CN111325550A - Method and device for identifying fraudulent transaction behaviors - Google Patents
Method and device for identifying fraudulent transaction behaviors Download PDFInfo
- Publication number
- CN111325550A CN111325550A CN201811528230.XA CN201811528230A CN111325550A CN 111325550 A CN111325550 A CN 111325550A CN 201811528230 A CN201811528230 A CN 201811528230A CN 111325550 A CN111325550 A CN 111325550A
- Authority
- CN
- China
- Prior art keywords
- behavior
- recognition
- identification
- service
- classification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006399 behavior Effects 0.000 title claims abstract description 185
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000012549 training Methods 0.000 claims description 25
- 238000007477 logistic regression Methods 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 11
- 238000012706 support-vector machine Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 5
- 230000000694 effects Effects 0.000 claims description 3
- 238000005457 optimization Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000003062 neural network model Methods 0.000 description 4
- 238000007418 data mining Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002035 prolonged effect Effects 0.000 description 2
- 210000002268 wool Anatomy 0.000 description 2
- 208000012260 Accidental injury Diseases 0.000 description 1
- 238000012935 Averaging Methods 0.000 description 1
- 101000779615 Homo sapiens ALX homeobox protein 1 Proteins 0.000 description 1
- 101000830933 Homo sapiens TNF receptor-associated factor 4 Proteins 0.000 description 1
- 102100024809 TNF receptor-associated factor 4 Human genes 0.000 description 1
- 238000010224 classification analysis Methods 0.000 description 1
- 238000013145 classification model Methods 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000000611 regression analysis Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2411—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Economics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Development Economics (AREA)
- General Engineering & Computer Science (AREA)
- Marketing (AREA)
- Artificial Intelligence (AREA)
- Technology Law (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The embodiment of the invention provides a method and a device for identifying fraudulent transaction behaviors, wherein the method comprises the following steps: aiming at any business classification, respectively inputting the characteristic behavior data of the user to be detected into a plurality of behavior recognition models corresponding to the business classification, and acquiring a candidate recognition result output by each behavior recognition model; acquiring a recognition result under the service classification based on the candidate recognition result output by each behavior recognition model; and acquiring a comprehensive identification result based on the identification result under each service type. The method and the device provided by the embodiment of the invention slow down the problems of overfitting and generalization of a single model, prolong the life cycle of the model and improve the accuracy of behavior recognition. In addition, the comprehensive identification result is obtained based on the identification results under a plurality of service types, so that the multi-industry fraud behaviors are effectively covered, the fields and behaviors which are easy to generate fraud are comprehensively excavated, and the optimization of service vulnerabilities can be guided.
Description
Technical Field
The embodiment of the invention relates to the technical field of internet fraud behavior identification, in particular to a method and a device for identifying fraudulent transaction behaviors.
Background
With the development of technology and the intervention of capital, the internet and mobile internet have been rapidly developed. While the business is rapidly developed, the business loophole also induces the wool party to carry out fraudulent trading behaviors. Various anti-fraud techniques have also been developed vigorously to strike a woolen party and maintain market order.
In terms of business dimension, the anti-fraud technology can be subdivided into credit card application anti-fraud, credit application anti-fraud, payment anti-fraud, transaction anti-fraud, bill-swiping anti-fraud, merchant anti-fraud, insider anti-fraud and other subdivided products. In terms of institution dimensions, anti-fraud techniques are distributed in financial institutions such as large and small banks, third-party payment institutions, various consumer financial companies, small credit institutions, insurance, securities and the like, and non-financial institutions such as large e-commerce platforms, express companies, game platforms, live broadcast platforms, small video platforms, taxi taking platforms, take-out platforms and the like.
The current fraud transaction behavior identification technology generally adopts a list of determined fraud as a guide, collectable characteristic behavior data as input, and utilizes a data mining algorithm (such as a decision tree, logistic regression, naive Bayesian algorithm, and the like) to construct a prediction fraud model, and scores all users according to a model rule to obtain a fraud list. However, because the service level is single, the cheating behaviors of other services cannot be covered, and the mining algorithm has the problems of fitting degree and generalization capability, and is not enough to deal with the cheating behaviors of various ends of the wool party, and the 'accidental injury' to normal users is serious in some cases.
Disclosure of Invention
The embodiment of the invention provides a method and a device for identifying fraudulent transaction behaviors, which are used for solving the problems of insufficient comprehensiveness and accuracy caused by single service level and poor generalization capability of the conventional anti-fraudulent technology.
In a first aspect, an embodiment of the present invention provides a method for identifying fraudulent transaction behaviors, including:
aiming at any business classification, respectively inputting the characteristic behavior data of a user to be tested into a plurality of behavior recognition models corresponding to the business classification, and acquiring a candidate recognition result output by each behavior recognition model; the behavior recognition model is obtained by training based on sample user characteristic behavior data and a sample recognition result;
acquiring an identification result under any service classification based on the candidate identification result output by each behavior identification model;
and acquiring a comprehensive identification result based on the identification result under each service type.
In a second aspect, an embodiment of the present invention provides a fraudulent transaction behavior identification device, including:
the model identification unit is used for respectively inputting the characteristic behavior data of the user to be detected into a plurality of behavior identification models corresponding to any business classification aiming at any business classification and acquiring a candidate identification result output by each behavior identification model; the behavior recognition model is obtained by training based on sample user characteristic behavior data and a sample recognition result;
a service identification unit, configured to obtain an identification result in any service classification based on the candidate identification result output by each behavior identification model;
and the comprehensive identification unit is used for acquiring a comprehensive identification result based on the identification result under each service type.
In a third aspect, an embodiment of the present invention provides an electronic device, including a processor, a communication interface, a memory, and a bus, where the processor and the communication interface, the memory complete communication with each other through the bus, and the processor may call a logic instruction in the memory to perform the steps of the method provided in the first aspect.
In a fourth aspect, an embodiment of the present invention provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the method as provided in the first aspect.
According to the fraud transaction behavior identification method and device provided by the embodiment of the invention, the identification result under single service classification is obtained based on the candidate identification result output by each behavior identification model, so that the problems of overfitting and generalization of the single model are solved, the life cycle of the model is prolonged, and the accuracy of behavior identification is improved. In addition, the comprehensive identification result is obtained based on the identification results under a plurality of service types, so that the multi-industry fraud behaviors are effectively covered, the fields and behaviors which are easy to generate fraud are comprehensively excavated, and the optimization of service vulnerabilities can be guided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a fraudulent transaction behavior identification method according to an embodiment of the present invention;
fig. 2 is a flow chart illustrating a method for identifying fraudulent transaction activities according to another embodiment of the present invention;
fig. 3 is a schematic structural diagram of a fraudulent transaction behavior identification device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Aiming at the problems of single service level and poor generalization capability of the existing anti-fraud technology, which cause insufficient comprehensiveness and accuracy, the embodiment of the invention provides a fraud transaction behavior identification method. Fig. 1 is a schematic flow chart of a fraudulent transaction behavior identification method according to an embodiment of the present invention, as shown in fig. 1, the method includes:
110, aiming at any business classification, respectively inputting the characteristic behavior data of the user to be detected into a plurality of behavior recognition models corresponding to the business classification, and acquiring a candidate recognition result output by each behavior recognition model; the behavior recognition model is obtained by training based on the sample user characteristic behavior data and the sample recognition result.
Specifically, the service classification is a classification obtained by classifying fraudulent behaviors based on different service dimensions, and the service classification may be various. Such as e-commerce fraud, internet financial fraud, operator fraud, credit fraud, express fraud, and gaming fraud, embodiments of the present invention do not specifically limit the specific types and amounts of traffic classifications. The characteristic behavior data of the user to be tested is the characteristic behavior data of the user to be tested and is used as a recognition basis for carrying out fraud transaction recognition, and the characteristic behavior data can be a call condition, a flow using behavior or an internet surfing behavior and the like. The candidate recognition result is a recognition result obtained by the behavior recognition model based on the characteristic behavior data of the user to be detected, the candidate recognition result is used for identifying whether the user to be detected has the fraudulent transaction behavior, the candidate recognition result can be a normal behavior or the fraudulent behavior, and can also be the probability that the user to be detected has the fraudulent transaction behavior.
Here, there are a plurality of service classifications, each corresponding to a plurality of behavior recognition models, and each behavior recognition model outputs a candidate recognition result based on input characteristic behavior data of the user to be tested. For any service classification, the multiple behavior recognition models under the service classification may be obtained by training based on different sample user characteristic behavior data, may also be obtained by training based on different neural network models or machine learning algorithms, and may also be obtained by training based on different sample user characteristic behavior data and different neural network models or machine learning algorithms, which is not specifically limited in this embodiment of the present invention.
In addition, before step 110 is executed, the behavior recognition model may be obtained by training in advance, and specifically, the behavior recognition model may be obtained by training in the following manner: firstly, collecting a large amount of sample user characteristic behavior data and sample identification results; the sample user characteristic behavior data correspond to the sample identification results one by one, and the sample identification results are preset and used for representing whether the sample user obtained by analyzing the corresponding sample user characteristic behavior data has fraud transaction behaviors or not. And training the initial model based on the sample user characteristic behavior data and the sample recognition result, thereby obtaining a behavior recognition model. The initial model may be a single neural network model or a combination of a plurality of neural network models, and the embodiment of the present invention does not specifically limit the type and structure of the initial model.
And 120, aiming at any business classification, acquiring a recognition result under the business classification based on the candidate recognition result output by each behavior recognition model.
Specifically, for any service classification, based on a plurality of candidate recognition results output by a plurality of behavior recognition models corresponding to the service classification, a recognition result under the service classification is obtained. Here, the recognition result in the service classification is obtained by summarizing and analyzing a plurality of candidate recognition results, and the recognition result in the service classification may be obtained by weighting the plurality of candidate recognition results, or by using a method of voting by voting, or by comparing an average of the plurality of candidate recognition results with a preset threshold, which is not specifically limited in the embodiment of the present invention.
And 130, acquiring a comprehensive identification result based on the identification result under each service type.
Specifically, steps 110 and 120 are performed for each traffic class to obtain the recognition result for each traffic type. After the recognition result under each service type is obtained, the recognition results under each service type are summarized and analyzed to obtain a comprehensive recognition result, namely a comprehensive recognition result, which integrates all the service types. Here, the comprehensive identification result may be obtained by weighting the identification result under each service type, or by using a method of voting for majority, or by averaging the identification results under each service type and comparing the result with a preset threshold, which is not specifically limited in the embodiment of the present invention.
According to the method provided by the embodiment of the invention, the recognition result under the single service classification is obtained based on the candidate recognition result output by each behavior recognition model, so that the problems of overfitting and generalization of the single model are solved, the life cycle of the model is prolonged, and the accuracy of behavior recognition is improved. In addition, the comprehensive identification result is obtained based on the identification results under a plurality of service types, so that the multi-industry fraud behaviors are effectively covered, the fields and behaviors which are easy to generate fraud are comprehensively excavated, and the optimization of service vulnerabilities can be guided.
Based on any of the above embodiments, the service classification includes at least one of e-commerce fraud, internet financial fraud, operator fraud, and credit loan fraud; the characteristic behavior data of the user to be tested comprises at least one of basic information, conversation conditions, traffic using behaviors and internet surfing behaviors of the user to be tested. Here, the basic information may be account information such as a mobile phone number of the user to be tested, and is used as an identifier of the characteristic behavior data of the user to be tested.
Correspondingly, when the behavior recognition model is trained, the sample user characteristic behavior data also comprises at least one of basic information, call condition, flow use behavior and internet access behavior of the sample user. Here, the basic information may be account information such as a cell phone number of the sample user, and is used as an identifier of the sample user characteristic behavior data.
Based on any of the above embodiments, step 110 further includes: aiming at any business classification, training initial models respectively through multiple algorithms based on sample user characteristic behavior data and sample recognition results to obtain multiple behavior recognition models; wherein the algorithm comprises at least one of a logistic regression algorithm, a support vector machine algorithm and a classification regression tree algorithm.
Specifically, for any service classification, before the characteristic behavior data of the user to be tested is respectively input to the plurality of behavior recognition models corresponding to the service classification, a plurality of behavior recognition models obtained based on the characteristic behavior data of the sample user and the sample recognition result need to be trained. In the model training process, the initial model is trained through different algorithms, so that different behavior recognition models are obtained, the algorithms correspond to the behavior recognition models one by one, for example, a logistic regression model for behavior recognition is obtained through a logistic regression algorithm, a support vector machine model for behavior recognition is obtained through a support vector machine algorithm, and a classification regression tree model for behavior recognition is obtained through a classification regression tree algorithm.
Here, a Logistic Regression (LR) algorithm is used to process a Regression problem in which a dependent variable is a classification variable, and is commonly used in the fields of data mining, automatic disease diagnosis, economic prediction, and the like. Support Vector Machines (SVMs) are supervised learning models associated with associated learning algorithms that analyze data, recognize patterns, and perform classification and regression analysis. The Classification and Regression Tree (CART) algorithm is a learning method that outputs a conditional probability distribution of a random variable Y given an input random variable X, and can be used for Classification or Regression.
The method provided by the embodiment of the invention obtains various recognition classification models aiming at each business classification training, and fully utilizes the data dimension, thereby slowing down the problems of overfitting and generalization of a single model, prolonging the life cycle of the model and improving the accuracy of behavior recognition.
Based on any of the above embodiments, step 120 specifically includes: counting the number of models of which the candidate recognition result is fraudulent transaction and the number of models of which the candidate recognition result is normal transaction based on the candidate recognition result output by each behavior recognition model; if the number of the models of the fraud transaction is larger than the number of the models of the normal transaction, the identification result under the service classification is set as the fraud transaction; otherwise, setting the identification result under the service classification as normal transaction.
Specifically, the candidate identification result is a fraud transaction or a normal transaction, the fraud transaction indicates that the to-be-detected user has a fraud transaction behavior, and the normal transaction indicates that the to-be-detected user does not have the fraud transaction behavior. And aiming at any business classification, obtaining a candidate recognition result output by each behavior recognition model under the business classification, and obtaining a recognition result under the comprehensive business classification based on a majority voting function. Further, the candidate recognition results are counted, the number of behavior recognition models of which the output candidate recognition results are fraudulent transactions and the number of behavior recognition models of which the output candidate recognition results are normal transactions are obtained, and comparison is performed. And if the number of the models of the fraud transaction is larger than the number of the models of the normal transaction, namely the number of votes of the fraud transaction is larger than the number of votes of the normal transaction, according to a majority voting principle, determining that the identification result under the service classification is the fraud transaction. And if the number of the models of the fraud transaction as the candidate identification result is less than or equal to the number of the models of the normal transaction as the candidate identification result, namely the number of votes of the fraud transaction is less than or equal to the number of votes of the normal transaction, confirming that the identification result under the service classification is the normal transaction according to a majority voting principle.
For example, any traffic class includes three behavior recognition models, namely an LR behavior recognition model, an SVM behavior recognition model and a CART behavior recognition model. Assuming that the LR behavior recognition model and the SVM behavior recognition model consider that the user to be detected has a fraud behavior, namely the output candidate recognition result is a fraud transaction, and the CART behavior recognition model gives an opposite result, namely the output candidate recognition result is a normal transaction, confirming that the user has the fraud behavior based on the principle of majority voting, and setting the recognition result under the service classification as the fraud transaction.
Based on any of the above embodiments, step 130 specifically includes: and weighting the recognition result under each service type based on the preset weight corresponding to each service type to obtain a comprehensive recognition result.
Here, each service type corresponds to a preset weight, and the preset weight is a preset weight of a boundary result of the service type.
Based on any of the above embodiments, step 130 further includes: obtaining a recall rate corresponding to each service type; and acquiring a preset weight corresponding to each service type based on the recall rate corresponding to each service type.
Specifically, the recall rate corresponding to any service type is obtained by verifying the predicted identification result of the service type after training of each behavior identification model of the service type is completed, and the higher the recall rate is, the more important the identification result of the service type is, and the higher the preset weight value corresponding to the service type is.
R1, r2, … and rn are defined as the recalls rate of the service type 1, the service type 2, … and the service type n respectively, and the weight α corresponding to each service type is defined as follows:
α 1, α 2, …, α n respectively correspond to the weights of traffic type 1, traffic type 2, …, traffic type n based on the weights, the integrated recognition result F is as follows:
F=α1·f1+α2·f2+…+αn·fn;
in the formula, F is the probability of fraudulent transaction behavior of the user to be tested, and F1, F2, … and fn respectively correspond to the identification results of the service type 1, the service type 2, the service type … and the service type n.
Based on any of the above embodiments, fig. 2 is a schematic flow chart of a fraudulent transaction behavior identification method according to another embodiment of the present invention, as shown in fig. 2, the fraudulent transaction behavior identification method is a matrix type hybrid algorithm, and is multi-service in the horizontal direction and multi-algorithm in the vertical direction, that is, the fraudulent transaction behavior identification method includes a plurality of service classes, and each service class includes a plurality of behavior identification models constructed based on different algorithms. For example, the business classification 1 includes a behavior recognition model LR1 constructed based on a logistic regression algorithm, a behavior recognition model SVM1 constructed based on a support vector machine, and a behavior recognition model CART1 constructed based on a classification regression tree.
And respectively inputting the characteristic behavior data of the user to be detected into each behavior recognition model corresponding to each service classification, and acquiring a candidate recognition result output by each behavior recognition model. And then, counting candidate recognition results output by each behavior recognition model corresponding to any business classification based on a majority voting principle, and further obtaining recognition results corresponding to the task classification. For example, the candidate recognition results output by each behavior recognition model in the business classification 1 are counted, and the recognition result of the business classification 1, that is, the recognition result 1, is obtained.
Weighting is performed based on the preset weight value corresponding to each service type, i.e., α 1, α 2, …, α n in fig. 2, and the recognition result of each service type, i.e., recognition result 1, recognition result 2, …, and recognition result n, so as to obtain a comprehensive recognition result.
The method provided by the embodiment of the invention covers the fraud behaviors of multiple industries, can increase the industry classification according to the requirements, and has the advantages of wide identification range and strong expansibility. In addition, behavior recognition is carried out based on multiple algorithm dimensions, the recognition accuracy rate is high, the fraudulent users can be effectively recognized, the probability that common users are wrongly judged as the fraudulent users is reduced, the user experience is optimized, and the marketing cost caused by wrong judgment is saved.
Based on any of the above method embodiments, fig. 3 is a schematic structural diagram of a fraudulent transaction behavior identification apparatus provided by an embodiment of the present invention, where the apparatus includes a model identification unit 310, a service identification unit 320, and a comprehensive identification unit 330;
the model identification unit 310 is configured to, for any service class, respectively input characteristic behavior data of a user to be detected to a plurality of behavior identification models corresponding to the service class, and obtain a candidate identification result output by each behavior identification model; the behavior recognition model is obtained by training based on sample user characteristic behavior data and a sample recognition result;
the service identification unit 320 is configured to obtain an identification result under any service classification based on the candidate identification result output by each behavior identification model;
the comprehensive identification unit 330 is configured to obtain a comprehensive identification result based on the identification result of each service type.
The device provided by the embodiment of the invention obtains the recognition result under the single service classification based on the candidate recognition result output by each behavior recognition model, thereby slowing down the problems of overfitting and generalization of the single model, prolonging the life cycle of the model and improving the accuracy of behavior recognition. In addition, the comprehensive identification result is obtained based on the identification results under a plurality of service types, so that the multi-industry fraud behaviors are effectively covered, the fields and behaviors which are easy to generate fraud are comprehensively excavated, and the optimization of service vulnerabilities can be guided.
In any of the above embodiments, the service classification includes at least one of e-commerce fraud, internet financial fraud, operator fraud, and credit loan fraud; the characteristic behavior data of the user to be tested comprises at least one of basic information, conversation conditions, traffic using behaviors and internet surfing behaviors of the user to be tested.
According to any of the above embodiments, the apparatus further comprises a training unit;
the training unit is used for training initial models through various algorithms respectively based on the sample user characteristic behavior data and the sample recognition results aiming at any business classification to obtain a plurality of behavior recognition models; wherein the algorithm comprises at least one of a logistic regression algorithm, a support vector machine algorithm, and a classification regression tree algorithm.
Based on any of the above embodiments, the service identification unit 320 is specifically configured to:
counting the number of models of which the candidate recognition result is fraudulent transaction and the number of models of which the candidate recognition result is normal transaction based on the candidate recognition result output by each behavior recognition model;
if the model number of the fraud transaction as the candidate identification result is larger than the model number of the normal transaction as the candidate identification result, setting the identification result under any service classification as the fraud transaction; otherwise, setting the identification result under any service classification as normal transaction.
Based on any of the above embodiments, the comprehensive identification unit 330 is specifically configured to: and weighting the identification result under each service type based on the preset weight corresponding to each service type to obtain a comprehensive identification result.
Based on any of the above embodiments, the apparatus further includes a weight obtaining unit;
the weight value obtaining unit is used for obtaining the recall rate corresponding to each service type; and acquiring a preset weight corresponding to each service type based on the recall rate corresponding to each service type.
Fig. 4 is a schematic entity structure diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 4, the electronic device may include: a processor (processor)401, a communication Interface (communication Interface)402, a memory (memory)403 and a communication bus 404, wherein the processor 401, the communication Interface 402 and the memory 403 complete communication with each other through the communication bus 404. The processor 401 may invoke a computer program stored in the memory 403 and operable on the processor 401 to perform the fraudulent transaction behavior identification method provided by the above embodiments, including, for example: aiming at any business classification, respectively inputting the characteristic behavior data of a user to be tested into a plurality of behavior recognition models corresponding to the business classification, and acquiring a candidate recognition result output by each behavior recognition model; the behavior recognition model is obtained by training based on sample user characteristic behavior data and a sample recognition result; acquiring an identification result under any service classification based on the candidate identification result output by each behavior identification model; and acquiring a comprehensive identification result based on the identification result under each service type.
In addition, the logic instructions in the memory 403 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or make a contribution to the prior art, or may be implemented in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Embodiments of the present invention further provide a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented to perform the method for identifying fraudulent transaction behaviors provided in the foregoing embodiments, for example, the method includes: aiming at any business classification, respectively inputting the characteristic behavior data of a user to be tested into a plurality of behavior recognition models corresponding to the business classification, and acquiring a candidate recognition result output by each behavior recognition model; the behavior recognition model is obtained by training based on sample user characteristic behavior data and a sample recognition result; acquiring an identification result under any service classification based on the candidate identification result output by each behavior identification model; and acquiring a comprehensive identification result based on the identification result under each service type.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method of identifying fraudulent transaction activity, comprising:
aiming at any business classification, respectively inputting the characteristic behavior data of a user to be tested into a plurality of behavior recognition models corresponding to the business classification, and acquiring a candidate recognition result output by each behavior recognition model; the behavior recognition model is obtained by training based on sample user characteristic behavior data and a sample recognition result;
acquiring an identification result under any service classification based on the candidate identification result output by each behavior identification model;
and acquiring a comprehensive identification result based on the identification result under each service type.
2. The method of claim 1, wherein the service classification includes at least one of e-commerce fraud, internet financial fraud, operator fraud, and credit fraud;
the characteristic behavior data of the user to be tested comprises at least one of basic information, conversation conditions, traffic using behaviors and internet surfing behaviors of the user to be tested.
3. The method according to claim 1, wherein for any service class, the step of inputting the characteristic behavior data of the user to be tested into the plurality of behavior recognition models corresponding to the service class respectively to obtain the candidate recognition result output by each behavior recognition model further comprises:
aiming at any business classification, training initial models respectively through multiple algorithms based on the sample user characteristic behavior data and the sample recognition result to obtain multiple behavior recognition models;
wherein the algorithm comprises at least one of a logistic regression algorithm, a support vector machine algorithm, and a classification regression tree algorithm.
4. The method according to claim 1, wherein the obtaining the recognition result under any service classification based on the candidate recognition result output by each behavior recognition model specifically includes:
counting the number of models of which the candidate recognition result is fraudulent transaction and the number of models of which the candidate recognition result is normal transaction based on the candidate recognition result output by each behavior recognition model;
if the model number of the fraud transaction as the candidate identification result is larger than the model number of the normal transaction as the candidate identification result, setting the identification result under any service classification as the fraud transaction; otherwise, setting the identification result under any service classification as normal transaction.
5. The method according to claim 1, wherein the obtaining a comprehensive identification result based on the identification result under each service type specifically includes:
and weighting the identification result under each service type based on the preset weight corresponding to each service type to obtain a comprehensive identification result.
6. The method according to claim 5, wherein the weighting is performed on the recognition result under each service type based on a preset weight corresponding to each service type to obtain a comprehensive recognition result, and the method further comprises:
obtaining a recall rate corresponding to each service type;
and acquiring a preset weight corresponding to each service type based on the recall rate corresponding to each service type.
7. An apparatus for identifying fraudulent transaction activity, comprising:
the model identification unit is used for respectively inputting the characteristic behavior data of the user to be detected into a plurality of behavior identification models corresponding to any business classification aiming at any business classification and acquiring a candidate identification result output by each behavior identification model; the behavior recognition model is obtained by training based on sample user characteristic behavior data and a sample recognition result;
a service identification unit, configured to obtain an identification result in any service classification based on the candidate identification result output by each behavior identification model;
and the comprehensive identification unit is used for acquiring a comprehensive identification result based on the identification result under each service type.
8. The apparatus of claim 7, further comprising a training unit;
the training unit is used for training initial models through various algorithms respectively based on the sample user characteristic behavior data and the sample recognition results aiming at any business classification to obtain a plurality of behavior recognition models; wherein the algorithm comprises at least one of a logistic regression algorithm, a support vector machine algorithm, and a classification regression tree algorithm.
9. An electronic device, comprising a processor, a communication interface, a memory and a bus, wherein the processor, the communication interface and the memory communicate with each other via the bus, and the processor can call logic instructions in the memory to execute the method according to any one of claims 1 to 6.
10. A non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811528230.XA CN111325550A (en) | 2018-12-13 | 2018-12-13 | Method and device for identifying fraudulent transaction behaviors |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811528230.XA CN111325550A (en) | 2018-12-13 | 2018-12-13 | Method and device for identifying fraudulent transaction behaviors |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111325550A true CN111325550A (en) | 2020-06-23 |
Family
ID=71172275
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811528230.XA Pending CN111325550A (en) | 2018-12-13 | 2018-12-13 | Method and device for identifying fraudulent transaction behaviors |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111325550A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112116358A (en) * | 2020-09-29 | 2020-12-22 | 中国银行股份有限公司 | Transaction fraud prediction method and device and electronic equipment |
| CN112348519A (en) * | 2020-10-21 | 2021-02-09 | 上海淇玥信息技术有限公司 | Method and device for identifying fraudulent user and electronic equipment |
| CN112350956A (en) * | 2020-10-23 | 2021-02-09 | 新华三大数据技术有限公司 | Network traffic identification method, device, equipment and machine readable storage medium |
| CN112422576A (en) * | 2020-11-24 | 2021-02-26 | 北京数美时代科技有限公司 | Layered online architecture device and equipment supporting real-time anti-fraud service |
| CN112926990A (en) * | 2021-03-25 | 2021-06-08 | 支付宝(杭州)信息技术有限公司 | Method and device for fraud identification |
| CN113115311A (en) * | 2021-04-12 | 2021-07-13 | 江苏通付盾科技有限公司 | Support vector machine model-based fraud behavior identification method and system |
| CN113688870A (en) * | 2021-07-22 | 2021-11-23 | 国网江苏省电力有限公司营销服务中心 | Group renting house identification method based on user electricity utilization behavior by adopting hybrid algorithm |
| CN114301711A (en) * | 2021-12-31 | 2022-04-08 | 招商银行股份有限公司 | Anti-riot brushing method, device, equipment, storage medium and computer program product |
| WO2022195630A1 (en) * | 2021-03-18 | 2022-09-22 | Abhishek Gupta | Fraud detection system and method thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506454A (en) * | 2016-10-10 | 2017-03-15 | 江苏通付盾科技有限公司 | Fraud business recognition method and device |
| CN106600423A (en) * | 2016-11-18 | 2017-04-26 | 云数信息科技(深圳)有限公司 | Machine learning-based car insurance data processing method and device and car insurance fraud identification method and device |
| CN108717638A (en) * | 2018-05-18 | 2018-10-30 | 深圳壹账通智能科技有限公司 | Fraudulent trading judgment method, device, computer equipment and storage medium |
-
2018
- 2018-12-13 CN CN201811528230.XA patent/CN111325550A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506454A (en) * | 2016-10-10 | 2017-03-15 | 江苏通付盾科技有限公司 | Fraud business recognition method and device |
| CN106600423A (en) * | 2016-11-18 | 2017-04-26 | 云数信息科技(深圳)有限公司 | Machine learning-based car insurance data processing method and device and car insurance fraud identification method and device |
| CN108717638A (en) * | 2018-05-18 | 2018-10-30 | 深圳壹账通智能科技有限公司 | Fraudulent trading judgment method, device, computer equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 程光 等: "《互联网大数据挖掘与分类》", 南京:东南大学出版社, pages: 187 - 190 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112116358A (en) * | 2020-09-29 | 2020-12-22 | 中国银行股份有限公司 | Transaction fraud prediction method and device and electronic equipment |
| CN112348519A (en) * | 2020-10-21 | 2021-02-09 | 上海淇玥信息技术有限公司 | Method and device for identifying fraudulent user and electronic equipment |
| CN112350956A (en) * | 2020-10-23 | 2021-02-09 | 新华三大数据技术有限公司 | Network traffic identification method, device, equipment and machine readable storage medium |
| CN112350956B (en) * | 2020-10-23 | 2022-07-01 | 新华三大数据技术有限公司 | Network traffic identification method, device, equipment and machine readable storage medium |
| CN112422576A (en) * | 2020-11-24 | 2021-02-26 | 北京数美时代科技有限公司 | Layered online architecture device and equipment supporting real-time anti-fraud service |
| WO2022195630A1 (en) * | 2021-03-18 | 2022-09-22 | Abhishek Gupta | Fraud detection system and method thereof |
| CN112926990A (en) * | 2021-03-25 | 2021-06-08 | 支付宝(杭州)信息技术有限公司 | Method and device for fraud identification |
| CN113115311A (en) * | 2021-04-12 | 2021-07-13 | 江苏通付盾科技有限公司 | Support vector machine model-based fraud behavior identification method and system |
| CN113688870A (en) * | 2021-07-22 | 2021-11-23 | 国网江苏省电力有限公司营销服务中心 | Group renting house identification method based on user electricity utilization behavior by adopting hybrid algorithm |
| CN113688870B (en) * | 2021-07-22 | 2023-09-26 | 国网江苏省电力有限公司营销服务中心 | Group renting room identification method based on user electricity behavior by adopting hybrid algorithm |
| CN114301711A (en) * | 2021-12-31 | 2022-04-08 | 招商银行股份有限公司 | Anti-riot brushing method, device, equipment, storage medium and computer program product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111325550A (en) | Method and device for identifying fraudulent transaction behaviors | |
| US8355896B2 (en) | Co-occurrence consistency analysis method and apparatus for finding predictive variable groups | |
| CN111127178A (en) | Data processing method and device, storage medium and electronic equipment | |
| Zhou et al. | Fraud detection within bankcard enrollment on mobile device based payment using machine learning | |
| US11250368B1 (en) | Business prediction method and apparatus | |
| CN111882420A (en) | Generation method of response rate, marketing method, model training method and device | |
| CN112232950A (en) | Loan risk assessment method and device, equipment and computer-readable storage medium | |
| CN110930218A (en) | Method and device for identifying fraudulent customer and electronic equipment | |
| Zabkowski | RFM approach for telecom insolvency modeling | |
| CN111144899A (en) | Method and device for identifying false transactions and electronic equipment | |
| CN117114689A (en) | Fraud detection model construction method, fraud detection model construction device, fraud detection model construction equipment and storage medium | |
| CN118134652A (en) | Asset configuration scheme generation method and device, electronic equipment and medium | |
| CN117437001A (en) | Target object index data processing method and device and computer equipment | |
| CN117575666A (en) | Data processing method and device | |
| CN113743619A (en) | Cheating user identification method and device based on associated network behaviors | |
| Akbar et al. | Machine learning predictive models analysis on telecommunications service churn rate | |
| Xiao et al. | Explainable fraud detection for few labeled time series data | |
| CN110909753A (en) | Data classification method, system and equipment | |
| KR102409019B1 (en) | System and method for risk assessment of financial transactions and computer program for the same | |
| CN110570301B (en) | Risk identification method, device, equipment and medium | |
| CN115482084A (en) | Method and device for generating wind control rule set | |
| CN114022712A (en) | User classification method and device, computer equipment and storage medium | |
| Yang et al. | A study on analysis methods of latent customer purchase behavior focused on membership stage growth | |
| Jamil et al. | SUSTAINABLE FRAUD DETECTION IN GREEN FINANCE EMPOWERED WITH MACHINE LEARNING APPROACH | |
| US11915313B2 (en) | Using email history to estimate creditworthiness for applicants having insufficient credit history |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200623 |