CN117455660B - Financial real-time safety detection system, method, equipment and storage medium - Google Patents
Financial real-time safety detection system, method, equipment and storage medium Download PDFInfo
- Publication number
- CN117455660B CN117455660B CN202311788113.8A CN202311788113A CN117455660B CN 117455660 B CN117455660 B CN 117455660B CN 202311788113 A CN202311788113 A CN 202311788113A CN 117455660 B CN117455660 B CN 117455660B
- Authority
- CN
- China
- Prior art keywords
- detection
- graph structure
- interface
- real
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 154
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 31
- 238000004364 calculation method Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 15
- 230000006870 function Effects 0.000 claims description 12
- 238000003708 edge detection Methods 0.000 claims description 11
- 238000012423 maintenance Methods 0.000 claims description 8
- 230000009191 jumping Effects 0.000 claims description 4
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000003780 insertion Methods 0.000 description 3
- 230000037431 insertion Effects 0.000 description 3
- NRNCYVBFPDDJNE-UHFFFAOYSA-N pemoline Chemical compound O1C(N)=NC(=O)C1C1=CC=CC=C1 NRNCYVBFPDDJNE-UHFFFAOYSA-N 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000005065 mining Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000001174 ascending effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/03—Credit; Loans; Processing thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
- G06F16/9024—Graphs; Linked lists
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Development Economics (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Software Systems (AREA)
- Economics (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a financial real-time safety detection system, a method, equipment and a storage medium, which relate to the field of financial real-time safety detection and comprise the following steps: the API and the data structure module are used for managing and providing each pre-configured application program interface for a developer to realize customization and deployment of the detection algorithm based on each application program interface; the real-time fraud detection graph engine is used for executing graph structure loading, updating and storing based on the current graph structure of the current fraud detection task so as to obtain a detection result; the fraud community module is used for storing and updating and maintaining a target blacklist in real time based on the detection result; the target blacklist comprises information of the found fraudulent users; and the incremental fraud semantic updating module is used for updating the current fraud detection task by acquiring the target suspicious function sent by the developer and sending the updated current fraud detection task to the real-time fraud detection graph engine. Thus, the detection efficiency can be effectively improved and the cost can be reduced.
Description
Technical Field
The present invention relates to the field of financial real-time security detection, and in particular, to a method, apparatus, device, and storage medium for financial real-time security detection.
Background
Most of scenes in the process of fraud detection on a financial platform can be abstracted into a problem of dense subgraph mining, and a popular solution in the industry is a stripping algorithm. However, standard stripping algorithms often assume that the structure of the graph is static, and do not take into account the fact that dynamic graphs such as social graphs, transaction graphs, etc. in the financial market are evolving rapidly in recent years.
Thus, to solve the above-described problem, a solution that is now popular is to perform the stripping algorithm periodically, but such a solution that is performed periodically requires a full-volume update of the full graph and dense subgraph detection from scratch, resulting in very time-consuming detection. Furthermore, there is a solution that is an incremental maintenance intensive subgraph, but the current solution requires incremental graph assessment knowledge training for all developers, which is costly and impractical.
Disclosure of Invention
Accordingly, the present invention is directed to a financial real-time security detection method, apparatus, device and storage medium, which can effectively implement real-time security detection, improve detection efficiency and reduce cost. The specific scheme is as follows:
in a first aspect, the present application provides a financial real-time security system comprising:
the system comprises an API and a data structure module, wherein the API and the data structure module are used for managing and providing each pre-configured application program interface for a developer to realize corresponding detection algorithm customization and deployment based on each application program interface;
The real-time fraud detection graph engine is used for executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task so as to obtain a corresponding detection result;
The fraud community module is used for storing and updating and maintaining a target blacklist in real time based on the detection result; wherein the target blacklist comprises information of the found fraudulent users;
And the incremental fraud semantic updating module is used for updating the current fraud detection task by acquiring the target suspicious function sent by the developer and sending the updated current fraud detection task to the real-time fraud detection graph engine.
Optionally, the method further comprises:
and the distributed file storage module is used for physical storage of the graph structure.
Optionally, the real-time fraud detection map engine includes:
The map structure loading unit is used for acquiring the saved target map structure from the distributed file storage module;
accordingly, the real-time fraud detection map engine includes:
and the graph structure storage unit is used for storing the updated target graph structure to the distributed file storage module.
Optionally, the API and the data structure module include:
The method comprises the steps of presetting a vertex suspicious strategy interface, setting a new vertex, and calculating the suspicious nature of the end point of a new edge determined according to the new vertex based on the current suspicious nature to obtain a corresponding first calculation result;
and the preset edge suspicious strategy interface is used for calculating the suspicious property of the new edge based on the current suspicious property so as to obtain a corresponding second calculation result.
Optionally, the API and the data structure module include:
the method comprises the steps of presetting a benign edge detection interface, wherein the benign edge detection interface is used for judging whether the new edge is benign or not based on the first calculation result and the second calculation result so as to obtain a corresponding judgment result;
And presetting a reordering interface, which is used for executing corresponding peeling sequence reordering operation based on the judging result and the new edge so as to finish the incremental maintenance of the current peeling sequence and obtain a new current peeling sequence after reordering.
Optionally, the API and the data structure module include:
And the preset edge inserting component is used for carrying out real-time fraud detection on the target fraud communities on the graph structure by sequentially calling the preset vertex suspicious strategy interface, the preset edge suspicious strategy interface, the preset benign edge detection interface and the preset reordering interface in the process of updating the graph structure so as to obtain corresponding detection results and finish corresponding graph structure updating operation.
Optionally, the fraud community module includes:
and the list processing unit is used for carrying out data analysis or account blocking based on the target blacklist.
In a second aspect, the present application provides a financial real-time security detection method, including:
managing and providing each pre-configured application program interface for a developer to realize corresponding detection algorithm customization and deployment based on each application program interface;
Executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task to obtain a corresponding detection result;
Storing and updating and maintaining a target blacklist in real time based on the detection result; wherein the target blacklist comprises information of the found fraudulent users;
Updating a current fraud detection task by acquiring a target suspicious function sent by the developer, and jumping to the step of executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task.
In a third aspect, the present application provides an electronic device, comprising:
A memory for storing a computer program;
And the processor is used for executing the computer program to realize the steps of the financial real-time safety detection method.
In a fourth aspect, the present application provides a computer readable storage medium storing a computer program which when executed by a processor performs the steps of the aforementioned financial real-time security detection method.
In the application, the API and the data structure module are used for managing and providing each pre-configured application program interface for a developer so as to realize corresponding detection algorithm customization and deployment based on each application program interface; the real-time fraud detection graph engine is used for executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task so as to obtain a corresponding detection result; the fraud community module is used for storing and updating and maintaining a target blacklist in real time based on the detection result; wherein the target blacklist comprises information of the found fraudulent users; and the incremental fraud semantic updating module is used for updating the current fraud detection task by acquiring the target suspicious function sent by the developer and sending the updated current fraud detection task to the real-time fraud detection graph engine. That is, the application realizes the customization and deployment of the corresponding detection algorithm through the API and the data structure module in the financial real-time security detection system, then carries out detection based on the real-time fraud detection graph engine, updates and maintains the target blacklist in the fraud community module based on the detection result, and then updates the current fraud detection task based on the incremental fraud semantic update module. Therefore, real-time safety detection can be effectively realized, the detection efficiency is improved, and the cost is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a financial real-time security detection system according to the present application;
FIG. 2 is a schematic diagram of a financial real-time security detection system according to the present application;
FIG. 3 is a schematic workflow diagram of a specific preset edge insert assembly according to the present application;
FIG. 4 is a flow chart of a method for detecting financial real-time security according to the present application;
Fig. 5 is a block diagram of an electronic device according to the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
When the financial platform is detected, the problem of dense subgraph mining can be abstracted in most scenes, and a popular solution in the industry is a stripping algorithm. However, standard stripping algorithms often assume that the structure of the graph is static, and do not take into account the fact that dynamic graphs such as social graphs, transaction graphs, etc. in the financial market are evolving rapidly in recent years. Thus, to solve the above-described problem, a solution that is now popular is to perform the stripping algorithm periodically, but such a solution that is performed periodically requires a full-volume update of the full graph and dense subgraph detection from scratch, resulting in very time-consuming detection. In addition, there is a solution that is an incremental maintenance intensive subgraph, but the current solution requires incremental graph evaluation knowledge training for all developers, which is costly and impractical. Therefore, the application provides a financial real-time safety detection system scheme, which can effectively realize real-time safety detection, improve detection efficiency and reduce cost.
Referring to fig. 1, an embodiment of the present invention discloses a financial real-time security detection system, including:
The API and data structure module 11 is configured to manage and provide each application program interface configured in advance to a developer, so as to implement corresponding customization and deployment of the detection algorithm based on each application program interface.
It should be understood that the detection algorithm in this embodiment is specifically an incremental stripping algorithm based on a dynamic graph. Referring to fig. 2, in this embodiment, the API (Application Programming Interface, application program interface) and the data structure module 11 may specifically include: the method comprises the steps of presetting a vertex suspicious strategy interface, setting a new vertex, and calculating the suspicious nature of the end point of a new edge determined according to the new vertex based on the current suspicious nature to obtain a corresponding first calculation result; and the preset edge suspicious strategy interface is used for calculating the suspicious property of the new edge based on the current suspicious property so as to obtain a corresponding second calculation result. That is, a new vertex/edge is given through the preset vertex suspicious policy interface/preset edge suspicious policy interface, and these components are application program interfaces responsible for calculating the endpoint of the edge or the suspicious edge of the edge in a functional manner according to the user-defined policy, so as to develop own fraud detection semantics.
Meanwhile, in this embodiment, the API and data structure module 11 may specifically include: the method comprises the steps of presetting a benign edge detection interface, wherein the benign edge detection interface is used for judging whether the new edge is benign or not based on the first calculation result and the second calculation result so as to obtain a corresponding judgment result; and presetting a reordering interface, which is used for executing corresponding peeling sequence reordering operation based on the judging result and the new edge so as to finish the incremental maintenance of the current peeling sequence and obtain a new current peeling sequence after reordering. It should be understood that when judging whether a new edge is benign, if so, inserting the new edge into the stripping sequence of the edge, and waiting for the reordering of the stripping sequence; otherwise, the reordering of the stripping sequence associated with the new edge will be triggered immediately. Further, the preset reordering interface is specifically configured to perform a corresponding reordering operation of the stripping sequence, so as to complete incremental maintenance of the current stripping sequence, and update and save the current stripping sequence according to the detailed graph to define a new fraudulent community. Specifically, the system uses an adjacency linked list to store the graph structure, two arraysAnd/>For storing the stripping sequence and the stripping weights, respectively.
It should be further understood that, in this embodiment, the API and data structure module 11 may specifically include: and the preset edge inserting component is used for carrying out real-time fraud detection on the target fraud communities on the graph structure by sequentially calling the preset vertex suspicious strategy interface, the preset edge suspicious strategy interface, the preset benign edge detection interface and the preset reordering interface in the process of updating the graph structure so as to obtain corresponding detection results and finish corresponding graph structure updating operation. It should be understood that the obtained updated target graph structure is a dynamic graph, that is, the graph structure updating operation is specifically a dynamic graph structure updating operation.
In addition, as shown in fig. 2, in this embodiment, the financial real-time security detection system may specifically further include: and the distributed file storage module is used for physical storage of the graph structure.
The real-time fraud detection graph engine 12 is configured to perform a corresponding graph structure loading operation, a graph structure updating operation, and a graph structure storing operation based on a current graph structure corresponding to the current fraud detection task, so as to obtain a corresponding detection result.
In this embodiment, as shown in fig. 2, the real-time fraud detection map engine 12 may specifically include: the map structure loading unit is used for acquiring the saved target map structure from the distributed file storage module; accordingly, the real-time fraud detection map engine 12 may specifically include: and the graph structure storage unit is used for storing the updated target graph structure to the distributed file storage module.
It should be understood that, in this embodiment, when updating the graph structure, the preset edge inserting component is automatically activated to call the preset vertex suspicious policy interface, the preset edge suspicious policy interface, the preset benign edge detecting interface and the preset reordering interface in turn, so as to perform real-time fraud detection on the target fraud community on the graph structure, thereby obtaining a corresponding detection result and completing the corresponding updating operation of the graph structure, as shown in fig. 3.
Specifically, with respect to the graph structure update operation, a dynamic graph-based incremental stripping algorithm is used for a given graph structureStandard Peel sequence/>And delta map/>Obtaining the incrementally updated stripping sequence/>. Where V is the set of vertices; e is a collection of edges; /(I)The standard stripping sequence is calculated by a standard stripping algorithm; deltaV is the set of vertices of the delta graph; ΔE is the set of edges of the delta graph; /(I)The aggregate size of the edges of the delta graph, here 1, represents one edge at a time. ① Vertex insertion: for a new vertex u, it is directly inserted into the first digit of the standard stripping sequence and its stripping weight Δ 0 is initialized to 0, i.e./>. ② Edge insertion: for a new edge (u i,uj) with vertices u i and u j, the new edge (u i,uj) is weighted as/>, assuming i < jAfter insertion of the new edge, the original stripping sequence/>The part of the subscript less than i is unchanged, i.e. there is/>Established/>A stripping sequence newly generated for the incremental stripping algorithm. ③ Constructing a stripping weight priority queue: initializing a priority queue T, sorting the vertices waiting for incremental stripping according to the ascending sort of stripping weights in the queue, wherein the vertices/>The peeling weight calculation method of (2) is specifically shown in the following formula.
;
Wherein,And/>Directed edges/>, respectivelyS is a subset of the graph structure G vertex set V,/>Is the vertex/>Weights of/>And/>Are respectively edges/>Sum edge/>The vertex weights and the weights of the edges are given by the traffic expert. ④ initializing: initialize a null sequence/>As can be seen from ②,/>Will directly join/>. ⑤ Incremental stripping weight calculation: the head of queue element of the priority queue T, i.e. vertex u min with minimum stripping weight, is compared with the standard stripping sequence/>Wherein k > i, and the stripping weights of the two vertices are denoted by delta min and delta k, respectively:
a) At Δ min<Δk, u min is fetched from queue T and added Simultaneously updating the stripping weights and the positions in the priority queue T of all vertices in the adjacent vertex set N (u min) of u min, where N (u min) represents the set of adjacent vertices of vertex u min;
b) When delta min≥Δk, if Or/>Then u k is directly inserted into T, at which time the peel weight of u k can be calculated specifically by the following expression.
;
C) When delta min≥Δk, ifThen u k is directly inserted/>,k=k+1。
⑥ Repeating step ⑤ until T is empty, stopping iteration to obtainNamely the incrementally updated stripping sequence. Thus, by incrementally maintaining dense subgraphs, the system can detect rogue communities on millions of level graphs in hundreds of microseconds.
A fraud community module 13, configured to save and update and maintain a target blacklist in real time based on the detection result; wherein the target blacklist includes information of the found fraudulent user.
Specifically, in this embodiment, the fraud community module 13 may specifically include: and the list processing unit is used for carrying out data analysis or account blocking based on the target blacklist. It will be appreciated that with constant real-time detection, the target blacklist is continually updated, and the information recorded for each fraudulent user in the detected fraudulent group is consistently updated and maintained.
The incremental fraud semantic updating module 14 is configured to update a current fraud detection task by acquiring a target suspicious function sent by the developer, and send the updated current fraud detection task to the real-time fraud detection graph engine.
Specifically, in this embodiment, the developer can insert his own customized suspicious degree function into the system through the incremental fraud semantic update module 14, so that the fraud semantics can be gradually perfected without reconstructing the detection algorithm (avoiding calculation from scratch), and the fraud detection task can be updated. In this way, the cost of incrementally maintaining the dense subgraph is greatly reduced.
It can be seen that, in the embodiment of the present application, the API and the data structure module are configured to manage and provide each application program interface configured in advance to a developer, so as to implement customization and deployment of a corresponding detection algorithm based on each application program interface; the real-time fraud detection graph engine is used for executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task so as to obtain a corresponding detection result; the fraud community module is used for storing and updating and maintaining a target blacklist in real time based on the detection result; wherein the target blacklist comprises information of the found fraudulent users; and the incremental fraud semantic updating module is used for updating the current fraud detection task by acquiring the target suspicious function sent by the developer and sending the updated current fraud detection task to the real-time fraud detection graph engine. That is, the application realizes the customization and deployment of the corresponding detection algorithm through the API and the data structure module in the financial real-time security detection system, then carries out detection based on the real-time fraud detection graph engine, updates and maintains the target blacklist in the fraud community module based on the detection result, and then updates the current fraud detection task based on the incremental fraud semantic update module. In this way, the incremental stripping algorithm-based method of the embodiment avoids the problem that the whole quantity of dense subgraphs is detected from the beginning and the time consumption is long, greatly reduces the response delay to fraudulent transactions, and meets the real-time requirements of the industry. In addition, the embodiment can detect the fraudulent communities on the million-level graph in hundreds of microseconds by constructing a financial real-time fraud detection system based on an incremental stripping algorithm of the dynamic graph and maintaining the dense subgraph in an incremental way; by providing simple but expressive application program interfaces such as side and vertex suspicious functions, developers can insert own customized suspicious functions into the system, so that fraudulent semantics can be gradually perfected under the condition of not reconstructing a detection algorithm, the developers can design own fraudulent semantics to update fraudulent detection tasks, and the cost of incremental maintenance intensive subgraphs is greatly reduced. That is, the embodiment can effectively realize real-time safety detection, improve detection efficiency and reduce cost.
Referring to fig. 4, the embodiment of the application also correspondingly discloses a financial real-time security detection method, which comprises the following steps:
Step S11, managing and providing each pre-configured application program interface for developers to realize corresponding detection algorithm customization and deployment based on each application program interface.
Step S12, corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation are executed based on the current graph structure corresponding to the current fraud detection task, so as to obtain corresponding detection results.
Step S13, a target blacklist is saved and updated and maintained in real time based on the detection result; wherein the target blacklist includes information of the found fraudulent user.
And step S14, updating the current fraud detection task by acquiring the target suspicious function sent by the developer, and jumping to the step of executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task.
The more specific working process of each step may refer to the corresponding content disclosed in the foregoing embodiment, and will not be described herein.
Therefore, in the embodiment of the application, each preset application program interface is managed and provided for a developer to realize corresponding detection algorithm customization and deployment based on each application program interface;
Executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task to obtain a corresponding detection result;
Storing and updating and maintaining a target blacklist in real time based on the detection result; wherein the target blacklist comprises information of the found fraudulent users;
Updating a current fraud detection task by acquiring a target suspicious function sent by the developer, and jumping to the step of executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task. That is, the present application firstly implements the customization and deployment of the corresponding detection algorithm, then performs the detection, updates and maintains the target blacklist based on the detection result, and updates the current fraud detection task. Therefore, real-time safety detection can be effectively realized, the detection efficiency is improved, and the cost is reduced.
Further, the embodiment of the present application further discloses an electronic device, and fig. 5 is a block diagram of an electronic device 20 according to an exemplary embodiment, where the content of the figure is not to be considered as any limitation on the scope of use of the present application.
Fig. 5 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present application. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the financial real-time security detection method disclosed in any of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon may include an operating system 221, a computer program 222, and the like, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device 20 and the computer program 222, which may be Windows Server, netware, unix, linux, etc. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the financial real-time security detection method performed by the electronic device 20 disclosed in any of the previous embodiments.
Further, the application also discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by the processor implements the financial real-time security detection method disclosed previously. For specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and no further description is given here.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing has outlined rather broadly the more detailed description of the application in order that the detailed description of the application that follows may be better understood, and in order that the present principles and embodiments may be better understood; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
Claims (7)
1. A financial real-time security detection system, comprising:
the system comprises an API and a data structure module, wherein the API and the data structure module are used for managing and providing each pre-configured application program interface for a developer to realize corresponding detection algorithm customization and deployment based on each application program interface;
The real-time fraud detection graph engine is used for executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task so as to obtain a corresponding detection result;
The fraud community module is used for storing and updating and maintaining a target blacklist in real time based on the detection result; wherein the target blacklist comprises information of the found fraudulent users;
the incremental fraud semantic updating module is used for updating the current fraud detection task by acquiring a target suspicious function sent by the developer and sending the updated current fraud detection task to the real-time fraud detection graph engine;
Wherein the API and data structure module comprises:
The method comprises the steps of presetting a vertex suspicious strategy interface, setting a new vertex, and calculating the suspicious nature of the end point of a new edge determined according to the new vertex based on the current suspicious nature to obtain a corresponding first calculation result;
The suspicious strategy interface of the preset edge is used for calculating the suspicious property of the new edge based on the current suspicious property so as to obtain a corresponding second calculation result;
the method comprises the steps of presetting a benign edge detection interface, wherein the benign edge detection interface is used for judging whether the new edge is benign or not based on the first calculation result and the second calculation result so as to obtain a corresponding judgment result;
the preset reordering interface is used for executing corresponding reordering operation of the stripping sequence based on the judging result and the new edge so as to finish incremental maintenance of the current stripping sequence and obtain a new current stripping sequence after reordering;
And the preset edge inserting component is used for carrying out real-time fraud detection on the target fraud communities on the graph structure by sequentially calling the preset vertex suspicious strategy interface, the preset edge suspicious strategy interface, the preset benign edge detection interface and the preset reordering interface in the process of updating the graph structure so as to obtain corresponding detection results and finish corresponding graph structure updating operation.
2. The financial real-time security detection system according to claim 1, further comprising:
and the distributed file storage module is used for physical storage of the graph structure.
3. The financial real-time security detection system of claim 2, wherein the real-time fraud detection map engine comprises:
The map structure loading unit is used for acquiring the saved target map structure from the distributed file storage module;
accordingly, the real-time fraud detection map engine includes:
and the graph structure storage unit is used for storing the updated target graph structure to the distributed file storage module.
4. A financial real-time security detection system according to any one of claims 1 to 3, wherein the fraud community module comprises:
and the list processing unit is used for carrying out data analysis or account blocking based on the target blacklist.
5. A financial real-time security detection method, comprising:
managing and providing each pre-configured application program interface for a developer to realize corresponding detection algorithm customization and deployment based on each application program interface;
Executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on the current graph structure corresponding to the current fraud detection task to obtain a corresponding detection result;
Storing and updating and maintaining a target blacklist in real time based on the detection result; wherein the target blacklist comprises information of the found fraudulent users;
Updating a current fraud detection task by acquiring a target suspicious function sent by the developer, and jumping to the step of executing corresponding graph structure loading operation, graph structure updating operation and graph structure storing operation based on a current graph structure corresponding to the current fraud detection task;
Wherein the managing and providing the developer with each application program interface configured in advance to realize the customization and deployment of the corresponding detection algorithm based on each application program interface comprises:
giving a new vertex through a preset vertex suspicious strategy interface, and calculating the suspicious nature of the end point of the new edge determined according to the new vertex based on the current suspicious nature so as to obtain a corresponding first calculation result;
calculating the suspicious property of the new edge based on the current suspicious property through a preset edge suspicious strategy interface so as to obtain a corresponding second calculation result;
Judging whether the new edge is benign or not based on the first calculation result and the second calculation result through a preset benign edge detection interface so as to obtain a corresponding judgment result;
Performing corresponding stripping sequence reordering operation based on the judging result and the new edge through a preset reordering interface so as to finish incremental maintenance of the current stripping sequence and obtain a new current stripping sequence after reordering;
And in the process of updating the graph structure through the preset edge inserting component, sequentially calling the preset vertex suspicious strategy interface, the preset edge suspicious strategy interface, the preset benign edge detection interface and the preset reordering interface to perform real-time fraud detection on a target fraud community on the graph structure so as to obtain a corresponding detection result and finish corresponding graph structure updating operation.
6. An electronic device, comprising:
A memory for storing a computer program;
A processor for executing the computer program to implement the financial real-time security detection method as claimed in claim 5.
7. A computer readable storage medium storing a computer program which when executed by a processor implements the financial real-time security detection method of claim 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311788113.8A CN117455660B (en) | 2023-12-25 | 2023-12-25 | Financial real-time safety detection system, method, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311788113.8A CN117455660B (en) | 2023-12-25 | 2023-12-25 | Financial real-time safety detection system, method, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117455660A CN117455660A (en) | 2024-01-26 |
| CN117455660B true CN117455660B (en) | 2024-05-24 |
Family
ID=89593279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311788113.8A Active CN117455660B (en) | 2023-12-25 | 2023-12-25 | Financial real-time safety detection system, method, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117455660B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108009915A (en) * | 2017-12-21 | 2018-05-08 | 连连银通电子支付有限公司 | A kind of labeling method and relevant apparatus of fraudulent user community |
| CN112053223A (en) * | 2020-08-14 | 2020-12-08 | 百维金科(上海)信息科技有限公司 | Internet financial fraud behavior detection method based on GA-SVM algorithm |
| CN112765287A (en) * | 2021-02-05 | 2021-05-07 | 中国人民解放军国防科技大学 | Method, device and medium for mining character relation based on knowledge graph embedding |
| CN113344576A (en) * | 2021-05-31 | 2021-09-03 | 中国工商银行股份有限公司 | Service fraud monitoring method and system |
| CN116151954A (en) * | 2022-12-16 | 2023-05-23 | 北京君禾世纪科技有限公司 | Real-time group-partner anti-fraud detection method and system |
| CN116957770A (en) * | 2022-04-11 | 2023-10-27 | 中移(上海)信息通信科技有限公司 | Method and device for identifying financial fraud |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180240131A1 (en) * | 2017-02-17 | 2018-08-23 | International Business Machines Corporation | Identifying deceptive social media content |
| US11574360B2 (en) * | 2019-02-05 | 2023-02-07 | International Business Machines Corporation | Fraud detection based on community change analysis |
| US20230208875A1 (en) * | 2021-12-24 | 2023-06-29 | Viettel Group | Method of fraud detection in telecommunication using big data mining techniques |
-
2023
- 2023-12-25 CN CN202311788113.8A patent/CN117455660B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108009915A (en) * | 2017-12-21 | 2018-05-08 | 连连银通电子支付有限公司 | A kind of labeling method and relevant apparatus of fraudulent user community |
| CN112053223A (en) * | 2020-08-14 | 2020-12-08 | 百维金科(上海)信息科技有限公司 | Internet financial fraud behavior detection method based on GA-SVM algorithm |
| CN112765287A (en) * | 2021-02-05 | 2021-05-07 | 中国人民解放军国防科技大学 | Method, device and medium for mining character relation based on knowledge graph embedding |
| CN113344576A (en) * | 2021-05-31 | 2021-09-03 | 中国工商银行股份有限公司 | Service fraud monitoring method and system |
| CN116957770A (en) * | 2022-04-11 | 2023-10-27 | 中移(上海)信息通信科技有限公司 | Method and device for identifying financial fraud |
| CN116151954A (en) * | 2022-12-16 | 2023-05-23 | 北京君禾世纪科技有限公司 | Real-time group-partner anti-fraud detection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117455660A (en) | 2024-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7353214B2 (en) | Outlier determination rule generation device and outlier detection device, and outlier determination rule generation method and outlier detection method thereof | |
| CN111444009A (en) | Resource allocation method and device based on deep reinforcement learning | |
| CN110826071A (en) | Software vulnerability risk prediction method, device, equipment and storage medium | |
| CN109246027B (en) | Network maintenance method and device and terminal equipment | |
| CN109495467B (en) | Method and device for updating interception rule and computer readable storage medium | |
| CN108023808A (en) | message distributing method and device in application program | |
| CN111160624B (en) | User intention prediction method, user intention prediction device and terminal equipment | |
| WO2019062405A1 (en) | Application program processing method and apparatus, storage medium, and electronic device | |
| CN109962911A (en) | A kind of method and electronic equipment obtaining user information by small routine | |
| CN110008694A (en) | A kind of application security control method, device, equipment and readable storage medium storing program for executing | |
| CN111161071A (en) | Data processing method, device, equipment and storage medium based on block chain | |
| CN110543756A (en) | Device identification method and device, storage medium and electronic device | |
| CN117455660B (en) | Financial real-time safety detection system, method, equipment and storage medium | |
| CN111694835B (en) | Number section access method, system, equipment and storage medium of logistics electronic bill | |
| CN116541069A (en) | Key function evaluation method, device, electronic equipment, medium and program product | |
| CN111405007A (en) | TCP session management method, device, storage medium and electronic equipment | |
| CN114331446B (en) | Method, device, equipment and medium for realizing out-of-chain service of block chain | |
| CN109255016A (en) | Answer method, device and computer readable storage medium based on deep learning | |
| CN111210279B (en) | Target user prediction method and device and electronic equipment | |
| CN114579054A (en) | Data processing method and device, electronic equipment and computer readable medium | |
| CN114036551A (en) | Data processing method and device for private data, computer equipment and medium | |
| CN110138723B (en) | Method and system for determining malicious community in mail network | |
| CN114282940A (en) | Method and apparatus for intention recognition, storage medium, and electronic device | |
| CN114067149A (en) | Internet service providing method and device and computer equipment | |
| CN109325859B (en) | Member upgrading processing method, system and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |