CN110363449B

CN110363449B - Risk identification method, device and system

Info

Publication number: CN110363449B
Application number: CN201910674900.7A
Authority: CN
Inventors: 张梦迪; 贾玉红; 郑凡奇; 熊俊杰
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2019-07-25
Filing date: 2019-07-25
Publication date: 2022-04-15
Anticipated expiration: 2039-07-25
Also published as: CN110363449A

Abstract

The invention provides a risk identification method, a risk identification device and a risk identification system. And performing risk identification by using a risk identification model according to the risk grade of the event and other attributes in the risk identification map, and determining a risk factor of the target to be identified in the risk identification map. The event graph and the knowledge graph are combined, the important role of event conduction in enterprise risk identification is fully considered, a new thought is provided for enterprise risk identification, and the accuracy of enterprise risk identification results is improved.

Description

Risk identification method, device and system

Technical Field

The invention relates to the technical field of computers, in particular to a risk identification method, device and system.

Background

With the development of the big data era, extracting valuable information from mass data becomes a key point of research. Through the analysis of mass data, risk identification is carried out on users or enterprises, such as: the enterprise risk identification result can be used as the most indispensable part for evaluating the credit of the enterprise client in the credit business of banks or other financial institutions.

The knowledge graph can be applied to data analysis, but most of the knowledge graphs of the current financial enterprise risk identification ground are statically integrated based on the existing knowledge, and the static integration means that most of the existing knowledge graphs store conceptual static knowledge. The risk of individuals or enterprises is evaluated by using the knowledge graph, and the accuracy of the evaluation result can be influenced. How to improve the accuracy of enterprise risk identification is a technical problem to be solved urgently in the field.

Disclosure of Invention

The embodiment of the invention provides a risk identification method and device, which improve the accuracy of a risk identification result.

In one aspect, a risk identification method is provided, including:

acquiring a risk identification map, wherein the risk identification map comprises a case map and a knowledge map which are mutually associated;

clustering and risk grade dividing are carried out on the events in the risk identification map, and events of different classes and risk grades corresponding to the events of different classes are obtained;

storing the risk rating as an attribute of the corresponding event in the risk identification profile;

converting the risk identification map into a risk identification map vector by using a map embedding algorithm;

and inputting the risk identification map vector into a risk identification model to obtain a risk factor of the target to be identified in the risk identification map.

In another aspect, a risk identification apparatus is provided, including:

the risk identification map comprises a case map and a knowledge map which are mutually associated;

the event grade determining unit is used for clustering and grading the risk of the events in the risk identification map to obtain different types of events and risk grades corresponding to the different types of events;

an event attribute storage unit, configured to store the risk level as an attribute of a corresponding event in the risk identification map;

a graph embedding unit for converting the risk identification graph into a risk identification graph vector using a graph embedding algorithm;

and the risk identification unit is used for inputting the risk identification map vector into a risk identification model to obtain a risk factor of the target to be identified in the risk identification map.

In a further aspect, a risk identification data processing device is provided, comprising a processor and a memory for storing processor-executable instructions, which when executed by the processor implement the risk identification method in the above embodiments.

In yet another aspect, a computer-readable storage medium is provided, having stored thereon computer instructions that, when executed, implement the risk identification method in the above embodiments.

In yet another aspect, a risk identification system is provided, comprising:

the map complementing unit is used for complementing the missing event relation and the confidence coefficient of the missing event relation in the risk identification map stored in the map storage unit;

the event risk grade dividing unit is used for clustering the events in the risk identification map supplemented by the map complementing unit and determining the risk grade of the clustered events;

the risk factor generating unit is used for identifying the risk level of the event, the edge and the event in the map and the confidence coefficient of the event relation based on the risk supplemented by the map complementing unit, and determining the risk factor of the target to be identified;

and the knowledge query unit is used for querying the event conduction relationship of the target to be identified in the risk identification map and determining the risk cause of the target to be identified.

The embodiment of the invention provides a risk identification method, a risk identification device, processing equipment, a computer storage medium and a risk identification system. And performing risk identification by using a risk identification model according to the risk grade of the event and other attributes in the risk identification map, and determining a risk factor of the target to be identified in the risk identification map. The event graph and the knowledge graph are combined, the important role of event conduction in enterprise risk identification is fully considered, a new thought is provided for enterprise risk identification, and the accuracy of enterprise risk identification results is improved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:

FIG. 1 is a schematic flow chart diagram of a risk identification method in one embodiment of the present description;

FIG. 2 is a schematic diagram of the structure of a risk identification map in one embodiment of the present description;

FIG. 3 is a schematic flow chart of a risk identification method in another embodiment of the present disclosure;

fig. 4 is a schematic structural diagram of a risk identification system provided in an embodiment of the present specification;

FIG. 5 is a schematic structural diagram of a risk factor generation unit in one embodiment of the present specification;

FIG. 6 is a schematic structural diagram of a risk identification device in one embodiment of the present disclosure;

fig. 7 is a block diagram of a hardware configuration of a risk identification server in an embodiment of the present specification.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the following embodiments and accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.

With the development of the big data era, risk assessment can be performed on individuals or enterprises through big data analysis, and development of subsequent business is decided based on assessment results.

Some embodiments of the present disclosure provide a risk identification method, which combines a knowledge graph and a case graph to obtain a risk identification graph, performs cluster analysis on events in the risk identification graph, and determines risk levels of the clustered events of each category. And performing risk identification by using a risk identification model according to the risk grade of the event and other attributes in the risk identification map, and determining a risk factor of the target to be identified in the risk identification map. The important role of event conduction in enterprise risk identification is fully considered, and the influence of the possibly occurring events is comprehensively considered, so that a new idea is provided for enterprise risk identification, and the accuracy of an enterprise risk identification result is improved.

The risk identification method in the specification can be applied to a client or a server, and the client can be an electronic device such as a smart phone, a tablet computer, a smart wearable device (a smart watch, virtual reality glasses, a virtual reality helmet and the like), a smart vehicle-mounted device and the like.

Specifically, fig. 1 is a schematic flow chart of a risk identification method in an embodiment of the present specification, and as shown in fig. 1, the risk identification method provided in an embodiment of the present specification may include the following steps:

102, acquiring a risk identification map, wherein the risk identification map comprises a case map and a knowledge map which are mutually associated.

The risk identification method in the embodiment of the present specification may be applied to a scenario of performing risk identification on an enterprise, such as: in the enterprise credit business, the financial institution can determine whether to cooperate with the enterprise by carrying out risk identification on the enterprise.

In a specific implementation process, the acquired risk identification map may be a map corresponding to an enterprise to be identified, such as: the event map containing basic information such as enterprise high management relation, loan information, investment information and the like and event relation such as enterprise listing, stock price rising and the like can be obtained. In addition, the risk identification graph in the embodiments of the present specification may include a case graph and a knowledge graph, wherein the case graph and the knowledge graph are associated with each other. The knowledge graph is generally statically integrated based on the existing knowledge, and the event graph takes the relationship between events as an entity and an edge, describes the evolution rule between the events, and embodies the dynamic association between the events.

In the embodiment of the specification, a static knowledge graph of an object to be identified, namely an enterprise to be identified, can be obtained from a database, then a case graph of the enterprise to be identified is obtained, and the knowledge graph and the case graph are associated through the relationship between the enterprise and an event to obtain a risk identification graph.

Fig. 2 is a schematic structural diagram of a risk identification graph in an embodiment of the present specification, as shown in fig. 2, the upper half of the graph is a case graph, which may be referred to as a triple, taking as an example the relationship "high-management rumour-83% -profit drop-off", which may be interpreted as a confidence that "high-management rumour" causes "profit drop-off" of 83%. The lower half of fig. 2 is a knowledge graph, the knowledge graph is associated with a case graph through "enterprise a — profit glide", and two sides of "stock keeping" and "top management" of enterprise a exemplarily show static data stored in the knowledge graph.

And 104, clustering and risk grade dividing the events in the risk identification map to obtain different types of events and risk grades corresponding to the different types of events.

In a specific implementation process, clustering analysis can be performed on the events in the knowledge graph by using a clustering algorithm, the events in the risk identification graph are divided into different categories, and the risk levels of the events in the different categories are determined. The Clustering Algorithm may be selected from common machine learning algorithms including but not limited to EM (Expectation Maximization Algorithm), DBSCAN (Density-Based Clustering with Noise) and K-Means (distance-Based Clustering Algorithm) Clustering. After the events in the risk identification map are clustered, the risk grade division can be carried out on each type of event according to the clustering result by utilizing expert rules. Such as: the risk level can be preset to be 0-10, and the risk level corresponding to each category of clustered events is determined through business expert analysis or preset risk level rules and other modes.

In some embodiments of the present description, K-Means clustering may be used, which is relatively efficient, with the input being the vectorized event words and the expected number of categories, and the output being the categories and events included in each category. Vectorization refers to mapping the events of the text class to a vectorized mathematical space through a model for cluster model training. Commonly used word vectorization methods include, but are not limited to, bag of words models, word2vec, n-grams (chinese language models), and the like.

And 106, storing the risk grade as the attribute of the corresponding event in the risk identification map.

In a specific implementation process, the determined risk level of the event can be used as an attribute of the event and stored in a risk identification map as one of the characteristics of the subsequent enterprise risk identification. Event attributes refer to the inherent attributes of the event itself, as shown in FIG. 2 for the event "high-volume rumour," with the "risk level" attribute relating only to the event itself.

And step 108, converting the risk identification map into a risk identification map vector by using a map embedding algorithm.

In a specific implementation process, the risk identification map, including the event, the risk level of the event, degree information, etc., may be generated into a risk identification map vector using a map embedding algorithm. The graph embedding algorithm includes, but is not limited to, existing frameworks such as transition embedding, LINE (Large-scale information network embedding), node2vec (a feature learning optimization algorithm based on neighbor retention), and the like.

The Graph embedding algorithm used in some embodiments of the present description may be a GNN (Graph Neural Network algorithm), an input of the GNN algorithm may be a whole heterogeneous Graph, that is, a risk identification Graph, the heterogeneous Graph includes information of all entities, relationships, entity attributes, that is, risk levels, edge attributes, that is, confidence degrees, and the like, and is output as an embedded vector of each enterprise entity. By utilizing the GNN algorithm, the risk identification map can be quickly and accurately converted into the risk identification map vector, and a data base is laid for subsequent risk identification.

And 110, inputting the risk identification map vector into a risk identification model to obtain a risk factor of the target to be identified in the risk identification map.

In a specific implementation process, the risk identification model can be constructed by using historical data in advance, such as: and (3) marking the enterprises with the failure in production in a mode of marking 1 and marking other enterprises with 0 by using the known information of whether the enterprises are closed due to failure in production as sample data, and performing model training by using the marked sample data to construct a risk identification model. The specific form and the training method of the risk identification model can be selected according to actual needs, such as: the risk identification model may select a classification algorithm, such as: logistic regression, CNN (Convolutional Neural Network), RNN (Recurrent Neural Network), and the like, and embodiments of the present specification are not particularly limited.

In some embodiments of the present description, the risk identification model is a convolutional neural network model CNN (a machine learning model), and the last layer of the convolutional neural network model may be a normalized exponential function softmax. The last layer of the CNN model selects a softmax function to obtain the probability of the categories 0 and 1 of the vectors of the enterprises to be identified in the target to be identified, namely the risk identification map. When the model is trained, the labeling information of a known enterprise and the vector generated by converting a known map are input, and the parameters of the model are obtained through the CNN model training. During prediction, a vector generated by the new risk identification map is put into the CNN model to obtain probability values of the enterprise in two categories of 0 and 1. When the probability value of the 1 category is larger than the threshold value, the enterprise is used as a to-be-checked enterprise whether the credit department is put on credit or not. Such as: the risk factors of the enterprises to be identified, namely the targets to be identified, in the risk identification map can be obtained, the risk factors can represent the probability of risk existence or the probability of risk nonexistence of the targets to be identified, the degree of risk existence of the targets to be identified can be determined according to the probability score output by the risk identification model, and a data basis is provided for whether follow-up cooperation is carried out or not.

Some embodiments of the present disclosure provide a risk identification method, which combines a knowledge graph and a case graph to obtain a risk identification graph, performs cluster analysis on events in the risk identification graph, and determines risk levels of the clustered events of each category. And performing risk identification by using a risk identification model according to the risk grade of the event and other attributes in the risk identification map, and determining a risk factor of the target to be identified in the risk identification map. The event graph and the knowledge graph are combined, the important role of event conduction in enterprise risk identification is fully considered, a new thought is provided for enterprise risk identification, and the accuracy of enterprise risk identification results is improved.

Fig. 3 is a schematic flow chart of a risk identification method in another embodiment of the present specification, and as shown in fig. 3, on the basis of the above embodiment, in some embodiments of the present specification, the method further includes:

and after the risk identification map is obtained, performing edge relation completion on the events and/or entities in the risk identification map by using a probability soft logic model.

In a specific implementation process, as shown in fig. 3, after the risk identification map is obtained, the risk identification map may be subjected to edge relation completion by using a Probabilistic soft logic model (PSL). Probabilistic soft logic may represent a machine learning framework for developing probabilistic models that can operate through fast optimization using simple logical grammars to define the model. The PSL model can be used for filling in missing parts in the triad of the risk identification atlas, so that the atlas becomes more complete. The graph edge completion in the embodiment of the present disclosure may also be understood as a prediction of a relationship between events, and of course, the graph completion algorithm may also include transit, PRA (Path ranking algorithms), and the like. The PSL (probabilistic soft logic model) used in some embodiments of the present specification needs to predefine some known rules, such as "enterprise a" holds stock "enterprise B", enterprise a "profit slide down", enterprise B "profit slide down", etc., and predicts the relationship between various events and/or entities based on these rules, and supplements an edge between events without relationship in the original data. Where an entity may represent a business in a risk identification graph.

Event cluster analysis and event grade division can be carried out on the completed risk identification map, and then the grades of various events are stored in the completed risk identification map as the attributes of the events. And then carrying out vector conversion and risk identification on the completed risk identification map.

In the embodiment of the specification, the risk identification map is subjected to edge relation completion by using the PSL model, so that the risk identification map is richer, and a data base is laid for subsequent risk identification.

In some embodiments of the present specification, the performing edge relationship completion on the event and/or entity in the risk identification graph by using a probabilistic soft logic model includes:

determining relationships between events and/or entities in the risk identification graph and confidence degrees corresponding to the relationships using a probabilistic soft logic model;

and taking the relation as an edge of the risk identification map, and taking the confidence degree as the confidence degree of the edge, and adding the confidence degree into the risk identification map.

In particular implementations, relationships between various events or entities in the risk identification profile and the confidence with which the relationships exist may be determined using PSL model prediction. And taking the relationship between the events and/or the entities as the edge between the events and/or the entities, and taking the confidence coefficient of the relationship as the confidence coefficient of the edge. The output of the PSL model is the generated edges and the confidence of the edges. For example: referring to the description of the above embodiment, the PSL model is preset with some rules based on which: the enterprise A controls the stock and the enterprise B, the enterprise A has a profit glide, and a triple of enterprise B-67% -profit glide can be completed through the PSL model. As shown in fig. 2, the numerical value of the edge between the events in fig. 2 may represent the confidence of the edge correspondence, and the arrow direction of the edge between the events in fig. 2 may represent the conduction direction of the event.

The embodiment of the specification predicts the relationship between the events and the entities in the risk identification map by using the PSL model, completes the map-edge relationship, enriches the risk identification map, comprehensively considers the influence of the possible events on enterprise risk identification, and lays a data foundation for subsequent risk identification.

On the basis of the above embodiments, in some embodiments of the present specification, the method further includes:

and if the risk factor of the target to be identified is larger than a risk threshold value, inquiring the event conduction relation of the target to be identified by using the risk identification map, and determining the risk cause of the target to be identified.

In a specific implementation process, the package graph database may provide a query interface, and the risk identification graph may be queried using a query language provided by graph data, such as Gremlin, Cypher, and the like. In the embodiment of the present specification, a user may query enterprise information of interest in a risk identification map, for example: the user may further query for businesses in the risk identification that have a risk factor greater than a risk threshold. Such as: the conducting path can be inquired through the enterprise name, if the risk factor of the enterprise A in the risk identification result is 0.8 and is larger than the risk threshold value of 0.5, the user can explore the event conducting relationship path of the enterprise A in the risk identification map, and therefore the cause of the risk factor obtained by the enterprise A can be better known. The accuracy of the risk identification result can be further confirmed according to the query result.

In the embodiment of the specification, the designated target to be identified is queried in the risk identification map, and the conduction relation of the event related to the target to be identified is queried, so that the risk cause of the target to be identified is determined, and the accuracy of the risk identification result is further confirmed.

The risk identification process in the embodiment of the present specification is specifically described below with reference to fig. 3:

step 1: and acquiring the existing map.

The embodiment of the specification can acquire a affair map containing basic information such as enterprise high management relation, loan information, investment information and the like and event relation such as events of enterprise listing, stock price rising and the like, and the affair map and the knowledge map are fused to form a risk identification map.

Step 2: the map border relationship is complete.

The existing atlas in step 1 may be atlas edge completed using PSL soft probability logic. For a specific completion method, reference may be made to the descriptions of the above embodiments, which are not described herein again.

And step 3: and (5) event clustering.

And (3) clustering all events in the complemented graph in the step (2) by using a K-means algorithm to obtain a clustering result.

And 4, step 4: event risk classification.

The business expert may be asked to perform a risk-equivalent definition on the event categories generated in step 3, e.g., the risk level may be defined as an integer within 1 to 10. Or setting a risk level determination rule in advance, and determining the risk level of each type of event based on the rule.

And 5: and embedding a knowledge graph spectrogram.

The GNN model can be used to map-embed the information needed in the atlas, such as: and generating a risk identification chart vector by using a chart embedding algorithm according to the event risk level, the completed event relation, the confidence coefficient, the degree information and the like.

Step 6: and calculating the risk index of the enterprise.

The risk identification map vector generated by embedding the map in the step 5 can be put into the CNN network with the last layer of softmax, so as to obtain the risk factor of the enterprise.

The invention provides a credit risk identification method based on a affair atlas, which fully considers the important role of event conduction in enterprise risk identification, simultaneously comprehensively considers the influence of the possibly occurring events, provides a new thought for identifying public risks by bank credit, and improves the accuracy of identification results in risk.

Fig. 4 is a schematic structural diagram of a risk identification system provided in an embodiment of the present specification, and as shown in fig. 4, an embodiment of the present specification further provides a risk identification system, which may include: the system comprises a map storage unit 1, a map complementing unit 2, an event risk grade dividing unit 3, a risk factor generating unit 4 and a knowledge inquiring unit 5, wherein:

the map storage unit 1 may be configured to store the constructed and fused knowledge map and case map, and the knowledge map and the case map are fused to form a risk identification map.

The atlas complementing unit 2 may be configured to complement missing parts of the atlas triples in the atlas storage unit 1, so that the atlas becomes more complete.

The event risk grading unit 3 may be configured to cluster all events existing in the case graph in the graph complementing unit 2, and the service expert performs event risk grading on each type of event according to a clustering result, and stores a grading result as an event attribute in the graph.

The risk factor generating unit 4 may be configured to perform integrated calculation according to features existing in the map to obtain a risk factor with a value range between [0 and 1] for supporting a decision. Fig. 5 is a schematic structural diagram of a risk factor generating unit in an embodiment of the present specification, and the risk factor generating unit 4 shown in fig. 5 may include a labeling unit 51, a graph embedding unit 52, and a risk factor calculating unit 53. The data labeling unit 51 may label the sample data by using known data of whether an enterprise is bankruptcy or not or data of other business high-risk behaviors as sample data, for example: the bankruptcy enterprise is labeled 1 and the remaining enterprises are labeled 0. The labeled data may be used for model training of the risk factor calculation unit 53. The graph embedding unit 52 may apply a graph embedding algorithm to generate a graph vector from the existing graph including the event risk level, the complemented event relationship, the confidence degree, the degree information, and the like, and import the graph vector into the final risk factor calculating unit 53 to obtain the risk factor of the enterprise to be identified. Meanwhile, business personnel can confirm the risk threshold value according to business requirements, enterprises larger than the threshold value are used as key investigation objects, and the risk factor can be set to be 0.5. The risk factor calculation may adopt a machine learning model such as a CNN model, and the description of the above embodiments may be specifically referred to, which is not described herein again.

The knowledge query unit 5 may be configured to query an event conducting relationship of an object to be identified in the risk identification map, and determine a risk cause of the object to be identified. Such as: when the risk factor of the target to be identified is greater than the risk threshold, the knowledge query unit 5 may query the risk identification map, query the event conduction path of the target to be identified, and analyze the risk cause of the target to be identified. The inquired graph can be a risk identification graph obtained after graph completion unit edge relation completion.

In the embodiment of the specification, the affair map and the knowledge map are combined, so that not only is the static knowledge of an enterprise considered, but also the influence of the evolution rule between events on enterprise risk identification is comprehensively considered. The important role of event conduction in enterprise risk identification is fully considered, the PSL model is utilized to supplement the map in the edge relation, the influence of the possibly occurring events is comprehensively considered, a new thought is provided for credit to public risk identification, and the accuracy of the risk identification result is improved.

In the present specification, each embodiment of the method is described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. Reference is made to the description of the method embodiments.

Based on the risk identification method, one or more embodiments of the present specification further provide a risk identification method apparatus. The apparatus may include systems (including distributed systems), software (applications), modules, components, servers, clients, etc. that use the methods described in the embodiments of the present specification in conjunction with any necessary apparatus to implement the hardware. Based on the same innovative conception, embodiments of the present specification provide an apparatus as described in the following embodiments. Since the implementation scheme of the apparatus for solving the problem is similar to that of the method, the specific implementation of the apparatus in the embodiment of the present specification may refer to the implementation of the foregoing method, and repeated details are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.

Specifically, fig. 6 is a schematic structural diagram of a risk identification device in an embodiment of this specification, where the risk identification device in the embodiment of this specification may be a terminal that is configured to have a conversation with a user or a device that can implement the function of the terminal, and the embodiment of this specification is not particularly limited. As shown in fig. 6, a risk identification device in an embodiment of the present specification may include: a map acquisition unit 61, an event level determination unit 62, an event attribute storage unit 63, a map embedding unit 64, a risk identification unit 65, wherein:

the map acquisition unit 61 may be configured to acquire a risk identification map, where the risk identification map includes a case map and a knowledge map that are associated with each other;

the event grade determining unit 62 may be configured to perform clustering and risk grade division on the events in the risk identification graph, so as to obtain events of different classes and risk grades corresponding to the events of different classes;

an event attribute storage unit 63, which may be configured to store the risk level as an attribute of a corresponding event in the risk identification map;

a graph embedding unit 64 operable to convert the risk identification graph into a risk identification graph vector using a graph embedding algorithm;

and the risk identification unit 65 may be configured to input the risk identification map vector to a risk identification model, and obtain a risk factor of the target to be identified in the risk identification map.

The risk identification device provided in the embodiment of the present specification combines a knowledge graph and a case graph to obtain a risk identification graph, performs cluster analysis on events in the risk identification graph, and determines the risk level of each clustered event. And performing risk identification by using a risk identification model according to the risk grade of the event and other attributes in the risk identification map, and determining a risk factor of the target to be identified in the risk identification map. The event graph and the knowledge graph are combined, the important role of event conduction in enterprise risk identification is fully considered, a new thought is provided for enterprise risk identification, and the accuracy of enterprise risk identification results is improved.

It should be noted that the above-described apparatus may also include other embodiments according to the description of the method embodiment. The specific implementation manner may refer to the description of the related method embodiment, and is not described in detail herein.

An embodiment of the present specification further provides a risk identification data processing apparatus, including: at least one processor and a memory for storing processor-executable instructions, the processor implementing the risk identification method of the above embodiments when executing the instructions, such as:

It should be noted that the above description of the terminal device according to the method embodiment may also include other implementation manners. The specific implementation manner may refer to the description of the related method embodiment, and is not described in detail herein.

On the basis of the foregoing embodiments, an embodiment of the present specification may further provide a computer-readable storage medium, on which computer instructions are stored, and when the instructions are executed, the method for risk identification in the foregoing embodiments is implemented, such as:

The storage medium may include a physical device for storing information, and typically, the information is digitized and then stored using an electrical, magnetic, or optical media. The storage medium may include: devices that store information using electrical energy, such as various types of memory, e.g., RAM, ROM, etc.; devices that store information using magnetic energy, such as hard disks, floppy disks, tapes, core memories, bubble memories, and usb disks; devices that store information optically, such as CDs or DVDs. Of course, there are other ways of storing media that can be read, such as quantum memory, graphene memory, and so forth.

It should be noted that the description of the above-mentioned computer-readable storage medium according to the method embodiment may also include other embodiments. The specific implementation manner may refer to the description of the related method embodiment, and is not described in detail herein.

The risk prevention and control system provided by the specification can be an independent risk identification system and can also be applied to various data analysis and processing systems. The system may comprise any of the risk identification means of the embodiments described above. The system may be a single server, or may include a server cluster, a system (including a distributed system), software (applications), an actual operating device, a logic gate device, a quantum computer, etc. using one or more of the methods or one or more of the example devices of the present specification, in combination with a terminal device implementing hardware as necessary. The system for checking for discrepancies may comprise at least one processor and a memory storing computer-executable instructions that, when executed by the processor, implement the steps of the method of any one or more of the embodiments described above.

The method embodiments provided by the embodiments of the present specification can be executed in a mobile terminal, a computer terminal, a server or a similar computing device. Taking the example of the risk identification server running on the server, fig. 7 is a hardware structure block diagram of the risk identification server in the embodiment of the present specification. As shown in fig. 7, the server 10 may include one or more (only one shown) processors 100 (the processors 100 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA, etc.), a memory 200 for storing data, and a transmission module 300 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 7 is merely an illustration and is not intended to limit the structure of the electronic device. For example, the server 10 may also include more or fewer components than shown in FIG. 7, and may also include other processing hardware, such as a database or multi-level cache, a GPU, or have a different configuration than shown in FIG. 7, for example.

The memory 200 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the risk prevention and control method in the embodiments of the present specification, and the processor 100 executes various functional applications and data processing by executing the software programs and modules stored in the memory 200. Memory 200 may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 200 may further include memory located remotely from processor 100, which may be connected to a computer terminal through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The transmission module 300 is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal. In one example, the transmission module 300 includes a Network adapter (NIC) that can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission module 300 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The method or apparatus provided by the present specification and described in the foregoing embodiments may implement service logic through a computer program and record the service logic on a storage medium, where the storage medium may be read and executed by a computer, so as to implement the effect of the solution described in the embodiments of the present specification.

The risk prevention and control method or apparatus provided in the embodiments of the present specification may be implemented in a computer by a processor executing corresponding program instructions, for example, implemented in a PC end using a c + + language of a windows operating system, implemented in a linux system, or implemented in an intelligent terminal using android, iOS system programming languages, implemented in processing logic based on a quantum computer, or the like.

It should be noted that descriptions of the apparatus, the processing device, the computer storage medium, and the system described above according to the related method embodiments may also include other embodiments, and specific implementations may refer to descriptions of corresponding method embodiments, which are not described in detail herein.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the hardware + program class embodiment, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment.

Although the present application provides method steps as described in an embodiment or flowchart, additional or fewer steps may be included based on conventional or non-inventive efforts. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or client product executes, it may execute sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

Although embodiments of the present description provide method steps as described in embodiments or flowcharts, more or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded.

For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the embodiments of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, and the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.

The embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The described embodiments may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of an embodiment of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

The above description is only an example of the embodiments of the present disclosure, and is not intended to limit the embodiments of the present disclosure. Various modifications and variations to the embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiments of the present specification should be included in the scope of the claims of the embodiments of the present specification.

Claims

1. A method for risk identification, the method comprising:

2. The method of claim 1, further comprising:

3. The method of claim 2, wherein the performing edge relation completion on the events and/or entities in the risk identification graph using a probabilistic soft logic model comprises:

4. The method of claim 1, further comprising:

5. The method of claim 1, wherein the risk identification model is a convolutional neural network model, and wherein a last layer of the convolutional neural network is a normalized exponential function.

6. The method of claim 1, wherein the graph embedding algorithm is a graph neural network algorithm.

7. A risk identification device, the device comprising:

8. A risk identification data processing apparatus comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 1 to 6.

9. A computer-readable storage medium having stored thereon computer instructions which, when executed, implement the steps of the method of any one of claims 1-6.

10. A risk identification system, comprising: