CN112365269A - Risk detection method, apparatus, device and storage medium - Google Patents

Risk detection method, apparatus, device and storage medium Download PDF

Info

Publication number
CN112365269A
CN112365269A CN202011165265.9A CN202011165265A CN112365269A CN 112365269 A CN112365269 A CN 112365269A CN 202011165265 A CN202011165265 A CN 202011165265A CN 112365269 A CN112365269 A CN 112365269A
Authority
CN
China
Prior art keywords
risk
transaction data
target service
target
unknown
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011165265.9A
Other languages
Chinese (zh)
Inventor
宋佳
宾义
潘航
张庆
罗恒亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sankuai Online Technology Co Ltd
Original Assignee
Beijing Sankuai Online Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sankuai Online Technology Co Ltd filed Critical Beijing Sankuai Online Technology Co Ltd
Priority to CN202011165265.9A priority Critical patent/CN112365269A/en
Publication of CN112365269A publication Critical patent/CN112365269A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0241Advertisements
    • G06Q30/0248Avoiding fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0609Buyer or seller confidence or verification

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Game Theory and Decision Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present disclosure provides a risk detection method, apparatus, device and storage medium, the method comprising: obtaining a plurality of historical transaction data of a target service; respectively carrying out risk detection on the plurality of historical transaction data; marking the historical transaction data respectively according to the risk detection results corresponding to the historical transaction data to obtain marking samples of the target service; updating the risk detection model of the target service by using the labeled sample of the target service to obtain an updated risk detection model of the target service; and detecting the current transaction data of the target service through the updated risk detection model of the target service to obtain a risk detection result. By adopting the technical scheme provided by the disclosure, the accuracy of risk prevention and control on the target service can be improved.

Description

Risk detection method, apparatus, device and storage medium
Technical Field
The present application relates to the field of information processing technologies, and in particular, to a risk detection method, apparatus, device, and storage medium.
Background
Transaction risk control (wind control for short) is an important means for ensuring the safety of online business, and prevents the online platform from risks of property loss, image damage and the like by identifying risks of cheating, fraud, order swiping and the like. The traditional risk control depends heavily on the participation of people, a large amount of manpower is consumed, and effective real-time prevention and control are difficult to achieve. Therefore, an automatic and intelligent wind control system needs to be deployed on an online platform to effectively combat cheaters and protect the operation for the business.
In the prior art, the wind control system can automatically identify risks of transaction data on a line and intercept the transaction data with risks, but the existing risk system still has the problems of low risk prevention and control coverage rate and low effect.
Disclosure of Invention
In order to solve the above problems, the present application provides a risk detection method, apparatus, device and storage medium, which aim to improve the accuracy of recommending information to a user.
In a first aspect of the embodiments of the present disclosure, a risk detection method is provided, where the method includes:
obtaining a plurality of historical transaction data of a target service;
respectively carrying out risk detection on the plurality of historical transaction data;
marking the historical transaction data respectively according to the risk detection results corresponding to the historical transaction data to obtain marking samples of the target service;
updating the risk detection model of the target service by using the labeled sample of the target service to obtain an updated risk detection model of the target service;
and detecting the current transaction data of the target service through the updated risk detection model of the target service to obtain a risk detection result.
Optionally, the risk detection is performed on the plurality of historical transaction data respectively, and includes at least one of:
detecting whether each of the plurality of historical transaction data conforms to a current risk assessment rule of the target business;
performing time sequence detection, aggregation detection and outlier detection on the plurality of historical transaction data respectively;
and detecting whether the plurality of historical transaction data carry risk attribute labels respectively.
Optionally, the method further comprises:
determining the amount of historical transaction data that conforms to the current risk assessment rule;
updating the current risk assessment rule when the quantity of the historical transaction data which accord with the current risk assessment rule is less than a preset quantity;
detecting whether each of the plurality of historical transaction data complies with a current risk assessment rule for the target business, comprising:
detecting whether each of the plurality of historical transaction data complies with an updated current risk assessment rule.
Optionally, labeling the multiple historical transaction data according to the risk detection results corresponding to the multiple historical transaction data, respectively, to obtain a labeled sample of the target service, including:
comparing the risk detection result corresponding to each of the plurality of historical transaction data with a known risk set of the target service, and determining unknown risk transaction data from the historical transaction data which is not in the known risk set;
and marking the determined unknown risk transaction data to obtain a marked sample of the target service.
Optionally, in a case that the risk detection is performed on the plurality of historical transaction data respectively according to the current risk assessment rule of the target service, the method further includes:
determining a first amount of historical transaction data that conforms to a current risk assessment rule of the target business;
inputting the plurality of historical transaction data into a risk detection model of the target service to obtain detection results corresponding to the plurality of historical transaction data respectively;
determining a second quantity of the historical transaction data with risks according to the detection results corresponding to the plurality of historical transaction data respectively;
updating the risk detection model of the target service by using the labeled sample of the target service to obtain an updated risk detection model of the target service, comprising:
and when the first quantity is larger than the second quantity, updating the risk detection model of the target service by using the labeled sample of the target service to obtain the updated risk detection model of the target service.
Optionally, the step of labeling the determined unknown risk transaction data to obtain a labeled sample of the target service includes:
sampling the determined unknown risk transaction data to obtain target unknown risk transaction data;
outputting a labeling prompt for labeling the target unknown risk transaction data;
determining an annotation label of the target unknown risk transaction data;
and determining the target unknown risk transaction data with the labeling label as a labeling sample of the target business.
Optionally, after outputting a labeling prompt for labeling the target unknown risk transaction data, the method further includes:
training a preset model by taking all labeled samples of the target service as training samples to obtain a sample classification model;
classifying the rest unknown risk transaction data of the target business through the sample classification model, wherein the rest unknown risk transaction data are data except the target risk transaction data;
and labeling the other unknown risk transaction data according to the respective classification scores of the other unknown risk transaction data to obtain a labeled sample of the target service.
Optionally, labeling the remaining unknown risk transaction data according to the classification scores of the remaining unknown risk transaction data to obtain a labeled sample of the target service, including:
determining risk transaction data to be classified and classified risk transaction data from the other unknown risk transaction data according to the relation between the classification score of each of the other unknown risk transaction data and a preset score threshold;
determining the classified risk transaction data as an labeled sample of the target business;
updating the sample classification model by taking all labeled samples of the target service as training samples;
classifying the risk transaction data to be classified through the updated sample classification model;
and repeating the process until the rest of the unknown risk transaction data are classified risk transaction data.
Optionally, the method further comprises:
obtaining a plurality of transaction data to be detected of a service to be detected, wherein the service to be detected is different from the target service;
marking a plurality of to-be-detected transaction data corresponding to the to-be-detected service according to a rule corresponding to the to-be-detected service to obtain a plurality of to-be-detected samples;
acquiring a risk detection model of the target service, and training the risk detection model of the target service by taking the plurality of samples to be detected as input to obtain a risk detection model corresponding to the service to be detected;
and carrying out risk detection on the current transaction data of the service to be detected through a risk detection model corresponding to the service to be detected.
In a second aspect of the disclosed embodiments, there is provided a risk detection apparatus, the apparatus comprising:
the acquisition module is used for acquiring a plurality of historical transaction data of the target service;
the first detection module is used for respectively carrying out risk detection on the plurality of historical transaction data;
the marking module is used for marking the historical transaction data respectively according to the risk detection results corresponding to the historical transaction data to obtain marking samples of the target service;
the updating module is used for updating the risk detection model of the target service by using the labeled sample of the target service to obtain an updated risk detection model of the target service;
and the second detection module is used for detecting the current transaction data of the target service through the updated risk detection model of the target service to obtain a risk detection result.
In a third aspect of the embodiments of the present disclosure, an electronic device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the risk detection method according to the first aspect is implemented.
In a fourth aspect of the embodiments of the present disclosure, a non-transitory computer-readable storage medium is provided, in which instructions are executable by a processor to perform the operations performed by the risk detection method according to any one of the first aspects.
In the embodiment of the application, a plurality of historical transaction data of the target service can be obtained, and the plurality of historical transaction data are respectively subjected to risk detection, so that the plurality of historical transaction data are respectively labeled according to a risk detection result to obtain a labeled sample of the target service; then, updating the risk detection model of the target service by using the labeled sample to obtain an updated risk detection model; therefore, the updated risk detection model can be used for detecting the current transaction data of the target service to obtain a risk detection result.
According to the risk detection method and device, risk detection can be conducted on a plurality of historical transaction data of the target business, the historical transaction data are respectively marked according to risk detection results, risks which cannot be covered by a current risk detection model can be sensed, sample marking is conducted on the transaction data through the sensed risks, samples are enriched, the risk detection model continues to be trained through the samples marked after the risks are sensed, therefore, the risk detection model can effectively hit the transactions with risks after updating, the coverage rate of the risk detection model on risk identification is improved, and risk prevention and control are more accurate and efficient.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required to be used in the description of the embodiments or the related art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a design concept diagram of a risk detection method according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating steps of a method for risk detection according to an embodiment of the present application;
FIG. 3 is a flow chart illustrating steps of yet another method for risk detection according to an embodiment of the present application;
FIG. 4 is a schematic diagram illustrating a process for tagging transaction data at unknown risk according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating the steps of intelligently tagging transaction data at unknown risk according to one embodiment of the present application;
FIG. 6 is a flowchart illustrating the steps for annotating remaining unknown risk transaction data according to one embodiment of the present application;
FIG. 7 is a flowchart illustrating steps of migrating a risk detection model to a newly deployed service according to an embodiment of the present application;
fig. 8 is a schematic diagram of a frame of a risk detection device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
In the prior art, wind control systems generally perform risk control by: one is to filter the online transactions by manually formulating rules to identify those at risk. And secondly, training the machine learning model through historically accumulated samples based on the machine learning model, and identifying the risky transaction through the machine learning model.
However, the above two methods have the following problems: firstly, the rules need to be updated manually, and the manpower resource saving is limited. Secondly, the machine learning model depends on samples hit by the existing rules, so that the problems of insufficient samples and the like exist, and dangerous transactions cannot be filtered comprehensively. Thirdly, the machine learning model depends on sample data, the sample data acquisition cost is high, and the artificial intelligence technology is not utilized to reduce the artificial labeling work; and fourthly, the model training and updating are not automated.
The problems that the existing wind control system is low in risk identification accuracy and coverage rate are caused. In view of the above problems, the present applicant has proposed a risk control method to solve at least one of the above problems, the main concept of which is to: and carrying out risk perception on the transaction data of the target business, and timely finding the transaction data with risks, so as to label the transaction data with risks to obtain samples, and updating a risk detection model of the target business by using the samples, so that the model training and updating are automatic, and the coverage rate and efficiency of risk prevention and control are improved.
Referring to fig. 1, a design concept diagram of a risk detection method in the present embodiment is shown, and as shown in fig. 1, the risk detection method provided in the present embodiment mainly includes two aspects of risk prevention and control, which are respectively: intelligent confrontation and intelligent deployment and control of a new scene. The intelligent confrontation shown in fig. 1 may include updating an existing model by using a sample obtained by intelligent labeling, and automatically generating and updating a rule of a target business. The details are as follows:
firstly, in the aspect of updating the existing model, specifically, the intelligent sensing module can carry out risk sensing on real-time transaction data, the intelligent marking module can carry out intelligent marking on the real-time transaction data according to the risk sensing result of the intelligent sensing module, so that the sample obtained after intelligent marking is utilized to carry out automatic updating on the risk detection model, and then the updated risk detection model is utilized to carry out risk control on the transaction data, wherein the intelligent marking can continuously accumulate the obtained sample into a sample library.
Secondly, intelligent deployment and control of a new scene can be carried out, and the method mainly relates to the migration and application of a model, wherein the migration of the model can mean that sample data of a newly deployed and controlled service is used for training a risk detection model of an existing service, so that the trained model is used for carrying out risk control on the newly deployed and controlled service.
And thirdly, automatic generation of rules can be carried out, so that automatic rules can be dynamically updated, and joint risk prevention and control can be carried out on transaction data by using the automatic rules and the risk detection model.
In the following, a risk detection method according to an embodiment of the present application is described in detail with reference to a design concept diagram shown in fig. 1, and referring to fig. 2, a flowchart of steps of the risk detection method according to the embodiment of the present application is shown, and specifically, the method may include the following steps:
step S201: a plurality of historical transaction data for the target service is obtained.
In this embodiment, the target service may refer to a service developed by an online platform, for example, for a consortium platform, the target service may be a take-out service, a hotel reservation service, an airline ticket reservation service, and the like. The historical transaction data may refer to transaction data generated in a preset time period before the current time, and actually, a plurality of historical transaction data of the target service in the preset time period before the current time may be obtained at intervals. That is, a plurality of historical transaction data of the target service can be obtained at regular time. For example, historical transactional data for monday through sunday of the current week is obtained every sunday. Therefore, a plurality of historical transaction data can be continuously acquired in the running and putting-in process of the target service.
The transaction data may refer to a transaction log, and the transaction data may include time for generating a transaction, user information, commodity information, and the like.
Step S202: and respectively carrying out risk detection on the plurality of historical transaction data.
In this embodiment, risk detection may be performed on each historical transaction data to determine whether each historical transaction data is risk-present data. In this way, risk perception can be dynamically performed on transaction data generated by the target business, so that the risk perception capability of the target business is continuously improved. As shown in fig. 1, the whole intelligent sensing module includes external feedback collection and internal active discovery, the external feedback collection refers to mining risk behaviors through user feedback, a news platform and other ways, and the internal active discovery refers to detecting transaction data, including but not limited to timing detection, aggregation detection, outlier detection and the like, and timely discovering the transaction data with risks.
Specifically, in one example, several ways of performing risk detection on each of a plurality of historical transaction data are provided, which are:
in the first mode, whether each of the plurality of historical transaction data accords with the current risk assessment rule of the target business is detected.
The second mode is as follows: and respectively carrying out time sequence detection, aggregation detection and outlier detection on the plurality of historical transaction data.
The third mode is as follows: and detecting whether the plurality of historical transaction data carry risk attribute labels respectively.
Wherein the risk detection may optionally be performed in any one of the three ways described above. The risk detection can also optionally be carried out in a combination of two of the three ways described above.
In the first mode, the risk assessment rule may be a rule artificially formulated according to the target business, and when the historical transaction data conforms to the risk rule, the risk assessment rule indicates that the historical transaction data has a risk. In the second mode, the time sequence detection of each of the plurality of historical transaction data may be performed by a method such as statistics or time sequence detection: the respective aggregation detection of the plurality of historical transaction data may be methods such as frequent item sets, cluster detection, graph mining, and the like, and the respective outlier detection of the plurality of historical transaction data may be methods such as outlier detection, isolated forests, and the like. In a third manner, it may be detected whether each historical transaction data carries a risk attribute tag, where the risk attribute tag may represent whether the historical transaction data has a risk, and in practice, if there is a risk attribute tag, it may represent that the historical transaction data has a risk. Specifically, when other users report or complain some historical transaction data through a news media channel, a complaint channel of a target service, and the like, the historical transaction data may have a risk attribute tag.
Of course, in the implementation process, the risk detection may be performed on multiple historical transaction data by combining the above three ways at the same time.
Step S203: and labeling the historical transaction data respectively according to the risk detection results corresponding to the historical transaction data to obtain labeled samples of the target service.
In this embodiment, the plurality of historical transaction data may be labeled according to the result of performing risk detection on the plurality of historical transaction data, respectively. Specifically, the risk detection result is historical transaction data with risk, and the historical transaction data is marked as data with risk; the risk detection result is historical transaction data without risk, and the historical transaction data is marked as data without risk. Therefore, after all historical transaction data are labeled, a labeled sample of the target service can be obtained.
Because a plurality of historical transaction data can be continuously obtained in the running and investment process of the target business, training samples of a risk detection model of the target business can be continuously enriched in the running and investment process of the target business, so that the number of the samples is expanded, and a higher-quality risk detection model is obtained.
Step S204: and updating the risk detection model of the target service by using the labeled sample of the target service to obtain the updated risk detection model of the target service.
In this embodiment, the risk detection model of the target service may be a model trained for the target service in advance, and the risk detection model may be used to perform risk detection on the transaction data of the target service and discover abnormal transaction data in time. In the process of obtaining a plurality of historical transaction data and carrying out risk detection on the plurality of historical transaction data, the risk detection model of the target business can still be used for carrying out risk detection on the transaction data of the target business.
Because the labeled samples are obtained after the plurality of historical transaction data are respectively labeled according to the risk detection results corresponding to the plurality of historical transaction data, the labeled samples can be used as training samples to update the risk detection model. Wherein, updating the risk detection model may refer to: and taking the marked sample as a training sample, and continuing training the risk detection model.
The process of continuously training the risk detection model can refer to the related technology, namely in the training process, the loss of the model is calculated according to the output of the model and the label of the labeled sample, and the parameters of the risk detection model are iteratively updated according to the loss of the model, so that the updated risk detection model is obtained.
Step S205: and detecting the current transaction data of the target service through the updated risk detection model of the target service to obtain a risk detection result.
In this embodiment, the current transaction data of the target service may refer to transaction data generated at the current time, and since the risk detection model is updated by using the labeled sample, the risk detection may be performed on the current transaction data by using the updated risk detection model to obtain a risk detection result, where the risk detection result may represent whether the current transaction data has a risk.
In the embodiment of the application, because risk detection can be performed on a plurality of historical transaction data of the target service, namely, risk perception is dynamically performed on the historical transaction data of the target service, and the historical transaction data are respectively labeled according to the risk detection result, sample labeling can be performed on the transaction data by using the perceived risk, so that samples are continuously enriched in the running process of the target service. And then, the risk detection model continues to be trained by using the labeled sample after the risk is perceived, so that the updated risk detection model can effectively hit the risk transaction, the coverage rate of the risk detection model on risk identification is improved, and the risk prevention and control are more accurate and efficient.
With reference to fig. 1, the risk assessment rule may be automatically generated, and further, the risk assessment rule may be dynamically updated in the process of putting the target service into operation, so that the risk assessment rule and the risk detection model are used to jointly perform risk prevention and control on the transaction data. In this case, when the risk detection is performed on each of the plurality of historical transaction data, a mode of detecting whether each of the plurality of historical transaction data meets the current risk assessment rule of the target service may be selected. Accordingly, referring to fig. 3, a flowchart illustrating steps of a risk detection method according to an embodiment of the present application is shown, which may specifically include the following steps:
step S301: a plurality of historical transaction data for the target service is obtained.
In this embodiment, a plurality of historical transaction data of the target service may be obtained periodically, for example, in the current period, all the historical transaction data generated in the current period may be obtained, and the historical transaction data may be referred to as a transaction log.
Step S302: determining a quantity of historical transaction data that complies with the current risk assessment rule.
In this embodiment, the current risk assessment rule may refer to a latest risk assessment rule of the target service, and may further determine the number of historical transaction data that meet the current risk assessment rule in the plurality of historical transaction data, where the number of historical transaction data that meet the current risk assessment rule may reflect an accuracy degree of the current risk assessment rule in performing risk detection on the obtained plurality of historical transaction data.
Step S303: and updating the current risk assessment rule when the quantity of the historical transaction data which accord with the current risk assessment rule is less than a preset quantity.
In this embodiment, the preset number may be preset, and when the number of the historical transaction data conforming to the current risk assessment rule is smaller than the preset number, it may be characterized that the current risk assessment rule cannot perform risk detection with a higher accuracy. In this case, the current risk assessment rule may be updated, specifically, the current risk assessment rule may be updated by using an automatic rule generation method, which may include, but is not limited to, the following methods: the statistical method comprises automatic threshold setting, tree model decision path generation, Bayesian decision and hidden Markov model.
When the quantity of the historical transaction data which accord with the current risk assessment rule is larger than or equal to the preset quantity, the current risk assessment rule can be represented, and risk detection with high accuracy can be carried out. In this case, a plurality of historical transaction data may be risk-tested using the current risk assessment rules.
Step S304: detecting whether each of the plurality of historical transaction data complies with an updated current risk assessment rule.
After the current risk assessment rule is updated, the updated risk assessment rule may be used to perform risk detection on the plurality of historical transaction data, and specifically, whether each of the plurality of historical transaction data meets the updated current risk assessment rule may be detected. Because the updated current risk assessment rule is used for risk monitoring, the risk perception of a plurality of historical transaction data is more accurate.
Step S305: and labeling the historical transaction data respectively according to the risk detection results corresponding to the historical transaction data to obtain labeled samples of the target service.
In this embodiment, the plurality of historical transaction data may be respectively labeled according to whether each of the plurality of historical transaction data meets the updated result of the current risk assessment rule. For example, when historical transaction data in the plurality of historical transaction data complies with the updated current risk assessment rule, the historical transaction data may be labeled as risk-present data. When the historical transaction data does not conform to the updated current risk assessment rule, the historical transaction data may be marked as normal data.
After the plurality of historical transaction data are respectively labeled, a plurality of labeled samples can be obtained, wherein each labeled sample can be provided with a label which can represent whether the labeled sample is a sample with risk or not.
Step S306: and updating the risk detection model of the target service by using the labeled sample of the target service to obtain the updated risk detection model of the target service.
In this embodiment, the process of step S306 is similar to the process of step S204, and reference may be made to the process of step S204 for relevant points, which is not described herein again.
Step S307: and detecting the current transaction data of the target service through the updated risk detection model of the target service to obtain a risk detection result.
In this embodiment, when the updated risk detection model detects the current transaction data of the target service, the probability that the transaction data has a risk is output, and then a result of whether the current transaction data has a risk is obtained according to a relationship between the output probability and a preset probability. When the output probability is greater than the preset probability, representing that the current transaction data has risks; otherwise, there is no risk in characterizing the current transaction data.
In addition, in this embodiment, the updating of the model may also be adaptively started, and specifically, when the labeled samples are accumulated to a certain amount, or the hit rate of the current risk evaluation rule on the risk is greater than the hit rate of the risk detection model on the risk, the risk detection model may be automatically updated.
Accordingly, in one example, after obtaining a plurality of historical transaction data of the target business, the amount of the transaction data with risk identified by the current risk assessment rule and the amount of the transaction data with risk identified by the risk detection model may be compared, and then whether to update the risk detection model may be determined according to the comparison result.
Specifically, after obtaining a plurality of historical transaction data of a target business, a first number of historical transaction data that meet a current risk assessment rule of the target business may be determined; inputting the plurality of historical transaction data into a risk detection model of the target service to obtain detection results corresponding to the plurality of historical transaction data respectively; and determining a second quantity of the historical transaction data with risks according to the detection results corresponding to the plurality of historical transaction data respectively.
Correspondingly, when the target business risk detection model is updated by using the target business labeling sample, the target business risk detection model can be updated by using the target business labeling sample when the first quantity is greater than the second quantity, and the updated target business risk detection model is obtained.
In this embodiment, a first quantity of historical transaction data, which conforms to a current risk assessment rule of the target service, in the plurality of historical transaction data may be determined, where the current risk assessment rule may refer to a latest risk assessment rule used by the target service. The first amount may be an amount of risk-bearing historical transaction data identified by the current risk assessment rule, and may reflect the performance of the current risk assessment rule in identifying risk.
The plurality of historical transaction data may also be input to the risk detection model of the target service to obtain detection results corresponding to the plurality of historical transaction data, and the second amount of the historical transaction data with the risk may be determined according to the detection results corresponding to the plurality of historical transaction data. The second amount may be the amount of risk-presenting historical transaction data identified by the risk detection model, which may reflect the performance of the risk detection model in identifying the risk.
In practice, when the first number is greater than the second number, the accuracy of characterizing that the current risk evaluation rule hits the risk transaction data is higher than the accuracy of characterizing that the risk detection model hits the risk transaction data, that is, the accuracy of identifying the risk by using the current risk evaluation rule is higher, in this case, the process of step S205 may be executed, that is, the risk detection model is updated by using the labeled sample of the target service, so as to obtain the updated risk detection model.
Of course, in an example, when the difference value that the first number is greater than the second number reaches the preset difference value, the risk detection model may be updated by using the labeled sample of the target service, so as to obtain the updated risk detection model. In this case, the risk detection model may be updated when the amount of risk transaction data hit by the current risk evaluation rule is greater than the amount of risk transaction data hit by the risk detection model to a certain extent.
By adopting the embodiment, the combined defense of rule defense and model defense can be realized in the risk perception process, namely, in the process of putting the target service into operation, the risk assessment rule is dynamically updated to more comprehensively and accurately identify the transaction data with risks from the rule, and the risk detection model can be dynamically updated in time when the hit rate of the risk assessment rule to the risks is higher than the hit rate of the risk detection model to the risks, so that the risk assessment rule and the risk detection model are updated successively, and the accuracy and the coverage rate of risk detection on the transaction data are improved.
Next, a specific process of how to label the plurality of historical transaction data respectively is introduced, specifically, a risk detection result corresponding to each of the plurality of historical transaction data may be compared with a known risk set of the target service respectively, and the historical transaction data that is not in the known risk set may be determined as unknown risk transaction data; and then, labeling the determined unknown risk transaction data to obtain a labeled sample of the target service.
The unknown risk transaction data can refer to data which is not contained in a known risk set but is determined to be at risk through time sequence detection, aggregation detection and outlier detection; or data that is not included in the known risk set but carries a risk attribute tag. That is, unknown risk transaction data may refer to data that is at risk but fails to be hit by a set of known risks.
In this embodiment, the unknown risk transaction data may be labeled to obtain a labeled sample of the target service, so that the labeled sample used for subsequently updating the risk detection model is the unknown risk transaction data, and thus, the coverage rate of the risk detection model on risk identification may be improved.
Referring to fig. 4, a process of labeling unknown risk transaction data is shown, and specifically, the process may include the following steps:
step S401: and sampling the determined unknown risk transaction data to obtain target unknown risk transaction data.
The unknown risk transaction data can be labeled in batches, and the target unknown risk transaction data are sampled in each batch, so that the target unknown risk transaction data are labeled. The sampling may refer to randomly screening the unknown risk transaction data, so as to screen out target unknown risk transaction data that can be used for current labeling.
Step S402: and outputting a labeling prompt for labeling the target unknown risk transaction data.
In this embodiment, the target unknown risk transaction data may be labeled, and specifically, a labeling prompt may be output to prompt a user to label the target unknown risk transaction data. During specific implementation, a labeling interface for labeling the target unknown risk transaction data can be displayed, and a user can select a plurality of preset labels in the labeling interface so as to label the target unknown risk transaction data.
Step S403: and determining the label of the target unknown risk transaction data.
In this embodiment, the tagging label of the target unknown risk transaction data may be determined according to a selected operation of a user on a plurality of preset labels in the tagging interface. Wherein different label tags can characterize the risk types of the target unknown risk transaction data, wherein the risk types can be cheating, fraud, ticket swiping and the like.
Step S404: and determining the target unknown risk transaction data with the labeling label as a labeling sample of the target business.
In this embodiment, the sampled target unknown risk transaction data may be labeled in multiple batches, so that each unknown risk transaction data may have a label, and thus, the target unknown risk transaction data with the label may be determined as a labeled sample of the target service.
After the labeling prompt for labeling the target unknown risk transaction data is output for the first time, the subsequent unknown risk transaction data can be intelligently labeled so as to save labor consumed by manual labeling. Specifically, a small part of target unknown risk transaction data can be screened from the unknown risk transaction data, and then the small part of target unknown risk transaction data is labeled manually to obtain target unknown risk transaction data with a label. Therefore, the subsequent residual unknown risk transaction data can be used as a training sample by taking the target unknown risk transaction data with the labeling label as a training sample, and a sample classification model is trained, so that the residual unknown risk data are labeled through the sample classification model, therefore, only a few unknown risk transaction data can be labeled manually, the rapid labeling of all unknown risk transaction data can be achieved, and the human resources are saved.
Referring to fig. 5, a flowchart illustrating steps of intelligently labeling transaction data at unknown risk may specifically include the following steps:
step S501: and training a preset model by taking all the labeled samples of the target service as training samples to obtain a sample classification model.
In this embodiment, when unknown risk transaction data is sampled for the first time, the unknown risk transaction data with the risk attribute tag may be sampled as target unknown risk transaction data, and since the risk attribute tag is generally a tag obtained through complaints or reports of a user, it may reflect that the target unknown risk transaction data is obvious data with risks, and therefore, the target unknown risk transaction data of the batch may be labeled according to the risk attribute tag to obtain a first batch of labeled samples, and then the first batch of labeled samples may be used as training samples to train a preset model, thereby obtaining a sample classification model.
Wherein the preset model may be used to classify the unknown risk transaction data to determine a risk type of the unknown risk transaction data. In specific implementation, the first labeled sample is taken as a training sample, and the process of training the preset model can be referred to the existing model training process.
Step S502: and classifying the rest of unknown risk transaction data of the target business through the sample classification model, wherein the rest of unknown risk transaction data are data except the target risk transaction data.
In this embodiment, after the sample classification model is obtained, the sample classification model may be used to classify the remaining unknown risk transaction data except the target risk transaction data. Specifically, the remaining unknown risk transaction data may be input to the sample classification model, so as to obtain a classification score output by the sample classification model, where the classification score may represent a probability that the remaining unknown risk transaction data predicted by the sample classification model belongs to each risk type. For example, a classification score of { (0.8,1), (0.4, 2), (0.2, 3} characterizes that the probability that the unknown risk transaction data belongs to the risk type of swizzle is 0.8, the probability that it belongs to the risk type of fraud is 0.4, and the probability that it belongs to the risk type of cheating is 0.2.
Step S503: and labeling the other unknown risk transaction data according to the respective classification scores of the other unknown risk transaction data to obtain a labeled sample of the target service.
In this embodiment, the remaining unknown risk transaction data may be labeled according to the respective classification scores and the corresponding classification score thresholds of the remaining unknown risk transaction data predicted by the sample classification model.
Specifically, when the classification score of a certain risk type is greater than or equal to the classification score threshold of the risk type, the unknown risk transaction data can be represented as belonging to the risk type, and other unknown risk transaction data can be labeled according to the risk type, so that a labeled sample is obtained.
When the predicted classification score of each risk type is smaller than the classification score threshold of the corresponding risk type, the risk types of the unknown risk transaction data can be represented and not predicted successfully, and in this case, the unknown risk transaction data of which the risk types are not predicted can be labeled in a manual labeling mode.
In an example, when labeling the remaining unknown risk transaction data, training a sample classification model multiple times by using an existing labeled sample as a training sample to improve the precision of the sample classification model for performing sample classification on the risk transaction data, referring to fig. 6, a flowchart of steps for labeling the remaining unknown risk transaction data is shown, and specifically, the steps may include the following steps:
step S601: and determining risk transaction data to be classified and classified risk transaction data from the other unknown risk transaction data according to the relation between the classification score of each of the other unknown risk transaction data and a preset score threshold.
Step S602: and determining the classified risk transaction data as an labeled sample of the target business.
In this embodiment, the preset score threshold may be the above-mentioned classification score threshold, and when the classification score belonging to a certain risk type is greater than or equal to the classification score threshold of the risk type, the unknown risk transaction data may be characterized as belonging to the risk type, and then, according to the risk type, the remaining unknown risk transaction data may be labeled, the other labeled unknown risk transaction data may be determined as classified risk transaction data, and the other labeled unknown risk transaction data may be a labeled sample.
In the rest of the unknown risk transaction data, data with classification scores belonging to each risk type smaller than a corresponding preset score threshold value can be determined, and the determined data with classification scores belonging to each risk type smaller than the corresponding preset score threshold value is determined as the risk transaction data to be classified.
Step S603: and updating the sample classification model by taking all labeled samples of the target service as training samples.
Since the classified risk transaction data is labeled, the labeled sample can be used as a training sample to train the sample classification model continuously, so that the updated sample classification model is obtained.
Step S604: and classifying the risk transaction data to be classified through the updated sample classification model.
Step S605: and repeating the process until the rest of the unknown risk transaction data are classified risk transaction data.
In this embodiment, after the updated sample classification model is obtained, the updated sample classification model may be continuously used to classify the current risk transaction data to be classified, and then the steps S601 to S603 are repeated until the remaining unknown risk transaction data are classified risk transaction data, that is, until the classification scores of all the remaining unknown risk transaction data predicted by the sample classification model exceed the preset score threshold, in this case, the characterization sample classification model may accurately predict the risk types of the remaining unknown risk transaction data.
In the following, an example is listed to illustrate the above process:
assuming that the number of the existing unknown risk transaction data is 100, firstly, 20 target unknown risk transaction data carrying risk attribute labels are screened out in the first round, and the 20 target unknown risk transaction data are labeled to obtain 20 labeled samples, so that the number of the unknown risk transaction data except the target unknown risk transaction data is 80.
Then, the 20 labeled samples are used as training samples, the preset model is trained to obtain a sample classification model, and then 80 pieces of other unknown risk transaction data can be input into the sample classification model to obtain respective classification scores of the 80 pieces of other unknown risk transaction data.
Then, according to the size relation between the classification scores of the 80 remaining unknown risk transaction data and a preset score threshold, classified risk transaction data with the classification scores larger than or equal to the preset score threshold are screened out from the 80 remaining unknown risk transaction data, and if 30 classified risk transaction data exist, 50 remaining risk transaction data to be classified.
And then, labeling 30 classified risk transaction data to obtain 30 labeled samples, wherein the first batch has obtained 20 labeled samples, and if the total number of the labeled samples is 50, the 50 labeled samples can be used as training samples to train the sample classification model continuously, so that the continuously trained sample classification model is obtained.
And then inputting the remaining 50 risk transaction data to be classified into the continuously trained sample classification model to obtain the classification scores of the 50 risk transaction data to be classified. Then, according to the size relationship between the classification scores of the 50 risk transaction data to be classified and the preset score threshold, classified risk transaction data with the classification score larger than or equal to the preset score threshold is screened out from the 50 risk transaction data to be classified, and if the classified risk transaction data is 40 at this time, 10 risk transaction data to be classified remain.
And then labeling the 40 classified risk transaction data, and further obtaining 40 labeled samples, so that 90 labeled samples are obtained in an accumulated manner, and then training the current sample classification model by using the 90 labeled samples as training samples to obtain the trained sample classification model.
And finally, inputting the remaining 10 risk transaction data to be classified into the sample classification model at this time to obtain the classification scores of the remaining 10 risk transaction data to be classified. The above process is repeated in a loop until the remaining 10 risk transaction data to be classified are determined as classified risk transaction data, that is, until the classification scores of the remaining 10 risk transaction data to be classified are all greater than the preset score threshold.
When the embodiment is adopted, the sample classification model is continuously trained according to the labeled samples, all samples to be labeled can be classified manually only by analyzing and labeling the samples with the least number, and the samples and the characteristics are dropped into a library, so that the labeling efficiency is improved, and the labor cost is saved.
With reference to fig. 1, the migration of the risk detection model may also be performed, that is, for a newly deployed and controlled service, the risk detection model of the target service may be trained by using sample data of the newly deployed and controlled service, so that the trained model is used to perform risk control on the newly deployed and controlled service. Specifically, as shown in fig. 7, a flowchart of the step of migrating the risk detection model to the newly deployed service is shown, and specifically, the step may include the following steps:
step S701: and acquiring a plurality of transaction data to be detected of the service to be detected, wherein the service to be detected is different from the target service.
In this embodiment, the service to be detected may be a service different from the target service, for example, the target service is a takeout service, and the service to be detected may be a newly online airline ticket booking service. The transaction data to be detected may refer to transaction data generated by the service to be detected in a historical time period before the current time, the transaction data may refer to a transaction log, and the transaction data to be detected may include user information, transaction time, transaction content, commodity information, and the like.
Step S702: and marking the plurality of to-be-detected transaction data corresponding to the to-be-detected service according to the rule corresponding to the to-be-detected service to obtain a plurality of to-be-detected samples.
In this embodiment, the rule corresponding to the service to be detected may be a rule set in advance according to the service to be detected, the rule may be used to perform risk identification on the transaction data of the service to be detected, and when the transaction data to be detected of the detection service conforms to the rule, the transaction data to be detected may be labeled according to a specific condition that the transaction data to be detected conforms to the rule. For example, if the transaction data to be detected conforms to the fraud condition specified by the rule, the transaction data to be detected may be marked as data at risk of fraud.
Of course, when the transaction data to be detected does not meet the rule, the transaction data to be detected is represented as data which does not have risk, and the transaction data to be detected can be marked as normal data.
Thus, the sample to be detected can be obtained through the labeling process.
Step S703: and acquiring a risk detection model of the target service, and training the risk detection model of the target service by taking the plurality of samples to be detected as input to acquire the risk detection model corresponding to the service to be detected.
In this embodiment, the risk detection model of the target service may be obtained from the target service, and further, the risk detection model of the target service may be trained by using the sample to be detected as a training sample, so as to obtain the risk detection model corresponding to the service to be detected. Namely, the risk detection model of the service to be detected can be constructed by using the risk detection model of the existing service and the sample to be detected of the service to be detected, so that the migration of the existing risk detection model is completed.
Step S704: and carrying out risk detection on the current transaction data of the service to be detected through a risk detection model corresponding to the service to be detected.
In this embodiment, after the risk detection model corresponding to the service to be detected is obtained, the risk detection model corresponding to the service to be detected can be used to perform risk detection on the current transaction data of the service to be detected, so that data and methods under existing field services are fully utilized, the model is adaptively migrated and applied to a new scene, and rapid and stable-effect new scene wind control system deployment and control are achieved.
Based on the same inventive concept as the above embodiments, in a second aspect of the embodiments of the present disclosure, there is provided a risk detection apparatus 800, as shown in fig. 8, the risk detection apparatus 800 may specifically include the following modules:
an obtaining module 801, configured to obtain multiple historical transaction data of a target service;
a first detection module 802, configured to perform risk detection on the multiple historical transaction data respectively;
the labeling module 803 is configured to label the multiple historical transaction data according to the risk detection results corresponding to the multiple historical transaction data, respectively, to obtain a labeled sample of the target service;
an updating module 804, configured to update the risk detection model of the target service by using the labeled sample of the target service, so as to obtain an updated risk detection model of the target service;
the second detection module 805 is configured to detect current transaction data of the target service through the updated risk detection model of the target service, so as to obtain a risk detection result.
Optionally, the first detection module may specifically include at least one of the following units:
the first detection unit is used for detecting whether the historical transaction data respectively accord with the current risk evaluation rule of the target business;
the second detection unit is used for respectively carrying out time sequence detection, aggregation detection and outlier detection on the plurality of historical transaction data;
and the third detection unit is used for detecting whether the plurality of historical transaction data carry risk attribute labels respectively.
Optionally, the apparatus may further include the following modules:
a quantity determination module for determining the quantity of the historical transaction data that conforms to the current risk assessment rule;
the rule updating module is used for updating the current risk assessment rule when the quantity of the historical transaction data conforming to the current risk assessment rule is less than a preset quantity;
the first detecting unit may be specifically configured to detect whether each of the plurality of historical transaction data complies with the updated current risk assessment rule.
Optionally, the labeling module may specifically include the following units:
the comparison unit is used for comparing the risk detection results corresponding to the historical transaction data with the known risk sets of the target business respectively and determining unknown risk transaction data from the historical transaction data which are not in the known risk sets;
and the marking unit is used for marking the determined unknown risk transaction data to obtain a marking sample of the target service.
Optionally, the apparatus may further include the following modules:
a first quantity determination module for determining a first quantity of historical transaction data that conforms to a current risk assessment rule of the target business;
the detection module is used for inputting the historical transaction data into a risk detection model of the target service to obtain detection results corresponding to the historical transaction data respectively;
the second quantity determining module is used for determining a second quantity of the historical transaction data with risks according to the detection results corresponding to the plurality of historical transaction data respectively;
the updating module may be specifically configured to update the risk detection model of the target service by using the labeled sample of the target service when the first number is greater than the second number, so as to obtain an updated risk detection model of the target service.
Optionally, the labeling module may specifically include the following units:
the sampling unit is used for sampling the determined unknown risk transaction data to obtain target unknown risk transaction data;
the output unit is used for outputting a labeling prompt for labeling the target unknown risk transaction data;
the label determining unit is used for determining a label of the target unknown risk transaction data;
and the sample determining unit is used for determining the target unknown risk transaction data with the labeling label as a labeling sample of the target business.
Optionally, the apparatus may further include the following modules:
the training module is used for training a preset model by taking all the labeled samples of the target service as training samples to obtain a sample classification model;
the classification module is used for classifying the other unknown risk transaction data of the target business through the sample classification model, wherein the other unknown risk transaction data are data except the target risk transaction data;
and the classification marking module is used for marking the other unknown risk transaction data according to the respective classification scores of the other unknown risk transaction data to obtain a marking sample of the target service.
Optionally, the classification labeling module may specifically include the following units:
the screening unit is used for determining risk transaction data to be classified and classified risk transaction data from the other unknown risk transaction data according to the relation between the classification score of each of the other unknown risk transaction data and a preset score threshold;
the determining unit is used for determining the classified risk transaction data as an labeled sample of the target business;
the updating unit is used for updating the sample classification model by taking all the labeled samples of the target service as training samples;
the classification unit is used for classifying the risk transaction data to be classified through the updated sample classification model;
and the repeated execution unit is used for repeating the processes until the rest unknown risk transaction data are classified risk transaction data.
Optionally, the apparatus may further include the following modules:
the transaction data acquisition module is used for acquiring a plurality of transaction data to be detected of a service to be detected, wherein the service to be detected is different from the target service;
the sample marking module is used for marking a plurality of to-be-detected transaction data corresponding to the to-be-detected business according to the rule corresponding to the to-be-detected business to obtain a plurality of to-be-detected samples;
the model training module is used for obtaining a risk detection model of the target business, taking the plurality of samples to be detected as input, and training the risk detection model of the target business to obtain a risk detection model corresponding to the business to be detected;
and the risk detection module is used for carrying out risk detection on the current transaction data of the service to be detected through the risk detection model corresponding to the service to be detected.
It should be noted that the device embodiments are similar to the method embodiments, so that the description is simple, and reference may be made to the method embodiments for relevant points.
Embodiments of the present invention further provide an electronic device, which may include a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor is configured to execute the risk detection method.
The disclosed embodiments also provide a non-transitory computer-readable storage medium, wherein instructions, when executed by a processor, enable the processor to perform operations performed to implement the above-described risk detection method of the present disclosure.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The method, the apparatus, the device and the storage medium for risk detection provided by the present invention are described in detail above, and a specific example is applied in the present document to illustrate the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (12)

1. A method of risk detection, the method comprising:
obtaining a plurality of historical transaction data of a target service;
respectively carrying out risk detection on the plurality of historical transaction data;
marking the historical transaction data respectively according to the risk detection results corresponding to the historical transaction data to obtain marking samples of the target service;
updating the risk detection model of the target service by using the labeled sample of the target service to obtain an updated risk detection model of the target service;
and detecting the current transaction data of the target service through the updated risk detection model of the target service to obtain a risk detection result.
2. The method of claim 1, wherein the risk detection is performed on each of the plurality of historical transaction data, comprising at least one of:
detecting whether each of the plurality of historical transaction data conforms to a current risk assessment rule of the target business;
performing time sequence detection, aggregation detection and outlier detection on the plurality of historical transaction data respectively;
and detecting whether the plurality of historical transaction data carry risk attribute labels respectively.
3. The method of claim 2, further comprising:
determining the amount of historical transaction data that conforms to the current risk assessment rule;
updating the current risk assessment rule when the quantity of the historical transaction data which accord with the current risk assessment rule is less than a preset quantity;
detecting whether each of the plurality of historical transaction data complies with a current risk assessment rule for the target business, comprising:
detecting whether each of the plurality of historical transaction data complies with an updated current risk assessment rule.
4. The method of claim 2, wherein in the case of risk detection of the plurality of historical transaction data by the current risk assessment rule of the target service, respectively, the method further comprises:
determining a first amount of historical transaction data that conforms to a current risk assessment rule of the target business;
inputting the plurality of historical transaction data into a risk detection model of the target service to obtain detection results corresponding to the plurality of historical transaction data respectively;
determining a second quantity of the historical transaction data with risks according to the detection results corresponding to the plurality of historical transaction data respectively;
updating the risk detection model of the target service by using the labeled sample of the target service to obtain an updated risk detection model of the target service, comprising:
and when the first quantity is larger than the second quantity, updating the risk detection model of the target service by using the labeled sample of the target service to obtain the updated risk detection model of the target service.
5. The method according to claim 1, wherein labeling the historical transaction data according to the risk detection result corresponding to each of the historical transaction data to obtain a labeled sample of the target service comprises:
comparing the risk detection result corresponding to each of the plurality of historical transaction data with a known risk set of the target service, and determining unknown risk transaction data from the historical transaction data which is not in the known risk set;
and marking the determined unknown risk transaction data to obtain a marked sample of the target service.
6. The method of claim 5, wherein annotating the determined risk-unknown transaction data to obtain an annotated sample of the target service comprises:
sampling the determined unknown risk transaction data to obtain target unknown risk transaction data;
outputting a labeling prompt for labeling the target unknown risk transaction data;
determining an annotation label of the target unknown risk transaction data;
and determining the target unknown risk transaction data with the labeling label as a labeling sample of the target business.
7. The method of claim 6, wherein after outputting a tagging prompt to tag the target unknown risk transaction data, the method further comprises:
training a preset model by taking all labeled samples of the target service as training samples to obtain a sample classification model;
classifying the rest unknown risk transaction data of the target business through the sample classification model, wherein the rest unknown risk transaction data are data except the target unknown risk transaction data;
and labeling the other unknown risk transaction data according to the respective classification scores of the other unknown risk transaction data to obtain a labeled sample of the target service.
8. The method of claim 7, wherein labeling the remaining unknown risk transaction data according to their respective classification scores to obtain a labeled sample of the target service comprises:
determining risk transaction data to be classified and classified risk transaction data from the other unknown risk transaction data according to the relation between the classification score of each of the other unknown risk transaction data and a preset score threshold;
determining the classified risk transaction data as an labeled sample of the target business;
updating the sample classification model by taking all labeled samples of the target service as training samples;
classifying the risk transaction data to be classified through the updated sample classification model;
and repeating the process until the rest of the unknown risk transaction data are classified risk transaction data.
9. The method according to any one of claims 1-8, further comprising:
obtaining a plurality of transaction data to be detected of a service to be detected, wherein the service to be detected is different from the target service;
marking a plurality of to-be-detected transaction data corresponding to the to-be-detected service according to a rule corresponding to the to-be-detected service to obtain a plurality of to-be-detected samples;
acquiring a risk detection model of the target service, and training the risk detection model of the target service by taking the plurality of samples to be detected as input to obtain a risk detection model corresponding to the service to be detected;
and carrying out risk detection on the current transaction data of the service to be detected through a risk detection model corresponding to the service to be detected.
10. A risk detection apparatus, characterized in that the apparatus comprises:
the acquisition module is used for acquiring a plurality of historical transaction data of the target service;
the first detection module is used for respectively carrying out risk detection on the plurality of historical transaction data;
the marking module is used for marking the historical transaction data respectively according to the risk detection results corresponding to the historical transaction data to obtain marking samples of the target service;
the updating module is used for updating the risk detection model of the target service by using the labeled sample of the target service to obtain an updated risk detection model of the target service;
and the second detection module is used for detecting the current transaction data of the target service through the updated risk detection model of the target service to obtain a risk detection result.
11. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor when executing implementing the risk detection method according to any one of claims 1-9.
12. A computer-readable storage medium storing a computer program for causing a processor to perform the risk detection method according to any one of claims 1-9.
CN202011165265.9A 2020-10-27 2020-10-27 Risk detection method, apparatus, device and storage medium Pending CN112365269A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011165265.9A CN112365269A (en) 2020-10-27 2020-10-27 Risk detection method, apparatus, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011165265.9A CN112365269A (en) 2020-10-27 2020-10-27 Risk detection method, apparatus, device and storage medium

Publications (1)

Publication Number Publication Date
CN112365269A true CN112365269A (en) 2021-02-12

Family

ID=74512291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011165265.9A Pending CN112365269A (en) 2020-10-27 2020-10-27 Risk detection method, apparatus, device and storage medium

Country Status (1)

Country Link
CN (1) CN112365269A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113934453A (en) * 2021-12-15 2022-01-14 深圳竹云科技有限公司 Risk detection method, risk detection device and storage medium
CN115712866A (en) * 2022-10-28 2023-02-24 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113934453A (en) * 2021-12-15 2022-01-14 深圳竹云科技有限公司 Risk detection method, risk detection device and storage medium
CN115712866A (en) * 2022-10-28 2023-02-24 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment
CN115712866B (en) * 2022-10-28 2023-05-02 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment

Similar Documents

Publication Publication Date Title
CN110198310B (en) Network behavior anti-cheating method and device and storage medium
US10712733B2 (en) Methods and systems for discovery of prognostic subsequences in time series
CN110175549A (en) Face image processing process, device, equipment and storage medium
CN110210294B (en) Evaluation method and device of optimization model, storage medium and computer equipment
CN111177714A (en) Abnormal behavior detection method and device, computer equipment and storage medium
JP6708219B2 (en) Log analysis system, method and program
CN104765733A (en) Method and device for analyzing social network event
CN107016298B (en) Webpage tampering monitoring method and device
CN111382605B (en) Video content auditing method, device, storage medium and computer equipment
CN112365269A (en) Risk detection method, apparatus, device and storage medium
CN112434178A (en) Image classification method and device, electronic equipment and storage medium
CN108280096A (en) Data cleaning method and data cleansing device
CN112015779A (en) Method, system and device for predicting preference of students
CN111444075B (en) Method for automatically discovering key influence indexes
US20150373404A1 (en) Information processing device and method, and program
CN113722134A (en) Cluster fault processing method, device and equipment and readable storage medium
JPWO2018069950A1 (en) Log analysis method, system and program
CN115660262A (en) Intelligent engineering quality inspection method, system and medium based on database application
CN115439928A (en) Operation behavior identification method and device
CN112733897B (en) Method and apparatus for determining abnormality cause of multi-dimensional sample data
CN117435999A (en) Risk assessment method, apparatus, device and medium
CN117670359A (en) Abnormal transaction data identification method and device, storage medium and electronic equipment
CN109491970B (en) Bad picture detection method and device for cloud storage and storage medium
CN113962216A (en) Text processing method and device, electronic equipment and readable storage medium
CN113434868A (en) Information generation method based on threat perception big data and artificial intelligence perception system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210212