[go: up one dir, main page]

CN113886780A - Customer information verification method, device, medium and electronic equipment - Google Patents

Customer information verification method, device, medium and electronic equipment Download PDF

Info

Publication number
CN113886780A
CN113886780A CN202111169120.0A CN202111169120A CN113886780A CN 113886780 A CN113886780 A CN 113886780A CN 202111169120 A CN202111169120 A CN 202111169120A CN 113886780 A CN113886780 A CN 113886780A
Authority
CN
China
Prior art keywords
abnormal
systems
cluster
customer information
new rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111169120.0A
Other languages
Chinese (zh)
Other versions
CN113886780B (en
Inventor
徐晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202111169120.0A priority Critical patent/CN113886780B/en
Publication of CN113886780A publication Critical patent/CN113886780A/en
Application granted granted Critical
Publication of CN113886780B publication Critical patent/CN113886780B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The disclosure relates to the field of artificial intelligence and information security, and discloses a customer information verification method, a customer information verification device, a customer information verification medium and electronic equipment. The method comprises the following steps: acquiring abnormal customer information verified by a rule set in a rule engine; performing model training according to the abnormal customer information to obtain a risk model; aiming at each system, acquiring the quantity ratio of the abnormal customer information verified by the rule set in all the systems; determining a candidate abnormal system according to the number ratio; acquiring system related information; generating system characteristic data according to the system related information; determining an abnormal system based on the system characteristic data and the candidate abnormal system; when a new rule adding request is received, generating a new rule set; and verifying the new rule by using the risk model, and starting a new rule set for the abnormal system according to the verification of the new rule. The method reduces the labor cost for configuring the rules for multiple systems, and gives consideration to the online safety and efficiency of new rules.

Description

Customer information verification method, device, medium and electronic equipment
Technical Field
The present disclosure relates to the field of artificial intelligence and information security technologies, and in particular, to a method, an apparatus, a medium, and an electronic device for checking customer information.
Background
At present, customer information of some financial systems, such as bank systems, needs to meet supervision requirements, so each system has its own check rule, the same rule needs to be implemented in a large number of systems for many times, and results are inconsistent due to differences understood by different system developers for the rules, so that a large amount of manpower evaluation and development needs to be consumed when one rule is adjusted, and the consumed manpower and material resource costs are high.
Disclosure of Invention
In the technical field of artificial intelligence and information security, in order to solve the technical problems, the present disclosure aims to provide a customer information verification method, apparatus, medium and electronic device.
According to an aspect of the present disclosure, there is provided a client information verification method, performed by a rule engine, for verifying client information reported to a plurality of systems, the method including:
for each system in the multiple systems, acquiring abnormal customer information which passes the verification of a rule set in the rule engine, wherein the abnormal customer information is customer information corresponding to abnormal behavior records existing in the system, and each system in the multiple systems generates abnormal behavior records corresponding to the customer information of the customer when the customer generates abnormal behaviors;
performing model training according to the acquired abnormal customer information to obtain a customer information verification risk model;
for each system, acquiring the number ratio of abnormal customer information which passes the verification of the rule set in the rule engine to all abnormal customer information in the system;
determining candidate abnormal systems in the plurality of systems according to the number proportion corresponding to each system;
acquiring system related information corresponding to the plurality of systems respectively;
generating system characteristic data corresponding to each system according to the system related information;
determining an abnormal system in the plurality of systems based on the system feature data and the candidate abnormal systems, the abnormal system comprising the candidate abnormal system;
when a new rule adding request carrying a new rule is received, generating a new rule set comprising the new rule and the rule set;
and verifying the new rule by using the client information verification risk model, and enabling the new rule set for the abnormal system according to the verification of the new rule, so that the new rule set is used for verification when the client information is uploaded to the abnormal system.
According to another aspect of the present disclosure, there is provided a client information verifying apparatus, the apparatus being located in a rule engine, the rule engine being configured to verify client information reported to multiple systems, the apparatus including:
a first obtaining module configured to obtain, for each of the plurality of systems, abnormal customer information that has passed the verification of a rule set in the rule engine, where the abnormal customer information is customer information in which a corresponding abnormal behavior record exists in the system, and each of the plurality of systems generates an abnormal behavior record corresponding to customer information of a customer when the customer generates an abnormal behavior;
the training module is configured to perform model training according to the acquired abnormal customer information to obtain a customer information verification risk model;
a quantity ratio acquisition module configured to acquire, for each system, a quantity ratio of all the abnormal customer information in the system that has passed the verification of the rule set in the rule engine;
a first determining module configured to determine candidate abnormal systems from the plurality of systems according to the number proportion corresponding to each system;
a second acquisition module configured to acquire system-related information corresponding to the plurality of systems, respectively;
the first generation module is configured to generate system characteristic data corresponding to each system according to the system related information;
a second determination module configured to determine an abnormal system among the plurality of systems based on the system feature data and the candidate abnormal systems, the abnormal system including the candidate abnormal system;
the second generation module is configured to generate a new rule set comprising a new rule and the rule set when a new rule adding request carrying the new rule is received;
and the enabling module is configured to verify the new rule by using the customer information verification risk model, pass verification according to the new rule and enable the new rule set for the abnormal system so as to verify by using the new rule set when customer information is uploaded to the abnormal system.
According to another aspect of the present disclosure, there is provided a computer readable program medium storing computer program instructions which, when executed by a computer, cause the computer to perform the method as previously described.
According to another aspect of the present disclosure, there is provided an electronic apparatus including:
a processor;
a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method as previously described.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
for the customer information verification method, the apparatus, the medium, and the electronic device provided by the present disclosure, the method is executed by a rule engine, the rule engine is configured to verify customer information reported to a plurality of systems, and the method includes the following steps: for each system in the multiple systems, acquiring abnormal customer information which passes the verification of a rule set in the rule engine, wherein the abnormal customer information is customer information corresponding to abnormal behavior records existing in the system, and each system in the multiple systems generates abnormal behavior records corresponding to the customer information of the customer when the customer generates abnormal behaviors; performing model training according to the acquired abnormal customer information to obtain a customer information verification risk model; for each system, acquiring the number ratio of abnormal customer information which passes the verification of the rule set in the rule engine to all abnormal customer information in the system; determining candidate abnormal systems in the plurality of systems according to the number proportion corresponding to each system; acquiring system related information corresponding to the plurality of systems respectively; generating system characteristic data corresponding to each system according to the system related information; determining an abnormal system in the plurality of systems based on the system feature data and the candidate abnormal systems, the abnormal system comprising the candidate abnormal system; when a new rule adding request carrying a new rule is received, generating a new rule set comprising the new rule and the rule set; and verifying the new rule by using the client information verification risk model, and enabling the new rule set for the abnormal system according to the verification of the new rule, so that the new rule set is used for verification when the client information is uploaded to the abnormal system.
In the method, the unified rule engine checks the customer information reported by the multiple systems, so that when a rule is newly added, only the rule of the rule engine needs to be added in a concentrated manner, and the rule does not need to be set for each system independently, thereby greatly reducing the labor cost; meanwhile, abnormal customer information which passes the verification is obtained firstly, then a customer information verification risk model is obtained by utilizing the abnormal customer information training on one hand, on the other hand, a candidate abnormal system is determined according to the quantity proportion of the abnormal customer information which passes the verification in each system, then the abnormal system is determined according to system characteristic data and the candidate abnormal system, finally when a new rule needs to be on-line, the new rule is started in the abnormal system only if the new rule passes the verification, other systems except the abnormal system can directly start the new rule, and the safety and the efficiency of the on-line of the new rule are considered.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a system architecture diagram illustrating a customer information verification method in accordance with an exemplary embodiment;
FIG. 2 is a flow diagram illustrating a customer information verification method in accordance with an exemplary embodiment;
FIG. 3 is a flow diagram illustrating a system for determining candidate anomalies based on a corresponding number of system fractions in accordance with an exemplary embodiment;
FIG. 4 is a flow diagram illustrating a system for determining anomalies in a plurality of systems in accordance with an exemplary embodiment;
fig. 5 is a block diagram illustrating a customer information verification apparatus in accordance with an exemplary embodiment;
FIG. 6 is a block diagram illustrating an example electronic device implementing the customer information verification method described above, according to an example embodiment;
fig. 7 is a program product for implementing the above-described customer information verification method according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities.
The present disclosure first provides a customer information verification method. Customer information verification is a method of judging the validity of customer information. The customer information here may be information that needs to be used in various fields or various types of platforms. For example, the customer information may be information for use at a banking system to which the customer submits the customer information, and the banking system may evaluate its risk status so as to determine whether to handle a loan or the like for it. Therefore, it is necessary to determine the validity of the client information uploaded to the system. In the related technology, each system uses a set of rules of customer information, so that the maintenance cost is high; the customer information verification method provided by the disclosure can efficiently and quickly realize the configuration of the rules and can ensure the safety.
The customer information verification method provided by the disclosure can be applied to various fields needing to verify customer information.
The implementation terminal of the present disclosure may be any device having computing, processing, and communication functions, which may be connected to an external device for receiving or sending data, and specifically may be a portable mobile device, such as a smart phone, a tablet computer, a notebook computer, a pda (personal Digital assistant), or the like, or may be a fixed device, such as a computer device, a field terminal, a desktop computer, a server, a workstation, or the like, or may be a set of multiple devices, such as a physical infrastructure of cloud computing or a server cluster.
