WO2022267455A1 - 欺诈用户集中区域的预测方法、装置、设备及存储介质 - Google Patents

欺诈用户集中区域的预测方法、装置、设备及存储介质 Download PDF

Info

Publication number
WO2022267455A1
WO2022267455A1 PCT/CN2022/071480 CN2022071480W WO2022267455A1 WO 2022267455 A1 WO2022267455 A1 WO 2022267455A1 CN 2022071480 W CN2022071480 W CN 2022071480W WO 2022267455 A1 WO2022267455 A1 WO 2022267455A1
Authority
WO
WIPO (PCT)
Prior art keywords
fraudulent
user
grid point
travel
trajectory
Prior art date
Application number
PCT/CN2022/071480
Other languages
English (en)
French (fr)
Inventor
沈嘉良
胡英东
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2022267455A1 publication Critical patent/WO2022267455A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/03Credit; Loans; Processing thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/29Geographical information databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Definitions

  • the present application relates to the field of big data, and in particular to a method, device, equipment and storage medium for predicting concentrated areas of fraudulent users.
  • the inventor realizes that in the current process of identifying the range of fraudulent users, the data analysis model is relatively single, and the accuracy of predicting the concentration of fraudulent users on the existing list of fraudulent users is low, which increases the risk of being attacked by fraudulent users.
  • the present application provides a method, device, device and storage medium for predicting concentrated areas of fraudulent users, which are used to improve the accuracy of predicting concentrated areas of fraudulent users on the existing list of fraudulent users, and reduce the risk of being attacked by fraudulent users.
  • the first aspect of the present application provides a method for predicting a concentrated area of fraudulent users, including: obtaining a fraudulent user list, obtaining fraudulent user data of each fraudulent user in the fraudulent user list based on mobile location services, and User data is mapped to a gridded map to obtain grid point trajectories of multiple fraudulent users; the grid point trajectories of the multiple fraudulent users are input into a preset neural network, based on the preset neural network and preset The predicted trajectory of each fraudulent user is generated by setting the associated value, and the preset associated value is used to indicate the predicted correlation between the grid point trajectories; the grid point trajectory of each fraudulent user is connected with the corresponding predicted trajectory, and multiple trajectories of a fraudulent user, and input the trajectories of the multiple fraudulent users into the space-time clustering model to generate the travel range of each fraudulent user; based on the spatial clustering model, the travel range of the multiple fraudulent users is calculated Carry out clustering to determine the concentration area of fraudulent users.
  • the second aspect of the present application provides a prediction device for a concentrated area of fraudulent users, including a memory, a processor, and computer-readable instructions stored on the memory and operable on the processor, and the processor executes the The following steps are implemented when the computer-readable instructions are described: obtaining a list of fraudulent users, obtaining fraudulent user data of each fraudulent user in the fraudulent user list based on mobile location services, and mapping each fraudulent user data to a gridded map , to obtain the grid point trajectories of multiple fraudulent users; input the grid point trajectories of the multiple fraudulent users into the preset neural network, and generate the grid point trajectory of each fraudulent user based on the preset neural network and preset associated values Prediction trajectory, the preset associated value is used to indicate the prediction correlation between grid point trajectories; connect the grid point trajectory of each fraudulent user with the corresponding prediction trajectory to obtain the travel trajectory of multiple fraudulent users, and The travel trajectories of the plurality of fraudulent users are input into the space-time clustering model to generate the travel range of each fraudulent user
  • the third aspect of the present application provides a computer-readable storage medium, wherein computer instructions are stored in the computer-readable storage medium, and when the computer instructions are run on the computer, the computer is made to perform the following steps: obtaining a list of fraudulent users, Obtain the fraudulent user data of each fraudulent user in the fraudulent user list based on the mobile location service, and map each fraudulent user data into a grid map to obtain grid point trajectories of multiple fraudulent users;
  • the grid point trajectories of multiple fraudulent users are input into the preset neural network, and the predicted trajectory of each fraudulent user is generated based on the preset neural network and the preset associated value, and the preset associated value is used to indicate the grid point Predicted correlation between trajectories; connect the grid point trajectory of each fraudulent user with the corresponding predicted trajectory to obtain the travel trajectories of multiple fraudulent users, and input the travel trajectories of the multiple fraudulent users to the spatio-temporal clustering model
  • the traveling range of each fraudulent user is generated; the traveling ranges of the plurality of
  • the fourth aspect of the present application provides a device for predicting a concentrated area of fraudulent users, including: a mapping module, configured to obtain a list of fraudulent users, and obtain fraudulent user data of each fraudulent user in the fraudulent user list based on mobile location services, And each fraudulent user data is mapped to a gridded map to obtain grid point trajectories of multiple fraudulent users; a prediction module is used to input the grid point trajectories of the multiple fraudulent users into a preset neural network , generating the predicted track of each fraudulent user based on the preset neural network and the preset associated value, the preset associated value is used to indicate the predicted correlation between grid point trajectories; the generation module is used to connect each The grid point trajectory of the fraudulent user and the corresponding predicted trajectory are obtained to obtain the travel trajectories of multiple fraudulent users, and the travel trajectories of the multiple fraudulent users are input into the space-time clustering model to generate the travel range of each fraudulent user; A determining module, configured to cluster the travel ranges of the plurality of fraudulent users
  • the list of fraudulent users is obtained, the fraudulent user data of each fraudulent user in the fraudulent user list is obtained based on the mobile location service, and each fraudulent user data is mapped to a gridded map to obtain Grid point trajectories of a plurality of fraudulent users; input the grid point trajectories of the plurality of fraudulent users into a preset neural network, and generate a predicted trajectory of each fraudulent user based on the preset neural network and preset associated values , the preset associated value is used to indicate the predicted correlation between grid point trajectories; connect the grid point trajectories of each fraudulent user with the corresponding predicted trajectory to obtain the travel trajectories of multiple fraudulent users, and combine the
  • the travel trajectories of multiple fraudulent users are input into the space-time clustering model to generate the travel range of each fraudulent user; based on the spatial clustering model, the travel ranges of the multiple fraudulent users are clustered to determine the concentration area of fraudulent users.
  • the fraudulent user data of the fraudulent user is obtained based on the mobile location service, and the fraudulent user data is mapped to a gridded map to determine the grid point trajectory of the fraudulent user.
  • the class model predicts the trajectory of grid points of fraudulent users and determines the concentration area of fraudulent users. The accuracy rate of the fraudulent user concentrated area prediction for the existing fraudulent user list is improved, and the risk of being attacked by fraudulent users is reduced.
  • FIG. 1 is a schematic diagram of an embodiment of a method for predicting a concentrated area of fraudulent users in the embodiment of the present application
  • FIG. 2 is a schematic diagram of another embodiment of a method for predicting a concentrated area of fraudulent users in the embodiment of the present application;
  • FIG. 3 is a schematic diagram of an embodiment of a prediction device for a concentrated area of fraudulent users in the embodiment of the present application
  • FIG. 4 is a schematic diagram of another embodiment of a prediction device for a concentrated area of fraudulent users in the embodiment of the present application;
  • Fig. 5 is a schematic diagram of an embodiment of a prediction device for a concentrated area of fraudulent users in the embodiment of the present application.
  • the embodiment of the present application provides a method, device, device, and storage medium for predicting concentrated areas of fraudulent users, which are used to improve the accuracy of predicting concentrated areas of fraudulent users on the existing list of fraudulent users, and reduce the risk of being attacked by fraudulent users .
  • An embodiment of the method for predicting the concentrated area of fraudulent users in the embodiment of the present application includes:
  • the subject of execution of the present application may be a device for predicting areas where fraudulent users are concentrated, or a terminal or a server, which is not specifically limited here.
  • the embodiment of the present application is described by taking the server as an execution subject as an example.
  • the server Before predicting the concentration area of fraudulent users, the server first needs to obtain the list of fraudulent users, the fraudulent user data of each fraudulent user and the grid map.
  • the fraudulent user list here is the list record of the service platform for users who have entered the blacklist of the platform or have been identified as fraudulent.
  • the fraudulent data of each fraudulent user is obtained through location based service (LBS).
  • LBS refers to obtaining the location information of mobile terminal users through the radio communication network of the signal operator or external positioning methods.
  • a value-added service that provides users with corresponding services under the support of LBS can not only determine the geographical location of mobile devices or users, but also provide various location-related information services, specifically for information such as user preferences, user consumption levels, user working environments, user travel patterns, and user interpersonal networks.
  • the fraudulent user data obtained through LBS specifically includes the location information of the user (the location information of the fraudulent user, specifically the latitude and longitude of the geographic location), the time when the user appears at a certain location (staying time), and the corresponding The duration of inactivity (dwell period) at the location.
  • the gridded map here is to divide the geographic location into grids, each grid represents a geographic area, and each grid carries the geographic location information (latitude and longitude information), boundary information, and network information of the grid.
  • POI point of interest
  • the server After the server obtains the list of fraudulent users, the fraudulent user data of each fraudulent user, and the gridded map, it is necessary to map the fraudulent user data of each fraudulent user to the gridded map, and each gridded map shows Grid point trajectories of fraudulent users.
  • the above-mentioned basic information data can also be stored in a block chain node.
  • the preset neural network here is a long short-term memory network (long short-term memory, LSTM), which is a time recursive neural network (RNN).
  • the LSTM network includes three "gates", which are “forget gate”, “ Input gate”, “output gate”, through the above three “gates”, the prediction of input data can be realized.
  • the preset correlation value here is used to indicate the predicted correlation between the data input into the preset neural network.
  • the server After the server connects the grid point trajectory of each fraudulent user with the corresponding predicted trajectory, the travel trajectory of each fraudulent user can be obtained.
  • the spatio-temporal clustering model is used to predict the travel trajectory of each fraudulent user, and the travel range of each fraudulent user is generated.
  • the similarity measure of the clustering model mainly includes the distance of the grid point location information (latitude and longitude) and the The time interval between the appearance of the point position, the clustering is implemented using the density-based spatial clustering of applications with noise (DBSCAN).
  • the DBSCAN algorithm is a density-based spatial clustering algorithm, which divides areas with sufficient density into clusters, and finds clusters of arbitrary shape in a noisy spatial database, defining a cluster as the largest set of density-connected points.
  • the travel range of each fraudulent user can be predicted by the spatio-temporal clustering model.
  • the server needs to cluster the traveling ranges of multiple fraudulent users, so as to clarify the concentrated area where the fraudulent users appear.
  • the spatial clustering model is used in the process of clustering the travel ranges of multiple fraudulent users.
  • the similarity measure of the clustering model mainly includes the distance of the grid point location information (latitude and longitude), and the clustering To achieve the specific use of the DBSCAN algorithm.
  • the travel range of each fraudulent user is detected within the time interval, and then these travel ranges are clustered to obtain the concentration area of fraudulent users in this time period.
  • the specific clustering process is similar to the process described in step 103, so it will not be repeated here.
  • FIG. 2 another embodiment of the prediction method of the concentrated area of fraudulent users in the embodiment of the present application includes:
  • the server obtains the list of fraudulent users, and obtains the fraudulent user data of each fraudulent user in the fraudulent user list through mobile location services.
  • the location information of each fraudulent user is mapped in the initial grid map, and the location information of each fraudulent user is determined in the initial grid map to obtain a grid map;
  • the server screens out the target period in which the stay period of each fraudulent user is less than the stay threshold , remove the location information of fraudulent users corresponding to the target time period from the gridded map, and obtain grid point trajectories of multiple fraudulent users in the gridded map.
  • the staying time obtained here is rounded up in units of hours, and is used to obtain grid point records where users have stayed in different time periods (in units of hours), that is, fraudulent user data of fraudulent users.
  • the stay threshold here is set between 30 minutes and 1 hour. The specific stay threshold can be set according to the actual situation. The smaller the set stay threshold, the more likely the location of the fraudulent user displayed on the grid map will be. The more information, the greater the set stay threshold, and the less location information of fraudulent users displayed in the gridded map.
  • the server divides the grid point trajectory of each fraudulent user into the previous grid point trajectory and the later grid point trajectory according to the preset time interval points;
  • the grid point trajectories are respectively input into the initial neural network, and the previous grid point trajectories are trained using the initial neural network and preset associated values to generate a preset neural network, and the initial neural network is used to train the previous grid point trajectories;
  • the server Input the later grid point trajectory into the preset neural network, use the preset neural network to predict the later grid point trajectory, and generate the predicted trajectory of each fraudulent user.
  • the specific process of generating the preset neural network is as follows: the server divides the previous grid point trajectory of each fraudulent user among multiple fraudulent users into the grid point trajectory to be trained and the grid point trajectory to be tested; Obtain the target stay time of the target grid point track to be trained by the target fraudulent user, and input the target stay time of the target fraudulent user and the corresponding target grid point track to be trained into the initial neural network according to the chronological order of the target stay time ;
  • the server uses the preset associated value to determine the predicted conversion interval data between the target grid point trajectories to be trained; in the initial neural network, the server uses the predicted conversion interval data to carry out the target grid point track to be trained training, and verify the initial neural network by using the target grid point track to be tested by the target fraudulent user to obtain the basic neural network; Corresponding other grid point trajectories to be trained are input into the basic neural network, and the basic neural network is adjusted to generate a preset neural network.
  • Other fraudulent users are fraudulent users except the target fraudulent user among the plurality of fraudulent users
  • the server needs to determine which data predict the value of the next data in the track of grid points to be trained.
  • the trajectory of grid points to be trained is 1, 2, 3, 4, 5, and the preset correlation value is 2, then the predicted conversion interval data determined by the preset correlation value is: predicted by [1, 2] [3 ], predict [4] through [2, 3], predict [5] through [3, 4].
  • the server connects the network point trajectory of each fraudulent user with the corresponding predicted trajectory to obtain the travel trajectory of multiple fraudulent users; the server obtains multiple travel position grid points on the target travel trajectory of the multiple fraudulent users , and input multiple traveling position grid points on the target traveling trajectory into the spatiotemporal clustering model, use the spatiotemporal clustering model to randomly select a target traveling position grid point among multiple traveling position grid points, and judge the target traveling position Whether the grid point of the position complies with the preset core judgment rules; if the grid point of the target travel position complies with the preset core judgment rules, the server will determine the grid point of the target travel position as the grid point of the core travel position, and A range set is established on the grid point.
  • the target travel position network point is determined as a peripheral travel position network point; the server traverses other travel position network points according to the preset core judgment rules. Grid points until another core grid point of travel position is determined and another set of ranges is established.
  • the other grid points of travel position are the grid points of travel positions other than the grid point of target travel position among the grid points of multiple travel positions.
  • the server determines the traveling position grid point that is density-direct or density-reachable with the core traveling position grid point as the associated traveling position grid point, and associates the traveling position grid point Points are added to the corresponding range set until traversing all the travel position grid points on the target travel track, and multiple range sets are determined as the travel range of the fraudulent user corresponding to the target travel track; Input the location grid points into the spatio-temporal clustering model to determine the travel range of fraudulent users corresponding to other travel trajectories, integrate the travel range of fraudulent users corresponding to the target travel trajectory and the travel range of fraudulent users corresponding to other travel trajectories, and obtain The travel range of each fraudulent user.
  • the server first judges whether a traveling position grid point is a core traveling position grid point.
  • the preset core judgment rule is used to judge the traveling position grid point.
  • the preset core judgment rule is used to Points whose number of traveling position grid points (sample points) within the domain radius R is greater than or equal to the core point threshold are determined as core traveling position grid points.
  • a range set can be established with the core traveling position grid point as the center and the field radius R as the radius, and the range set includes at least the core point threshold number of traveling position grid points . If the grid point of the target traveling position does not conform to the preset core determination rule, the network point of the target traveling position is determined as the peripheral traveling position network point.
  • the server judges other traveling position grid points until another core traveling position grid point is determined and another range set is established, and the traveling position grid with the core traveling position grid point is density-direct or density-reachable The point is determined as an associated traveling position grid point, and the associated traveling position grid point is added to the range set.
  • density directness here refers to: if P is the core point and Q is in the R neighborhood of P, then it is called density directness from P to Q.
  • the density reachability here means that if there are core points P2, P3, ..., Pn, and P1 to P2 density direct, P2 to P3 density direct, ..., P(n-1) to Pn density direct, Pn to If the Q density is direct, then it is said that the P1 to Q density is reachable.
  • the server traverses all the traveling position grid points of a target traveling track to form a traveling range corresponding to the target traveling track. Therefore, by inputting multiple travel trajectories into the spatio-temporal clustering model, travel ranges corresponding to multiple fraudulent users can be generated.
  • the server first obtains the user to be detected, the data of the user to be detected, and the travel track of the user to be detected. Secondly, the server counts the frequency of occurrence of the track of the user to be detected in the concentration area of fraudulent users, and can detect the frequency of occurrence of the user to be detected in the concentration area of fraudulent users according to the statistical results and the time rule of occurrence (such as whether the volatility is large), etc. . If the frequency of the user to be detected is relatively high in the concentration area of fraudulent users, and the time of occurrence is relatively regular, the user to be detected is likely to be one of the historical fraudulent users, and the user to be detected has certain risks. The result of the above first similarity determination is that the user to be detected is a fraudulent user or the user to be detected is a non-fraudulent user.
  • the server calculates the similarity between the trajectory of the user to be detected and the trajectory of the fraudulent user.
  • the similarity between the two can be a cosine similarity algorithm or a Euclidean distance algorithm.
  • the algorithm for calculating the similarity is not limited in this application.
  • the coincidence degree between the travel trajectory of the user to be detected and the travel trajectory of the fraudulent user can be detected according to the similarity result. There is a high possibility that it is one of the fraudulent users, and there is a certain risk in the user to be detected.
  • the above-mentioned second similarity determination result is that the user to be detected is a fraudulent user or the user to be detected is a non-fraudulent user.
  • the server first calculates the first correlation between the trajectory of the user to be detected and the trajectory of the fraudulent user.
  • the similarity algorithm may also be a Euclidean distance algorithm, and the algorithm for calculating the correlation is not limited in this application. If the first correlation degree is greater than the first correlation threshold, it means that there is more coincidence between the trajectories of the user to be detected and the trajectories of the fraudulent user, and there is a great possibility that the user to be detected overlaps with the fraudulent user.
  • the server can also calculate the second correlation between the user data to be detected and the fraudulent user information, and can input the user data to be detected and the fraudulent user information into the existing wifi model, user information model, consumption In the model, etc., the correlation between the two is calculated. If the second correlation degree is greater than the second correlation threshold, it means that the user to be detected has a high possibility of overlapping with the fraudulent user. Both the first intersection determination result and the second intersection degree determination result indicate that the user to be detected has no intersection with the fraudulent user or that the user to be detected has an intersection with the fraudulent user.
  • first similarity determination result and the second similarity determination result are that the user to be detected is a fraudulent user, it can be directly determined that the user to be detected is a fraudulent user, only if both of the determination results are Only when the user is not a fraudulent user can it be directly determined that the user to be detected is a non-fraudulent user.
  • first intersection judgment result and the second intersection judgment result is that the user to be detected has an intersection with the fraudulent user, it can be directly determined that there is an intersection between the user to be detected and the fraudulent user, and there are only two judgment results If there is no intersection with the fraudulent user, it can be directly determined that the user to be detected has no intersection with the fraudulent user.
  • the server After the server clarifies the similarity judgment result and the intersection judgment result between the user to be detected and the fraudulent user, it will determine the behavior attribute of the user to be detected according to the judgment result, clarify the attributes of the user to be detected, and the server will perform different attributes of the user to be detected Implement different risk solutions. Specifically, when the server determines that the user to be detected is a fraudulent individual user, the first risk solution is implemented. The first risk solution can limit fraudulent individual users from handling part of the business, set up an inspection period for fraudulent individual users, and real-time fraudulent individual users The trajectory of the company and the business it handles are monitored. When the server determines that the user to be detected is a fraudulent group user, implement the second risk solution.
  • the second risk solution can limit fraudulent group users to handle any business, and at the same time predict the behavior of other users based on the grid point trajectory of the fraudulent group user Attributes, centering on fraudulent group users, further detect other users who overlap with fraudulent group users, and monitor fraudulent group users in real time, so as to identify the concentrated area of fraudulent users.
  • the server determines that the user to be detected is a whitelist user
  • the third risk solution is implemented, and the third risk solution can handle any business for unlimited whitelist users.
  • the fourth risk solution is implemented.
  • the fourth risk solution can limit risk users to handle some businesses, set up an inspection period for risk users, and conduct tracking of risk users during the inspection period. detection etc.
  • the fraudulent user data of the fraudulent user is obtained based on the mobile location service, and the fraudulent user data is mapped to a gridded map to determine the grid point trajectory of the fraudulent user.
  • the class model predicts the trajectory of grid points of fraudulent users and determines the concentration area of fraudulent users. The accuracy rate of the fraudulent user concentrated area prediction for the existing fraudulent user list is improved, and the risk of being attacked by fraudulent users is reduced.
  • the prediction device for the concentrated area of fraudulent users in the embodiment of the present application One embodiment includes: a mapping module 301, configured to obtain a fraudulent user list, obtain fraudulent user data of each fraudulent user in the fraudulent user list based on mobile location services, and map each fraudulent user data to a gridded map, Obtain the grid point trajectories of multiple fraudulent users; the prediction module 302 is used to input the grid point trajectories of multiple fraudulent users into the preset neural network, and generate each fraudulent user based on the preset neural network and preset associated values.
  • a mapping module 301 configured to obtain a fraudulent user list, obtain fraudulent user data of each fraudulent user in the fraudulent user list based on mobile location services, and map each fraudulent user data to a gridded map, Obtain the grid point trajectories of multiple fraudulent users
  • the prediction module 302 is used to input the grid point trajectories of multiple fraudulent users into the preset neural network, and generate each fraudulent user based on the preset neural network and preset associated values.
  • the predicted trajectory of the preset correlation value is used to indicate the predicted correlation between the grid point trajectories; the generation module 303 is used to connect the grid point trajectory of each fraudulent user with the corresponding predicted trajectory, and obtain the travel trajectory, and input the travel trajectories of multiple fraudulent users into the space-time clustering model to generate the travel range of each fraudulent user; the determination module 304 is used to aggregate the travel ranges of multiple fraudulent users based on the spatial clustering model Classes to determine areas where fraudulent users are concentrated.
  • another embodiment of the device for predicting the concentration area of fraudulent users in the embodiment of the present application includes: a mapping module 301, which is used to obtain a list of fraudulent users, and obtain the information of each fraudulent user in the list of fraudulent users based on mobile location services.
  • each fraudulent user data is mapped to a gridded map to obtain grid point trajectories of multiple fraudulent users
  • prediction module 302 is used to input the grid point trajectories of multiple fraudulent users to the preset In the neural network, the predicted trajectory of each fraudulent user is generated based on the preset neural network and the preset associated value, and the preset associated value is used to indicate the predicted correlation between the grid point trajectories
  • the generation module 303 is used to connect each The grid point trajectory of the fraudulent user and the corresponding predicted trajectory are obtained to obtain the travel trajectories of multiple fraudulent users, and the travel trajectories of multiple fraudulent users are input into the space-time clustering model to generate the travel range of each fraudulent user
  • the determination module 304 for clustering the travel ranges of multiple fraudulent users based on the spatial clustering model, and determining a concentration area of fraudulent users.
  • the mapping module 301 is specifically used to: obtain a list of fraudulent users, obtain fraudulent user data of each fraudulent user in the fraudulent user list through mobile location services, and the fraudulent user data includes the fraudulent user's location information, stay time, and stay period ; Map the location information of each fraudulent user in the initial grid map, determine the location information of each fraudulent user in the initial grid map, and obtain the grid map; screen out the stay period of each fraudulent user less than Stay at the target period of the threshold, remove the location information of fraudulent users corresponding to the target period in the grid map, and obtain grid point trajectories of multiple fraudulent users in the grid map.
  • the prediction module 302 includes: a division unit 3021, which is used to divide the grid point trajectory of each fraudulent user into a previous grid point trajectory and a later grid point trajectory according to preset time intervals; a training unit 3022, It is used to input the previous grid point trajectory of each fraudulent user into the initial neural network, and use the initial neural network and preset associated values to train the previous grid point trajectory to generate a preset neural network , the initial neural network is used to train the previous grid point trajectory; the prediction unit 3023 is used to input the later grid point trajectory into the preset neural network, and use the preset neural network to predict the later grid point trajectory to generate Predicted trajectory for each fraudulent user.
  • a division unit 3021 which is used to divide the grid point trajectory of each fraudulent user into a previous grid point trajectory and a later grid point trajectory according to preset time intervals
  • a training unit 3022 It is used to input the previous grid point trajectory of each fraudulent user into the initial neural network, and use the initial neural network and preset associated values to train the previous grid point trajectory to generate
  • the training unit 3022 is specifically configured to: divide the previous grid point trajectories of each of the multiple fraudulent users into grid point trajectories to be trained and grid point trajectories to be tested; among the multiple fraudulent users Obtain the target stay time of the target grid point track to be trained by the target fraudulent user, and input the target stay time of the target fraudulent user and the corresponding target grid point track to be trained into the initial neural network according to the chronological order of the target stay time;
  • the predicted conversion interval data between the target grid point trajectories to be trained is determined by using the preset associated value; in the initial neural network, the target grid point trajectory to be trained is trained by predicting the conversion interval data, and
  • the initial neural network is verified by the target grid point track to be tested by the target fraudulent user, and the basic neural network is obtained; other staying times of other grid point tracks to be trained by other fraudulent users are obtained, and the other staying times and corresponding other waiting points are obtained.
  • the trajectory of the training grid points is input into the basic neural network, and the basic
  • the generation module 303 is specifically configured to: connect the network point trajectory of each fraudulent user and the corresponding predicted trajectory to obtain the travel trajectory of multiple fraudulent users; grid points of traveling positions, and input multiple grid points of traveling positions on the target traveling trajectory into the spatio-temporal clustering model, and use the spatio-temporal clustering model to randomly select a target traveling position network among multiple traveling position grid points.
  • the grid point to determine whether the grid point of the target travel position conforms to the preset core judgment rule; if the grid point of the target travel position conforms to the preset core judgment rule, then determine the grid point of the target travel position as the core travel position grid point, and Establish a range set on the core traveling position grid point, if the target traveling position grid point does not meet the preset core judgment rules, then determine the target traveling position network point as the peripheral traveling position network point; traverse according to the preset core judgment rule Other traveling position grid points, until another core traveling position grid point is determined and another range set is established, the other traveling position grid points are the travels other than the target traveling position grid point among the plurality of traveling position grid points position grid point; among multiple travel position grid points, determine the travel position grid point that is density-direct or density-reachable with the core travel position grid point as the associated travel position grid point, and associates the travel position grid point with the The location grid points are added to the corresponding range set until all the travel position grid points on the target travel trajectory are traversed, and multiple range
  • the device for predicting the concentrated area of fraudulent users further includes: a solution module 305, configured to obtain the user to be detected, the data of the user to be detected, and the trajectory of the user to be detected, and separate the data of the user to be detected and the trajectory of the user to be detected Compare with the concentrated area of fraudulent users and the travel range of fraudulent users, determine the behavior attributes of the users to be detected, and determine the risk solution according to the behavior attributes of the users to be detected.
  • a solution module 305 configured to obtain the user to be detected, the data of the user to be detected, and the trajectory of the user to be detected, and separate the data of the user to be detected and the trajectory of the user to be detected Compare with the concentrated area of fraudulent users and the travel range of fraudulent users, determine the behavior attributes of the users to be detected, and determine the risk solution according to the behavior attributes of the users to be detected.
  • the solving module 305 is specifically used to: acquire the user to be detected, the data of the user to be detected, and the travel track of the user to be detected; compare the travel track of the user to be detected with the concentration area of fraudulent users, and determine the user to be detected and the fraudulent user.
  • the similarity determination results between users, the similarity determination results are used to indicate that the user to be detected is a fraudulent user or the user to be detected is a non-fraudulent user; Compare the user data to determine the intersection judgment result between the user to be detected and the fraudulent user.
  • intersection judgment result is used to indicate that the user to be detected has no intersection with the fraudulent user or that the user to be detected has an intersection with the fraudulent user; based on the user to be detected and the fraudulent user
  • the similarity judgment results and the intersection judgment results between determine the behavior attributes of the users to be detected, and determine the risk solution according to the behavior attributes of the users to be detected.
  • the fraudulent user data of the fraudulent user is obtained based on the mobile location service, and the fraudulent user data is mapped to a gridded map to determine the grid point trajectory of the fraudulent user.
  • the class model predicts the trajectory of grid points of fraudulent users and determines the concentration area of fraudulent users. The accuracy rate of the fraudulent user concentrated area prediction for the existing fraudulent user list is improved, and the risk of being attacked by fraudulent users is reduced.
  • Fig. 5 is a schematic structural diagram of a prediction device in a concentrated area of fraudulent users provided by an embodiment of the present application.
  • the prediction device 500 in a concentrated area of fraudulent users may have relatively large differences due to different configurations or performances, and may include one or more than one Processor (central processing units, CPU) 510 (for example, one or more processors) and memory 520, one or more storage media 530 for storing application programs 533 or data 532 (for example, one or more mass storage devices).
  • the memory 520 and the storage medium 530 may be temporary storage or persistent storage.
  • the program stored in the storage medium 530 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations in the prediction device 500 in areas where fraudulent users are concentrated.
  • the processor 510 may be configured to communicate with the storage medium 530, and execute a series of instruction operations in the storage medium 530 on the prediction device 500 in the fraudulent user concentration area.
  • the prediction device 500 of the concentrated area of fraudulent users may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input and output interfaces 560, and/or, one or more operating systems 531, Such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc.
  • operating systems 531 Such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc.
  • the present application also provides a prediction device for a concentrated area of fraudulent users.
  • the computer device includes a memory and a processor.
  • Computer-readable instructions are stored in the memory. When the computer-readable instructions are executed by the processor, the processor executes the above implementations. The steps of the method for predicting the concentration area of fraudulent users in the example.
  • the present application also provides a computer-readable storage medium.
  • the computer-readable storage medium may be a non-volatile computer-readable storage medium or a volatile computer-readable storage medium.
  • Instructions are stored, and when the instructions are run on the computer, the computer is made to execute the steps of the method for predicting the concentrated area of fraudulent users.
  • Blockchain essentially a decentralized database, is a series of data blocks associated with cryptographic methods.
  • the data blocks contain a batch of network transaction information, which is used to verify its information. Validity (anti-counterfeiting) and generation of the next block.
  • the blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.
  • the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium.
  • the technical solution of the present application is essentially or part of the contribution to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disc and other media that can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Biomedical Technology (AREA)
  • Artificial Intelligence (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biophysics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Databases & Information Systems (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Remote Sensing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本申请涉及大数据领域,公开了欺诈用户集中区域的预测方法、装置、设备及存储介质,用于提高对现有的欺诈用户名单进行欺诈用户集中区域预测的准确率。欺诈用户集中区域的预测方法包括:通过基于移动位置服务获取每个欺诈用户的欺诈用户数据并映射至网格化地图中,得到多个欺诈用户的网格点轨迹;基于预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹;连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将其输入至时空聚类模型中,生成欺诈用户的行进范围;基于空间聚类模型对多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。本申请还涉及区块链技术,基本信息数据可存储于区块链中。

Description

欺诈用户集中区域的预测方法、装置、设备及存储介质
本申请要求于2021年6月22日提交中国专利局、申请号为202110691599.8、发明名称为“欺诈用户集中区域的预测方法、装置、设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。
技术领域
本申请涉及大数据领域,尤其涉及一种欺诈用户集中区域的预测方法、装置、设备及存储介质。
背景技术
随着互联网行业的不断发展,在相同的流畅网络体验情况下,网络安全逐渐成为了最重视的一环。用户在使用计算机网络的过程中,存在将用户信息上传至互联网的情况,例如:通过PC端办理个人信用借贷业务时,业务平台通常会收集用户身份信息、银行卡信息、个人征信等维度对用户进行审核。而在此过程中,职业欺诈用户往往用虚假信息骗取贷款,如:伪造交易记录、伪造通话记录、制造用户个人信息及良好信用等。一旦存在欺诈用户成功欺骗过业务系统情况,业务系统的安全性将不能保证,造成更大的损失,因此合理对欺诈用户进行监控或对待检测用户进行预测应是给予高度重视的。
发明人意识到目前对欺诈用户出现范围识别的过程中,数据分析模型较为单一,对现有的欺诈用户名单进行欺诈用户集中区域预测的准确率低下,增加了被欺诈用户攻击的风险。
发明内容
本申请提供了一种欺诈用户集中区域的预测方法、装置、设备及存储介质,用于提高对现有的欺诈用户名单进行欺诈用户集中区域预测的准确率,降低被欺诈用户攻击的风险。
本申请第一方面提供了一种欺诈用户集中区域的预测方法,包括:获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性;连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
本申请第二方面提供了一种欺诈用户集中区域的预测设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如下步骤:获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性;连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
本申请的第三方面提供了一种计算机可读存储介质,所述计算机可读存储介质中存储计算机指令,当所述计算机指令在计算机上运行时,使得计算机执行如下步骤:获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;将所述多 个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性;连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
本申请第四方面提供了一种欺诈用户集中区域的预测装置,包括:映射模块,用于获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;预测模块,用于将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性;生成模块,用于连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;确定模块,用于基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
本申请提供的技术方案中,获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性;连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。本申请实施例中,通过基于移动位置服务获取欺诈用户的欺诈用户数据,并将欺诈用户数据映射至网格化地图中,确定欺诈用户的网格点轨迹,依次利用预置神经网络和时空聚类模型对欺诈用户的网格点轨迹进行预测,确定欺诈用户集中区域。提高了对现有的欺诈用户名单进行欺诈用户集中区域预测的准确率,降低了被欺诈用户攻击的风险。
附图说明
图1为本申请实施例中欺诈用户集中区域的预测方法的一个实施例示意图;
图2为本申请实施例中欺诈用户集中区域的预测方法的另一个实施例示意图;
图3为本申请实施例中欺诈用户集中区域的预测装置的一个实施例示意图;
图4为本申请实施例中欺诈用户集中区域的预测装置的另一个实施例示意图;
图5为本申请实施例中欺诈用户集中区域的预测设备的一个实施例示意图。
具体实施方式
本申请实施例提供了一种欺诈用户集中区域的预测方法、装置、设备及存储介质,用于提高对现有的欺诈用户名单进行欺诈用户集中区域预测的准确率,降低被欺诈用户攻击的风险。
为便于理解,下面对本申请实施例的具体流程进行描述,请参阅图1,本申请实施例中欺诈用户集中区域的预测方法的一个实施例包括:
101、获取欺诈用户名单,通过基于移动位置服务获取欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;
可以理解的是,本申请的执行主体可以为欺诈用户集中区域的预测装置,还可以是终端或者服务器,具体此处不做限定。本申请实施例以服务器为执行主体为例进行说明。
在对欺诈用户集中区域进行预测之前,首先服务器需要获取欺诈用户名单、每个欺诈用户的欺诈用户数据和网格化地图。这里的欺诈用户名单是业务平台对于曾经进入平台黑名单或被曾经被识别为欺诈的用户的名单记录。每个欺诈用户的欺诈数据是通过基于移动位置服务(location based service,LBS)获取的,LBS是指通过信号运营商的无线电通讯网络或外部定位方式,获取移动终端用户的位置信息,在GIS平台的支持下,为用户提供相应服务的一种增值业务。LBS不仅可以确定移动设备或用户所在的地理位置,还可以提供与位置相关的各类信息服务,具体可以为用户喜好、用户消费水平、用户工作环境、用户出行规律、用户人际网络等信息,并通过这些信息建立丰富的用户画像。在本申请中,通过LBS获取到的欺诈用户数据具体包括用户出现的位置信息(欺诈用户的位置信息,具体为地理位置的经纬度)、在某一位置出现的时刻(停留时刻)以及对应在该位置上的静止时长(停留时段)。这里的网格化地图是将地理位置划分成了一个个网格,每一个网格代表一个地理区域,且每一个网格携带了该网格的地理位置信息(经纬度信息)、边界信息、网格所在地名称、网格内兴趣点信息(point of interest,POI)等。上述信息在本申请中均为已知信息,具体信息的获取过程在此不再赘述。
在服务器获取了欺诈用户名单、每个欺诈用户的欺诈用户数据和网格化地图之后,需要将每个欺诈用户的欺诈用户数据映射至网格化地图中,在网格化地图中显示出每个欺诈用户的网格点轨迹。为进一步保证上述欺诈用户数据的私密和安全性,上述基本信息数据还可以存储于一区块链的节点中。
102、将多个欺诈用户的网格点轨迹输入至预置神经网络中,基于预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,预置关联数值用于指示网格点轨迹之间的预测关联性;
服务器在获取多个欺诈用户的网格点轨迹之后,需要利用预置神经网络预测每个欺诈用户的未来行进趋势,以此作为预测欺诈用户集中区域的基础数据。这里的预置神经网络为长短期记忆网络(long short-term memory,LSTM),是一种时间递归神经网络(RNN),LSTM网络中包括三个“门”,依次为“遗忘门”、“输入门”、“输出门”,通过上述三个“门”可以实现对输入数据的预测。需要说明的是,这里的预置关联数值用以指示输入预置神经网络中的数据之间的预测关联性。
103、连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;
服务器将每个欺诈用户的网格点轨迹和对应的预测轨迹连接起来以后,即可得到每个欺诈用户的行进轨迹。这时利用时空聚类模型对每个欺诈用户的行进轨迹进行预测,生成每个欺诈用户的行进范围,聚类模型的相似性度量主要包括网格点位置信息(经纬度)的距离以及在网格点位置出现的时间间隔,聚类的实现具体采用的是具有噪声的基于密度的聚类方法(density-based spatial clustering of applications with noise,DBSCAN)。DBSCAN算法是一种基于密度的空间聚类算法,其将具有足够密度的区域划分为簇,并在具有噪声的空间数据库中发现任意形状的簇,将簇定义为密度相连的点的最大集合。通过时空聚类模型可以预测每个欺诈用户的行进范围。
104、基于空间聚类模型对多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
需要说明的是,服务器在获取每个欺诈用户的行进范围之后,需要对多个欺诈用户的行进范围进行聚类,从而明确欺诈用户出现的集中区域。需要说明的是,对多个欺诈用户的行进范围进行聚类的过程中采用的是空间聚类模型,聚类模型的相似性度量主要包括网 格点位置信息(经纬度)的距离,聚类的实现具体采用的是DBSCAN算法。在聚类过程中针对一个固定的时间间隔,检测在该时间间隔内各欺诈用户的行进范围,然后对这些行进范围进行聚类,获得该时间段的欺诈用户集中区域。进一步说明的是,具体的聚类过程与步骤103中所描述的过程相似,故不在此赘述。
请参阅图2,本申请实施例中欺诈用户集中区域的预测方法的另一个实施例包括:
201、获取欺诈用户名单,通过基于移动位置服务获取欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;
具体的,服务器获取欺诈用户名单,通过基于移动位置服务获取欺诈用户名单中每个欺诈用户的欺诈用户数据,欺诈用户数据包括欺诈用户的位置信息、停留时刻以及停留时段;服务器将每个欺诈用户的位置信息映射在初始网格化地图中,在初始网格化地图中确定每个欺诈用户的位置信息,得到网格化地图;服务器筛选出每个欺诈用户的停留时段小于停留阈值的目标时段,在网格化地图中将目标时段对应的欺诈用户的位置信息剔除,在网格化地图中得到多个欺诈用户的网格点轨迹。
需要说明的是,这里获取停留时刻是以小时为单位取整,用以获得用户在不同时间内(以小时为单位)曾经停留的网格点记录,即欺诈用户的欺诈用户数据。此外,这里的将停留阈值设定在30分钟至1小时之间,具体的停留阈值可以根据实际情况进行设定,设定的停留阈值越小,在网格化地图中显示的欺诈用户的位置信息越多,设定的停留阈值越大,在网格化地图中显示的欺诈用户的位置信息越少。
202、将多个欺诈用户的网格点轨迹输入至预置神经网络中,基于预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,预置关联数值用于指示网格点轨迹之间的预测关联性;
具体的,服务器分别将每个欺诈用户的网格点轨迹按照预置时刻间隔点划分为前期网格点轨迹和后期网格点轨迹;服务器将多个欺诈用户中的每个欺诈用户的前期网格点轨迹分别输入至初始神经网络中,利用初始神经网络和预置关联数值对前期网格点轨迹进行训练,生成预置神经网络,初始神经网络用于对前期网格点轨迹进行训练;服务器将后期网格点轨迹输入至预置神经网络中,利用预置神经网络对后期网格点轨迹进行预测,生成每个欺诈用户的预测轨迹。具体生成预置神经网络的过程如下:服务器将多个欺诈用户中的每个欺诈用户的前期网格点轨迹划分为待训练网格点轨迹和待测试网格点轨迹;服务器在多个欺诈用户中获取目标欺诈用户的目标待训练网格点轨迹的目标停留时刻,并按照目标停留时刻的时间顺序将目标欺诈用户的目标停留时刻和对应的目标待训练网格点轨迹输入至初始神经网络中;服务器在初始神经网络中,利用预置关联数值确定目标待训练网格点轨迹之间的预测转化间隔数据;服务器在初始神经网络中,通过预测转化间隔数据对目标待训练网格点轨迹进行训练,并利用目标欺诈用户的目标待测试网格点轨迹对初始神经网络进行验证,得到基础神经网络;服务器获取其他欺诈用户的其他待训练网格点轨迹的其他停留时刻,将其他停留时刻和对应的其他待训练网格点轨迹输入至基础神经网络中,对基础神经网络进行调整,生成预置神经网络,其他欺诈用户为多个欺诈用户中除目标欺诈用户之外的欺诈用户。
在对欺诈用户的前期网格点轨迹进行训练时,首先需要将前期网格点轨迹划分成待训练网格点轨迹和待测试网格点轨迹,待训练网格点轨迹用于输入至初始神经网络中并被初始神经网络训练,进而得到基础神经网络;待测试网格点轨迹用于对基础神经网络进行验证,使得最终得到预置神经网络更准确。在初始神经网络中,服务器需要确定在待训练网格点轨迹中,由哪几个数据预测后一个数据的值。举例说明:待训练网格点轨迹为1、2、 3、4、5,预置关联数值为2,则由预置关联数值确定的预测转化间隔数据为:通过[1,2]预测[3]、通过[2,3]预测[4]、通过[3,4]预测[5]。
203、连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;
具体的,服务器连接每个欺诈用户的网络点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹;服务器获取多个欺诈用户的行进轨迹中目标行进轨迹上的多个行进位置网格点,并将目标行进轨迹上的多个行进位置网格点输入至时空聚类模型中,利用时空聚类模型在多个行进位置网格点中随机选取一个目标行进位置网格点,判断目标行进位置网格点是否符合预置核心判定规则;服务器若目标行进位置网格点符合预置核心判定规则,则将目标行进位置网格点确定为核心行进位置网格点,并在核心行进位置网格点上建立一个范围集合,若目标行进位置网格点不符合预置核心判定规则,则将目标行进位置网络点确定为外围行进位置网络点;服务器根据预置核心判定规则遍历其他行进位置网格点,直到确定另一个核心行进位置网格点并建立另一个范围集合,其他行进位置网格点为多个行进位置网格点中除目标行进位置网格点之外的行进位置网格点;服务器在多个行进位置网格点中,将与核心行进位置网格点呈密度直达或呈密度可达的行进位置网格点确定为关联行进位置网格点,并将关联行进位置网格点添加至对应的范围集合内,直到遍历目标行进轨迹上的所有行进位置网格点,将多个范围集合确定为目标行进轨迹对应的欺诈用户的行进范围;服务器将其他行进轨迹的多个行进位置网格点输入至时空聚类模型中,确定其他行进轨迹对应的欺诈用户的行进范围,对目标行进轨迹对应的欺诈用户的行进范围和其他行进轨迹对应的欺诈用户的行进范围进行整合,得到每个欺诈用户的行进范围。
