[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN111951012A - Risk message identification method and system - Google Patents

Risk message identification method and system Download PDF

Info

Publication number
CN111951012A
CN111951012A CN202010760061.3A CN202010760061A CN111951012A CN 111951012 A CN111951012 A CN 111951012A CN 202010760061 A CN202010760061 A CN 202010760061A CN 111951012 A CN111951012 A CN 111951012A
Authority
CN
China
Prior art keywords
risk
message
model
initial
message risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010760061.3A
Other languages
Chinese (zh)
Inventor
张尚煌
韦东俊
郭越
何敏华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010760061.3A priority Critical patent/CN111951012A/en
Publication of CN111951012A publication Critical patent/CN111951012A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a risk message identification method and a risk message identification system, and belongs to the technical field of information security. The risk message identification method comprises the following steps: receiving a current message; inputting the characteristic value of the current message into a message risk online model determined by the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model to obtain a message risk identification result; and submitting an early warning report according to the message risk identification result. The invention can effectively identify the risk remittance message and improve the processing efficiency of the bank and the customer experience.

Description

Risk message identification method and system
Technical Field
The invention relates to the technical field of information security, in particular to a risk message identification method and system.
Background
With the rising of the ship height of the clearing business of clearing banks, in order to reduce the risk of manual operation and improve the bank processing efficiency, all banks basically realize the function of meeting the automatic processing. The automation level is improved, the load of a plurality of branches is really reduced, but correspondingly, because the link of manual judgment is skipped, some messages which are not in accordance with the conventional process but are directly connected but are converged can be automatically released, and certain business risk exists. In 2016, the central row of bangladesh was exposed to a theft of 8100 ten thousand dollars, and from the report analysis, messages originated at the central row of bangladesh to the federal reserve bank in new york, usa, and finally the remittance bank pointed to the philippines, and after the funds arrived, the funds transfer was finally achieved by a hacker; it can be seen from the case that only the reasonability of the remittance route is left, and the high business risk is hidden by the 'reasonability' of the remittance message which is not carefully verified; even if the mode of reducing the automatic processing rate and improving the manual verification operation is adopted, the effect depends on the service level of operators, on one hand, the actual effect is poor, on the other hand, the processing efficiency of the bank is reduced, and the customer experience is greatly discounted; therefore, on the basis of keeping the bank processing efficiency, the risk of the remittance message can be effectively identified, which is not only a business problem, but also a technical problem.
Disclosure of Invention
The embodiment of the invention mainly aims to provide a risk message identification method and a risk message identification system, so as to effectively identify a risk remittance message and improve the processing efficiency and the customer experience of a bank.
In order to achieve the above object, an embodiment of the present invention provides a method for identifying a risk packet, including:
receiving a current message;
inputting the characteristic value of the current message into a message risk online model determined by the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model to obtain a message risk identification result;
and submitting an early warning report according to the message risk identification result.
The embodiment of the present invention further provides a system for identifying a risk packet, including:
a receiving unit, configured to receive a current packet;
a message risk identification result unit, configured to input a feature value of a current message into a message risk online model determined according to an evaluation result of the initial message risk online model and an evaluation result of the message risk offline model, so as to obtain a message risk identification result;
and the early warning report unit is used for submitting an early warning report according to the message risk identification result.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and runs on the processor, wherein the steps of the risk message identification method are realized when the processor executes the computer program.
The embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the risk packet identification method are implemented.
According to the risk message identification method and system provided by the embodiment of the invention, the characteristic value of the current message is input into the message risk online model determined by the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model to obtain the message risk identification result, and the early warning report is submitted according to the message risk identification result, so that the risk remittance message can be effectively identified, and the processing efficiency and the customer experience of a bank are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
FIG. 1 is a flow chart of a risk packet identification method in an embodiment of the present invention;
FIG. 2 is a diagram illustrating an online model for determining a risk of a packet according to an embodiment of the present invention;
FIG. 3 is a flowchart of determining an evaluation result of an initial message risk online model according to an embodiment of the present invention;
FIG. 4 is a flowchart of determining an evaluation result of a message risk offline model according to an embodiment of the present invention;
FIG. 5 is a flow chart of a risk packet identification method in another embodiment of the present invention;
FIG. 6 is a block diagram of a risk packet identification system according to an embodiment of the present invention;
FIG. 7 is a block diagram of a risk packet identification system according to another embodiment of the present invention;
FIG. 8 is a block diagram showing the structure of a data collection apparatus according to an embodiment of the present invention;
FIG. 9 is a block diagram showing the structure of a model learning apparatus according to an embodiment of the present invention;
FIG. 10 is a block diagram showing the structure of a model management apparatus according to an embodiment of the present invention;
fig. 11 is a block diagram of a computer device in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
In view of the fact that the risk of a remittance message cannot be effectively identified while the processing efficiency of a bank is maintained in the prior art, the embodiment of the invention provides a risk message identification method to effectively identify a risk remittance message and improve the processing efficiency of the bank and the customer experience. The present invention will be described in detail below with reference to the accompanying drawings.
Fig. 1 is a flowchart of a risk packet identification method in an embodiment of the present invention. Fig. 5 is a flowchart of a risk packet identification method according to another embodiment of the present invention. As shown in fig. 1 and 5, the risk packet identification method includes:
s101: and receiving the current message.
In specific implementation, the current message may be obtained from the clearing system.
S102: and inputting the characteristic value of the current message into a message risk online model determined according to the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model to obtain a message risk identification result.
The characteristic value of the current message can be extracted by preprocessing the current message so as to isolate the influence of the change of the message format on the online model of the message risk. And only when the message amount of the current message exceeds a preset large amount threshold value, performing risk evaluation on the current message, and inputting the characteristic value of the current message into a message risk online model to obtain a message risk identification result. According to a general business rule, a large amount of messages specially reported are generally limited to certain countries and are related to business expansion range of the reports.
S103: and submitting an early warning report according to the message risk identification result.
When the message risk identification result is a risk message, an early warning report can be submitted to the clearing system. When the message risk identification result is a non-risk message, the safety information of the message can be pushed to a clearing system.
The executing body of the risk packet identification method shown in fig. 1 may be a computer. As can be seen from the process shown in fig. 1, the risk packet identification method according to the embodiment of the present invention inputs the feature value of the current packet into the packet risk on-line model determined by the evaluation result of the initial packet risk on-line model and the evaluation result of the packet risk off-line model, obtains the packet risk identification result, and submits the early warning report according to the packet risk identification result, so that the risk remittance packet can be effectively identified, and the processing efficiency of the bank and the customer experience are improved.
In one embodiment, the message risk model is obtained by training according to a closed-loop historical clearing message pushed by a clearing system. The initial message risk online model is a message risk model which is used for evaluating the current online position, and the message risk offline model is a message risk model which is not used online.
During specific implementation, a remittance risk message and a non-remittance risk message are marked on a historical clearing message according to a preset business rule, then the historical clearing message is preprocessed, a characteristic value of the historical clearing message is extracted, and an initial model is trained according to the characteristic value of the historical clearing message to obtain a message risk model. The offline message risk model is the offline message risk model, and the online message risk model is the online initial message risk model. The frequency of the training model is generally once a week, but when the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model are both smaller than the preset evaluation result threshold value, the initial model is trained again according to the feature value of a new historical clearing message on the same day to obtain a new message risk model. The historical clearing message is a clearing message within one year. For example, if the training time of the model is 5/1/2020, the historical liquidation messages used for training the model are those from 5/1/2019 to 4/2020/30. Table 1 is a characteristic value table in the embodiment of the present invention. As shown in table 1, the characteristic values may include agent to report line, currency, and place of entry, etc.
TABLE 1
Field description Description of the invention
Agent to report line Storing incoming line information of messages
Coin kind Currency information of storage message
To the ground Final destination for storing messages
Fig. 2 is a schematic diagram of determining an online risk model of a packet in the embodiment of the present invention. As shown in fig. 2, the step of determining the message risk online model according to the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model includes:
s201: and comparing the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model in the same evaluation period.
Fig. 3 is a flowchart of determining an evaluation result of an initial message risk online model in the embodiment of the present invention. As shown in fig. 3, the step of determining the evaluation result of the initial message risk online model includes:
s301: and determining the accuracy and the recall rate of the initial message risk online model according to the message risk identification result and the actual message risk result after the initial message risk online model is online.
TABLE 2
Figure BDA0002612819060000051
Table 2 is a table of actual risk results and identification results of the message, belonging to the confusion matrix. As shown in table 2, after the initial message risk online model is set to be online, the actual message risk result and the message risk identification result are risk messages, and the number of the risk messages is TP; the actual message risk result is a risk message, and the number of non-risk messages in the message risk identification result is PN; the actual message risk result is a non-risk message, and the message risk identification result is that the number of risk messages is FP; the number of the non-risk messages is TN, wherein the actual message risk result and the message risk identification result are both non-risk messages. Accuracy of risk online model of initial message
Figure BDA0002612819060000052
Recall of initial message risk online model
Figure BDA0002612819060000053
S302: and determining the evaluation result of the initial message risk online model according to the accuracy and the recall rate of the initial message risk online model.
In an embodiment, the evaluation result of the initial message risk online model may be determined by the following formula:
Figure BDA0002612819060000054
wherein, F1 is the evaluation result of the initial message risk online model.
Fig. 4 is a flowchart of determining an evaluation result of the message risk offline model in the embodiment of the present invention. As shown in fig. 4, the step of determining the evaluation result of the message risk offline model includes:
s401: and selecting a test set of the message risk offline model from the characteristic values of the historical messages.
In specific implementation, the feature values of the clearing messages in the last year can be randomly divided into ten mutually exclusive subsets with similar sizes, and one subset is selected as a test set of the message risk offline model.
S402: and determining the initial accuracy and the initial recall rate of the message risk offline model according to the test set.
TABLE 3
Figure BDA0002612819060000055
Table 3 shows the actual results and the test results of the test set, which belong to the confusion matrix. As shown in table 3, the test result of the test set is the output result of the message risk offline model with the feature value input. The number of risk messages of both the actual test result and the test result of the test set is setIs TP 1; the actual result of the test set is a risk message, and the number of the non-risk messages of the test result of the test set is PN 1; the actual result of the test set is a non-risk message, and the test result of the test set is that the number of risk messages is FP 1; the number of the non-risk messages of both the actual test result and the test result of the test set is TN 1. Initial accuracy of the message risk offline model
Figure BDA0002612819060000061
Initial recall of message risk offline model
Figure BDA0002612819060000062
S403: and determining the accuracy of the message risk offline model according to the initial accuracy and the historical accuracy in the preset number of evaluation periods.
In one embodiment, the accuracy P' of the message risk offline model is an average of the initial accuracy P1 and the historical accuracy in a preset number of evaluation periods. For example, there are five evaluation periods (generally one day is an evaluation period), in each evaluation period, the accuracy and the recall rate of the offline message model and the online message risk model (initial online message risk model) currently in use on line are calculated, the accuracy of the offline message risk model in the first evaluation period is the initial accuracy of the first evaluation period, the accuracy in the second evaluation period is the average value of the accuracy of the first evaluation period and the initial accuracy of the second evaluation period, the accuracy in the third evaluation period is the average value of the accuracy of the first evaluation period, the accuracy of the second evaluation period and the initial accuracy of the third evaluation period, the accuracy in the fourth evaluation period is the average value of the accuracy of the first evaluation period, the accuracy of the second evaluation period, the accuracy of the third evaluation period and the initial accuracy of the fourth evaluation period, the accuracy in the fifth evaluation period is the average of the accuracy of the first evaluation period, the accuracy of the second evaluation period, the accuracy of the third evaluation period, the accuracy of the fourth evaluation period and the initial accuracy of the fifth evaluation period.
S404: and determining the recall rate of the message risk offline model according to the initial recall rate and the historical recall rate in the preset number of evaluation periods.
In one embodiment, the recall rate R' of the offline message risk model is an average value of the initial recall rate R1 and the historical recall rate in a preset number of evaluation periods. For example, there are five evaluation periods in total, the recall ratio of the message risk offline model in the first evaluation period is the initial recall ratio of the first evaluation period, the recall ratio in the second evaluation period is the average value of the recall ratio of the first evaluation period and the initial recall ratio of the second evaluation period, the recall ratio in the third evaluation period is the average value of the recall ratio of the first evaluation period, the recall ratio of the second evaluation period and the initial recall ratio of the third evaluation period, the recall ratio in the fourth evaluation period is the average value of the recall ratio of the first evaluation period, the recall ratio of the second evaluation period, the recall ratio of the third evaluation period and the initial recall ratio of the fourth evaluation period, and the recall ratio in the fifth evaluation period is the recall ratio of the first evaluation period, the recall ratio of the second evaluation period, the recall ratio of the third evaluation period, the recall ratio of the first evaluation period, the recall ratio of the second evaluation period, the recall ratio of the third evaluation, The recall of the fourth evaluation period averaged with the initial recall of the fifth evaluation period.
S405: and determining the evaluation result of the message risk offline model according to the accuracy and the recall rate of the message risk offline model.
In one embodiment, the evaluation result of the message risk offline model in the same evaluation period can be determined by the following formula:
Figure BDA0002612819060000071
wherein, F2 is the evaluation result of the message risk offline model, P 'is the accuracy of the message risk offline model in the same evaluation period, and R' is the recall rate of the message risk offline model in the same evaluation period.
S202: and judging whether the times that the evaluation results of the message risk offline model are superior to the evaluation results of the initial message risk online model in the preset number of evaluation periods are greater than the preset times or not.
S203: and when the times that the evaluation results of the message risk offline model are superior to the evaluation results of the initial message risk online model in the preset number of evaluation periods are greater than the preset times, determining that the message risk offline model is the message risk online model.
For example, if the number of times that the evaluation result F2 of the message risk offline model is greater than the evaluation result F1 of the initial message risk online model is greater than three times, the initial message risk online model is offline, and the message risk offline model is online to become the message risk online model. The number of the message risk offline models may be multiple, and when a plurality of message risk offline models all meet the online requirement (the number of times that the evaluation result of the message risk offline models is greater than the evaluation result of the initial message risk online model is greater than three times), the message risk offline model corresponding to the maximum value of F2 is determined as the message risk online model. And if the message risk offline model is not on-line in thirty evaluation periods, the message risk offline model is invalidated.
S204: and when the times that the evaluation results of the message risk offline model are superior to the evaluation results of the initial message risk online model in the preset number of evaluation periods are less than or equal to the preset times, determining the initial message risk online model as a message risk online model.
For example, there are five evaluation periods, and the number of times that the evaluation result F2 of the message risk offline model is greater than the evaluation result F1 of the initial message risk online model is less than or equal to three times, the initial message risk online model is used as the message risk online model to continue online application.
The specific process of the embodiment of the invention is as follows:
1. and marking the remittance risk message and the non-remittance risk message on the historical clearing message according to a preset business rule.
2. And preprocessing the historical clearing message, extracting the characteristic value of the historical clearing message, and training an initial model according to the characteristic value of the historical clearing message to obtain a message risk model. The offline message risk model is the offline message risk model, and the online message risk model is the online initial message risk model.
3. And determining the accuracy and the recall rate of the initial message risk online model according to the message risk identification result and the actual message risk result after the initial message risk online model is online. And determining the evaluation result of the initial message risk online model according to the accuracy and the recall rate of the initial message risk online model.
4. And selecting a test set of the message risk offline model from the characteristic values of the historical messages, and determining the initial accuracy and the initial recall rate of the message risk offline model according to the test set.
5. And determining the accuracy of the message risk offline model according to the initial accuracy and the historical accuracy in the preset number of evaluation periods, and determining the recall rate of the message risk offline model according to the initial recall rate and the historical recall rate in the preset number of evaluation periods.
6. Determining the evaluation result of the message risk offline model according to the accuracy and recall rate of the message risk offline model
7. And judging whether the times that the evaluation results of the message risk offline model are superior to the evaluation results of the initial message risk online model in the preset number of evaluation periods are greater than the preset times or not. And when the times that the evaluation results of the message risk offline model are superior to the evaluation results of the initial message risk online model in the preset number of evaluation periods are greater than the preset times, determining that the message risk offline model is the message risk online model, and otherwise, determining that the initial message risk online model is the message risk online model.
8. And inputting the characteristic value of the current message into the message risk online model to obtain a message risk identification result.
9. And submitting an early warning report according to the message risk identification result.
In summary, in order to solve the problem of difficulty in identifying a risk packet, the risk packet identification method according to the embodiment of the present invention inputs a feature value of a current packet into a packet risk online model determined by an evaluation result of an initial packet risk online model and an evaluation result of a packet risk offline model to obtain a packet risk identification result, and submits an early warning report according to the packet risk identification result, so that a risk remittance packet can be effectively identified, the remittance packet risk is reduced, and the clearing agent service level, the bank processing efficiency and the customer experience are improved.
In addition, the invention is parallel to the message processing of the clearing system, has small invasion to the function code of the clearing system, realizes function decoupling, and avoids the reduction of the bank business processing efficiency caused by identifying the risk message; and meanwhile, a fault-tolerant mechanism is provided, and the message risk on-line model with the evaluation result not meeting the requirement is replaced by the message risk off-line model.
Based on the same inventive concept, the embodiment of the invention also provides a risk message identification system, and as the problem solving principle of the system is similar to that of the risk message identification method, the implementation of the system can refer to the implementation of the method, and repeated parts are not repeated.
Fig. 6 is a block diagram of a risk packet identification system according to an embodiment of the present invention. Fig. 7 is a block diagram of a risk packet identification system according to another embodiment of the present invention. As shown in fig. 6-7, the risk packet identification system includes:
a receiving unit, configured to receive a current packet;
a message risk identification result unit, configured to input a feature value of a current message into a message risk online model determined according to an evaluation result of the initial message risk online model and an evaluation result of the message risk offline model, so as to obtain a message risk identification result;
and the early warning report unit is used for submitting an early warning report according to the message risk identification result.
In one embodiment, the method further comprises the following steps:
a message risk online model determining unit, configured to:
comparing the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model in the same evaluation period;
and when the times that the evaluation results of the message risk offline model are superior to the evaluation results of the initial message risk online model in the preset number of evaluation periods are greater than the preset times, determining that the message risk offline model is the message risk online model, changing the initial message risk online model into the message risk offline model, and otherwise determining that the initial message risk online model is the message risk online model.
In one embodiment, the method further comprises the following steps:
the initial online model evaluation unit is used for determining the accuracy and the recall rate of the initial message risk online model according to the message risk identification result and the message risk actual result after the initial message risk online model is online;
and the initial online model evaluation result unit is used for determining the evaluation result of the initial message risk online model according to the accuracy and the recall rate of the initial message risk online model.
In one embodiment, the method further comprises the following steps:
the test set selection unit is used for selecting a test set of the message risk offline model from the characteristic values of the historical messages;
the initial offline model evaluation unit is used for determining the initial accuracy and the initial recall rate of the message risk offline model according to the test set;
the offline model accuracy unit is used for determining the accuracy of the message risk offline model according to the initial accuracy and the historical accuracy in the preset number of evaluation periods;
the offline model recall rate unit is used for determining the recall rate of the message risk offline model according to the initial recall rate and the historical recall rate in the preset number of evaluation periods;
and the offline model evaluation result unit is used for determining the evaluation result of the message risk offline model according to the accuracy and the recall rate of the message risk offline model.
As shown in fig. 7, in practical application, the risk packet identification system includes a data collection device, a model learning device, a model storage device, a model management device, a packet analysis device, an intelligent risk identification device, and an early warning device. Fig. 8 is a block diagram showing the structure of a data collection device according to an embodiment of the present invention. Fig. 9 is a block diagram showing the structure of a model learning apparatus according to an embodiment of the present invention. Fig. 10 is a block diagram showing the structure of a model management apparatus according to the embodiment of the present invention.
As shown in fig. 7 to 10, the data collection device includes a history message data collection unit, a feature selection unit, and a data sorting unit. The history message data collection unit is used for receiving the closed-loop history clearing message sent by the clearing system and marking a remittance risk message and a non-remittance risk message on the history clearing message according to a preset business rule. The feature selection unit is a unit that maintains a feature selection rule, and is used to set a feature value. And the data sorting unit is used for preprocessing the historical clearing message according to the set characteristic value and extracting the characteristic value of the historical clearing message.
The model learning apparatus includes a label data acquisition unit and a model training unit. The marked data acquisition unit is used for receiving the characteristic value of the history clearing message from the data collection device. And the model training unit is used for training the initial model according to the characteristic values of the historical clearing messages to obtain a message risk model.
The model storage device is used for storing a plurality of message risk models obtained through training.
The model management device comprises a model evaluation query unit and a model life cycle adjusting unit. The model evaluation query unit comprises an initial online model reporting evaluation unit, an initial online model evaluation result unit, a test set selection unit, an initial offline model evaluation unit, an offline model accuracy unit, an offline model recall unit and an offline model evaluation result unit. The model life cycle adjusting unit comprises a message risk online model determining unit,
the message analysis device comprises a receiving unit used for subscribing and acquiring the real-time message pushed by the clearing system and analyzing the message content. The message analysis device is different from the historical message data collection unit, the historical message data collection unit acquires closed-loop data of the liquidation system for training a model, and the message analysis device acquires real-time data for providing the real-time message risk assessment for a subsequent intelligent risk identification device.
The intelligent risk identification device comprises a message risk identification result unit, and is used for preprocessing the current message to extract the characteristic value of the current message so as to isolate the influence of the change of the message format on the message risk online model. And only when the message amount of the current message exceeds a preset large amount threshold value, performing risk evaluation on the current message, and inputting the characteristic value of the current message into a message risk online model to obtain a message risk identification result.
The early warning device comprises an early warning reporting unit.
To sum up, the risk packet identification method of the embodiment of the present invention inputs the feature value of the current packet into the packet risk online model determined by the evaluation result of the initial packet risk online model and the evaluation result of the packet risk offline model to obtain the packet risk identification result, and submits the early warning report according to the packet risk identification result, so that the risk remittance packet can be effectively identified, the remittance packet risk is reduced, and the clearing agent service level, the bank processing efficiency and the customer experience are improved.
The embodiment of the invention also provides a specific implementation mode of the computer equipment, which can realize all the steps in the risk message identification method in the embodiment. Fig. 11 is a block diagram of a computer device in an embodiment of the present invention, and referring to fig. 11, the computer device specifically includes the following contents:
a processor (processor)1101 and a memory (memory) 1102.
The processor 1101 is configured to call a computer program in the memory 1102, and the processor implements all the steps of the risk packet identification method in the above embodiments when executing the computer program, for example, the processor implements the following steps when executing the computer program:
receiving a current message;
inputting the characteristic value of the current message into a message risk online model determined by the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model to obtain a message risk identification result;
and submitting an early warning report according to the message risk identification result.
To sum up, the computer device of the embodiment of the present invention inputs the feature value of the current message into the message risk online model determined by the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model to obtain a message risk identification result, and submits the early warning report according to the message risk identification result, so that the risk remittance message can be effectively identified, and the processing efficiency of the bank and the customer experience are improved.
An embodiment of the present invention further provides a computer-readable storage medium capable of implementing all the steps in the risk packet identification method in the foregoing embodiment, where the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the computer program implements all the steps of the risk packet identification method in the foregoing embodiment, for example, when the processor executes the computer program, the processor implements the following steps:
receiving a current message;
inputting the characteristic value of the current message into a message risk online model determined by the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model to obtain a message risk identification result;
and submitting an early warning report according to the message risk identification result.
To sum up, the computer-readable storage medium according to the embodiment of the present invention inputs the feature value of the current packet into the packet risk online model determined by the evaluation result of the initial packet risk online model and the evaluation result of the packet risk offline model to obtain the packet risk identification result, and submits the early warning report according to the packet risk identification result, so that the risk remittance packet can be effectively identified, and the processing efficiency of the bank and the customer experience are improved.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Those of skill in the art will further appreciate that the various illustrative logical blocks, units, and steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate the interchangeability of hardware and software, various illustrative components, elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present embodiments.
The various illustrative logical blocks, or elements, or devices described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be located in a user terminal. In the alternative, the processor and the storage medium may reside in different components in a user terminal.
In one or more exemplary designs, the functions described above in connection with the embodiments of the invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media that facilitate transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media can include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store program code in the form of instructions or data structures and which can be read by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Additionally, any connection is properly termed a computer-readable medium, and, thus, is included if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wirelessly, e.g., infrared, radio, and microwave. Such discs (disk) and disks (disc) include compact disks, laser disks, optical disks, DVDs, floppy disks and blu-ray disks where disks usually reproduce data magnetically, while disks usually reproduce data optically with lasers. Combinations of the above may also be included in the computer-readable medium.

Claims (10)

1. A risk packet identification method is characterized by comprising the following steps:
receiving a current message;
inputting the characteristic value of the current message into a message risk online model determined by the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model to obtain a message risk identification result;
and submitting an early warning report according to the message risk identification result.
2. The method for identifying a risk packet according to claim 1, wherein the step of determining the message risk on-line model according to the evaluation result of the initial message risk on-line model and the evaluation result of the message risk off-line model comprises:
comparing the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model in the same evaluation period;
and when the times that the evaluation results of the message risk offline model are superior to the evaluation results of the initial message risk online model in the preset number of evaluation periods are greater than the preset times, determining that the message risk offline model is the message risk online model, changing the initial message risk online model into the message risk offline model, and otherwise determining that the initial message risk online model is the message risk online model.
3. The risk packet identification method according to claim 2, further comprising:
determining the accuracy and the recall rate of the initial message risk online model according to the message risk identification result and the actual message risk result after the initial message risk online model is online;
and determining the evaluation result of the initial message risk online model according to the accuracy and the recall rate of the initial message risk online model.
4. The risk packet identification method according to claim 2, further comprising:
selecting a test set of the message risk offline model from the characteristic values of the historical messages;
determining the initial accuracy and initial recall rate of the message risk offline model according to the test set;
determining the accuracy of the message risk offline model according to the initial accuracy and the historical accuracy in the preset number of evaluation periods;
determining the recall rate of the message risk offline model according to the initial recall rate and the historical recall rate in the preset number of evaluation periods;
and determining the evaluation result of the message risk offline model according to the accuracy and the recall rate of the message risk offline model.
5. A risk packet identification system, comprising:
a receiving unit, configured to receive a current packet;
a message risk identification result unit, configured to input the feature value of the current message into a message risk online model determined according to an evaluation result of the initial message risk online model and an evaluation result of the message risk offline model, so as to obtain a message risk identification result;
and the early warning report unit is used for submitting an early warning report according to the message risk identification result.
6. The risk packet identification system of claim 5, further comprising:
a message risk online model determining unit, configured to:
comparing the evaluation result of the initial message risk online model and the evaluation result of the message risk offline model in the same evaluation period;
and when the times that the evaluation results of the message risk offline model are superior to the evaluation results of the initial message risk online model in the preset number of evaluation periods are greater than the preset times, determining that the message risk offline model is the message risk online model, changing the initial message risk online model into the message risk offline model, and otherwise determining that the initial message risk online model is the message risk online model.
7. The risk packet identification system of claim 6, further comprising:
the initial online model evaluation unit is used for determining the accuracy and the recall rate of the initial message risk online model according to the message risk identification result and the message risk actual result after the initial message risk online model is online;
and the initial online model evaluation result unit is used for determining the evaluation result of the initial message risk online model according to the accuracy and the recall rate of the initial message risk online model.
8. The risk packet identification system of claim 6, further comprising:
the test set selection unit is used for selecting a test set of the message risk offline model from the characteristic values of the historical messages;
the initial offline model evaluation unit is used for determining the initial accuracy and the initial recall rate of the message risk offline model according to the test set;
the offline model accuracy unit is used for determining the accuracy of the message risk offline model according to the initial accuracy and the historical accuracy in the preset number of evaluation periods;
the offline model recall rate unit is used for determining the recall rate of the message risk offline model according to the initial recall rate and the historical recall rate in the preset number of evaluation periods;
and the offline model evaluation result unit is used for determining the evaluation result of the message risk offline model according to the accuracy and the recall rate of the message risk offline model.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and running on the processor, wherein the processor when executing the computer program implements the steps of the risk message identification method of any of claims 1 to 4.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the risk packet identification method according to any one of claims 1 to 4.
CN202010760061.3A 2020-07-31 2020-07-31 Risk message identification method and system Pending CN111951012A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010760061.3A CN111951012A (en) 2020-07-31 2020-07-31 Risk message identification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010760061.3A CN111951012A (en) 2020-07-31 2020-07-31 Risk message identification method and system

Publications (1)

Publication Number Publication Date
CN111951012A true CN111951012A (en) 2020-11-17

Family

ID=73338647

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010760061.3A Pending CN111951012A (en) 2020-07-31 2020-07-31 Risk message identification method and system

Country Status (1)

Country Link
CN (1) CN111951012A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106156809A (en) * 2015-04-24 2016-11-23 阿里巴巴集团控股有限公司 For updating the method and device of disaggregated model
US20180240133A1 (en) * 2017-02-20 2018-08-23 Baidu Online Network Technology (Beijing) Co., Ltd. Method, Apparatus and Server for Identifying Risky User
CN110083542A (en) * 2019-05-06 2019-08-02 百度在线网络技术(北京)有限公司 Model test Method, device and electronic equipment in a kind of recommender system
CN110378699A (en) * 2019-07-25 2019-10-25 中国工商银行股份有限公司 A kind of anti-fraud method, apparatus and system of transaction
CN110705598A (en) * 2019-09-06 2020-01-17 中国平安财产保险股份有限公司 Intelligent model management method and device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106156809A (en) * 2015-04-24 2016-11-23 阿里巴巴集团控股有限公司 For updating the method and device of disaggregated model
US20180240133A1 (en) * 2017-02-20 2018-08-23 Baidu Online Network Technology (Beijing) Co., Ltd. Method, Apparatus and Server for Identifying Risky User
CN110083542A (en) * 2019-05-06 2019-08-02 百度在线网络技术(北京)有限公司 Model test Method, device and electronic equipment in a kind of recommender system
CN110378699A (en) * 2019-07-25 2019-10-25 中国工商银行股份有限公司 A kind of anti-fraud method, apparatus and system of transaction
CN110705598A (en) * 2019-09-06 2020-01-17 中国平安财产保险股份有限公司 Intelligent model management method and device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110297912A (en) Cheat recognition methods, device, equipment and computer readable storage medium
CN110784355B (en) Fault identification method and device
CN112926699A (en) Abnormal object identification method, device, equipment and storage medium
CN112529321B (en) Risk prediction method and device based on user data and computer equipment
CN112598225A (en) Evaluation index determination method and apparatus, storage medium, and electronic apparatus
CN115564449A (en) Risk control method and device for transaction account and electronic equipment
CN113240259B (en) Rule policy group generation method and system and electronic equipment
CN111951012A (en) Risk message identification method and system
CN113159941A (en) Intelligent streaming transaction execution method and device
CN107527193A (en) A kind of generation dimension payment system, method and device
CN107580329B (en) Network analysis optimization method and device
CN115278563A (en) Method and system for intelligently selecting short message channel based on influence factor
CN110162545A (en) Information-pushing method, equipment, storage medium and device based on big data
CN113743435B (en) Training of service data classification model, and service data classification method and device
CN115860465A (en) Enterprise associated data processing early warning method, system and device
CN114581251A (en) Data verification method and device, computer equipment and computer readable storage medium
CN110570301B (en) Risk identification method, device, equipment and medium
CN116957785A (en) Channel account checking method, device, electronic equipment and computer program product
CN113946703A (en) Picture omission processing method and related device thereof
CN107231334A (en) A kind of short message monitoring method and device
CN111506615A (en) Method and device for determining occupation degree of invalid user
CN116405587B (en) Intelligent monitoring method, system and medium for after-sale performance condition of mobile phone
CN110766544A (en) Credit risk detection method and device, storage medium and electronic device
CN111144091A (en) Method and device for determining customer service member and method for determining group member identity
US11915313B2 (en) Using email history to estimate creditworthiness for applicants having insufficient credit history

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination