CN118070141B - Artificial intelligence-based anti-fraud transaction identification method and system - Google Patents

Abstract

The application provides an artificial intelligence-based anti-fraud transaction identification method and system, which are used for generating more accurate second transaction operation behavior data by cleaning target class transaction characteristic elements in a financial transaction service space. The transaction behavior path is effectively acquired by using the graph self-attention network, and a key basis is provided for the anti-fraud identification strategy. By determining policy parameter data, anti-fraud recognition policies can be accurately enabled in the financial transaction service space. Further, through correlation analysis of risk nodes distributed in suspicious transactions and transaction behavior paths, fraud risk identification data representing potential fraud in a financial transaction service space is generated, so that the security and compliance of financial transactions are improved, fraud risks are obviously reduced, and risk prevention and control capability is enhanced.

Description

Artificial intelligence-based anti-fraud transaction identification method and system

Technical Field

The application relates to the technical field of digital financial services, in particular to an artificial intelligence-based anti-fraud transaction identification method and system.

Background

With the rapid development of financial science and technology and the continuous expansion of financial transaction service space, financial transaction behaviors are increasingly complex and various, and meanwhile, the fraud risk is increased. Traditional anti-fraud means often rely on manual auditing and rule judgment, and are difficult to deal with large-scale and high-frequency modern financial transaction scenarios. Therefore, how to effectively identify and prevent fraud in financial transactions and ensure healthy and stable development of financial markets has become a problem to be solved in the current financial industry.

In this context, artificial intelligence based anti-fraud transaction identification methods have evolved. Such methods automatically identify potential fraud by deep mining and analysis of financial transaction data using advanced artificial intelligence techniques, such as machine learning, deep learning, and the like. However, when the existing anti-fraud transaction identification method processes financial transaction data, the problems of low data quality, inaccurate feature extraction, low model generalization capability and the like are often faced, so that the identification effect is not ideal.

Disclosure of Invention

In view of the above, the present application is directed to an artificial intelligence based anti-fraud transaction identification method and system, which first obtains first transaction operation behavior data in a financial transaction service space, and cleans transaction characteristic elements of a target class therein to generate second transaction operation behavior data with higher quality. And then, acquiring a transaction behavior path of the second transaction operation behavior data through the self-attention network, and providing a basis for a subsequent anti-fraud identification strategy. And then, determining policy parameter data of the anti-fraud identification policy to be executed according to the transaction behavior path, wherein the policy parameter data comprises a policy enabling node and a policy enabling link. And finally, enabling an anti-fraud identification strategy in the financial transaction service space according to the strategy parameter data, acquiring suspicious transaction distribution of the anti-fraud identification strategy in the financial transaction service space, and generating fraud risk identification data through correlation analysis so as to characterize potential fraud in the financial transaction service space. Therefore, by combining advanced means such as artificial intelligence technology and graph self-attention network, the fraud in the financial transaction can be more accurately identified, and the safety and compliance of the financial transaction are improved.

According to a first aspect of the present application there is provided an artificial intelligence based anti-fraud transaction identification method, the method comprising:

acquiring first transaction operation behavior data in a financial transaction service space, and cleaning transaction characteristic elements of a target class in the first transaction operation behavior data to generate second transaction operation behavior data;

acquiring a transaction behavior path of the second transaction operation behavior data through a graph self-attention network;

Determining policy parameter data of an anti-fraud identification policy to be executed according to the transaction behavior path, wherein the policy parameter data comprises a policy enabling node and a policy enabling link of the anti-fraud identification policy;

Enabling a fraud prevention recognition strategy in the financial transaction service space according to the strategy parameter data, and acquiring suspicious transaction distribution of the fraud prevention recognition strategy in the financial transaction service space, wherein the suspicious transaction distribution comprises X suspicious transaction events, one suspicious transaction event corresponds to one risk node in the financial transaction service space, and X is a positive integer;

Performing association analysis on risk nodes corresponding to the X suspicious transaction events and the transaction behavior paths to generate fraud risk identification data of the financial transaction service space; the fraud risk identification data characterizes potential fraud in the financial transaction service space.

In a first aspect, in particular, the acquiring the first transaction operational behavior data in the financial transaction service space includes:

Acquiring at least one transaction session position obtained by monitoring in a financial transaction service space;

deriving each transaction session position to generate each derived transaction session position;

defining a data observation view angle corresponding to the financial transaction service space through a transaction monitoring control according to the derived space positioning service of each transaction session position in the financial transaction service space;

And acquiring first transaction operation behavior data in the financial transaction service space according to the data observation visual angle through a data observation tool.

In a first aspect, specifically, the acquiring the at least one transaction session location obtained by monitoring in the financial transaction service space includes:

determining a key transaction link to be tracked in a financial transaction service space;

the transaction monitoring is carried out on the key transaction link, and in the transaction monitoring process of the key transaction link, the session positions respectively corresponding to transaction subjects in different time nodes in the financial transaction service space are saved, so that a corresponding transaction session set is generated, wherein the transaction session set comprises Y session positions, and Y is a positive integer;

and carrying out time sequence decomposition processing on Y session positions in the transaction session set according to the set time domain parameters to generate at least one transaction session position.

In a first aspect, specifically, the cleaning the transaction feature element of the target class in the first transaction operation behavior data to generate second transaction operation behavior data includes:

determining target categories of feature elements to be cleaned in the financial transaction service space;

Each characteristic element in the first transaction operation behavior data is moved, and element categories of each characteristic element are determined;

if the element category of the transaction characteristic element is the target category, acquiring a business data item identifier corresponding to the transaction characteristic element in the financial transaction service space;

and defining the state of the business data item identifier as an invalid state so as to clean the transaction characteristic elements of the target class in the first transaction operation behavior data and generate second transaction operation behavior data.

In a first aspect, in particular, the transaction behavior path for acquiring the second transaction operational behavior data through the graph self-attention network includes:

Acquiring a graph self-attention algorithm characterized by the graph self-attention network, and defining at least one piece of observation weight information in the graph self-attention algorithm according to a data observation view angle in the financial transaction service space;

defining the attention type of the graph self-attention network as a transaction behavior link;

And extracting transaction behavior characteristics of the financial transaction service space according to the transaction behavior link by using a graph self-attention algorithm defined by the graph self-attention network, and generating a transaction behavior path of the second transaction operation behavior data.

In a first aspect, specifically, the determining, according to the transaction behavior path, policy parameter data of an anti-fraud identification policy to be executed includes:

Dividing the transaction behavior path into Z multiplied by Z transaction phases, determining Z multiplied by Z key nodes of the Z multiplied by Z transaction phases, wherein one transaction phase corresponds to one key node, and Z is a positive integer;

converting path positions of the Z multiplied by Z key nodes into risk index positions through transaction monitoring controls respectively;

determining policy-enabled links of Z X Z anti-fraud recognition policies to be executed according to the risk index positions of the Z X Z key nodes; a key node correspondingly enables an anti-fraud identification policy.

In a first aspect, in particular, the transaction behavior path includes risk incentive parameters of at least one transaction behavior instance in the second transaction operational behavior data, the risk incentive parameters characterizing a linkage weight between the respective transaction behavior instance and the linkage behavior instance;

the fraud risk identification data comprises risk identification results of X suspicious transaction events, any one of which is represented as suspicious transaction event w;

Performing association analysis on risk nodes corresponding to the X suspicious transaction events and the transaction behavior paths to generate fraud risk identification data of the financial transaction service space, including:

Performing risk quantification processing on suspicious transaction events w in the X suspicious transaction events according to a risk assessment model, and generating a risk quantification value of the suspicious transaction events w;

acquiring corresponding risk incentive parameters of the suspicious transaction event w in the transaction behavior path;

And performing association analysis according to the risk quantification value and the risk excitation parameter of the suspicious transaction event w to generate a risk identification result of the suspicious transaction event w.

In a first aspect, in particular, the risk recognition result of the suspicious transaction event w characterizes the suspicious transaction event w as a high fraud risk event or a low fraud risk event; performing association analysis according to the risk quantification value and the risk excitation parameter of the suspicious transaction event w, and generating a risk identification result of the suspicious transaction event w, including:

calculating the deviation degree between the risk quantification value and the risk excitation parameter of the suspicious transaction event w;

if the deviation is not less than the threshold deviation, the suspicious transaction event w is a high fraud risk event;

If the degree of deviation is less than a threshold degree of deviation, the suspicious transaction event w is a low fraud risk event.

In a first aspect, specifically, the performing risk quantification processing on the suspicious transaction event w in the X suspicious transaction events according to the risk assessment model, to generate a risk quantified value of the suspicious transaction event w, includes:

Calculating risk focusing parameters from the suspicious transaction event w to the linkage behavior instance according to the linkage behavior position of the linkage behavior instance, the transaction tracking link corresponding to the suspicious transaction event w and the suspicious transaction event w;

And carrying out risk quantification processing on the suspicious transaction event w according to the risk focusing parameters of the suspicious transaction event w and a risk assessment model to generate a risk quantification value of the suspicious transaction event w.

In a first aspect, in particular, the method further comprises:

determining a reference template transaction service space in a financial transaction service space, wherein the reference template transaction service space refers to a transaction service space without fraud risk;

Defining a reference positioning node of the linkage behavior instance through a transaction monitoring control according to the reference template transaction service space;

Acquiring reference transaction operation behavior data in the reference template transaction service space according to the reference positioning node by defining the linkage behavior instance of the reference positioning node;

and acquiring a reference transaction behavior path of the reference transaction operation behavior data through a graph self-attention network, and determining a risk assessment model according to the reference transaction behavior path.

In a first aspect, specifically, the determining a risk assessment model according to the reference transaction behavior path includes:

q reference transaction behavior examples are selected from the reference transaction behavior paths, wherein Q is a positive integer;

Determining transaction tracking links of the Q reference transaction links to be identified in a linkage mode according to the behavior service nodes of the Q reference transaction behavior instances, identifying the Q reference transaction links through the linkage behavior instances in the financial transaction service space according to the transaction tracking links of the Q reference transaction links to be identified in the linkage mode, and generating an identification result; the identification result comprises W reference suspicious transaction events, wherein W is a positive integer;

Calculating a reference risk focusing parameter from any reference suspicious transaction event r to the linkage behavior instance according to the linkage behavior position of the linkage behavior instance, the transaction tracking links of the Q reference transaction links and the W reference suspicious transaction events;

and establishing a risk assessment model according to the mapping relation between the reference risk focusing parameter and the risk excitation parameter of the reference suspicious transaction event r.

In a first aspect, in particular, the fraud risk identification data characterizes a suspicious transaction event w of the X suspicious transaction events as a high fraud risk event or a low fraud risk event; the correlation analysis is performed on the risk nodes corresponding to the X suspicious transaction events and the transaction behavior paths, and after the fraud risk identification data of the financial transaction service space is generated, the method further comprises the following steps:

If the suspicious transaction event w is a high fraud risk event, determining a corresponding potential fraud Tw of the suspicious transaction event w in the financial transaction service space;

Acquiring corresponding transaction data to be checked of the potential fraudulent activity Tw in the financial transaction service space;

Performing security audit processing on the transaction data to be audited, wherein the security audit processing comprises: isolation processing and trace-back processing.

According to a second aspect of the present application, there is provided an artificial intelligence based anti-fraud transaction identification system comprising a machine-readable storage medium storing machine-executable instructions and a processor, which when executing the machine-executable instructions, implements the aforementioned artificial intelligence based anti-fraud transaction identification method.

According to a third aspect of the present application, there is provided a computer readable storage medium having stored therein computer executable instructions which, when executed, implement the aforementioned artificial intelligence based anti-fraud transaction identification method.

According to any one of the aspects, the application has the technical effects that:

The application generates more accurate second transaction operational behavior data by cleaning target class transaction characteristic elements in the financial transaction service space. The transaction behavior path is effectively acquired by using the graph self-attention network, and a key basis is provided for the anti-fraud identification strategy. By determining policy parameter data, anti-fraud recognition policies can be accurately enabled in the financial transaction service space. Further, through correlation analysis of risk nodes distributed in suspicious transactions and transaction behavior paths, fraud risk identification data representing potential fraud in a financial transaction service space is generated, so that the security and compliance of financial transactions are improved, fraud risks are obviously reduced, and risk prevention and control capability is enhanced.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of an artificial intelligence based anti-fraud transaction identification method according to an embodiment of the present application.

Fig. 2 is a schematic diagram of the component structure of an artificial intelligence based anti-fraud transaction identification system for implementing the above artificial intelligence based anti-fraud transaction identification method according to an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it should be understood that the accompanying drawings in the present application are for the purpose of illustration and description only, and are not intended to limit the scope of the present application. In addition, it should be understood that the schematic drawings are not drawn to scale. A flowchart, as used in this disclosure, illustrates operations implemented in accordance with some embodiments of the present application. It should be understood that the operations of the flow diagrams may be implemented out of order and that steps without logical context may be performed in reverse order or concurrently. In addition, one skilled in the art, under the direction of the present disclosure, may add a plurality of other operations to the flowchart, or may destroy a plurality of operations from the flowchart.

Fig. 1 is a schematic flow chart of an artificial intelligence-based anti-fraud transaction identification method and system according to an embodiment of the present application, and it should be understood that, in other embodiments, part of steps in the artificial intelligence-based anti-fraud transaction identification method according to the present application may be shared with each other according to actual needs, or part of steps may be omitted or maintained. The anti-fraud transaction identification method based on artificial intelligence comprises the following detailed steps:

Step S110, first transaction operation behavior data in a financial transaction service space are obtained, and transaction characteristic elements of a target class in the first transaction operation behavior data are cleaned to generate second transaction operation behavior data.

In detail, the first transaction operation data refers to transaction operation data originally recorded in a financial transaction service space, including but not limited to interaction between a user and a financial system such as transfer, deposit, withdrawal, inquiry, etc. For example, it is assumed that a user performs a transfer operation on a bank APP, and detailed information (such as a transfer amount, a payee account, a transfer time, etc.) related to the operation is recorded as a piece of first transaction operation behavior data.

In financial transaction data, not all information is useful for subsequent analysis. The transaction characteristic elements of the target class refer to data characteristics which are irrelevant to specific analysis (such as fraud detection), and after cleaning and processing, the first transaction operation behavior data which has higher quality and is more suitable for subsequent analysis is obtained.

Thus, in this embodiment, in the financial transaction service space, the artificial intelligence-based anti-fraud transaction recognition system is used as a server to continuously receive various transaction operation requests including user login, balance inquiry, transfer, investment, etc. The server first obtains raw, raw transaction operational data from a financial transaction database or real-time data stream, which typically contains basic information of the transaction (transaction parties, time stamps, transaction amounts, etc.), but also has problems such as misspellings, non-uniform data formats, incomplete information, repeated records, or test transactions.

To promote accuracy of subsequent analysis, the server may employ a series of data cleansing algorithms, including removing duplicate entries, filling in missing values (e.g., using averages, medians, or predictive padding according to algorithms), formatting the data to ensure uniformity, and performing checksum correction (e.g., checksum algorithm) on erroneous data. For transaction data that is significantly abnormal, such as transaction amounts far beyond account balances or historical transaction patterns, the server may be marked as abnormal points or temporarily frozen for manual review.

After the data is cleaned, the server obtains a set of cleaned high-quality second transaction operation behavior data, and a solid foundation is provided for subsequent deep learning analysis.

Step S120, obtaining a transaction behavior path of the second transaction operation behavior data through the graph self-attention network.

In detail, the graph self-attention network is a deep learning model, particularly suitable for processing graph structure data. In a graph self-attention network, nodes can represent transaction operations, edges represent relationships between transactions, and the graph self-attention network can automatically learn and emphasize important features in the data. For example, considering transactions as nodes, relationships between transactions (e.g., consecutive transactions, common accounts) as edges, the graph self-attention network can learn and identify typical patterns of fraud.

The transaction path is defined as a path identified in the self-attention network that is formed by a series of associated transaction operations that reveal the flow of funds and the pattern of transaction activity. For example, a series of transfer operations may constitute a transaction path showing the path and speed of funds transfer from one account to another.

Thus, in this embodiment, the server imports the cleaned second transaction operational behavior data into the pre-built graph self-attention network model. In this graph self-attention network model, transactions are considered nodes of the graph, and relationships between transactions (like a user's continuous transactions, funds transfer between accounts) are considered edges. The self-attention network is able to automatically capture and emphasize salient features in the data and ignore noise and secondary information.

Each layer of the graph self-attention network learns and updates the representation of the nodes based on the input data (characteristics of the nodes and relationships of the edges) to more accurately capture complex patterns between transactions. In this process, the server may identify nodes that are highly correlated and that significantly affect transaction behavior, and organize the nodes according to the time series and logical associations of transactions to form a clear transaction behavior path.

Step S130, determining policy parameter data of an anti-fraud identification policy to be executed according to the transaction behavior path, wherein the policy parameter data comprises a policy enabling node and a policy enabling link of the anti-fraud identification policy.

In detail, the anti-fraud recognition strategy refers to a set of preset rules and algorithms for monitoring and analyzing transaction behavior in real time to recognize and prevent fraud. The policy parameter data is data defining specific actions of the anti-fraud identification policy, and comprises enabling conditions, threshold values, execution logic and the like of the policy. In the transaction path, certain nodes (i.e., transaction operations) are selected as key points for triggering anti-fraud identification policies due to having specific risk characteristics. The policy-enabled link refers to a series of transaction operations that connect the policy-enabled nodes together to form a complete transaction pattern that, when present, triggers the anti-fraud recognition policy.

Thus, in this embodiment, after having the transaction path diagram, the server may perform an exhaustive analysis of the transaction path to find possible high risk transaction patterns therein, such as fast-forward and fast-out funds, multiple transfers to the same account or final convergence to the same location through a series of intermediary accounts, which are often signals of fraudulent activity.

Based on these signals, the server will determine a specific set of anti-fraud recognition policies that will define in detail what transaction nodes need special attention (e.g., huge amounts, frequent, or blacklist account related transactions), what transaction links need to be intercepted or validated (e.g., successive cross-border transfers), these parameter data including not only policy-enabled thresholds (transaction amount upper limit, transfer frequency, etc.), but also policy execution logic and order.

Step S140, enabling an anti-fraud identification policy in the financial transaction service space according to the policy parameter data, and obtaining suspicious transaction distribution of the anti-fraud identification policy in the financial transaction service space, where the suspicious transaction distribution includes X suspicious transaction events, one suspicious transaction event corresponds to one risk node in the financial transaction service space, and X is a positive integer.

In detail, in the financial transaction service space, suspicious transaction distribution refers to the spatiotemporal distribution of a plurality of suspicious transaction events identified according to anti-fraud identification policies, which may not appear to be obvious alone, but whose aggregation and pattern may reveal the existence of fraud.

The risk nodes refer to points of transaction or accounts in the financial transaction service space that are highly correlated with fraud or directly involved in fraud, and these nodes may be critical parts of a fraudster's use to transfer funds, conceal identity, or conduct other fraudulent activities.

That is, in this embodiment, once the anti-fraud identification policies and their parameter data are determined, the server applies these anti-fraud identification policies in real-time within the financial transaction service space. All transactions flowing through the system are checked against predefined rules. Transactions that are in compliance with the fraudulent mode of behavior will be marked immediately while the system will generate a corresponding alert or automatically take defensive action (e.g., freeze account, require secondary verification, etc.).

Over time, servers will accumulate more and more transaction events marked as suspicious, which may appear inconspicuous alone, but when put together form a distribution pattern. By analyzing such suspicious transaction distributions, the server may identify hot spots of fraudulent activity, common practices, and potentially organizing networks.

And step S150, performing association analysis on risk nodes corresponding to the X suspicious transaction events and the transaction behavior paths to generate fraud risk identification data of the financial transaction service space. The fraud risk identification data characterizes potential fraud in the financial transaction service space.

In detail, the fraud risk identification data refers to a data set for identifying and evaluating fraud risk obtained by analyzing and correlating transaction behaviors, suspicious events, risk nodes and the like in a financial transaction service space, and the data can provide early warning, positioning and countermeasures about potential fraud to financial institutions.

Then, in this embodiment, after a large number of suspicious transaction events and their distribution are determined, the server may further perform a deep correlation analysis of these data with the original transaction behavior path. The server may look up multiple occurrences of risk nodes on the path (possibly a reused false account, money laundering intermediary or fraudulent partner's control account), analyzing the relevance, impact and trend of change between them.

Thus, the server ultimately generates a fraud risk identification data report detailing the major risk nodes, suspicious transaction links, and recommended countermeasures in the system (e.g., enhancing customer authentication flows, enhancing regulatory standards for cross-border transfers, etc.), which are critical to the financial institution because they can be used not only to instantaneously block ongoing fraudulent activity, but also to help the institution optimize long-term security policies and promote overall business risk prevention and control capabilities.

Based on the steps, the embodiment of the application generates more accurate second transaction operation behavior data by cleaning the target class transaction characteristic elements in the financial transaction service space. The transaction behavior path is effectively acquired by using the graph self-attention network, and a key basis is provided for the anti-fraud identification strategy. By determining policy parameter data, anti-fraud recognition policies can be accurately enabled in the financial transaction service space. Further, through correlation analysis of risk nodes distributed in suspicious transactions and transaction behavior paths, fraud risk identification data representing potential fraud in a financial transaction service space is generated, so that the security and compliance of financial transactions are improved, fraud risks are obviously reduced, and risk prevention and control capability is enhanced.

In one possible implementation, step S110 may include:

Step S111, obtaining at least one transaction session position obtained by monitoring in the financial transaction service space.

In this embodiment, a large number of transaction sessions are conducted at any time within the financial transaction service space. The server first captures and records, in real time, location information of these transaction sessions, which may include the place of origin, place of receipt, transit node, etc. of the transaction, through its built-in monitoring mechanism, which are stored in digitized form in the memory of the server.

For example, when user a transfers to user B via a mobile banking APP, the server may record the location of the initiation (user a's mobile IP address), the location of the receipt (the server node where user B's account is located), and possibly the transit node (e.g., payment gateway, clearing center, etc.), which form the basic framework of the transaction session location.

Step S112, deriving each transaction session position, and generating each derived transaction session position.

In the present embodiment of the present invention,

After the basic transaction session location information is obtained, the server may further derive the locations. The purpose of the derivative is to more fully understand the general view and potential risk of the transaction. The server can expand and supplement the transaction session location according to the type, amount, time, etc. of the transaction.

Taking the transfer transaction as an example, the server may derive other location information related to the transaction, such as historical transaction locations of user a and user B, associated account locations of user a and user B, etc., which may help the server more accurately determine the authenticity and legitimacy of the transaction.

Step S113, defining a data observation perspective corresponding to the financial transaction service space through a transaction monitoring control according to the derived space positioning service of each transaction session position in the financial transaction service space.

In this embodiment, after the derivation of the transaction session locations is completed, the server needs to define the viewing angle of the data observations from the location services of these locations in the financial transaction service space, which means that the server needs to determine from which angles, in which manner, to observe and analyze these transaction data.

For example, the server may set a particular viewing angle for the large transfer transaction based on the derived transaction session location, which may include multiple dimensions of the origin, the recipient, the transaction amount, the transaction time, etc. of the transaction so that the server can more fully monitor and analyze the risk of such transactions.

Step S114, obtaining, by a data observation tool, first transaction operation behavior data in the financial transaction service space according to the data observation perspective.

Finally, the server may utilize a data observation tool to obtain first transaction operational behavioral data in the financial transaction service space, based on the previously defined data observation perspectives, which are raw, raw transaction records that contain basic information and behavioral characteristics of the transaction.

For example, under a specific observation view angle of a large-amount transfer transaction, the server can acquire all transaction records meeting the view angle condition through the data observation tool, and the records comprise detailed information such as information of both sides of the transaction, transaction amount, transaction time stamp and the like, so that a basis is provided for subsequent data cleaning and analysis.

Therefore, the server can comprehensively acquire the first transaction operation behavior data in the financial transaction service space by the steps of acquiring the transaction session position, deriving the transaction session position, defining the data observation visual angle, utilizing the data observation tool and the like, and the data provides an important data basis for subsequent anti-fraud identification and risk prevention and control.

In one possible implementation, step S111 may include:

step S1111, determining a critical transaction link to be tracked in the financial transaction service space.

In the financial transaction service space, there are numerous transaction links, each representing a flow path for funds. The server first needs to determine which links are critical, i.e., those that may involve a large amount of money, a high risk, or require special attention.

For example, the server may analyze historical transaction data to find that a transaction link frequently has large transfers and involves multiple high risk accounts, and the link is marked as a critical transaction link and is the subject of server heavy monitoring.

Step S1112, performing transaction monitoring on the key transaction link, and storing session positions corresponding to the transaction subjects in the financial transaction service space at different time nodes respectively in the transaction monitoring process of the key transaction link, thereby generating a corresponding transaction session set, where the transaction session set includes Y session positions, and Y is a positive integer.

Once the critical transaction links are determined, the server will conduct real-time transaction monitoring of those links. During the monitoring process, the server may record the session locations of the transaction entity (e.g., account, user, etc.) at different time nodes.

Taking the account transfer transaction as an example, when the server monitors a large account transfer, it records the conversation positions of the initiator and the receiver of the transaction on different time nodes, such as the server node where the account of the initiator is located, the server node where the account of the receiver is located, the transfer node in the transaction process, and the like, and these conversation position information forms the basic elements of the transaction conversation set.

Step S1113, performing time sequence decomposition processing on the Y session positions in the transaction session set according to the set time domain parameter, so as to generate at least one transaction session position.

The transaction session set contains a large amount of session location information, which is arranged in time order. In order to analyze and process the data more conveniently, the server can perform time sequence decomposition processing on the session position according to the set time domain parameters.

The purpose of the time sequence decomposition processing is to split and reorganize the session positions in the transaction session set according to the time sequence, so that the server can know the whole process of the transaction more clearly. For example, the server may split the session locations in the transaction session set in units of minutes, hours, or days, and then make statistics and analysis of the session locations within each time unit. Through such processing, the server can obtain the conversation position distribution condition of the transaction main body in each time unit, thereby grasping the dynamic change and the potential risk of the transaction more accurately. Meanwhile, the processing results also provide important data support for subsequent anti-fraud identification and risk prevention and control.

Therefore, the server can comprehensively acquire the transaction session position information in the financial transaction service space through the steps of determining a key transaction link, carrying out transaction monitoring on the key transaction link, storing session position information, carrying out time sequence decomposition processing on the session position according to set time domain parameters and the like, and the information provides an important basis for subsequent data analysis and risk prevention and control.

In one possible implementation, step S110 may further include:

Step S115, determining a target category of the feature element to be cleaned in the financial transaction service space.

Before data cleansing, the server first needs to determine which feature elements are targets that need cleansing, which target categories may include duplicate data, erroneous data, obsolete data, and so forth.

For example, the server may discover a large number of recurring transaction records, which may be due to system failure or human error, by analyzing historical transaction data. To scrub these duplicate data, the server defines the duplicate transaction record as the target class of feature elements to be scrubbed.

Step S116, the element categories of the feature elements are determined by wandering the feature elements in the first transaction operation behavior data.

After determining the target category, the server starts to walk through the first transaction operation behavior data, checks characteristic elements in the first transaction operation behavior data one by one, and determines element categories of the first transaction operation behavior data.

Taking the transfer transaction as an example, characteristic elements possibly included in the first transaction operation behavior data include transaction amount, transaction time, account information of both transaction parties and the like. The server may examine these feature elements one by one and determine their element categories according to preset rules or algorithms, such as numeric, temporal, text, etc.

Step S117, if the element category of the transaction characteristic element is the target category, acquiring a business data item identifier corresponding to the transaction characteristic element in the financial transaction service space.

During the walk, if the server finds that the element category of a certain transaction feature element matches with the target category, it further obtains the corresponding business data item identifier of the feature element in the financial transaction service space.

Taking the repeated transaction record as an example, when the server finds that one transaction record is identical to a previous record, it can acquire service data item identifiers corresponding to the two records, such as a transaction serial number, an order number and the like.

Step S118, defining the state of the service data item identifier as an invalid state, so as to clean the transaction characteristic elements of the target class in the first transaction operation behavior data, and generate second transaction operation behavior data.

Finally, the server may define the status of the acquired service data item identifier as an invalid status, so as to wash out the transaction characteristic elements of the target classes from the first transaction operation behavior data, and generate washed second transaction operation behavior data.

Taking the repeated transaction record as an example, the server can set the service data item identifier corresponding to the repeated transaction record to be in an invalid state, so that the repeated records cannot be considered in subsequent data processing and analysis, and the accuracy and the effectiveness of the data are ensured.

Therefore, the server can effectively clean the first transaction operation behavior data in the financial transaction service space through the steps of determining the target category, the wandering feature element, acquiring the service data item identifier, defining the invalid state and the like, and generate more accurate and reliable second transaction operation behavior data.

In one possible implementation, step S120 may include:

Step S121, obtaining a graph self-attention algorithm represented by the graph self-attention network, and defining at least one observation weight information in the graph self-attention algorithm according to the data observation perspective in the financial transaction service space.

The server first obtains a graph self-attention algorithm characterized by a graph self-attention network, which is capable of processing graph structure data and capturing relationships between nodes through a self-attention mechanism. In a financial transaction service space, nodes may represent transactants, assets, or other entities, while edges represent interactions or relationships between them.

The server may then define observation weight information based on the observation perspective of the data in the financial transaction service space. For example, if the point of interest is a transaction amount, the server may assign a higher weight to nodes with larger transaction amounts; if the point of interest is the frequency of transactions, then the frequently transacted nodes may be given higher weights, and these weight information will be used to guide the graph's self-attention network in extracting the transaction behavioral characteristics.

Step S122, defining the attention type of the graph self-attention network as a transaction behavior link.

After defining the observation weight information, the server sets the type of interest of the graph self-attention network as a transaction behavior link, which means that the network will focus on capturing and analyzing links or paths directly related to the transaction behavior, which may include transfer paths between traders, flow paths of assets, etc.

For example, in a complex financial transaction network, a server may focus on the funds flow path from one transactor to another transactor. By analyzing these paths, the server can identify important traders, trade pairs, or trade patterns.

Step S123, extracting transaction behavior characteristics of the financial transaction service space according to the transaction behavior link through the graph self-attention algorithm defined by the graph self-attention network, and generating a transaction behavior path of the second transaction operation behavior data.

Finally, the server processes the data in the financial transaction service space using the defined graph self-attention algorithm and the observation weight information. The algorithm extracts relevant transaction performance characteristics, such as transaction amount, transaction time, transaction parties, etc., from the transaction performance link, which are combined and analyzed to generate a transaction performance path for the second transaction performance data.

For example, the server may discover that a particular transactor is frequently performing large transfers over a period of time, and that these transfers have passed through a particular intermediary account. By analyzing these transfer paths and features, the server can identify potential money laundering or fraud patterns and take appropriate action to prevent the risk in time.

Therefore, the server can accurately capture and analyze the transaction behavior path in the financial transaction service space through the steps of acquiring a graph self-attention algorithm, defining observation weight information, paying attention to a transaction behavior link, extracting transaction behavior characteristics and the like, and an important data basis is provided for subsequent market analysis, risk prediction and decision support.

In one possible implementation, step S130 may include:

Step S131, dividing the transaction behavior path into z×z transaction phases, and determining z×z key nodes of the z×z transaction phases, where one transaction phase corresponds to one key node, and Z is a positive integer.

The server first performs a detailed analysis of the acquired transaction paths. To better understand the overall transaction process, the server may divide this path into multiple transaction phases. In this example, it is assumed that the server divides the path into z×z transaction phases, which means that the entire transaction process is subdivided into z×z fractions.

Each transaction stage represents a particular link in the transaction process, such as initiating a transaction, verifying a transaction, executing a transaction, etc. In each transaction phase, the server may determine a critical node, which is the most important part of the phase, typically closely related to the security, compliance or risk of the transaction.

For example, during the verification transaction phase, the critical node may be the step of verifying the identity of both parties to the transaction. During the execution of the transaction phase, the critical node may be the actual operation of the funds transfer.

And step S132, converting the path positions of the Z multiplied by Z key nodes into risk index positions through transaction monitoring controls.

Once the critical nodes are determined, the server uses the transaction monitoring control to further analyze the nodes. The transaction monitoring control is a tool specifically used to monitor and analyze transaction behavior that can help the server identify potential risk points.

In this step, the server may use the transaction monitoring control to convert the path location of each key node into a risk indicator location, which means that the server may assign a corresponding risk indicator to each node according to its role and importance in the transaction process, where the risk indicator reflects the possibility of fraud for that node.

For example, if a critical node is the step of verifying the identity of both parties to a transaction, the server may assign a higher risk indicator to this node based on historical data and the current transaction environment, as identity verification is an important element in preventing fraud.

And step S133, determining policy-enabled links of Z X Z anti-fraud identification policies to be executed according to the risk index positions of the Z X Z key nodes. A key node correspondingly enables an anti-fraud identification policy.

Finally, the server may determine the anti-fraud identification policy to be executed based on the risk indicator location of each key node. In this example, since there are z×z critical nodes, the server can determine the policy-enabled links for the z×z anti-fraud identification policies.

Each policy-enabled link corresponds to a critical node and is tailored to the risk indicator location of that node, meaning that the server can formulate a more stringent anti-fraud policy for each high risk node and a relatively relaxed policy for low risk nodes.

For example, for a high risk node that verifies the identity of both parties to a transaction, the server may enable a multi-factor authentication policy that requires both parties to the transaction to provide additional authentication information. For low risk nodes, the server can use a simple monitoring strategy, and only needs to perform basic transaction record and analysis.

Therefore, through the steps of dividing a transaction stage, determining key nodes, converting risk index positions, determining a strategy starting link and the like, the server can effectively determine parameter data of an anti-fraud identification strategy to be executed according to a transaction behavior path, and powerful support is provided for guaranteeing the safety and compliance of financial transactions.

In one possible implementation, the transaction behavior path includes risk incentive parameters for at least one transaction behavior instance in the second transaction operational behavior data, the risk incentive parameters characterizing a linkage weight between the respective transaction behavior instance and a linkage behavior instance.

The fraud risk identification data includes risk identification results of X suspicious transaction events, any one of which is represented as suspicious transaction event w.

Step S150 may include:

Step S151, performing risk quantification processing on the suspicious transaction event w in the X suspicious transaction events according to the risk assessment model, and generating a risk quantified value of the suspicious transaction event w.

Step S152, acquiring risk incentive parameters corresponding to the suspicious transaction event w in the transaction behavior path.

And step 153, performing association analysis according to the risk quantification value and the risk excitation parameter of the suspicious transaction event w, and generating a risk identification result of the suspicious transaction event w.

In this embodiment, the server first uses the risk assessment model to analyze the detected X suspicious transaction events one by one. In this example, one of the particular suspicious transaction events is of interest, referred to as suspicious transaction event w.

The risk assessment model is a tool used by the server to quantify the risk level of transaction events. It may be constructed based on machine learning algorithms, statistical models or rule engines, etc., and can evaluate the risk level of transaction events based on their characteristics (e.g., transaction amount, transaction time, historical behavior of both parties, etc.).

For suspicious transaction event w, the server may input it into a risk assessment model, and through calculation and processing of the model, output a risk quantification value, which is a numerical value or score that reflects the size of the likelihood that suspicious transaction event w is at risk for fraud. The higher the value, the greater the risk is indicated; the lower the value, the less risk is indicated.

Next, the server may view the location of the suspicious transaction event w in the transaction activity path and related information. The transaction path records the sequence and association of a series of transaction actions in the financial transaction service space, including risk incentive parameters for each transaction action instance.

The risk incentive parameters are parameters that characterize the linkage weights between the respective transaction instances and the linkage instances. In financial transactions, certain transactions may trigger or affect the occurrence of other transactions, and such linkage may be quantified by risk incentive parameters. For example, a large transfer transaction may increase the risk of subsequent transactions to the associated account, and thus the risk incentive parameters may be set higher.

For suspicious transaction event w, the server may find the transaction instance corresponding to it in the transaction path and obtain the risk incentive parameters for that instance, which will be used in subsequent correlation analysis to help more accurately assess the risk level of suspicious transaction event w.

Finally, the server performs association analysis by combining the risk quantification value and the risk incentive parameter of the suspicious transaction event w. Associative analysis is a data mining technique for finding interesting relationships or patterns between different items in a dataset.

In this scenario, the server may utilize a correlation analysis algorithm (e.g., apriori, FP-Growth, etc.) to comprehensively analyze risk quantification values and risk incentive parameters for suspicious transaction event w. By analyzing the association relationship and the influence degree between the two factors, the server can generate a more comprehensive and accurate risk identification result.

The risk identification result may be a classification result (fraud/non-fraud) or a risk score or risk level. It will provide important reference information to financial institutions, helping them take the necessary measures in time to prevent and deal with potential fraud risks.

In one possible implementation, the risk identification result of the suspicious transaction event w characterizes the suspicious transaction event w as a high fraud risk event or a low fraud risk event. Step S153 may include:

step S1531, calculating the risk quantification value of the suspicious transaction event w and the deviation degree between risk excitation parameters.

Step S1532, if the deviation is not less than a threshold deviation, the suspicious transaction event w is a high fraud risk event.

Step S1533, if the degree of deviation is less than a threshold degree of deviation, the suspicious transaction event w is a low fraud risk event.

In this embodiment, the server first calculates the deviation between the risk quantification value of the suspicious transaction event w and the risk incentive parameter. The risk quantification value is a value obtained after the risk quantification processing is carried out on the transaction event by the server through the risk assessment model, and reflects the possibility of fraud risk of the transaction event. The risk incentive parameter is a risk weight associated with the transaction event in the transaction behavior path, and the risk weight characterizes the association degree between the transaction event and other linkage behaviors.

The deviation degree calculation can adopt various methods, such as Euclidean distance, mahalanobis distance, cosine similarity and the like. In this scenario, the server may employ a bias calculation method suitable for financial transaction data, such as a distance measurement method based on statistical distribution. By calculating the degree of deviation between the risk quantification value and the risk incentive parameter, the server can quantify the degree of inconsistency or degree of abnormality between the two indexes.

The server may then compare the calculated degree of deviation to a predetermined threshold degree of deviation. The threshold deviation is a threshold set by the server according to historical data, business rules, expert experience, or the like, and is used for dividing the boundaries of the high fraud risk event and the low fraud risk event.

If the deviation of the suspicious transaction event w is not less than the threshold deviation, a large inconsistency or abnormality between the risk quantification value of the transaction event and the risk incentive parameter is indicated, which may be due to fraudulent activity. Thus, the server may determine the transaction event as a high fraud risk event.

In contrast, if the deviation degree of the suspicious transaction event w is smaller than the threshold deviation degree, the consistency between the risk quantification value of the transaction event and the risk incentive parameter is better, and no obvious abnormal performance exists. In this case, the server may determine the transaction event as a low fraud risk event.

Therefore, by calculating the deviation degree between the risk quantification value of the suspicious transaction event and the risk incentive parameter and comparing the deviation degree with the threshold deviation degree, the server can accurately identify the high-fraud risk event and the low-fraud risk event, thereby providing important risk identification results for financial institutions, helping the financial institutions to timely find and cope with potential fraud, and guaranteeing the safety and compliance of financial transactions.

In one possible implementation, step S151 may include:

Step S1511, calculating a risk focusing parameter from the suspicious transaction event w to the linkage behavior instance according to the linkage behavior position where the linkage behavior instance is located, the transaction tracking link corresponding to the suspicious transaction event w, and the suspicious transaction event w.

In this embodiment, the server first focuses on the relationship between suspicious transaction events w and the linkage behavior instance. Linkage behavior instances refer to other transaction behaviors or events associated with a suspicious transaction event w in a financial transaction service space, which may be associated with or have some risk of affecting the suspicious transaction event w.

To quantify this association or effect, the server may calculate a risk focus parameter between the suspicious transaction event w and the linked action instance that reflects the degree of focus or strength of association between the suspicious transaction event w and the linked action instance on risk.

When the risk focusing parameter is calculated, the server can consider a plurality of factors including the linkage behavior position where the linkage behavior instance is located, the transaction tracking link corresponding to the suspicious transaction event w, the characteristics of the suspicious transaction event w and the like. The linkage action location refers to the location or node of the linkage action instance in the financial transaction service space, which may affect the degree of risk association with the suspicious transaction event w. The transaction tracking link records the transaction flow and related information of the suspicious transaction event w, which is helpful for the server to more fully understand the risk background of the event.

By taking these factors into account, the server can calculate a risk focus parameter between the suspicious transaction event w and the linked behavior instance, which will be used in subsequent risk quantification processes to more accurately assess the risk level of the suspicious transaction event w.

Step S1512, according to the risk focusing parameters of the suspicious transaction event w, performing risk quantification processing on the suspicious transaction event w according to a risk assessment model, and generating a risk quantification value of the suspicious transaction event w.

In this embodiment, after calculating the risk focusing parameter from the suspicious transaction event w to the linkage behavior instance, the server will use the parameter and the risk assessment model to perform risk quantification processing on the suspicious transaction event w. The risk assessment model is a tool used by the server to assess the risk level of transaction events, and may be constructed based on machine learning algorithms, statistical models, or rule engines, etc.

Specifically, the server may take the risk focus parameter as one of the inputs, and take it into consideration comprehensively with other factors in the risk assessment model (e.g., transaction amount, transaction time, historical behavior of both parties, etc.). Through the calculation and processing of the model, the server may output a risk quantification value for the suspicious transaction event w, which is a numerical value or score reflecting the size of the likelihood that the suspicious transaction event w is at risk for fraud. The higher the value, the greater the risk is indicated; the lower the value, the less risk is indicated.

Thus, by calculating risk focus parameters and performing risk quantification using a risk assessment model, the server can generate a risk quantified value for suspicious transaction event w that will provide important reference information to financial institutions to help them discover and deal with potential fraud in a timely manner.

In one possible embodiment, the method further comprises:

step S101, determining a reference template transaction service space in the financial transaction service space, wherein the reference template transaction service space refers to a transaction service space without fraud risk.

In this embodiment, the server first determines a reference template transaction service space in the financial transaction service space, where the reference template transaction service space is a transaction service space that is free of fraud risk and represents normal and legal financial transaction behavior. To construct such a template, the server may collect and analyze a large amount of historical transaction data, screening those transaction instances that are identified as normal, risk-free.

Such data may come from multiple channels and types of financial transactions, such as bank transfers, securities transactions, insurance claims, etc. Through the in-depth analysis and processing of this data, the server is able to refine a reference template transaction service space that represents normal transaction behavior.

Step S102, defining a reference positioning node of the linkage behavior example through a transaction monitoring control according to the reference template transaction service space.

Next, the server may define a reference location node for the linkage action instance in a reference template transaction service space using the transaction monitoring control. A linkage action instance refers to an action or event that has an association or effect with other transaction actions in a financial transaction. The reference positioning node is the identification or positioning point of the linkage behavior examples in the reference template transaction service space.

By defining these reference positioning nodes, the server is able to more accurately track and identify normal patterns of coordinated behavior, which facilitates subsequent identification of abnormal or fraudulent behavior in the actual transaction service space that is inconsistent with the normal pattern.

Step S103, obtaining reference transaction operation behavior data in the reference template transaction service space according to the reference positioning node by defining the linkage behavior instance of the reference positioning node.

After defining the reference location nodes, the server can obtain reference transaction operation behavior data in the reference template transaction service space through the nodes, wherein the data represent specific operations and practices of normal transaction behaviors, including transaction types, transaction amounts, transaction time, information of transaction parties and the like.

The server can analyze and process the data in detail to extract the characteristics and rules of normal transaction behavior, which are used for constructing a risk assessment model to help the server to more accurately identify potential fraud risks in the actual transaction service space.

Step S104, obtaining a reference transaction behavior path of the reference transaction operation behavior data through a self-attention network, and determining a risk assessment model according to the reference transaction behavior path.

Finally, the server may analyze the reference transaction operational performance data using the graph self-attention network to obtain a reference transaction performance path. The self-attention network is an advanced machine learning algorithm that can capture critical information and patterns in complex data structures.

By analyzing the reference transaction operational behavior data, the graph self-attention network can extract a reference transaction behavior path representing normal transaction behavior, which reflects the flow track and association relationship of the normal transaction behavior in the financial transaction service space.

Based on this reference transaction path, the server may determine a risk assessment model that will be used to assess the risk level of transaction in the actual transaction service space, helping the server to discover and deal with potential fraud in time. By continuously adjusting and optimizing the model, the server can improve the safety and compliance of financial transactions and ensure the benefits of financial institutions and clients.

In one possible implementation, step S104 may include:

Step S1041, selecting Q reference transaction instances in the reference transaction path, where Q is a positive integer.

In this embodiment, the server will first select Q reference transaction instances in the extracted reference transaction paths, where the reference transaction instances represent normal and legal transaction behaviors, and are the basic data for constructing the risk assessment model. Q is a positive integer whose value depends on the required model accuracy and the amount of data available.

The server may select the most representative Q transaction instances from the reference transaction paths using random sampling, cluster analysis, or other statistical methods, which will be used for subsequent analysis and model construction.

Step S1042, determining transaction tracking links of Q reference transaction links to be identified in a linkage manner according to the behavior service nodes of the Q reference transaction behavior instances, and identifying the Q reference transaction links through the linkage behavior instances in the financial transaction service space according to the transaction tracking links of the Q reference transaction links to be identified in a linkage manner, so as to generate an identification result. The identification result comprises W reference suspicious transaction events, and W is a positive integer.

In this embodiment, the server may then determine, according to the behavior service nodes of the Q reference transaction behavior instances, a transaction tracking link of the Q reference transaction links to be identified in a coordinated manner. The behavior service node refers to a key node or link of transaction behavior in a financial transaction service space, such as initiating transaction, auditing transaction, completing transaction and the like.

The server can construct Q complete reference transaction links by analyzing the association relation between the behavior service nodes and the flow track of transaction data, and the links reflect the complete flow and path of normal transaction behaviors in the financial transaction service space.

The server may then use these transaction tracking links to identify the Q reference transaction links by way of example of linkage behavior in the financial transaction service space. A linkage action instance refers to other actions or events associated with a transaction, such as user login, funds transfer, order generation, etc. By identifying these linkage behavior instances, the server is able to more fully understand the context and context information of the transaction behavior.

The identification process may involve algorithms and techniques such as pattern matching, association rule mining, etc. Finally, the server may generate an identification result containing W reference suspicious transaction events that, while identified in the normal transaction behavioral path, may have some anomalies or risk features that require further analysis and processing.

Step S1043, calculating a reference risk focusing parameter from any reference suspicious transaction event r to the linkage behavior instance according to the linkage behavior position where the linkage behavior instance is located, the transaction tracking links of the Q reference transaction links, and the W reference suspicious transaction events.

For each reference suspicious transaction event r in the identification result, the server may calculate a reference risk focus parameter for its to the linked action instance, which reflects the degree of risk association or focus between the suspicious transaction event and the linked action instance.

The calculation process may involve a comprehensive consideration of various factors, such as transaction amount, transaction time, transaction type, historical behavior of both parties to the transaction, and the like. The server can calculate a value or score to represent the risk association degree between the reference suspicious transaction event r and the linkage behavior instance by using the data and the analysis algorithm, wherein the higher the value is, the larger the risk is; the lower the value, the less risk is indicated.

Step S1044, establishing a risk assessment model according to the mapping relationship between the reference risk focusing parameter and the risk excitation parameter of the reference suspicious transaction event r.

Finally, the server may establish a risk assessment model according to the calculated mapping relationship between the reference risk focus parameter and the risk excitation parameter of the reference suspicious transaction event r. Risk incentive parameters refer to other risk factors or indicators associated with the traffic practice, such as user credit score, device security level, etc.

By analyzing and mining the inherent relationships and laws between these parameters, the server can build a model that can accurately assess the risk level of transaction behavior, which will be used in subsequent actual transaction monitoring to help the server discover and deal with potential fraud in time. The construction of the model may involve the application of a variety of techniques and methods, such as machine learning algorithms, statistical models, or rules engines.

In one possible embodiment, the fraud risk identification data characterizes a suspicious transaction event w of the X suspicious transaction events as a high fraud risk event or a low fraud risk event. The correlation analysis is performed on the risk nodes corresponding to the X suspicious transaction events and the transaction behavior paths, and after the fraud risk identification data of the financial transaction service space is generated, the method further comprises the following steps:

Step S160, if the suspicious transaction event w is a high fraud risk event, determining a corresponding potential fraud Tw of the suspicious transaction event w in the financial transaction service space.

In this embodiment, once the server identifies that the suspicious transaction event w is a high fraud risk event through the risk assessment model, the potential fraud Tw corresponding to the suspicious transaction event w is immediately located in the financial transaction service space. Potential fraud Tw refers to specific actions or operations associated with suspicious transaction events w that may constitute fraud.

The server may utilize the transaction monitoring controls and data analysis tools to conduct in-depth analysis and mining of suspicious transaction events w to determine potential fraud Tw behind them, which may involve comprehensive analysis and judgment of aspects of transaction data, user behavior, transaction links, and the like.

Step S170, obtaining the transaction data to be checked corresponding to the potential fraud Tw in the financial transaction service space.

After determining the potential fraudulent activity Tw, the server may immediately acquire the transaction data to be checked corresponding to the activity in the financial transaction service space. Pending transaction data refers to specific transaction data associated with potential fraudulent activity Tw, which may contain significant evidence and information to aid in further verifying and confirming the presence of fraudulent activity.

The server can quickly and accurately extract transaction data to be checked related to potential fraudulent activity Tw from a huge financial transaction database by utilizing a data retrieval and query tool, wherein the data can comprise detailed information of transaction amount, transaction time, information of both transaction sides, transaction type and the like.

Step S180, performing security audit processing on the transaction data to be audited, where the security audit processing includes: isolation processing and trace-back processing.

After the transaction data to be checked is obtained, the server can conduct security checking processing on the transaction data to further verify and confirm the existence of fraudulent behaviors, and corresponding measures are taken to deal with risks. The security audit process may include any one or more of an isolation process and a trace back process.

Isolation treatment: the server may quarantine transaction accounts, funds, or other related resources associated with potential fraud Tw to prevent further spread of fraud or cause greater loss. The quarantine process may involve measures to temporarily freeze accounts, limit transaction rights, and the like.

Trace back processing: the server may perform deep traceability and analysis of potential fraud Tw to find the source and back operator of fraud, which may involve deep mining and analysis of aspects of transaction data, user behavior logs, etc., and collaborative coordination with relevant institutions and departments.

Through the security audit processing, the server can further confirm the existence of fraudulent behaviors and take corresponding measures to ensure the security and compliance of financial transactions, which is helpful for protecting the interests of financial institutions and clients and maintaining the stability and healthy development of financial markets.

The artificial intelligence based anti-fraud transaction identification system 100 shown in fig. 2 includes: a processor 1001 and a memory 1003. The processor 1001 is coupled to the memory 1003, such as via a bus 1002. Optionally, the artificial intelligence based anti-fraud transaction identification system 100 may also include a transceiver 1004, where the transceiver 1004 may be used for data interactions between the server and other servers, such as transmission of data and/or reception of data, etc. It should be noted that the transceiver 1004 is not limited to one embodiment in actual scheduling, and the structure of the anti-fraud transaction identifying system 100 based on artificial intelligence is not limited to the embodiment of the present application.

The Processor 1001 may be a CPU (Central Processing Unit ), general purpose Processor, DSP (DIGITAL SIGNAL Processor, data signal Processor), ASIC (Application SpecificIntegrated Circuit ), FPGA (FieldProgrammable GATE ARRAY, field programmable gate array) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with this disclosure. The processor 1001 may also be a combination that implements computing functionality, such as a combination comprising one or more microprocessors, a combination of a DSP and a microprocessor, or the like.

Bus 1002 may include a path to transfer information between the components. Bus 1002 may be a PCI (PERIPHERAL COMPONENT INTERCONNECT, peripheral component interconnect standard) bus, or an EISA (ExtendedIndustryStandard Architecture ) bus, or the like. The bus 1002 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 2, but not only one bus or one type of bus.

The Memory 1003 may be, but is not limited to, ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, RAM (Random Access Memory ) or other type of dynamic storage device that can store information and instructions, EEPROM (ELECTRICALLY ERASABLEPROGRAMMABLE READ ONLY MEMORY ), CD-ROM (Compact DiscRead Only Memory, compact disc Read Only Memory) or other optical disk storage, optical disk storage (including compact discs, laser discs, optical discs, digital versatile discs, blu-ray discs, etc.), magnetic disk storage media, other magnetic storage devices, or any other medium that can be used to carry or store program code and that can be Read by a computer.

The memory 1003 is used for storing program codes for executing the embodiments of the present application and is controlled to be executed by the processor 1001. The processor 1001 is configured to execute the program code stored in the memory 1003 to implement the steps shown in the foregoing method embodiment.

Embodiments of the present application provide a computer readable storage medium having program code stored thereon, which when executed by a processor, implements the steps of the foregoing method embodiments and corresponding content.

It should be understood that, although various operation steps are indicated by arrows in the flowcharts of the embodiments of the present application, the order in which these steps are implemented is not limited to the order indicated by the arrows. In some implementations of embodiments of the application, the implementation steps in the flowcharts may be performed in other orders based on demand, unless explicitly stated herein. Furthermore, depending on the actual implementation scenario, some or all of the steps in the flowcharts may include multiple sub-steps or multiple stages, some or all of which may be performed at the same time, and each of which may be performed at different times, respectively. In the case of different execution timings, the execution order of the sub-steps or stages may be flexibly configured based on requirements, which is not limited by the embodiment of the present application.

The foregoing is merely an optional implementation manner of some of the implementation scenarios of the present application, and it should be noted that, for those skilled in the art, other similar implementation manners according to the technical idea of the present application may be adopted without departing from the technical idea of the solution of the present application, which is also within the protection scope of the embodiments of the present application.

Claims (8)

1. An artificial intelligence based anti-fraud transaction identification method, the method comprising:

acquiring first transaction operation behavior data in a financial transaction service space, and cleaning transaction characteristic elements of a target class in the first transaction operation behavior data to generate second transaction operation behavior data;

the first transaction operation behavior data refer to transaction operation data originally recorded in a financial transaction service space, and the transaction operation data comprise transaction amount, transaction time and historical behaviors of two transaction parties;

acquiring a transaction behavior path of the second transaction operation behavior data through a graph self-attention network;

Determining policy parameter data of an anti-fraud identification policy to be executed according to the transaction behavior path, wherein the policy parameter data comprises a policy enabling node and a policy enabling link of the anti-fraud identification policy;

Enabling a fraud prevention recognition strategy in the financial transaction service space according to the strategy parameter data, and acquiring suspicious transaction distribution of the fraud prevention recognition strategy in the financial transaction service space, wherein the suspicious transaction distribution comprises X suspicious transaction events, one suspicious transaction event corresponds to one risk node in the financial transaction service space, and X is a positive integer;

performing association analysis on risk nodes corresponding to the X suspicious transaction events and the transaction behavior paths to generate fraud risk identification data of the financial transaction service space; the fraud risk identification data characterizes potential fraud in the financial transaction service space;

the transaction behavior path comprises risk incentive parameters of at least one transaction behavior instance in the second transaction operation behavior data, wherein the risk incentive parameters represent linkage weights between corresponding transaction behavior instances and linkage behavior instances;

the fraud risk identification data comprises risk identification results of X suspicious transaction events, any one of which is represented as suspicious transaction event w;

Performing association analysis on risk nodes corresponding to the X suspicious transaction events and the transaction behavior paths to generate fraud risk identification data of the financial transaction service space, including:

Performing risk quantification processing on suspicious transaction events w in the X suspicious transaction events according to a risk assessment model, and generating a risk quantification value of the suspicious transaction events w;

acquiring corresponding risk incentive parameters of the suspicious transaction event w in the transaction behavior path;

Performing association analysis according to the risk quantification value and the risk excitation parameter of the suspicious transaction event w to generate a risk identification result of the suspicious transaction event w;

The risk identification result of the suspicious transaction event w characterizes the suspicious transaction event w as a high fraud risk event or a low fraud risk event; performing association analysis according to the risk quantification value and the risk excitation parameter of the suspicious transaction event w, and generating a risk identification result of the suspicious transaction event w, including:

calculating the deviation degree between the risk quantification value and the risk excitation parameter of the suspicious transaction event w;

if the deviation is not less than the threshold deviation, the suspicious transaction event w is a high fraud risk event;

If the degree of deviation is less than a threshold degree of deviation, the suspicious transaction event w is a low fraud risk event.

2. The artificial intelligence based anti-fraud transaction identification method of claim 1, wherein the acquiring the first transaction operational behavior data in the financial transaction service space includes:

Determining a key transaction link to be tracked in a financial transaction service space, performing transaction monitoring on the key transaction link, and storing session positions respectively corresponding to transaction subjects in different time nodes in the financial transaction service space in the transaction monitoring process of the key transaction link, thereby generating a corresponding transaction session set, wherein the transaction session set comprises Y session positions, and Y is a positive integer;

Performing time sequence decomposition processing on Y session positions in the transaction session set according to a set time domain parameter to generate at least one transaction session position, and deriving each transaction session position to generate each derived transaction session position;

defining a data observation view angle corresponding to the financial transaction service space through a transaction monitoring control according to the derived space positioning service of each transaction session position in the financial transaction service space;

And acquiring first transaction operation behavior data in the financial transaction service space according to the data observation visual angle through a data observation tool.

3. The artificial intelligence based anti-fraud transaction identification method of claim 2, wherein the cleaning the transaction characteristic elements of the target class in the first transaction operational behaviour data to generate second transaction operational behaviour data includes:

determining target categories of feature elements to be cleaned in the financial transaction service space;

Each characteristic element in the first transaction operation behavior data is moved, and element categories of each characteristic element are determined;

if the element category of the transaction characteristic element is the target category, acquiring a business data item identifier corresponding to the transaction characteristic element in the financial transaction service space;

and defining the state of the business data item identifier as an invalid state so as to clean the transaction characteristic elements of the target class in the first transaction operation behavior data and generate second transaction operation behavior data.

4. An artificial intelligence based anti-fraud transaction identification method according to claim 3, wherein the obtaining a transaction behaviour path of the second transaction operational behaviour data through a graph self-attention network includes:

Acquiring a graph self-attention algorithm characterized by the graph self-attention network, and defining at least one piece of observation weight information in the graph self-attention algorithm according to a data observation view angle in the financial transaction service space;

defining the attention type of the graph self-attention network as a transaction behavior link;

And extracting transaction behavior characteristics of the financial transaction service space according to the transaction behavior link by using a graph self-attention algorithm defined by the graph self-attention network, and generating a transaction behavior path of the second transaction operation behavior data.

5. The artificial intelligence based anti-fraud transaction identification method according to claim 1, wherein the determining policy parameter data of an anti-fraud identification policy to be executed according to the transaction behavior path includes:

Dividing the transaction behavior path into Z multiplied by Z transaction phases, determining Z multiplied by Z key nodes of the Z multiplied by Z transaction phases, wherein one transaction phase corresponds to one key node, and Z is a positive integer;

converting path positions of the Z multiplied by Z key nodes into risk index positions through transaction monitoring controls respectively;

determining policy-enabled links of Z X Z anti-fraud recognition policies to be executed according to the risk index positions of the Z X Z key nodes; a key node correspondingly enables an anti-fraud identification policy.

6. The artificial intelligence based anti-fraud transaction identification method according to claim 1, wherein the performing risk quantification processing on a suspicious transaction event w in the X suspicious transaction events according to a risk assessment model, generating a risk quantified value of the suspicious transaction event w includes:

Calculating risk focusing parameters from the suspicious transaction event w to the linkage behavior instance according to the linkage behavior position of the linkage behavior instance, the transaction tracking link corresponding to the suspicious transaction event w and the suspicious transaction event w;

Performing risk quantification processing on the suspicious transaction event w according to the risk focusing parameters of the suspicious transaction event w and a risk assessment model to generate a risk quantification value of the suspicious transaction event w;

Wherein the method further comprises:

determining a reference template transaction service space in a financial transaction service space, wherein the reference template transaction service space refers to a transaction service space without fraud risk;

Defining a reference positioning node of the linkage behavior instance through a transaction monitoring control according to the reference template transaction service space;

Acquiring reference transaction operation behavior data in the reference template transaction service space according to the reference positioning node by defining the linkage behavior instance of the reference positioning node;

Acquiring a reference transaction behavior path of the reference transaction operation behavior data through a graph self-attention network, and selecting Q reference transaction behavior examples from the reference transaction behavior path, wherein Q is a positive integer;

Determining transaction tracking links of the Q reference transaction links to be identified in a linkage mode according to the behavior service nodes of the Q reference transaction behavior instances, identifying the Q reference transaction links through the linkage behavior instances in the financial transaction service space according to the transaction tracking links of the Q reference transaction links to be identified in the linkage mode, and generating an identification result; the identification result comprises W reference suspicious transaction events, wherein W is a positive integer;

Calculating a reference risk focusing parameter from any reference suspicious transaction event r to the linkage behavior instance according to the linkage behavior position of the linkage behavior instance, the transaction tracking links of the Q reference transaction links and the W reference suspicious transaction events;

and establishing a risk assessment model according to the mapping relation between the reference risk focusing parameter and the risk excitation parameter of the reference suspicious transaction event r.

7. The artificial intelligence based anti-fraud transaction identification method of claim 1, wherein the fraud risk identification data characterizes a suspicious transaction event w of the X suspicious transaction events as a high fraud risk event or a low fraud risk event; the correlation analysis is performed on the risk nodes corresponding to the X suspicious transaction events and the transaction behavior paths, and after the fraud risk identification data of the financial transaction service space is generated, the method further comprises the following steps:

If the suspicious transaction event w is a high fraud risk event, determining a corresponding potential fraud Tw of the suspicious transaction event w in the financial transaction service space;

Acquiring corresponding transaction data to be checked of the potential fraudulent activity Tw in the financial transaction service space;

Performing security audit processing on the transaction data to be audited, wherein the security audit processing comprises: isolation processing and trace-back processing.

8. An artificial intelligence based anti-fraud transaction identification system comprising a processor and a computer readable storage medium storing machine executable instructions that when executed by the processor implement the artificial intelligence based anti-fraud transaction identification method of any of claims 1-7.