需要说明的是,服务器首先判断一个行进位置网格点是否为核心行进位置网格点,这里利用的是预置核心判定规则对行进位置网格点进行判断,预置核心判定规则用于将邻域半径R内的行进位置网格点(样本点)的数量大于或等于核心点阈值的点确定为做核心行进位置网格点。当确定一个核心行进位置网格点之后,就可以以该核心行进位置网格点为中心以领域半径R为半径建立一个范围集合,该范围集合中包括至少核心点阈值数量的行进位置网格点。若目标行进位置网格点不符合预置核心判定规则,则将目标行进位置网络点确定为外围行进位置网络点。然后服务器在判断其他行进位置网格点,直到确定另一个核心行进位置网格点并建立另一个范围集合,并将与核心行进位置网格点呈密度直达或呈密度可达的行进位置网格点确定为关联行进位置网格点,并将关联行进位置网格点添加至范围集合内。进一步说明的是,这里的密度直达指的是:如果P为核心点,Q在P的R邻域内,那么称P到Q密度直达。这里的密度可达指的是如果存在核心点P2,P3,……,Pn,且P1到P2密度直达,P2到P3密度直达,……,P(n-1)到Pn密度直达,Pn到Q密度直达,那么称P1到Q密度可达。服务器遍历一个目标行进轨迹的所有行进位置网格点,会形成该目标行进轨迹对应的行进范围。因此,将多个行进轨迹输入至时空聚类模型中,可以生成多个欺诈用户对应的行进范围。
204、基于空间聚类模型对多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域;
进一步说明的是,此处过程与步骤104中所描述的过程相同,故不在此赘述。
205、获取待检测用户、待检测用户数据以及待检测用户的行进轨迹,将待检测用户数据以及待检测用户的行进轨迹分别与欺诈用户的欺诈用户集中区域以及欺诈用户的行进范围进行比对,确定待检测用户的行为属性,并根据待检测用户的行为属性确定风险解决方案。
具体的,服务器首先获取待检测用户、待检测用户数据以及待检测用户的行进轨迹。其次服务器统计待检测用户的行进轨迹在欺诈用户集中区域中的出现频次,根据统计结果可以检测出待检测用户在欺诈用户集中区域出现的频次以及出现的时间规律(如波动性是否较大)等。若待检测用户出现在欺诈用户集中区域的频率较高,出现时间较规律,则待检测用户有极大的可能性为历史欺诈用户之一,该待检测用户存在一定的风险。上述第一相似判定结果为待检测用户为欺诈用户或待检测用户为非欺诈用户。
然后服务器计算待检测用户的行进轨迹和欺诈用户的行进轨迹之间的相似度,这里计算两者相似度的计算方式有很多,可以为余弦相似度算法,也可以为欧几里得距离算法,在本申请中并不对计算相似度的算法进行限定。在计算两者相似度之后,可以根据相似度结果检测出待检测用户的行进轨迹与欺诈用户的行进轨迹之间的重合度,重合度越高(相似度越大),则待检测用户有极大的可能性为欺诈用户之一,该待检测用户存在一定的风险。上述第二相似判定结果为待检测用户为欺诈用户或待检测用户为非欺诈用户。
同理,服务器检测待检测用户与欺诈用户之间的交集判定结果也有两种检测方式。第一种检测方式中,服务器首先计算待检测用户的行进轨迹和欺诈用户的行进轨迹之间的第一相关度,这里计算两者之间的相关度所采用的计算方式有很多,可以为余弦相似度算法,也可以为欧几里得距离算法,在本申请中并不对计算相关度的算法进行限定。若第一相关度大于第一相关阈值,则说明待检测用户的行进轨迹和欺诈用户的行进轨迹之间的重合度较多,待检测用户有极大的可能性与欺诈用户有交集。第二种检测方式中,服务器还可以计算待检测用户数据和欺诈用户信息之间的第二相关度,可以将待检测用户数据和欺诈用户信息输入至现有的wifi模型、用户信息模型、消费模型等中,计算两者之间的相关度。若第二相关度大于第二相关阈值,则说明待检测用户有极大的可能性与欺诈用户有交集。上述第一交集判定结果和第二交集程度判定结果均指示待检测用户与欺诈用户无交集或待检测用户与欺诈用户有交集。
需要说明的是,当第一相似判定结果和第二相似判定结果中只要有一个判定结果为待检测用户为欺诈用户,就可以直接判定该待检测用户为欺诈用户,只有两个判定结果都为非欺诈用户,才能直接判定该待检测用户为非欺诈用户。同理,当第一交集判定结果和第二交集判定结果中只要有一个判定结果为待检测用户与欺诈用户有交集,就可以直接判定该待检测用户与欺诈用户存在交集,只有两个判定结果都为与欺诈用户无交集,才能直接判定该待检测用户与欺诈用户无交集。
服务器在明确待检测用户与欺诈用户之间的相似判定结果以及交集判定结果之后,会根据判定结果确定待检测用户的行为属性,明确待检测用户的属性,服务器将会对不同属性的待检测用户实施不同的风险解决方案。具体的,当服务器判定待检测用户为欺诈个人用户时,实施第一风险解决方案,第一风险解决方案可以为限制欺诈个人用户办理部分业务,对欺诈个人用户设立考察期,实时对欺诈个人用户的行进轨迹以及所办理的业务进行监控等。当服务器判定待检测用户为欺诈团体用户时,实施第二风险解决方案,第二风险解决方案可以为限制欺诈团体用户办理任何业务,同时根据欺诈团体用户的网格化点轨迹预测其他用户的行为属性,以欺诈团体用户为中心,进一步检测出与欺诈团体用户存在交集的其他用户,并实时监测欺诈团体用户,从而识别欺诈用户的集中区域。当服务器判定待检测用户为白名单用户时,实施第三风险解决方案,第三风险解决方案可以为不限制白名单用户办理任何业务。当服务器判定待检测用户为风险用户时,实施第四风险解决方案,第四风险解决方案可以为限制风险用户办理部分业务,对风险用户设立考察期,在考察期期间对风险用户进行行进轨迹的检测等。
本申请实施例中,通过基于移动位置服务获取欺诈用户的欺诈用户数据,并将欺诈用 户数据映射至网格化地图中,确定欺诈用户的网格点轨迹,依次利用预置神经网络和时空聚类模型对欺诈用户的网格点轨迹进行预测,确定欺诈用户集中区域。提高了对现有的欺诈用户名单进行欺诈用户集中区域预测的准确率,降低了被欺诈用户攻击的风险。
上面对本申请实施例中欺诈用户集中区域的预测方法进行了描述,下面对本申请实施例中欺诈用户集中区域的预测装置进行描述,请参阅图3,本申请实施例中欺诈用户集中区域的预测装置一个实施例包括:映射模块301,用于获取欺诈用户名单,通过基于移动位置服务获取欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;预测模块302,用于将多个欺诈用户的网格点轨迹输入至预置神经网络中,基于预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,预置关联数值用于指示网格点轨迹之间的预测关联性;生成模块303,用于连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;确定模块304,用于基于空间聚类模型对多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
请参阅图4,本申请实施例中欺诈用户集中区域的预测装置的另一个实施例包括:映射模块301,用于获取欺诈用户名单,通过基于移动位置服务获取欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;预测模块302,用于将多个欺诈用户的网格点轨迹输入至预置神经网络中,基于预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,预置关联数值用于指示网格点轨迹之间的预测关联性;生成模块303,用于连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;确定模块304,用于基于空间聚类模型对多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
可选的,映射模块301具体用于:获取欺诈用户名单,通过基于移动位置服务获取欺诈用户名单中每个欺诈用户的欺诈用户数据,欺诈用户数据包括欺诈用户的位置信息、停留时刻以及停留时段;将每个欺诈用户的位置信息映射在初始网格化地图中,在初始网格化地图中确定每个欺诈用户的位置信息,得到网格化地图;筛选出每个欺诈用户的停留时段小于停留阈值的目标时段,在网格化地图中将目标时段对应的欺诈用户的位置信息剔除,在网格化地图中得到多个欺诈用户的网格点轨迹。
可选的,预测模块302包括:划分单元3021,用于分别将每个欺诈用户的网格点轨迹按照预置时刻间隔点划分为前期网格点轨迹和后期网格点轨迹;训练单元3022,用于将多个欺诈用户中的每个欺诈用户的前期网格点轨迹分别输入至初始神经网络中,利用初始神经网络和预置关联数值对前期网格点轨迹进行训练,生成预置神经网络,初始神经网络用于对前期网格点轨迹进行训练;预测单元3023,用于将后期网格点轨迹输入至预置神经网络中,利用预置神经网络对后期网格点轨迹进行预测,生成每个欺诈用户的预测轨迹。
可选的,训练单元3022具体用于:将多个欺诈用户中的每个欺诈用户的前期网格点轨迹划分为待训练网格点轨迹和待测试网格点轨迹;在多个欺诈用户中获取目标欺诈用户的目标待训练网格点轨迹的目标停留时刻,并按照目标停留时刻的时间顺序将目标欺诈用户的目标停留时刻和对应的目标待训练网格点轨迹输入至初始神经网络中;在初始神经网络中,利用预置关联数值确定目标待训练网格点轨迹之间的预测转化间隔数据;在初始神经网络中,通过预测转化间隔数据对目标待训练网格点轨迹进行训练,并利用目标欺诈用户的目标待测试网格点轨迹对初始神经网络进行验证,得到基础神经网络;获取其他欺诈用户的其他待训练网格点轨迹的其他停留时刻,将其他停留时刻和对应的其他待训练网格 点轨迹输入至基础神经网络中,对基础神经网络进行调整,生成预置神经网络,其他欺诈用户为多个欺诈用户中除目标欺诈用户之外的欺诈用户。
可选的,生成模块303具体用于:连接每个欺诈用户的网络点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹;获取多个欺诈用户的行进轨迹中目标行进轨迹上的多个行进位置网格点,并将目标行进轨迹上的多个行进位置网格点输入至时空聚类模型中,利用时空聚类模型在多个行进位置网格点中随机选取一个目标行进位置网格点,判断目标行进位置网格点是否符合预置核心判定规则;若目标行进位置网格点符合预置核心判定规则,则将目标行进位置网格点确定为核心行进位置网格点,并在核心行进位置网格点上建立一个范围集合,若目标行进位置网格点不符合预置核心判定规则,则将目标行进位置网络点确定为外围行进位置网络点;根据预置核心判定规则遍历其他行进位置网格点,直到确定另一个核心行进位置网格点并建立另一个范围集合,其他行进位置网格点为多个行进位置网格点中除目标行进位置网格点之外的行进位置网格点;在多个行进位置网格点中,将与核心行进位置网格点呈密度直达或呈密度可达的行进位置网格点确定为关联行进位置网格点,并将关联行进位置网格点添加至对应的范围集合内,直到遍历目标行进轨迹上的所有行进位置网格点,将多个范围集合确定为目标行进轨迹对应的欺诈用户的行进范围;将其他行进轨迹的多个行进位置网格点输入至时空聚类模型中,确定其他行进轨迹对应的欺诈用户的行进范围,对目标行进轨迹对应的欺诈用户的行进范围和其他行进轨迹对应的欺诈用户的行进范围进行整合,得到每个欺诈用户的行进范围。
可选的,欺诈用户集中区域的预测装置还包括:解决模块305,用于获取待检测用户、待检测用户数据以及待检测用户的行进轨迹,将待检测用户数据以及待检测用户的行进轨迹分别与欺诈用户的欺诈用户集中区域以及欺诈用户的行进范围进行比对,确定待检测用户的行为属性,并根据待检测用户的行为属性确定风险解决方案。
可选的,解决模块305具体用于:获取待检测用户、待检测用户数据以及待检测用户的行进轨迹;将待检测用户的行进轨迹与欺诈用户集中区域进行比对,确定待检测用户与欺诈用户之间的相似判定结果,相似判定结果用于指示待检测用户为欺诈用户或待检测用户为非欺诈用户;将待检测用户的行进轨迹和待检测用户数据分别与欺诈用户的行进轨迹和欺诈用户数据进行对比,确定待检测用户与欺诈用户之间的交集判定结果,交集判定结果用于指示待检测用户与欺诈用户无交集或待检测用户与欺诈用户有交集;基于待检测用户与欺诈用户之间的相似判定结果以及交集判定结果确定待检测用户的行为属性,并根据待检测用户的行为属性确定风险解决方案。
本申请实施例中,通过基于移动位置服务获取欺诈用户的欺诈用户数据,并将欺诈用户数据映射至网格化地图中,确定欺诈用户的网格点轨迹,依次利用预置神经网络和时空聚类模型对欺诈用户的网格点轨迹进行预测,确定欺诈用户集中区域。提高了对现有的欺诈用户名单进行欺诈用户集中区域预测的准确率,降低了被欺诈用户攻击的风险。
图5是本申请实施例提供的一种欺诈用户集中区域的预测设备的结构示意图,该欺诈用户集中区域的预测设备500可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上处理器(central processing units,CPU)510(例如,一个或一个以上处理器)和存储器520,一个或一个以上存储应用程序533或数据532的存储介质530(例如一个或一个以上海量存储设备)。其中,存储器520和存储介质530可以是短暂存储或持久存储。存储在存储介质530的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对欺诈用户集中区域的预测设备500中的一系列指令操作。更进一步地,处理器510可以设置为与存储介质530通信,在欺诈用户集中区域的预测设备500上执行存储介质530中的一系列指令操作。
欺诈用户集中区域的预测设备500还可以包括一个或一个以上电源540,一个或一个以上有线或无线网络接口550,一个或一个以上输入输出接口560,和/或,一个或一个以上操作系统531,例如Windows Serve,Mac OS X,Unix,Linux,FreeBSD等等。本领域技术人员可以理解,图5示出的欺诈用户集中区域的预测设备结构并不构成对欺诈用户集中区域的预测设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。
本申请还提供一种欺诈用户集中区域的预测设备,所述计算机设备包括存储器和处理器,存储器中存储有计算机可读指令,计算机可读指令被处理器执行时,使得处理器执行上述各实施例中的所述欺诈用户集中区域的预测方法的步骤。本申请还提供一种计算机可读存储介质,该计算机可读存储介质可以为非易失性计算机可读存储介质,也可以为易失性计算机可读存储介质,所述计算机可读存储介质中存储有指令,当所述指令在计算机上运行时,使得计算机执行所述欺诈用户集中区域的预测方法的步骤。
本申请所指区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。区块链(Blockchain),本质上是一个去中心化的数据库,是一串使用密码学方法相关联产生的数据块,数据块中包含了一批次网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。区块链可以包括区块链底层平台、平台产品服务层以及应用服务层等。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。
以上所述,以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。

Claims (20)

  1. 一种欺诈用户集中区域的预测方法,其中,所述欺诈用户集中区域的预测方法包括:
    获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;
    将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性;
    连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;
    基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
  2. 根据权利要求1所述的欺诈用户集中区域的预测方法,其中,所述获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹包括:
    获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,所述欺诈用户数据包括欺诈用户的位置信息、停留时刻以及停留时段;
    将每个欺诈用户的位置信息映射在初始网格化地图中,在所述初始网格化地图中确定每个欺诈用户的位置信息,得到网格化地图;
    筛选出每个欺诈用户的所述停留时段小于停留阈值的目标时段,在所述网格化地图中将所述目标时段对应的欺诈用户的位置信息剔除,在网格化地图中得到多个欺诈用户的网格点轨迹。
  3. 根据权利要求1所述的欺诈用户集中区域的预测方法,其中,所述将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性包括:
    分别将每个欺诈用户的网格点轨迹按照预置时刻间隔点划分为前期网格点轨迹和后期网格点轨迹;
    将多个欺诈用户中的每个欺诈用户的所述前期网格点轨迹分别输入至初始神经网络中,利用所述初始神经网络和预置关联数值对所述前期网格点轨迹进行训练,生成预置神经网络,所述初始神经网络用于对所述前期网格点轨迹进行训练;
    将所述后期网格点轨迹输入至所述预置神经网络中,利用所述预置神经网络对所述后期网格点轨迹进行预测,生成每个欺诈用户的预测轨迹。
  4. 根据权利要求2所述的欺诈用户集中区域的预测方法,其中,所述将多个欺诈用户中的每个欺诈用户的所述前期网格点轨迹输分别入至初始神经网络中,利用所述初始神经网络和预置关联数值对所述前期网格点轨迹进行训练,生成预置神经网络,所述初始神经网络用于对所述前期网格点轨迹进行训练包括:
    将多个欺诈用户中的每个欺诈用户的前期网格点轨迹划分为待训练网格点轨迹和待测试网格点轨迹;
    在多个欺诈用户中获取目标欺诈用户的所述目标待训练网格点轨迹的目标停留时刻,并按照所述目标停留时刻的时间顺序将所述目标欺诈用户的所述目标停留时刻和对应的目标待训练网格点轨迹输入至初始神经网络中;
    在所述初始神经网络中,利用预置关联数值确定所述目标待训练网格点轨迹之间的预测转化间隔数据;
    在所述初始神经网络中,通过所述预测转化间隔数据对所述目标待训练网格点轨迹进 行训练,并利用所述目标欺诈用户的目标待测试网格点轨迹对初始神经网络进行验证,得到基础神经网络;
    获取其他欺诈用户的其他待训练网格点轨迹的其他停留时刻,将所述其他停留时刻和对应的其他待训练网格点轨迹输入至所述基础神经网络中,对所述基础神经网络进行调整,生成预置神经网络,所述其他欺诈用户为多个欺诈用户中除所述目标欺诈用户之外的欺诈用户。
  5. 根据权利要求1所述的欺诈用户集中区域的预测方法,其中,所述连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围包括:
    连接每个欺诈用户的网络点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹;
    获取所述多个欺诈用户的行进轨迹中目标行进轨迹上的多个行进位置网格点,并将所述目标行进轨迹上的多个行进位置网格点输入至时空聚类模型中,利用所述时空聚类模型在多个行进位置网格点中随机选取一个目标行进位置网格点,判断所述目标行进位置网格点是否符合预置核心判定规则;
    若所述目标行进位置网格点符合预置核心判定规则,则将所述目标行进位置网格点确定为核心行进位置网格点,并在所述核心行进位置网格点上建立一个范围集合,若所述目标行进位置网格点不符合预置核心判定规则,则将所述目标行进位置网络点确定为外围行进位置网络点;
    根据所述预置核心判定规则遍历其他行进位置网格点,直到确定另一个核心行进位置网格点并建立另一个范围集合,所述其他行进位置网格点为多个行进位置网格点中除所述目标行进位置网格点之外的行进位置网格点;
    在多个行进位置网格点中,将与所述核心行进位置网格点呈密度直达或呈密度可达的行进位置网格点确定为关联行进位置网格点,并将所述关联行进位置网格点添加至对应的范围集合内,直到遍历目标行进轨迹上的所有行进位置网格点,将多个范围集合确定为目标行进轨迹对应的欺诈用户的行进范围;
    将其他行进轨迹的多个行进位置网格点输入至所述时空聚类模型中,确定所述其他行进轨迹对应的欺诈用户的行进范围,对所述目标行进轨迹对应的欺诈用户的行进范围和所述其他行进轨迹对应的欺诈用户的行进范围进行整合,得到每个欺诈用户的行进范围。
  6. 根据权利要求1-5中任一项所述的欺诈用户集中区域的预测方法,其中,在所述基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域之后,所述欺诈用户集中区域的预测方法还包括:
    获取待检测用户、待检测用户数据以及待检测用户的行进轨迹,将所述待检测用户数据以及所述待检测用户的行进轨迹分别与欺诈用户的欺诈用户集中区域以及欺诈用户的行进范围进行比对,确定所述待检测用户的行为属性,并根据所述待检测用户的行为属性确定风险解决方案。
  7. 根据权利要求6所述的欺诈用户集中区域的预测方法,其中,所述获取待检测用户、待检测用户数据以及待检测用户的行进轨迹,将所述待检测用户数据以及所述待检测用户的行进轨迹分别与欺诈用户的欺诈用户集中区域以及欺诈用户的行进范围进行比对,确定所述待检测用户的行为属性,并根据所述待检测用户的行为属性确定风险解决方案包括:
    获取待检测用户、待检测用户数据以及待检测用户的行进轨迹;
    将所述待检测用户的行进轨迹与欺诈用户集中区域进行比对,确定所述待检测用户与所述欺诈用户之间的相似判定结果,所述相似判定结果用于指示所述待检测用户为欺诈用户或所述待检测用户为非欺诈用户;
    将所述待检测用户的行进轨迹和待检测用户数据分别与欺诈用户的行进轨迹和欺诈用户数据进行对比,确定所述待检测用户与所述欺诈用户之间的交集判定结果,所述交集判定结果用于指示所述待检测用户与所述欺诈用户无交集或所述待检测用户与所述欺诈用户有交集;
    基于所述待检测用户与所述欺诈用户之间的所述相似判定结果以及所述交集判定结果确定待检测用户的行为属性,并根据所述待检测用户的行为属性确定风险解决方案。
  8. 一种欺诈用户集中区域的预测设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如下步骤:
    获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;
    将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性;
    连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;
    基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
  9. 根据权利要求8所述的欺诈用户集中区域的预测设备,其中,所述获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹包括:
    获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,所述欺诈用户数据包括欺诈用户的位置信息、停留时刻以及停留时段;
    将每个欺诈用户的位置信息映射在初始网格化地图中,在所述初始网格化地图中确定每个欺诈用户的位置信息,得到网格化地图;
    筛选出每个欺诈用户的所述停留时段小于停留阈值的目标时段,在所述网格化地图中将所述目标时段对应的欺诈用户的位置信息剔除,在网格化地图中得到多个欺诈用户的网格点轨迹。
  10. 根据权利要求8所述的欺诈用户集中区域的预测设备,其中,所述将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性包括:
    分别将每个欺诈用户的网格点轨迹按照预置时刻间隔点划分为前期网格点轨迹和后期网格点轨迹;
    将多个欺诈用户中的每个欺诈用户的所述前期网格点轨迹分别输入至初始神经网络中,利用所述初始神经网络和预置关联数值对所述前期网格点轨迹进行训练,生成预置神经网络,所述初始神经网络用于对所述前期网格点轨迹进行训练;
    将所述后期网格点轨迹输入至所述预置神经网络中,利用所述预置神经网络对所述后期网格点轨迹进行预测,生成每个欺诈用户的预测轨迹。
  11. 根据权利要求9所述的欺诈用户集中区域的预测设备,其中,所述将多个欺诈用户中的每个欺诈用户的所述前期网格点轨迹输分别入至初始神经网络中,利用所述初始神经网络和预置关联数值对所述前期网格点轨迹进行训练,生成预置神经网络,所述初始神经网络用于对所述前期网格点轨迹进行训练包括:
    将多个欺诈用户中的每个欺诈用户的前期网格点轨迹划分为待训练网格点轨迹和待测 试网格点轨迹;
    在多个欺诈用户中获取目标欺诈用户的所述目标待训练网格点轨迹的目标停留时刻,并按照所述目标停留时刻的时间顺序将所述目标欺诈用户的所述目标停留时刻和对应的目标待训练网格点轨迹输入至初始神经网络中;
    在所述初始神经网络中,利用预置关联数值确定所述目标待训练网格点轨迹之间的预测转化间隔数据;
    在所述初始神经网络中,通过所述预测转化间隔数据对所述目标待训练网格点轨迹进行训练,并利用所述目标欺诈用户的目标待测试网格点轨迹对初始神经网络进行验证,得到基础神经网络;
    获取其他欺诈用户的其他待训练网格点轨迹的其他停留时刻,将所述其他停留时刻和对应的其他待训练网格点轨迹输入至所述基础神经网络中,对所述基础神经网络进行调整,生成预置神经网络,所述其他欺诈用户为多个欺诈用户中除所述目标欺诈用户之外的欺诈用户。
  12. 根据权利要求8所述的欺诈用户集中区域的预测设备,其中,所述连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围包括:
    连接每个欺诈用户的网络点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹;
    获取所述多个欺诈用户的行进轨迹中目标行进轨迹上的多个行进位置网格点,并将所述目标行进轨迹上的多个行进位置网格点输入至时空聚类模型中,利用所述时空聚类模型在多个行进位置网格点中随机选取一个目标行进位置网格点,判断所述目标行进位置网格点是否符合预置核心判定规则;
    若所述目标行进位置网格点符合预置核心判定规则,则将所述目标行进位置网格点确定为核心行进位置网格点,并在所述核心行进位置网格点上建立一个范围集合,若所述目标行进位置网格点不符合预置核心判定规则,则将所述目标行进位置网络点确定为外围行进位置网络点;
    根据所述预置核心判定规则遍历其他行进位置网格点,直到确定另一个核心行进位置网格点并建立另一个范围集合,所述其他行进位置网格点为多个行进位置网格点中除所述目标行进位置网格点之外的行进位置网格点;
    在多个行进位置网格点中,将与所述核心行进位置网格点呈密度直达或呈密度可达的行进位置网格点确定为关联行进位置网格点,并将所述关联行进位置网格点添加至对应的范围集合内,直到遍历目标行进轨迹上的所有行进位置网格点,将多个范围集合确定为目标行进轨迹对应的欺诈用户的行进范围;
    将其他行进轨迹的多个行进位置网格点输入至所述时空聚类模型中,确定所述其他行进轨迹对应的欺诈用户的行进范围,对所述目标行进轨迹对应的欺诈用户的行进范围和所述其他行进轨迹对应的欺诈用户的行进范围进行整合,得到每个欺诈用户的行进范围。
  13. 根据权利要求8-12中任一项所述的欺诈用户集中区域的预测设备,其中,在所述基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域之后,所述欺诈用户集中区域的预测方法还包括:
    获取待检测用户、待检测用户数据以及待检测用户的行进轨迹,将所述待检测用户数据以及所述待检测用户的行进轨迹分别与欺诈用户的欺诈用户集中区域以及欺诈用户的行进范围进行比对,确定所述待检测用户的行为属性,并根据所述待检测用户的行为属性确定风险解决方案。
  14. 根据权利要求13所述的欺诈用户集中区域的预测设备,其中,所述获取待检测用 户、待检测用户数据以及待检测用户的行进轨迹,将所述待检测用户数据以及所述待检测用户的行进轨迹分别与欺诈用户的欺诈用户集中区域以及欺诈用户的行进范围进行比对,确定所述待检测用户的行为属性,并根据所述待检测用户的行为属性确定风险解决方案包括:
    获取待检测用户、待检测用户数据以及待检测用户的行进轨迹;
    将所述待检测用户的行进轨迹与欺诈用户集中区域进行比对,确定所述待检测用户与所述欺诈用户之间的相似判定结果,所述相似判定结果用于指示所述待检测用户为欺诈用户或所述待检测用户为非欺诈用户;
    将所述待检测用户的行进轨迹和待检测用户数据分别与欺诈用户的行进轨迹和欺诈用户数据进行对比,确定所述待检测用户与所述欺诈用户之间的交集判定结果,所述交集判定结果用于指示所述待检测用户与所述欺诈用户无交集或所述待检测用户与所述欺诈用户有交集;
    基于所述待检测用户与所述欺诈用户之间的所述相似判定结果以及所述交集判定结果确定待检测用户的行为属性,并根据所述待检测用户的行为属性确定风险解决方案。
  15. 一种计算机可读存储介质,所述计算机可读存储介质中存储计算机指令,当所述计算机指令在计算机上运行时,使得计算机执行如下步骤:
    获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;
    将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性;
    连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;
    基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
  16. 根据权利要求15所述的计算机可读存储介质,其中,所述获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹包括:
    获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,所述欺诈用户数据包括欺诈用户的位置信息、停留时刻以及停留时段;
    将每个欺诈用户的位置信息映射在初始网格化地图中,在所述初始网格化地图中确定每个欺诈用户的位置信息,得到网格化地图;
    筛选出每个欺诈用户的所述停留时段小于停留阈值的目标时段,在所述网格化地图中将所述目标时段对应的欺诈用户的位置信息剔除,在网格化地图中得到多个欺诈用户的网格点轨迹。
  17. 根据权利要求15所述的计算机可读存储介质,其中,所述将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性包括:
    分别将每个欺诈用户的网格点轨迹按照预置时刻间隔点划分为前期网格点轨迹和后期网格点轨迹;
    将多个欺诈用户中的每个欺诈用户的所述前期网格点轨迹分别输入至初始神经网络中,利用所述初始神经网络和预置关联数值对所述前期网格点轨迹进行训练,生成预置神经网络,所述初始神经网络用于对所述前期网格点轨迹进行训练;
    将所述后期网格点轨迹输入至所述预置神经网络中,利用所述预置神经网络对所述后期网格点轨迹进行预测,生成每个欺诈用户的预测轨迹。
  18. 根据权利要求16所述的计算机可读存储介质,其中,,所述将多个欺诈用户中的每个欺诈用户的所述前期网格点轨迹输分别入至初始神经网络中,利用所述初始神经网络和预置关联数值对所述前期网格点轨迹进行训练,生成预置神经网络,所述初始神经网络用于对所述前期网格点轨迹进行训练包括:
    将多个欺诈用户中的每个欺诈用户的前期网格点轨迹划分为待训练网格点轨迹和待测试网格点轨迹;
    在多个欺诈用户中获取目标欺诈用户的所述目标待训练网格点轨迹的目标停留时刻,并按照所述目标停留时刻的时间顺序将所述目标欺诈用户的所述目标停留时刻和对应的目标待训练网格点轨迹输入至初始神经网络中;
    在所述初始神经网络中,利用预置关联数值确定所述目标待训练网格点轨迹之间的预测转化间隔数据;
    在所述初始神经网络中,通过所述预测转化间隔数据对所述目标待训练网格点轨迹进行训练,并利用所述目标欺诈用户的目标待测试网格点轨迹对初始神经网络进行验证,得到基础神经网络;
    获取其他欺诈用户的其他待训练网格点轨迹的其他停留时刻,将所述其他停留时刻和对应的其他待训练网格点轨迹输入至所述基础神经网络中,对所述基础神经网络进行调整,生成预置神经网络,所述其他欺诈用户为多个欺诈用户中除所述目标欺诈用户之外的欺诈用户。
  19. 根据权利要求15所述的计算机可读存储介质,其中,所述连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围包括:
    连接每个欺诈用户的网络点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹;
    获取所述多个欺诈用户的行进轨迹中目标行进轨迹上的多个行进位置网格点,并将所述目标行进轨迹上的多个行进位置网格点输入至时空聚类模型中,利用所述时空聚类模型在多个行进位置网格点中随机选取一个目标行进位置网格点,判断所述目标行进位置网格点是否符合预置核心判定规则;
    若所述目标行进位置网格点符合预置核心判定规则,则将所述目标行进位置网格点确定为核心行进位置网格点,并在所述核心行进位置网格点上建立一个范围集合,若所述目标行进位置网格点不符合预置核心判定规则,则将所述目标行进位置网络点确定为外围行进位置网络点;
    根据所述预置核心判定规则遍历其他行进位置网格点,直到确定另一个核心行进位置网格点并建立另一个范围集合,所述其他行进位置网格点为多个行进位置网格点中除所述目标行进位置网格点之外的行进位置网格点;
    在多个行进位置网格点中,将与所述核心行进位置网格点呈密度直达或呈密度可达的行进位置网格点确定为关联行进位置网格点,并将所述关联行进位置网格点添加至对应的范围集合内,直到遍历目标行进轨迹上的所有行进位置网格点,将多个范围集合确定为目标行进轨迹对应的欺诈用户的行进范围;
    将其他行进轨迹的多个行进位置网格点输入至所述时空聚类模型中,确定所述其他行进轨迹对应的欺诈用户的行进范围,对所述目标行进轨迹对应的欺诈用户的行进范围和所述其他行进轨迹对应的欺诈用户的行进范围进行整合,得到每个欺诈用户的行进范围。
  20. 一种欺诈用户集中区域的预测装置,其中,所述欺诈用户集中区域的预测装置包 括:
    映射模块,用于获取欺诈用户名单,通过基于移动位置服务获取所述欺诈用户名单中每个欺诈用户的欺诈用户数据,并将每个欺诈用户数据映射至网格化地图中,得到多个欺诈用户的网格点轨迹;
    预测模块,用于将所述多个欺诈用户的网格点轨迹输入至预置神经网络中,基于所述预置神经网络和预置关联数值生成每个欺诈用户的预测轨迹,所述预置关联数值用于指示网格点轨迹之间的预测关联性;
    生成模块,用于连接每个欺诈用户的网格点轨迹和对应的预测轨迹,得到多个欺诈用户的行进轨迹,并将所述多个欺诈用户的行进轨迹输入至时空聚类模型中,生成每个欺诈用户的行进范围;
    确定模块,用于基于空间聚类模型对所述多个欺诈用户的行进范围进行聚类,确定欺诈用户集中区域。
PCT/CN2022/071480 2021-06-22 2022-01-12 欺诈用户集中区域的预测方法、装置、设备及存储介质 WO2022267455A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110691599.8 2021-06-22
CN202110691599.8A CN113256405B (zh) 2021-06-22 2021-06-22 欺诈用户集中区域的预测方法、装置、设备及存储介质

Publications (1)

Publication Number Publication Date
WO2022267455A1 true WO2022267455A1 (zh) 2022-12-29

Family

ID=77189070

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/071480 WO2022267455A1 (zh) 2021-06-22 2022-01-12 欺诈用户集中区域的预测方法、装置、设备及存储介质

Country Status (2)

Country Link
CN (1) CN113256405B (zh)
WO (1) WO2022267455A1 (zh)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113256405B (zh) * 2021-06-22 2021-10-12 平安科技(深圳)有限公司 欺诈用户集中区域的预测方法、装置、设备及存储介质
CN115100861B (zh) * 2022-06-22 2023-07-21 公安部交通管理科学研究所 一种酒驾车辆识别方法

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110225584A1 (en) * 2010-03-11 2011-09-15 International Business Machines Corporation Managing model building components of data analysis applications
CN104252527A (zh) * 2014-09-02 2014-12-31 百度在线网络技术(北京)有限公司 一种确定移动用户的常驻点信息的方法和装置
CN108074414A (zh) * 2017-12-19 2018-05-25 广州小鹏汽车科技有限公司 一种基于用户行为的常走路径交通信息提醒方法及系统
CN109816404A (zh) * 2019-01-28 2019-05-28 天津市国瑞数码安全系统股份有限公司 基于dbscan算法的电信诈骗团伙聚类方法及电信诈骗团伙聚类系统
CN110490608A (zh) * 2019-07-12 2019-11-22 招联消费金融有限公司 风险评估方法、装置、计算机设备和存储介质
CN110543543A (zh) * 2019-09-10 2019-12-06 苏州大学 一种基于多粒度神经网络的用户移动行为预测方法及装置
CN110856115A (zh) * 2019-11-28 2020-02-28 北京明略软件系统有限公司 一种诈骗组织犯案区域的识别方法、识别装置及电子设备
CN112866192A (zh) * 2020-12-30 2021-05-28 绿盟科技集团股份有限公司 一种识别异常聚集行为的方法及装置
CN113256405A (zh) * 2021-06-22 2021-08-13 平安科技(深圳)有限公司 欺诈用户集中区域的预测方法、装置、设备及存储介质

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190147450A1 (en) * 2012-06-19 2019-05-16 Ondot System Real-time enrichment of raw merchant data from iso transactions on data communication networks for preventing false declines in fraud prevention systems
CN109871445A (zh) * 2019-01-23 2019-06-11 平安科技(深圳)有限公司 欺诈用户识别方法、装置、计算机设备和存储介质
CN111444243B (zh) * 2020-03-31 2023-08-29 北京信息科技大学 一种基于轨迹信息的用户行为预测画像方法及系统

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110225584A1 (en) * 2010-03-11 2011-09-15 International Business Machines Corporation Managing model building components of data analysis applications
CN104252527A (zh) * 2014-09-02 2014-12-31 百度在线网络技术(北京)有限公司 一种确定移动用户的常驻点信息的方法和装置
CN108074414A (zh) * 2017-12-19 2018-05-25 广州小鹏汽车科技有限公司 一种基于用户行为的常走路径交通信息提醒方法及系统
CN109816404A (zh) * 2019-01-28 2019-05-28 天津市国瑞数码安全系统股份有限公司 基于dbscan算法的电信诈骗团伙聚类方法及电信诈骗团伙聚类系统
CN110490608A (zh) * 2019-07-12 2019-11-22 招联消费金融有限公司 风险评估方法、装置、计算机设备和存储介质
CN110543543A (zh) * 2019-09-10 2019-12-06 苏州大学 一种基于多粒度神经网络的用户移动行为预测方法及装置
CN110856115A (zh) * 2019-11-28 2020-02-28 北京明略软件系统有限公司 一种诈骗组织犯案区域的识别方法、识别装置及电子设备
CN112866192A (zh) * 2020-12-30 2021-05-28 绿盟科技集团股份有限公司 一种识别异常聚集行为的方法及装置
CN113256405A (zh) * 2021-06-22 2021-08-13 平安科技(深圳)有限公司 欺诈用户集中区域的预测方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN113256405A (zh) 2021-08-13
CN113256405B (zh) 2021-10-12

Similar Documents

Publication Publication Date Title
Cuttone et al. Understanding predictability and exploration in human mobility
Tao et al. Spatial cluster detection in spatial flow data
US10831827B2 (en) Automatic extraction of user mobility behaviors and interaction preferences using spatio-temporal data
Zhao et al. Understanding the bias of call detail records in human mobility research
KR102097426B1 (ko) 피셀 알고리즘을 이용하여 실시간 유동 인구 데이터의 제공이 가능한 유동인구 정보 분석 방법
CN111756848B (zh) 移动边缘环境下基于联邦学习和移动感知的QoS优化方法
Zheng et al. Detecting collective anomalies from multiple spatio-temporal datasets across different domains
WO2022267455A1 (zh) 欺诈用户集中区域的预测方法、装置、设备及存储介质
CN111614690B (zh) 一种异常行为检测方法及装置
Frias-Martinez et al. Estimation of urban commuting patterns using cellphone network data
US20190329788A1 (en) Road condition status prediction method, device, and server, and storage medium
WO2017202226A1 (zh) 人群流量的确定方法及装置
CN107730115A (zh) 一种基于ahp的多源位置轨迹数据的质量评估方法
WO2016175940A1 (en) Determining semantic place names from location reports
CN111935820A (zh) 基于无线网络的定位实现方法及相关设备
CN118171035B (zh) 人流热力的预警方法及装置、电子设备和存储介质
Zhang et al. Comprehensive IoT SIM card anomaly detection algorithm based on big data
CN110445772B (zh) 一种基于主机关系的互联网主机扫描方法及系统
Chen et al. A travel mode identification framework based on cellular signaling data
CN113516302B (zh) 业务风险分析方法、装置、设备及存储介质
CN113225674A (zh) 一种指纹定位方法、系统、服务器和存储介质
JP2019186693A (ja) 情報生成装置、プログラム及び情報生成方法
Liu et al. Estimation of travel flux between urban blocks by combining spatio-temporal and purpose correlation
Aljeri Big data-driven approach to analyzing spatio-temporal mobility pattern
JP6616860B2 (ja) 情報生成装置、プログラム及び情報生成方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22826966

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22826966

Country of ref document: EP

Kind code of ref document: A1