[go: up one dir, main page]

CN120493249A - ETC fraud detection method - Google Patents

ETC fraud detection method

Info

Publication number
CN120493249A
CN120493249A CN202510942929.4A CN202510942929A CN120493249A CN 120493249 A CN120493249 A CN 120493249A CN 202510942929 A CN202510942929 A CN 202510942929A CN 120493249 A CN120493249 A CN 120493249A
Authority
CN
China
Prior art keywords
risk
transaction
nodes
fraud
entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202510942929.4A
Other languages
Chinese (zh)
Other versions
CN120493249B (en
Inventor
李三燕
金柳
孔建夫
桑永程
余秋甫
许贺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Keda Chuanghui Intermodal Technology Co ltd
Original Assignee
Anhui Keda Chuanghui Intermodal Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Keda Chuanghui Intermodal Technology Co ltd filed Critical Anhui Keda Chuanghui Intermodal Technology Co ltd
Priority to CN202510942929.4A priority Critical patent/CN120493249B/en
Publication of CN120493249A publication Critical patent/CN120493249A/en
Application granted granted Critical
Publication of CN120493249B publication Critical patent/CN120493249B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Traffic Control Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an ETC fraud detection method which comprises the following steps of collecting multi-source data and constructing a heterogeneous network, dynamically screening a high-risk node association topology from the heterogeneous network through a bidirectional graph propagation analysis method, generating a behavior feature vector through a neural network model, optimizing the behavior feature vector based on attribute similarity weighted neighborhood aggregation and space-time track fusion to obtain an optimized feature vector, generating a composite risk index by fusing a static risk value, a dynamic risk value and a topology risk value, triggering a hierarchical response mechanism according to the composite risk index, and outputting fraud judgment results comprising a multidimensional scoring matrix and an association topology evidence chain. The invention overcomes the technical bottlenecks of multi-entity association analysis, dynamic mode adaptation and evidence chain construction in ETC fraud detection, has high fraud detection coverage rate, ensures normal traffic efficiency, and has remarkable industrial application value.

Description

ETC fraud detection method
Technical Field
The invention relates to the field of transportation, in particular to an ETC fraud detection method.
Background
With the popularization of ETC (electronic toll collection), the vehicle passing efficiency is remarkably improved, but at the same time, various complex coordinated and hidden fraudulent behaviors such as shell replacement and the like are derived. The traditional detection means mainly rely on single-dimensional data such as credit scores, abnormal behavior marks and the like and detect according to preset rules, and due to the lack of relevance mining and path tracing of multi-source data, when facing the complex cooperative and hidden fraudulent behaviors, the detection means has extremely low detection success rate, can easily cause false alarm, cannot form a complete evidence chain, and needs to be improved urgently.
Disclosure of Invention
In order to solve the technical problems existing in the background technology, the invention provides an ETC fraud detection method, which comprises the following steps:
s1, acquiring multi-source data and constructing a heterogeneous network;
S2, dynamically screening a high-risk node association topology from a heterogeneous network by a bidirectional graph propagation analysis method;
S3, generating a behavior feature vector through a neural network model, and optimizing the behavior feature vector based on attribute similarity weighted neighborhood aggregation and space-time track fusion to obtain an optimized feature vector;
s4, generating a composite risk index by fusing the static risk value, the dynamic risk value and the topological risk value, and triggering a hierarchical response mechanism according to the composite risk index;
s5, outputting fraud judgment results comprising a multidimensional scoring matrix and an associated topological evidence chain.
Further, the method also comprises S6, optimizing network parameters based on feedback.
Further, the S1 specifically comprises the steps of S11, collecting multi-source data, S12, establishing a first relational database between users and vehicles, establishing a second relational database between vehicles and devices, establishing a third relational database between transaction events and geographic spaces, establishing a fourth relational database between users and Internet accounts, establishing a fifth relational database of home circulation of the vehicles between the users, S13, establishing user entity nodes, vehicle entity nodes, device entity nodes, transaction event nodes, geographic position nodes and Internet account entity nodes, S14, generating a home circulation chain between the users and the vehicles, a physical binding authentication chain between the vehicles and the devices, a space-time track chain between the transaction events and the geographic spaces, a focus interaction chain between the users and the Internet accounts and a home circulation chain between the vehicles and the users on the basis of the user entity nodes, the vehicle entity nodes, the device entity nodes, the transaction event nodes, the geographic position nodes and the Internet account entity nodes, and the first relational database, the second relational database, the third relational database, the fourth relational database and the fifth relational database.
The multi-source data comprises user characteristic data, vehicle characteristic data, equipment characteristic data, transaction characteristic data and internet account characteristic data, wherein the user characteristic data is specifically a fingerprint or a human face, the vehicle characteristic data is specifically an engine unique code, the equipment characteristic data is specifically an equipment unique code, the transaction characteristic data comprises a passing time, a geographic position and an abnormal transaction identifier, and the internet account characteristic data is specifically an account unique identifier or a login behavior record.
S15, monitoring vehicle state change and user logout behavior in real time, performing logic isolation processing on the failure node, and periodically executing network weight attenuation operation output so as to realize dynamic network update record with version identification.
Further, the S2 specifically comprises S21 of calculating timeliness weight of the node based on transaction time window sliding, S22 of extracting a cross-entity association path through a two-way graph propagation analysis method, S23 of judging high risk nodes and high risk user groups, S24 of screening association topology of the high risk nodes;
The bidirectional graph propagation analysis method comprises the steps of forward tracking a transaction link of a user binding vehicle, backward tracking a home path of transaction association equipment, and integrating to generate a cross-entity association graph.
Further, S2 includes S25, reserving continuously active node topologies and generating a risk network snapshot.
The method comprises the steps of S31, extracting multi-dimensional original features from a heterogeneous network, S32, inputting the multi-dimensional original features into a neighborhood aggregation module weighted by attribute similarity, carrying out weight adjustment and propagation in a multi-level neighborhood range, outputting intermediate feature vectors containing cross-entity association characteristics of user-vehicle-equipment, S33, inputting the intermediate feature vectors into a graph convolution module, carrying out space convolution operation along transaction association edges, outputting high-order feature vectors reflecting risk signal propagation modes through multi-layer graph convolution iterative analysis, S34, inputting the high-order feature vectors into a dynamic track generation module, carrying out time sequence space fusion, carrying out multi-dimensional splicing on time sequence accumulated features and space distribution features, generating space-time feature vectors fused with dynamic behavior modes, S35, constructing positive sample pairs by using identity authentication strength, maintenance period and space-time distribution features of normal transaction nodes, and outputting the optimized feature vectors with fraud mode discrimination through constraint of similar feature similarity and heterogeneous feature distances.
Further, the S4 specifically comprises S41, extracting static characteristics, dynamic characteristics and topological characteristics from the optimized characteristic vector, S42, generating static risk values, dynamic behavior values and topological risk values, S43, generating a composite risk index, S44, triggering a hierarchical response mechanism according to the composite risk index;
The method comprises the steps of generating a composite risk index, normalizing a static risk value, a dynamic risk value and a topological risk value, and dynamically distributing weights based on fraud types, wherein the path jump fraud types focus on the dynamic risk value weights, and the identity fraud types focus on the static risk value weights.
Further, the step S5 specifically comprises the steps of S51, receiving multi-dimensional judgment basis input optimized in a parameter updating stage, S52, executing multi-dimensional analysis, S53, generating judgment conclusion and evidence chain, and S54, generating a fraud judgment report containing a multi-dimensional scoring matrix.
The invention provides a set of systematic solution for fusing dynamic heterogeneous network and multi-level feature optimization, and the core technical architecture comprises the following five key modules:
1. And constructing and maintaining a system of the dynamic heterogeneous network.
A multi-source association network covering user-vehicle-device-transaction-geographic nodes is constructed by integrating user biometric features, vehicle unique codes, device hardware fingerprints, transaction space-time trajectories, and Internet account behavior data. The network integrates multidimensional topological structures such as legal attribution chains, physical binding authentication chains, space-time track chains and the like, and dynamic updating is realized by adopting a version identification control and weight attenuation mechanism. And the vehicle state change and user logout behavior are monitored in real time, logic isolation is performed on the failure node, the history data interference is eliminated, and the network topology update timeliness is improved.
2. A cross-entity risk profile identification system.
Based on the bidirectional graph propagation analysis method, a transaction link of a user binding vehicle is tracked forward, and a home path of transaction association equipment is traced backward to form a cross-entity association graph. And combining short-time high-frequency transaction characteristics, hardware fingerprint entropy fluctuation and other judgment rules, and accurately identifying complex fraud modes such as space-time contradiction closed loop paths and the like. Active topology is stored in a lasting mode through a risk network snapshot mechanism, and a structured evidence chain containing core fields such as equipment tampering records, transaction path abnormal edge weights and the like is provided for judicial evidence collection.
3. A multi-level fraud feature optimization engine.
And designing a neighborhood aggregation module with attribute similarity weighting, and fusing static characteristics such as user identity authentication intensity, vehicle maintenance period and the like and dynamic characteristics such as transaction space-time jump abnormality indexes and the like. The graph convolution module enhances the detection sensitivity of the illegal transaction interval path by dynamically adjusting the attention weight, and combines the bidirectional gating circulation unit to analyze the fingerprint mutation rule and the transaction behavior deviation trend of the equipment to generate a space-time feature vector containing cross-entity association characteristics. The optimized feature vector obviously improves the distinguishing capability of the fraud mode by restraining the feature similarity and the heterogeneous feature distance.
4. Intelligent risk decision and cooperative response mechanisms.
And constructing a fusion model of a static risk value, a dynamic risk value and a topological risk value, wherein the static risk value synthesizes a user credibility score and a vehicle health index, the dynamic risk value counts transaction time conflict probability and hardware tampering risk level, and the topological risk value calculates fraud node density and trans-provincial transaction path abnormal weight. Weights are dynamically allocated based on the composite risk index of normalization processing, dynamic behavior components are strengthened aiming at path jump fraud, and static risk components are emphasized aiming at identity fraud. And matching with a three-level cooperative response strategy, namely intercepting high-risk transactions in real time, starting biological authentication, freezing abnormal accounts, unbinding equipment, permanently marking fraudulent topology, generating judicial reports, and realizing remarkable reduction of false alarm rate and optimization of response efficiency.
5. The adaptive feedback optimizes the closed loop.
And establishing an interception record, a fraud case library and a reverse learning mechanism of performance indexes, and dynamically adjusting neighborhood aggregation weights and graph convolution attention rules. The novel hardware parameter tampering attack is rapidly identified by updating the fingerprint entropy calculation logic of the device in real time, and the detection response efficiency is high. The system synchronously optimizes risk threshold parameters and model decision boundaries, ensures that normal traffic efficiency loss is at an industry leading level while maintaining high fraud detection coverage rate, and breaks through iteration lag bottleneck of a traditional model.
Drawings
FIG. 1 is a schematic diagram of an overall flow chart of an embodiment of an ETC fraud detection method according to the present invention;
FIG. 2 is a schematic flow chart of a portion of an embodiment of an ETC fraud detection method according to the present invention;
FIG. 3 is a schematic flow chart of a portion of an embodiment of an ETC fraud detection method according to the present invention;
FIG. 4 is a schematic flow chart of a portion of an embodiment of an ETC fraud detection method according to the present invention;
FIG. 5 is a schematic flow chart diagram illustrating a portion of an ETC fraud detection method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram illustrating a partial flow chart of an embodiment of an ETC fraud detection method according to the present invention;
FIG. 7 is a schematic flow chart diagram illustrating a portion of an ETC fraud detection method according to an embodiment of the present invention;
FIG. 8 is a schematic flow chart diagram illustrating a portion of an ETC fraud detection method according to an embodiment of the present invention;
FIG. 9 is a schematic diagram illustrating a partial flow chart of an embodiment of an ETC fraud detection method according to the present invention;
FIG. 10 is a schematic flow chart diagram illustrating a portion of an ETC fraud detection method according to an embodiment of the present invention;
FIG. 11 is a schematic overall flow chart of another embodiment of an ETC fraud detection method according to the present invention;
FIG. 12 is a schematic partial flow chart diagram of another embodiment of an ETC fraud detection method according to the present invention;
FIG. 13 is a schematic flow chart diagram illustrating a portion of another embodiment of an ETC fraud detection method according to the present invention;
FIG. 14 is a partial flow chart of another embodiment of an ETC fraud detection method according to the present invention.
Detailed Description
Referring to fig. 1-10, the present invention proposes an ETC fraud detection method comprising the steps of:
s1, collecting multi-source data and constructing a heterogeneous network. The method specifically comprises the following steps:
S11, collecting multi-source data. The multi-source data includes user characteristic data, vehicle characteristic data, device characteristic data, transaction characteristic data, and internet account characteristic data. The user characteristic data is specifically a fingerprint or a human face, the vehicle characteristic data is specifically an engine unique code, the equipment characteristic data is specifically an equipment unique code, the transaction characteristic data specifically comprises a passing time, a geographic position and an abnormal transaction identifier, and the internet account characteristic data specifically is an account unique identifier or a login behavior record.
S12, establishing a first relational database between the users and the vehicles, establishing a second relational database between the vehicles and the devices, establishing a third relational database between transaction events and geographic spaces, establishing a fourth relational database between the users and Internet accounts, and establishing a fifth relational database for attributive circulation of the vehicles among the users.
S13, creating a user entity node, a vehicle entity node, a device entity node, a transaction event node, a geographic position node and an Internet account entity node.
S14, on the basis of a user entity node, a vehicle entity node, a device entity node, a transaction event node, a geographic position node and an Internet account entity node, legal attribution relation chains between users and vehicles, physical binding authentication chains between vehicles and devices, space-time track chains between transaction events and geographic spaces, attention interaction chains between users and Internet accounts and attribution circulation chains between vehicles are generated according to the first relation database, the second relation database, the third relation database, the fourth relation database and the fifth relation database, and the construction of heterogeneous networks is completed.
And S15, monitoring vehicle state change and user logout behavior in real time, performing logic isolation processing on the failure node, and periodically executing network weight attenuation operation output so as to realize dynamic network update record with version identification.
S2, dynamically screening the high-risk node association topology from the heterogeneous network through a bidirectional graph propagation analysis method. The method specifically comprises the following steps:
S21, calculating timeliness weight of the node based on transaction time window sliding. The method specifically comprises the following steps:
S211, collecting real-time transaction time sequence data of the entity node of the equipment.
S212, real-time analysis is carried out on the transaction time sequence data of the equipment entity nodes, and risk identification information is generated on the equipment entity nodes with short-time high-frequency transaction characteristics.
Specifically, real-time analysis is performed on the transaction time sequence data of the equipment entity nodes, transaction frequency and time distribution rules within preset duration are analyzed to identify the abnormally active equipment entity nodes, and risk identification information is generated on the equipment entity nodes with short-time high-frequency transaction characteristics. The above procedure inherits the version identification of the dynamic network update record in the heterogeneous network to ensure that the time-dependent weight calculation remains synchronized with the network decay operation.
The bidirectional graph propagation analysis method comprises the steps of forward tracking a transaction link of a user binding vehicle, backward tracking a home path of transaction association equipment, and integrating to generate a cross-entity association graph.
S22, extracting a cross-entity association path through a bidirectional graph propagation analysis method.
Specifically, the association relation among a user archive, a vehicle registration library and a device fingerprint library is called, a transaction link of a vehicle entity node is bound to a user entity node in a forward tracking mode, a home path of the device entity node is associated to a reverse tracing transaction event node, and a cross-entity association map is formed by integrating a forward tracking result and a reverse tracing result.
S23, judging the high-risk nodes and the high-risk user group.
Determining high risk nodes depends on factors including, but not limited to, one or more of:
the number of the user entity node binding vehicle entity nodes exceeds a preset threshold, the vehicle entity nodes change the binding relation of the equipment entity nodes frequently in a limited time, the hardware fingerprint characteristics of the equipment entity nodes are not matched with the registration information characteristics, the inter-administrative time interval of the transaction event nodes is lower than the traffic regulation requirement, the transaction event nodes continuously trigger abnormal transaction identification, and the transaction path characteristics violate the physical space movement rules.
The basis for determining the high-risk user group comprises one or more of, but is not limited to, multiple times of association of the user entity nodes with the high-risk equipment entity nodes in a limited time, forming of an abnormal transaction closed loop path between the user entity nodes, and synchronous abnormal login behavior of internet account characteristic data of the user entity nodes.
S24, screening out the association topology of the high-risk nodes. Decision-making criteria for the association topology of high risk nodes include, but are not limited to, one or more of the following:
A single equipment entity node is alternately associated with a plurality of vehicle entity nodes with different attributions, a closed loop path with a space-time logic contradiction is formed between geographical position nodes by a transaction track, and a risk signal shows an exponential diffusion characteristic through links of the user entity node associated with the vehicle entity node and the equipment entity node.
And S25, reserving continuously active node topology and generating a risk network snapshot.
Specifically, a candidate node list and an associated path map are obtained, monitoring priority is adjusted according to the latest updating time of the topological structure, and active topological structures meeting the weight attenuation calculation conditions are stored in a lasting mode.
The process inherits the logic isolation rule in the dynamic network update record, ensures that the screening result, the user entity node cancellation behavior and the vehicle entity node state change record form a logic closed loop, and can provide topological input with complete structure for the subsequent behavior feature vector generation module.
And S3, generating a behavior feature vector through a neural network model, and optimizing the behavior feature vector based on attribute similarity weighted neighborhood aggregation and space-time track fusion to obtain an optimized feature vector. The method specifically comprises the following steps:
s31, extracting multi-dimensional original features from the heterogeneous network.
Specifically, the multi-dimensional original features comprise identity authentication intensity features of user entity nodes, maintenance period features of vehicle entity nodes, hardware fingerprint entropy features of equipment entity nodes and time-space distribution features of transaction event nodes. The method comprises the steps of calculating a biological characteristic matching degree and equipment binding history time in a fusion mode, generating an identity authentication intensity characteristic, wherein the identity authentication intensity characteristic inherits a user entity node logout behavior monitoring result, generating a maintenance period characteristic according to vehicle maintenance record integrity and fault code association frequency quantification, associating the maintenance period characteristic with a vehicle entity node state change record, obtaining a hardware fingerprint entropy value characteristic based on consistency analysis of equipment parameter dispersion and firmware version, inheriting a device entity node hardware fingerprint verification result by the hardware fingerprint entropy value characteristic, obtaining a space-time distribution characteristic through cross-province transaction density and geographic path rationality combined calculation, and fusing the space-time distribution characteristic with space-time track chain data.
S32, inputting the multi-dimensional original features into a neighborhood aggregation module with attribute similarity weighted, carrying out weight adjustment and propagation in a multi-level neighborhood range, and outputting an intermediate feature vector containing user-vehicle-equipment cross-entity association characteristics.
The neighborhood aggregation module for weighting the similarity of the input attribute of the multi-dimensional original features specifically comprises:
S321, aggregating the average maintenance period characteristics of the vehicle entity nodes bound with the user entity nodes to associate the topological structure of the legal attribution relation chain.
S322, extracting a space-time jump abnormality index of a transaction event node associated with the vehicle entity node and inheriting a dynamic analysis result of the space-time track chain.
S323, counting identity authentication intensity characteristic discrete values of user entity nodes associated with the equipment entity nodes to fuse change records of the physical binding authentication chain.
S33, inputting the intermediate feature vector into a graph convolution module, performing spatial convolution operation along the transaction correlation side, and outputting a high-order feature vector reflecting the risk signal propagation mode through multi-layer graph convolution iterative analysis.
Further, the method comprises the steps of inputting the intermediate feature vector into a graph convolution module and executing a spatial convolution operation along a transaction association edge, namely constructing an attention weight matrix in a multi-entity association structure, automatically enhancing the path weight when detecting that the adjacent transaction interval of the equipment entity node violates traffic regulations, and reducing the confidence coefficient of the association edge when finding that the user entity node binds a plurality of vehicle entity nodes to share similar hardware fingerprint characteristics.
S34, inputting the high-order feature vector into a dynamic track generation module, performing time sequence space fusion, and performing multidimensional splicing on the time sequence accumulated feature and the space distribution feature to generate a space-time feature vector fused with a dynamic behavior mode.
The method comprises the steps of inputting high-order feature vectors into a dynamic track generation module and executing time sequence space fusion, wherein a bidirectional gating circulation unit is adopted to analyze continuous transaction sequences, a fingerprint entropy value mutation rule of a forward accumulated feature capture device is adopted, and backward associated features are adopted to identify deviation degree of transaction behaviors and historical space-time distribution.
S35, constructing a positive sample pair according to the identity authentication intensity, the maintenance period and the space-time distribution characteristics of the normal transaction node, and outputting an optimized characteristic vector with fraud mode discrimination by restraining the similar characteristic similarity and the heterogeneous characteristic distance.
S4, generating a composite risk index by fusing the static risk value, the dynamic risk value and the topological risk value, and triggering a hierarchical response mechanism according to the composite risk index, wherein the method comprises the following steps of:
s41, extracting static features, dynamic features and topological features from the optimized feature vectors.
The static features comprise user identity authentication intensity features and vehicle maintenance period features, wherein the user identity authentication intensity features are generated by long fusion calculation of biological feature matching degree and equipment binding time, inherit user entity node logout behavior monitoring results, and the vehicle maintenance period features are generated by vehicle maintenance record integrity and fault code association frequency in a quantification mode and are associated with vehicle entity node state change records.
The dynamic characteristics comprise transaction time interval anomaly degree and equipment fingerprint entropy fluctuation rate, wherein the transaction time interval anomaly degree is calculated by whether adjacent transaction intervals meet the minimum traffic requirement of traffic regulations or not, the equipment fingerprint entropy fluctuation rate is generated based on analysis of variation trend of hardware parameter dispersion, and inherits the equipment entity node hardware fingerprint verification result.
The topological feature comprises associated node risk propagation intensity and transaction path abnormal edge weight, wherein the associated node risk propagation intensity is calculated through fraud node density in a multi-hop neighborhood, the transaction path abnormal edge weight is generated based on whether the cross-provincial transaction path attention weight exceeds a preset standard or not, and a dynamic analysis result of a space-time track chain is fused.
S42, generating a static risk value, a dynamic behavior value and a topological risk value. The method specifically comprises the following steps:
The step of generating the static risk value specifically comprises the steps of generating a reliability score based on the fact that the user identity authentication strength characteristic is matched with a user credit rating standard, analyzing the vehicle maintenance period characteristic, then calculating a vehicle health index by combining the maintenance missing record and the occurrence frequency of fault codes, and fusing the reliability score and the health index into the static risk value according to an industry standard weight distribution rule.
The generation of the dynamic behavior value specifically comprises the steps of counting the conflict probability of the transaction time interval anomaly, analyzing the hardware tampering risk level of the fingerprint entropy fluctuation rate of the equipment, dynamically adjusting the weights of the two indexes according to the transaction frequency, and fusing the two indexes into the dynamic risk value.
The method specifically comprises the steps of extracting the ratio of the fraudulent nodes in the multi-hop neighborhood to calculate risk propagation intensity, counting the sum of abnormal edge weights of the trans-provincial transaction paths, dynamically adjusting parameter contribution degree according to the complexity of the topological structure, and fusing the parameter contribution degree into the topological risk value.
S43, generating a composite risk index.
Specifically, the static risk value, the dynamic risk value and the topological risk value are subjected to normalization processing, and weights are dynamically allocated according to fraud types after dimension differences are eliminated. Aiming at the path jump fraud type, the dynamic behavior component weight is emphasized, the static risk component weight is strengthened aiming at the identity fraud type, and the composite risk index is output after weighted fusion.
In the embodiment, the generation of the composite risk index comprises the steps of carrying out normalization processing on a static risk value, a dynamic risk value and a topological risk value, and dynamically distributing weights based on fraud types, wherein the path jump fraud type emphasizes the dynamic risk value weight, and the identity fraud type emphasizes the static risk value weight.
S44, triggering a hierarchical response mechanism according to the composite risk index.
The method comprises the steps of triggering a primary response mechanism to intercept current transactions in real time and start biological characteristic secondary authentication when a composite risk index exceeds a mild fraud threshold, triggering a secondary response mechanism to freeze a cross-provincial high-frequency transaction associated account to forcefully release the binding relation of abnormal equipment entity nodes and associate vehicle maintenance period characteristics to check historical risks when the composite risk index reaches the mild fraud threshold, triggering a tertiary response mechanism and permanently marking a fraud topological sub-graph and generating a judicial evidence collection report when the composite risk index reaches the serious fraud threshold.
S5, outputting fraud judgment results comprising a multidimensional scoring matrix and an associated topological evidence chain. The method specifically comprises the following steps:
S51, receiving multi-dimensional judgment basis input after optimization in a parameter updating stage.
Specifically, the decision basis is divided into a space dimension basis, a time sequence dimension basis, an equipment dimension basis and a fraud decision result basis. The space dimension comprises a cross-provincial transaction frequency statistic value and a geographic path rationality analysis result, the time sequence dimension comprises transaction time window density distribution characteristics and adjacent transaction interval compliance detection data, the equipment dimension comprises a vehicle-mounted unit signal fingerprint similarity matching value and a hardware parameter mutation historical record, and the fraud judgment result comprises space dimension comprehensive analysis data integrating the inter-provincial boundary breakthrough frequency, time sequence dimension detection data of the transaction time window density and equipment dimension verification data after the vehicle-mounted unit signal fingerprint similarity.
S52, performing multidimensional analysis.
Specifically, the analysis process calls a graph convolution attention calculation rule framework reconstructed at a parameter update stage to enhance sensitivity to cross-entity anomaly associated paths.
The "performing multidimensional analysis" specifically includes converting the multidimensional determination basis into a spatial anomaly determination and a timing contradiction determination.
The space abnormality judgment is specifically to compare the deviation degree of the trans-provincial transaction frequency and the history conventional fluctuation range of the same vehicle type, and combine the space dimension abnormality score after reflecting the path fraud risk level generated by the coincidence degree detection result of the geographic path and the actual traffic network topology. For example, detecting an unopened road segment traffic record may trigger a scoring surge mechanism.
The time sequence contradiction judgment is specifically that whether the density distribution of the transaction time window accords with the rule of human driving behavior is analyzed, and after verifying whether the adjacent transaction interval meets the minimum passing time requirement defined by traffic regulations, the generated time sequence dimension anomaly score representing the time falsification suspicion level is generated. For example, a high frequency fixed interval transaction pattern will activate the score accumulation mechanism.
And S53, generating a judgment conclusion and evidence chain. The method specifically comprises the following steps:
S531, fusing the space dimension anomaly score, the time sequence dimension anomaly score and the equipment dimension anomaly score, superposing the risk quantification value output by the composite risk index calculation module, and generating the comprehensive fraud probability.
S532, generating a judgment conclusion.
The method comprises the steps of determining cooperative fraud when three types of scores exceed a dynamic calibration threshold value, and determining path forgery fraud when the combination of space and time sequence dimension scores exceeds a standard.
S533, constructing an evidence chain.
Specifically, identity authentication intensity characteristic abnormal records of user entity nodes are associated to strengthen identity impersonation judgment basis, maintenance period characteristic missing data of vehicle entity nodes are bound to justify fake plate vehicle suspicion, and propagation paths of historical risks in a three-hop neighborhood are traced to verify fraud mode continuity.
S54, generating a fraud judgment report containing the multidimensional scoring matrix.
Specifically, the core abnormal characteristics and the associated entity node topology are marked in the fraud judgment report, and a response mechanism is triggered to execute a record write-back operation and update the dynamic heterogeneous network node state. For example, the intercepted transaction numbers are written into a blacklist library, associated accounts are frozen and fraudulent nodes are marked, and sleep anomaly associated edges are synchronized to block risk diffusion. The network state update data output in the stage is used as a novel input source for feeding back and optimizing the network parameter stage to form a detection closed loop.
And S6, optimizing network parameters based on feedback.
The process based on feedback optimization network parameters comprises node attribute weight dynamic updating operation, topology association rule iterative reconstruction operation and detection performance index balance adjustment operation, and the risk propagation intensity index of the composite risk index calculation module and the multidimensional abnormal score of the fraud judgment result output module are ensured to form quantitative consistency.
The "optimizing network parameters based on feedback" specifically includes:
S61, acquiring feedback data.
The feedback data specifically comprises first type feedback data taking a composite risk index triggered hierarchical response execution result as a data source, second type feedback data taking confirmed fraud case feature library data as a data source and third type feedback data taking model performance index data as a data source, the composite risk index triggered hierarchical response execution result comprises a transaction interception record file, a biological characteristic secondary authentication passing rate statistic file and an abnormal equipment entity node unbinding operation log file which are generated by a hierarchical response mechanism, the confirmed fraud case feature library data comprises abnormal path mode set data, identity fraudulent use behavior set data and the like, and the model performance index data comprises performance index data such as false alarm rate statistic values, fraud detection coverage rate and the like and response action execution delay time records. The feedback data inherits the risk judgment logic of the composite risk index calculation module, and provides reverse verification support for multi-dimensional joint analysis of the fraud judgment result output module.
S62, generating an optimization strategy.
The optimization strategy and the weight distribution rule of the composite risk index calculation module form a dynamic mapping relation, and meanwhile, feature evolution basis is injected for the middle judgment generation process of the fraud judgment result output module. The optimization strategy specifically comprises one or more of, but is not limited to, aiming at a fraud feature mode which occurs at high frequency in real-time interception data, improving a weight proportion parameter of corresponding fraud features in a neighborhood aggregation module, reducing an identity authentication intensity feature initial confidence coefficient parameter of an associated user entity node according to a biological feature secondary authentication failure record file, extracting a common abnormal edge weight mode crossing an entity association path in a historical fraud case, reconstructing an attention calculation rule frame of a convolution module, updating hardware fingerprint entropy value feature calculation logic of a device entity node, reversely adjusting a weight distribution proportion coefficient of a static risk value, a dynamic risk value and a topology risk value by combining a false alarm rate fluctuation trend, and pertinently adjusting a response threshold sensitivity parameter of a specific fraud scene according to a fraud detection coverage rate gap distribution feature.
S63, performing parameter updating.
The execution parameter updating specifically comprises one or more of, but not limited to, injecting the adjusted characteristic weight parameters into a neighborhood aggregation module, enhancing the influence parameters of an abnormal transaction path in the characteristic propagation process, resetting the identity authentication intensity characteristic baseline standard of user entity nodes, synchronously updating the graph roll attention calculation rule framework after the dynamic heterogeneous network node attribute information base deployment reconstruction, blocking the composite risk index threshold parameters after dynamic calibration of fraud application implemented through historical vulnerabilities, realizing the collaborative optimization of high risk transaction real-time interception and normal traffic efficiency, activating the self-adaptive learning mechanism to continuously absorb novel attack mode data in fraud judgment reports, and optimizing the neural network model decision boundary parameters.
The invention provides a set of systematic solution for fusing dynamic heterogeneous network and multi-level feature optimization, and the core technical architecture comprises the following five key modules:
1. And constructing and maintaining a system of the dynamic heterogeneous network.
A multi-source association network covering user-vehicle-device-transaction-geographic nodes is constructed by integrating user biometric features, vehicle unique codes, device hardware fingerprints, transaction space-time trajectories, and Internet account behavior data. The network integrates multidimensional topological structures such as legal attribution chains, physical binding authentication chains, space-time track chains and the like, and dynamic updating is realized by adopting a version identification control and weight attenuation mechanism. And the vehicle state change and user logout behavior are monitored in real time, logic isolation is performed on the failure node, the history data interference is eliminated, and the network topology update timeliness is improved.
2. A cross-entity risk profile identification system.
Based on the bidirectional graph propagation analysis method, a transaction link of a user binding vehicle is tracked forward, and a home path of transaction association equipment is traced backward to form a cross-entity association graph. And combining short-time high-frequency transaction characteristics, hardware fingerprint entropy fluctuation and other judgment rules, and accurately identifying complex fraud modes such as space-time contradiction closed loop paths and the like. Active topology is stored in a lasting mode through a risk network snapshot mechanism, and a structured evidence chain containing core fields such as equipment tampering records, transaction path abnormal edge weights and the like is provided for judicial evidence collection.
3. A multi-level fraud feature optimization engine.
And designing a neighborhood aggregation module with attribute similarity weighting, and fusing static characteristics such as user identity authentication intensity, vehicle maintenance period and the like and dynamic characteristics such as transaction space-time jump abnormality indexes and the like. The graph convolution module enhances the detection sensitivity of the illegal transaction interval path by dynamically adjusting the attention weight, and combines the bidirectional gating circulation unit to analyze the fingerprint mutation rule and the transaction behavior deviation trend of the equipment to generate a space-time feature vector containing cross-entity association characteristics. The optimized feature vector obviously improves the distinguishing capability of the fraud mode by restraining the feature similarity and the heterogeneous feature distance.
4. Intelligent risk decision and cooperative response mechanisms.
And constructing a fusion model of a static risk value, a dynamic risk value and a topological risk value, wherein the static risk value synthesizes a user credibility score and a vehicle health index, the dynamic risk value counts transaction time conflict probability and hardware tampering risk level, and the topological risk value calculates fraud node density and trans-provincial transaction path abnormal weight. Weights are dynamically allocated based on the composite risk index of normalization processing, dynamic behavior components are strengthened aiming at path jump fraud, and static risk components are emphasized aiming at identity fraud. And matching with a three-level cooperative response strategy, namely intercepting high-risk transactions in real time, starting biological authentication, freezing abnormal accounts, unbinding equipment, permanently marking fraudulent topology, generating judicial reports, and realizing remarkable reduction of false alarm rate and optimization of response efficiency.
5. The adaptive feedback optimizes the closed loop,
And establishing an interception record, a fraud case library and a reverse learning mechanism of performance indexes, and dynamically adjusting neighborhood aggregation weights and graph convolution attention rules. The novel hardware parameter tampering attack is rapidly identified by updating the fingerprint entropy calculation logic of the device in real time, and the detection response efficiency is high. The system synchronously optimizes risk threshold parameters and model decision boundaries, ensures that normal traffic efficiency loss is at an industry leading level while maintaining high fraud detection coverage rate, and breaks through iteration lag bottleneck of a traditional model.
Referring to fig. 11-14, another embodiment of the present invention provides an ETC fraud detection method, including:
s101, constructing a dynamic heterogeneous network. Comprising the following steps:
S1011, data acquisition and node creation.
And collecting biological characteristics of a driver to generate user characteristic nodes, collecting truck engine codes to generate vehicle characteristic nodes, and collecting ETC hardware unique codes to generate equipment characteristic nodes.
Creating transaction event nodes and geographic position nodes, and establishing node initial association.
S1012, generating a relation chain.
The relation chain comprises a legal attribution chain, a physical binding chain, a dynamic updating chain and a space-time track chain, wherein the legal attribution chain is a driver node binding truck node, the physical binding chain is an initial equipment node binding truck node, the dynamic updating chain is used for generating a new binding relation chain when a driver registers a new equipment node through an unbound user, the space-time track chain is used for generating a traffic record for a truck node through the new equipment node, and transaction time and geographic position are associated.
S1013, updating the heterogeneous network in real time.
The method comprises the steps of executing logic isolation and retaining historical binding when an initial equipment node is logged off due to arrearage, updating a network version identifier after a new equipment node is activated, and recording a truck node binding change event.
S102, dynamically screening the high-risk topology. The method specifically comprises the following steps:
s1021, time-efficiency weight calculation. And (3) identifying the continuous traffic record bound by the new equipment node, and if the time sequence of the continuous traffic record presents short-time high-frequency transaction characteristics, and superposing the initial equipment arrearage log-off record, marking the record as abnormal activity after equipment replacement.
S1022, cross-entity association map extraction. The method specifically comprises the following steps:
Forward tracking, backward tracing and atlas generation. Wherein:
forward tracking, namely connecting a driver node to a truck node and then to a new equipment node;
reverse tracing, namely connecting a new transaction event node to a new equipment node and then to an unbound user node;
and generating a map, namely connecting the driver node to the truck node and then to the new equipment node, and connecting the new equipment node to the unbound user node.
S1023, judging the high-risk nodes.
Specifically, a high risk node is marked when the following two characteristics are satisfied simultaneously:
firstly, the freight car node frequently changes equipment binding in a limited time, including immediately binding new equipment after arrearage cancellation;
two, unbound user nodes are associated with only a single truck and no other vehicle usage records.
S1024, fraud topology verification.
Specifically, when the truck nodes are alternately associated with equipment nodes with different attributions, for example, the initial equipment belongs to a driver, the new equipment belongs to an unbound user, and a complete associated path snapshot of the unbound user of the new equipment of the truck of the driver is saved.
S103, optimizing behavior characteristics and quantifying risks. The method specifically comprises the following steps:
S1031, extracting multidimensional features. For example:
The method comprises the steps of extracting unbound user node characteristics with abnormal identity authentication intensity such as no driving qualification or no history transaction from a user node dimension, extracting truck node characteristics with normal maintenance period and abrupt binding relation from a truck node dimension, extracting new equipment node characteristics with brand new characteristics represented by hardware fingerprint entropy values from a new equipment node dimension, and extracting transaction event node characteristics with trans-provincial traffic immediately after the new equipment is started from a transaction event node dimension.
S1032, detecting a critical path. The method comprises the steps that a driver node indirectly associates unbound user nodes through truck nodes to form a risk diffusion path, a new transaction event is adjacent to an arrearage event in time-space but a device fingerprint is not associated, and then a time-space jump abnormality is triggered.
S1033, calculating a composite risk index.
The composite risk specifically comprises a static risk that the identity intensity of an unbound user is extremely low and a driver arrearage record is overlapped, a dynamic risk that the transaction frequency is increased rapidly and no buffer period exists after equipment is replaced, and a topological risk that a truck bound change path presents fraud diffusion characteristics.
And judging that the organized identity is fraudulent when the composite risk index breaks through a threshold value.
S104, responding to the mechanism and judging fraud. The response mechanism is specifically a three-level response mechanism:
Intercepting a current transaction and freezing an unbound user account;
A second stage of forcibly releasing the binding relation between the new equipment and the truck;
and three stages, namely tracing the space-time correlation between the arrearage behavior of the driver and the binding of the new equipment in a cross-platform manner.
S105, multi-dimensional fraud judgment.
The multi-dimensions include:
Device dimension-new device binding violates usage right rules, e.g., non-binding user has no truck usage right;
Space dimension, namely, a truck passing track is unchanged, but a payment subject is switched to an unbound user by a driver;
and the time sequence dimension is that the interval between arrearage cancellation and new equipment starting is too short, and the normal repayment period is violated.
The present invention is not limited to the above-mentioned embodiments, and any person skilled in the art, based on the technical solution of the present invention and the inventive concept thereof, can be replaced or changed within the scope of the present invention.

Claims (10)

1.一种ETC欺诈检测方法,其特征在于,包括如下步骤:1. An ETC fraud detection method, comprising the following steps: S1、采集多源数据并构建异构网络;S1, collect multi-source data and build heterogeneous networks; S2、通过双向图传播分析方法从异构网络中动态筛选高风险节点关联拓扑;S2, dynamically screening high-risk node association topologies from heterogeneous networks through bidirectional graph propagation analysis methods; S3、通过神经网络模型生成行为特征向量,并基于属性相似度加权邻域聚合与时空轨迹融合对行为特征向量进行优化,以获得优化特征向量;S3. Generate a behavior feature vector through a neural network model, and optimize the behavior feature vector based on attribute similarity weighted neighborhood aggregation and spatiotemporal trajectory fusion to obtain an optimized feature vector; S4、融合静态风险值、动态风险值与拓扑风险值生成复合风险指数,并根据复合风险指数触发分级响应机制;S4. A composite risk index is generated by integrating the static risk value, the dynamic risk value, and the topological risk value, and a hierarchical response mechanism is triggered according to the composite risk index; S5、输出包含多维评分矩阵及关联拓扑证据链的欺诈判定结果。S5. Output the fraud determination result including the multi-dimensional scoring matrix and the associated topological evidence chain. 2.根据权利要求1的方法,其特征在于,还包括:S6、基于反馈优化网络参数。2. The method according to claim 1, further comprising: S6, optimizing network parameters based on feedback. 3.根据权利要求1的方法,其特征在于,S1具体包括:S11、采集多源数据;S12建立用户与车辆之间的第一关系数据库;建立车辆与设备之间的第二关系数据库;建立交易事件与地理空间之间的第三关系数据库;建立用户与互联网账户之间的第四关系数据库;建立车辆在用户之间的归属流转的第五关系数据库;S13、创建用户实体节点、车辆实体节点、设备实体节点、交易事件节点、地理位置节点、互联网账户实体节点;S14、在用户实体节点、车辆实体节点、设备实体节点、交易事件节点、地理位置节点、互联网账户实体节点的基础上,依据第一关系数据库、第二关系数据库、第三关系数据库、第四关系数据库以及第五关系数据库生成用户与车辆之间的法定归属关系链、车辆与设备之间的物理绑定认证链、交易事件与地理空间之间的时空轨迹链、用户与互联网账户之间的关注交互链、车辆在用户之间的归属流转链,即完成异构网络的构建。3. The method according to claim 1 is characterized in that S1 specifically includes: S11, collecting multi-source data; S12 establishing a first relationship database between users and vehicles; establishing a second relationship database between vehicles and devices; establishing a third relationship database between transaction events and geographic space; establishing a fourth relationship database between users and Internet accounts; establishing a fifth relationship database for the ownership and flow of vehicles between users; S13, creating user entity nodes, vehicle entity nodes, device entity nodes, transaction event nodes, geographic location nodes, and Internet account entity nodes; S14, based on the user entity nodes, vehicle entity nodes, device entity nodes, transaction event nodes, geographic location nodes, and Internet account entity nodes, generating a legal ownership relationship chain between users and vehicles, a physical binding authentication chain between vehicles and devices, a spatiotemporal trajectory chain between transaction events and geographic space, a focus interaction chain between users and Internet accounts, and an ownership and flow chain of vehicles between users according to the first relationship database, the second relationship database, the third relationship database, the fourth relationship database, and the fifth relationship database, thereby completing the construction of a heterogeneous network. 4.根据权利要求3的方法,其特征在于,多源数据包括:用户特征数据、车辆特征数据、设备特征数据、交易特征数据以及互联网账户特征数据;用户特征数据具体为指纹或人脸;车辆特征数据具体为引擎唯一编码;设备特征数据具体为设备唯一编码;交易特征数据具体包括通行时间、地理位置以及异常交易标识;互联网账户特征数据具体为账户唯一标识或登录行为记录。4. The method according to claim 3 is characterized in that the multi-source data includes: user feature data, vehicle feature data, device feature data, transaction feature data and Internet account feature data; the user feature data is specifically fingerprint or face; the vehicle feature data is specifically engine unique code; the device feature data is specifically device unique code; the transaction feature data specifically includes travel time, geographic location and abnormal transaction identification; the Internet account feature data is specifically account unique identification or login behavior record. 5.根据权利要求3的方法,其特征在于,S1还包括:S15、实时监测车辆状态变更与用户注销行为,对失效节点进行逻辑隔离处理,定期执行网络权重衰减运算输出,从而实现带版本标识的动态网络更新记录。5. The method according to claim 3 is characterized in that S1 also includes: S15, real-time monitoring of vehicle status changes and user logout behavior, logical isolation of failed nodes, and regular execution of network weight decay calculation output, thereby realizing dynamic network update records with version identification. 6.根据权利要求1的方法,其特征在于,S2具体包括:S21、基于交易时间窗口滑动计算节点的时效性权重;S22、通过双向图传播分析方法提取跨实体关联路径;S23、判定高风险节点和高风险用户群;S24、筛选出高风险节点的关联拓扑;6. The method according to claim 1, characterized in that S2 specifically includes: S21, calculating the timeliness weight of the node based on the transaction time window sliding; S22, extracting the cross-entity association path through a bidirectional graph propagation analysis method; S23, determining high-risk nodes and high-risk user groups; S24, screening the association topology of the high-risk nodes; 其中,所述双向图传播分析方法包括:正向追踪用户绑定车辆的交易链路,反向溯源交易关联设备的归属路径,整合生成跨实体关联图谱。Among them, the two-way graph propagation analysis method includes: forward tracing the transaction link of the user-bound vehicle, reverse tracing the ownership path of the transaction-related equipment, and integrating to generate a cross-entity association graph. 7.根据权利要求1的方法,其特征在于,S2还包括:S25、保留持续活跃的节点拓扑并生成风险网络快照。7. The method according to claim 1 is characterized in that S2 further includes: S25, retaining the continuously active node topology and generating a risk network snapshot. 8.根据权利要求1的方法,其特征在于,S3具体包括:S31、从异构网络中提取多维度原始特征;S32、将多维度原始特征输入属性相似度加权的邻域聚合模块,并多层级邻域范围内进行权重调节传播,并输出包含用户-车辆-设备跨实体关联特性的中间特征向量;S33、将中间特征向量输入图卷积模块,沿交易关联边执行空间卷积操作,通过多层图卷积迭代分析,输出反映风险信号传播模式的高阶特征向量;S34、将高阶特征向量输入动态轨迹生成模块,执行时序空间融合,将时序累积特征与空间分布特征进行多维拼接,生成融合动态行为模式的时空特征向量;S35、以正常交易节点的身份认证强度、维保周期、时空分布特征构建正样本对,通过约束同类特征相似度与异类特征距离,输出具有欺诈模式判别力的优化特征向量。8. According to the method of claim 1, it is characterized in that S3 specifically includes: S31, extracting multi-dimensional original features from heterogeneous networks; S32, inputting the multi-dimensional original features into a neighborhood aggregation module with weighted attribute similarity, and performing weight adjustment propagation within a multi-level neighborhood range, and outputting an intermediate feature vector containing user-vehicle-device cross-entity association characteristics; S33, inputting the intermediate feature vector into a graph convolution module, performing spatial convolution operations along transaction association edges, and outputting a high-order feature vector reflecting the risk signal propagation pattern through multi-layer graph convolution iterative analysis; S34, inputting the high-order feature vector into a dynamic trajectory generation module, performing time-space fusion, multi-dimensionally splicing the time-series cumulative features and the spatial distribution features, and generating a spatiotemporal feature vector that integrates the dynamic behavior pattern; S35, constructing positive sample pairs based on the identity authentication strength, maintenance cycle, and spatiotemporal distribution characteristics of normal transaction nodes, and outputting an optimized feature vector with fraud pattern discrimination ability by constraining the similarity of similar features and the distance of heterogeneous features. 9.根据权利要求1的方法,其特征在于,S4具体包括:S41、从优化特征向量中提取静态特征、动态特征以及拓扑特征;S42、生成静态风险值、动态行为值以及拓扑风险值;S43、生成复合风险指数;S44、根据复合风险指数触发分级响应机制;9. The method according to claim 1, characterized in that S4 specifically comprises: S41, extracting static features, dynamic features, and topological features from the optimized feature vector; S42, generating a static risk value, a dynamic behavior value, and a topological risk value; S43, generating a composite risk index; S44, triggering a hierarchical response mechanism based on the composite risk index; 其中,生成复合风险指数包括:对静态风险值、动态风险值、拓扑风险值进行归一化处理,并基于欺诈类型动态分配权重;其中,路径跳跃欺诈类型侧重动态风险值权重,身份冒用欺诈类型侧重静态风险值权重。Among them, generating a composite risk index includes: normalizing the static risk value, dynamic risk value, and topological risk value, and dynamically allocating weights based on the fraud type; among them, the path jumping fraud type focuses on the dynamic risk value weight, and the identity impersonation fraud type focuses on the static risk value weight. 10.根据权利要求1的方法,其特征在于,S5具体包括:S51、接收来自参数更新阶段优化后的多维度判定依据输入;S52、执行多维度分析;S53、生成判定结论与证据链;S54、生成包含多维评分矩阵的欺诈判定报告。10. The method according to claim 1 is characterized in that S5 specifically includes: S51, receiving the multi-dimensional judgment basis input after optimization from the parameter update phase; S52, performing multi-dimensional analysis; S53, generating a judgment conclusion and a chain of evidence; S54, generating a fraud judgment report including a multi-dimensional scoring matrix.
CN202510942929.4A 2025-07-09 2025-07-09 ETC fraud detection method Active CN120493249B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510942929.4A CN120493249B (en) 2025-07-09 2025-07-09 ETC fraud detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510942929.4A CN120493249B (en) 2025-07-09 2025-07-09 ETC fraud detection method

Publications (2)

Publication Number Publication Date
CN120493249A true CN120493249A (en) 2025-08-15
CN120493249B CN120493249B (en) 2025-09-23

Family

ID=96679067

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510942929.4A Active CN120493249B (en) 2025-07-09 2025-07-09 ETC fraud detection method

Country Status (1)

Country Link
CN (1) CN120493249B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8666841B1 (en) * 2007-10-09 2014-03-04 Convergys Information Management Group, Inc. Fraud detection engine and method of using the same
US20150039512A1 (en) * 2014-08-08 2015-02-05 Brighterion, Inc. Real-time cross-channel fraud protection
US10515366B1 (en) * 2013-12-24 2019-12-24 EMC IP Holding Company LLC Network neighborhood topology as a predictor for fraud and anomaly detection
CN117649301A (en) * 2023-10-17 2024-03-05 厦门理工学院 Medical insurance fraud detection method, device, equipment and readable storage medium
CN117975576A (en) * 2024-01-29 2024-05-03 华南理工大学 Feature clustering face fraud detection method and system based on prototype learning and cosine similarity
CN119357787A (en) * 2024-12-30 2025-01-24 北京网藤科技有限公司 Method and system for intelligent auxiliary diagnosis and maintenance based on multi-channel recall
CN119479093A (en) * 2024-10-10 2025-02-18 重庆移通学院 A method for monitoring OBU status in highway ETC system
CN119991133A (en) * 2025-04-11 2025-05-13 北京嘉华铭品牌策划有限公司 Transaction fraud risk prediction method and system based on user behavior logic
CN120125355A (en) * 2025-05-13 2025-06-10 易点无忧(北京)网络科技有限责任公司 A vehicle mutual compensation method and system based on multimodal data fusion

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8666841B1 (en) * 2007-10-09 2014-03-04 Convergys Information Management Group, Inc. Fraud detection engine and method of using the same
US10515366B1 (en) * 2013-12-24 2019-12-24 EMC IP Holding Company LLC Network neighborhood topology as a predictor for fraud and anomaly detection
US20150039512A1 (en) * 2014-08-08 2015-02-05 Brighterion, Inc. Real-time cross-channel fraud protection
CN117649301A (en) * 2023-10-17 2024-03-05 厦门理工学院 Medical insurance fraud detection method, device, equipment and readable storage medium
CN117975576A (en) * 2024-01-29 2024-05-03 华南理工大学 Feature clustering face fraud detection method and system based on prototype learning and cosine similarity
CN119479093A (en) * 2024-10-10 2025-02-18 重庆移通学院 A method for monitoring OBU status in highway ETC system
CN119357787A (en) * 2024-12-30 2025-01-24 北京网藤科技有限公司 Method and system for intelligent auxiliary diagnosis and maintenance based on multi-channel recall
CN119991133A (en) * 2025-04-11 2025-05-13 北京嘉华铭品牌策划有限公司 Transaction fraud risk prediction method and system based on user behavior logic
CN120125355A (en) * 2025-05-13 2025-06-10 易点无忧(北京)网络科技有限责任公司 A vehicle mutual compensation method and system based on multimodal data fusion

Also Published As

Publication number Publication date
CN120493249B (en) 2025-09-23

Similar Documents

Publication Publication Date Title
CN118365334B (en) Payment safety identification method and system of payment terminal
Jayasree et al. Money laundering regulatory risk evaluation using bitmap index-based decision tree
CN119538269B (en) Method and system for realizing electronic channel wind control treatment based on code insertion technology
CN118133321B (en) Data asset data safety maintenance system based on data in database
CN117593155B (en) Block chain-based land yielding contract management method and system
Kumar et al. Crime activities prediction system in video surveillance by an optimized deep learning framework
CN120046966B (en) AI-based internal control process optimization and supervision method and system for administrative institutions
CN118710224B (en) Enterprise platform safety management method and system based on artificial intelligence
CN120013494B (en) Electronic contract approval management system
CN120297500A (en) Bank network risk control optimization method and system based on traffic behavior analysis
CN118840872B (en) Road flow analysis method and system based on edge calculation
CN120493249B (en) ETC fraud detection method
CN119906701A (en) A PaaS-based microservice full-link grayscale traffic management system and method
Boehmer Analyzing human behavior using case-based reasoning with the help of forensic questions
CN118365457B (en) Block chain-based decentralized financial platform
Yu et al. Dynamic threat weight of network security communication based on multisource data analysis
CN120086098B (en) File storage real-time monitoring method and system
CN119694160B (en) Underground garage intelligent management system based on blockchain
CN119886841B (en) Electronic security flow management and risk management and control system based on blockchain
Holmes Automated investigations: The role of the request filter in communications data analysis
CN120687492A (en) Data processing method, device, electronic device, medium and program product
CN119476255A (en) A method for atomic operation and assembly of big data legal supervision model
CN119885129A (en) Method, device and medium for preventing electronic cattle behaviors
CN120598342A (en) Enterprise employee behavior analysis and safety risk early warning monitoring method and system
CN120598568A (en) Recharging behavior anomaly monitoring system based on big data and artificial intelligence

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant