)에 의해 변환된 어셈블리어 데이터를 기반으로 어셈블리어 기반 인공지능 모델(339)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제5 이상 금융거래 확률을 예측하도록 구성될 수 있다.The assembly language-based FDS analysis unit 329 extracts features related to abnormal financial transactions by the assembly language-based artificial intelligence model 339 based on the assembly language data converted by the assembly language conversion unit 319, and calculates a fifth or higher probability of financial transactions. It can be configured to predict.
본 발명의 실시예에서, 이상 거래 결정부(340)는 고객 거래유형 분석부(342), 가중치 설정부(344), 및 이상 거래 판단부(346)를 포함하도록 구성될 수 있다.In an embodiment of the present invention, the abnormal transaction determining unit 340 may include a customer transaction type analyzing unit 342 , a weight setting unit 344 , and an abnormal transaction determining unit 346 .
앞서 설명한 고객 거래 유형 분석부(310a)와 유사하게, 고객 거래유형 분석부(342)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 기초로, 해당 고객의 거래 유형을 분석하도록 구성될 수 있다.Similar to the customer transaction type analyzer 310a described above, the customer transaction type analyzer 342 analyzes the customer's transaction type based on the customer's financial transaction-related data collected by the data collection unit 200. can be configured to
가중치 설정부(344)는 고객 거래유형 분석부(342)에 의해 분석된 고객의 거래 유형에 따라 어셈블리어, 헥사코드, 이진코드, ASCII 및 EBCO의 가중치들을 설정하도록 구성될 수 있다.The weight setting unit 344 may be configured to set weights of assembly language, hexacode, binary code, ASCII, and EBCO according to the transaction type of the customer analyzed by the customer transaction type analysis unit 342 .
이상 거래 판단부(346)는 다양한 로우레벨 유형 별로 예측된 복수의 이상 금융거래 확률에 가중치 설정부(344)에 의해 설정된 가중치들을 적용하여 이상 거래를 탐지하도록 구성될 수 있다.The abnormal transaction determination unit 346 may be configured to detect abnormal transactions by applying the weights set by the weight setting unit 344 to the probability of a plurality of abnormal financial transactions predicted for each of various low-level types.
실시예에서, 이상 거래 판단부(346)는 헥사코드 기반 FDS 분석부(322)에 의해 예측된 제1 이상 금융거래 확률, 이진코드 기반 FDS 분석부(324)에 의해 예측된 제2 이상 금융거래 확률, ASCII 기반 FDS 분석부(326)에 의해 예측된 제3 이상 금융거래 확률, EBCO 기반 FDS 분석부(328)에 의해 예측된 제4 이상 금융거래 확률, 및 어셈블리어 기반 FDS 분석부(329)에 의해 예측된 제5 이상 금융거래 확률에 가중치 설정부(344)에 의해 설정된 가중치들을 적용하여 이상 거래를 탐지할 수 있다.In the embodiment, the abnormal transaction determination unit 346 determines the probability of the first abnormal financial transaction predicted by the hexacode-based FDS analysis unit 322 and the second abnormal financial transaction predicted by the binary code-based FDS analysis unit 324 probability, the third or higher financial transaction probability predicted by the ASCII-based FDS analysis unit 326, the fourth or higher financial transaction probability predicted by the EBCO-based FDS analysis unit 328, and the assembly language-based FDS analysis unit 329 Abnormal transactions may be detected by applying the weights set by the weight setting unit 344 to the probability of the fifth abnormal financial transaction predicted by the above.
도 6의 실시예에 의하면, 고객의 거래 유형에 따라 다양한 로우레벨 유형의 가중치를 설정하고 이를 적용함으로써, 다양한 로우레벨 유형의 FDS 분석 결과를 조합하여 고객의 거래 유형에 적합한 FDS 서비스를 제공할 수 있다.According to the embodiment of FIG. 6, FDS services suitable for the customer's transaction type can be provided by combining FDS analysis results of various low-level types by setting and applying weights of various low-level types according to the customer's transaction type. have.
본 발명의 다른 실시예에서, 로우레벨 데이터 분석부(320)는 다양한 로우레벨 유형 별로, 각 로우레벨 데이터에서 복수개의 코드 영역들을 추출하고, 고객 거래유형 분석부(342)에 의해 분석된 고객의 거래 유형에 따라 각 코드 영역 별로 가중치를 가중치 설정부에 의해 설정하여 이상 금융 거래를 탐지할 수도 있다.In another embodiment of the present invention, the low-level data analysis unit 320 extracts a plurality of code areas from each low-level data for each of various low-level types, and the customer's transaction type analysis unit 342 analyzes An abnormal financial transaction may be detected by setting a weight for each code area according to the transaction type by a weight setting unit.
각 로우레벨 데이터에서 추출되는 복수개의 코드 영역들(이상 금융 거래 시에 변화가 발생되는 특징 파트들에 해당하는 코드 영역들)은 로우레벨 유형 별로 상이할 수 있다. 각 로우레벨 데이터에서 추출되는 복수개의 코드 영역들과 각 코드 영역의 가중치(이상 금융 거래와의 관련도)는 학습된 인공지능 모델에 의해 결정 또는 설정되거나, 전문가에 의해 선택 또는 입력될 수 있다.A plurality of code regions extracted from each low-level data (code regions corresponding to feature parts that change during financial transactions) may be different for each low-level type. A plurality of code areas extracted from each low-level data and a weight (relationship with ideal financial transaction) of each code area may be determined or set by a learned artificial intelligence model, or may be selected or input by an expert.
헥사코드 기반 FDS 분석부(322)는 헥사코드 데이터에서 고객 거래유형 분석부(342)에 의해 분석된 고객의 거래 유형에 따라 제1 코드 영역들을 추출하고, 제1 코드 영역들 각각에 설정된 가중치를 적용하여 이상 금융 거래를 탐지할 수 있다. 이때, 헥사코드 데이터에서 선택되는 제1 코드 영역들은 고객의 거래 유형에 따라 변화될 수 있으며, 제1 코드 영역들의 가중치 역시 고객의 거래 유형에 따라 상이하게 설정될 수 있다.The hexacode-based FDS analysis unit 322 extracts first code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the hexacode data, and assigns a weight set to each of the first code areas. It can be applied to detect abnormal financial transactions. In this case, the first code areas selected from the hexacode data may be changed according to the customer's transaction type, and the weights of the first code areas may also be set differently according to the customer's transaction type.
이진코드 기반 FDS 분석부(324)는 이진코드 데이터에서 고객 거래유형 분석부(342)에 의해 분석된 고객의 거래 유형에 따라 제2 코드 영역들을 추출하고, 제2 코드 영역들 각각에 설정된 가중치를 적용하여 이상 금융 거래를 탐지할 수 있다. 이때, 이진코드 데이터에서 선택되는 제2 코드 영역들은 고객의 거래 유형에 따라 변화될 수 있으며, 제2 코드 영역들의 가중치 역시 고객의 거래 유형에 따라 상이하게 설정될 수 있다.The binary code-based FDS analysis unit 324 extracts second code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the binary code data, and assigns a weight set to each of the second code areas. It can be applied to detect abnormal financial transactions. In this case, the second code areas selected from the binary code data may be changed according to the customer's transaction type, and the weights of the second code areas may also be set differently according to the customer's transaction type.
ASCII 기반 FDS 분석부(326)는 ASCII 데이터에서 고객 거래유형 분석부(342)에 의해 분석된 고객의 거래 유형에 따라 제3 코드 영역들을 추출하고, 제3 코드 영역들 각각에 설정된 가중치를 적용하여 이상 금융 거래를 탐지할 수 있다. 이때, ASCII 데이터에서 선택되는 제3 코드 영역들은 고객의 거래 유형에 따라 변화될 수 있으며, 제3 코드 영역들의 가중치 역시 고객의 거래 유형에 따라 상이하게 설정될 수 있다.The ASCII-based FDS analysis unit 326 extracts third code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the ASCII data, and applies a weight set to each of the third code areas. Abnormal financial transactions can be detected. In this case, the third code regions selected from the ASCII data may be changed according to the customer's transaction type, and the weights of the third code regions may also be set differently according to the customer's transaction type.
EBCO 기반 FDS 분석부(328)는 EBCO 데이터에서 고객 거래유형 분석부(342)에 의해 분석된 고객의 거래 유형에 따라 제4 코드 영역들을 추출하고, 제4 코드 영역들 각각에 설정된 가중치를 적용하여 이상 금융 거래를 탐지할 수 있다. 이때, EBCO 데이터에서 선택되는 제4 코드 영역들은 고객의 거래 유형에 따라 변화될 수 있으며, 제4 코드 영역들의 가중치 역시 고객의 거래 유형에 따라 상이하게 설정될 수 있다.The EBCO-based FDS analysis unit 328 extracts fourth code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the EBCO data, and applies a set weight to each of the fourth code areas to obtain Abnormal financial transactions can be detected. In this case, the fourth code areas selected from the EBCO data may be changed according to the customer's transaction type, and the weights of the fourth code areas may also be set differently according to the customer's transaction type.
어셈블리어 기반 FDS 분석부(329)는 어셈블리어 데이터에서 고객 거래유형 분석부(342)에 의해 분석된 고객의 거래 유형에 따라 제5 코드 영역들을 추출하고, 제5 코드 영역들 각각에 설정된 가중치를 적용하여 이상 금융 거래를 탐지할 수 있다. 이때, 어셈블리어 데이터에서 선택되는 제5 코드 영역들은 고객의 거래 유형에 따라 변화될 수 있으며, 제5 코드 영역들의 가중치 역시 고객의 거래 유형에 따라 상이하게 설정될 수 있다.The assembly language-based FDS analysis unit 329 extracts fifth code areas according to the customer transaction type analyzed by the customer transaction type analysis unit 342 from the assembly language data, and applies a set weight to each of the fifth code areas. Abnormal financial transactions can be detected. In this case, the fifth code regions selected from the assembly language data may be changed according to the customer's transaction type, and the weights of the fifth code regions may also be set differently according to the customer's transaction type.
이와 같은 실시예에 의하면, 방대한 크기의 로우레벨 데이터에서 고객의 거래 유형에 따라 특정 코드 영역들을 추출한 후, 추출된 코드 영역들에 고객의 거래 유형에 따라 결정되는 가중치들을 적용하여 효율적, 효과적으로 이상 금융 거래를 탐지할 수 있다.According to this embodiment, after extracting specific code areas according to the customer's transaction type from the vast amount of low-level data, and then applying weights determined according to the customer's transaction type to the extracted code areas, efficient and effective financial transaction can be detected.
도 7은 본 발명의 실시예에 따른 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법의 순서도이다. 도 1 및 도 7을 참조하면, 먼저 일반적인 거래 데이터(학습 데이터)를 이용하여 FDS 인공지능 모델을 학습할 수 있다(S110).7 is a flowchart of an abnormal financial transaction detection method based on low-level data analysis according to an embodiment of the present invention. Referring to Figures 1 and 7, first, the FDS artificial intelligence model can be learned using general transaction data (learning data) (S110).
인공지능 학습부(350)는 일반적으로 수집되는 고객의 거래 데이터를 로우레벨 데이터로 변환하여 로우레벨 데이터의 패턴들에 해당하는 특징들을 추출하여 인공지능 모델을 학습할 수 있다.The artificial intelligence learning unit 350 may learn an artificial intelligence model by converting generally collected customer transaction data into low-level data and extracting features corresponding to patterns of the low-level data.
인공지능 학습부(350)에 의해 학습되는 특징들은 고객이 요청한 거래 데이터와 관련된 인터넷/스마트폰/PDA/VM 뱅킹 등의 거래 유형 정보, 고객 단말기의 IP 주소, VPN 정보, 프록시 IP 정보, 연결 네트워크 정보 등의 네트워크 정보, 고객 단말기의 기기 정보(디바이스 모델명, CPU 정보, HDD 정보, MAC 정보 등의 기기 종류), OS 버전, 브라우저, 제조사, 보안프로그램, 소프트웨어 사용 등의 어플리케이션 정보, 고객 단말기의 위치 정보(국내, 북한, 중국, 러시아 등), 인터넷 접속 프로토콜(TCPIP, UDP 등), 거래 시간, 접속 유지 시간, 이체 금액, 계좌 정보 등의 거래 패턴/성향 정보 등을 포함할 수 있다.The features learned by the artificial intelligence learning unit 350 include transaction type information such as internet/smart phone/PDA/VM banking related to the transaction data requested by the customer, IP address of the customer terminal, VPN information, proxy IP information, connection network Network information such as information, device information of the customer terminal (device model name, CPU information, HDD information, device type such as MAC information), OS version, browser, manufacturer, security program, application information such as software use, location of the customer terminal Information (Korea, North Korea, China, Russia, etc.), Internet access protocol (TCPIP, UDP, etc.), transaction time, connection maintenance time, transfer amount, transaction pattern/tendency information such as account information, etc. may be included.
데이터 수집부(200)는 고객 단말기로부터 고객이 요청한 금융 거래 관련 데이터(예를 들어, 핀테크 업체의 앱 서비스, 블록체인 거래소의 전자지갑 개설, 은행의 온라인 뱅킹 계좌 개설, 증권사의 증권 거래 앱 계좌 개설, 보험사에 관한 온라인 보험 신청 등과 관련된 이용자 매체환경 정보, 금융거래 유형 정보 등의 데이터)를 수집할 수 있다(S120).The data collection unit 200 provides financial transaction-related data requested by the customer from the customer terminal (eg, fintech company app service, blockchain exchange e-wallet opening, bank online banking account opening, securities company stock trading app account). data) may be collected (S120).
이용자 매체환경 정보는 예를 들어, 인터넷/스마트폰/PDA/VM 뱅킹 등의 하드웨어 관련 정보(예를 들어, 디바이스 모델명, CPU 정보, HDD 정보, MAC 정보 등), 어플리케이션 관련 정보(예를 들어, OS 버전 정보, 브라우저 정보, 제조사 정보, 보안프로그램 정보, 소프트웨어 사용 정보 등), 네트워크 관련 정보(예를 들어, IP 정보, VPN 정보, 프록시 IP 정보, 연결 네트워크 정보 등) 등을 포함할 수 있다. 금융거래 유형 정보는 예를 들어, 고객의 이체 금액, 계좌, 시간, 접속 등의 거래 패턴이나 거래 성향 등의 거래 관련 정보를 포함할 수 있다.User media environment information includes, for example, hardware-related information such as Internet/smartphone/PDA/VM banking (eg, device model name, CPU information, HDD information, MAC information, etc.), application-related information (eg, OS version information, browser information, manufacturer information, security program information, software use information, etc.), network-related information (eg, IP information, VPN information, proxy IP information, connection network information, etc.). The financial transaction type information may include, for example, transaction-related information such as a transaction pattern or transaction tendency, such as a customer's transfer amount, account, time, and access.
로우레벨 데이터 변환부(310)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 로우레벨 데이터(low-level data)로 변환할 수 있다(S130). 로우레벨 데이터 변환부(310)는 예를 들어, 웹 포렌식에 의해 고객의 금융 거래 관련 데이터를 로우레벨 데이터로 변환할 수 있다.The low-level data conversion unit 310 may convert the customer's financial transaction-related data collected by the data collection unit 200 into low-level data (S130). The low-level data conversion unit 310 may convert customer financial transaction-related data into low-level data by, for example, web forensics.
본 발명의 실시예에서, 로우레벨 데이터 변환부(310)에 의해 고객의 금융 거래 관련 데이터는 어셈블리어, 기계어(헥사코드 데이터, 이진코드 데이터 등), ASCII 데이터, 및 EBCO 데이터 중의 적어도 하나를 포함하는 로우레벨 데이터로 변환될 수 있다.In an embodiment of the present invention, the customer's financial transaction-related data by the low-level data conversion unit 310 includes at least one of assembly language, machine language (hexadecimal code data, binary code data, etc.), ASCII data, and EBCO data. It can be converted into low-level data.
로우레벨 데이터 분석부(320)는 인공지능 학습부(350)에 의해 학습된 인공지능 모델(330)을 이용하여, 로우레벨 데이터 변환부(310)에 의해 변환된 로우레벨 데이터를 분석할 수 있다(S140).The low-level data analysis unit 320 may analyze the low-level data converted by the low-level data conversion unit 310 using the artificial intelligence model 330 learned by the artificial intelligence learning unit 350. (S140).
이상 거래 결정부(340)는 인공지능 모델(330)을 이용하여 로우레벨 데이터 분석부(320)에 의해 분석된 로우레벨 분석 결과를 기초로 이상 거래를 탐지할 수 있다(S150).The abnormal transaction determination unit 340 may detect an abnormal transaction based on the low-level analysis result analyzed by the low-level data analysis unit 320 using the artificial intelligence model 330 (S150).
로우레벨 데이터는 고도의 해킹 능력을 가지는 해커라 하더라도 FDS 회피를 위한 데이터 조작이 쉽지 않으며, 해커에 의해 조작시에 그 내재된 특징들이 변경되어 조작 여부 또한 파악이 가능하다.Low-level data is not easy to manipulate to avoid FDS even for hackers with high hacking ability, and when manipulated by a hacker, its inherent characteristics are changed, so it is possible to determine whether or not it has been manipulated.
따라서 본 발명의 실시예에 의하면, 해커나 보이스피싱 범죄자, 암호화폐를 활용한 자금세탁 범죄자 등이 FDS 회피를 위해 데이터 조작을 시도하더라도, 데이터 조작을 쉽게 파악할 수 있으며, 통계에 벗어난 행동을 감지하여 이상 금융거래를 정확하게 탐지할 수 있다.Therefore, according to an embodiment of the present invention, even if hackers, voice phishing criminals, money laundering criminals using cryptocurrency, etc. attempt to manipulate data to avoid FDS, the data manipulation can be easily identified, and behaviors that are out of statistics can be detected and Abnormal financial transactions can be accurately detected.
상술한 바와 같은 본 발명의 실시예에 의하면, 금융거래를 진행하는 고객의 이용자 매체환경정보, 금융거래 유형 정보 등을 로우레벨에서 분석하여 이상 금융거래를 효과적으로 탐지하고 이를 인공지능으로 자동화 할 수 있다.According to the embodiment of the present invention as described above, abnormal financial transactions are effectively detected by analyzing user media environment information, financial transaction type information, etc. of customers conducting financial transactions at a low level, and it can be automated with artificial intelligence. .
금융 거래 관련 데이터에 조작이 있거나, 이상 금융 거래에 해당하는 것으로 탐지되면, 이상 금융거래 방지와 관련된 업무를 수행하는 담당자에게 알람이 발생될 수 있다.If there is manipulation of financial transaction-related data or it is detected that the data corresponds to an abnormal financial transaction, an alarm may be generated to a person in charge of a task related to preventing an abnormal financial transaction.
도 8은 도 7의 단계 S130을 나타낸 순서도이다. 도 1, 도 5, 도 7 및 도 8을 참조하면, 고객 거래 유형 분석부(310a)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 기초로 해당 고객의 거래 유형을 분석할 수 있다(S132).8 is a flowchart illustrating step S130 of FIG. 7 . Referring to FIGS. 1, 5, 7, and 8 , the customer transaction type analyzer 310a analyzes the customer's transaction type based on the customer's financial transaction-related data collected by the data collection unit 200. It can (S132).
실시예에서, 고객의 거래 유형은 거래 요청 금액, 거래 대상, 고객 단말기의 유형, 지역(국가), 고객의 소속 기관(핀테크 업체, 블록체인 거래소, 은행, 증권사, 보험사 등의 금융 기관이나 개인 고객 여부), 인터넷 접속 프로토콜 유형, 거래 시간 유형, 접속 유지 시간 유형 등에 따라 다양하게 설정되어 분류될 수 있다.In the embodiment, the customer's transaction type is the transaction request amount, transaction target, type of customer terminal, region (country), customer's institution (fintech companies, blockchain exchanges, banks, securities companies, insurance companies, etc. Customer), Internet access protocol type, transaction time type, connection maintenance time type, etc.
로우레벨 유형 결정부(310b)는 고객 거래 유형 분석부(310a)에 의해 분석된 고객의 거래 유형에 따라, 어셈블리어, 기계어(헥사코드, 이진코드 등), ASCII 및 EBCO를 포함하는 복수의 로우레벨 유형들 중 어느 하나의 로우레벨 유형을 결정할 수 있다(S134).The low-level type determination unit 310b determines the customer's transaction type analyzed by the customer transaction type analysis unit 310a, assembly language, machine language (Hex code, binary code, etc.), a plurality of low-level including ASCII and EBCO. One of the low-level types may be determined (S134).
로우레벨 변환부(310c)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 로우레벨 유형 결정부(310b)에 의해 결정된 로우레벨 유형에 해당하는 로우레벨 데이터로 변환할 수 있다(S136).The low-level conversion unit 310c may convert the customer's financial transaction-related data collected by the data collection unit 200 into low-level data corresponding to the low-level type determined by the low-level type determination unit 310b. (S136).
도 8의 실시예에 의하면, 고객의 거래 유형에 따라 FDS에 가장 적합한 로우레벨 유형을 결정하여 고객의 금융 거래 관련 데이터를 해당 로우레벨 유형으로 변환하여, 고객의 거래 유형에 적합한 FDS 서비스를 제공할 수 있다.According to the embodiment of FIG. 8 , an FDS service suitable for the customer's transaction type can be provided by determining the low-level type most suitable for the FDS according to the customer's transaction type and converting the customer's financial transaction-related data into the corresponding low-level type. can
도 9는 도 7의 단계 S140 및 단계 S150을 나타낸 순서도이다. 도 1, 도 6, 도 7, 및 도 9를 참조하면, 로우레벨 데이터 분석부(320)는 다양한 로우레벨 유형별로 로우레벨 데이터를 분석할 수 있다(S142).9 is a flowchart illustrating steps S140 and S150 of FIG. 7 . Referring to FIGS. 1, 6, 7, and 9 , the low-level data analyzer 320 may analyze low-level data according to various low-level types (S142).
실시예에서, 헥사코드 기반 FDS 분석부(322)는 헥사코드 변환부(312)에 의해 변환된 헥사코드 데이터를 기반으로 헥사코드 기반 인공지능 모델(332)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제1 이상 금융거래 확률을 예측할 수 있다.In the embodiment, the hexacode-based FDS analysis unit 322 extracts features related to abnormal financial transactions by the hexacode-based artificial intelligence model 332 based on the hexacode data converted by the hexacode converter 312 Thus, the first or higher financial transaction probability may be predicted.
실시예에서, 이진코드 기반 FDS 분석부(324)는 이진코드 변환부(314)에 의해 변환된 이진코드 데이터를 기반으로 이진코드 기반 인공지능 모델(334)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제2 이상 금융거래 확률을 예측할 수 있다.In an embodiment, the binary code-based FDS analysis unit 324 extracts features related to abnormal financial transactions by the binary code-based artificial intelligence model 334 based on the binary code data converted by the binary code conversion unit 314. Thus, the probability of the second or higher financial transaction may be predicted.
실시예에서, ASCII 기반 FDS 분석부(326)는 ASCII 변환부(316)에 의해 변환된 ASCII 데이터를 기반으로 ASCII 기반 인공지능 모델(336)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제3 이상 금융거래 확률을 예측할 수 있다.In the embodiment, the ASCII-based FDS analysis unit 326 extracts features related to the abnormal financial transaction by the ASCII-based artificial intelligence model 336 based on the ASCII data converted by the ASCII conversion unit 316, and third or higher You can predict the probability of a financial transaction.
실시예에서, EBCO 기반 FDS 분석부(328)는 EBCO 변환부(318)에 의해 변환된 EBCO 데이터를 기반으로 EBCO 기반 인공지능 모델(338)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제4 이상 금융거래 확률을 예측할 수 있다.In an embodiment, the EBCO-based FDS analysis unit 328 extracts features related to abnormal financial transactions by the EBCO-based artificial intelligence model 338 based on the EBCO data converted by the EBCO conversion unit 318 to obtain a fourth or higher You can predict the probability of a financial transaction.
실시예에서, 어셈블리어 기반 FDS 분석부(329)는 어셈블리어 변환부(319)에 의해 변환된 어셈블리어 데이터를 기반으로 어셈블리어 기반 인공지능 모델(339)에 의해 이상 금융거래와 관련된 특징들을 추출하여 제5 이상 금융거래 확률을 예측할 수 있다.In an embodiment, the assembly language-based FDS analysis unit 329 extracts features related to abnormal financial transactions by the assembly language-based artificial intelligence model 339 based on the assembly language data converted by the assembly language conversion unit 319, You can predict the probability of a financial transaction.
고객 거래유형 분석부(342)는 데이터 수집부(200)에 의해 수집된 고객의 금융 거래 관련 데이터를 기초로, 금융 거래를 요청한 고객의 거래 유형을 분석할 수 있다(S144).The customer transaction type analysis unit 342 may analyze the transaction type of the customer requesting the financial transaction based on the customer's financial transaction-related data collected by the data collection unit 200 (S144).
가중치 설정부(344)는 고객 거래유형 분석부(342)에 의해 분석된 고객의 거래 유형에 따라 어셈블리어, 기계어(헥사코드, 이진코드 등), ASCII 및 EBCO의 가중치들을 설정할 수 있다(S152).The weight setting unit 344 may set the weights of assembly language, machine language (Hex code, binary code, etc.), ASCII, and EBCO according to the transaction type of the customer analyzed by the customer transaction type analysis unit 342 (S152).
이상 거래 판단부(346)는 헥사코드 기반 FDS 분석부(322)에 의해 예측된 제1 이상 금융거래 확률, 이진코드 기반 FDS 분석부(324)에 의해 예측된 제2 이상 금융거래 확률, ASCII 기반 FDS 분석부(326)에 의해 예측된 제3 이상 금융거래 확률, EBCO 기반 FDS 분석부(328)에 의해 예측된 제4 이상 금융거래 확률, 및 어셈블리어 기반 FDS 분석부(329)에 의해 예측된 제5 이상 금융거래 확률에 가중치 설정부(344)에 의해 설정된 가중치들을 적용하여 이상 거래를 탐지할 수 있다(S154).The abnormal transaction determination unit 346 determines the probability of the first or more financial transactions predicted by the hexacode-based FDS analysis unit 322, the probability of the second or more financial transactions predicted by the binary code-based FDS analysis unit 324, and the ASCII-based The third or more financial transaction probability predicted by the FDS analysis unit 326, the fourth or more financial transaction probability predicted by the EBCO-based FDS analysis unit 328, and the second prediction by the assembly language-based FDS analysis unit 329 Abnormal transactions may be detected by applying the weights set by the weight setting unit 344 to the probability of 5 or more financial transactions (S154).
도 9의 실시예에 의하면, 고객의 거래 유형에 따라 다양한 로우레벨 유형의 가중치를 설정하고 이를 적용함으로써, 다양한 로우레벨 유형의 FDS 분석 결과를 조합하여 고객의 거래 유형에 적합한 FDS 서비스를 제공할 수 있다.According to the embodiment of FIG. 9, FDS services suitable for the customer's transaction type can be provided by combining FDS analysis results of various low-level types by setting and applying weights of various low-level types according to the customer's transaction type. have.
이상에서 설명된 실시예들은 하드웨어 구성요소, 소프트웨어 구성요소, 및/ 또는 하드웨어 구성요소 및 소프트웨어 구성요소의 조합으로 구현될 수 있다. 예를 들어, 실시예들에서 설명된 장치, 방법 및 구성요소는, 예를 들어, 프로세서, 콘트롤러, ALU(Arithmetic Logic Unit), 디지털 신호 프로세서(Digital Signal Processor), 마이크로컴퓨터, FPGA(Field Programmable Gate Array), PLU(Programmable Logic Unit), 마이크로프로세서, 또는 명령(instruction)을 실행하고 응답할 수 있는 다른 어떠한 장치와 같이, 하나 이상의 범용 컴퓨터 또는 특수 목적 컴퓨터를 이용하여 구현될 수 있다.The embodiments described above may be implemented as hardware components, software components, and/or a combination of hardware components and software components. For example, the devices, methods and components described in the embodiments may include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate (FPGA) array), programmable logic units (PLUs), microprocessors, or any other device capable of executing and responding to instructions.
처리 장치는 운영 체제 및 상기 운영 체제 상에서 수행되는 하나 이상의 소프트웨어 애플리케이션을 수행할 수 있다. 또한, 처리 장치는 소프트웨어의 실행에 응답하여, 데이터를 접근, 저장, 조작, 처리 및 생성할 수도 있다. 이해의 편의를 위하여, 처리 장치는 하나가 사용되는 것으로 설명된 경우도 있지만, 해당 기술 분야에서 통상의 지식을 가진 자는 처리 장치가 복수 개의 처리 요소(Processing Element) 및/또는 복수 유형의 처리요소를 포함할 수 있음을 이해할 것이다.A processing device may run an operating system and one or more software applications running on the operating system. A processing device may also access, store, manipulate, process, and generate data in response to execution of software. For convenience of understanding, there are cases in which one processing device is used, but those skilled in the art know that a processing device includes a plurality of processing elements and/or a plurality of types of processing elements. It will be understood that it can include
예를 들어, 처리 장치는 복수 개의 프로세서 또는 하나의 프로세서 및 하나의 콘트롤러를 포함할 수 있다. 또한, 병렬 프로세서(Parallel Processor) 와 같은, 다른 처리 구성(Processing configuration)도 가능하다. 소프트웨어는 컴퓨터 프로그램(Computer Program), 코드(code), 명령(instruction), 또는 이들 중 하나 이상의 조합을 포함할 수 있으며, 원하는 대로 동작하도록 처리 장치를 구성하거나 독립적으로 또는 결합적으로(collectively) 처리 장치를 명령할 수 있다.For example, a processing device may include a plurality of processors or a processor and a controller. Also, other processing configurations are possible, such as a parallel processor. Software may include a computer program, code, instructions, or a combination of one or more of the foregoing, which configures a processing device to operate as desired or processes independently or collectively. You can command the device.
소프트웨어 및/ 또는 데이터는, 처리 장치에 의하여 해석되거나 처리 장치에 명령 또는 데이터를 제공하기 위하여, 어떤 유형의 기계, 구성요소(component), 물리적 장치, 가상 장치(virtual equipment), 컴퓨터 저장 매체 또는 장치, 또는 전송되는 신호파(signal wave)에 영구적으로, 또는 일시적으로 구체화(embody) 될 수 있다. 소프트웨어는 네트워크로 연결된 컴퓨터 시스템 상에 분산되어서, 분산된 방법으로 저장되거나 실행될 수도 있다. 소프트웨어 및 데이터는 하나 이상의 컴퓨터 판독 가능 기록 매체에 저장될 수 있다.Software and/or data may be any tangible machine, component, physical device, virtual equipment, computer storage medium or device, intended to be interpreted by or provide instructions or data to a processing device. , or may be permanently or temporarily embodied in a transmitted signal wave. Software may be distributed on networked computer systems and stored or executed in a distributed manner. Software and data may be stored on one or more computer readable media.
실시예에 따른 방법은 다양한 컴퓨터 수단을 통하여 수행될 수 있는 프로그램 명령 형태로 구현되어 컴퓨터 판독 가능 매체에 기록될 수 있다. 컴퓨터 판독 가능 매체는 프로그램 명령, 데이터 파일, 데이터 구조 등을 단독으로 또는 조합하여 포함할 수 있다. 매체에 기록되는 프로그램 명령은 실시예를 위하여 특별히 설계되고 구성된 것들이거나 컴퓨터 소프트웨어 당업자에게 공지되어 사용 가능한 것일 수도 있다.The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded on a computer readable medium. Computer readable media may include program instructions, data files, data structures, etc. alone or in combination. Program commands recorded on the medium may be specially designed and configured for the embodiment or may be known and usable to those skilled in computer software.
컴퓨터 판독 가능 기록 매체의 예에는 하드 디스크, 플로피 디스크 및 자기 테이프와 같은 자기 매체(magnetic media), CDROM, DVD와 같은 광기록 매체(optical media) 및 롬(ROM), 램(RAM), 플래시 메모리 등과 같은 프로그램 명령을 저장하고 수행하도록 특별히 구성된 하드웨어 장치가 포함된다. 프로그램 명령의 예에는 컴파일러에 의해 만들어지는 것과 같은 기계어 코드뿐만 아니라 인터프리터 등을 사용해서 컴퓨터에 의해서 실행될 수 있는 고급 언어 코드를 포함한다. 상기된 하드웨어 장치는 실시예의 동작을 수행하기 위해 하나 이상의 소프트웨어 모듈로서 작동하도록 구성될 수 있으며, 그 역도 마찬가지이다.Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tapes, optical media such as CDROMs and DVDs, and ROMs, RAMs, and flash memories. hardware devices specially configured to store and execute program instructions, such as; Examples of program instructions include high-level language codes that can be executed by a computer using an interpreter, as well as machine language codes such as those produced by a compiler. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.
이상과 같이 실시예들이 비록 한정된 실시예와 도면에 의해 설명되었으나, 해당 기술분야에서 통상의 지식을 가진 자라면 상기의 기재로부터 다양한 수정 및 변형이 가능하다. 예를 들어, 설명된 기술들이 설명된 방법과 다른 순서로 수행되거나, 및/또는 설명된 시스템, 구조, 장치, 회로 등의 구성요소들이 설명된 방법과 다른 형태로 결합 또는 조합되거나, 다른 구성요소 또는 균등물에 의하여 대치되거나 치환되더라도 적절한 결과가 달성될 수 있다. 그러므로, 다른 구현들, 다른 실시예들 및 청구범위와 균등한 것들도 후술하는 청구범위의 범위에 속한다.As described above, although the embodiments have been described with limited examples and drawings, those skilled in the art can make various modifications and variations from the above description. For example, the described techniques may be performed in an order different from the method described, and/or components of the described system, structure, device, circuit, etc. may be combined or combined in a different form than the method described, or other components may be used. Or even if it is replaced or substituted by equivalents, appropriate results can be achieved. Therefore, other implementations, other embodiments, and equivalents of the claims are within the scope of the following claims.

Claims (14)

  1. 고객의 이용자 매체환경 정보 및 금융거래 유형 정보와 관련된 금융 거래 관련 데이터를 수집하도록 구성되는 데이터 수집부;a data collection unit configured to collect financial transaction-related data related to customer user media environment information and financial transaction type information;
    수집된 금융 거래 관련 데이터를 로우레벨 데이터(low-level data)로 변환하도록 구성되는 로우레벨 데이터 변환부;a low-level data converter configured to convert the collected data related to financial transactions into low-level data;
    인공지능 모델에 의해 상기 로우레벨 데이터를 분석하도록 구성되는 로우레벨 데이터 분석부; 및a low-level data analysis unit configured to analyze the low-level data by an artificial intelligence model; and
    상기 인공지능 모델의 로우레벨 분석 결과를 기초로 이상 거래를 탐지하도록 구성되는 이상 거래 결정부;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템.An abnormal financial transaction detection system based on low-level data analysis comprising: an abnormal transaction determining unit configured to detect an abnormal transaction based on a low-level analysis result of the artificial intelligence model.
  2. 제1항에 있어서,According to claim 1,
    상기 로우레벨 데이터는 어셈블리어, 헥사코드 데이터, 이진코드 데이터, ASCII 데이터, 및 EBCO 데이터 중의 적어도 하나를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템.The low-level data includes at least one of assembly language, hexacode data, binary code data, ASCII data, and EBCO data, and the abnormal financial transaction detection system based on low-level data analysis.
  3. 제1항에 있어서,According to claim 1,
    상기 로우레벨 데이터 변환부는:The low-level data conversion unit:
    상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하도록 구성되는 고객 거래유형 분석부;a customer transaction type analyzer configured to analyze a transaction type of the customer based on the financial transaction related data;
    상기 고객의 거래 유형에 따라, 어셈블리어, 헥사코드, 이진코드, ASCII 및 EBCO를 포함하는 복수의 로우레벨 유형들 중 어느 하나의 로우레벨 유형을 결정하도록 구성되는 로우레벨 유형 결정부; 및a low-level type determination unit configured to determine one of a plurality of low-level types including assembly language, hexacode, binary code, ASCII, and EBCO according to the transaction type of the customer; and
    상기 금융 거래 관련 데이터를 상기 로우레벨 유형에 해당하는 로우레벨 데이터로 변환하도록 구성되는 로우레벨 변환부;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템.A low-level data analysis-based abnormal financial transaction detection system comprising: a low-level conversion unit configured to convert the financial transaction-related data into low-level data corresponding to the low-level type.
  4. 제1항에 있어서,According to claim 1,
    상기 로우레벨 데이터 변환부는:The low-level data conversion unit:
    상기 금융 거래 관련 데이터를 헥사코드 데이터로 변환하도록 구성되는 헥사코드 변환부;a hexacode converter configured to convert the financial transaction-related data into hexacode data;
    상기 금융 거래 관련 데이터를 이진코드 데이터로 변환하도록 구성되는 이진코드 변환부;a binary code converter configured to convert the financial transaction-related data into binary code data;
    상기 금융 거래 관련 데이터를 ASCII 데이터로 변환하도록 구성되는 ASCII 변환부;an ASCII conversion unit configured to convert the financial transaction-related data into ASCII data;
    상기 금융 거래 관련 데이터를 EBCO 데이터로 변환하도록 구성되는 EBCO 변환부; 및an EBCO conversion unit configured to convert the financial transaction-related data into EBCO data; and
    상기 금융 거래 관련 데이터를 어셈블리어 데이터로 변환하도록 구성되는 어셈블리어 변환부;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템.An abnormal financial transaction detection system based on low-level data analysis comprising: an assembly language conversion unit configured to convert the financial transaction related data into assembly language data.
  5. 제4항에 있어서,According to claim 4,
    상기 로우레벨 데이터 분석부는:The low-level data analysis unit:
    상기 헥사코드 데이터를 기반으로 헥사코드 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제1 이상 금융거래 확률을 예측하도록 구성되는 헥사코드 기반 FDS 분석부;a hexacode-based FDS analyzer configured to predict a first or more financial transaction probability by extracting features related to an abnormal financial transaction by a hexacode-based artificial intelligence model based on the hexacode data;
    상기 이진코드 데이터를 기반으로 이진코드 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제2 이상 금융거래 확률을 예측하도록 구성되는 이진코드 기반 FDS 분석부;a binary code-based FDS analyzer configured to predict a second abnormal financial transaction probability by extracting features related to an abnormal financial transaction by a binary code-based artificial intelligence model based on the binary code data;
    상기 ASCII 데이터를 기반으로 ASCII 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제3 이상 금융거래 확률을 예측하도록 구성되는 ASCII 기반 FDS 분석부;an ASCII-based FDS analysis unit configured to predict a third abnormal financial transaction probability by extracting features related to an abnormal financial transaction by an ASCII-based artificial intelligence model based on the ASCII data;
    상기 EBCO 데이터를 기반으로 EBCO 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제4 이상 금융거래 확률을 예측하도록 구성되는 EBCO 기반 FDS 분석부; 및an EBCO-based FDS analyzer configured to predict a fourth abnormal financial transaction probability by extracting features related to an abnormal financial transaction by an EBCO-based artificial intelligence model based on the EBCO data; and
    상기 어셈블리어 데이터를 기반으로 어셈블리어 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제5 이상 금융거래 확률을 예측하도록 구성되는 어셈블리어 기반 FDS 분석부;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템.An assembly language-based FDS analysis unit configured to extract features related to abnormal financial transactions by an assembly language-based artificial intelligence model based on the assembly language data and predict a fifth or higher probability of financial transactions; Abnormal finance based on low-level data analysis including transaction detection system.
  6. 제5항에 있어서,According to claim 5,
    상기 이상 거래 결정부는:The abnormal transaction determining unit:
    상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하도록 구성되는 고객 거래유형 분석부;a customer transaction type analyzer configured to analyze a transaction type of the customer based on the financial transaction related data;
    상기 고객의 거래 유형에 따라 어셈블리어, 헥사코드, 이진코드, ASCII 및 EBCO의 가중치들을 설정하도록 구성되는 가중치 설정부; 및a weight setting unit configured to set weights of assembly language, hexacode, binary code, ASCII, and EBCO according to the transaction type of the customer; and
    상기 제1 이상 금융거래 확률, 상기 제2 이상 금융거래 확률, 상기 제3 이상 금융거래 확률, 상기 제4 이상 금융거래 확률, 및 상기 제5 이상 금융거래 확률에 상기 가중치들을 적용하여 이상 거래를 탐지하도록 구성되는 이상 거래 판단부;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 시스템.An abnormal transaction is detected by applying the weights to the first or higher financial transaction probability, the second or higher financial transaction probability, the third or higher financial transaction probability, the fourth or higher financial transaction probability, and the fifth or higher financial transaction probability. An abnormal financial transaction detection system based on low-level data analysis comprising: an abnormal transaction determination unit configured to:
  7. 데이터 수집부에 의해, 고객의 이용자 매체환경 정보 및 금융거래 유형 정보와 관련된 금융 거래 관련 데이터를 수집하는 단계;collecting, by a data collection unit, financial transaction-related data related to user media environment information and financial transaction type information of a customer;
    로우레벨 데이터 변환부에 의해, 수집된 금융 거래 관련 데이터를 로우레벨 데이터(low-level data)로 변환하는 단계;converting the collected financial transaction-related data into low-level data by a low-level data conversion unit;
    로우레벨 데이터 분석부에 의해, 인공지능 모델을 이용하여 상기 로우레벨 데이터를 분석하는 단계; 및analyzing the low-level data using an artificial intelligence model by a low-level data analysis unit; and
    이상 거래 결정부에 의해, 상기 인공지능 모델의 로우레벨 분석 결과를 기초로 이상 거래를 탐지하는 단계;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법.A method for detecting an abnormal financial transaction based on low-level data analysis, comprising: detecting an abnormal transaction based on a low-level analysis result of the artificial intelligence model by an abnormal transaction determining unit.
  8. 제7항에 있어서,According to claim 7,
    상기 로우레벨 데이터는 어셈블리어 데이터, 헥사코드 데이터, 이진코드 데이터, ASCII 데이터, 및 EBCO 데이터 중의 적어도 하나를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법.The method of detecting abnormal financial transactions based on low-level data analysis, wherein the low-level data includes at least one of assembly language data, hexacode data, binary code data, ASCII data, and EBCO data.
  9. 제7항에 있어서,According to claim 7,
    상기 로우레벨 데이터로 변환하는 단계는:The step of converting to the low-level data is:
    고객 거래유형 분석부에 의해, 상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하는 단계;analyzing the transaction type of the customer based on the financial transaction related data by a customer transaction type analysis unit;
    로우레벨 유형 결정부에 의해, 상기 고객의 거래 유형에 따라, 어셈블리어, 헥사코드, 이진코드, ASCII 및 EBCO를 포함하는 복수의 로우레벨 유형들 중 어느 하나의 로우레벨 유형을 결정하는 단계; 및determining, by a low-level type determining unit, one low-level type among a plurality of low-level types including assembly language, hexacode, binary code, ASCII, and EBCO, according to the transaction type of the customer; and
    로우레벨 변환부에 의해, 상기 금융 거래 관련 데이터를 상기 로우레벨 유형에 해당하는 로우레벨 데이터로 변환하는 단계;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법.A low-level data analysis-based abnormal financial transaction detection method comprising: converting the financial transaction-related data into low-level data corresponding to the low-level type by a low-level conversion unit.
  10. 제7항에 있어서,According to claim 7,
    상기 로우레벨 데이터로 변환하는 단계는:The step of converting to the low-level data is:
    헥사코드 변환부에 의해, 상기 금융 거래 관련 데이터를 헥사코드 데이터로 변환하는 단계;converting the financial transaction-related data into hexa-code data by a hexa-code converter;
    이진코드 변환부에 의해, 상기 금융 거래 관련 데이터를 이진코드 데이터로 변환하는 단계;converting the financial transaction-related data into binary code data by a binary code conversion unit;
    ASCII 변환부에 의해, 상기 금융 거래 관련 데이터를 ASCII 데이터로 변환하는 단계;converting the financial transaction-related data into ASCII data by an ASCII conversion unit;
    EBCO 변환부에 의해, 상기 금융 거래 관련 데이터를 EBCO 데이터로 변환하는 단계; 및converting the financial transaction-related data into EBCO data by an EBCO conversion unit; and
    어셈블리어 변환부에 의해, 상기 금융 거래 관련 데이터를 어셈블리어 데이터로 변환하는 단계;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법.An abnormal financial transaction detection method based on low-level data analysis, comprising: converting the financial transaction-related data into assembly language data by an assembly language conversion unit.
  11. 제10항에 있어서,According to claim 10,
    상기 로우레벨 데이터를 분석하는 단계는:The step of analyzing the low-level data is:
    헥사코드 기반 FDS 분석부에 의해, 상기 헥사코드 데이터를 기반으로 헥사코드 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제1 이상 금융거래 확률을 예측하는 단계;Predicting a first or more financial transaction probability by extracting features related to an abnormal financial transaction by a hexacode-based artificial intelligence model based on the hexacode data by a hexacode-based FDS analysis unit;
    이진코드 기반 FDS 분석부에 의해, 상기 이진코드 데이터를 기반으로 이진코드 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제2 이상 금융거래 확률을 예측하는 단계;Predicting a probability of a second or more financial transaction by extracting features related to an abnormal financial transaction by a binary code-based artificial intelligence model based on the binary code data by a binary code-based FDS analysis unit;
    ASCII 기반 FDS 분석부에 의해, 상기 ASCII 데이터를 기반으로 ASCII 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제3 이상 금융거래 확률을 예측하는 단계;Predicting a third abnormal financial transaction probability by an ASCII-based FDS analysis unit by extracting features related to an abnormal financial transaction by an ASCII-based artificial intelligence model based on the ASCII data;
    EBCO 기반 FDS 분석부에 의해, 상기 EBCO 데이터를 기반으로 EBCO 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제4 이상 금융거래 확률을 예측하는 단계; 및predicting a fourth abnormal financial transaction probability by extracting features related to abnormal financial transactions by an EBCO-based artificial intelligence model based on the EBCO data by an EBCO-based FDS analysis unit; and
    어셈블리어 기반 FDS 분석부에 의해, 상기 어셈블리어 데이터를 기반으로 어셈블리어 기반 인공지능 모델에 의해 이상 금융거래와 관련된 특징들을 추출하여 제5 이상 금융거래 확률을 예측하는 단계;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법.Extracting features related to abnormal financial transactions by an assembly language-based FDS analysis unit based on the assembly language data based on the assembly language-based artificial intelligence model and predicting a fifth or higher probability of financial transactions; based on low-level data analysis including A method for detecting abnormal financial transactions.
  12. 제11항에 있어서,According to claim 11,
    상기 이상 거래를 탐지하는 단계는:The step of detecting the abnormal transaction is:
    고객 거래유형 분석부에 의해, 상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하는 단계;analyzing the transaction type of the customer based on the financial transaction related data by a customer transaction type analysis unit;
    가중치 설정부에 의해, 상기 고객의 거래 유형에 따라 어셈블리어, 헥사코드, 이진코드, ASCII 및 EBCO의 가중치들을 설정하는 단계; 및setting, by a weight setting unit, weights of assembly language, hexacode, binary code, ASCII and EBCO according to the transaction type of the customer; and
    이상 거래 판단부에 의해, 상기 제1 이상 금융거래 확률, 상기 제2 이상 금융거래 확률, 상기 제3 이상 금융거래 확률, 상기 제4 이상 금융거래 확률, 및 상기 제5 이상 금융거래 확률에 상기 가중치들을 적용하여 이상 거래를 탐지하는 단계;를 포함하는 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법.The weighted value of the first or higher probability of financial transaction, the second or higher probability of financial transaction, the third or higher probability of financial transaction, the fourth or higher probability of financial transaction, and the fifth or higher probability of financial transaction by the abnormal transaction determination unit A method for detecting abnormal financial transactions based on low-level data analysis, comprising: detecting abnormal transactions by applying .
  13. 제7항에 있어서,According to claim 7,
    고객 거래유형 분석부에 의해, 상기 금융 거래 관련 데이터를 기초로 상기 고객의 거래 유형을 분석하는 단계;를 더 포함하고,Analyzing, by a customer transaction type analysis unit, the transaction type of the customer based on the financial transaction related data; further comprising;
    상기 로우레벨 데이터를 분석하는 단계는:The step of analyzing the low-level data is:
    상기 고객의 거래 유형에 따라 상기 로우레벨 데이터에서 복수개의 코드 영역들을 추출하는 단계; 및extracting a plurality of code regions from the low-level data according to the transaction type of the customer; and
    상기 고객의 거래 유형에 따라 각 코드 영역 별로 가중치를 설정하여 상기 로우레벨 데이터를 분석하는 단계;를 포함하는, 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법.Analyzing the low-level data by setting a weight for each code area according to the customer's transaction type; a method for detecting abnormal financial transactions based on low-level data analysis.
  14. 제7항 내지 제13항 중 어느 한 항의 로우레벨 데이터 분석 기반의 이상 금융거래 탐지 방법을 실행시키도록 컴퓨터로 판독 가능한 기록 매체에 기록된 컴퓨터 프로그램.A computer program recorded on a computer-readable recording medium to execute the abnormal financial transaction detection method based on any one of claims 7 to 13, based on low-level data analysis.
PCT/KR2021/006699 2021-05-28 2021-05-28 Fraud detection system based on low-level data analysis, and method therefor WO2022250188A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/KR2021/006699 WO2022250188A1 (en) 2021-05-28 2021-05-28 Fraud detection system based on low-level data analysis, and method therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2021/006699 WO2022250188A1 (en) 2021-05-28 2021-05-28 Fraud detection system based on low-level data analysis, and method therefor

Publications (1)

Publication Number Publication Date
WO2022250188A1 true WO2022250188A1 (en) 2022-12-01

Family

ID=84229931

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2021/006699 WO2022250188A1 (en) 2021-05-28 2021-05-28 Fraud detection system based on low-level data analysis, and method therefor

Country Status (1)

Country Link
WO (1) WO2022250188A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115729796A (en) * 2022-12-23 2023-03-03 许伟 Abnormal operation analysis method based on artificial intelligence and big data application system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2309465A1 (en) * 2002-02-28 2011-04-13 Mastercard Europe SPRL Authentication arrangement and method for use with financial transactions
US20110251892A1 (en) * 2010-04-09 2011-10-13 Kevin Laracey Mobile Phone Payment Processing Methods and Systems
KR20120021120A (en) * 2010-08-31 2012-03-08 주식회사 비즈모델라인 System for processing card transactions using encoded volatile data on electronic code-image, and device
KR20160013733A (en) * 2014-07-28 2016-02-05 주식회사 예티소프트 System and method for realtime detection of abnormal financial transaction
US20200145400A1 (en) * 2015-01-05 2020-05-07 GiveGab System and method for detecting malicious payment transaction activity using aggregate views of payment transaction data in a distributed network environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2309465A1 (en) * 2002-02-28 2011-04-13 Mastercard Europe SPRL Authentication arrangement and method for use with financial transactions
US20110251892A1 (en) * 2010-04-09 2011-10-13 Kevin Laracey Mobile Phone Payment Processing Methods and Systems
KR20120021120A (en) * 2010-08-31 2012-03-08 주식회사 비즈모델라인 System for processing card transactions using encoded volatile data on electronic code-image, and device
KR20160013733A (en) * 2014-07-28 2016-02-05 주식회사 예티소프트 System and method for realtime detection of abnormal financial transaction
US20200145400A1 (en) * 2015-01-05 2020-05-07 GiveGab System and method for detecting malicious payment transaction activity using aggregate views of payment transaction data in a distributed network environment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115729796A (en) * 2022-12-23 2023-03-03 许伟 Abnormal operation analysis method based on artificial intelligence and big data application system
CN115729796B (en) * 2022-12-23 2023-10-10 中软国际科技服务有限公司 Abnormal operation analysis method based on artificial intelligence and big data application system

Similar Documents

Publication Publication Date Title
Zhu et al. Network anomaly detection and identification based on deep learning methods
Heady et al. The architecture of a network level intrusion detection system
CA2144105C (en) Method and system for detecting intrusion into and misuse of a data processing system
CN114584405A (en) Electric power terminal safety protection method and system
CN110120948B (en) Illegal external connection monitoring method based on wireless and wired data stream similarity analysis
WO2017155292A1 (en) Anomaly detection method and detection program
CN105743880A (en) Data analysis system
WO2019160195A1 (en) Apparatus and method for detecting malicious threats contained in file, and recording medium therefor
WO2022250188A1 (en) Fraud detection system based on low-level data analysis, and method therefor
CN112632535B (en) Attack detection method, attack detection device, electronic equipment and storage medium
CN111049828B (en) Network attack detection and response method and system
Balueva et al. Approach to detection of denial-of-sleep attacks in wireless sensor networks on the base of machine learning
WO2022211301A1 (en) Method and system for detection of abnormal behavior based on autoencoder ensemble
WO2023106504A1 (en) Method, device, and computer-readable recording medium for machine learning-based observation level measurement using server system log, and for risk level calculation according to same measurement
CN118264476A (en) Network security vulnerability detection method and system based on distributed cloud computing
Han et al. State-aware network access management for software-defined networks
CN117749426A (en) Abnormal flow detection method based on graph neural network
Ghanshala et al. BNID: a behavior-based network intrusion detection at network-layer in cloud environment
CN108920958A (en) Detect method, apparatus, medium and the equipment of pe file abnormal behaviour
CN117749499A (en) Malicious encryption traffic detection method and system in network information system scene
Jaber et al. Methods for preventing distributed denial of service attacks in cloud computing
Ponnusamy et al. Investigation on iot intrusion detection in wireless environment
KR20220160998A (en) Fraud detection system based on analysis of low-level data and method of the same
KR100501210B1 (en) Intrusion detection system and method based on kernel module in security gateway system for high-speed intrusion detection on network
WO2020240637A1 (en) Learning device, determination device, learning method, determination method, learning program, and determination program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21943177

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02.04.2024)