CN114429402A - Risk identification method, device and equipment for accounts in Ether house block chain - Google Patents

Risk identification method, device and equipment for accounts in Ether house block chain Download PDF

Info

Publication number
CN114429402A
CN114429402A CN202111607766.2A CN202111607766A CN114429402A CN 114429402 A CN114429402 A CN 114429402A CN 202111607766 A CN202111607766 A CN 202111607766A CN 114429402 A CN114429402 A CN 114429402A
Authority
CN
China
Prior art keywords
account
risk
historical
risk identification
model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111607766.2A
Other languages
Chinese (zh)
Inventor
孙溢
樊礼
林昭文
张引
余恪平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202111607766.2A priority Critical patent/CN114429402A/en
Publication of CN114429402A publication Critical patent/CN114429402A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/08Insurance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/211Selection of the most significant subset of features
    • G06F18/2113Selection of the most significant subset of features by ranking or filtering the set of features, e.g. using a measure of variance or of feature cross-correlation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Computation (AREA)
  • General Engineering & Computer Science (AREA)
  • Artificial Intelligence (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Medical Informatics (AREA)
  • Economics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the specification particularly relates to a risk identification method, a risk identification device and risk identification equipment for an account in an ether house block chain. The method provided by the embodiment of the specification can be used for identifying and classifying the accounts in the Etherhouse block chain, and is favorable for further tracing deceased and remedying victims. The method provided by the embodiment of the specification has high effectiveness in detecting the risk account, and can rank the importance of each feature, so as to provide reference and inspiration for further improving the method or analyzing similar block chains.

Description

Risk identification method, device and equipment for accounts in Ether house block chain
Technical Field
The invention relates to the technical field of computers, in particular to a risk identification method and device for an account in an Ether house blockchain and electronic equipment.
Background
Since the ethernet major network came online in 2015, it received extensive attention. Compared with other block chains, developers can easily write decentralized application programs on the Ether house, and therefore a new solution is provided for many application scenes, and a large number of users can be rapidly gathered after the Ether house is online on the main network. By 2 months 2021, over about 36 million Token contracts have been made on ether houses, reflecting their high popularity.
However, any new technology may be used for illegal activities, and Etherns are no exception. More and more companies have started to support payments using virtual currency in recent years, which has brought blockchain technology including etherhouses into the field of view of the public, and has further attracted more illegal profits, creating many etherhouse-based cheats. The cheating activities existing in the Ethenhouse comprise Pompe deception, donation deception, online fishing, extorting lasso and the like, and a large number of victims suffer from loss due to illegal activities, so that the reputation of the Ethenhouse is negatively influenced, and the Ethenhouse becomes one of resistance to popularization and development of the Ethenhouse.
In the prior art, the identification of the Pompe frauds occurring in the Etherns and the identification of the anti-money laundering are mainly aimed at, and the identification distinction of the normally used account and the account used for cheating in the presence of various cheats is lacked. This may have some impact on normal account usage, as well as subsequent liability issues for the risk account.
Therefore, how to perform risk identification on the account in the etherhouse blockchain and improve the security of the account in the etherhouse blockchain becomes a technical problem which needs to be solved urgently at present.
Disclosure of Invention
In view of the foregoing problems in the prior art, an object of this document is to provide a method and an apparatus for risk identification of an account in an ethernet house block chain, and an electronic device, which can classify and identify the account in the ethernet house block chain, so as to improve the security of the ethernet house block chain account.
In order to solve the technical problems, the specific technical scheme is as follows:
in one aspect, provided herein is a method for risk identification of accounts in an etherhouse blockchain, the method comprising:
acquiring target transaction information of an account to be identified according to a target account address of the account to be identified in the EtherFang block chain;
inputting the target transaction information into a pre-established account risk identification model, extracting account features of the account to be identified based on the target transaction information by using the account risk identification model, and performing risk identification on the account to be identified according to the extracted account features; the account risk identification model is obtained by performing model training based on the transaction information of the historical risk account and the transaction information of the historical normal account;
and determining whether the account to be identified belongs to a risk account or not according to a risk identification result output by the account risk identification model.
Further, the construction method of the account risk identification model comprises the following steps:
collecting account addresses of historical risk accounts and account addresses of historical normal accounts;
acquiring transaction information of a historical risk account based on the account address of the historical risk account, and acquiring transaction information of a historical normal account based on the account address of the historical normal account;
performing feature extraction on the transaction information of the historical risk account to obtain a risk account feature set, and performing feature extraction on the transaction information of the historical normal account to obtain a normal account feature set;
and performing model training on the account risk recognition model by using the risk account feature set and the normal account feature set to obtain the account risk recognition model.
Further, the method further comprises:
performing model training on the account risk recognition model by using the risk account feature set and the normal account feature set to obtain the account risk recognition model, including:
inputting the risk account feature set and the normal account feature set into an account risk recognition model, performing model training, and determining a target model parameter combination of the account risk recognition model by using grid search;
and obtaining an account risk identification model based on the target model parameter combination.
Further, the collecting the account address of the historical risk account comprises:
acquiring an address of a primary account of a risk account from a risk account database, or acquiring the address of the primary account of the risk account by inquiring risk keywords in a risk behavior supervision platform or an Etherhouse block chain browser;
and after the primary account address of the risk account is obtained, the primary account address is checked for duplication, repeated primary account addresses are deleted, and the account address of the risk account is obtained.
Further, the method for acquiring the account address of the historical normal account comprises the following steps:
collecting an Ether house address of a transaction sender from the Ether house block as a standby account address;
and comparing the duplicate of the backup account address with the collected historical risk account address, deleting the backup account address which is the same as the historical risk account address, and taking the rest backup account address as the historical normal account address.
Further, the method further comprises:
calculating the average gain rate of each account characteristic by using the account risk identification model;
sorting the account characteristics according to the average gain rate of the account characteristics from high to low, and taking the account characteristics which are sorted in the prior assigned ranking as risk identification account characteristics;
the method for extracting the account characteristics of the account to be identified based on the target transaction information by using the account risk identification model and performing risk identification on the account to be identified according to the extracted account characteristics comprises the following steps:
and after the account risk identification model is used for extracting the account characteristics of the account to be identified based on the target transaction information, screening out the account characteristics which are the same as the risk identification account characteristics in the risk identification account characteristics, wherein the account risk identification model carries out risk identification on the account to be identified by using the screened account characteristics.
Further, the account characteristics include: statistical features and transaction type features, the statistical features including: transaction amount characteristics, transaction frequency characteristics and transaction time characteristics.
In another aspect, this document provides an apparatus for risk identification of an account in an etherhouse blockchain, comprising:
the information acquisition module is used for acquiring target transaction information of the account to be identified according to the target account address of the account to be identified in the Etherhouse block chain;
the machine learning model identification module is used for inputting the target transaction information into a pre-established account risk identification model, extracting account characteristics of the account to be identified based on the target transaction information by using the account risk identification model, and performing risk identification on the account to be identified according to the extracted account characteristics; the account risk identification model is obtained by performing model training based on the transaction information of the historical risk account and the transaction information of the historical normal account;
and the account risk identification module is used for determining whether the account to be identified belongs to a risk account or not according to a risk identification result output by the account risk identification model.
Further, the device further comprises a model construction module for constructing the account risk identification model by adopting the following method:
collecting account addresses of historical risk accounts and account addresses of historical normal accounts;
acquiring transaction information of a historical risk account based on the account address of the historical risk account, and acquiring transaction information of a historical normal account based on the account address of the historical normal account;
performing feature extraction on the transaction information of the historical risk account to obtain a risk account feature set, and performing feature extraction on the transaction information of the historical normal account to obtain a normal account feature set;
and performing model training on the account risk recognition model by using the risk account feature set and the normal account feature set to obtain the account risk recognition model.
In another aspect, an electronic device is also provided herein, which includes a processor and a memory, where at least one instruction, at least one program, a set of codes, or a set of instructions is stored in the memory, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the risk identification method for an account in an ethernet house block chain using lightweight network middleware as described above.
According to the risk identification method, device and electronic equipment for the accounts in the ether house block chain, model training is carried out by utilizing transaction information of historical risk accounts and historical security accounts, an account risk identification model is built, then the built account risk identification model is utilized to extract and predict the risk of the account to be identified, identification of the risk accounts in the ether house block chain is achieved, and the use safety of the accounts in the ether house block chain is improved. The method provided by the embodiment of the specification can be used for identifying and classifying the accounts in the Etherhouse block chain, and is favorable for further tracing deceased and remedying victims. The method provided by the embodiment of the specification has high effectiveness in detecting the risk account, and can rank the importance of each feature, so as to provide reference and inspiration for further improving the method or analyzing similar block chains.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a risk identification method for an account in an Etherhouse blockchain according to an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart illustrating the process of the account risk identification model for account risk identification according to one embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a feature selection strategy in one embodiment of the present description;
FIG. 4 is a schematic diagram of transaction type characteristics of accounts in an Etherhouse blockchain in one embodiment of the present description;
FIG. 5 is a schematic structural diagram of a risk identification device for accounts in an Etherhouse blockchain according to an embodiment of the present disclosure;
fig. 6 illustrates a schematic structural diagram of an electronic device for risk identification of an account in an etherhouse blockchain according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments herein without making any creative effort, shall fall within the scope of protection.
It should be noted that the terms "first," "second," and the like in the description and claims herein and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments herein described are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or device.
With the advancement of technology, the blockchain technology is gradually applied to various fields, but the security of the accounts in the blockchain technology still needs to be researched intensively. The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. The blockchain is essentially a decentralized database, and is used as the underlying technology of the bitcoin, namely a series of data blocks which are generated by correlation through a cryptology method, wherein each data block comprises information of a batch of bitcoin network transactions, and the information is used for verifying the validity (anti-counterfeiting) of the information and generating the next blockchain. Etherhouse (ethernet in english) is an open-source, intelligent contract-enabled, public blockchain platform that provides decentralized ethernet Virtual machines (ethernet Virtual machines) through its private cryptocurrency ethernet (Ether) to handle point-to-point contracts.
In the embodiment of the specification, a risk account and a legal account in an ether house block chain are distinguished based on data analysis and detection, and the risk account in the ether house block chain is identified by using a machine learning model so as to ensure the security of transactions in the ether house block chain.
Fig. 1 is a schematic flowchart of a risk identification method for an account in an ethernet block chain in an embodiment of this specification, and as shown in fig. 1, the risk identification method for an account in an ethernet block chain provided in this specification may be applied to a server and a client, such as: in terminal equipment such as computer, smart mobile phone, intelligent wearing equipment, panel computer, the method includes:
102, acquiring target transaction information of an account to be identified according to a target account address of the account to be identified in the Etherhouse block chain.
In a specific implementation process, each account in the etherhouse block chain corresponds to one account address, and all transaction information of the account can be acquired through the account address. When risk identification is performed on an account to be identified, a target account address of the account to be identified can be acquired from the Etherhouse block chain, and then target transaction information of the account to be identified is acquired based on the target account address. The account to be identified may be an account which needs risk identification or detection, the target transaction information may be transaction data of the account to be identified within a specified time range, a time range for obtaining the target transaction information may be set according to actual application requirements, during actual use, an account risk identification frequency of the ether house block chain may also be set, and risk identification is performed on the accounts in the ether house block chain in sequence at intervals of specified time, or risk identification is performed on a specific account, which is not specifically limited in the embodiments of this specification.
Step 104, inputting the target transaction information into a pre-established account risk identification model, extracting account features of the account to be identified based on the target transaction information by using the account risk identification model, and performing risk identification on the account to be identified according to the extracted account features; the account risk identification model is obtained by performing model training based on the transaction information of the historical risk account and the transaction information of the historical normal account.
In a specific implementation process, the embodiment of the present specification may perform machine learning model training in advance by using transaction information of a historical risk account and transaction information of a historical normal account, and construct an account risk identification model capable of performing risk identification on an account in an etherhouse block chain. And when the risk identification is required to be carried out on the account to be identified, carrying out the risk identification on the account to be identified by using the trained account risk identification model. The machine learning algorithm used by the account risk identification model can be selected according to actual needs, such as: a neural network algorithm, a random forest algorithm, and the like may be used, and the embodiments of the present specification are not particularly limited.
The embodiment of the description mainly identifies whether an account in an etherhouse block chain is a security account or a risk account, and based on this, the account risk identification model in the embodiment of the description can select a classifier model such as: an XGboost (Extreme Gradient Boosting) classifier is an efficient implementation of a Gradient Boosting tree algorithm. When the XGBoost classifier is constructed, an objective function may be constructed first, and then the objective function is expanded by using a taylor series, and the objective function is converted into a polynomial function related to a prediction residual error for calculation. The core idea is that the basic classifiers are continuously added into the model so as to continuously fit the residual error of the previous prediction result, and finally the results of all the basic classifiers are weighted and integrated to obtain the final result. Of course, according to actual use requirements, other machine learning algorithms may also be used to construct the account risk identification model, and the embodiments of the present specification are not particularly limited.
In some embodiments of the present specification, the method for constructing the account risk identification model may include:
collecting account addresses of historical risk accounts and account addresses of historical normal accounts;
acquiring transaction information of a historical risk account based on the account address of the historical risk account, and acquiring transaction information of a historical normal account based on the account address of the historical normal account;
performing feature extraction on the transaction information of the historical risk account to obtain a risk account feature set, and performing feature extraction on the transaction information of the historical normal account to obtain a normal account feature set;
and performing model training on the account risk recognition model by using the risk account feature set and the normal account feature set to obtain the account risk recognition model.
In a specific implementation process, a part of historical risk accounts and a part of historical normal accounts can be selected as samples respectively, account addresses of the historical risk accounts and account addresses of the historical normal accounts are collected, and then transaction information of the corresponding historical risk accounts and transaction information of the historical normal accounts are obtained based on the account addresses. And extracting the characteristics of the acquired transaction information, and extracting a risk account characteristic set and a normal account characteristic set which are respectively used as a positive sample set and a negative sample set. And performing model training on the account risk recognition model by using the extracted risk account feature set and normal account feature set, so as to pre-construct a target function, constraint conditions and the like of the account risk recognition model, inputting data in the risk account feature set and the normal account feature set into the model, adjusting parameters in the target function or the constraint conditions of the model until the recognition precision of the model meets a preset requirement or the training times meet the preset requirement, completing the process of model training, and finally marking the obtained model as the account risk recognition model.
And training a machine learning model by using historical known risk accounts and confirmed data belonging to safety accounts as samples, and performing risk identification on the account to be identified by using the trained model to realize identification of the risk accounts in the Ether house blockchain and ensure the safety of account transaction in the Ether house blockchain.
In some embodiments of the present specification, the performing model training on the account risk identification model by using the risk account feature set and the normal account feature set to obtain the account risk identification model includes:
inputting the risk account feature set and the normal account feature set into an account risk recognition model, performing model training, and determining a target model parameter combination of the account risk recognition model by using grid search;
and obtaining an account risk identification model based on the target model parameter combination.
In a specific implementation process, when model training is performed, after data in a risk account feature set and a normal account feature set are input into a model, auc (area under the customer of roc) can be used as a model performance scoring standard, model parameters are optimized by using grid search, an optimal model parameter combination is determined, and the optimal model parameter combination is brought into the model to obtain the trained model. The grid search method can specify an exhaustive search method of parameter values, and an optimal learning algorithm is obtained by optimizing parameters of an estimation function through a cross validation method. That is, possible values of each parameter are arranged and combined, all possible combination results are listed to generate a 'grid', then each combination is used for training, and cross validation is used for evaluating performance. After all parameter combinations are tried by the fitting function, an appropriate classifier is returned, and the optimal parameter combination is automatically adjusted. In the embodiments of the present description, the optimal model parameter combination is denoted as a target model parameter combination, and the model parameters may be understood as parameters affecting model performance in the machine learning model. For example: model parameters for the XGBoost classifier may include: learning rate learning _ rate, maximum depth max _ depth, and weak classifier number n _ estimators.
And determining the optimal model parameter combination by utilizing grid search so as to obtain an account risk identification model with the most accurate identification result, and laying a data foundation for risk identification of accounts in a subsequent Ether house block chain.
In some embodiments of the present description, the method further comprises:
calculating the average gain rate of each account characteristic by using the account risk identification model;
sorting the account characteristics according to the average gain rate of the account characteristics from high to low, and taking the account characteristics which are sorted in the prior assigned ranking as risk identification account characteristics;
the method for extracting the account characteristics of the account to be identified based on the target transaction information by using the account risk identification model and carrying out risk identification on the account to be identified according to the extracted account characteristics comprises the following steps:
and after the account risk identification model is used for extracting the account characteristics of the account to be identified based on the target transaction information, screening out the account characteristics which are the same as the risk identification account characteristics in the risk identification account characteristics, wherein the account risk identification model carries out risk identification on the account to be identified by using the screened account characteristics.
In a specific implementation process, when model training is finished, importance ranking can be performed on each account feature of an input model according to an average gain rate, and the average gain rate can be understood as an average value of the sum of gain rates of the feature when the feature splits a tree model all the time. For the XGBoost classifier, the importance of each feature may be obtained through get _ score in the Python packet of the XGBoost, and the average gain rate ordering of each feature may be obtained by setting import _ type ═ gain'.
The resulting feature ordering may be used to improve the selection of features, such as: the individual account features may be ranked from high to low with the average gain rate, and account features ranked at a previously specified rank may be used as risk identification account features. Under the condition of limited operation performance, when the account is judged, the account features with the front ranking can be selected, namely the risk identification account features in the account features of the account to be identified are selected for operation, and the features with the back ranking are removed, so that the calculation time of the model is reduced. Furthermore, top ranked features are common features for more exceptional accounts, and this feature ordering can be used for analysis of risk behavior features.
The account characteristics are screened through the average gain rate, the calculated amount of the model is reduced, the calculation speed of the model is improved, and the speed of account risk identification in the ether house block chain is further improved.
In some embodiments of the present description, the collecting the account address of the historical risk account may include:
acquiring the primary account address of the risk account from a risk account database, or acquiring the primary account address of the risk account by inquiring risk keywords in a risk behavior supervision platform or an Etherhouse block chain browser;
and after the primary account address of the risk account is obtained, the primary account address is checked for duplication, repeated primary account addresses are deleted, and the account address of the risk account is obtained.
In a specific implementation process, the account address of the risk account can be acquired through a risk account database, the risk database can be understood as a database in which information of illegal behavior accounts is stored, and the account address of the risk account can be queried through inputting a corresponding risk keyword on a risk behavior monitoring platform for specially monitoring risk behaviors or directly inputting the risk keyword in a browser of an Etherhouse block chain.
For example: the account address of the risk account can be collected using crypto-scamdb, which is a special collection of illegal activities related to cryptocurrency such as: the opening source database of the cheat activity report records the information such as URL and the like related to the cryptocurrency cheat activity and the related cryptocurrency address, and the related cheats of the Ether house are also contained in the database thereof, as shown in Table 1, wherein Table 1 is cheat data in the cheat database provided by CryptoScamDB. A plurality of ether house addresses for fraud activity may be collected through the interface of the website. Or, the account address of the risk account is collected through an AlienVault platform, the AlienVault is an open network threat intelligence platform, a large number of reports about cheating and attacking behaviors are provided, and the reports about the Ethereum can be obtained by calling the platform API or directly searching keywords such as Etherum and the like on the platform, so that the Etherum address of the cheating, namely the account address of the risk account, is obtained. In addition, keys such as phish, heist, scam, hack, etc. may be searched on Etherscan to obtain a malicious account address that has been tagged with an associated tag.
TABLE 1
Figure BDA0003430293880000101
In general, different fraud activities may use the same cryptocurrency address, the account addresses may be duplicated after collecting relevant addresses for risk accounts, only one may be reserved for duplicate account addresses to obtain different addresses, all of the collected addresses are marked as risk account addresses and added to the account address data set.
Through a risk account database or a related platform, account addresses with known risks can be obtained quickly, and a data basis is provided for subsequent training of a machine learning model.
In some embodiments of this specification, the method for acquiring an account address of a historical normal account includes:
collecting an Ether house address of a transaction sender from the Ether house block as a standby account address;
and comparing the duplicate of the backup account address with the collected historical risk account address, deleting the backup account address which is the same as the historical risk account address, and taking the rest backup account address as the historical normal account address.
In a specific implementation process, the collection of the account addresses of the normal accounts can be directly collected in the ether house block, the ether house address of the transaction sender in the ether house block is directly collected to be used as a standby account address, the standby account address is subjected to duplication elimination and then is compared with the account addresses of the historical risk accounts, the account addresses of the risk accounts are deleted, and the rest standby account addresses are marked as the account addresses of the historical normal accounts. In addition, account identification of ERC20 transactions may be involved in the embodiments of the present description, and the etherhouse ERC20 standard was officially incorporated into the etherhouse specification in 2017, 9 months, and after it was incorporated into the specification, people may need to know for some time before using it, so that when collecting legitimate addresses for normal use, one should try to select accounts that remain active after this time node. Py tool can be utilized to read the information stored by the ether house node, and ensure that each address in the alternative addresses is different by randomly selecting the ether house blocks generated after 2017 month 9, collecting the ether house addresses of the senders of all transactions recorded in the blocks as alternative normal-use legal account addresses, and removing the repeated addresses. And comparing the alternative addresses with the collected account addresses used as risk accounts of cheats, removing the cheat addresses appearing in the alternative addresses, and considering all the remaining addresses as temporary legal accounts used as negative samples, namely the account addresses of normal accounts. The collection number of the account addresses of the normal account may be similar to the number of the account addresses of the risk account, and all the collected legal account addresses may be added to the account address data set after being marked, table 2 may be understood as an account address set, as shown in table 2, each account address may correspond to a label, where a legal address, i.e., the account address of the normal account, is marked as 0, and a fraud address, i.e., the account address of the risk account, is marked as 1.
TABLE 2
Figure BDA0003430293880000111
The account address is directly collected in the block chain, the collected account address is compared with the risk account address, the cheating address is deleted, namely the account address of the normal account is obtained, the normal account does not need to be specially identified and obtained, the data collection efficiency is improved, and a data basis is provided for the training of a subsequent model.
After the account address is obtained, the transaction information of the corresponding account can be obtained based on the account address, the Etherscan provides a large number of APIs (application programming interfaces) for inquiring and browsing various information on the main network of the Etherscan, wherein the API comprises inquiry APIs for historical data of the Etherscan account, and the API can be used for collecting related information of common transactions, internal transactions and ERC20 transactions corresponding to the account address of each Etherscan. It should be noted that the relevant API only returns the 10000 most recent transactions of a particular type to the destination address, but 10000 transactions provide enough information for the method to use, and this limitation has no substantial effect on the outcome of the method.
After the account risk identification model is built, when the account to be identified is subjected to risk identification by using the account risk identification model, the acquired target transaction information of the account to be identified can be input into the account risk identification model, the account risk identification model is used for carrying out feature extraction on the target transaction information, account features of the account to be identified are extracted, and then the risk identification model is used for carrying out risk identification on the account to be identified based on the extracted account features.
And 106, determining whether the account to be identified belongs to a risk account or not according to a risk identification result output by the account risk identification model.
In a specific implementation process, fig. 2 is a schematic flow chart of the account risk identification model for account risk identification in an embodiment of this specification, and as shown in fig. 2, the account risk identification model mainly has two functions, one is extraction of account features, and the other is classification identification of accounts based on the extracted account features. After the target account address of the account to be identified is obtained, the target account address can be directly input into the account risk identification model, or corresponding transaction information can be obtained based on the account address, then the account risk identification model is used for feature extraction and judgment on whether the account belongs to an abnormal address, and based on an output result of the model, whether the account to be identified belongs to a risk account can be determined. The model may directly output risk labels for the account to be identified, such as: if the output is 0, the account is a normal account, and if the output is 1, the account is a risk account. The account risk identification model can also output a score of the risk degree of the account to be identified, the higher the score is, the higher the possibility that the account belongs to the risk account is, specifically, the model can be configured according to the actual use requirement, and the embodiment of the specification is not specifically limited.
According to the risk identification method for the account in the ether house block chain, provided by the embodiment of the description, model training is performed by using transaction information of a historical risk account and a historical security account, an account risk identification model is built, and then the built account risk identification model is used for extracting and predicting the risk of the account to be identified, so that the identification of the risk account in the ether house block chain is realized, and the use safety of the account in the ether house block chain is improved. The method provided by the embodiment of the specification can be used for identifying and classifying the accounts in the Etherhouse block chain, and is favorable for further tracing deceased and remedying victims. The method provided by the embodiment of the specification has high effectiveness in detecting the risk account, and can rank the importance of each feature, so as to provide reference and inspiration for further improving the method or analyzing similar block chains.
In addition, in the extraction of the account features in the embodiments of the present specification, the extracted account features mainly include statistical features and transaction type features, where the statistical features include: transaction amount characteristics, transaction frequency characteristics and transaction time characteristics.
In a specific implementation process, in the embodiment of the present specification, the features of the account may be extracted from two dimensions, where the first dimension is a statistical feature for an account address transaction history, and is called a Width-Breadth-Time feature selection policy (Width-Time-length), that is, WBTS, table 3 is a part of the features of the account in some embodiments of the present specification, fig. 3 is a schematic diagram of the feature selection policy in an embodiment of the present specification, as shown in fig. 3 and table 3, for the extraction of the statistical feature, the following aspects may be considered mainly:
(1) the width characteristic of the historical transaction occurring on the account is the transaction amount characteristic. And considering that the accounts are nodes, the transaction is a connection channel between the accounts, and the transfer amount of the accounts during the transaction is the transaction width, so that the transaction width class characteristics of the accounts can be obtained through statistics.
Such as: the balance of the account, the total transfer amount received by the account, the total transfer amount sent by the account, the minimum transfer amount received by the account, the minimum transfer amount sent by the account, the maximum transfer amount received by the account, the maximum transfer amount sent by the account, the average transfer amount received by the account, the average transfer amount sent by the account, and the like.
(2) The breadth characteristic of the historical transactions occurring on the account is the transaction number characteristic. And if the account is a node, and the transaction is connected with the account, counting the number of different accounts connected with the same account to obtain the transaction breadth class characteristics of the account.
Such as: the number of account transfers received by an account, the number of account transfers sent by an account, how many account transfers from different addresses the account receives, how many different addresses the account sends the account transfers, and the like.
(3) The time characteristic of the account address transaction is the transaction time characteristic. The frequency of the transactions occurring is different for different accounts, and the active time range of the accounts is also different, so that the time-related characteristics of the transactions occurring on the accounts are counted.
Such as: the average time an account receives transfers, the average time an account sends transfers, the time span from the first transfer received to the last transfer received, the time span from the first transfer sent to the last transfer sent, the time span from the first transfer occurring to the last transfer occurring, and so on.
In addition, other types of features are also contemplated, and this portion of the features is intended to supplement features not included in the first three categories of features but which are significant in some instances. Such as: the number of times the account transaction was successful, the number of times the account transaction failed, etc.
TABLE 3
Figure BDA0003430293880000131
Typically, accounts used in frauds receive a large number of victim transfers in a short period of time during the initial stages of frauds formation, while frauds address typically wish to transfer the fence with fewer transfers to pay less gas. In the embodiment of the specification, the transaction amount characteristic, the transaction frequency characteristic and the transaction time characteristic of the account are extracted, and the difference between the use time, the transfer amount, the transfer entrance and exit degree and other aspects of the risk account and the normal account can be analyzed, so that the risk account can be accurately identified.
The second dimension is a transaction type characteristic for the ethernet archways, fig. 4 is a schematic diagram of the transaction type characteristic of the accounts in the ethernet archway block chain in one embodiment of the present specification, and as shown in fig. 4, the transaction types between the account addresses can be divided into normal transactions, internal transactions, and ERC20 transactions according to the characteristics of the ethernet archways themselves. Table 4 shows the account features extracted in some embodiments of the present specification, and as shown in table 4, the features extracted in combination with the first dimension may also be extracted to correspond to three different transaction type features, and a transaction amount feature, a transaction frequency extent feature, a transaction time feature, and other features may also be extracted separately, so as to form twelve types of features.
ERC20 is a currency protocol that issues many alternative passes that can then be used to represent a number of things, such as certificates, credits, or tokens. Erc (ethernet Request for comments) represents the protocol proposal submitted by the etherhouse developer, and 20 represents the number of the proposal.
TABLE 4
General transaction Internal transactions ERC20 transaction
Transaction width class Common transaction width feature Internal transaction width feature ERC20 transaction width feature
Category of transaction extent Common transaction breadth features Internal transaction extent features ERC20 transaction extent feature
Transaction time class Common transaction time characteristics Internal transaction time characterization ERC20 transaction time characteristics
Other classes Other features of common transactions Other features of internal transactions ERC20 transaction other features
The account characteristics are extracted from different dimensions, account characteristics of the risk accounts are covered comprehensively, characteristics of the risk accounts can be learned accurately, and a data base is laid for accurately identifying the risk accounts in the Etherhouse block chain.
In order to verify the availability of the risk identification method for the account in the etherhouse block chain provided in the implementation of the description, the embodiment of the description also provides an experimental process of specific application: the experiment is carried out on an Aspire A715-74G computer with a CPU of 8 cores Intercore i5-9300H2.40GHz and a memory of 8G and running win 10.
And the data acquisition part extracts the account address of the risk account by adopting data provided by CryptoScamDB, and acquires an alternative legal address from the Ethern remote node provided by Infura by using a Web3.py tool. Historical data are obtained by the Etherscan according to the query transaction records of each address, and account features are extracted from each account according to a feature extraction algorithm in the method to form a training data set.
By using grid search, it can be determined that the average AUC value of 10-fold cross validation is the largest when the learning rate is 0.2, the maximum depth is 5, and the number of weak classifiers is 280 under the present experimental data set, and the score of the AUC value at this time is as shown in table 1. The mean training time was 10.3756 seconds, the mean AUC score was 0.992034, and the standard deviation of the AUC score was 0.00230191. Table 5 shows the result of the grid search in one embodiment of the present specification, and as shown in table 5, it can be seen that the method has higher accuracy and feasibility, and can more accurately distinguish the spoofed address from the legitimate address.
TABLE 5
Name AUC
split0_test_score 0.991337
split1_test_score 0.995122
split2_test_score 0.993343
split3_test_score 0.987229
split4_test_score 0.995007
split5_test_score 0.989108
split6_test_score 0.992601
split7_test_score 0.992016
split8_test_score 0.992684
split9_test_score 0.991895
mean_test_score 0.992034
By comparing the average gain rate of the features, the importance ranking of each feature to the model can be obtained, and different results of each operation may cause that the ranking of each feature is not completely the same, but the approximate intervals of the ranking fluctuation of each feature are basically consistent. The ranking of feature importance can be used for analyzing the behavior features of the account addresses of the risk accounts, and further improving the feature selection and improvement method. Table 6 lists the account characteristics at the top 20 of the experimental ranking, and it can be seen that the characteristics regarding the time span are of great significance in distinguishing whether an account is an account used as a fraud.
TABLE 6
Figure BDA0003430293880000151
Figure BDA0003430293880000161
Based on the risk identification method for the accounts in the ether house block chain, one or more embodiments of the present specification further provide a risk identification device for the accounts in the ether house block chain. The apparatus may include apparatus (including distributed systems), software (applications), modules, plug-ins, servers, clients, etc. that use the methods described in embodiments of the present specification in conjunction with hardware where necessary to implement the methods. Based on the same innovative conception, embodiments of the present specification provide an apparatus as described in the following embodiments. Since the implementation scheme of the apparatus for solving the problem is similar to that of the method, the specific apparatus implementation in the embodiment of the present specification may refer to the implementation of the foregoing method, and repeated details are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 5 is a schematic structural diagram of an apparatus for risk identification of an account in an etherhouse blockchain according to an embodiment of the present disclosure, where, as shown in fig. 5, the apparatus includes:
the information acquisition module 501 is configured to acquire target transaction information of an account to be identified according to a target account address of the account to be identified in an ethernet block chain;
a machine learning model identification module 502, configured to input the target transaction information into a pre-established account risk identification model, extract, by using the account risk identification model, account features of the account to be identified based on the target transaction information, and perform risk identification on the account to be identified according to the extracted account features; the account risk identification model is obtained by performing model training based on the transaction information of the historical risk account and the transaction information of the historical normal account;
the account risk identification module 503 is configured to determine whether the account to be identified belongs to a risk account according to a risk identification result output by the account risk identification model.
In addition, in some embodiments of the present specification, the apparatus further includes a model building module, configured to build the account risk identification model by:
collecting account addresses of historical risk accounts and account addresses of historical normal accounts;
acquiring transaction information of a historical risk account based on the account address of the historical risk account, and acquiring transaction information of a historical normal account based on the account address of the historical normal account;
performing feature extraction on the transaction information of the historical risk account to obtain a risk account feature set, and performing feature extraction on the transaction information of the historical normal account to obtain a normal account feature set;
and performing model training on the account risk recognition model by using the risk account feature set and the normal account feature set to obtain the account risk recognition model.
The embodiments of the apparatus part and the embodiments of the method part may have other embodiments, which are not described herein in detail.
In another aspect, the present specification provides a computer-readable storage medium, in which at least one instruction or at least one program is stored, and the at least one instruction or the at least one program is loaded and executed by a processor to implement the risk identification method for an account in an etherhouse blockchain as described above.
In a further aspect, an embodiment of the present specification provides an electronic device for identifying risk of an account in an ethernet house block chain, and fig. 6 illustrates a schematic structural diagram of an electronic device for identifying risk of an account in an ethernet house block chain provided in an embodiment of the present specification, and as shown in fig. 6, the device includes a processor, a memory, a communication interface, and a bus, where the memory stores at least one instruction or at least one program, and the at least one instruction or the at least one program is loaded and executed by the processor to implement any one of the above methods for identifying risk of an account in an ethernet house block chain.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. The implementation principle and the generated technical effect of the testing method provided by the embodiment of the invention are the same as those of the system embodiment, and for the sake of brief description, the corresponding contents in the system embodiment can be referred to where the method embodiment is not mentioned.
It should be understood that, in various embodiments herein, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments herein.
It should also be understood that, in the embodiments herein, the term "and/or" is only one kind of association relation describing an associated object, meaning that three kinds of relations may exist. For example, a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided herein, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purposes of the embodiments herein.
In addition, functional units in the embodiments herein may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present invention may be implemented in a form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The principles and embodiments of this document are explained herein using specific examples, which are presented only to aid in understanding the methods and their core concepts; meanwhile, for the general technical personnel in the field, according to the idea of this document, there may be changes in the concrete implementation and the application scope, in summary, this description should not be understood as the limitation of this document.

Claims (10)

1. A risk identification method for an account in an EtherFang blockchain is characterized by comprising the following steps:
acquiring target transaction information of an account to be identified according to a target account address of the account to be identified in the EtherFang block chain;
inputting the target transaction information into a pre-established account risk identification model, extracting account features of the account to be identified based on the target transaction information by using the account risk identification model, and performing risk identification on the account to be identified according to the extracted account features; the account risk identification model is obtained by performing model training based on the transaction information of the historical risk account and the transaction information of the historical normal account;
and determining whether the account to be identified belongs to a risk account or not according to a risk identification result output by the account risk identification model.
2. The method for identifying the risk of the account in the Etherhouse block chain according to claim 1, wherein the method for constructing the account risk identification model comprises:
collecting account addresses of historical risk accounts and account addresses of historical normal accounts;
acquiring transaction information of a historical risk account based on the account address of the historical risk account, and acquiring transaction information of a historical normal account based on the account address of the historical normal account;
performing feature extraction on the transaction information of the historical risk account to obtain a risk account feature set, and performing feature extraction on the transaction information of the historical normal account to obtain a normal account feature set;
and performing model training on the account risk recognition model by using the risk account feature set and the normal account feature set to obtain the account risk recognition model.
3. The method for identifying risk of an account in an etherhouse blockchain according to claim 2, wherein the performing model training on the account risk identification model by using the risk account feature set and the normal account feature set to obtain the account risk identification model comprises:
inputting the risk account feature set and the normal account feature set into an account risk recognition model, performing model training, and determining a target model parameter combination of the account risk recognition model by using grid search;
and obtaining an account risk identification model based on the target model parameter combination.
4. The method for identifying risk of an account in an etherhouse blockchain according to claim 2, wherein the collecting account addresses of historical risk accounts comprises:
acquiring the primary account address of the risk account from a risk account database, or acquiring the primary account address of the risk account by inquiring risk keywords in a risk behavior supervision platform or an Etherhouse block chain browser;
and after the primary account address of the risk account is obtained, the primary account address is checked for duplication, repeated primary account addresses are deleted, and the account address of the risk account is obtained.
5. The method for identifying risks of accounts in an etherhouse blockchain according to claim 4, wherein the method for collecting the account addresses of the historical normal accounts comprises the following steps:
collecting an Ether house address of a transaction sender from the Ether house block as a standby account address;
and comparing the duplicate of the backup account address with the collected historical risk account address, deleting the backup account address which is the same as the historical risk account address, and taking the rest backup account address as the historical normal account address.
6. The method for risk identification of accounts in an etherhouse blockchain of claim 1, further comprising:
calculating the average gain rate of each account characteristic by using the account risk identification model;
sorting the account characteristics according to the average gain rate of the account characteristics from high to low, and taking the account characteristics which are sorted in the prior assigned ranking as risk identification account characteristics;
the method for extracting the account characteristics of the account to be identified based on the target transaction information by using the account risk identification model and carrying out risk identification on the account to be identified according to the extracted account characteristics comprises the following steps:
and after the account risk identification model is used for extracting the account characteristics of the account to be identified based on the target transaction information, screening out the account characteristics which are the same as the risk identification account characteristics in the risk identification account characteristics, wherein the account risk identification model carries out risk identification on the account to be identified by using the screened account characteristics.
7. The method of risk identification of an account in an etherhouse blockchain of claim 1, wherein the account characteristics include: statistical features and transaction type features, the statistical features including: transaction amount characteristics, transaction frequency characteristics and transaction time characteristics.
8. An apparatus for risk identification of accounts in a blockchain of an ethernet house, the apparatus comprising:
the information acquisition module is used for acquiring target transaction information of the account to be identified according to the target account address of the account to be identified in the Etherhouse block chain;
the machine learning model identification module is used for inputting the target transaction information into a pre-established account risk identification model, extracting account characteristics of the account to be identified based on the target transaction information by using the account risk identification model, and performing risk identification on the account to be identified according to the extracted account characteristics; the account risk identification model is obtained by performing model training based on the transaction information of the historical risk account and the transaction information of the historical normal account;
and the account risk identification module is used for determining whether the account to be identified belongs to a risk account or not according to a risk identification result output by the account risk identification model.
9. The apparatus of claim 8, wherein the apparatus further comprises a model building module configured to build the account risk identification model by:
collecting account addresses of historical risk accounts and account addresses of historical normal accounts;
acquiring transaction information of a historical risk account based on the account address of the historical risk account, and acquiring transaction information of a historical normal account based on the account address of the historical normal account;
performing feature extraction on the transaction information of the historical risk account to obtain a risk account feature set, and performing feature extraction on the transaction information of the historical normal account to obtain a normal account feature set;
and performing model training on the account risk recognition model by using the risk account feature set and the normal account feature set to obtain the account risk recognition model.
10. An electronic device comprising a processor and a memory, the memory having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by the processor to implement the method of any one of claims 1-7.
CN202111607766.2A 2021-12-23 2021-12-23 Risk identification method, device and equipment for accounts in Ether house block chain Pending CN114429402A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111607766.2A CN114429402A (en) 2021-12-23 2021-12-23 Risk identification method, device and equipment for accounts in Ether house block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111607766.2A CN114429402A (en) 2021-12-23 2021-12-23 Risk identification method, device and equipment for accounts in Ether house block chain

Publications (1)

Publication Number Publication Date
CN114429402A true CN114429402A (en) 2022-05-03

Family

ID=81311457

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111607766.2A Pending CN114429402A (en) 2021-12-23 2021-12-23 Risk identification method, device and equipment for accounts in Ether house block chain

Country Status (1)

Country Link
CN (1) CN114429402A (en)

Similar Documents

Publication Publication Date Title
CN104794192B (en) Multistage method for detecting abnormality based on exponential smoothing, integrated study model
CN107423613B (en) Method and device for determining device fingerprint according to similarity and server
CN110992167A (en) Bank client business intention identification method and device
CN108764943B (en) Suspicious user monitoring and analyzing method based on fund transaction network
CN110033284A (en) Source of houses verification method, apparatus, equipment and storage medium
CN108268886A (en) For identifying the method and system of plug-in operation
CN112381640A (en) Service data monitoring method, device, equipment and storage medium
CN114841705B (en) Anti-fraud monitoring method based on scene recognition
CN112990989B (en) Value prediction model input data generation method, device, equipment and medium
CN111797942A (en) User information classification method and device, computer equipment and storage medium
CN111277433B (en) Network service abnormity detection method and device based on attribute network characterization learning
CN117408699A (en) Telecom fraud recognition method based on bank card data
CN112801784A (en) Bit currency address mining method and device for digital currency exchange
CN113592505B (en) System for realizing suspicious transaction scene model identification processing based on combination construction
CN114429402A (en) Risk identification method, device and equipment for accounts in Ether house block chain
CN116644952A (en) Risk assessment method, apparatus, device and medium
CN116186543A (en) Financial data processing system and method based on image recognition
CN115496364A (en) Method and device for identifying heterogeneous enterprises, storage medium and electronic equipment
TW201539217A (en) A document analysis system, document analysis method and document analysis program
CN114943479A (en) Risk identification method, device and equipment of business event and computer readable medium
CN113923011A (en) Phishing early warning method and device, computer equipment and storage medium
CN114579711A (en) Method, device, equipment and storage medium for identifying fraud application program
CN114493858A (en) Illegal fund transfer suspicious transaction monitoring method and related components
CN113344581A (en) Service data processing method and device
CN110570301A (en) Risk identification method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication