Detailed Description
In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Based on this, in order to improve the efficiency and accuracy of transaction risk monitoring and enable cross-institution transaction risk monitoring, embodiments of the present application provide a transaction risk monitoring apparatus, which may be a server or a client device, where the client device may include a smart phone, a tablet electronic device, a network set-top box, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), a vehicle-mounted device, a smart wearable device, and so on. Wherein, intelligent wearing equipment can include intelligent glasses, intelligent wrist-watch and intelligent bracelet etc..
In practical applications, the part for monitoring transaction risk may be performed on the server side as described above, or all operations may be performed in the client device. Specifically, the selection may be made according to the processing capability of the client device, and restrictions of the use scenario of the user. The application is not limited in this regard. If all operations are done in the client device, the client device may also include a processor.
The client device may have a communication module (i.e. a communication unit) and may be connected to a remote server in a communication manner, so as to implement data transmission with the server. The server may include a server on the side of the task scheduling center, and in other implementations may include a server of an intermediate platform, such as a server of a third party server platform having a communication link with the task scheduling center server. The server may comprise a single computer device, a server cluster formed by a plurality of servers, or a server structure of a distributed device.
Any suitable network protocol may be used for communication between the server and the client device, including those not yet developed on the filing date of the present application. The network protocols may include, for example, TCP/IP protocol, UDP/IP protocol, HTTP protocol, HTTPS protocol, etc. Of course, the network protocol may also include, for example, RPC protocol (Remote Procedure Call Protocol ), REST protocol (Representational STATE TRANSFER) or the like used above the above-described protocol.
The following examples are presented in detail.
As shown in fig. 1, in order to improve the efficiency and accuracy of transaction risk monitoring and enable cross-institution transaction risk monitoring, the embodiment provides a transaction risk monitoring method in which an execution subject is a transaction risk monitoring device, which specifically includes the following contents:
step 100: the application jume log collection component sends the user operation information set to flink the data stream processing component via kafka message middleware.
Specifically, the user operation information set includes operation information of a plurality of users, and the operation information includes: logging json request information, employee numbers, institution numbers, keys and operation time information; the kafka message middleware is a distributed message middleware for caching and transmitting the user operation information set; the kafka message middleware is used as a distributed high-throughput message middleware for caching and transmitting sent operation information of the front-end user.
Step 200: and generating the wind control index corresponding to the user operation information set based on the flink data flow processing component and a Drools rule engine.
Specifically, the Drools rule engine can decouple codes and business logic, support Chinese, and improve convenience of rule writing; dynamic rule loading is supported and rules can be adjusted online. After the data stream reaches flink the data stream processing component through the kafka message middleware, simple event and complex event decomposition are analyzed and accumulated according to the current Drools rule engine, and the result is fed back to the transaction risk monitoring device. For example, after the system detects that the user has continuously input the wrong password for 5 times, the system triggers the wind control rule for freezing the account login, and meanwhile, the transaction risk monitoring device stores the related information of the account into the redis or hbase wind control index storage component for front-end query.
Step 300: and receiving a transaction request instruction, and performing risk monitoring on a transaction process corresponding to the transaction request instruction according to the wind control index.
Referring to fig. 2, in order to further improve the reliability of the data in the transaction risk monitoring process, in an embodiment of the present application, before step 100, the method further includes:
Step 001: and the application log component stores the operation information of the plurality of users into an application log to obtain the user operation information set.
In order to improve flexibility, accuracy and application scenario of transaction risk monitoring, in one embodiment of the present application, before step 300, the method further includes: and updating the wind control rule in the Drools rule engine according to a preset wind control adjustment rule.
Specifically, the wind control adjustment rule includes: the external environment data regulation rule and the manual regulation data rule can be set according to actual needs. Before executing the transaction process corresponding to the transaction request instruction, the transaction request information is sent to a transaction risk monitoring device, the transaction risk monitoring device is applied to judge whether a wind control index corresponding to the transaction request information exists in a redis/hbase wind control index storage component, if so, the transaction request information is intercepted, whether the transaction process corresponding to the transaction request instruction exists in the transaction risk or not is judged according to the wind control index, and if not, the transaction process corresponding to the transaction request instruction is continuously executed. For example, the previous request is a login operation request, the login operation request is sent to a corresponding transaction risk monitoring device before login, the transaction risk monitoring device searches whether the freezing account wind control index of account information in the login operation request to drinks exists in a redis/hbase wind control index storage component, if yes, interception is performed, and if not, the next operation is continued.
In order to improve the efficiency and accuracy of transaction risk monitoring and to enable cross-institution transaction risk monitoring, the present application provides an embodiment of a transaction risk monitoring device for implementing all or part of the content in the transaction risk monitoring method, referring to fig. 3, where the transaction risk monitoring device specifically includes:
the transmission module 10 is configured to apply the flime log acquisition component and send the user operation information set to the flink data flow processing component via the kafka message middleware.
And the wind control index generation module 20 is used for generating wind control indexes corresponding to the user operation information set based on the flink data flow processing component and the Drools rule engine.
The risk monitoring module 30 is configured to receive a transaction request instruction, and perform risk monitoring on a transaction process corresponding to the transaction request instruction according to the wind control indicator.
Referring to fig. 4, in one embodiment of the present application, the transaction risk monitoring device further includes: the storage module 40 is configured to store operation information of a plurality of users in an application log by using the application log component, so as to obtain the user operation information set.
In one embodiment of the application, the kafka message middleware is a distributed message middleware that caches and transmits the set of user operation information.
In one embodiment of the present application, the transaction risk monitoring device further includes: and the updating module is used for updating the wind control rule in the Drools rule engine according to the preset wind control adjustment rule.
The embodiment of the transaction risk monitoring device provided in the present disclosure may be specifically used to execute the process flow of the embodiment of the transaction risk monitoring method, and the functions thereof are not described herein again, and reference may be made to the detailed description of the embodiment of the transaction risk monitoring method.
In order to further explain the scheme, the application also provides a specific application example of the transaction risk monitoring device, referring to fig. 5, in the specific application example, the website channel application cluster includes a core transaction component, a log component and a FUME log acquisition component, the real-time data wind control system can realize transaction data acquisition, wind control index judgment and Hbase/dis wind control index storage, the wind control index analysis system can realize external data access, and the monitoring index analysis and monitoring rule optimization, and specifically includes the following contents:
The application writes all user operation information into an application log through a log component, and a flime log acquisition component sends the user operation information to a kafka message middleware; and carrying out rule engine-based data calculation on the data stream by using the flink data stream processing component, and delivering calculation result indexes to an index storage component of the real-time data wind control system according to related rules to complete index accumulation once.
Before the core transaction component makes an actual request, the transaction risk monitoring device needs to submit request data to the wind control system, and the wind control system judges whether the operation is released or not according to real-time wind control indexes and wind control rules generated by depending on data flow, and feeds back the result to the front-end application to complete real-time wind control interception. And simultaneously, the result is also fed back to the wind control index analysis system.
Specifically, for high risk operations requiring immediate interception, a real-time wind control index is generated after the data stream flows through the rule engine, for example, the wind control rule definitely corresponds to the same user, and the a-B-C transaction cannot continuously occur, then when the a-B transaction is detected in the data stream, information is delivered to the wind control component, the target user is informed that the C transaction cannot be generated any more, and the C transaction request of the target user is intercepted when passing through the wind control component. For non-necessary truncated low risk operations, after the data stream flows through the rules engine, this operation information is stored in a database for subsequent data analysis. The feedback of the result to the wind control index analysis system is that the feedback to the front end is accomplished by requesting the wind control component in the transaction section of the front end.
The wind control index analysis system is connected with an external data access component, so that the wind control index judgment result of the current day is required to be connected, and external environment data and manual adjustment data are required to be connected; the monitoring index analysis component can optimize the monitoring rules through the integrated analysis of the data and submit the monitoring rules to the rule engine to correct the wind control rules in time.
As can be seen from the above description, the transaction risk monitoring method and device provided by the application improve the efficiency and accuracy of transaction risk monitoring, and can realize cross-institution transaction risk monitoring; specifically, risk transactions generated by the network sites can be monitored in real time, and the risk transactions are interrupted and early warned in time; real-time data gathering and distributing are realized in the distributed system, and risk transactions across institutions can be effectively monitored.
In order to improve the efficiency and accuracy of transaction risk monitoring and to enable cross-institution transaction risk monitoring, the application provides an embodiment of an electronic device for implementing all or part of the content in the transaction risk monitoring method, wherein the electronic device specifically comprises the following contents:
A processor (processor), a memory (memory), a communication interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete communication with each other through the bus; the communication interface is used for realizing information transmission between the transaction risk monitoring device and related equipment such as a user terminal; the electronic device may be a desktop computer, a tablet computer, a mobile terminal, etc., and the embodiment is not limited thereto. In this embodiment, the electronic device may be implemented with reference to an embodiment for implementing the transaction risk monitoring method and an embodiment for implementing the transaction risk monitoring device, and the contents thereof are incorporated herein, and are not repeated here.
Fig. 6 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present application. As shown in fig. 6, the electronic device 9600 may include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this fig. 6 is exemplary; other types of structures may also be used in addition to or in place of the structures to implement telecommunications functions or other functions.
In one or more embodiments of the application, the transaction risk monitoring function may be integrated into the central processor 9100. The central processor 9100 may be configured to perform the following control:
step 100: the application jume log collection component sends the user operation information set to flink the data stream processing component via kafka message middleware.
Step 200: and generating the wind control index corresponding to the user operation information set based on the flink data flow processing component and a Drools rule engine.
Step 300: and receiving a transaction request instruction, and performing risk monitoring on a transaction process corresponding to the transaction request instruction according to the wind control index.
From the above description, it can be seen that the electronic device provided by the embodiment of the application can improve the efficiency and accuracy of transaction risk monitoring, and can realize cross-institution transaction risk monitoring.
In another embodiment, the transaction risk monitoring device may be configured separately from the central processor 9100, for example, the transaction risk monitoring device may be configured as a chip connected to the central processor 9100, and the transaction risk monitoring function is implemented by control of the central processor.
As shown in fig. 6, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 need not include all of the components shown in fig. 6; in addition, the electronic device 9600 may further include components not shown in fig. 6, and reference may be made to the related art.
As shown in fig. 6, the central processor 9100, sometimes also referred to as a controller or operational control, may include a microprocessor or other processor device and/or logic device, which central processor 9100 receives inputs and controls the operation of the various components of the electronic device 9600.
The memory 9140 may be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information about failure may be stored, and a program for executing the information may be stored. And the central processor 9100 can execute the program stored in the memory 9140 to realize information storage or processing, and the like.
The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or touch input device. The power supply 9170 is used to provide power to the electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, but not limited to, an LCD display.
The memory 9140 may be a solid state memory such as Read Only Memory (ROM), random Access Memory (RAM), SIM card, and the like. But also a memory which holds information even when powered down, can be selectively erased and provided with further data, an example of which is sometimes referred to as EPROM or the like. The memory 9140 may also be some other type of device. The memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage 9142, the application/function storage 9142 for storing application programs and function programs or a flow for executing operations of the electronic device 9600 by the central processor 9100.
The memory 9140 may also include a data store 9143, the data store 9143 for storing data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers of the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, address book applications, etc.).
The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. A communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, as in the case of conventional mobile communication terminals.
Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, etc., may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and to receive audio input from the microphone 9132 to implement usual telecommunications functions. The audio processor 9130 can include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100 so that sound can be recorded locally through the microphone 9132 and sound stored locally can be played through the speaker 9131.
As can be seen from the above description, the electronic device provided by the embodiment of the application can improve the efficiency and accuracy of transaction risk monitoring, and can realize cross-institution transaction risk monitoring.
An embodiment of the present application also provides a computer-readable storage medium capable of implementing all the steps in the transaction risk monitoring method in the above embodiment, the computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements all the steps in the transaction risk monitoring method in the above embodiment, for example, the processor implementing the following steps when executing the computer program:
step 100: the application jume log collection component sends the user operation information set to flink the data stream processing component via kafka message middleware.
Step 200: and generating the wind control index corresponding to the user operation information set based on the flink data flow processing component and a Drools rule engine.
Step 300: and receiving a transaction request instruction, and performing risk monitoring on a transaction process corresponding to the transaction request instruction according to the wind control index.
As can be seen from the above description, the computer readable storage medium provided by the embodiments of the present application can improve the efficiency and accuracy of transaction risk monitoring, and can realize cross-institution transaction risk monitoring.
The embodiments of the method of the present application are described in a progressive manner, and similar parts of the embodiments are mutually referred to, and each embodiment focuses on the differences from the other embodiments. For relevance, see the description of the method embodiments.
It will be appreciated by those skilled in the art that embodiments of the application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principles and embodiments of the present application have been described in detail with reference to specific examples, which are provided to facilitate understanding of the method and core ideas of the present application; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.