CN111754241A

CN111754241A - User behavior perception method, device, equipment and medium

Info

Publication number: CN111754241A
Application number: CN201910447481.3A
Authority: CN
Inventors: 刘宇
Original assignee: Beijing Jingdong Century Trading Co Ltd; Beijing Jingdong Shangke Information Technology Co Ltd
Current assignee: Beijing Jingdong Century Trading Co Ltd; Beijing Jingdong Shangke Information Technology Co Ltd
Priority date: 2019-05-27
Filing date: 2019-05-27
Publication date: 2020-10-09

Abstract

The embodiment of the invention discloses a method, a device, equipment and a medium for user behavior perception, wherein the method comprises the following steps: acquiring user behavior data; associating the user behavior data with the established relationship network, and determining an association relationship network associated with the user behavior data, wherein the relationship network comprises at least one user; the user behavior perception method provided by the embodiment of the invention associates the user with the established association network through the user behavior data, judges whether the user behavior is the risk behavior according to the association relationship network associated with the user, determines the behavior risk of the user in time, realizes the prior wind control of cheating users, and ensures the user experience of normal users.

Description

User behavior perception method, device, equipment and medium

Technical Field

The embodiment of the invention relates to the field of data processing, in particular to a user behavior perception method, a user behavior perception device, user behavior perception equipment and a user behavior perception medium.

Background

Under the wave of rapid development of the mobile internet, each e-commerce platform usually cultivates the use habits of users and increases the viscosity of the users through a large number of subsidies in order to attract the users, but on the other hand, the development and maturity of a black and gray industry are promoted. In order to make subsidy more effective and ensure normal user experience, various anti-cheating strategies need to be formulated according to business characteristics, and actions such as brushing amount, stealing numbers, cheating subsidies, pulling wool and the like of black and grey products are prevented. Anti-cheating strategies are mainly divided into three modes of pre-event wind control, in-event wind control and post-event wind control. In the whole service life cycle, the earlier the risk is identified, and the interception and punishment are carried out on the black and gray users, so that the influence on normal users is smaller, and the integral user experience is better.

In the process of implementing the invention, the inventor finds that at least the following technical problems exist in the prior art: the existing anti-cheating strategies are concentrated on the in-process and after-process wind control, and the attributes of the user are judged according to the behavior of the user and the historical characteristic data of the user, or whether the transaction of the user is a cheating transaction is judged. At this time, the penalty for the user may cause complaints of the user and even a certain legal risk. Moreover, the losses that have sometimes been made are irreparable. Especially for a new user, due to the fact that the historical information of the new user is less, the attribute of the user is difficult to predict according to a small amount of data, and the user cannot be intercepted timely and effectively when malicious behaviors appear.

Disclosure of Invention

The embodiment of the invention provides a user behavior perception method, a user behavior perception device, a user behavior perception equipment and a user behavior perception medium, so that risk attributes of users can be determined in time, pre-existing wind control over cheating users is achieved, and user experience of normal users is guaranteed.

In a first aspect, an embodiment of the present invention provides a user behavior sensing method, including:

acquiring user behavior data, wherein the user behavior data is used for representing behaviors executed by a user;

associating the user behavior data with the established relationship network, and determining an association relationship network associated with the user behavior data, wherein the relationship network comprises at least one user;

determining network risk data of the incidence relation network, judging whether the user behavior is a risk behavior based on the network risk data, and outputting corresponding risk prompt information if the user behavior is the risk behavior, wherein the network risk data is used for representing the network risk degree of the incidence relation network.

In a second aspect, an embodiment of the present invention further provides a device for sensing user behavior, including:

the behavior data acquisition module is used for acquiring user behavior data, and the user behavior data is used for representing behaviors executed by a user;

the association network determining module is used for associating the user behavior data with the established relationship network and determining an association relationship network associated with the user behavior data, wherein the relationship network comprises at least one user;

and the risk prompt output module is used for determining network risk data of the incidence relation network, judging whether the user behavior is a risk behavior based on the network risk data, and outputting corresponding risk prompt information if the user behavior is the risk behavior, wherein the network risk data is used for representing the network risk degree of the incidence relation network.

In a third aspect, an embodiment of the present invention further provides a computer device, where the computer device includes:

one or more processors;

storage means for storing one or more programs;

when executed by the one or more processors, cause the one or more processors to implement a user behavior awareness method as provided by any of the embodiments of the invention.

In a fourth aspect, the embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the user behavior awareness method according to any of the embodiments of the present invention.

According to the embodiment of the invention, the user behavior data is obtained and used for representing the behavior executed by the user; associating the user behavior data with the established relationship network, and determining an association relationship network associated with the user behavior data, wherein the relationship network comprises at least one user; the method comprises the steps of determining network risk data of an association relationship network, judging whether user behaviors are risk behaviors or not based on the network risk data, outputting corresponding risk prompt information if the user behaviors are risk behaviors, associating the user into a pre-constructed relationship network according to the user behaviors, judging whether the user behaviors are risk behaviors or not according to the association relationship network associated with the user, determining behavior attributes of the user in time, achieving pre-venting control of cheating users, and guaranteeing user experience of normal users.

Drawings

Fig. 1 is a flowchart of a user behavior sensing method according to an embodiment of the present invention;

fig. 2 is a flowchart of a user behavior sensing method according to a second embodiment of the present invention;

fig. 3a is a schematic diagram of a user behavior sensing method according to a third embodiment of the present invention;

fig. 3b is a schematic structural diagram of a user behavior sensing system according to a third embodiment of the present invention;

fig. 4 is a schematic structural diagram of a user behavior sensing apparatus according to a fourth embodiment of the present invention;

fig. 5 is a schematic structural diagram of a computer device according to a fifth embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.

Example one

Fig. 1 is a flowchart of a user behavior sensing method according to an embodiment of the present invention. The embodiment can be applied to the situation when risk assessment is carried out on user behaviors, and is particularly suitable for the situation of carrying out wind control on user cheating behaviors in an electronic commerce transaction platform. The method may be performed by a user behavior awareness apparatus, which may be implemented in software and/or hardware, for example, and may be configured in a computer device. The embodiment takes an e-commerce transaction platform as an example, and explains the user behavior sensing method. As shown in fig. 1, the method includes:

and S110, acquiring user behavior data.

In order to implement the pre-existing pneumatic control of the user cheating behaviors, in this embodiment, the user is associated with the established relationship network according to the behaviors of the user, the association relationship network associated with the user behaviors is determined, the risk attribute of the user is determined based on the determined association relationship network, and the user is monitored according to the risk attribute of the user.

In this embodiment, the user behavior data is used to characterize the behavior performed by the user. Optionally, the behavior executed by the user includes a user information change behavior, a user browsing behavior, and/or a user transaction behavior, and correspondingly, the user behavior data includes user information change data, user browsing data, and/or user transaction data. Illustratively, when a new user registers or an existing user needs to change personal information, user information change data is generated according to user information change behaviors, when the user browses articles through a certain terminal device and executes certain operations (such as operations of adding a shopping cart, collecting and the like), user browsing data is generated according to device identification, network identification or browsing operations executed by the user of the terminal device used by the user, and when the user has a trading behavior, such as generating a new order or canceling an order, user trading data is generated according to the trading behavior of the user.

In an embodiment of the present invention, the acquiring the user behavior data includes:

acquiring user operation data;

screening candidate user behavior data meeting user behavior conditions according to the data identification of the user operation data;

and carrying out data standardization processing on the candidate user behavior data to obtain the user behavior data.

Optionally, any operation of the user may generate corresponding user operation data, but some operation data may not affect the behavior attribute of the user or change the constructed relationship network. In this embodiment, whether the operation data is data that can affect the user behavior attribute or change the constructed relationship network is determined according to the data identifier of the operation data. Optionally, a data identifier meeting the user behavior condition may be preset, after the user operation data is obtained, it is determined that the data identifier of the user operation data is the preset data identifier, if the data identifier of the user operation data is the preset data identifier, the user operation data is used as candidate user behavior data, and if the data identifier of the user operation data is not the preset data identifier, the user operation data is filtered, so that the user operation data which does not meet the user behavior condition is cleaned.

Because the data format in the acquired user operation data is possibly different from the data format required by the association of the user, after the candidate user behavior data is determined, the data standardization processing is carried out on the candidate user behavior data according to the preset data coding rule, the user behavior data with the unified data format is obtained, and the standardization operation of the operation data meeting the user behavior condition is realized.

And S120, associating the user behavior data with the established relationship network, and determining the association relationship network associated with the user behavior data.

In this embodiment, the relationship network includes at least one user. Optionally, the association relationship between the users may be determined in advance according to the information of the existing users, all the users are divided into a plurality of relationship networks according to the association relationship between the users, and each user in each relationship network has a certain association relationship. And after the user behavior data is acquired, determining an association relation network associated with the user behavior data according to a preset association rule.

In an embodiment of the present invention, the associating the user behavior data with the constructed relationship network according to the user behavior data and a preset association rule, and determining the association relationship network associated with the user behavior data includes:

extracting first characteristic data of the user from the user behavior data, wherein the first characteristic data comprises preset characteristic data used for representing personal information characteristics of the user;

and matching the first characteristic data of the user with the first characteristic data of each user in the relationship network aiming at each constructed relationship network, and taking the relationship network as the association relationship network if the first characteristic data of the user is successfully matched with the first characteristic data of any user in the relationship network.

Optionally, strong association feature data used for representing an association relationship between users may be extracted from the user behavior data, and the strong association feature data may be used as the first feature data of the user. Optionally, a feature identifier corresponding to the first feature data may be preset, and the first feature data of the user is determined according to the preset feature identifier. In this embodiment, the first user characteristic data includes preset characteristic data for characterizing personal information of the user. Optionally, the personal information feature of the user may be personal information such as a mobile phone number, a receiving address, a bank card number and the like.

When the user behavior data comprises user personal information change data, the user to which the user behavior data belongs can be associated to the established relationship network according to the personal information changed by the user, and the relationship network cannot be changed after the user changes the personal information. Generally, when there is an association relationship between personal information of two users, it is considered that the two users may be the same user or have a certain association. For example, when the bank card numbers of the user a and the user B are the same, the user a and the user B may be determined to be the same user.

In this embodiment, after the first feature data of the user is obtained, the first feature data of the user is matched with the first feature data of each user in each relationship network, and if the first feature data of the user is successfully matched with the first feature data of any user in a certain relationship network, it is determined that the user is the same user or has a certain correlation with the user in the relationship network, and the user is divided into the relationship networks. It should be noted that different personal characteristic information included in the first characteristic information of the user may be successfully matched with the personal characteristic information of the user in different relationship networks, respectively. Therefore, in this embodiment, after the first feature information of the user is successfully matched with the first feature information of the user in a certain relationship network, the first feature information of the user is continuously matched with the first feature information of the users in other relationship networks until all the relationship networks are completely matched. The first characteristic information of the user is matched with the first characteristic information of each user in all the relationship networks, so that the relationship network based on the user behavior can be updated more accurately.

For example, assuming that the first feature information of the user includes a mobile phone number, a receiving address and a bank card number, the receiving address of the user is the same as the receiving address of the user a in the relationship network a, and the bank card number of the user is the same as the bank card number of the user B in the relationship network B, the relationship network a and the relationship network B are merged into the relationship network C through the user, and the association relationship network associated with the user behavior data is determined to be the relationship network C.

In this embodiment, the user personal information change data may be user personal information change data generated by registering a new user, or user personal information change data generated by changing personal information for an existing user. The users are associated to the association relationship network according to the personal information change data of the users, the behavior attributes of the users can be identified in time after the users change the personal information, whether the registered users are real new users or whether the users with the changed information are marked risk users is identified, and therefore the pre-air control of cheating users is achieved.

On the basis of the above scheme, the associating the user behavior data with the constructed relationship network according to the user behavior data and a preset association rule to determine an association relationship network associated with the user behavior data, further includes:

if the first characteristic data of the user fails to be matched with the first characteristic data of each user in each relationship network, extracting second characteristic data of the user from the user behavior data, wherein the second characteristic data comprises preset characteristic data used for representing user equipment characteristics and/or user behavior characteristics;

and calculating the similarity between the second characteristic data of the user and the second characteristic data of each user in the relationship network, and taking the relationship network with the similarity larger than a preset similarity threshold as the association relationship network.

In this embodiment, if the first feature data of the user is not matched with the first feature data of each user in each relationship network, the user is associated with the established relationship network according to the second feature data of the user. Specifically, weak association feature data used for representing association relation between users is extracted from the user behavior data, and the weak association feature data is used as second feature data of the users. Optionally, a feature identifier corresponding to the second feature data may be preset, and the second feature data of the user is determined according to the preset feature identifier. In this embodiment, the second user characteristic data includes preset characteristic data for characterizing the user equipment and/or user behavior characteristic data. Optionally, the user equipment characteristics may be characteristic information such as terminal characteristics (e.g. terminal identifier), network characteristics (e.g. network address), and the like used by the user for browsing. The user behavior characteristics may be behavior characteristics of the user when performing browsing behavior or transaction behavior, such as collecting, adding an item to a shopping cart, purchasing, and the like.

When the user behavior data includes the user device feature data and/or the user behavior feature data, the user may be associated with the constructed relationship network according to the user device feature data and/or the user behavior feature data, and it is determined that the behavior executed by the user may not cause the relationship network to change. When an association relationship exists between user equipment characteristic data and/or user behavior characteristic data of two users, a certain association exists between the two users. For example, when the user device characteristics of two users are the same, it is determined that a certain relationship exists between the two users. And when the similarity between the behavior data characteristics of the two users is higher, judging that the two users have the same behavior characteristics.

In this embodiment, after the second feature data of the user is obtained, the similarity between the second feature data of the user and the second feature data of each user in each relationship network is calculated according to a preset similarity calculation rule, and if the similarity between the second feature data of the user and the second feature data of any user in a certain relationship network is greater than a preset similarity threshold, it is determined that the user and the user in the relationship network have the same behavior characteristics, and the user is classified into the relationship network. Optionally, the similarity calculation rule may be a cosine similarity calculation method, a pearson correlation coefficient algorithm, or other similarity calculation rules. Different similarity thresholds can be set according to different second feature data, for example, the similarity threshold corresponding to the user equipment feature can be set as a first similarity threshold, the similarity threshold corresponding to the user behavior feature can be set as a second similarity threshold, and the first similarity threshold and the second similarity threshold may be the same or different.

It should be noted that different ue features or ue behavior features included in the second user feature data may be successfully matched with the ue features or ue behavior features in different relationship networks, respectively. Therefore, in this embodiment, when the similarity between the second feature data of the user and the second feature data of the user in a certain relationship network is greater than the preset similarity threshold, the similarity between the second feature data of the user and the second feature data of the user in other relationship networks is continuously calculated until all relationship networks are completely calculated. And calculating the similarity between the second characteristic data of the user and the second characteristic data of each user in all the relationship networks, so that the relationship network based on the user behavior can be updated more accurately.

For example, assuming that the second feature data of the user includes a user device feature and a user behavior feature, a similarity between the user device feature and the user device feature of the user D in the relationship network D is greater than a similarity threshold corresponding to the user device feature, and a similarity between the user behavior feature and the user behavior feature of the user E in the relationship network E is greater than a similarity threshold corresponding to the user behavior feature, the relationship network D and the relationship network E are merged into the relationship network F by the user, and an association relationship network associated with the user behavior data is determined to be the relationship network F.

S130, determining network risk data of the incidence relation network, judging whether the user behavior is a risk behavior based on the network risk data, and outputting corresponding risk prompt information if the user behavior is the risk behavior.

In this embodiment, the cyber risk data is used to characterize the cyber risk degree of the association network. Optionally, the network risk data of the user may be determined according to the association relationship network to which the user belongs, then the behavior attribute of the user is determined according to the network risk data of the user, so as to determine whether the user behavior is a risk behavior, and when it is determined that the user behavior is a risk behavior, the preset risk prompt information corresponding to the risk behavior is acquired and displayed, so that the monitoring personnel can know the risk behavior of the user in time, and timely control over the cheating operation of the cheating user is achieved. For example, the corresponding relationship between the network risk data and the behavior attribute may be preset, after the network risk data of the user is determined, the behavior attribute of the user is determined according to the preset corresponding relationship, and whether the user behavior is a risk behavior is determined based on the determined behavior attribute.

Optionally, whether the user behavior is a risk behavior is determined based on the network risk data, and if the user behavior is a risk behavior, outputting corresponding risk prompt information, including: and monitoring the behaviors of the users according to the personal risk data of the users, the network risk data of the users and a preset behavior judgment rule, and outputting risk prompt information if the behavior of the user is detected to be a preset risk behavior.

In this embodiment, a monitoring risk threshold and a user monitoring rule may be set, and when the personal risk data and/or the network risk data of the user are higher than the preset monitoring risk threshold, the behavior of the user is monitored by using the behavior judgment rule.

It can be understood that when the user is a new registered user or the user has no historical behavior data, the network risk data of the association relationship network to which the user belongs is used as the network risk data of the user, when the user has historical behavior data, the network risk data of the association relationship network can be updated according to the risk feature data of the user, and the updated network risk feature data is used as the network risk data of the user.

In an embodiment of the present invention, the determining the network risk data of the association network includes:

and determining network risk data of the incidence relation network according to the risk characteristic data of each user in the incidence relation network, wherein the risk characteristic data is used for representing risk parameters of user behaviors.

Optionally, after determining the association relationship network to which the user belongs, the users included in the association relationship network are updated at the same time, and the network risk data of the association relationship network may be determined according to the risk characteristic data of each user included in the updated association relationship network. The risk characteristic data may include characteristic data of a preset risk parameter of the user characterizing the user behavior. The risk characteristic data may be user behavior characteristic data, such as user browsing behavior, transaction behavior, and other characteristic data, and may also include other characteristic data.

In this embodiment, a network risk calculation rule may be preset, and network risk data of the association relationship network may be calculated according to risk feature data of each user in the association relationship network. And training a network risk data model for calculating network risk data according to the marked training sample and a pre-constructed neural network architecture by a deep learning algorithm and marking the training sample, and determining the network risk data of the incidence relation network according to the network risk data model which is completely trained.

In an embodiment of the present invention, the determining network risk data of the association relationship network according to risk feature data of each user in the association relationship network includes:

and inputting the risk characteristic data of each user in the incidence relation network into a well-trained network risk data model to obtain the network risk data output by the network risk data model.

Optionally, the risk feature data of each user in the association relationship network may be input into a completely trained cyber risk data model, so as to obtain cyber risk data output by the cyber risk data model, and the cyber risk data output by the cyber risk model is used as the cyber risk data of the association relationship network. Optionally, the cyber risk data may be a cyber risk score.

The embodiment of the invention obtains the user behavior data; associating the user behavior data with the established relationship network, and determining an association relationship network associated with the user behavior data, wherein the relationship network comprises at least one user; the method comprises the steps of determining network risk data of an association relationship network, judging whether user behaviors are risk behaviors or not based on the network risk data, outputting corresponding risk prompt information if the user behaviors are risk behaviors, associating the user into a pre-constructed relationship network according to the user behaviors, judging whether the user behaviors are risk behaviors or not according to the association relationship network associated with the user, determining behavior attributes of the user in time, achieving pre-venting control of cheating users, and guaranteeing user experience of normal users.

On the basis of the scheme, the method further comprises the following steps:

and aiming at each user, determining the service authority of the user according to preset service conditions, personal risk data of the user and network risk data of the user, and displaying a service interface corresponding to the service authority to the user when detecting that the user initiates a service access request, wherein the personal risk data is used for representing the personal risk degree of the user.

In this embodiment, for each service, service conditions that can participate in the service may be preset, and the service authority of the user is determined based on the preset service conditions, the personal risk data of the user, and the network risk data of the user. Wherein the personal risk data of the user represents a personal risk level of the user. Optionally, for each user, the personal risk data of the user is determined according to the risk characteristic data of the user and a preset personal risk data calculation rule. Wherein the personal risk data may be a personal risk score for the user. Optionally, the business conditions that can participate in the business may be set such that the personal risk data of the user is lower than a preset personal risk data threshold and the network risk data of the user is lower than a preset network risk data threshold. And corresponding relations between the personal risk data, the network risk data and the service authority can be set, and the service authority of the user is determined according to a preset corresponding relation table. The method comprises the steps of setting corresponding service conditions for each service, determining the service authority of a user based on the set service conditions and risk data of the user, and determining a service interface displayed to the user according to the service authority of the user when a service access request initiated by the user is detected, so that the prior wind control of cheating users can be realized, normal users can be ensured to participate in the service normally, and the user experience of normal users is improved.

For example, the service condition of the service a may be set to be that the personal risk data is lower than 5 and the network risk data is lower than 8, and if the personal risk data of the user a is 4 and the network risk data is 6, it is determined that the user a has the right to participate in the service a, and the participation interface of the service a is presented to the user a. If the personal risk data of the user B is 4 and the network risk data is 9, judging that the user B does not have the authority of participating in the service A, hiding a participation interface of the service A from the user B, or popping up corresponding prompt information when the user B participates in the service A.

On the basis of the scheme, the method further comprises the following steps:

and counting the user behavior data at regular time, forming a user behavior report according to the user behavior data, the personal risk data of the user and/or the network risk data of the user, and analyzing the user risk behavior according to the user behavior report.

Optionally, the behavior data of the user may be periodically counted for the user with higher risk data or for each user, and a user behavior report including the user behavior data, the personal risk data of the user, and the network risk data of the user is generated, so that the monitoring personnel can know the behavior of the user in time. And counting the proportion of the behaviors with higher risk data in all the users to the user behaviors at regular time, generating a corresponding user behavior report, and adjusting the user monitoring strategy according to the user behavior report.

Example two

Fig. 2 is a flowchart of a user behavior sensing method according to a second embodiment of the present invention. The present embodiment is further optimized on the basis of the above-described embodiments. As shown in fig. 2, the method includes:

s210, obtaining historical behavior data of a plurality of users.

In this embodiment, the relationship network is constructed in advance from the historical behavior data of the user. The historical behavior data of the user may include user historical personal information data, user historical browsing data and/or user historical transaction data.

S220, constructing at least one relationship network according to the historical behavior data, wherein each relationship network comprises users with the same behavior characteristics.

In this embodiment, the historical behavior data of the users is analyzed to construct at least one relationship network, where each relationship network includes users with the same behavior characteristics. It should be noted that, for each relationship network, two users in the relationship network have the same behavior characteristics, but all users in the relationship network may not have uniform behavior characteristics. For example, if the relationship network includes user a, user B, user C, and user D, there may be a case where any one of the personal information data of user a and user B is the same, the historical transaction data similarity of user C and user D is higher, the historical browsing data similarity of user a and user C is higher, but user a, user B, user C, and user D do not have uniform behavior characteristics.

In an embodiment of the present invention, the building at least one relationship network according to the historical behavior data includes:

extracting historical first characteristic data of each user from historical behavior data of each user, and dividing the users matched with the historical first characteristic data into a same relation network, wherein the historical first characteristic data comprises preset characteristic data used for representing historical personal information characteristics of the users;

extracting historical second characteristic data of each user from the historical behavior data of each user, calculating the similarity between users according to the historical second characteristic data, merging the relationship networks according to the user combination with the similarity larger than a preset similarity threshold, wherein the historical second characteristic data comprises preset characteristic data used for representing the historical equipment characteristics and/or the historical behavior characteristics of the users.

Optionally, the relationship network may be constructed according to the historical first characteristic data and the historical second characteristic data of the user. The historical first characteristic data comprises preset characteristic data used for representing the historical personal information characteristics of the user, and the historical second characteristic data comprises preset characteristic data used for representing the historical equipment characteristics and/or the historical behavior characteristics of the user. For more detailed contents of the historical first characteristic data and the historical second characteristic data, reference may be made to specific contents of the first characteristic data and the second characteristic data in the above embodiments, and details are not described herein again.

In this embodiment, each relationship network having the same strong association feature is constructed through the historical first feature data of the users, the similarity between the weak association features of the users is analyzed according to the second feature data of the users, and the relationship networks are merged based on the similarity between the weak association features of the users. And a relational network is constructed based on the first characteristic data of the user history and the second characteristic data of the user history, so that the construction of the relational network is more accurate, and the judgment is more accurate according to the user behavior attribute of the relational network.

Specifically, historical first feature data of the users are extracted from historical behavior data of the users, if any one of the first feature data of the two users is the same, the first feature data of the two users are judged to be matched, and the two users are divided into the same relationship network. For example, if the historical first feature data of the user a is { mobile phone number: a, harvesting address: b, bank card number: c, the historical first characteristic data of the user B is { mobile phone number: d, harvesting address: e, bank card number: c, if the bank card number of the user A is the same as that of the user B, the first characteristic data of the user A is matched with that of the user B, and the user A and the user B are divided into the same relation network.

After a relationship network is constructed according to the historical first characteristic data of each user, the similarity between users is calculated according to the historical second characteristic data of each user, a user combination with the similarity larger than a preset similarity threshold is determined, and the relationship networks to which each user belongs in the user combination are combined to obtain the combined relationship network. Illustratively, if the similarity between the historical second feature data of the user H and the historical second feature data of the user I is higher than a preset similarity threshold, the relationship network to which the user H belongs is the relationship network M, and the relationship network N to which the user I belongs is merged, so as to obtain a merged relationship network K. In this embodiment, the manner of calculating the similarity between the second characteristic data of each user history may be referred to in the above embodiments, and is not described herein again.

And S230, aiming at each relationship network, determining the network risk data of the relationship network according to the risk characteristic data of the user contained in the relationship network.

After the relationship network is constructed according to the historical behavior data of the user, the network risk data of the relationship network is calculated for each relationship network. Optionally, the network risk data of the relationship network is calculated according to a preset network risk data calculation rule and risk feature data of each user in the relationship network, or a deep learning algorithm may be used to construct a network risk data model and determine the network risk data of the relationship network. In this embodiment, for a more detailed scheme for determining the network risk data of the relationship network, reference may be made to the above embodiments, which are not described herein again.

And S240, acquiring user behavior data.

And S250, associating the user behavior data with the established relationship network, and determining the association relationship network associated with the user behavior data.

S260, determining network risk data of the incidence relation network, judging whether the user behavior is a risk behavior or not based on the network risk data, and outputting corresponding risk prompt information if the user behavior is the risk behavior.

According to the technical scheme of the embodiment of the invention, the operation of constructing the relationship network according to the historical behavior data of the user is added on the basis of the embodiment, and the relationship network containing the users with the same behavior characteristics is constructed according to the historical behavior data of the user, so that the construction of the relationship network is more accurate, and the judgment of the user behavior attribute based on the constructed network is more accurate.

EXAMPLE III

Fig. 3a is a schematic diagram of a user behavior sensing method according to a third embodiment of the present invention. The present embodiment provides a preferred embodiment based on the above-described embodiments. Optionally, the user behavior sensing method provided by this embodiment may be executed by a user behavior sensing system. Fig. 3b is a schematic structural diagram of a user behavior awareness system according to a third embodiment of the present invention, and as shown in fig. 3b, the user behavior awareness system includes a data layer 310, a core layer 320, and a processing layer 330, which communicate with each other through an interface or a message queue.

The data layer 310 is various data that the system needs to access, and mainly includes offline data, real-time data, streaming data, and external data. The data layer is the foundation of the whole system, and the relational network is constructed based on the huge multidimensional data. The core layer 320 is mainly divided into three parts: offline network construction, real-time network detection and configuration management. The offline network construction module divides all users into different relationship networks from multiple dimensions such as mobile phone numbers, IP addresses, delivery addresses, bank cards and equipment fingerprints mainly according to data of a data layer, and scores are given to each relationship network according to historical risk scores of the users. The real-time network detection module mainly collects the concerned user behavior data and associates the data with the offline relation network in real time, so that the risk score of the user is obtained. The configuration management mainly provides the configuration management function of the whole system, so that the whole system is optimized. The processing layer 430 primarily provides the ability for risk-aware subsequent processing. And if the system detects that a certain user has risks, calling a corresponding processing layer sub-module according to the configuration to perform subsequent processing. The processing layer sub-module is mainly divided into a monitoring system, a report system, a large screen monitoring system, a workbench and a notification system. The monitoring system is used for monitoring the user according to the set monitoring rule, and the report system is used for generating a report at regular time. The large screen monitor is used for displaying the monitoring result, and the workbench is used for receiving information input by monitoring personnel or displaying the monitoring information to the monitoring personnel. The notification system is used for communication and data transmission among the systems.

As shown in fig. 3a, the method comprises:

s310, performing correlation analysis according to information such as the mobile phone number, the network address, the receiving address, the equipment ID, the bank card and the like of the user, and dividing the total number of users into a relational network.

Considering that the number of users in the e-commerce platform is huge, the association relationship among the users can be calculated in an off-line mode, all the users are divided into relationship networks, and each relationship network comprises at least one user. And then, only incremental updating is needed to be carried out periodically, and the constructed relationship network is updated according to the user behaviors sent subsequently.

And S320, scoring each relationship network according to the risk characteristics of the users in each relationship network to obtain the network risk score of each relationship network.

Optionally, the network risk score of each relationship network may be calculated by a well-trained network score model. It will be appreciated that the primary factor affecting individual network ratings is the users who have historically experienced cheating.

S330, receiving the change of all user information, user operation behavior data and user transaction data in real time in a message queue mode, and performing data processing.

In this embodiment, after receiving the change of the user information, the user operation behavior data, and the user transaction data, filtering the data that is not concerned according to the system configuration, performing cleaning and standardization operations on the data that does not meet the requirements, performing desensitization operations on the sensitive data, and performing S340.

And S340, pushing the processed data to an offline network construction module.

The user behavior perception system pushes data such as change of user information, user operation behavior data or user transaction data received in real time to the offline network construction module in an asynchronous mode, so that the offline network construction module updates the relational network in the background.

And S350, associating the processed data with the constructed relation network.

After the basic data is processed, the user behavior perception system associates the data with the established relationship network.

And S360, judging whether the current user is associated to the existing relationship network.

And judging whether the user behavior enables the user to be associated to the existing relationship network or causes the change of the established relationship network according to the association result. The user behavior perception system mainly judges whether the user establishes a new connection with the established relationship network due to the currently received data. If the constructed relationship network structure is not changed due to the change of the user information, the user operation behavior data or the user transaction data, the changed data is regarded as invalid data, and the user behavior perception system does not have any subsequent operation. S380 is executed. On the other hand, if the user information is changed, the user operation behavior data or the user transaction data at this time, the constructed relationship network structure is changed, and S370 is executed.

And S370, obtaining the network risk score of the current user through the network risk score of the relationship network where the current user is located, and calling a corresponding processing layer to perform function processing according to the network risk score and the configuration of the user.

After the relationship network to which the current user belongs is determined, the risk score of the current user can be obtained through the risk score of the relationship network to which the current user belongs, and a corresponding processing layer is called for function processing according to the risk score and configuration of the user, so that monitoring, alarming and operation of notifying corresponding operators of the risk user are achieved.

And S380, ending.

According to the embodiment of the invention, the relation network is constructed in an off-line manner according to a plurality of dimensions such as user historical data, behavior historical data, transaction historical data and the like, and as long as certain behaviors of an unknown user occur, such as login with different IP, personal information update, bank card binding, new receiving address addition and the like, the system associates the behavior data of the unknown user with the existing relation network in real time. If the unknown user can be associated with the existing risky users by utilizing the behavior data of the unknown user, the unknown user is considered to be the risky user with a great possibility, and cheating behaviors are possible in the future, the unknown user is marked and monitored, and for some business scenes, the unknown user is not allowed to participate. Off-line relation network construction and real-time relation network detection are applied to an electronic commerce transaction anti-cheating system, and pre-existing wind control over cheating users is achieved.

Example four

Fig. 4 is a schematic structural diagram of a user behavior sensing apparatus according to a fourth embodiment of the present invention. The user behavior awareness apparatus may be implemented in software and/or hardware, for example, the user behavior awareness apparatus may be configured in a computer device. As shown in fig. 4, the apparatus includes a behavior data obtaining module 410, an association network determining module 420, and a risk suggestion output module 430, wherein:

a behavior data obtaining module 410, configured to obtain user behavior data, where the user behavior data is used to represent a behavior executed by a user;

an association network determining module 420, configured to associate the user behavior data with a constructed relationship network, and determine an association relationship network associated with the user behavior data, where the relationship network includes at least one user;

a risk prompt output module 430, configured to determine network risk data of the association network, determine whether the user behavior is a risk behavior based on the network risk data, and output corresponding risk prompt information if the user behavior is a risk behavior, where the network risk data is used to represent a network risk degree of the association network.

According to the embodiment of the invention, the behavior data of the user is acquired through the behavior data acquisition module, the association network determination module associates the behavior data of the user with the established relationship network, the association relationship network associated with the behavior data of the user is determined, the risk prompt output module determines the network risk data of the association relationship network, whether the behavior of the user is a risk behavior is judged based on the network risk data, if the behavior of the user is a risk behavior, corresponding risk prompt information is output, the user can be associated into the pre-established relationship network according to the behavior of the user, whether the behavior of the user is a risk behavior is judged according to the association relationship network associated with the user, the behavior attribute of the user is determined in time, the pre-wind control of cheating users is realized, and the user experience of normal users is guaranteed.

On the basis of the foregoing scheme, the associated network determining module 420 is specifically configured to:

On the basis of the above scheme, the risk prompt output module 430 is specifically configured to:

On the basis of the above scheme, the behavior data acquiring module 410 is specifically configured to:

acquiring user operation data;

On the basis of the above scheme, the apparatus further includes a relationship network construction module, configured to:

acquiring historical behavior data of a plurality of users before associating the user behavior data with the established relationship network;

constructing at least one relationship network according to the historical behavior data, wherein each relationship network comprises users with the same behavior characteristics;

and aiming at each relationship network, determining the network risk data of the relationship network according to the risk characteristic data of the user contained in the relationship network.

On the basis of the above scheme, the relationship network construction module is specifically configured to:

extracting historical second characteristic data of each user from the historical behavior data of each user, calculating the similarity between each user according to the historical second characteristic data, merging the relationship networks according to the user combination with the similarity larger than a preset similarity threshold value, wherein the historical second characteristic data comprises preset characteristic data used for representing the historical equipment characteristics and/or the historical behavior characteristics of the users.

On the basis of the above scheme, the apparatus further comprises:

and the service authority determining module is used for determining the service authority of each user according to preset service conditions, personal risk data of the user and the network risk data of the user, and displaying a service interface corresponding to the service authority to the user when detecting that the user initiates a service access request, wherein the personal risk data is used for representing the personal risk degree of the user.

On the basis of the above scheme, the apparatus further comprises:

and the behavior report generation module is used for counting the user behavior data at regular time, forming a user behavior report according to the user behavior data, the personal risk data of the user and/or the network risk data of the user, and analyzing the user risk behavior according to the user behavior report.

The user behavior sensing device provided by the embodiment of the invention can execute the user behavior sensing method provided by any embodiment, and has the corresponding functional modules and beneficial effects of the execution method.

EXAMPLE five

Fig. 5 is a schematic structural diagram of a computer device according to a fifth embodiment of the present invention. FIG. 5 illustrates a block diagram of an exemplary computer device 512 suitable for use in implementing embodiments of the present invention. The computer device 512 shown in FIG. 5 is only an example and should not bring any limitations to the functionality or scope of use of embodiments of the present invention.

As shown in FIG. 5, computer device 512 is in the form of a general purpose computing device. Components of computer device 512 may include, but are not limited to: one or more processors 516, a system memory 528, and a bus 518 that couples the various system components including the system memory 528 and the processors 516.

Bus 518 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and processor 516, or a local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.

Computer device 512 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 512 and includes both volatile and nonvolatile media, removable and non-removable media.

The system memory 528 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)530 and/or cache memory 532. The computer device 512 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage 534 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 5, and commonly referred to as a "hard drive"). Although not shown in FIG. 5, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 518 through one or more data media interfaces. Memory 528 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.

A program/utility 540 having a set (at least one) of program modules 542, including but not limited to an operating system, one or more application programs, other program modules, and program data, may be stored in, for example, the memory 528, each of which examples or some combination may include an implementation of a network environment. The program modules 542 generally perform the functions and/or methods of the described embodiments of the invention.

The computer device 512 may also communicate with one or more external devices 514 (e.g., keyboard, pointing device, display 524, etc.), with one or more devices that enable a user to interact with the computer device 512, and/or with any devices (e.g., network card, modem, etc.) that enable the computer device 512 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 522. Also, computer device 512 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via network adapter 520. As shown, the network adapter 520 communicates with the other modules of the computer device 512 via the bus 518. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the computer device 512, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

The processor 516 executes various functional applications and data processing by running programs stored in the system memory 528, for example, implementing a user behavior sensing method provided by the embodiment of the present invention, the method includes:

Of course, those skilled in the art can understand that the processor may also implement the technical solution of the user behavior perception method provided by any embodiment of the present invention.

EXAMPLE six

An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a user behavior sensing method according to an embodiment of the present invention, where the method includes:

Of course, the computer program stored on the computer-readable storage medium provided by the embodiments of the present invention is not limited to the method operations described above, and may also perform related operations in the user behavior awareness method provided by any embodiments of the present invention.

Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).

It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims

1. A method for user behavior awareness, comprising:

2. The method of claim 1, wherein associating the user behavior data with the constructed relationship network, and determining an association relationship network associated with the user behavior data comprises:

3. The method of claim 2, wherein associating the user behavior data with the constructed relationship network, determining an association relationship network associated with the user behavior data, further comprises:

4. The method of claim 1, wherein determining cyber risk data for the associative relationship network comprises:

5. The method according to claim 4, wherein the determining the network risk data of the associative relationship network according to the risk characteristic data of each user in the associative relationship network comprises:

6. The method of claim 1, wherein the obtaining user behavior data comprises:

acquiring user operation data;

7. The method of claim 1, prior to associating the user behavior data with the constructed relationship network, further comprising:

acquiring historical behavior data of a plurality of users;

8. The method of claim 7, wherein constructing at least one relationship network from the historical behavior data comprises:

9. The method according to any one of claims 1-8, further comprising:

10. The method according to any one of claims 1-8, further comprising:

11. A user behavior awareness apparatus, comprising:

12. A computer device, the device comprising:

one or more processors;

storage means for storing one or more programs;

when executed by the one or more processors, cause the one or more processors to implement a user behavior awareness method as recited in any of claims 1-10.

13. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out a method for user behavior awareness as claimed in any one of the claims 1 to 10.