CN114580815B - Method and system for evaluating business message risk level by integrating multiple evaluation strategies - Google Patents
Method and system for evaluating business message risk level by integrating multiple evaluation strategies Download PDFInfo
- Publication number
- CN114580815B CN114580815B CN202011399585.0A CN202011399585A CN114580815B CN 114580815 B CN114580815 B CN 114580815B CN 202011399585 A CN202011399585 A CN 202011399585A CN 114580815 B CN114580815 B CN 114580815B
- Authority
- CN
- China
- Prior art keywords
- evaluation
- message
- policies
- risk level
- policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
Landscapes
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Engineering & Computer Science (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Economics (AREA)
- Operations Research (AREA)
- Game Theory and Decision Science (AREA)
- Development Economics (AREA)
- Marketing (AREA)
- Educational Administration (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
本公开涉及一种融合评估策略集中的评估策略来评估业务消息的风险等级的方法和系统。所述方法包括:接收业务消息;根据所述业务消息获取相关联的一个或多个参数,所述一个或多个参数至少包括所述业务消息的源、所述业务消息的目的地、所述业务消息的发生时间;针对所述评估策略集中的每一评估策略,将所述一个或多个参数中的一者或多者同该评估策略进行匹配,以确定所述业务消息在所述评估策略下的风险等级;以及融合所得到的所述业务消息在所述评估策略集中的诸评估策略下的诸风险等级来得到所述业务消息的经融合的风险等级。
The present disclosure relates to a method and system for evaluating the risk level of a business message by integrating the evaluation strategies in the evaluation strategy set. The method comprises: receiving a business message; obtaining one or more parameters associated with the business message according to the business message, wherein the one or more parameters at least include the source of the business message, the destination of the business message, and the occurrence time of the business message; for each evaluation strategy in the evaluation strategy set, matching one or more of the one or more parameters with the evaluation strategy to determine the risk level of the business message under the evaluation strategy; and integrating the risk levels of the business message under the evaluation strategies in the evaluation strategy set to obtain the integrated risk level of the business message.
Description
Technical Field
The present disclosure relates to methods and systems for fusing multiple evaluation policies to evaluate business message risk levels.
Background
In various fields of wind control, including various fields of harassment, fraud, theft and the like, a plurality of risk identification strategies exist, and the situation that a plurality of assessment strategies evaluate the same risk level generally occurs. The multiple evaluation strategies are mainly based on an unsupervised algorithm, and the risk events are identified, managed and intercepted at different angles. However, these different evaluation strategies cannot be unified, and the evaluation results thereof have no comparability and interpretability. At the same time, these assessment strategies generally require a balance between accuracy and recall such that the effect of risk identification is not good.
The present disclosure is directed to, but is not limited to, the above drawbacks of existing systems.
Disclosure of Invention
For this reason, from the point of view of statistics, in combination with the given fact information, the present disclosure proposes a method and a system for evaluating the risk level of a service message by fusing a plurality of evaluation strategies, so that different evaluation strategies are unified together, so that the risk level evaluation result is interpretable and has higher accuracy.
According to a first aspect of the present disclosure, there is provided a method of fusing evaluation policies in an evaluation policy set to evaluate risk levels of a service message, the method comprising receiving a service message, obtaining associated one or more parameters from the service message, the one or more parameters including at least a source of the service message, a destination of the service message, an occurrence time of the service message, matching one or more of the one or more parameters with each evaluation policy in the evaluation policy set for the evaluation policy to determine a risk level of the service message under the evaluation policy, and fusing the resulting risk levels of the service message under the evaluation policies in the evaluation policy set to obtain a fused risk level of the service message.
According to an embodiment, obtaining one or more parameters comprises parsing the service message to obtain one or more parameters comprised by the service message, and consulting a database based on the parsed parameters to obtain further parameters.
According to another embodiment, the service message is a telephone call message and the one or more parameters obtained include at least one of an originating telephone number, an originating time, a geographic location of an originator of the telephone call message, a called telephone number, an identity of a callee, and/or a geographic location of the telephone call.
According to yet another embodiment, the business message is a transaction message and the one or more parameters obtained include at least one of an out account, an in account, a transaction time, a transaction location, and/or a transaction amount of the transaction message, an in account owner, a geographic location of the in account, a common transaction location and/or a common transaction time of the out account, a common counterparty account of the out account.
According to a further embodiment, the method further comprises fusing risk levels under the assessment policies by a product operation: Where s is the fused risk level of the service message, p i is the risk level of the service message under the ith policy in the set of evaluation policies, and N is the number of evaluation policies in the set of evaluation policies.
According to a further embodiment, the method further comprises adjusting a default risk level of an assessment policy in the set of assessment policies using a database of established facts.
According to a further embodiment, the adjustment is made according to the following formula: Where N is the number of evaluation policies in the set of evaluation policies, m is the number of traffic messages in the given fact database, q i represents the initial default risk level for the ith evaluation policy in the set of evaluation policies, a i represents the weight coefficient for the ith evaluation policy in the set of evaluation policies, b j represents traffic messages in the given fact database, C i represents the set of traffic messages hitting the ith evaluation policy in the set of evaluation policies, and δ (b j∈Ci) is an indirection function representing a value of 1 when the given fact traffic message belongs to the set of traffic messages hitting the ith evaluation policy in the set of evaluation policies, otherwise 0.
According to a further embodiment, the method further comprises determining whether the fused risk level of the service message exceeds a predetermined threshold and, if so, issuing an alarm message.
According to a further embodiment, the method further comprises receiving feedback on the alert message, the feedback comprising whether the service message does have a risk, and using the feedback to adjust a default risk level for the assessment policies.
According to a second aspect of the present disclosure there is provided a system for merging evaluation policies in a set of evaluation policies to evaluate risk levels of a service message, the system comprising an evaluation engine and a service server, wherein the evaluation engine is configured to receive a service message, obtain associated one or more parameters from the service message, the one or more parameters including at least a source of the service message, a destination of the service message, a time of occurrence of the service message, match one or more of the one or more parameters with each evaluation policy in the set of evaluation policies to determine a risk level of the service message under the evaluation policy, merge the resulting risk levels of the service message under the evaluation policies in the set of evaluation policies to obtain a merged risk level of the service message, and forward the service message to the service server if the merged risk level does not exceed a predetermined threshold, and wherein the service server is configured to receive a service message from the evaluation engine for processing.
According to an embodiment, the system further comprises a consultation server, wherein the evaluation engine is further configured to parse the service message to obtain one or more parameters comprised by the service message, and to issue a consultation request to the consultation database based on the parsed parameters to obtain further parameters.
According to another embodiment, the assessment engine is further configured to fuse the risk levels under the assessment policies by a product operation: Where s is the fused risk level of the service message, p i is the risk level of the service message under the ith policy in the set of evaluation policies, and N is the number of evaluation policies in the set of evaluation policies.
According to a further embodiment, the assessment engine is further configured to adjust a default risk level of the assessment policies in the set of assessment policies using the database of established facts.
According to a further embodiment, the adjustment is made according to the following formula: Where N is the number of evaluation policies in the set of evaluation policies, m is the number of traffic messages in the given fact database, q i represents the initial default risk level for the ith evaluation policy in the set of evaluation policies, a i represents the weight coefficient for the ith evaluation policy in the set of evaluation policies, b j represents traffic messages in the given fact database, C i represents the set of traffic messages hitting the ith evaluation policy in the set of evaluation policies, and δ (b j∈Ci) is an indirection function representing a value of 1 when the given fact traffic message belongs to the set of traffic messages hitting the ith evaluation policy in the set of evaluation policies, otherwise 0.
According to a third aspect of the present disclosure there is provided a system for evaluating a risk level of a business message incorporating an evaluation policy of a set of evaluation policies, the system comprising a processor and a memory arranged to store computer executable instructions which, when executed, cause the processor to perform a method according to the first aspect of the present disclosure.
Aspects generally include a method, apparatus, system, computer program product, and processing system substantially as described herein with reference to and as illustrated by the accompanying drawings.
The foregoing has outlined rather broadly the features and technical advantages of examples in accordance with the present disclosure in order that the detailed description that follows may be better understood. Additional features and advantages will be described hereinafter. The disclosed concepts and specific examples may be readily utilized as a basis for modifying or designing other structures for carrying out the same purposes of the present disclosure. Such equivalent constructions do not depart from the scope of the appended claims. The features of the concepts disclosed herein, both as to their organization and method of operation, together with associated advantages, will be better understood from the following description when considered in connection with the accompanying drawings. Each of the figures is provided for the purpose of illustration and description and is not intended to limit the claims.
Drawings
So that the manner in which the above recited features of the present disclosure can be understood in detail, a more particular description of the invention, briefly summarized above, may be had by reference to aspects, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only certain typical aspects of this disclosure and are therefore not to be considered limiting of its scope, for the description may admit to other equally effective aspects. The same reference numbers in different drawings may identify the same or similar elements.
FIG. 1 is a flow chart of an exemplary method of fusing multiple evaluation policies to evaluate a business message risk level in accordance with an embodiment of the present disclosure;
FIG. 2 is a block diagram of an exemplary system that merges multiple evaluation policies to evaluate a business message risk level in accordance with an embodiment of the present disclosure;
FIG. 3 is an exemplary timing diagram for fusing multiple evaluation policies to evaluate business message risk levels in accordance with an embodiment of the disclosure, and
Fig. 4 is a schematic block diagram of another exemplary system that merges multiple evaluation policies to evaluate a business message risk level in accordance with an embodiment of the disclosure.
Detailed Description
The detailed description set forth below in connection with the appended drawings is intended as a description of various configurations and is not intended to represent the only configurations in which the concepts described herein may be practiced. The detailed description includes specific details for the purpose of providing a thorough understanding of the various concepts. It will be apparent, however, to one skilled in the art that these concepts may be practiced without these specific details.
In various fields of wind control, including various fields of harassment, fraud, theft and the like, a plurality of risk identification strategies exist, and the situation that a plurality of assessment strategies evaluate the same risk level generally occurs. The multiple evaluation strategies are mainly based on an unsupervised algorithm, and the risk events are identified, managed and intercepted at different angles.
For example, in determining whether a business message, such as a telephone call, an email, or the like, is at risk of nuisance or fraud, an evaluation strategy may be employed that 1) if the call initiated by the originator of the telephone call is typically a short time call (e.g., up to 99% of the calls ending within 10 seconds), then the business message has a probability of 80% of nuisance or fraudulent calls, i.e., the risk level of the business message is 80%, and 2) if the originator of the telephone call frequently places calls to frequent contacts, then the business message has a probability of 70% of nuisance or fraudulent calls. In these examples, 80%, 70%, etc. are the default risk levels for the respective assessment policies, which are typically given by the average level of all traffic messages.
It can be seen that the accuracy of the example assessment policies themselves described above is not easily measured (e.g., their default risk level is not entirely reliable), and there is no uniform metric between different assessment policies. Therefore, the present disclosure proposes a method and a system for evaluating a risk level of a service message by fusing a plurality of evaluation strategies, so that a unified evaluation result can be obtained, thereby improving accuracy and comparability of the evaluation result.
Referring now to FIG. 1, a flow chart of a method 100 of fusing multiple evaluation policies to evaluate a business message risk level is shown.
At block 102, the method 100 may include receiving a traffic message.
In an example of the present disclosure, the business message may be a telephone call message, a short message, a social networking message, an email, a transaction message (such as a transfer, payment), or the like. In an embodiment of the present disclosure, the received service message may be intercepted by conventional interception means (e.g., in real-time), such as by a telecommunications service provider, mail service provider, or social network service provider.
At block 104, the method 100 may include obtaining one or more parameters associated for evaluation from the service message. In an embodiment, the one or more parameters include at least a source of the service message, a destination of the service message, an occurrence time of the service message, and so on.
In an embodiment of the present disclosure, the method 100 may parse the service message to obtain one or more parameters included in the service message. For example, in the example where the service message is a telephone call, the service message may be parsed to obtain parameters of the telephone number of the originator of the telephone call, the time of origination, the geographic location of the originator of the telephone call message, the telephone number being called, and so forth. In a further embodiment, the method 100 may also then consult the various databases based on the parsed parameters associated with the business message. For example, continuing with the above example, the method 100 can consult a nuisance call database based on the originating telephone number of the resulting telephone call to determine if the telephone number has been stored in the database, or can consult a telecommunications service party database based on the called telephone number to determine identity information and/or geographic location of the callee, and so forth. All of these obtained parameters are available for evaluating the risk level of the service message.
In another example where the transaction message is a transfer transaction message, the transaction message may be parsed to obtain parameters of a transfer account, a transaction amount, a transaction time, a transaction location, and the like for the transaction. In further embodiments, the method 100 may also then consult the financial institution database to determine the owner of the account, the geographic location of the remittance account, the common transaction location and/or the common transaction time of the remittance account, the common counterparty account of the remittance account, and so forth based on the resulting remittance account, remittance account. All of these obtained parameters may also be used to evaluate the risk level of the transaction message.
Then at block 106, the method 100 may include, for each evaluation policy in the set of evaluation policies, matching one or more of the obtained one or more parameters with the evaluation policy to determine a risk level of the business message under the evaluation policy. It will be appreciated that the evaluation policy uses one or more parameters associated with the business message to make the risk determination. Thus, the matching may include first determining which parameters each evaluation policy needs to use, then finding out those parameters from the obtained parameters, and then determining whether the values of the found parameters fall within the value range specified by the evaluation policy. For example, if the value of the corresponding parameter of a business message falls within the value range of the parameter and/or combination of parameters specified by the evaluation policy, it may be determined that the business message has a risk under the evaluation policy, the risk level of which is the default risk level of the evaluation policy. It will be appreciated that the default risk level for an effective assessment strategy is both greater than 0.5 and less than 1.
For example, in the example described above for telephone calls, evaluation strategies may be used to determine a risk level for the telephone call (e.g., a fraud risk level or a harassment risk level, etc.). For example, a first evaluation policy in the set of evaluation policies may determine a harassment risk level for a current telephone call based on the historical call duration of the telephone call originator if the call initiated by the telephone call is typically a short duration call (e.g., up to 99% of the calls ended within 10 seconds), then the telephone call has a probability of 80% of being a harassment call, i.e., the risk level for the telephone call is 80%. 2) The second evaluation policy in the evaluation policy set may determine a harassment risk level for the current telephone call based on callees of the telephone call originator's historical calls, the telephone call having a 70% probability of being a harassment call if the telephone call originator frequently places calls to frequent contacts. It will be appreciated by those skilled in the art that the set of evaluation strategies may also include any other suitable evaluation strategy for evaluating the harassment risk level based on any parameter and/or combination of parameters of the telephone call. In the above example, 80%, 70%, etc. are the default risk levels for the respective assessment policies, which are typically given by the average level of all phone calls.
Continuing with the above example, if the originator of the currently received telephone call hits the first assessment policy described above, i.e., the call originated by the originator of the telephone call is indeed typically a short duration call, it may be determined that the risk level of the telephone call under the first assessment policy is 80%, otherwise, it may be determined that the risk level of the telephone call under the first assessment policy is 0%. In addition, if the originator and callee of the currently received telephone call hit the above second evaluation policy, i.e. the callee of the telephone call is an unusual contact of the originator of the telephone call and the originator of the telephone call frequently initiates such calls, it may be determined that the risk level of the telephone call under the second evaluation policy is 70%, otherwise it may be determined that the risk level of the telephone call under the second evaluation policy is 0%. Those skilled in the art will appreciate that the evaluation may be made using the appropriate parameters and/or parameter combinations of the current telephone call for other evaluation policies in the set of evaluation policies.
In another example, as described above with respect to transaction messages, evaluation policies may be used to determine a risk level (e.g., fraud risk level, theft risk level, etc.) of the transaction message. For example, a first evaluation policy in the set of evaluation policies may be based on whether the import account of the transaction message is a common transaction counter account of the export account and the transaction amount is large, the theft risk level for the transaction message is 70%, i.e., the transaction message has a probability of being theft of 70%, and 2) a second evaluation policy in the set of evaluation policies may determine the risk level for the current transaction message based on the common transaction location for the transaction message, i.e., the theft risk level for the transaction message is 60% if the transaction location for the transaction message is not the common transaction location of the export account. Those skilled in the art will appreciate that the set of evaluation policies may also include any other suitable evaluation policies for evaluating the level of risk of theft based on any parameter and/or combination of parameters of the transaction message. In the above example, 70%, 60%, etc. are the default risk levels for the respective assessment policies, which are typically given by the average level of all transaction messages.
Continuing with the above example, if the current received import account and amount of the transaction message hit the first assessment policy described above, i.e., the import account of the transaction message is not the usual counter-transaction account of the export account and the transaction amount is large, it may be determined that the theft risk level of the transaction message under the first assessment policy is 70%, otherwise, it may be determined that the risk level of the transaction message under the first assessment policy is 0%. In addition, if the transaction location (i.e., the breakout location) of the currently received transaction message hits the second evaluation policy described above, i.e., the breakout location of the transaction message is not the common breakout location of the breakout account, it may be determined that the theft risk level for the transaction message under the second evaluation policy is 60%, otherwise it may be determined that the theft risk level for the transaction message under the second evaluation policy is 0%. In yet another embodiment, as a further evaluation strategy, for a remittance account location, the transaction time of a transaction message is 2 a.m. and not the usual transaction time of the account, then the transaction message has a risk of theft, e.g. the risk level may typically be 90%. Furthermore, in another embodiment, as another evaluation policy, the age of the remittance account owner (e.g., over 60 years old) may be considered to be at high risk of fraud, theft.
Those skilled in the art will appreciate that any suitable parameter and/or combination of parameters of the current transaction message may be used to make the evaluation for other evaluation policies in the set of evaluation policies. For example, parameters such as the number of transaction accounts owned by the money-in account owner, the location of the transaction, the amount of the transaction, the frequency of the transaction, the address of the transaction in common, the time at which the transaction occurred, etc., may be used to assess the risk level of the transaction message.
At block 108, the method 100 may include fusing the risk levels of the resulting business message under the evaluation policies of the set of evaluation policies to obtain a fused risk level of the business message.
In one embodiment, the risk levels under the assessment policies may be fused by a product operation as follows:
Where s is the fused risk level of the service message, p i is the risk level of the service message under the ith policy in the set of evaluation policies, and N is the number of evaluation policies in the set of evaluation policies. It follows that the resulting fused risk level unifies all of the assessment policies in the set of assessment policies together, making them more accurate, with comparability and interpretability between the results. In addition, the above method for calculating the fused risk level can save the calculation capability and can calculate the fused risk level more quickly, for example, the fused risk level can be calculated by directly adding in a logarithmic domain, thereby enabling quick calculation s and being more suitable for real-time risk monitoring.
However, it will be appreciated by those skilled in the art that the risk levels under the assessment policies may also be fused in any other suitable manner, such as by weighted averaging of the risk levels of the assessment policies, and so forth.
It will be appreciated that existing evaluation strategies require a large number of positive and negative samples to train and that the trained evaluation strategy can then be applied. In another preferred embodiment of the present disclosure, however, the method 100 may further include using the database of established facts to adjust a default risk level for an assessment policy in the set of assessment policies. In this embodiment, the business messages included in the given facts database are determined facts, i.e. the business messages have either a 100% risk or a 0% risk. In this embodiment, the method 100 may include determining whether a business message in a given facts database hits an evaluation policy in a set of evaluation policies (i.e., the evaluation policy determines that the business message is at risk), and adjusting a default risk level for the evaluation policy based on this determination. Thus, even with only a small number of service messages in a given facts database, the evaluation strategies can be improved very well, eliminating the need for a large number of positive and negative service message samples to train.
For example, if a business message with a risk level of 100% in a given facts database is determined to be at risk by an evaluation policy, it is indicated that the evaluation policy correctly determines the business message with risk, so that the default risk level of the evaluation policy may be raised. Conversely, if a business message with a risk level of 0% in a given facts database is determined to be at risk by an evaluation policy, it is indicated that the evaluation policy does not properly determine the business message, so that the default risk level of the evaluation policy may be reduced. In this embodiment, it will be appreciated that the increase in the default risk level of an assessment policy should not be such that the default risk level of the assessment policy is greater than 1, i.e., 100%. In addition, if the default risk level of an assessment policy decreases such that it is below 50%, the assessment policy proves to be inefficient or even ineffective, and thus in this case, the assessment policy may be removed from the set of assessment policies.
In yet another embodiment of the present disclosure, the default risk level of the assessment policy may be adjusted as follows:
Where N is the number of evaluation policies in the set of evaluation policies and m is the number of business messages in the given facts database;
q i represents the initial default risk level for the ith evaluation policy in the set of evaluation policies;
alpha i represents the weight coefficient of the ith evaluation policy in the set of evaluation policies;
b j represents a business message in a given facts database;
C i represents a set of traffic messages hitting the ith evaluation policy in the set of evaluation policies, and
Delta (b j∈Ci) is an indirection function that represents a value of 1 when a given fact service message belongs to the set of service messages hitting the ith evaluation policy in the set of evaluation policies, otherwise 0.
In yet another embodiment of the present disclosure, the method 100 may also optionally include determining whether the fused risk level of the business message exceeds a predetermined threshold (e.g., 95%,99%, etc.) at block 110. And if the fused risk level exceeds a predetermined threshold, an alert message may be issued to notify a potentially compromised user, system administrator, and/or other supervisor to process the business message. In further embodiments, the method 100 may further include preventing further processing of the service message in addition to or in lieu of the alert message. For example, if the business message is a transfer transaction, the transfer may be blocked from being completed and the corresponding sender and associated financial institution, etc. notified.
Continuing with the example, the method 100 may also optionally include receiving user feedback for an alert message at block 112. For example, after receiving an alert message, the user may determine that the service message is indeed risky and feed back this determination. After receiving this feedback, the method 100 may adjust the default risk level of the assessment policies with the business message as the established facts (i.e., 100% risk level), such as described above in connection with the established facts database.
Fig. 2 illustrates a block diagram of an exemplary system 200 that fuses multiple evaluation policies to evaluate business message risk levels, according to an embodiment of the disclosure.
As shown, the system 200 can include one or more user terminals 202, an evaluation engine 204, a business server 206, and a consultation database 208, all interconnected by a communication infrastructure, such as the Internet 210.
In one embodiment, a user may use his user terminal 202 to send out a service message for processing by the service server 206. The evaluation engine 204 may receive (e.g., intercept) the business message and evaluate the risk level of the business message, for example using the method 100 described with reference to fig. 1. If the risk level of the service message does not exceed the predetermined threshold, the evaluation engine 204 may forward the service message to the service server 206 for further processing, otherwise, if the risk level of the service message exceeds the predetermined threshold, the evaluation engine 204 may issue an alarm message and/or notify the service server 206 to cease processing the service message.
Those skilled in the art will appreciate that there may be multiple user terminals, such as shown by ellipses 203 in fig. 2. Furthermore, although the evaluation engine 204, business server 206, and consultation database 208 are shown separately in FIG. 2, this is merely a logical division, and thus any two or all of them may be located together. For example, the business server 206 may include an evaluation engine 204.
An exemplary timing diagram 300 for fusing multiple assessment policies to assess business message risk levels in accordance with an embodiment of the present disclosure is described below in conjunction with fig. 3 and with reference to fig. 2.
As shown, a user may use a user terminal 301 (e.g., user terminal 202 of fig. 2) to issue a service message. Such as a user may use his smartphone to place a telephone call, an application on the smartphone and/or ATM machine to place a transfer request, etc.
The evaluation engine 303 (e.g., evaluation engine 204 of fig. 2) may receive the traffic message from the user terminal 301 and parse the traffic message to obtain the associated one or more parameters, as shown in fig. 3. In one embodiment, the assessment engine 303 can also issue a consultation request to the consultation database 307 to obtain further parameters related to the business message. For example, in an example where the service message is a telephone call, the evaluation engine 303 may parse the service message to obtain parameters of an originator telephone number, an initiation time, a called telephone number, and so forth of the telephone call. The evaluation engine 303 may also then consult a nuisance call database based on the originating telephone number of the resulting telephone call to determine if the telephone number has been stored in the database, or may consult a telecommunications service party database based on the called telephone number to determine identity information of the callee, and so on. In another example where the business message is a transfer transaction message, the evaluation engine 303 may parse the business message to obtain parameters of the transaction such as an outgoing account, an incoming account, a transaction amount, and the like. The assessment engine 303 may also then consult the financial institution database based on the resulting remittance account, to determine the owner of the account, and so on.
The advisory database 307 may then communicate the response to the advisory request (including the parameters requested by the advisory request) back to the assessment engine 303.
The evaluation engine 303 may then determine the risk level of the traffic message, which may be made, for example, according to the method 100 described with reference to fig. 1.
Thereafter, the evaluation engine 303 may determine if the risk level of the business message exceeds a predetermined threshold. If it is determined that the risk level exceeds a predetermined threshold, an alarm is raised and/or processing of the business message is aborted. For example, the evaluation engine 303 may alert the service server 305, or alert a user of the user terminal 301, a device of a regulatory agency (not shown in fig. 3), or the like. Further, suspending processing of the business message may include the assessment engine 303 informing the business server 305 of the assessment result of the risk level such that the business server 305 no longer processes the business message. In a further embodiment, the service server 305 may also inform the user terminal 301 of the decision and reason that the service message is no longer processed, thereby enabling the user to get an alert.
Conversely, if the risk level does not exceed the predetermined threshold, the assessment engine 303 may forward the business message to the business server 305 for processing. The service server 305 may continue to process the service message and transmit the processing result back to the user terminal 301.
Fig. 4 is a schematic block diagram of another exemplary system 400 that merges multiple evaluation policies to evaluate a business message risk level in accordance with an embodiment of the present disclosure. As shown, system 400 includes a processor 405 and a memory 410. Memory 410 stores computer-executable instructions executable by processor 405 to implement the corresponding methods and processes described above in connection with fig. 1-3.
The above detailed description includes references to the accompanying drawings, which form a part of the detailed description. The drawings illustrate specific embodiments that can be practiced by way of illustration. These embodiments are also referred to herein as "examples". Such examples may include elements other than those shown or described. However, examples including the elements shown or described are also contemplated. Moreover, it is also contemplated that examples using any combination or permutation of those elements shown or described, or with reference to specific examples (or one or more aspects thereof) shown or described herein, or with reference to other examples (or one or more aspects thereof) shown or described herein.
In the appended claims, the terms "including" and "comprising" are open-ended, i.e., a system, apparatus, article, or process of claim that is defined to be within the scope of the claim, except for those elements recited after such term. Furthermore, in the appended claims, the terms "first," "second," and "third," etc. are used merely as labels, and are not intended to indicate the numerical order of their objects.
In addition, the order of the operations illustrated in the present specification is exemplary. In alternative embodiments, the operations may be performed in a different order than shown in the figures, and the operations may be combined into a single operation or split into more operations.
The above description is intended to be illustrative, and not restrictive. For example, the examples described above (or one or more aspects thereof) may be used in connection with other embodiments. Other embodiments may be used, such as by one of ordinary skill in the art after reviewing the above description. The abstract allows the reader to quickly ascertain the nature of the technical disclosure. This Abstract is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. Furthermore, in the above detailed description, various features may be grouped together to streamline the disclosure. However, the claims may not state every feature disclosed herein, as embodiments may characterize a subset of the features. Further, embodiments may include fewer features than are disclosed in the specific examples. Thus the following claims are hereby incorporated into the detailed description, with one claim standing on its own as a separate embodiment. The scope of the embodiments disclosed herein should be determined with reference to the appended claims, along with the full range of equivalents to which such claims are entitled.
Claims (9)
1. A method of fusing evaluation policies in a set of evaluation policies to evaluate a risk level of a business message, the method comprising:
Receiving a service message;
Acquiring one or more parameters according to the service message, wherein the one or more parameters at least comprise a source of the service message, a destination of the service message and occurrence time of the service message;
For each evaluation policy in the set of evaluation policies, matching one or more of the one or more parameters with the evaluation policy to determine a risk level of the business message under the evaluation policy, and
Fusing the risk levels of the service message under the evaluation policies in the set of evaluation policies to obtain a fused risk level of the service message, including fusing the risk levels under the evaluation policies by a product operation:
Where s is the fused risk level of the service message, p i is the risk level of the service message under the ith policy in the set of evaluation policies, N is the number of evaluation policies in the set of evaluation policies,
The method further includes adjusting a default risk level of an assessment policy in the set of assessment policies using a database of established facts, wherein the adjustment is made according to the following formula:
Where N is the number of evaluation policies in the set of evaluation policies and m is the number of business messages in the given facts database;
q i represents the initial default risk level for the ith evaluation policy in the set of evaluation policies;
alpha i represents the weight coefficient of the ith evaluation policy in the set of evaluation policies;
b j represents a business message in a given facts database;
C i represents a set of traffic messages hitting the ith evaluation policy in the set of evaluation policies, and
Delta (b j∈Ci) is an indirection function that represents a value of 1 when a given fact service message belongs to the set of service messages hitting the ith evaluation policy in the set of evaluation policies, otherwise 0.
2. The method of claim 1, wherein obtaining one or more parameters comprises parsing the service message to obtain one or more parameters included in the service message, and consulting a database based on the parsed parameters to obtain further parameters.
3. The method of claim 2, wherein the service message is a telephone call message and the one or more parameters obtained include at least one of an originating telephone number of a telephone call, an originating time, a geographic location of an originator of the telephone call message, a called telephone number, an identity of a callee, and/or a geographic location.
4. The method of claim 2, wherein the business message is a transaction message and the one or more parameters obtained include at least one of an out account, an in account, a transaction time, a transaction location, and/or a transaction amount of the transaction message, an in account owner, a geographic location of the in account, a common transaction location and/or a common transaction time of the out account, a common counterparty account of the out account.
5. The method of claim 1, further comprising determining whether the fused risk level of the business message exceeds a predetermined threshold, and if so, issuing an alert message.
6. The method of claim 5, further comprising receiving feedback on the alert message, the feedback including whether the traffic message does have a risk, and using the feedback to adjust default risk levels for evaluation strategies.
7. A system for evaluating a risk level of a business message by fusing evaluation policies in a set of evaluation policies, the system comprising:
An evaluation engine, and
The service server is provided with a service server,
Wherein the evaluation engine is configured to:
Receiving a service message;
Acquiring one or more parameters according to the service message, wherein the one or more parameters at least comprise a source of the service message, a destination of the service message and occurrence time of the service message;
for each evaluation policy in the set of evaluation policies, matching one or more of the one or more parameters with the evaluation policy to determine a risk level of the business message under the evaluation policy;
fusing the risk levels of the service message under the evaluation policies in the evaluation policy set to obtain a fused risk level of the service message, and
Forwarding the service message to a service server if the fused risk level does not exceed a predetermined threshold;
and wherein the traffic server is configured to receive traffic messages forwarded from the assessment engine for processing,
Wherein the assessment engine is further configured to fuse risk levels under the assessment policies by a product operation:
Where s is the fused risk level of the service message, p i is the risk level of the service message under the ith policy in the set of evaluation policies, N is the number of evaluation policies in the set of evaluation policies,
And wherein the assessment engine is further configured to adjust a default risk level of an assessment policy in the set of assessment policies using a database of established facts, wherein the adjustment is made as follows:
Where N is the number of evaluation policies in the set of evaluation policies and m is the number of business messages in the given facts database;
q i represents the initial default risk level for the ith evaluation policy in the set of evaluation policies;
alpha i represents the weight coefficient of the ith evaluation policy in the set of evaluation policies;
b j represents a business message in a given facts database;
C i represents a set of traffic messages hitting the ith evaluation policy in the set of evaluation policies, and
Delta (b j∈Ci) is an indirection function that represents a value of 1 when a given fact service message belongs to the set of service messages hitting the ith evaluation policy in the set of evaluation policies, otherwise 0.
8. The system of claim 7, further comprising a consultation server, wherein the assessment engine is further configured to parse the business message to obtain one or more parameters included in the business message, and issue a consultation request to a consultation database based on the parsed parameters to obtain further parameters.
9. A system for evaluating a risk level of a business message by fusing evaluation policies in a set of evaluation policies, the system comprising:
Processor, and
A memory arranged to store computer executable instructions which, when executed, cause the processor to perform the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011399585.0A CN114580815B (en) | 2020-12-02 | 2020-12-02 | Method and system for evaluating business message risk level by integrating multiple evaluation strategies |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011399585.0A CN114580815B (en) | 2020-12-02 | 2020-12-02 | Method and system for evaluating business message risk level by integrating multiple evaluation strategies |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114580815A CN114580815A (en) | 2022-06-03 |
| CN114580815B true CN114580815B (en) | 2025-07-11 |
Family
ID=81769910
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011399585.0A Active CN114580815B (en) | 2020-12-02 | 2020-12-02 | Method and system for evaluating business message risk level by integrating multiple evaluation strategies |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114580815B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107067157A (en) * | 2017-03-01 | 2017-08-18 | 北京奇艺世纪科技有限公司 | Business risk appraisal procedure, device and air control system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7764231B1 (en) * | 1996-09-09 | 2010-07-27 | Tracbeam Llc | Wireless location using multiple mobile station location techniques |
| CN107392755A (en) * | 2017-07-07 | 2017-11-24 | 南京甄视智能科技有限公司 | Credit risk merges appraisal procedure and system |
| CN109782354B (en) * | 2019-02-27 | 2020-09-01 | 西安石油大学 | Cooperative Differential Evolution Algorithm Based on Direction Guidance and Its Application in Ray Tracing |
| CN110400219B (en) * | 2019-06-14 | 2024-05-17 | 创新先进技术有限公司 | Service processing method and system, and transaction monitoring method and system |
-
2020
- 2020-12-02 CN CN202011399585.0A patent/CN114580815B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107067157A (en) * | 2017-03-01 | 2017-08-18 | 北京奇艺世纪科技有限公司 | Business risk appraisal procedure, device and air control system |
Non-Patent Citations (1)
| Title |
|---|
| 基于模糊层次分析法的产品创新风险评估模型;段秉乾等;《同济大学学报(自然科学版)》;20080731;第36卷(第7期);第1002-1005页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114580815A (en) | 2022-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11314789B2 (en) | System and method for improved anomaly detection using relationship graphs | |
| US8238532B1 (en) | Method of and system for discovering and reporting trustworthiness and credibility of calling party number information | |
| US20200236222A1 (en) | Method and system for preventing illicit use of a telephony platform | |
| US8983047B2 (en) | Index of suspicion determination for communications request | |
| US9361605B2 (en) | System and method for filtering spam messages based on user reputation | |
| US20150106265A1 (en) | System and methods for processing a communication number for fraud prevention | |
| CN112836218B (en) | Risk identification method, device and electronic equipment | |
| JP5547289B2 (en) | Method and apparatus for detecting fraud in a telecommunications network | |
| US20170230323A1 (en) | Detection of business email compromise | |
| US7895154B2 (en) | Communication reputation | |
| US20230209351A1 (en) | Assessing risk of fraud associated with user unique identifier using telecommunications data | |
| US9191351B2 (en) | Real-time fraudulent traffic security for telecommunication systems | |
| CN109802915B (en) | Telecommunication fraud detection processing method and device | |
| CN103763152A (en) | Method and system for multi-dimensionally monitoring telecommunication fraudulent conduct | |
| CN108259680B (en) | Fraud phone identification method, device and server for fraudulent phone identification | |
| CN110113748B (en) | Method and device for monitoring harassing calls | |
| CN115564449A (en) | Risk control method and device for transaction account and electronic equipment | |
| KR20150057338A (en) | System for monitoring phishing attack and preventing method | |
| KR102200253B1 (en) | System and method for detecting fraud usage of message | |
| CN108810290B (en) | Method and system for identifying fraudulent calls | |
| CN114580815B (en) | Method and system for evaluating business message risk level by integrating multiple evaluation strategies | |
| EP4193630B1 (en) | A sim fraud detection method and apparatus | |
| US20230232223A1 (en) | Automated message routing changes based on completion rate | |
| US20250254238A1 (en) | Methods and apparatus for call traffic anomaly mitigation | |
| CN111405107B (en) | Call control method, device, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310000 Zhejiang Province, Hangzhou City, Xihu District, Xixi Road 543-569 (continuous odd numbers) Building 1, Building 2, 5th Floor, Room 518 Patentee after: Alipay (Hangzhou) Digital Service Technology Co.,Ltd. Country or region after: China Address before: 801-11, Section B, 8th floor, No. 556, Xixi Road, Xihu District, Hangzhou City, Zhejiang Province, 310023 Patentee before: Alipay (Hangzhou) Information Technology Co., Ltd. Country or region before: China |