Optionally, the implementation terminal of the present disclosure may be a server or a physical infrastructure of cloud computing.
Fig. 1 is a system architecture diagram illustrating a customer information verification method according to an exemplary embodiment. As shown in fig. 1, the system architecture includes a personal computer 110, an information verification server 120, a first system server 130, a second system server 140, and a third system server 150. The personal computer 110 and the information verification server 120, and the information verification server 120 and the system servers are connected through communication links, and may be used to transmit or receive data. The information verification server 120 is an implementation terminal in this embodiment, and a rule engine is deployed on the implementation terminal, where the rule engine includes a rule set, a client capable of accessing each system server is provided on the personal computer 110, and the rule engine continuously verifies client information reported to the system server by the personal computer 110, and each system server is provided with a system. When the client information verification method provided by the present disclosure is applied to the system architecture shown in fig. 1, the method may be executed by a rule engine in the information verification server 120, and the execution process may be as follows: first, the information checking server 120 obtains, from each system server, abnormal client information that has passed the checking of the rule set in the rule engine, where the abnormal client information is client information that has previously passed the checking of the rule engine but a corresponding client has generated an abnormal behavior in a corresponding system, which may cause a problem in the reliability of the rule engine; then, the information verification server 120 obtains a client information verification risk model by training with the abnormal client information; then, the information verification server 120 determines the number proportion of the abnormal customer information of each system passing the verification of the rule set, and determines a candidate abnormal system according to the number proportion corresponding to each system; next, the information verification server 120 further obtains system-related information from each system server, generates corresponding system feature data using the system-related information, and determines an abnormal system among the plurality of systems based on the system feature data; then, after a system maintenance person submits a new rule addition request on a certain system server, the information verification server 120 obtains a new rule in the new rule addition request, and generates a new rule set including the new rule and the rule set; then, the information verification server 120 verifies the new rule by using the client information verification risk model; finally, when the verification is passed, a new rule set is started in the abnormal system, and when the personal computer 110 uploads the client information to the abnormal system, the rule engine on the information verification server 120 verifies the client information by using the new rule set; and when the verification fails or before a verification result is obtained, verifying the customer information uploaded to the abnormal system by using the original rule set.
It is worth mentioning that fig. 1 is only one embodiment of the present disclosure. While in the present embodiment the rules engine and system are both located on a single server, in other embodiments the rules engine and/or at least one system may both be located on a server cluster comprised of multiple servers; although only three systems are shown in the present embodiment, it is easy to understand that the rules engine can also check the customer information uploaded to more systems at the same time; while in the present embodiment the rules engine and system are located on different servers, in other embodiments the rules engine and at least one system may be located on the same server; although in this embodiment, only one terminal device is shown to be capable of reporting client information to multiple systems, it is easy to understand that multiple terminal devices may report client information to multiple systems, and the client information reported by each terminal device needs to be verified by a rule engine; although each system is deployed on a server in this embodiment, in other embodiments, the systems may also be located on other types of terminal devices, and the types of terminal devices in which each system is located may be different. The present disclosure is not intended to be limited thereby, nor should the scope of the present disclosure be limited thereby.
Fig. 2 is a flow chart illustrating a customer information verification method according to an example embodiment. The client information verification method provided in this embodiment is executed by a rule engine, where the rule engine is configured to verify client information reported to multiple systems, and the rule engine may be located in a server, so that the client information verification method may be executed by the server, as shown in fig. 2, and includes the following steps:
step 210, for each system in the plurality of systems, obtaining abnormal customer information that has passed the verification of the rule set in the rule engine.
The abnormal customer information is customer information corresponding to abnormal behavior records existing in the system, and each system in the systems generates the abnormal behavior records corresponding to the customer information of the customer when the customer generates abnormal behaviors.
The rule set includes a plurality of rules. The systems in the multiple systems can be systems in the same industry or systems in different industries. For example, each system may be a system in the industry of banks, and there may be a case where a part of the systems belongs to the industry of banks and another part of the systems belongs to the industry of insurance.
The rule engine continuously receives the client information reporting request and verifies the client information to be reported to the system, so that the rule engine is a transfer station for each system to acquire the client information. The use of the client information in each system may be different. For example, in one system, customer information may be used to transact loans, and in another system, customer information may be used to transact insurance. After the client information passes the verification of the rule set in the rule engine, the rule engine forwards the client information to the system indicated by the client information reporting request.
The client information is any information related to the client, and can be information actively reported by the client, or client information collected by the App in the process of using the App by the client.
For example, the system may be various financial software systems such as a bank system, the verification of the customer information may be used to determine whether to allow loan issuance for the customer, and one rule in the rule set may be to determine whether the number of WIFI devices used for logging in the same account is smaller than a predetermined number of WIFI devices, whether the number of types of mobile phone models logged in the same account at different times is smaller than a predetermined number of types, and the like.
The abnormal behavior may be, for example, a behavior of a client illegal pulling wool, a behavior of a client loan default, or the like.
And step 220, performing model training according to the acquired abnormal customer information to obtain a customer information verification risk model.
The abnormal customer information is used as sample data to train the model, and the customer information verification risk model can be constructed based on various algorithms. The customer information verification risk model may be used to verify the rules.
In one embodiment, the customer information verification risk model is a generative confrontation network model for generating virtual anomaly customer information and verifying rules based on the virtual anomaly customer information.
In particular, virtual exception guest information is fictitious exception guest information and may be similar to, but not identical to, exception guest information; for example, the customer information includes the number of the WIFI devices logged in and used by the same account, and if the number of the WIFI devices logged in and used by the same account is 5 in one piece of abnormal customer information, the number of the WIFI devices logged in and used by the same account may be 6 in one piece of virtual abnormal customer information. It is easily understood that the exception client information or the virtual exception client information may include a plurality of features and feature values corresponding to the respective features.
And step 230, acquiring the number of abnormal customer information which passes the verification of the rule set in the rule engine in all the systems according to the proportion of the abnormal customer information.
The system obtains the customer information corresponding to the submitted customers, and some customers also generate abnormal behaviors in the system, so the system also generates and stores abnormal behavior records corresponding to the customer information of the customers, and the customer information is abnormal customer information.
And 240, determining candidate abnormal systems in the plurality of systems according to the number ratio corresponding to each system.
In one embodiment, the determining a candidate abnormal system from the plurality of systems according to the number ratio corresponding to each system includes: sequencing the systems from large to small according to the corresponding number proportion; and taking the systems ranked in the top preset number as candidate abnormal systems.
In this embodiment, the accuracy of determining the candidate abnormal system is improved by using the predetermined number of systems with the largest quantity ratio as the candidate abnormal system.
FIG. 3 is a flow diagram illustrating a system for determining candidate anomalies based on a system-to-system quantity ratio, according to an example embodiment. As shown in fig. 3, the method comprises the following steps:
step 310, determining the number of systems with the number ratio greater than a predetermined number ratio threshold.
The predetermined number ratio threshold is a threshold set in advance according to expert experience, and in all the systems, the number ratio corresponding to at least one system may be greater than the predetermined number ratio threshold, and the number ratios corresponding to other systems do not exceed the predetermined number ratio threshold.
And 320, if the quantity is greater than the preset quantity, randomly selecting the preset quantity of systems from the systems with the quantity ratio greater than the preset quantity ratio threshold value as candidate abnormal systems.
The predetermined number and the predetermined number are similar to the predetermined number ratio threshold, and may be a threshold set by an expert based on experience.
When the number of systems whose corresponding number ratio is greater than the predetermined number ratio threshold is greater than the predetermined number, only the predetermined number of systems are randomly selected from among the systems.
And 330, if the quantity is less than or equal to the preset quantity, taking the system with the quantity ratio greater than the preset quantity ratio threshold value as a candidate abnormal system.
In the present embodiment, only when the number of systems whose number ratio is larger than the predetermined number ratio threshold does not exceed the predetermined number, all systems whose number ratio is larger than the predetermined number ratio threshold are taken as candidate abnormal systems; and when the number of the systems with the number ratio larger than the preset number ratio threshold value exceeds the preset number, randomly selecting the preset number of the systems from the systems as candidate abnormal systems. Therefore, the accuracy of the selected candidate abnormal system is ensured while the number of candidate abnormal systems is limited.
Step 250, obtaining system related information corresponding to the plurality of systems respectively.
The system-related information may be any information related to the system, for example, the system-related information may be a system-related log, a system development document, or the like. The system-related information may include function information of the system, attribute information of the system, and the like. The system-related information may be directly obtained from the system, or may be obtained from other terminal devices in which the system-related information is stored.
Step 260, generating system characteristic data corresponding to each system according to the system related information.
The system-related information may include, for example, log records generated by the system over a period of time, and the corresponding generated system characteristic data may be an average of the number of logs generated per day; the system-related information may further include a record of the code amount of the system and the system test, and the correspondingly generated system characteristic data may be a ratio of the code amount of the system to the number of times of the system test.
Step 270, determining an abnormal system in the plurality of systems based on the system feature data and the candidate abnormal system.
The exception system includes the candidate exception system.
In one embodiment, the determining an abnormal system in the plurality of systems based on the system feature data and the candidate abnormal system includes: establishing a characteristic vector corresponding to each system characteristic data; determining the similarity between the feature vector of the candidate abnormal system and each other feature vector; determining the feature vector with the similarity larger than a preset similarity threshold value as a target feature vector; and taking a system corresponding to the target characteristic vector in the multiple systems as an abnormal system.
The system characteristic data comprises a plurality of characteristic values corresponding to the system characteristics; arranging the characteristic values according to a specified system characteristic arrangement sequence to obtain a characteristic vector; the similarity between feature vectors may be calculated based on cosine similarity or euclidean distance.
FIG. 4 is a flow diagram illustrating a system for determining anomalies in multiple systems in accordance with an exemplary embodiment.
As shown in fig. 4, the method comprises the following steps:
at step 410, a feature vector corresponding to each system feature data is established.
The feature vector may be built from feature values in the system feature data.
Step 420, a plurality of feature vectors are obtained from each feature vector as a cluster center, and a cluster corresponding to each cluster center is established.
A specified number of feature vectors may be randomly selected as a cluster center, a cluster being a collection of feature vectors.
Step 430, iteratively executing the cluster partitioning step until the cluster center does not change any more.
The cluster dividing step includes: aiming at each feature vector, determining a cluster center closest to the feature vector, and adding the feature vector into a cluster corresponding to the cluster center; and determining a new cluster center corresponding to each cluster according to the characteristic vector in each cluster.
The cluster division step is iteratively performed unless the newly determined cluster center is the same as the cluster center determined prior to performing the current cluster division step.
The new cluster center corresponding to each cluster may be determined by calculating the average of the feature vectors in each cluster.
And step 440, taking a cluster to which a feature vector corresponding to the system feature data of the candidate abnormal system belongs as an abnormal cluster, and determining an abnormal system in the plurality of systems according to the abnormal cluster.
In one embodiment, the determining an abnormal system from the plurality of systems according to the abnormal cluster includes: and taking the system corresponding to the characteristic vector in the abnormal cluster as an abnormal system.
In one embodiment, the determining an abnormal system from the plurality of systems according to the abnormal cluster includes: and randomly selecting a preset number of systems from the systems corresponding to the characteristic vectors in the abnormal cluster as abnormal systems.
In one embodiment, the determining an abnormal system from the plurality of systems according to the abnormal cluster includes: acquiring the corresponding priority of each system by inquiring a system and priority corresponding relation table; and determining a system with the corresponding priority reaching the designated priority from the systems corresponding to the feature vectors in the abnormal cluster as an abnormal system.
For example, the priority of the system may be divided into 3 priorities, i.e., high, medium, and low, and a system having a priority higher than the medium may be used as the abnormal system.
In one embodiment, the determining an abnormal system from the plurality of systems according to the abnormal cluster includes: acquiring the cluster radius of each abnormal cluster, wherein the cluster radius is the average value of the distances between the characteristic vectors in the abnormal clusters and the cluster centers of the abnormal clusters; determining an average value of cluster radii of the abnormal clusters as an average cluster radius; performing fusion processing on each abnormal cluster to obtain an integrated abnormal cluster; determining the cluster center of the integrated abnormal cluster according to the characteristic vector in the integrated abnormal cluster; acquiring a characteristic vector of which the distance from the cluster center of the integrated abnormal cluster to the cluster center of the integrated abnormal cluster is smaller than the average cluster radius; and taking the system corresponding to the acquired feature vector and the candidate abnormal system as abnormal systems.
In this embodiment, for a scene of a plurality of abnormal clusters, an integrated abnormal cluster is obtained by fusing the plurality of abnormal clusters, and then a feature vector is selected according to the average cluster radius, so as to select an abnormal system.
Step 280, when a new rule adding request carrying a new rule is received, a new rule set comprising the new rule and the rule set is generated.
That is, the new rule set includes the new rule and the old rule in the rule set.
And 290, verifying the new rule by using the customer information verification risk model, and enabling the new rule set for the abnormal system according to the verification of the new rule, so that the new rule set is used for verification when customer information is uploaded to the abnormal system.
It is easy to understand that the client information verification risk model is used for verifying the rule, and the rule is used for verifying the client information. The client information verification risk model can verify the rules by generating virtual abnormal client information, specifically, the client information verification risk model generates virtual abnormal client information similar to the abnormal client information, and then judges whether the new rules can reject the virtual abnormal client information, thereby realizing verification.
In one embodiment, after receiving a new rule addition request carrying a new rule, and generating a new rule set including the new rule and the rule set, the method further includes: enabling the new rule set for other systems except the abnormal system in the plurality of systems so as to check by using the new rule set when customer information is uploaded to the other systems.
In the embodiment, after the new rule adding request is received, the new rule set is directly enabled for other systems except the abnormal system, so that the online efficiency of the new rule is improved while the security of the new rule is ensured.
In one embodiment, after the new rule is verified using the customer information verification risk model and the new rule set is enabled for the exception system according to the new rule passing verification, the method further comprises: and deleting the rule set.
In the embodiment, the consumption of the storage space is saved by deleting the original rule set after the new rule set is started.
In one embodiment, the method further comprises:
determining a normal system in the plurality of systems according to the number ratio corresponding to each system;
after receiving a new rule addition request carrying a new rule, and generating a new rule set including the new rule and the rule set, the method further includes:
enabling the new rule set for the normal system of the plurality of systems to verify with the new rule set when uploading customer information to the normal system.
In summary, according to the customer information verification method provided in the embodiment of fig. 2, the unified rule engine verifies the customer information reported by the multiple systems, so that when a new rule is added, only the rule of the rule engine needs to be added in a centralized manner, and a rule does not need to be set for each system separately, thereby greatly reducing the labor cost; meanwhile, abnormal customer information which passes the verification is obtained firstly, then a customer information verification risk model is obtained by utilizing the abnormal customer information training on one hand, on the other hand, a candidate abnormal system is determined according to the quantity proportion of the abnormal customer information which passes the verification in each system, then the abnormal system is determined according to system characteristic data and the candidate abnormal system, finally when a new rule needs to be on-line, the new rule is started in the abnormal system only if the new rule passes the verification, other systems except the abnormal system can directly start the new rule, and the safety and the efficiency of the on-line of the new rule are considered.
The disclosure also provides a client information checking device, and the following is an embodiment of the device disclosed herein.
Fig. 5 is a block diagram illustrating a client information verification apparatus according to an exemplary embodiment, which is located in a rule engine for verifying client information reported to a plurality of systems.
As shown in fig. 5, the apparatus 500 includes:
a first obtaining module 510, configured to obtain, for each of the plurality of systems, abnormal customer information that has passed the verification of a rule set in the rule engine, where the abnormal customer information is customer information in which a corresponding abnormal behavior record exists in the system, and each of the plurality of systems generates an abnormal behavior record corresponding to customer information of a customer when the customer generates an abnormal behavior;
a training module 520 configured to perform model training according to the obtained abnormal customer information to obtain a customer information verification risk model;
a quantity ratio obtaining module 530 configured to obtain, for each system, a quantity ratio of all the abnormal customer information in the system, of the abnormal customer information that has passed the verification of the rule set in the rule engine;
a first determining module 540 configured to determine a candidate abnormal system from the plurality of systems according to the number ratio corresponding to each system;
a second obtaining module 550 configured to obtain system-related information corresponding to the plurality of systems, respectively;
a first generating module 560 configured to generate system characteristic data corresponding to each system according to the system-related information;
a second determination module 570 configured to determine an abnormal system among the plurality of systems based on the system feature data and the candidate abnormal systems, the abnormal system including the candidate abnormal system;
a second generating module 580 configured to generate, when a new rule addition request carrying a new rule is received, a new rule set including the new rule and the rule set;
the enabling module 590 is configured to verify the new rule by using the customer information verification risk model, and enable the new rule set for the abnormal system according to the verification of the new rule, so that when the customer information is uploaded to the abnormal system, the new rule set is used for verification.
According to a third aspect of the present disclosure, there is also provided an electronic device capable of implementing the above method.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: the at least one processing unit 610, the at least one memory unit 620, and a bus 630 that couples the various system components including the memory unit 620 and the processing unit 610.
Wherein the storage unit stores program code that is executable by the processing unit 610 such that the processing unit 610 performs the steps according to various exemplary embodiments of the present invention as described in the section "example methods" above in this specification.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)621 and/or a cache memory unit 622, and may further include a read only memory unit (ROM) 623.
The storage unit 620 may also include a program/utility 624 having a set (at least one) of program modules 625, such program modules 625 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 630 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 800 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650, such as with a display unit 640. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. As shown, the network adapter 660 communicates with the other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
According to a fourth aspect of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-mentioned method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
Referring to fig. 7, a program product 700 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (10)

1. A method for verifying customer information, the method being performed by a rule engine, the rule engine being configured to verify customer information reported to a plurality of systems, the method comprising:
for each system in the multiple systems, acquiring abnormal customer information which passes the verification of a rule set in the rule engine, wherein the abnormal customer information is customer information corresponding to abnormal behavior records existing in the system, and each system in the multiple systems generates abnormal behavior records corresponding to the customer information of the customer when the customer generates abnormal behaviors;
performing model training according to the acquired abnormal customer information to obtain a customer information verification risk model;
for each system, acquiring the number ratio of abnormal customer information which passes the verification of the rule set in the rule engine to all abnormal customer information in the system;
determining candidate abnormal systems in the plurality of systems according to the number proportion corresponding to each system;
acquiring system related information corresponding to the plurality of systems respectively;
generating system characteristic data corresponding to each system according to the system related information;
determining an abnormal system in the plurality of systems based on the system feature data and the candidate abnormal systems, the abnormal system comprising the candidate abnormal system;
when a new rule adding request carrying a new rule is received, generating a new rule set comprising the new rule and the rule set;
and verifying the new rule by using the client information verification risk model, and enabling the new rule set for the abnormal system according to the verification of the new rule, so that the new rule set is used for verification when the client information is uploaded to the abnormal system.
2. The method of claim 1, wherein determining candidate abnormal systems from the plurality of systems according to the number fraction corresponding to each system comprises:
determining a number of systems for which the number ratio is greater than a predetermined number ratio threshold;
if the quantity is larger than the preset quantity, randomly selecting the preset quantity of systems from the systems with the quantity ratio larger than the preset quantity ratio threshold value as candidate abnormal systems;
and if the quantity is less than or equal to the preset quantity, taking the system with the quantity ratio greater than the preset quantity ratio threshold value as a candidate abnormal system.
3. The method of claim 1, wherein said determining an abnormal system among said plurality of systems based on said system feature data and said candidate abnormal system comprises:
establishing a characteristic vector corresponding to each system characteristic data;
determining the similarity between the feature vector of the candidate abnormal system and each other feature vector;
determining the feature vector with the similarity larger than a preset similarity threshold value as a target feature vector;
and taking a system corresponding to the target characteristic vector in the multiple systems as an abnormal system.
4. The method of claim 1, wherein said determining an abnormal system among said plurality of systems based on said system feature data and said candidate abnormal system comprises:
establishing a characteristic vector corresponding to each system characteristic data;
acquiring a plurality of characteristic vectors from each characteristic vector as a cluster center, and establishing a cluster corresponding to each cluster center;
iteratively executing a cluster partitioning step until the cluster center does not change any more, the cluster partitioning step comprising: aiming at each feature vector, determining a cluster center closest to the feature vector, and adding the feature vector into a cluster corresponding to the cluster center; determining a new cluster center corresponding to each cluster according to the characteristic vector in each cluster;
and taking a cluster to which a feature vector corresponding to the system feature data of the candidate abnormal system belongs as an abnormal cluster, and determining an abnormal system in the systems according to the abnormal cluster.
5. The method of claim 4, wherein said determining an abnormal system among said plurality of systems from said abnormal cluster comprises:
acquiring the corresponding priority of each system by inquiring a system and priority corresponding relation table;
and determining a system with the corresponding priority reaching the designated priority from the systems corresponding to the feature vectors in the abnormal cluster as an abnormal system.
6. The method of claim 4, wherein the plurality of abnormal clusters are provided, and wherein determining an abnormal system among the plurality of systems according to the abnormal cluster comprises:
acquiring the cluster radius of each abnormal cluster, wherein the cluster radius is the average value of the distances between the characteristic vectors in the abnormal clusters and the cluster centers of the abnormal clusters;
determining an average value of cluster radii of the abnormal clusters as an average cluster radius;
performing fusion processing on each abnormal cluster to obtain an integrated abnormal cluster;
determining the cluster center of the integrated abnormal cluster according to the characteristic vector in the integrated abnormal cluster;
acquiring a characteristic vector of which the distance from the cluster center of the integrated abnormal cluster to the cluster center of the integrated abnormal cluster is smaller than the average cluster radius;
and taking the system corresponding to the acquired feature vector and the candidate abnormal system as abnormal systems.
7. The method of claim 1, further comprising:
determining a normal system in the plurality of systems according to the number ratio corresponding to each system;
after receiving a new rule addition request carrying a new rule, and generating a new rule set including the new rule and the rule set, the method further includes:
enabling the new rule set for the normal system of the plurality of systems to verify with the new rule set when uploading customer information to the normal system.
8. A client information verification apparatus, located in a rule engine, for verifying client information reported to a plurality of systems, the apparatus comprising:
a first obtaining module configured to obtain, for each of the plurality of systems, abnormal customer information that has passed the verification of a rule set in the rule engine, where the abnormal customer information is customer information in which a corresponding abnormal behavior record exists in the system, and each of the plurality of systems generates an abnormal behavior record corresponding to customer information of a customer when the customer generates an abnormal behavior;
the training module is configured to perform model training according to the acquired abnormal customer information to obtain a customer information verification risk model;
a quantity ratio acquisition module configured to acquire, for each system, a quantity ratio of all the abnormal customer information in the system that has passed the verification of the rule set in the rule engine;
a first determining module configured to determine candidate abnormal systems from the plurality of systems according to the number proportion corresponding to each system;
a second acquisition module configured to acquire system-related information corresponding to the plurality of systems, respectively;
the first generation module is configured to generate system characteristic data corresponding to each system according to the system related information;
a second determination module configured to determine an abnormal system among the plurality of systems based on the system feature data and the candidate abnormal systems, the abnormal system including the candidate abnormal system;
the second generation module is configured to generate a new rule set comprising a new rule and the rule set when a new rule adding request carrying the new rule is received;
and the enabling module is configured to verify the new rule by using the customer information verification risk model, pass verification according to the new rule and enable the new rule set for the abnormal system so as to verify by using the new rule set when customer information is uploaded to the abnormal system.
9. A computer-readable program medium, characterized in that it stores computer program instructions which, when executed by a computer, cause the computer to perform the method according to any one of claims 1 to 7.
10. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory having stored thereon computer readable instructions which, when executed by the processor, implement the method of any of claims 1 to 7.
CN202111169120.0A 2021-09-30 2021-09-30 Client information verification method, device, medium and electronic equipment Active CN113886780B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111169120.0A CN113886780B (en) 2021-09-30 2021-09-30 Client information verification method, device, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111169120.0A CN113886780B (en) 2021-09-30 2021-09-30 Client information verification method, device, medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN113886780A true CN113886780A (en) 2022-01-04
CN113886780B CN113886780B (en) 2024-06-25

Family

ID=79005509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111169120.0A Active CN113886780B (en) 2021-09-30 2021-09-30 Client information verification method, device, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113886780B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12327282B2 (en) 2023-06-07 2025-06-10 Wells Fargo Bank, N.A. User interface for identifying and correcting results of data processing rules preventing transmission of data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110363417A (en) * 2019-07-02 2019-10-22 北京淇瑀信息科技有限公司 Financial risk strategy generation method, device and electronic equipment
CN111144697A (en) * 2019-11-29 2020-05-12 泰康保险集团股份有限公司 Data processing method, data processing device, storage medium and electronic equipment
WO2021159669A1 (en) * 2020-02-14 2021-08-19 深圳壹账通智能科技有限公司 Secure system login method and apparatus, computer device, and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110363417A (en) * 2019-07-02 2019-10-22 北京淇瑀信息科技有限公司 Financial risk strategy generation method, device and electronic equipment
CN111144697A (en) * 2019-11-29 2020-05-12 泰康保险集团股份有限公司 Data processing method, data processing device, storage medium and electronic equipment
WO2021159669A1 (en) * 2020-02-14 2021-08-19 深圳壹账通智能科技有限公司 Secure system login method and apparatus, computer device, and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12327282B2 (en) 2023-06-07 2025-06-10 Wells Fargo Bank, N.A. User interface for identifying and correcting results of data processing rules preventing transmission of data

Also Published As

Publication number Publication date
CN113886780B (en) 2024-06-25

Similar Documents

Publication Publication Date Title
CN114358147B (en) Training method, recognition method, device and equipment for abnormal account recognition model
US11714855B2 (en) Virtual dialog system performance assessment and enrichment
US11972382B2 (en) Root cause identification and analysis
US11797877B2 (en) Automated self-healing of a computing process
CN111612037B (en) Abnormal user detection method, device, medium and electronic equipment
US20220027339A1 (en) Identifying source datasets that fit a transfer learning process for a target domain
US10762544B2 (en) Issue resolution utilizing feature mapping
CN109360012A (en) The selection method and device, storage medium, electronic equipment of advertisement dispensing channel
US20230040564A1 (en) Learning Causal Relationships
CN111127178A (en) Data processing method and device, storage medium and electronic equipment
CN110348471B (en) Abnormal object identification method, device, medium and electronic equipment
US11755954B2 (en) Scheduled federated learning for enhanced search
US20200250587A1 (en) Framework for multi-tenant data science experiments at-scale
US20210097407A1 (en) Predicting operational status of system
CN111582649B (en) Risk assessment method, device and electronic equipment based on user APP one-hot encoding
US11520757B2 (en) Explanative analysis for records with missing values
CN110046081A (en) Performance test methods, performance testing device, electronic equipment and storage medium
CN113052509A (en) Model evaluation method, model evaluation apparatus, electronic device, and storage medium
CN109711849B (en) Ether house address portrait generation method and device, electronic equipment and storage medium
CN111210109A (en) Method and device for predicting user risk based on associated user and electronic equipment
CN117421311A (en) Data verification method, device, equipment and storage medium based on artificial intelligence
CN114218100A (en) Business model testing method, device, system, equipment, medium and program product
CN110457207A (en) Test method and related equipment based on machine learning model
CN113886780B (en) Client information verification method, device, medium and electronic equipment
US11205092B2 (en) Clustering simulation failures for triage and debugging

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant