Data processing method, apparatus and device

By generating second-behavioral data with low similarity and using a causal inference model to generate feature vectors, adversarial training of the risk identification model solves the problem of poor accuracy in risk identification models and achieves higher identification accuracy and robustness.

CN115204395BActive Publication Date: 2026-06-09ALIPAY (HANGZHOU) INFORMATION TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ALIPAY (HANGZHOU) INFORMATION TECH CO LTD
Filing Date
2022-06-21
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Because risk scenarios change rapidly and there is limited sample data, the accuracy of the risk identification model trained on the system is poor.

Method used

By acquiring the behavioral data and risk labels of the first object, generating the second behavioral data with a similarity less than the preset similarity, generating feature vectors using a pre-trained causal inference model, and determining the risk labels as the risk labels of the feature vectors, the risk identification model constructed by the deep learning algorithm is subjected to adversarial training to obtain the trained risk identification model.

Benefits of technology

It improves the accuracy and robustness of the risk identification model, ensures the pattern invariance of the generated sample data, avoids the noise data problem introduced by data augmentation methods, and enhances the accuracy and interpretability of risk identification.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115204395B_ABST
    Figure CN115204395B_ABST
Patent Text Reader

Abstract

Embodiments of the present specification provide a data processing method, device and equipment, the method comprises: obtaining first behavior data of a first object and a risk label of the first object; generating second behavior data based on the first behavior data; obtaining a first feature vector corresponding to the second behavior data based on a pre-trained causal inference model and the second behavior data, the first feature vector being a feature vector capable of representing the correlation between different data in the second behavior data, generated by the pre-trained causal inference model based on the dependency relationship between different data in the second behavior data; determining the risk label of the first object as the risk label of the first feature vector, and performing adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector to obtain a trained risk identification model.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This document relates to the field of data processing technology, and in particular to a data processing method, apparatus and equipment. Background Technology

[0002] With the continuous development of computer technology, terminal devices have become necessities for people's lives and work. Terminal devices can provide users with more and more services. In order to ensure the information security of users, risk identification models can be used to identify whether there are risks in the business triggered by users.

[0003] However, due to the rapid changes in risk scenarios and the limited sample data, the accuracy of the trained risk identification model is poor. Therefore, a solution is needed to improve the accuracy of the risk identification model. Summary of the Invention

[0004] The purpose of the embodiments in this specification is to provide a solution that can improve the identification accuracy of risk identification models.

[0005] To achieve the above technical solution, the embodiments in this specification are implemented as follows:

[0006] In a first aspect, embodiments of this specification provide a data processing method, the method comprising: acquiring first behavioral data of a first object and a risk label of the first object; generating second behavioral data based on the first behavioral data, wherein the similarity between the second behavioral data and the first behavioral data is less than a preset similarity; obtaining a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data, wherein the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, capable of characterizing the correlation between different data within the second behavioral data; determining the risk label of the first object as the risk label of the first feature vector, and performing adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector, thereby obtaining a trained risk identification model, wherein the trained risk identification model is used to perform risk identification processing on a target object to be identified, thereby obtaining a risk identification result for the target object.

[0007] Secondly, embodiments of this specification provide a data processing apparatus, comprising: a first acquisition module, configured to acquire first behavioral data of a first object and a risk label of the first object; a data generation module, configured to generate second behavioral data based on the first behavioral data, wherein the similarity between the second behavioral data and the first behavioral data is less than a preset similarity; a vector determination module, configured to obtain a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data, wherein the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, capable of characterizing the correlation between different data within the second behavioral data; and a first training module, configured to determine the risk label of the first object as the risk label of the first feature vector, and perform adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector, thereby obtaining a trained risk identification model, wherein the trained risk identification model is used to perform risk identification processing on a target object to be identified, thereby obtaining a risk identification result for the target object.

[0008] Thirdly, embodiments of this specification provide a data processing device, comprising: a processor; and a memory arranged to store computer-executable instructions, wherein the executable instructions, when executed, cause the processor to: acquire first behavioral data of a first object and a risk label of the first object; generate second behavioral data based on the first behavioral data, wherein the similarity between the second behavioral data and the first behavioral data is less than a preset similarity; obtain a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data, wherein the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, capable of characterizing the correlation between different data within the second behavioral data; determine the risk label of the first object as the risk label of the first feature vector, and perform adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector, thereby obtaining a trained risk identification model, wherein the trained risk identification model is used to perform risk identification processing on a target object to be identified, thereby obtaining a risk identification result for the target object.

[0009] Fourthly, embodiments of this specification provide a storage medium for storing computer-executable instructions. When executed, these instructions implement the following process: acquiring first behavioral data of a first object and a risk label of the first object; generating second behavioral data based on the first behavioral data, wherein the similarity between the second behavioral data and the first behavioral data is less than a preset similarity; obtaining a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data, wherein the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, capable of characterizing the correlation between different data within the second behavioral data; determining the risk label of the first object as the risk label of the first feature vector; and performing adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector to obtain a trained risk identification model, wherein the trained risk identification model is used to perform risk identification processing on a target object to be identified, thereby obtaining a risk identification result for the target object. Attached Figure Description

[0010] To more clearly illustrate the technical solutions in the embodiments or prior art of this specification, the drawings used in the description of the embodiments or prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in this specification. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0011] Figure 1A This is a flowchart illustrating an embodiment of a data processing method described in this specification;

[0012] Figure 1B This is a schematic diagram illustrating the processing procedure of one data processing method described in this specification;

[0013] Figure 2 This is a schematic diagram illustrating the processing procedure of another data processing method described in this specification;

[0014] Figure 3 This is a schematic diagram of a Bayesian causal graph as described in this specification;

[0015] Figure 4 This is a schematic diagram of a data processing method described in this specification;

[0016] Figure 5 This is a schematic diagram of the structure of an embodiment of a data processing device according to this specification;

[0017] Figure 6 This is a schematic diagram of the structure of a data processing device described in this specification. Detailed Implementation

[0018] This specification provides a data processing method, apparatus, and device through its embodiments.

[0019] To enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this specification, and not all embodiments. Based on the embodiments in this specification, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of this specification.

[0020] Example 1

[0021] like Figure 1A and 1B As shown in the embodiments of this specification, a data processing method is provided. The execution subject of this method can be a terminal device or a server. The terminal device can be a mobile terminal device such as a mobile phone or tablet computer, and the server can be a standalone server or a server cluster composed of multiple servers. Specifically, the method may include the following steps:

[0022] In S102, the first behavior data of the first object and the risk label of the first object are obtained.

[0023] The first object may include a business object and / or an account object. The first behavioral data of the first object may include behavioral data corresponding to the first object within a preset update cycle. For example, the first object may include a resource transfer business and / or the user who triggered the resource transfer business. If the first object includes a resource transfer business, the first behavioral data of the first object may include data such as the user identifier of the user who triggered the resource transfer business in the past month, the time of resource transfer, and the quantity of resource transfer. If the first object includes the user who triggered the resource transfer business, the first behavioral data of the first object may include data such as the type of business related to the resource transfer business triggered by the user in the past month and the time of triggering. The risk label of the first object can be a 0-1 label, that is, a label of 0 indicates that the first object has no risk, and a label of 1 indicates that the first object has risk.

[0024] In practice, with the continuous development of computer technology, terminal devices have become necessities for people's lives and work. These devices can provide users with an increasing number of services. To ensure user information security, risk identification models can be used to identify whether user-triggered business operations pose risks. To address the rapidly changing nature of risk scenarios and the limited amount of sample data, data augmentation can be used to construct a training sample dataset to update the risk identification model. However, constructing a training sample dataset through data augmentation can easily introduce noisy data, causing data pollution. This leads to poor accuracy of the risk identification model trained on this dataset. Therefore, a solution is needed to improve the accuracy of the risk identification model.

[0025] like Figure 1B As shown, taking the receiving device as the server and the sending device as the terminal device, with the first object including the account object as an example, the server can receive the first line data corresponding to multiple accounts (i.e., the first object) within a preset update period sent by multiple terminal devices. For example, the first line data received by the server may include the number of login transactions, resource transfer transactions, and information update transactions triggered by account 1 in the past month sent by terminal device 1, and the number of login transactions, resource transfer transactions, and information update transactions triggered by account 2 in the past month sent by terminal device 2, etc.

[0026] In addition, the server can receive the risk label of the first object sent by the terminal device (such as the risk label of the first object determined by the terminal device based on the first behavior data of the first object and the pre-trained risk identification model, etc.), or the risk label of the first object determined by the server based on the first behavior data of the first object received, or the risk label of the first object can also be a risk label marked by humans, such as the risk label of the first object can be a risk label determined by relevant staff based on the historical behavior data of the first object.

[0027] In addition, the first behavior data and risk label of the first object can also be data pre-stored in the server. The server can obtain the stored first behavior data and risk label of the first object based on a preset update cycle.

[0028] The data type and acquisition method of the first row of the first object mentioned above are optional and implementable methods of determination. In actual application scenarios, there can be a variety of different data types and acquisition methods. Different data types and acquisition methods can be selected according to different actual application scenarios. This specification does not specifically limit this in the embodiments.

[0029] In S104, the second row of data is generated based on the first row of data.

[0030] The similarity between the second row of data and the first row of data can be less than the preset similarity.

[0031] In implementation, a model can be constructed based on pre-trained behavioral data to generate second behavioral data with a similarity to the first behavioral data that is less than a preset similarity. The behavioral data model can be trained on a model constructed by a machine learning algorithm based on historical first behavioral data and historical second behavioral data.

[0032] For example, suppose the first behavioral data is (5, 6, 2), which means that the first object (e.g., account 1) triggered login transactions 5 times, resource transfer transactions 6 times, and information update transactions 2 times in the past month. Inputting this first behavioral data into a pre-trained behavioral data construction model, the generated second behavioral data can be (4, 8, 0). The similarity between the first behavioral data (5, 6, 2) and the second behavioral data (4, 8, 0) can be (4+8+1) / (5+6+2) = 0.92, and the preset similarity can be 0.8.

[0033] Furthermore, the above-mentioned method for generating the second line data and the method for determining the similarity between the second line data and the first line data are optional and implementable generation and determination methods. In actual application scenarios, there can be a variety of different generation and determination methods. Different generation and determination methods can be selected according to different actual application scenarios. This specification does not specifically limit these methods in the embodiments.

[0034] In S106, based on the pre-trained causal inference model and the second action data, the first feature vector corresponding to the second action data is obtained.

[0035] The first feature vector can be a feature vector generated by a pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, which can characterize the correlation between different data within the second behavioral data. The causal inference model can be a model built based on a preset machine learning algorithm to analyze the response of the outcome variable when its cause variable changes, that is, the response of the first feature vector of the second behavioral data when the second behavioral data changes.

[0036] In implementation, a causal inference model can be used to analyze the dependencies between different data points within the second row of data, obtaining a first feature vector that characterizes the correlation between these different data points. For example, assuming the second row of data includes sub-data 1, sub-data 2, and sub-data 3, a causal inference model can be used to analyze the dependencies between these three sub-data points, obtaining multiple first feature vectors that characterize the correlation between them. For instance, a first feature vector 1 characterizing the correlation between sub-data 1 and sub-data 2, a first feature vector 2 characterizing the correlation between sub-data 2 and sub-data 3, and a first feature vector 3 characterizing the correlation between sub-data 1, sub-data 2, and sub-data 3 can be obtained.

[0037] In S108, the risk label of the first object is determined as the risk label of the first feature vector, and adversarial training is performed on the risk identification model constructed by the deep learning algorithm based on the first feature vector and the risk label of the first feature vector to obtain the trained risk identification model.

[0038] The trained risk identification model can be used to perform risk identification processing on the target object to be identified, and obtain the risk identification result for the target object. The risk identification model can be constructed by a variety of different deep learning algorithms, and different deep learning algorithms can be selected according to different scenario requirements. For example, the risk identification model can be a model built based on the Convolutional Neural Networks (CNN) algorithm, or a model built based on the Long Short-Term Memory (LSTM) algorithm, etc.

[0039] In implementation, the risk label of the first object can be determined as the risk label of the first feature vector. Since the second behavioral data is generated based on the first behavioral data and has a low similarity to the first behavioral data (e.g., it can be below a preset threshold), the risk identification model can be trained adversarially using the second behavioral data. That is, by finding potential threats to the model, an adversarial strategy can be established to build a secure risk identification model and enhance the robustness of the risk identification model.

[0040] A first feature vector can be added to a pre-set training sample set to achieve adversarial training of the risk identification model, resulting in a trained risk identification model. Furthermore, since the second behavioral data is generated based on the first behavioral data and can act as interference, and the risk labels of the second behavioral data and the first behavioral data are the same, the number of samples can be continuously expanded through the generation method of the second behavioral data. This ensures the invariance of the data pattern (such as data structure and representation meaning) between the generated sample data (i.e., the second behavioral data) and the original sample data (i.e., the first behavioral data). For example, assuming the first behavioral data is (5, 6, 2), meaning the first object triggered 5 login transactions, 6 resource transfer transactions, and 2 information update transactions in the past month, the second behavioral data generated based on this first behavioral data could be (4, 8, 0). This means the generated second behavioral data can represent 4 login transactions, 8 resource transfer transactions, and 0 information update transactions in the past month. Therefore, the generated second behavioral data has the same data pattern as the first behavioral data. In addition, it can avoid the problem of excessive noise and lack of interpretability of the samples caused by building training sample datasets through data augmentation.

[0041] After obtaining the trained risk identification model, such as Figure 1B As shown, taking the receiving device as the server and the sending device as the terminal device as an example, the server can also send the risk identification model to the terminal device, so that the terminal device can perform risk identification processing on the target object to be identified based on the trained risk identification model, and obtain the risk identification result for the target object. Alternatively, the terminal device can also send the target object to be identified to the server, so that the server can perform risk identification processing on the target object to be identified based on the trained risk identification model, obtain the risk identification result for the target object, and return the risk identification result to the terminal device.

[0042] This specification provides a data processing method, which involves acquiring first behavioral data and a risk label of a first object, generating second behavioral data based on the first behavioral data, wherein the similarity between the second behavioral data and the first behavioral data is less than a preset similarity, obtaining a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data, wherein the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, and determining the risk label of the first object as the risk label of the first feature vector, and performing adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector, thereby obtaining a trained risk identification model, which can be used to perform risk identification processing on the target object to be identified, and obtain a risk identification result for the target object. Thus, since the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second row of data, which can characterize the correlation between different data within the second row of data, the sample data used to train the risk identification model (i.e., the first feature vector) can characterize the correlation between different data within the second row of data and has sample interpretability. Therefore, based on the first feature vector and the risk label of the first feature vector, the risk identification model constructed by the deep learning algorithm is adversarially trained, and the resulting trained risk identification model has strong robustness. That is, by using the trained risk identification model to perform risk identification processing on the target object to be identified, the accuracy of the risk identification result for the target object is high.

[0043] Example 2

[0044] like Figure 2 As shown in the embodiments of this specification, a data processing method is provided. The execution subject of this method can be a terminal device or a server. The terminal device can be a mobile terminal device such as a mobile phone or tablet computer, and the server can be a standalone server or a server cluster composed of multiple servers. Specifically, the method may include the following steps:

[0045] In S102, the first behavior data of the first object and the risk label of the first object are obtained.

[0046] In S104, the second row of data is generated based on the first row of data.

[0047] The similarity between the second row of data and the first row of data can be less than the preset similarity.

[0048] In implementation and practical applications, the processing method of S316 above can be varied. The following is one optional implementation method, which can be found in steps A1 to A2 below:

[0049] In A1, retrieve multiple attribute data from the first row of data.

[0050] The first set of attribute data may include the quantity of data that can represent the first set of data. For example, if the first set of data is the transfer behavior data of an account in the past month, the first set of attribute data may include the time, amount, and recipient of each transfer in the past month. In addition, the first set of data may also include attribute data of behaviors that have a preset relationship with the transfer behavior. For example, the first set of data may also include attribute data of login behavior, such as the time, location, and login device information of each login in the past month.

[0051] In A2, the attribute data is transformed based on the preset transformation rules to obtain the transformed attribute data, and the second row of data is determined based on the transformed attribute data.

[0052] In practice, for example, a preset transformation range corresponding to each attribute data can be obtained, and a data point can be randomly selected from the preset transformation range. The attribute data can then be replaced based on the randomly selected data to obtain the transformed attribute data.

[0053] For example, taking the first row of data as (5, 6, 2), (5, 6, 2) means that account 1 triggered 5 login transactions, 6 resource transfer transactions, and 2 information update transactions within the past month. Assuming the preset transformation range corresponding to the number of login transactions is no less than the number of login transactions and no more than the number of login transactions plus 10, that is, the preset transformation range corresponding to triggering 5 login transactions can be no less than 5 and no more than 15, then a data point can be randomly selected within this range, and the original attribute data can be replaced based on this data to obtain the transformed attribute data. For example, the number of login transactions could be 8.

[0054] The method for determining the attribute data after the above transformation is an optional and implementable method. In actual application scenarios, there can be a variety of different methods. Different methods can be selected according to different actual application scenarios. This specification does not specifically limit this method in the embodiments.

[0055] Behavioral data can be constructed based on the transformed attribute data. If the similarity between the constructed behavioral data and the first behavioral data is not less than the preset similarity, the attribute data can be transformed again based on the preset transformation rules to obtain the transformed attribute data. Behavioral data can then be constructed based on the transformed attribute data until the similarity between the constructed behavioral data and the first behavioral data is less than the preset similarity. Behavioral data whose similarity to the first behavioral data is less than the preset similarity is identified as the second behavioral data.

[0056] The above-mentioned S316 can be processed in various ways. The following is one optional implementation method, which can be found in step B1 below:

[0057] In B1, adversarial action data corresponding to the first action data is generated based on the pre-trained generative adversarial network model and the first action data, and the adversarial action data is identified as the second action data.

[0058] Among them, the generative adversarial network model can be obtained by training a model built by a deep learning algorithm based on historical behavioral data.

[0059] In implementation, a generative adversarial network model can include a generation module and a discriminator module. The generation module can obtain generated action data by fitting the first action data, and the discriminator module can discriminate between the generated action data and the first action data to obtain second action data whose similarity to the first action data is less than a preset similarity.

[0060] In S202, historical behavior data of historical objects and historical feature vectors corresponding to historical behavior data are obtained.

[0061] Historical objects can include historical transactions and / or historical accounts.

[0062] In practice, a pre-trained feature extraction model can be used to extract features from the historical behavior data of historical objects, thereby obtaining the historical feature vector corresponding to the historical behavior data.

[0063] In addition, to improve the accuracy of risk identification in preset scenarios, different historical objects can be selected according to the different target objects to be identified. For example, if the target object to be identified is a certain business, the corresponding historical business can be selected as the historical object. Similarly, if the target object to be identified is a certain account, the historical account can be obtained as the historical object.

[0064] In S204, the causal inference model constructed by the Bayesian network is trained based on historical behavioral data and historical feature vectors to obtain the trained causal inference model.

[0065] Bayesian networks represent causal features as networks through directed graphs, and then predict the probability of complex and uncertain events by performing probabilistic inference.

[0066] In implementation, Bayesian causal graphs can be generated from historical behavioral data. Partially generated Bayesian causal graphs can be used as follows: Figure 3 As shown, A, B, and C can be the root causes that constitute different historical behavior data (such as attribute data within historical data). For example, A can indicate that an account triggered A login transactions in the past month, B can indicate that the account triggered B resource transfer transactions, and C can indicate that the account triggered C information update transactions. These root causes can form different feature vectors (i.e., historical feature vectors corresponding to historical behavior data). That is, historical feature vector X1 can be obtained based on A, historical feature vector X2 can be obtained based on A and B, and so on.

[0067] In S106, based on the pre-trained causal inference model and the second action data, the first feature vector corresponding to the second action data is obtained.

[0068] The first feature vector can be a feature vector generated by a pre-trained causal inference model based on the dependency relationship between different data within the second row of data, which can characterize the correlation between different data within the second row of data.

[0069] In S108, the risk label of the first object is determined as the risk label of the first feature vector.

[0070] In S206, based on the amount of second action data, the third action data of the second object and the risk label of the second object are obtained.

[0071] The second object may include business objects and / or account objects. The second object may be the same as the first object; that is, if the first object includes business objects, the second object may also include business objects.

[0072] In practice, based on a preset sample ratio and the amount of second-behavioral data, third-behavioral data of the second object can be obtained, and the risk identification model can be trained adversarially based on the second-behavioral data and the third-behavioral data.

[0073] For example, if there are 10 second-row data points and the preset sample ratio is 1:8, then 80 third-row data points can be obtained to improve the training effect of adversarial training of the risk identification model.

[0074] Furthermore, the preset sample ratio can vary depending on the target object to be identified. For example, if the target object to be identified has a high security requirement, the preset sample ratio can be smaller, meaning that the proportion of the second behavioral data used for interference can be larger. Conversely, if the target object to be identified has a low security requirement, the preset sample ratio can be larger, meaning that the proportion of the second behavioral data used for interference can be smaller.

[0075] In S208, the second feature vector corresponding to the third row of data is determined, and the risk label of the second object is determined as the risk label of the second feature vector.

[0076] In implementation, the third row data can be adjusted and extracted based on a pre-trained feature extraction model to obtain the second feature vector of the third row data. Alternatively, the second feature vector of the third row data can be determined based on a pre-trained causal inference model and the third row data. In addition, there are many other methods for determining the second feature vector of the third row data, which may vary depending on the actual application scenario. This specification does not specifically limit these methods in the embodiments.

[0077] In S210, the risk identification model is adversarially trained based on the first feature vector, the risk label of the first feature vector, the second feature vector, and the risk label of the second feature vector to obtain the trained risk identification model.

[0078] In S212, target behavior data of the target object to be identified in the target scene is obtained.

[0079] The target objects include target businesses and / or target accounts.

[0080] In S214, the target feature vector corresponding to the target behavior data is determined.

[0081] In practice, the target feature vector corresponding to the target behavior data can be determined based on the pre-trained causal inference model and the target behavior data.

[0082] In S216, the risk identification result for the target object is determined based on the trained risk identification model and the target feature vector.

[0083] In implementation, such as Figure 4 As shown, target behavior data can be input into a pre-trained causal inference model to obtain a target feature vector that can characterize the correlation between different data within the target behavior data. Then, by inputting the target feature vector into the trained risk identification model, risk identification results for the target object can be obtained.

[0084] In S218, based on the risk identification results, it is determined whether there is a risk to the target object in the target scenario.

[0085] In practice, if the risk identification results indicate that the target object in the target scenario is at risk, preset alarm information can be output.

[0086] In addition, if the target objects include target business and target account, risk identification model 1 corresponding to the target business and risk identification model 2 corresponding to the target account can be obtained respectively. Risk identification model 1 can be trained based on pre-trained causal recommendation model 1 and historical behavior data corresponding to historical business. Risk identification model 2 can be trained based on pre-trained causal recommendation model 2 and historical behavior data corresponding to historical account. Pre-trained causal recommendation model 1 can be trained based on second behavior data 1 generated from the behavior data of business objects. Pre-trained causal recommendation model 2 can be trained based on second behavior data 2 generated from the behavior data of account objects.

[0087] This means that different target objects can be selected to perform risk identification processing by choosing a risk identification model trained with sample data corresponding to the target object and a causal recommendation model. Furthermore, after obtaining risk identification result 1 for the target business and risk identification result 2 for the target account, it can be determined whether the target object in the target scenario has a risk based on the risk weights and risk identification results of different objects in different scenarios. For example, if the target scenario is a resource transfer scenario, the risk weight of the target business is 0.8, the risk weight of the target account is 0.5, the risk identification result for the target business is a risk label of 1 (i.e., risk exists), and the risk identification result for the target account is a risk label of 0 (i.e., no risk exists). Then, the risk score of the target object in the target scenario can be 0.8*1 + 0.5*0 = 0.8. If the preset risk threshold for the resource transfer scenario is 0.7, then it can be determined that the target object has a risk in this target scenario.

[0088] The above-described method for determining whether a target object poses a risk in a target scenario is an optional and feasible method. In actual application scenarios, there can be a variety of different methods. Different methods can be selected according to different actual application scenarios. This specification does not specifically limit the embodiments in this regard.

[0089] This specification provides a data processing method, which involves acquiring first behavioral data and a risk label of a first object, generating second behavioral data based on the first behavioral data, wherein the similarity between the second behavioral data and the first behavioral data is less than a preset similarity, obtaining a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data, wherein the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, and determining the risk label of the first object as the risk label of the first feature vector, and performing adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector, thereby obtaining a trained risk identification model, which can be used to perform risk identification processing on the target object to be identified, and obtain a risk identification result for the target object. Thus, since the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second row of data, which can characterize the correlation between different data within the second row of data, the sample data used to train the risk identification model (i.e., the first feature vector) can characterize the correlation between different data within the second row of data and has sample interpretability. Therefore, based on the first feature vector and the risk label of the first feature vector, the risk identification model constructed by the deep learning algorithm is adversarially trained, and the resulting trained risk identification model has strong robustness. That is, by using the trained risk identification model to perform risk identification processing on the target object to be identified, the accuracy of the risk identification result for the target object is high.

[0090] Example 3

[0091] The above describes the data processing method provided in the embodiments of this specification. Based on the same idea, the embodiments of this specification also provide a data processing apparatus, such as... Figure 5 As shown.

[0092] The data processing device includes: a first acquisition module 501, a data generation module 502, a vector determination module 503, and a first training module 504, wherein:

[0093] The first acquisition module 501 is used to acquire the first behavior data of the first object and the risk label of the first object;

[0094] Data generation module 502 is used to generate second behavior data based on the first behavior data, wherein the similarity between the second behavior data and the first behavior data is less than a preset similarity.

[0095] The vector determination module 503 is used to obtain a first feature vector corresponding to the second behavioral data based on the pre-trained causal inference model and the second behavioral data. The first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data in the second behavioral data, which can characterize the correlation between different data in the second behavioral data.

[0096] The first training module 504 is used to determine the risk label of the first object as the risk label of the first feature vector, and to perform adversarial training on the risk identification model constructed by the deep learning algorithm based on the first feature vector and the risk label of the first feature vector to obtain the trained risk identification model. The trained risk identification model is used to perform risk identification processing on the target object to be identified to obtain the risk identification result for the target object.

[0097] In this embodiment of the specification, the first training module 504 is used for:

[0098] Based on the quantity of the second behavioral data, obtain the third behavioral data of the second object and the risk label of the second object;

[0099] Determine the second feature vector corresponding to the third row of data, and determine the risk label of the second object as the risk label of the second feature vector;

[0100] Based on the first feature vector, the risk label of the first feature vector, the second feature vector, and the risk label of the second feature vector, the risk identification model is subjected to adversarial training to obtain the trained risk identification model.

[0101] In the embodiments described in this specification, the device further includes:

[0102] The second acquisition module is used to acquire historical behavior data of historical objects and historical feature vectors corresponding to the historical behavior data.

[0103] The second training module is used to train the causal inference model constructed by the Bayesian network based on the historical behavior data and the historical feature vector, so as to obtain the trained causal inference model.

[0104] In the embodiments described in this specification, the device further includes:

[0105] The third acquisition module is used to acquire target behavior data of the target object to be identified in the target scenario, wherein the target object includes target business and / or target account;

[0106] The result determination module is used to determine the target feature vector corresponding to the target behavior data, and based on the trained risk identification model and the target feature vector, determine the risk identification result for the target object;

[0107] The risk identification module is used to determine whether the target object in the target scenario is at risk based on the risk identification results.

[0108] In the embodiments of this specification, the result determination module is used for:

[0109] Based on the pre-trained causal inference model and the target behavior data, the target feature vector corresponding to the target behavior data is determined.

[0110] In this embodiment of the specification, the data generation module 502 is used for:

[0111] Obtain multiple attribute data within the first behavior data;

[0112] Based on preset transformation rules, the attribute data is transformed to obtain transformed attribute data, and based on the transformed attribute data, the second behavior data is determined.

[0113] In this embodiment of the specification, the data generation module 502 is used for:

[0114] Based on a pre-trained generative adversarial network model and the first behavior data, adversarial behavior data corresponding to the first behavior data is generated, and the adversarial behavior data is determined as the second behavior data. The generative adversarial network model is obtained by training a model constructed by a deep learning algorithm based on the historical behavior data.

[0115] This specification provides a data processing apparatus that acquires first behavioral data and a risk label of a first object, generates second behavioral data based on the first behavioral data, wherein the similarity between the second behavioral data and the first behavioral data is less than a preset similarity, obtains a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data, the first feature vector being a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, and characterizes the correlation between different data within the second behavioral data, the risk label of the first object is determined as the risk label of the first feature vector, and performs adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector, to obtain a trained risk identification model, which can be used to perform risk identification processing on the target object to be identified, and obtain a risk identification result for the target object. Thus, since the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second row of data, which can characterize the correlation between different data within the second row of data, the sample data used to train the risk identification model (i.e., the first feature vector) can characterize the correlation between different data within the second row of data and has sample interpretability. Therefore, based on the first feature vector and the risk label of the first feature vector, the risk identification model constructed by the deep learning algorithm is adversarially trained, and the resulting trained risk identification model has strong robustness. That is, by using the trained risk identification model to perform risk identification processing on the target object to be identified, the accuracy of the risk identification result for the target object is high.

[0116] Example 4

[0117] Following the same line of thought, embodiments of this specification also provide a data processing device, such as... Figure 6 As shown.

[0118] Data processing devices can vary considerably depending on configuration or performance, and may include one or more processors 601 and memory 602. Memory 602 may store one or more application programs or data. Memory 602 may be temporary or persistent storage. The application programs stored in memory 602 may include one or more modules (not shown), each module including a series of computer-executable instructions for the data processing device. Furthermore, processor 601 may be configured to communicate with memory 602 and execute the series of computer-executable instructions in memory 602 on the data processing device. The data processing device may also include one or more power supplies 603, one or more wired or wireless network interfaces 604, one or more input / output interfaces 605, and one or more keyboards 606.

[0119] Specifically, in this embodiment, the data processing device includes a memory and one or more programs, wherein one or more programs are stored in the memory, and one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the data processing device, and is configured to be executed by one or more processors. The one or more programs include computer-executable instructions for performing the following:

[0120] Obtain the first behavior data of the first object and the risk label of the first object;

[0121] Second behavioral data is generated based on the first behavioral data, and the similarity between the second behavioral data and the first behavioral data is less than a preset similarity.

[0122] Based on the pre-trained causal inference model and the second behavioral data, a first feature vector corresponding to the second behavioral data is obtained. The first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data in the second behavioral data, which can characterize the correlation between different data in the second behavioral data.

[0123] The risk label of the first object is determined as the risk label of the first feature vector. Based on the first feature vector and the risk label of the first feature vector, the risk identification model constructed by the deep learning algorithm is subjected to adversarial training to obtain the trained risk identification model. The trained risk identification model is used to perform risk identification processing on the target object to be identified to obtain the risk identification result for the target object.

[0124] Optionally, the step of training the risk identification model constructed by the deep learning algorithm based on the first feature vector and the risk label of the first feature vector to obtain the trained risk identification model includes:

[0125] Based on the quantity of the second behavioral data, obtain the third behavioral data of the second object and the risk label of the second object;

[0126] Determine the second feature vector corresponding to the third row of data, and determine the risk label of the second object as the risk label of the second feature vector;

[0127] Based on the first feature vector, the risk label of the first feature vector, the second feature vector, and the risk label of the second feature vector, the risk identification model is subjected to adversarial training to obtain the trained risk identification model.

[0128] Optionally, before obtaining the first feature vector corresponding to the second behavioral data based on the pre-trained causal inference model and the second behavioral data, the method further includes:

[0129] Obtain historical behavior data of historical objects, and the historical feature vectors corresponding to the historical behavior data;

[0130] Based on the historical behavior data and the historical feature vector, the causal inference model constructed by the Bayesian network is trained to obtain the trained causal inference model.

[0131] Optionally, the method further includes:

[0132] Acquire target behavior data of the target object to be identified in the target scenario, wherein the target object includes target business and / or target account;

[0133] Determine the target feature vector corresponding to the target behavior data, and based on the trained risk identification model and the target feature vector, determine the risk identification result for the target object;

[0134] Based on the risk identification results, it is determined whether the target object in the target scenario poses a risk.

[0135] Optionally, determining the target feature vector corresponding to the target behavior data includes:

[0136] Based on the pre-trained causal inference model and the target behavior data, the target feature vector corresponding to the target behavior data is determined.

[0137] Optionally, generating second behavior data based on the first behavior data includes: acquiring multiple attribute data within the first behavior data;

[0138] Based on preset transformation rules, the attribute data is transformed to obtain transformed attribute data, and based on the transformed attribute data, the second behavior data is determined.

[0139] Optionally, generating the second behavior data based on the first behavior data includes:

[0140] Based on a pre-trained generative adversarial network model and the first behavior data, adversarial behavior data corresponding to the first behavior data is generated, and the adversarial behavior data is determined as the second behavior data. The generative adversarial network model is obtained by training a model constructed by a deep learning algorithm based on the historical behavior data.

[0141] This specification provides a data processing device that acquires first behavioral data and a risk label of a first object, generates second behavioral data based on the first behavioral data, wherein the similarity between the second behavioral data and the first behavioral data is less than a preset similarity, obtains a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data, the first feature vector being a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, and characterizes the correlation between different data within the second behavioral data, the risk label of the first object is determined as the risk label of the first feature vector, and performs adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector, to obtain a trained risk identification model, which can be used to perform risk identification processing on the target object to be identified, and obtain a risk identification result for the target object. Thus, since the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second row of data, which can characterize the correlation between different data within the second row of data, the sample data used to train the risk identification model (i.e., the first feature vector) can characterize the correlation between different data within the second row of data and has sample interpretability. Therefore, based on the first feature vector and the risk label of the first feature vector, the risk identification model constructed by the deep learning algorithm is adversarially trained, and the resulting trained risk identification model has strong robustness. That is, by using the trained risk identification model to perform risk identification processing on the target object to be identified, the accuracy of the risk identification result for the target object is high.

[0142] Example 5

[0143] This specification also provides a computer-readable storage medium storing a computer program. When executed by a processor, this computer program implements the various processes of the above-described data processing method embodiments and achieves the same technical effects. To avoid repetition, it will not be described again here. The computer-readable storage medium may include, for example, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk.

[0144] This specification provides a computer-readable storage medium that acquires first behavioral data and a risk label of a first object, generates second behavioral data based on the first behavioral data, wherein the similarity between the second behavioral data and the first behavioral data is less than a preset similarity, obtains a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data, the first feature vector being a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second behavioral data, capable of characterizing the correlation between different data within the second behavioral data, determines the risk label of the first object as the risk label of the first feature vector, and performs adversarial training on a risk identification model constructed by a deep learning algorithm based on the first feature vector and the risk label of the first feature vector, obtaining a trained risk identification model, which can be used to perform risk identification processing on the target object to be identified, and obtain a risk identification result for the target object. Thus, since the first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data within the second row of data, which can characterize the correlation between different data within the second row of data, the sample data used to train the risk identification model (i.e., the first feature vector) can characterize the correlation between different data within the second row of data and has sample interpretability. Therefore, based on the first feature vector and the risk label of the first feature vector, the risk identification model constructed by the deep learning algorithm is adversarially trained, and the resulting trained risk identification model has strong robustness. That is, by using the trained risk identification model to perform risk identification processing on the target object to be identified, the accuracy of the risk identification result for the target object is high.

[0145] The foregoing has described specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims may be performed in a different order than that shown in the embodiments and may still achieve the desired result. Furthermore, the processes depicted in the drawings do not necessarily require the specific or sequential order shown to achieve the desired result. In some embodiments, multitasking and parallel processing are possible or may be advantageous.

[0146] In the 1990s, improvements to a technology could be clearly distinguished as either hardware improvements (e.g., improvements to the circuit structure of diodes, transistors, switches, etc.) or software improvements (improvements to the methodology). However, with technological advancements, many methodological improvements today can be considered direct improvements to the hardware circuit structure. Designers almost always obtain the corresponding hardware circuit structure by programming the improved methodology into the hardware circuit. Therefore, it cannot be said that a methodological improvement cannot be implemented using a hardware physical module. For example, a Programmable Logic Device (PLD) (e.g., a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic function is determined by the user programming the device. Designers can program a digital system themselves to "integrate" it onto a PLD, without needing chip manufacturers to design and manufacture dedicated integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing integrated circuit chips, this programming is mostly implemented using "logic compiler" software. Similar to the software compiler used in program development, the original code before compilation must be written in a specific programming language, called a Hardware Description Language (HDL). There are many HDLs, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, and RHDL (Ruby Hardware Description Language). Currently, the most commonly used are VHDL (Very-High-Speed ​​Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should understand that by simply performing some logic programming on the method flow using one of these hardware description languages ​​and programming it into an integrated circuit, the hardware circuit implementing the logical method flow can be easily obtained.

[0147] The controller can be implemented in any suitable manner. For example, it can take the form of a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro)processor, logic gates, switches, application-specific integrated circuits (ASICs), programmable logic controllers, and embedded microcontrollers. Examples of controllers include, but are not limited to, the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicon Labs C8051F320. A memory controller can also be implemented as part of the control logic of the memory. Those skilled in the art will also recognize that, in addition to implementing the controller in purely computer-readable program code form, the same functionality can be achieved by logically programming the method steps to make the controller take the form of logic gates, switches, ASICs, programmable logic controllers, and embedded microcontrollers. Therefore, such a controller can be considered a hardware component, and the means included therein for implementing various functions can also be considered as structures within the hardware component. Alternatively, the means for implementing various functions can be considered as both software modules implementing the method and structures within the hardware component.

[0148] The systems, devices, modules, or units described in the above embodiments can be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, a computer can be, for example, a personal computer, laptop computer, cellular phone, camera phone, smartphone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or any combination of these devices.

[0149] For ease of description, the above apparatus is described by dividing it into various functional units. Of course, when implementing one or more embodiments of this specification, the functions of each unit can be implemented in one or more software and / or hardware.

[0150] Those skilled in the art will understand that the embodiments of this specification can be provided as methods, systems, or computer program products. Therefore, one or more embodiments of this specification may take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of this specification may take the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0151] The embodiments described herein are illustrated with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this specification. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in one or more flowchart illustrations and / or one or more block diagrams.

[0152] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means that implement the functions specified in one or more flowcharts and / or one or more block diagrams.

[0153] These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process, such that the instructions, which execute on the computer or other programmable apparatus, provide steps for implementing the functions specified in one or more flowcharts and / or one or more block diagrams.

[0154] In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.

[0155] Memory may include non-persistent storage in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.

[0156] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.

[0157] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.

[0158] Those skilled in the art will understand that the embodiments of this specification can be provided as methods, systems, or computer program products. Therefore, one or more embodiments of this specification may take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of this specification may take the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0159] One or more embodiments of this specification can be described in the general context of computer-executable instructions, such as program modules, that are executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform a particular task or implement a particular abstract data type. One or more embodiments of this specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices connected via a communication network. In distributed computing environments, program modules can reside in local and remote computer storage media, including storage devices.

[0160] The various embodiments in this specification are described in a progressive manner. Similar or identical parts between embodiments can be referred to interchangeably. Each embodiment focuses on describing the differences from other embodiments. In particular, the system embodiments are basically similar to the method embodiments, so the description is relatively simple; relevant parts can be referred to the descriptions in the method embodiments.

[0161] The above description is merely an embodiment of this specification and is not intended to limit this specification. Various modifications and variations can be made to this specification by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this specification should be included within the scope of the claims of this specification.

Claims

1. A data processing method, the method comprising: Obtain the first behavior data of the first object and the risk label of the first object; Second behavioral data is generated based on the first behavioral data, and the similarity between the second behavioral data and the first behavioral data is less than a preset similarity. Based on the pre-trained causal inference model and the second behavioral data, a first feature vector corresponding to the second behavioral data is obtained. The first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data in the second behavioral data, which can characterize the correlation between different data in the second behavioral data. The risk label of the first object is determined as the risk label of the first feature vector. Based on the first feature vector and the risk label of the first feature vector, the risk identification model constructed by the deep learning algorithm is subjected to adversarial training to obtain the trained risk identification model. The trained risk identification model is used to perform risk identification processing on the target object to be identified to obtain the risk identification result for the target object. The trained risk identification model is obtained by adversarial training on the risk identification model based on the first feature vector, the risk label of the first feature vector, the second feature vector, and the risk label of the second feature vector. The second feature vector is determined by the third behavior data of the second object obtained based on the number of second behavior data. The risk label of the second feature vector is the risk label of the second object.

2. The method according to claim 1, wherein training the risk identification model constructed by the deep learning algorithm based on the first feature vector and the risk label of the first feature vector to obtain the trained risk identification model includes: Based on the quantity of the second behavioral data, obtain the third behavioral data of the second object and the risk label of the second object; Determine the second feature vector corresponding to the third row of data, and determine the risk label of the second object as the risk label of the second feature vector; Based on the first feature vector, the risk label of the first feature vector, the second feature vector, and the risk label of the second feature vector, the risk identification model is subjected to adversarial training to obtain the trained risk identification model.

3. The method according to claim 2, before obtaining the first feature vector corresponding to the second behavioral data based on the pre-trained causal inference model and the second behavioral data, further comprising: Obtain historical behavior data of historical objects, and the historical feature vectors corresponding to the historical behavior data; Based on the historical behavior data and the historical feature vector, the causal inference model constructed by the Bayesian network is trained to obtain the trained causal inference model.

4. The method according to claim 3, further comprising: Acquire target behavior data of the target object to be identified in the target scenario, wherein the target object includes target business and / or target account; Determine the target feature vector corresponding to the target behavior data, and based on the trained risk identification model and the target feature vector, determine the risk identification result for the target object; Based on the risk identification results, it is determined whether the target object in the target scenario poses a risk.

5. The method according to claim 4, wherein determining the target feature vector corresponding to the target behavior data includes: Based on the pre-trained causal inference model and the target behavior data, the target feature vector corresponding to the target behavior data is determined.

6. The method according to claim 5, wherein generating the second behavioral data based on the first behavioral data comprises: Obtain multiple attribute data within the first behavior data; Based on preset transformation rules, the attribute data is transformed to obtain transformed attribute data, and based on the transformed attribute data, the second behavior data is determined.

7. The method according to claim 5, wherein generating the second behavioral data based on the first behavioral data comprises: Based on a pre-trained generative adversarial network model and the first behavior data, adversarial behavior data corresponding to the first behavior data is generated, and the adversarial behavior data is determined as the second behavior data. The generative adversarial network model is obtained by training a model constructed by a deep learning algorithm based on the historical behavior data.

8. A data processing apparatus, the apparatus comprising: The first acquisition module is used to acquire the first behavior data of the first object and the risk label of the first object; The data generation module is used to generate second behavior data based on the first behavior data, wherein the similarity between the second behavior data and the first behavior data is less than a preset similarity. The vector determination module is used to obtain a first feature vector corresponding to the second behavioral data based on a pre-trained causal inference model and the second behavioral data. The first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data in the second behavioral data, which can characterize the correlation between different data in the second behavioral data. The first training module is used to determine the risk label of the first object as the risk label of the first feature vector, and to perform adversarial training on the risk identification model constructed by the deep learning algorithm based on the first feature vector and the risk label of the first feature vector to obtain the trained risk identification model. The trained risk identification model is used to perform risk identification processing on the target object to be identified to obtain the risk identification result for the target object. The trained risk identification model is obtained by adversarial training on the risk identification model based on the first feature vector, the risk label of the first feature vector, the second feature vector, and the risk label of the second feature vector. The second feature vector is determined by the third behavior data of the second object obtained based on the number of second behavior data, and the risk label of the second feature vector is the risk label of the second object.

9. A data processing apparatus, the data processing apparatus comprising: processor; as well as A memory configured to store computer-executable instructions, which, when executed, cause the processor to: Obtain the first behavior data of the first object and the risk label of the first object; Second behavioral data is generated based on the first behavioral data, and the similarity between the second behavioral data and the first behavioral data is less than a preset similarity. Based on the pre-trained causal inference model and the second behavioral data, a first feature vector corresponding to the second behavioral data is obtained. The first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data in the second behavioral data, which can characterize the correlation between different data in the second behavioral data. The risk label of the first object is determined as the risk label of the first feature vector. Based on the first feature vector and the risk label of the first feature vector, the risk identification model constructed by the deep learning algorithm is subjected to adversarial training to obtain the trained risk identification model. The trained risk identification model is used to perform risk identification processing on the target object to be identified to obtain the risk identification result for the target object. The trained risk identification model is obtained by adversarial training on the risk identification model based on the first feature vector, the risk label of the first feature vector, the second feature vector, and the risk label of the second feature vector. The second feature vector is determined by the third behavior data of the second object obtained based on the number of second behavior data. The risk label of the second feature vector is the risk label of the second object.

10. A storage medium for storing computer-executable instructions, which, when executed, perform the following process: Obtain the first behavior data of the first object and the risk label of the first object; Second behavioral data is generated based on the first behavioral data, and the similarity between the second behavioral data and the first behavioral data is less than a preset similarity. Based on the pre-trained causal inference model and the second behavioral data, a first feature vector corresponding to the second behavioral data is obtained. The first feature vector is a feature vector generated by the pre-trained causal inference model based on the dependency relationship between different data in the second behavioral data, which can characterize the correlation between different data in the second behavioral data. The risk label of the first object is determined as the risk label of the first feature vector. Based on the first feature vector and the risk label of the first feature vector, the risk identification model constructed by the deep learning algorithm is subjected to adversarial training to obtain the trained risk identification model. The trained risk identification model is used to perform risk identification processing on the target object to be identified to obtain the risk identification result for the target object. The trained risk identification model is obtained by adversarial training on the risk identification model based on the first feature vector, the risk label of the first feature vector, the second feature vector, and the risk label of the second feature vector. The second feature vector is determined by the third behavior data of the second object obtained based on the number of second behavior data. The risk label of the second feature vector is the risk label of the second object.