阅读说明：本技术 基于大数据的风险行为分析方法及系统 (Risk behavior analysis method and system based on big data ) 是由 杨建国 于 2021-09-18 设计创作，主要内容包括：本发明实施例提供的基于大数据的风险行为分析方法及系统,首先基于在业务申请服务流程中获得的涵盖欺诈风险向量的欺诈事件数据,抽取存在关联的多个欺诈行为节点数据,然后确定所述欺诈行为节点数据对应的欺诈定位向量,接着如果所述欺诈定位向量匹配目标要求,确定与所述存在关联的多个欺诈行为节点数据对应的欺诈风险行为,最后基于所述欺诈风险行为以及所述业务申请流程的欺诈事件数据,调取关联于所述欺诈风险行为以及所述欺诈风险向量的风险拦截指令集,并通过所述业务申请流程对应的拦截规则对所述欺诈定位向量进行拦截。如此,可针对欺诈风险进行智能预测分析,并由此进行拦截处理,可以提高业务运行的可靠性。(According to the risk behavior analysis method and system based on big data provided by the embodiment of the invention, firstly, a plurality of fraud behavior node data with correlation are extracted based on fraud event data which is obtained in a service flow of a service application and covers fraud risk vectors, then, fraud positioning vectors corresponding to the fraud behavior node data are determined, then, if the fraud positioning vectors are matched with target requirements, fraud risk behaviors corresponding to the fraud behavior node data with correlation are determined, and finally, based on the fraud risk behaviors and the fraud event data of the service application flow, risk interception instruction sets related to the fraud risk behaviors and the fraud risk vectors are called, and the fraud positioning vectors are intercepted through an interception rule corresponding to the service application flow. Therefore, the intelligent prediction analysis can be carried out aiming at the fraud risk, the interception processing is carried out, and the reliability of the service operation can be improved.)

1. A risk behavior analysis method based on big data is characterized by comprising the following steps:

extracting a plurality of associated fraud behavior node data based on fraud event data which is obtained in a service flow of a service application and covers fraud risk vectors;

determining a fraud positioning vector corresponding to the fraud node data based on the associated fraud node data, wherein the fraud positioning vector represents the relationship characteristics between the fraud risk vector and a plurality of set fraud positioning nodes;

and if the fraud positioning vector is matched with a target requirement, determining fraud risk behaviors corresponding to the plurality of fraud behavior node data with the association, calling risk interception instruction sets associated with the fraud risk behaviors and the fraud risk vector based on the fraud risk behaviors and fraud event data of the business application flow, and intercepting the fraud positioning vector through an interception rule corresponding to the business application flow.

2. The method according to claim 1, wherein the determining a fraud location vector corresponding to the fraud node data based on the plurality of fraud node data associated with the presence comprises:

and inputting the fraudulent conduct node data into an AI prediction model, and predicting a fraudulent positioning vector corresponding to the fraudulent conduct node data through the AI prediction model.

3. The method of claim 1, wherein determining fraud risk behavior corresponding to the plurality of fraud node data associated with the presence if the fraud positioning vector matches a target requirement comprises:

if the fraud positioning vector is matched with the target requirement, determining a fraud migration segment matrix corresponding to the fraud positioning vector;

and matching fraud risk behaviors corresponding to the fraud migration segment matrix from a preset configured feature matching library based on the fraud migration segment matrix.

4. The method according to claim 3, wherein matching fraud risk behavior corresponding to the fraud migration segment matrix from a pre-configured feature matching library based on the fraud migration segment matrix comprises:

determining a plurality of risk behavior components corresponding to the fraud migration segment matrix from the feature matching library based on the fraud migration segment matrix;

confirming the fraud positioning vector by the target business server through the plurality of risk behavior components;

and determining the target fraud risk behavior based on the confirmation indication information of the target business server aiming at the plurality of risk behavior components.

5. The method of claim 1, further comprising:

and generating interception execution information corresponding to the risk interception instruction set based on the risk interception instruction set, and activating and executing the interception execution information and the risk interception instruction set.

6. A big-data-based risk behavior analysis system, comprising:

the extraction module is used for extracting a plurality of fraud behavior node data with correlation based on the fraud event data which is obtained in the service flow of the service application and covers the fraud risk vector;

the determining module is used for determining a fraud positioning vector corresponding to the fraud node data based on the associated fraud node data, wherein the fraud positioning vector represents the relationship characteristics between the fraud risk vector and a plurality of set fraud positioning nodes;

and the interception module is used for determining fraud risk behaviors corresponding to the associated fraud behavior node data if the fraud positioning vector is matched with a target requirement, calling a risk interception instruction set associated with the fraud risk behaviors and the fraud risk vector based on the fraud risk behaviors and fraud event data of the service application flow, and intercepting the fraud positioning vector through an interception rule corresponding to the service application flow.

7. The system of claim 6, wherein the determination module is specifically configured to:

and inputting the fraudulent conduct node data into an AI prediction model, and predicting a fraudulent positioning vector corresponding to the fraudulent conduct node data through the AI prediction model.

8. The system of claim 6, wherein the interception module is specifically configured to:

if the fraud positioning vector is matched with the target requirement, determining a fraud migration segment matrix corresponding to the fraud positioning vector; and matching fraud risk behaviors corresponding to the fraud migration segment matrix from a preset configured feature matching library based on the fraud migration segment matrix.

9. The system of claim 8, wherein the interception module is further specifically configured to:

determining a plurality of risk behavior components corresponding to the fraud migration segment matrix from the feature matching library based on the fraud migration segment matrix;

confirming the fraud positioning vector by the target business server through the plurality of risk behavior components;

and determining the target fraud risk behavior based on the confirmation indication information of the target business server aiming at the plurality of risk behavior components.

10. The system of claim 6, further comprising:

and the execution module is used for generating interception execution information corresponding to the risk interception instruction set based on the risk interception instruction set, and activating and executing the interception execution information and the risk interception instruction set.

Technical Field

The invention relates to the technical field of big data, in particular to a risk behavior analysis method and system based on big data.

Background

How to carry out intelligent prediction analysis aiming at fraud risks and carry out interception processing, which can improve the reliability of service operation, is a technical problem to be solved urgently.

Disclosure of Invention

Based on the above problems, an embodiment of the present invention provides a risk behavior analysis method based on big data, including:

extracting a plurality of associated fraud behavior node data based on fraud event data which is obtained in a service flow of a service application and covers fraud risk vectors;

determining a fraud positioning vector corresponding to the fraud node data based on the associated fraud node data, wherein the fraud positioning vector represents the relationship characteristics between the fraud risk vector and a plurality of set fraud positioning nodes;

determining fraud risk behaviors corresponding to the plurality of fraud behavior node data associated with the existence if the fraud positioning vector matches a target requirement; and calling a risk interception instruction set related to the fraud risk behaviors and the fraud risk vectors based on the fraud risk behaviors and the fraud event data of the service application flow, and intercepting the fraud positioning vectors through an interception rule corresponding to the service application flow.

Determining a fraud positioning vector corresponding to the fraud node data based on the plurality of fraud node data associated with the existence, including:

and inputting the fraudulent conduct node data into an AI prediction model, and predicting a fraudulent positioning vector corresponding to the fraudulent conduct node data through the AI prediction model.

Wherein determining fraud risk behavior corresponding to the plurality of fraud node data associated with the presence if the fraud positioning vector matches a target requirement comprises:

if the fraud positioning vector is matched with the target requirement, determining a fraud migration segment matrix corresponding to the fraud positioning vector;

and matching fraud risk behaviors corresponding to the fraud migration segment matrix from a preset configured feature matching library based on the fraud migration segment matrix.

Matching fraud risk behaviors corresponding to the fraud migration segment matrix from a preset configured feature matching library based on the fraud migration segment matrix, wherein the fraud risk behaviors comprise:

determining a plurality of risk behavior components corresponding to the fraud migration segment matrix from the feature matching library based on the fraud migration segment matrix;

confirming the fraud positioning vector by the target business server through the plurality of risk behavior components;

and determining the target fraud risk behavior based on the confirmation indication information of the target business server aiming at the plurality of risk behavior components.

Wherein the method further comprises:

and generating interception execution information corresponding to the risk interception instruction set based on the risk interception instruction set, and activating and executing the interception execution information and the risk interception instruction set.

The invention also provides a risk behavior analysis system based on big data, which comprises:

the extraction module is used for extracting a plurality of fraud behavior node data with correlation based on the fraud event data which is obtained in the service flow of the service application and covers the fraud risk vector;

the determining module is used for determining a fraud positioning vector corresponding to the fraud node data based on the associated fraud node data, wherein the fraud positioning vector represents the relationship characteristics between the fraud risk vector and a plurality of set fraud positioning nodes;

an interception module, configured to determine a fraud risk behavior corresponding to the plurality of fraud behavior node data associated with the existence if the fraud positioning vector matches a target requirement; and calling a risk interception instruction set related to the fraud risk behaviors and the fraud risk vectors based on the fraud risk behaviors and the fraud event data of the service application flow, and intercepting the fraud positioning vectors through an interception rule corresponding to the service application flow.

Wherein the determining module is specifically configured to:

and inputting the fraudulent conduct node data into an AI prediction model, and predicting a fraudulent positioning vector corresponding to the fraudulent conduct node data through the AI prediction model.

Wherein the intercepting module is specifically configured to:

if the fraud positioning vector is matched with the target requirement, determining a fraud migration segment matrix corresponding to the fraud positioning vector; and matching fraud risk behaviors corresponding to the fraud migration segment matrix from a preset configured feature matching library based on the fraud migration segment matrix.

Wherein the intercepting module is further specifically configured to:

determining a plurality of risk behavior components corresponding to the fraud migration segment matrix from the feature matching library based on the fraud migration segment matrix;

confirming the fraud positioning vector by the target business server through the plurality of risk behavior components;

and determining the target fraud risk behavior based on the confirmation indication information of the target business server aiming at the plurality of risk behavior components.

The system further comprises:

and the execution module is used for generating interception execution information corresponding to the risk interception instruction set based on the risk interception instruction set, and activating and executing the interception execution information and the risk interception instruction set.

To sum up, in the risk analysis method and system based on big data provided in the embodiments of the present invention, first, based on the fraud event data covering the fraud risk vector obtained in the service flow of the service application, a plurality of relevant fraud node data are extracted, then, based on the plurality of relevant fraud node data, a fraud positioning vector corresponding to the fraud node data is determined, where the fraud positioning vector represents a relationship characteristic between the fraud risk vector and a plurality of set fraud positioning nodes, then, if the fraud positioning vector matches a target requirement, a fraud risk behavior corresponding to the plurality of relevant fraud node data is determined, and finally, based on the fraud risk behavior and the fraud event data of the service application flow, a risk interception instruction set associated with the fraud risk behavior and the fraud risk vector is retrieved, and intercepting the fraud positioning vector through an interception rule corresponding to the business application flow. Therefore, the reliability of service operation can be improved by carrying out intelligent prediction analysis on the fraud risk vector and carrying out interception processing on the fraud risk vector.

In order to make the aforementioned objects, features and advantages of the embodiments of the present invention comprehensible, embodiments accompanied with figures are described in detail below.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings are only some embodiments of the present invention, and therefore should not be considered as limiting the scope, and it is obvious for those skilled in the art that other related drawings can be obtained based on these drawings without inventive efforts.

FIG. 1 is a schematic flow chart of a big data-based risk behavior analysis method according to an embodiment of the present invention;

fig. 2 is a functional block diagram of a big data-based risk behavior analysis system according to an embodiment of the present invention.

Detailed Description

In order to make the technical solutions of the present invention better understood by the scholars in the technical field, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Fig. 1 is a schematic flow diagram of a risk behavior analysis method based on big data according to an embodiment of the present invention, where the abnormal behavior intercepting method may be executed by a monitoring server for providing a business application flow service, and executed by a background server for providing the business application flow service.

A server may include one or more processors, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. A server may also include any storage medium for storing any kind of information, such as code, settings, data, etc. For example, and without limitation, the storage medium may include any one or more of the following in combination: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any storage medium may use any technology to store information. Further, any storage medium may provide volatile or non-volatile retention of information. Further, any storage medium may represent a fixed or removable component of a server. In one case, the server may perform any of the operations of the associated instructions when the processor executes the corresponding instructions stored in any storage medium or combination of storage media. The server also comprises one or more drive units for interacting with any storage medium, such as a hard disk drive unit, an optical disk drive unit, etc.

The server also includes input/output (I/O) for receiving various inputs (via the input unit) and for providing various outputs (via the output unit)). One particular output mechanism may include a presentation device and a corresponding Graphical User Interface (GUI). The server may also include one or more network interfaces for exchanging data with other devices via one or more communication units. One or more communication buses couple the above-described components together.

The communication unit may be implemented in any manner, e.g., over a local area network, a wide area network (e.g., the internet), a point-to-point connection, etc., or any combination thereof. The communication units may comprise any combination of hardwired links, wireless links, routers, gateway functions, etc., governed by any protocol or combination of protocols.

The detailed steps of the big data based risk behavior analysis method are introduced as follows.

Step 100, extracting a plurality of fraud node data associated with the fraud event based on the fraud event data covering the fraud risk vector obtained in the service application flow.

Step 200, determining a fraud positioning vector corresponding to the fraud node data based on the associated fraud node data, wherein the fraud positioning vector represents the relationship characteristics between the fraud risk vector and a plurality of set fraud positioning nodes.

Step 300, if the fraud positioning vector matches the target requirement, determining fraud risk behaviors corresponding to the plurality of fraud behavior node data associated with the existence; and calling a risk interception instruction set related to the fraud risk behaviors and the fraud risk vectors based on the fraud risk behaviors and the fraud event data of the service application flow, and intercepting the fraud positioning vectors through an interception rule corresponding to the service application flow.

In one possible implementation manner, for step 200, the determining, based on the plurality of fraud node data associated with the existence, a fraud positioning vector corresponding to the fraud node data includes:

and inputting the fraudulent conduct node data into an AI prediction model, and predicting a fraudulent positioning vector corresponding to the fraudulent conduct node data through the AI prediction model.

In one possible implementation, for step 300, if the fraud location vector matches a target requirement, determining fraud risk behaviors corresponding to the plurality of fraud node data associated with the presence includes:

if the fraud positioning vector is matched with the target requirement, determining a fraud migration segment matrix corresponding to the fraud positioning vector; and matching fraud risk behaviors corresponding to the fraud migration segment matrix from a preset configured feature matching library based on the fraud migration segment matrix.

In one possible implementation, for step 300, matching fraud risk behaviors corresponding to the fraud migration segment matrix from a feature matching library based on the fraud migration segment matrix includes:

determining a plurality of risk behavior components corresponding to the fraud migration segment matrix from the feature matching library based on the fraud migration segment matrix;

confirming the fraud positioning vector by the target business server through the plurality of risk behavior components;

and determining the target fraud risk behavior based on the confirmation indication information of the target business server aiming at the plurality of risk behavior components.

In a possible implementation manner, the method according to this embodiment further includes:

and generating interception execution information corresponding to the risk interception instruction set based on the risk interception instruction set, and activating and executing the interception execution information and the risk interception instruction set.

Fig. 2 is a functional block diagram of an abnormal behavior intercepting system according to an embodiment of the present invention, where functions implemented by the abnormal behavior intercepting system may correspond to steps executed by the foregoing method. The abnormal behavior intercepting system may be understood as the server or a processor of the server, or may be understood as a component that is independent from the server or the processor and implements the functions of the present invention under the control of the server, as shown in fig. 2, and the functions of each functional module of the abnormal behavior intercepting system are described in detail below.

An extraction module 210, configured to extract, based on fraud event data that covers a fraud risk vector and is obtained in a service flow of a service application, a plurality of relevant fraud behavior node data;

a determining module 220, configured to determine, based on the associated multiple fraudulent conduct node data, a fraudulent location vector corresponding to the fraudulent conduct node data, where the fraudulent location vector represents a relationship feature between the fraud risk vector and multiple set fraudulent location nodes;

an intercepting module 230, configured to determine a fraud risk behavior corresponding to the plurality of fraud node data associated with the existence if the fraud positioning vector matches a target requirement; and calling a risk interception instruction set related to the fraud risk behaviors and the fraud risk vectors based on the fraud risk behaviors and the fraud event data of the service application flow, and intercepting the fraud positioning vectors through an interception rule corresponding to the service application flow.

In a possible implementation manner, the determining module is specifically configured to:

and inputting the fraudulent conduct node data into an AI prediction model, and predicting a fraudulent positioning vector corresponding to the fraudulent conduct node data through the AI prediction model.

In a possible implementation manner, the intercepting module is specifically configured to:

if the fraud positioning vector is matched with the target requirement, determining a fraud migration segment matrix corresponding to the fraud positioning vector; and matching fraud risk behaviors corresponding to the fraud migration segment matrix from a preset configured feature matching library based on the fraud migration segment matrix.

In a possible implementation manner, the intercepting module is specifically further configured to:

determining a plurality of risk behavior components corresponding to the fraud migration segment matrix from the feature matching library based on the fraud migration segment matrix;

confirming the fraud positioning vector by the target business server through the plurality of risk behavior components;

and determining the target fraud risk behavior based on the confirmation indication information of the target business server aiming at the plurality of risk behavior components.

In one possible embodiment, the system further comprises:

and the execution module 240 is configured to generate interception execution information corresponding to the risk interception instruction set based on the risk interception instruction set, and activate and execute the interception execution information and the risk interception instruction set.

To sum up, in the risk analysis method and system based on big data provided in the embodiments of the present invention, first, based on the fraud event data covering the fraud risk vector obtained in the service flow of the service application, a plurality of relevant fraud node data are extracted, then, based on the plurality of relevant fraud node data, a fraud positioning vector corresponding to the fraud node data is determined, where the fraud positioning vector represents a relationship characteristic between the fraud risk vector and a plurality of set fraud positioning nodes, then, if the fraud positioning vector matches a target requirement, a fraud risk behavior corresponding to the plurality of relevant fraud node data is determined, and finally, based on the fraud risk behavior and the fraud event data of the service application flow, a risk interception instruction set associated with the fraud risk behavior and the fraud risk vector is retrieved, and intercepting the fraud positioning vector through an interception rule corresponding to the business application flow. Therefore, the reliability of service operation can be improved by carrying out intelligent prediction analysis on the fraud risk vector and carrying out interception processing on the fraud risk vector. It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

The functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

Alternatively, all or part of the implementation may be in software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, or data center to another website site, computer, or data center by wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that is integrated over one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any drawing credit or debit acknowledgement in the claims should not be construed as limiting the claim concerned.