Data processing method and device, computer device and storage medium
By calculating the similarity between target users and historical users and establishing associations, an updated user relationship graph is generated, which solves the problem of low accuracy in detecting isolated users and achieves more efficient detection of resource transfer anomalies.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ZHAOLIAN CONSUMER FINANCE CO LTD
- Filing Date
- 2022-10-13
- Publication Date
- 2026-06-23
AI Technical Summary
Existing methods for detecting anomalies in resource transfer have low accuracy in detecting isolated users, especially due to the limited information available about isolated users, resulting in poor detection performance.
By acquiring the abnormal resource transfer attribute information and historical user relationship graph of the target users, the similarity between users is calculated, the association is established, an updated user relationship graph is generated, and the graph is input into the resource transfer anomaly detection model for detection.
It improves the accuracy of detecting resource transfer anomalies in isolated users by integrating attribute information from other users to enhance the detection effect.
Smart Images

Figure CN115758271B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of Internet technology, and in particular to a data processing method, apparatus, computer equipment, storage medium, and computer program product. Background Technology
[0002] With the development of internet technology, people can use online platforms to apply for services such as resource transfers, including loans. When a user applies for a resource transfer, the transfer is processed after a credit assessment. Therefore, assessing whether a user exhibits any abnormal risk behavior related to resource transfers is essential, requiring anomaly detection. Existing anomaly detection methods rely on traditional machine learning to analyze user information (such as loan amount and income). However, detecting anomalies in isolated users (those without connections to other resource transfer applicants) suffers from low accuracy due to limited information available on such users. Summary of the Invention
[0003] Therefore, it is necessary to provide a method, apparatus, computer equipment, computer-readable storage medium, and computer program product for predicting overdue risks that can improve the accuracy of overdue risk prediction, in response to the above-mentioned technical problems.
[0004] Firstly, this application provides a data processing method. The method includes:
[0005] Obtain the target resource transfer anomaly attribute information and historical user relationship graph corresponding to the target user identifier. The historical user relationship graph is established through the social relationship attributes corresponding to each historical user identifier.
[0006] Based on the abnormal attribute information of target resource transfer and the abnormal attribute information of historical resource transfer corresponding to each historical user identifier in the historical user relationship graph, the similarity between the target user identifier and each historical user identifier is calculated, and each similarity is obtained. Based on each similarity, the target historical user identifier is determined from each historical user identifier.
[0007] Establish the association between the target user identifier and the target historical user identifier, and obtain the updated user relationship graph based on the association and the historical user relationship graph;
[0008] The updated user relationship graph is input into the target resource transfer anomaly detection model to detect resource transfer anomalies and obtain the probability of resource transfer anomalies corresponding to the target user identifier.
[0009] Secondly, this application also provides a data processing apparatus. The apparatus includes:
[0010] The acquisition module is used to acquire the target resource transfer anomaly attribute information and historical user relationship graph corresponding to the target user identifier. The historical user relationship graph is established through the social relationship attributes corresponding to each historical user identifier.
[0011] The calculation module is used to calculate the similarity between the target user identifier and each historical user identifier based on the target resource transfer anomaly attribute information and the historical resource transfer anomaly attribute information corresponding to each historical user identifier in the historical user relationship graph, obtain each similarity degree, and determine the target historical user identifier from each historical user identifier based on each similarity degree.
[0012] The update module is used to establish the association between the target user identifier and the target historical user identifier, and to obtain the updated user relationship graph based on the association and the historical user relationship graph.
[0013] The detection module is used to input the updated user relationship graph into the target resource transfer anomaly detection model to detect resource transfer anomalies and obtain the probability of resource transfer anomalies corresponding to the target user identifier.
[0014] Thirdly, this application also provides a computer device. The computer device includes a memory and a processor, the memory storing a computer program, and the processor executing the computer program to perform the following steps:
[0015] Obtain the target resource transfer anomaly attribute information and historical user relationship graph corresponding to the target user identifier. The historical user relationship graph is established through the social relationship attributes corresponding to each historical user identifier.
[0016] Based on the abnormal attribute information of target resource transfer and the abnormal attribute information of historical resource transfer corresponding to each historical user identifier in the historical user relationship graph, the similarity between the target user identifier and each historical user identifier is calculated, and each similarity is obtained. Based on each similarity, the target historical user identifier is determined from each historical user identifier.
[0017] Establish the association between the target user identifier and the target historical user identifier, and obtain the updated user relationship graph based on the association and the historical user relationship graph;
[0018] The updated user relationship graph is input into the target resource transfer anomaly detection model to detect resource transfer anomalies and obtain the probability of resource transfer anomalies corresponding to the target user identifier.
[0019] Fourthly, this application also provides a computer-readable storage medium. The computer-readable storage medium stores a computer program thereon, which, when executed by a processor, performs the following steps:
[0020] Obtain the target resource transfer anomaly attribute information and historical user relationship graph corresponding to the target user identifier. The historical user relationship graph is established through the social relationship attributes corresponding to each historical user identifier.
[0021] Based on the abnormal attribute information of target resource transfer and the abnormal attribute information of historical resource transfer corresponding to each historical user identifier in the historical user relationship graph, the similarity between the target user identifier and each historical user identifier is calculated, and each similarity is obtained. Based on each similarity, the target historical user identifier is determined from each historical user identifier.
[0022] Establish the association between the target user identifier and the target historical user identifier, and obtain the updated user relationship graph based on the association and the historical user relationship graph;
[0023] The updated user relationship graph is input into the target resource transfer anomaly detection model to detect resource transfer anomalies and obtain the probability of resource transfer anomalies corresponding to the target user identifier.
[0024] Fifthly, this application also provides a computer program product. The computer program product includes a computer program that, when executed by a processor, performs the following steps:
[0025] Obtain the target resource transfer anomaly attribute information and historical user relationship graph corresponding to the target user identifier. The historical user relationship graph is established through the social relationship attributes corresponding to each historical user identifier.
[0026] Based on the abnormal attribute information of target resource transfer and the abnormal attribute information of historical resource transfer corresponding to each historical user identifier in the historical user relationship graph, the similarity between the target user identifier and each historical user identifier is calculated, and each similarity is obtained. Based on each similarity, the target historical user identifier is determined from each historical user identifier.
[0027] Establish the association between the target user identifier and the target historical user identifier, and obtain the updated user relationship graph based on the association and the historical user relationship graph;
[0028] The updated user relationship graph is input into the target resource transfer anomaly detection model to detect resource transfer anomalies and obtain the probability of resource transfer anomalies corresponding to the target user identifier.
[0029] The aforementioned data processing method, apparatus, computer equipment, storage medium, and computer program product calculate the similarity between the target user identifier and each historical user identifier in the historical user relationship graph by using target resource transfer anomaly attribute information. Based on the similarity, it can identify the target historical user identifier that is most similar to the target user identifier in terms of resource anomaly attributes among all historical user identifiers. Then, by establishing the association between the target user identifier and the target historical user identifier, an updated user relationship graph is obtained. The updated user relationship graph is then input into the target resource transfer anomaly detection model to perform resource transfer anomaly detection, obtaining the probability of resource transfer anomalies corresponding to the target user identifier. By finding the target historical user identifier that is most similar to the target user identifier in terms of resource anomaly attributes and associating the target user identifier with the target historical user identifier to obtain the updated user relationship graph, it can integrate the attribute information of other users that are most similar to the target user identifier in terms of attribute information to perform resource transfer anomaly detection on the target user identifier's attribute information. This improves the utilization rate of other users' attribute information during the resource transfer anomaly detection process for the target user identifier's attribute information, thereby improving the accuracy of resource transfer anomaly detection for the target user. Attached Figure Description
[0030] Figure 1 This is a diagram illustrating the application environment of a data processing method in one embodiment.
[0031] Figure 2 This is a flowchart illustrating a data processing method in one embodiment;
[0032] Figure 3 This is a schematic diagram illustrating the updating of a user relationship graph in one embodiment;
[0033] Figure 4 This is a schematic diagram of the training process of a resource transfer anomaly detection model in one embodiment;
[0034] Figure 5 This is a flowchart illustrating the resource transfer anomaly detection process in one embodiment;
[0035] Figure 6 This is a structural block diagram of a data processing device in one embodiment;
[0036] Figure 7 This is an internal structural diagram of a computer device in one embodiment;
[0037] Figure 8 This is a diagram of the internal structure of a computer device in another embodiment. Detailed Implementation
[0038] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.
[0039] The data processing method provided in this application embodiment can be applied to, for example... Figure 1 In the application environment shown, terminal 102 communicates with server 104 via a network. A data storage system can store the data that server 104 needs to process. The data storage system can be integrated onto server 104, or it can be located in the cloud or on another network server. Server 104 can obtain the target resource transfer anomaly attribute information and historical user relationship graph corresponding to the target user identifier through terminal 102 corresponding to the target user identifier. The historical user relationship graph is established through the social relationship attributes corresponding to each historical user identifier. Server 104 calculates the similarity between the target user identifier and each historical user identifier based on the target resource transfer anomaly attribute information and the historical resource transfer anomaly attribute information corresponding to each historical user identifier in the historical user relationship graph, obtains each similarity degree, and determines the target historical user identifier from each historical user identifier based on each similarity degree. Server 104 establishes the association relationship between the target user identifier and the target historical user identifier, and obtains the updated user relationship graph based on the association relationship and the historical user relationship graph. Server 104 inputs the updated user relationship graph into the target resource transfer anomaly detection model to perform resource transfer anomaly detection, obtains the resource transfer anomaly probability corresponding to the target user identifier, and then server 104 can return the resource transfer anomaly probability to terminal 102 corresponding to the target user identifier for display. The terminal 102 can be, but is not limited to, various personal computers, laptops, smartphones, tablets, IoT devices, and portable wearable devices. IoT devices can include smart speakers, smart TVs, smart air conditioners, and smart in-vehicle systems. Portable wearable devices can include smartwatches, smart bracelets, and head-mounted devices. The server 104 can be implemented using a standalone server or a server cluster consisting of multiple servers.
[0040] In one embodiment, such as Figure 2 As shown, a data processing method is provided, which can be applied to... Figure 1 Taking the server in the example, the following steps are included:
[0041] Step 202: Obtain the target resource transfer anomaly attribute information and historical user relationship graph corresponding to the target user identifier. The historical user relationship graph is established through the social relationship attributes corresponding to each historical user identifier.
[0042] The target user identifier is the user identifier corresponding to the target user in the resource transfer. The target user can be an isolated user, representing a user who has no relationship with any historical user in the historical user relationship graph. Resource transfer refers to the process of transferring resources between the management end and the user end in internet services, including the resource transfer process from the management end to the user end or the resource return process from the user end to the management end after receiving resources transferred from the management end. Target resource transfer anomaly attribute information refers to the resource transfer anomaly attribute information corresponding to the target user identifier. Resource transfer anomaly attribute information refers to the user attribute information most relevant to resource transfer anomalies, used to detect the possibility of a user having resource transfer anomalies. Resource transfer anomaly refers to the abnormal situation where the user end fails to return resources to the management end in a timely manner. User attribute information refers to basic information related to the user, including identity information and business information. The relationship graph refers to a graph data structure composed of nodes (Points, entities) and edges (Edges, relationships). The historical user relationship graph represents the social relationships corresponding to each historical user identifier. Historical user identifiers refer to the identifiers corresponding to users who have internet services and are stored in advance. Social relationship attributes refer to the attributes of social relationships that exist between users and other users, including attributes of social relationships such as kinship and business dealings.
[0043] Specifically, the server receives resource acquisition requests sent by the user. When it detects that the user identifier corresponding to the resource acquisition request does not have a relationship with any of the pre-stored historical user identifiers, it uses that user identifier as the target user identifier and obtains the target resource transfer anomaly attribute information corresponding to the target user identifier. Then, the server can build at least one historical user relationship graph based on the social relationship attributes corresponding to each historical user identifier pre-stored in the database, and then traverses each historical user relationship graph to obtain the historical user relationship graph with the most nodes.
[0044] Step 204: Calculate the similarity between the target user identifier and each historical user identifier based on the target resource transfer anomaly attribute information and the historical resource transfer anomaly attribute information corresponding to each historical user identifier in the historical user relationship graph, obtain each similarity degree, and determine the target historical user identifier from each historical user identifier based on each similarity degree.
[0045] Among them, historical resource transfer anomaly attribute information refers to the resource transfer anomaly attribute information corresponding to historical user identifiers. Target historical user identifiers refer to historical user identifiers whose similarity reaches preset conditions.
[0046] Specifically, the server obtains the historical resource transfer anomaly attribute information corresponding to each historical user identifier based on the historical user relationship graph, calculates the similarity between the target resource transfer anomaly attribute information and the historical resource transfer anomaly attribute information corresponding to each historical user identifier, and obtains the similarity degree corresponding to each historical user identifier. Based on the similarity degree, the target historical user identifier is determined from the historical user identifiers.
[0047] In one embodiment, there can be at least two resource transfer anomaly attribute information entries. The server can generate a target attribute information vector based on the target transfer anomaly attribute information, where the target attribute information vector represents a vector composed of the individual resource transfer anomaly attribute values from the target transfer anomaly attribute information. The server can also generate historical attribute information vectors based on the historical resource transfer anomaly attribute information corresponding to each historical user identifier, where each historical attribute information vector represents a vector composed of the individual resource transfer anomaly attribute values from the historical resource transfer anomaly attribute information. The server calculates the vector distance between the target attribute information vector and each historical attribute information vector to obtain the vector distance. The server selects the historical user identifier corresponding to the historical attribute information with the smallest vector distance as the target historical user identifier. Alternatively, the server can use the historical user identifier corresponding to the historical attribute information that meets a preset vector distance threshold as the target historical user identifier.
[0048] Step 206: Establish the association between the target user identifier and the target historical user identifier, and obtain the updated user relationship graph based on the association and the historical user relationship graph.
[0049] Step 208: Input the updated user relationship graph into the target resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain the probability of resource transfer anomalies corresponding to the target user identifier.
[0050] Here, "updated user relationship graph" refers to the historical user relationship graph after updating the target user identifier. "Target resource transfer anomaly detection model" refers to a pre-trained resource transfer anomaly detection model used to detect whether a user exhibits resource transfer anomalies. "Resource transfer anomaly probability" refers to the degree to which a user's resource transfer anomaly exists.
[0051] Specifically, the server establishes a correlation between the target user identifier and the target historical user identifier, creating edges between them in the historical user relationship graph to obtain an updated user relationship graph. Then, the server retrieves a pre-trained target resource transfer anomaly detection model, inputs the updated user relationship graph into the model to perform resource transfer anomaly detection, and obtains the probability of resource transfer anomalies corresponding to the target user identifier. When the server detects that the probability of resource transfer anomalies is less than a preset threshold, it sends a resource acquisition permission instruction to the resource management terminal based on the resource acquisition request, allowing the user to acquire the resource.
[0052] In the aforementioned data processing method, the similarity between the target user identifier and each historical user identifier in the historical user relationship graph is calculated using the target resource transfer anomaly attribute information. Based on the similarity, the target historical user identifier with the most similar resource anomaly attribute to the target user identifier can be identified among all historical user identifiers. Then, by establishing the association between the target user identifier and the target historical user identifier, an updated user relationship graph is obtained. The updated user relationship graph is then input into the target resource transfer anomaly detection model to perform resource transfer anomaly detection, obtaining the probability of resource transfer anomalies corresponding to the target user identifier. By finding the target historical user identifier with the most similar resource anomaly attribute to the target user identifier and associating the target user identifier with the target historical user identifier to obtain the updated user relationship graph, the attribute information of other users with the most similar attribute information to the target user identifier can be integrated to perform resource transfer anomaly detection on the target user identifier's attribute information. This improves the utilization rate of other users' attribute information during the resource transfer anomaly detection process for the target user identifier's attribute information, thereby improving the accuracy of resource transfer anomaly detection for the target user.
[0053] In one embodiment, step 202, obtaining the target resource transfer anomaly attribute information corresponding to the target user identifier, includes:
[0054] Obtain the basic attribute information of each user corresponding to each historical user identifier and the resource transfer results corresponding to each historical user identifier;
[0055] Mutual information is calculated based on the basic attribute information of each user and the resource transfer results to obtain the mutual information corresponding to the basic attribute information of each user, and the abnormal attributes of resource transfer are determined based on the mutual information corresponding to the basic attribute information of each user.
[0056] Obtain the target resource transfer anomaly attribute information corresponding to the target user identifier based on the resource transfer anomaly attribute.
[0057] Among them, user basic attribute information corresponds to user basic attributes, representing information about the user's relevant basic attributes. Resource transfer result refers to whether there were any abnormal resource transfer outcomes for historical users, including both abnormal and normal outcomes. Mutual information is a measure of the dependence between user basic attribute information and resource transfer results, used to characterize the correlation between the two; higher mutual information indicates a stronger correlation. Resource transfer anomaly attribute refers to the user basic attribute most closely related to resource transfer anomalies. There can be one or more resource transfer anomaly attributes.
[0058] Specifically, the server can obtain the basic attribute information of each user corresponding to each historical user identifier and the resource transfer results corresponding to each historical user identifier, including attribute names and attribute values. The server can normalize the attribute value of each attribute, as shown in formula (1):
[0059]
[0060] Where, X′ ij_old Let X′ be the original value of the j-th attribute of user i. ij_new Let X′ be the normalized value of the j-th attribute of user i. j_max X′ is the maximum value among the j-th attributes. j_min Let be the minimum value among the j-th attributes.
[0061] Then, the server uses the mutual information method to calculate the basic attribute information and resource transfer results of each user, as shown in formula (2):
[0062]
[0063] Where I(M;N) represents the mutual information of two random variables (M,N), M represents the user's basic attribute information, and N represents the resource transfer result. The joint distribution of the random variables is p(m,n), and the marginal distributions are p(n) and p(m), respectively. The mutual information corresponding to each user's basic attribute information can be calculated using formula (2). For example, if the user's age attribute is integrated into a sequence of values [20, 25, 30, ...], the user's corresponding resource transfer result can also be obtained as a sequence of values [yes, yes, no, ...]. The mutual information corresponding to the age attribute can then be calculated using the two sequences of values ([20, 25, 30, ...], [yes, yes, no, ...]). The server can select the top K user basic attributes with the largest mutual information as resource transfer anomaly attributes. The server can also select user basic attributes with mutual information exceeding a preset mutual information threshold as resource transfer anomaly attributes. Then, the server can obtain the target resource transfer anomaly attribute information corresponding to the target user identifier based on the resource transfer anomaly attributes, and obtain the historical resource transfer anomaly attribute information corresponding to each historical user identifier.
[0064] In one specific embodiment, the server determines k resource transfer anomaly attributes from the user basic attributes corresponding to each user's basic attribute information based on the mutual information corresponding to each user's basic attribute information. Based on these k resource transfer anomaly attributes, the server obtains k target resource transfer anomaly attribute information corresponding to the target user identifier. The attribute values corresponding to these k target resource transfer anomaly attributes are then combined to form a target attribute vector corresponding to the target user identifier, which can be represented by C. Next, based on these k resource transfer anomaly attributes, the server obtains k historical resource transfer anomaly attribute information corresponding to each historical user identifier in the historical user relationship graph. These k historical resource transfer anomaly attribute information corresponding to each historical user identifier are then combined to form a historical attribute vector, which can be represented by B1, B2, B3, ..., where B1 represents the vector composed of the k historical resource transfer anomaly attribute information corresponding to the first historical user identifier. The server can then use Euclidean distance to calculate vectors C and B. i The distance, i.e. the similarity between the target user identifier and each historical user identifier, is calculated using the formula shown in formula (3):
[0065]
[0066] Where, distance i Let C be the distance between the target attribute vector and the historical attribute vector of the i-th historical user in the historical user relationship graph. j Identify the j-th attribute value corresponding to the target user. The smaller the distance, the more similar the target user is to historical user i in the historical user relationship graph in terms of attribute.
[0067] In this embodiment, mutual information is calculated by performing mutual information calculation on the basic attribute information of each user corresponding to each historical user identifier and the resource transfer results corresponding to each historical user identifier. The mutual information corresponding to each user basic attribute information is then used to determine the abnormal attributes of resource transfer. By identifying the attribute most relevant to the abnormal resource transfer among the basic attributes of each user, the target historical user identifier most similar to the target user identifier is calculated using the most relevant attribute. Thus, the attribute information of the target historical user identifier most similar to the target user identifier is used to detect the abnormal resource transfer of the target user identifier, thereby improving the accuracy of the abnormal resource transfer detection.
[0068] In one embodiment, updating the user relationship graph includes each node and the basic attribute information of each user corresponding to each node; step 208 involves inputting the updated user relationship graph into a target resource transfer anomaly detection model to perform resource transfer anomaly detection, obtaining the probability of resource transfer anomalies corresponding to the target user identifier, including:
[0069] Generate a node association matrix and a node degree matrix based on the node relationships of each node in the updated user relationship graph;
[0070] Generate a node attribute matrix based on the basic attribute information of each user corresponding to each node in the updated user relationship graph;
[0071] The node association matrix, node degree matrix, and node attribute matrix are input into the target resource transfer anomaly detection model to detect resource transfer anomalies and obtain the probability of resource transfer anomalies corresponding to the target user identifier.
[0072] In this context, node relationships refer to the connections between nodes in the relationship graph, which can be the links between nodes. The node association matrix represents the updated node relationships in the user relationship graph. The node degree matrix represents the number of edges associated with each node in the updated user relationship graph. The node attribute matrix represents the updated user basic attributes of each node in the updated user relationship graph.
[0073] Specifically, the updated user relationship graph can be represented by G = (V, E), where V represents the set of nodes in the relationship graph, stored in a one-dimensional array; E represents the set of edges in the relationship graph, stored in a two-dimensional array. The server traverses the updated user relationship graph, generating a node association matrix based on the associations between each node and its neighbors. Then, the server counts the number of edges associated with each node and generates a node degree matrix. Finally, the server obtains the basic user attribute information corresponding to each node in the updated user relationship graph and generates a node attribute matrix based on this information.
[0074] The server then inputs the node association matrix, node degree matrix, and node attribute matrix into the target resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain the probability of resource transfer anomaly corresponding to the target user identifier.
[0075] In this embodiment, by generating a point association matrix, a node degree matrix, and a node attribute matrix based on the updated user relationship graph, and then inputting these matrices into the target resource transfer anomaly detection model to perform resource transfer anomaly detection, the accuracy of resource transfer anomaly detection for target user identifiers is improved.
[0076] In one embodiment, generating a node association matrix and a node degree matrix based on the node relationships of each node in the updated user relationship graph includes:
[0077] Based on the node relationships of each node in the updated user relationship graph, a node adjacency matrix is generated. The sum of the node adjacency matrix and the identity matrix is calculated to obtain the node association matrix.
[0078] An initial node degree matrix is generated based on the degree relationship of each node in the updated user relationship graph. The inverse matrix corresponding to the initial node degree matrix is then calculated to obtain the node degree matrix.
[0079] In this context, the adjacency matrix represents the connections between nodes in the updated user relationship graph. The identity matrix is a square matrix with 1s on the diagonal and 0s elsewhere. The degree relation refers to the number of edges associated with each node in the updated user relationship graph. The initial node degree matrix is the degree matrix before performing the inverse matrix operation.
[0080] Specifically, the server generates a node adjacency matrix based on the connections between nodes in the updated user relationship graph. For example, if the updated user relationship graph has N nodes and M edges, the node adjacency matrix can be represented as A∈R. N×N It means that A ij=1 indicates that there is an edge connecting nodes i and j. The identity matrix can be represented by I. The server calculates the sum of the node adjacency matrix and the identity matrix to obtain the node incidence matrix, which can be used... express.
[0081] The server generates an initial node degree matrix based on the degree relationships of each node in the updated user relationship graph. This initial degree matrix can be represented by the symbol D, meaning it's a square matrix with the node degrees on the diagonal and zeros in the other positions. The server then calculates the inverse of the initial node degree matrix to obtain the node degree matrix. The server can also use X to represent the node attribute matrix.
[0082] In this embodiment, the node association matrix is obtained by calculating the sum of the node adjacency matrix and the identity matrix, and the node degree matrix is obtained by calculating the inverse matrix corresponding to the initial node degree matrix. This makes the obtained node association matrix and node degree matrix more accurate, and the subsequent use of the node association matrix and node degree matrix to detect resource transfer anomalies of the target user is more accurate, thereby improving the accuracy of detecting resource transfer anomalies of the target user.
[0083] In one embodiment, the node association matrix, node degree matrix, and node attribute matrix are input into the target resource transfer anomaly detection model to perform resource transfer anomaly detection, obtaining the probability of resource transfer anomalies corresponding to the target user identifier, including:
[0084] Based on the node association matrix, node degree matrix and node attribute matrix, the graph neural network layer output of the target resource transfer anomaly detection model updates the node representation vector corresponding to each node in the user relationship graph;
[0085] The node representation vectors corresponding to each node are input into the fully connected layer of the target resource transfer anomaly detection model for fully connected computation to obtain the probability of resource transfer anomalies corresponding to each node.
[0086] Based on the probability of resource transfer anomalies corresponding to each node, the probability of resource transfer corresponding to the target user identifier is obtained.
[0087] In this context, a graph neural network (GNN) is a convolutional network that takes a graph and initial feature vectors of each node as input and outputs node representation vectors. The initial feature vectors are vectors representing the attributes of each node. The node representation vectors are matrices representing the attributes of each node, including the node's own attributes and the attributes of its neighboring nodes, with the vector dimension being the number of attributes.
[0088] Specifically, the target resource transfer anomaly detection model can be a graph neural network that performs two node attribute propagation steps, including an input layer, hidden layers, and an output layer, where the output layer is also a fully connected layer. Node attribute propagation represents the process of fusing a node's own attribute vector with the attribute vectors of its neighboring nodes.
[0089] The server will associate the nodes with the matrix. Node degree matrix The node attribute matrix X is input into the graph neural network of the target resource transfer anomaly detection model. The graph neural network then processes the node association matrix. Node degree matrix The node attribute matrix X undergoes two layers of node attribute propagation: the first layer from the input layer to the hidden layer and the second layer from the hidden layer to the fully connected layer, to obtain the node representation vector corresponding to each node. The rules for node attribute propagation in each layer of the graph neural network are shown in formula (4):
[0090]
[0091] Among them, X (l+1) Let X be the node representation vector of the (l+1)th layer. (l) Let W be the node representation vector of the l-th layer, σ be the activation function, and W be the node representation vector of the l-th layer. (l) Let be the weight matrix of the l-th layer.
[0092] The server then inputs the node representation vectors corresponding to each node into the fully connected layer of the graph neural network for fully connected computation to obtain the probability of resource transfer anomalies for each node.
[0093] In one specific embodiment, the server will use a node association matrix. Node degree matrix The node attribute matrix X is input into the target resource transfer anomaly detection model to calculate the probability of resource transfer anomalies for each node. The calculation formula of the target resource transfer anomaly detection model is shown in formula (5):
[0094]
[0095] Where Z represents the probability of abnormal resource transfer at a node. To update the calculated correlation matrix, ReLU is the activation function, X (0) W is the initial feature vector of the input layer, i.e., the node attribute matrix. (0) W is the weight matrix of the input layer. (1) This is the weight matrix for the first layer.
[0096] In one specific embodiment, such as Figure 3The diagram illustrates a method for updating a user relationship graph. Figure a includes the historical user relationship graph (black dots and black edges), and the isolated nodes corresponding to the target user identifier (white dots). Figure b shows the process of finding the node corresponding to the historical user identifier with the most similar attributes to the isolated node corresponding to the target user identifier in the historical user relationship graph. Then, the isolated node corresponding to the target user identifier is connected to the node corresponding to the target historical user identifier, as shown by the dashed lines, to obtain the updated user relationship graph. Figure c shows the calculation of the node representation vector corresponding to each node in the updated user relationship graph. The arrows in Figure c represent the propagation of node attributes. The node representation vector output by the graph neural network is the result of fusing the node's own attribute vector with the attribute vectors of its neighboring nodes. For example, X = [X1, X2, ...] in the diagram indicates that the attribute information of node X is fused with the attribute information of neighboring nodes X1 and X2, enabling attribute propagation. The attribute propagation rule is that each attribute of each neighboring node is multiplied by a coefficient and then added to the attribute value of that node. The coefficients of different attributes of different neighboring nodes are recorded in the weight matrix.
[0097] In this embodiment, the node association matrix, node degree matrix, and node attribute matrix are input into the graph neural network layer of the target resource transfer anomaly detection model, and the output is an updated node representation vector corresponding to each node in the user relationship graph. The node representation vector incorporates the attribute information of adjacent nodes. By using the node representation vector that incorporates the attribute information of adjacent nodes to perform a fully connected operation, the probability of resource transfer anomalies corresponding to each node is more accurate. That is, the probability of resource transfer anomalies of the node corresponding to the target user is more accurate, thereby improving the detection accuracy of resource transfer anomalies of the target user.
[0098] In one embodiment, such as Figure 4 As shown, a schematic diagram of the training process for a resource transfer anomaly detection model is provided; before step 202, which involves obtaining isolated user information and historical user information sets, the following steps are also included:
[0099] Step 402: Obtain the abnormal attribute information of training resource transfer and the training history user relationship graph corresponding to the training target user identifier. The training history user relationship graph is established through the social relationship attributes corresponding to each training history user identifier.
[0100] Step 404: Calculate the similarity between the training target user identifier and each training historical user identifier based on the training resource transfer anomaly attribute information and the training resource transfer anomaly attribute information corresponding to each training historical user identifier in the training historical user relationship graph, obtain each training similarity, and determine the training target historical user identifier from each training historical user identifier based on each training similarity.
[0101] Step 406: Establish the training association relationship between the training target user identifier and the training target historical user identifier, and obtain the training update user relationship graph based on the training association relationship and the training historical user relationship graph.
[0102] Step 408: Obtain the initial resource transfer anomaly detection model and the training labels corresponding to the training and updating user relationship graph; input the training and updating user relationship graph into the initial resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain the initial detection results;
[0103] Step 410: Calculate the loss based on the initial detection results and training labels to obtain model loss information; update the initial resource transfer anomaly detection model based on the model loss information to obtain the updated resource transfer anomaly detection model.
[0104] Step 412: Use the updated resource transfer anomaly detection model as the initial resource transfer anomaly detection model, and return to the step of inputting the trained updated user relationship graph into the initial resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain the initial detection result. This process is repeated until the training completion condition is met, and then the target resource transfer anomaly detection model is obtained.
[0105] Specifically, the server obtains the training resource transfer anomaly attribute information corresponding to the training target user identifier. The training target user identifier can be the identifier corresponding to an isolated user with a known resource transfer result. Then, the server can retrieve various historical user identifiers from the database, randomly select a portion of historical user identifiers as training historical user identifiers, and obtain the social relationships corresponding to each training historical user identifier. Based on the social relationships corresponding to each training historical user identifier, a training historical user relationship graph is built, and this training historical user relationship graph is used as the training set. The server also selects a portion of historical user identifiers as test historical user identifiers and obtains the social relationships corresponding to each test historical user identifier. Based on the social relationships corresponding to each test historical user identifier, a test historical user relationship graph is built, and this test historical user relationship graph is used as the test set.
[0106] The server calculates the similarity between the target user identifier and each historical user identifier in the training history user relationship graph based on the training resource transfer anomaly attribute information and the training resource transfer anomaly attribute information corresponding to each historical user identifier in the training history user relationship graph, obtaining each training similarity score. Then, based on each training similarity score, the server determines the target historical user identifier from each historical user identifier. The server connects the target user identifier with the target historical user identifier in the training history user relationship graph to obtain the updated user relationship graph. The server obtains the resource transfer results corresponding to each user identifier in the updated relationship graph and uses these results as the training labels for the updated relationship graph.
[0107] The server obtains the initial resource transfer anomaly detection model, inputs the updated relational graph into the initial resource transfer anomaly detection model to perform resource transfer anomaly detection, and obtains the initial detection result. Then, the server calculates the loss using a loss function based on the initial detection result and the training labels to obtain the model loss information. The loss function is shown in formula (6):
[0108]
[0109] Among them, Y L Let F represent the set of labeled nodes, F represent the number of categories, and Z represent the probability of an anomaly in the output resource transfer. The server updates the weight matrix in the initial resource transfer anomaly detection model based on the model loss information to obtain the updated resource transfer anomaly detection model.
[0110] The server then updates the resource transfer anomaly detection model as the initial model and returns to the step of inputting the trained updated user relationship graph into the initial model to perform resource transfer anomaly detection and obtain the initial detection result. This process is repeated iteratively until the detected loss information is less than a preset threshold. At this point, the server inputs the test set into the updated model for testing. When the accuracy of the resource transfer anomaly results corresponding to the test set reaches the preset threshold, it indicates that the resource transfer anomaly detection model has completed training, and the last updated model is used as the target model.
[0111] In one specific embodiment, such as Figure 5The diagram illustrates a process for detecting resource transfer anomalies. The server constructs a user relationship network based on the social relationship attributes of each user in the database. It then searches for the most connected graph (the one with the most nodes), i.e., the historical user relationship graph. Next, the server calculates the correlation between each user's attributes and the resource transfer anomaly. By calculating the similarity between each attribute and the resource transfer result, it identifies the user attribute most closely associated with the anomaly, i.e., the resource transfer anomaly attribute. The server then finds other users whose attributes are most similar to the isolated user, i.e., the user corresponding to the target historical user identifier. Finally, the server establishes edges between the isolated user and the user with the most similar attributes in the most connected graph, resulting in an updated user relationship graph. The server inputs the updated user relationship graph into a graph neural network for detection, obtaining the probability of resource transfer anomalies corresponding to the isolated user.
[0112] It should be understood that although the steps in the flowcharts of the embodiments described above are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the embodiments described above may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages of other steps.
[0113] Based on the same inventive concept, this application also provides a data processing apparatus for implementing the data processing method described above. The solution provided by this apparatus is similar to the implementation scheme described in the above method; therefore, the specific limitations in one or more data processing apparatus embodiments provided below can be found in the limitations of the data processing method described above, and will not be repeated here.
[0114] In one embodiment, such as Figure 6 As shown, a data processing device 600 is provided, including: an acquisition module 602, a calculation module 604, an update module 606, and a detection module 608, wherein:
[0115] The acquisition module 602 is used to acquire the target resource transfer anomaly attribute information and historical user relationship graph corresponding to the target user identifier. The historical user relationship graph is established through the social relationship attributes corresponding to each historical user identifier.
[0116] The calculation module 604 is used to calculate the similarity between the target user identifier and each historical user identifier based on the target resource transfer anomaly attribute information and the historical resource transfer anomaly attribute information corresponding to each historical user identifier in the historical user relationship graph, obtain each similarity degree, and determine the target historical user identifier from each historical user identifier based on each similarity degree.
[0117] The update module 606 is used to establish the association between the target user identifier and the target historical user identifier, and to obtain the updated user relationship graph based on the association and the historical user relationship graph.
[0118] The detection module 608 is used to input the updated user relationship graph into the target resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain the probability of resource transfer anomaly corresponding to the target user identifier.
[0119] In one embodiment, the acquisition module 602 includes:
[0120] The mutual information unit is used to obtain the basic attribute information of each user corresponding to each historical user identifier and the resource transfer result corresponding to each historical user identifier; to calculate the mutual information based on the basic attribute information of each user and the resource transfer result, to obtain the mutual information corresponding to the basic attribute information of each user, and to determine the resource transfer anomaly attribute based on the mutual information corresponding to the basic attribute information of each user; and to obtain the target resource transfer anomaly attribute information corresponding to the target user identifier based on the resource transfer anomaly attribute.
[0121] In one embodiment, the detection module 608 includes:
[0122] The matrix transformation unit is used to generate a node association matrix and a node degree matrix based on the node relationships of each node in the updated user relationship graph; to generate a node attribute matrix based on the basic attribute information of each user corresponding to each node in the updated user relationship graph; and to input the node association matrix, node degree matrix and node attribute matrix into the target resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain the probability of resource transfer anomaly corresponding to the target user identifier.
[0123] In one embodiment, the detection module 608 includes:
[0124] The matrix calculation unit is used to generate a node adjacency matrix based on the node relationships of each node in the updated user relationship graph, calculate the sum of the node adjacency matrix and the identity matrix to obtain the node association matrix; generate an initial node degree matrix based on the degree relationships of each node in the updated user relationship graph, calculate the inverse matrix corresponding to the initial node degree matrix to obtain the node degree matrix.
[0125] In one embodiment, the detection module 608 includes:
[0126] The node vector unit is used to update the node representation vectors corresponding to each node in the user relationship graph based on the output of the graph neural network layer in the target resource transfer anomaly detection model, based on the node association matrix, node degree matrix, and node attribute matrix. The node representation vectors corresponding to each node are then input into the fully connected layer in the target resource transfer anomaly detection model for fully connected computation to obtain the probability of resource transfer anomalies corresponding to each node. Based on the probability of resource transfer anomalies corresponding to each node, the probability of resource transfer corresponding to the target user identifier is obtained.
[0127] In one embodiment, the data processing apparatus 600 further includes:
[0128] The training unit is used to acquire training resource transfer anomaly attribute information and training history user relationship graphs corresponding to the training target user identifiers. The training history user relationship graphs are established based on the social relationship attributes corresponding to each training history user identifier. Based on the training resource transfer anomaly attribute information and the training history user relationship graphs, the similarity between the training target user identifier and each training history user identifier is calculated, resulting in various training similarity scores. Based on these similarity scores, the training target historical user identifier is determined from the various training history user identifiers. Training association relationships are established between the training target user identifiers and the training target historical user identifiers, and training update users are obtained based on these training association relationships and the training history user relationship graphs. The process involves: obtaining a relationship graph; acquiring training labels corresponding to the initial resource transfer anomaly detection model and the updated user relationship graph; inputting the updated user relationship graph into the initial resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain initial detection results; calculating the loss based on the initial detection results and training labels to obtain model loss information; updating the initial resource transfer anomaly detection model based on the model loss information to obtain an updated resource transfer anomaly detection model; using the updated resource transfer anomaly detection model as the initial resource transfer anomaly detection model, and iteratively executing the steps of inputting the updated user relationship graph into the initial resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain initial detection results until the training completion condition is met, thus obtaining the target resource transfer anomaly detection model.
[0129] Each module in the aforementioned data processing device can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in a computer device, or stored in the memory of a computer device as software, so that the processor can call and execute the operations corresponding to each module.
[0130] In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as follows: Figure 7As shown, this computer device includes a processor, memory, input / output interfaces (I / O), and a communication interface. The processor, memory, and I / O interfaces are connected via a system bus, and the communication interface is also connected to the system bus via the I / O interfaces. The processor provides computational and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system, computer programs, and a database. The internal memory provides the environment for the operating system and computer programs stored in the non-volatile storage media. The database stores data such as target resource transfer anomaly attribute information and target resource transfer anomaly detection models. The I / O interfaces are used for exchanging information between the processor and external devices. The communication interface is used for communicating with external terminals via a network connection. When the computer program is executed by the processor, it implements a data processing method.
[0131] In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as follows: Figure 8 As shown, the computer device includes a processor, memory, input / output interfaces, a communication interface, a display unit, and an input device. The processor, memory, and input / output interfaces are connected via a system bus, and the communication interface, display unit, and input device are also connected to the system bus via the input / output interfaces. The processor provides computational and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The input / output interfaces are used for exchanging information between the processor and external devices. The communication interface is used for wired or wireless communication with external terminals; wireless communication can be achieved through Wi-Fi, mobile cellular networks, NFC (Near Field Communication), or other technologies. When the computer program is executed by the processor, it implements a data processing method. The display unit of the computer device is used to form a visually visible image. It can be a display screen, a projection device, or a virtual reality imaging device. The display screen can be an LCD screen or an e-ink screen. The input device of the computer device can be a touch layer covering the display screen, or buttons, trackballs, or touchpads set on the casing of the computer device, or external keyboards, touchpads, or mice, etc.
[0132] Those skilled in the art will understand that Figure 7-8The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.
[0133] In one embodiment, a computer device is also provided, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps in the above method embodiments.
[0134] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon that, when executed by a processor, implements the steps in the above method embodiments.
[0135] In one embodiment, a computer program product is provided, including a computer program that, when executed by a processor, implements the steps in the above method embodiments.
[0136] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of the relevant data shall comply with the relevant laws, regulations and standards of the relevant countries and regions.
[0137] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM). The databases involved in the embodiments provided in this application may include at least one type of relational database and non-relational database. Non-relational databases may include, but are not limited to, blockchain-based distributed databases. The processors involved in the embodiments provided in this application may be general-purpose processors, central processing units, graphics processing units, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, etc., and are not limited to these.
[0138] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.
[0139] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.
Claims
1. A data processing method, characterized in that, The method includes: Obtaining target resource transfer anomaly attribute information and historical user relationship graph corresponding to a target user identifier includes: obtaining basic user attribute information and resource transfer results corresponding to each historical user identifier; performing mutual information calculation based on the basic user attribute information and the resource transfer results to obtain mutual information corresponding to each basic user attribute information, and determining resource transfer anomaly attributes based on the mutual information corresponding to each basic user attribute information; obtaining target resource transfer anomaly attribute information corresponding to the target user identifier based on the resource transfer anomaly attributes, wherein the historical user relationship graph is established through social relationship attributes corresponding to each historical user identifier; Based on the abnormal attribute information of the target resource transfer and the abnormal attribute information of the historical resource transfer corresponding to each historical user identifier in the historical user relationship graph, the similarity between the target user identifier and each historical user identifier is calculated to obtain each similarity level. Based on the each similarity level, the target historical user identifier is determined from each historical user identifier. Establish the association between the target user identifier and the target historical user identifier, and obtain an updated user relationship graph based on the association and the historical user relationship graph; The updated user relationship graph is input into the target resource transfer anomaly detection model to detect resource transfer anomalies and obtain the probability of resource transfer anomalies corresponding to the target user identifier.
2. The method according to claim 1, characterized in that, The updated user relationship graph includes each node and the basic attribute information of each user corresponding to each node; the step of inputting the updated user relationship graph into the target resource transfer anomaly detection model to perform resource transfer anomaly detection, and obtaining the probability of resource transfer anomaly corresponding to the target user identifier, includes: Generate a node association matrix and a node degree matrix based on the node relationships of each node in the updated user relationship graph; A node attribute matrix is generated based on the basic attribute information of each user corresponding to each node in the updated user relationship graph. The node association matrix, the node degree matrix, and the node attribute matrix are input into the target resource transfer anomaly detection model to perform resource transfer anomaly detection, thereby obtaining the probability of resource transfer anomaly corresponding to the target user identifier.
3. The method according to claim 2, characterized in that, The process of generating a node association matrix and a node degree matrix based on the node relationships of each node in the updated user relationship graph includes: Based on the node relationships of each node in the updated user relationship graph, a node adjacency matrix is generated, and the sum of the node adjacency matrix and the identity matrix is calculated to obtain the node association matrix. An initial node degree matrix is generated based on the degree relationship of each node in the updated user relationship graph. The inverse matrix corresponding to the initial node degree matrix is calculated to obtain the node degree matrix.
4. The method according to claim 2, characterized in that, The step of inputting the node association matrix, the node degree matrix, and the node attribute matrix into the target resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain the probability of resource transfer anomaly corresponding to the target user identifier includes: Based on the node association matrix, the node degree matrix, and the node attribute matrix, the graph neural network layer in the target resource transfer anomaly detection model outputs the node representation vector corresponding to each node in the updated user relationship graph; The node representation vectors corresponding to each node are input into the fully connected layer of the target resource transfer anomaly detection model for fully connected computation to obtain the probability of resource transfer anomalies corresponding to each node. The probability of resource transfer corresponding to the target user identifier is obtained based on the probability of resource transfer anomalies corresponding to each node.
5. The method according to claim 1, characterized in that, Before obtaining isolated user information and historical user information sets, the following steps are also included: Obtain training resource transfer anomaly attribute information and training history user relationship graph corresponding to the training target user identifier. The training history user relationship graph is established through the social relationship attributes corresponding to each training history user identifier. Based on the training resource transfer anomaly attribute information and the training resource transfer anomaly attribute information corresponding to each training historical user identifier in the training historical user relationship graph, the similarity between the training target user identifier and each training historical user identifier is calculated to obtain each training similarity. Based on the training similarity, the training target historical user identifier is determined from each training historical user identifier. Establish a training association relationship between the training target user identifier and the training target historical user identifier, and obtain a training update user relationship graph based on the training association relationship and the training historical user relationship graph; Obtain the initial resource transfer anomaly detection model and the training labels corresponding to the trained and updated user relationship graph; input the trained and updated user relationship graph into the initial resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain the initial detection result; Based on the initial detection results and the training labels, loss calculation is performed to obtain model loss information. Based on the model loss information, the initial resource transfer anomaly detection model is updated to obtain the updated resource transfer anomaly detection model. The updated resource transfer anomaly detection model is used as the initial resource transfer anomaly detection model, and the process of inputting the trained updated user relationship graph into the initial resource transfer anomaly detection model to perform resource transfer anomaly detection and obtain the initial detection result is repeated until the training completion condition is met, thus obtaining the target resource transfer anomaly detection model.
6. A data processing apparatus, characterized in that, The device includes: The acquisition module is used to acquire target resource transfer anomaly attribute information and historical user relationship graph corresponding to the target user identifier, including: acquiring basic user attribute information and resource transfer results corresponding to each historical user identifier; performing mutual information calculation based on the basic user attribute information and the resource transfer results to obtain mutual information corresponding to the basic user attribute information, and determining resource transfer anomaly attributes based on the mutual information corresponding to the basic user attribute information; acquiring target resource transfer anomaly attribute information corresponding to the target user identifier based on the resource transfer anomaly attributes, wherein the historical user relationship graph is established through the social relationship attributes corresponding to each historical user identifier; The calculation module is used to calculate the similarity between the target user identifier and each historical user identifier based on the target resource transfer anomaly attribute information and the historical resource transfer anomaly attribute information corresponding to each historical user identifier in the historical user relationship graph, obtain each similarity degree, and determine the target historical user identifier from each historical user identifier based on the each similarity degree; The update module is used to establish the association between the target user identifier and the target historical user identifier, and to obtain an updated user relationship graph based on the association and the historical user relationship graph; The detection module is used to input the updated user relationship graph into the target resource transfer anomaly detection model to detect resource transfer anomalies and obtain the probability of resource transfer anomalies corresponding to the target user identifier.
7. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 1 to 5.
8. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 5.
9. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 5.