Anti-fraud information push methods, systems, and storage media using deep learning
By learning fraud behavior patterns and user characteristics through a deep learning recurrent neural network model, node-based risk assessment results are generated and anti-fraud information push strategies are optimized. This solves the problem of lack of personalization and dynamic adjustment in existing anti-fraud information push, and achieves more efficient anti-fraud information push.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA MOBILE COMM GRP TIBET CO LTD
- Filing Date
- 2025-09-22
- Publication Date
- 2026-06-30
AI Technical Summary
Existing anti-fraud information push methods lack comprehensive consideration of fraud behavior patterns and user characteristics, resulting in a lack of personalized and dynamic adjustment capabilities in push strategies, which cannot effectively improve accuracy and flexibility.
By accessing historical training datasets from a cloud-based anti-fraud database, a deep learning recurrent neural network model is used to learn fraud behavior patterns and user characteristics, generating node-based risk assessment results. Based on these results, differentiated anti-fraud information push strategies are generated, and user response information is continuously tracked to optimize the strategies.
It achieves accuracy and flexibility in anti-fraud information push, and can dynamically adjust according to the user's actual situation and changes in risk, thereby improving the targeting and effectiveness of information push and effectively preventing fraud risks.
Smart Images

Figure CN121098920B_ABST
Abstract
Description
Technical Field
[0001] The embodiments of the present invention relate to the field of information push technology, and in particular to an anti-fraud information push method, system and storage medium using deep learning. Background Technology
[0002] In today's digital age, fraud methods are constantly evolving and becoming increasingly sophisticated, posing a serious threat to users' property and personal information security. To effectively prevent fraud, relevant fields have been exploring various anti-fraud information push methods. Existing technologies primarily rely on simple rule matching, such as screening user behavior or information based on preset fraud keywords, and pushing anti-fraud information once a keyword is matched. Other methods employ traditional machine learning models, assessing a user's fraud risk through the analysis of a limited number of features; however, these features are often relatively singular and lack a comprehensive consideration of fraud behavior patterns and user characteristics. Furthermore, some anti-fraud information push strategies are relatively fixed, lacking personalization and dynamic adjustment capabilities, and unable to respond promptly to changes in users' actual situations and risks. Therefore, improving the accuracy and flexibility of anti-fraud information push is a technical problem that needs to be solved. Summary of the Invention
[0003] This invention provides a method, system, and storage medium for anti-fraud information push using deep learning.
[0004] This invention provides a method for anti-fraud information push using deep learning, applied to an anti-fraud information push system. The method includes: retrieving a historical anti-fraud training dataset from a cloud-based anti-fraud database. This dataset records historical fraud cases, corresponding preventative measures, and users' historical interaction behaviors when faced with fraudulent information. The method also includes: training an initial recurrent neural network model using the historical anti-fraud training dataset based on fraud behavior patterns and user characteristics; optimizing model parameters by combining the temporal evolution of fraud behavior patterns and the correlation of user characteristics to obtain a target recurrent neural network model; and inputting the current behavior data of the user to be tested into the target recurrent neural network model. The neural network model performs risk assessment operations on the matching degree analysis between user behavior and fraud patterns, generating a node-based risk assessment result consisting of multiple risk assessment nodes. Each risk assessment node corresponds to the risk level and susceptibility probability assessment value of the user under test in the target fraud scenario. Based on the node-based risk assessment result, a differentiated anti-fraud information push strategy adapted to the risk characteristics of the user under test is generated and pushed to the user's terminal device. The interaction response information of the user under test to the differentiated push strategy is continuously tracked and collected. The corresponding risk assessment nodes in the node-based risk assessment result are adjusted according to the interaction response information, and the differentiated push strategy is iteratively optimized and updated based on the adjusted node-based risk assessment result.
[0005] One embodiment of the present invention provides an anti-fraud information push system, comprising:
[0006] A processor; a storage device having a computer program stored thereon; a network interface for providing network communication functions; when the computer program is executed by the processor, the processor enables the processor to implement any of the aforementioned anti-fraud information push methods using deep learning.
[0007] One embodiment of the present invention provides a readable storage medium on which a program or instruction is stored, and when the program or instruction is executed by a processor, it implements the steps of the anti-fraud information push method using deep learning.
[0008] This invention first retrieves a historical anti-fraud training dataset from a cloud-based anti-fraud database. Based on this dataset, an initial recurrent neural network model is trained using fraud behavior patterns and user characteristics. The model parameters are then optimized by combining the temporal evolution of fraud behavior patterns with the correlation of user characteristics to obtain a target recurrent neural network model. This allows the model to deeply learn the complex patterns of fraud behavior and the intrinsic relationship between user characteristics and fraud risk, thereby improving the accuracy and reliability of the model's user risk assessment.
[0009] Secondly, the current behavioral data of the users to be tested is input into the target recurrent neural network model to perform a matching degree analysis between user behavior and fraud patterns and to perform risk assessment operations, generating node-based risk assessment results. The node-based assessment method can meticulously present the risk level and susceptibility assessment value of the users to be tested in different target fraud scenarios, providing an accurate basis for anti-fraud information push.
[0010] Then, based on the node-based risk assessment results, a differentiated anti-fraud information push strategy adapted to the risk characteristics of the users under test is generated and pushed to the terminal devices, realizing personalized anti-fraud information push and improving the targeting and effectiveness of the information. The interaction response information of the users under test to the differentiated push strategy is continuously tracked and collected. The corresponding risk assessment nodes in the node-based risk assessment results are adjusted according to the interaction response information, and the differentiated push strategy is iteratively optimized and updated based on the adjusted node-based risk assessment results. This allows the anti-fraud information push strategy to be dynamically adjusted and optimized according to the actual feedback of users and changes in risk, continuously improving the adaptability and accuracy of the push strategy, thereby more effectively helping users prevent fraud risks and improving the overall accuracy and flexibility of anti-fraud information push. Attached Figure Description
[0011] To more clearly illustrate the technical solutions in the embodiments of the present invention or related technologies, the drawings used in the description of the embodiments or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0012] Figure 1 This is a flowchart illustrating an anti-fraud information push method using deep learning, provided as an embodiment of the present invention.
[0013] Figure 2 This is a schematic diagram of the basic structure of an anti-fraud information push system provided in an embodiment of the present invention.
[0014] Figure 3 This is a functional module block diagram of an anti-fraud information push device provided in an embodiment of the present invention. Detailed Implementation
[0015] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0016] Please see Figure 1 , Figure 1 This is a flowchart of an anti-fraud information push method using deep learning provided in an embodiment of the present invention. The method can be executed by the anti-fraud information push system or jointly executed by the anti-fraud information push system and the server. The method may include steps S110-S140.
[0017] Step S110: Retrieve the historical anti-fraud training dataset from the cloud anti-fraud database. The historical anti-fraud training dataset records information on historical fraud cases and corresponding preventive measures, as well as the user's historical interaction behavior records when facing fraudulent information.
[0018] In the application scenario of this invention, the cloud-based anti-fraud database is a resource library that centrally stores a large amount of anti-fraud related data. Taking a large financial service platform as an example, this platform has numerous users and encounters various types of fraud during its daily operations. The cloud-based anti-fraud database collects detailed information on these historical fraud cases. Specifically, the information covers the type of fraud, such as online loan fraud, investment fraud, and telecommunications fraud; the time of the fraud, accurate to the specific time period, which helps to analyze the temporal patterns of fraudulent behavior; the amount of money involved, reflecting the severity of the fraud; and the methods of fraud, such as deceptive websites and impersonating customer service.
[0019] Simultaneously, the database also records the corresponding preventative measures taken against these fraud cases, such as sending alert text messages to inform users of potential risks; restricting transactions by temporarily freezing certain transaction permissions of user accounts to prevent further financial losses; and providing security prompts by displaying fraud prevention information in a prominent position on the platform interface. Furthermore, the database records users' historical interaction behavior when faced with fraudulent messages, including whether users clicked on fraudulent links, the number of clicks and the time intervals between clicks; whether they replied to fraudulent text messages, the content and tone of their replies; and whether they reported fraudulent information to the platform, the method and time of their feedback.
[0020] Step S120: Use the historical anti-fraud training dataset to train the initial recurrent neural network model based on fraud behavior patterns and user features. Combine the temporal evolution of fraud behavior patterns and the correlation of user features to optimize the model parameters to obtain the target recurrent neural network model.
[0021] Step S121: Perform structured analysis on the historical fraud case information in the historical anti-fraud training dataset, extract the behavioral feature sequences corresponding to different fraud types, and mine the evolution law of the behavioral feature sequences over time through time series analysis to construct a time series evolution model of fraud behavior patterns.
[0022] After acquiring the historical anti-fraud training dataset, the historical fraud case information needs to be processed. First, structured analysis is performed to transform the complex, unstructured fraud case information into an organized and analyzable structure. Taking online loan fraud as an example, relevant information is analyzed to extract a series of behavioral features, such as the time intervals at which fraudsters send loan invitation text messages, keywords in the text messages, and methods used to induce users to click on links, forming a behavioral feature sequence. The same method is used to extract corresponding behavioral feature sequences for different types of fraud, such as investment fraud and telecommunications fraud. Next, time series analysis is used to conduct in-depth research on these behavioral feature sequences. Time series analysis can help discover the evolutionary patterns of behavioral feature sequences over time. For example, it might be found that in online loan fraud, the frequency of text messages sent by fraudsters gradually increases within a certain period, and the content of the text messages becomes more persuasive; or that investment fraud may use new fraudulent methods in specific seasons, such as launching fake high-yield financial products. By mining these patterns, a time-series evolution model of fraud behavior patterns can be constructed. This model can describe the changes in behavioral characteristics of different types of fraud at different points in time, providing time-dimensional information about fraud behavior patterns for model training.
[0023] Step S122: Extract user features from the user's historical interaction behavior records in the historical anti-fraud training dataset, generate user feature vectors containing user basic attributes, behavioral habits and historical fraud experiences, and calculate the similarity between different user feature vectors to establish a user feature correlation matrix.
[0024] For historical user interaction records in the historical anti-fraud training dataset, user feature extraction is required. Taking users of financial service platforms as an example, basic user attributes include age, gender, occupation, and income level. These attributes reflect the user's basic characteristics, and different attributes may affect the user's sensitivity to fraudulent information and their response. Regarding behavioral habits, this includes the frequency of user platform usage (high-frequency or low-frequency user); the range of transaction amounts (primarily small transactions or mostly large transactions); and the timing of transactions (weekdays or weekends). Historical fraud experiences record whether the user has ever encountered fraud, the type of fraud, and the extent of loss. Integrating this information generates a user feature vector. Each user has a corresponding user feature vector, which contains information about the user's basic attributes, behavioral habits, and historical fraud experiences.
[0025] Next, the similarity between different user feature vectors is calculated. The cosine similarity algorithm can be used to measure the degree of similarity between two user feature vectors. If the feature vectors of two users have a high similarity, it indicates that they share similar characteristics in some aspects, such as similar age, occupation, or behavioral habits. By calculating the similarity between all user feature vectors, a user feature correlation matrix can be established, which reflects the degree of feature correlation between different users.
[0026] Step S123: Input the temporal evolution model of the fraud behavior pattern and the user feature correlation matrix into the initial recurrent neural network model. The hidden layer neurons of the initial recurrent neural network model perform nonlinear mapping learning on the correlation between the temporal evolution model of the fraud behavior pattern and the user feature correlation matrix. The backpropagation algorithm is used to adjust the network weights and bias parameters according to the prediction error.
[0027] The initial recurrent neural network (RNN) model is a type of neural network with a recurrent structure, suitable for processing sequential data. The previously constructed temporal evolution model of fraud behavior patterns and the user feature correlation matrix are input into the initial RNN model. The hidden layer neurons of the model have non-linear mapping capabilities, enabling them to learn the correlation between the input temporal evolution model of fraud behavior patterns and the user feature correlation matrix. For example, the hidden layer neurons can learn the temporal correlation between certain user characteristics and a given fraud behavior pattern, i.e., certain types of users are more susceptible to certain scams during a given time period.
[0028] During model training, the backpropagation algorithm is used to adjust the network's weights and bias parameters. The backpropagation algorithm adjusts the model based on the prediction error, which is the difference between the model's predictions and the actual results. By continuously calculating the prediction error and adjusting the network weights and bias parameters according to its magnitude and direction, the model's predictions gradually approach the actual results, thereby improving the model's accuracy.
[0029] Step S124: During model training, the risk assessment accuracy of the model is monitored in real time using a validation dataset. When the assessment accuracy reaches the preset accuracy for a preset number of consecutive times, model training is stopped and the current model parameters are saved as the final parameter configuration of the target recurrent neural network model.
[0030] During model training, to ensure the model's generalization ability and accuracy, a validation dataset is needed to evaluate the model. The validation dataset is a different set of data from the training dataset, used to test the model's performance on unseen data. During training, the model's risk assessment accuracy is monitored in real time. The preset number of runs and preset accuracy are set based on actual needs and experience. For example, the preset number of runs can be set to many, and the preset accuracy can be set to a relatively high level.
[0031] When the model achieves the preset accuracy for a preset number of consecutive evaluations, it indicates that the model has reached a good performance. At this point, model training is stopped, and the current model parameters are saved as the final parameter configuration for the target recurrent neural network model. The resulting target recurrent neural network model can more accurately assess the user's risk.
[0032] Step S130: Input the current behavior data of the user to be tested into the target recurrent neural network model, and perform a risk assessment operation through the matching degree analysis of user behavior and fraud pattern by the target recurrent neural network model to generate a node-based risk assessment result consisting of multiple risk assessment nodes. Each risk assessment node corresponds to the risk level and susceptibility probability assessment value of the user to be tested in the target fraud scenario.
[0033] Step S131: Perform data preprocessing on the current behavior data of the user to be tested, and convert the preprocessed current behavior data into a user behavior feature vector that conforms to the model input format.
[0034] Taking a user on a financial services platform as an example, the user's current behavioral data may include various operational information on the platform. For example, the user's login time reflects the user's regular usage patterns; the pages browsed, including loan pages and wealth management product pages, show the user's interests and preferences; and the transactions performed, such as transfers and top-ups, reflect the user's cash flow. First, this current behavioral data undergoes preprocessing. Preprocessing steps include data cleaning to remove noise and errors, such as deleting abnormal login time records; data normalization to unify data from different ranges into a suitable interval, making the data comparable; and data encoding to convert some non-numerical data into numerical data, such as encoding the user's occupation information. After preprocessing, this data is converted into user behavior feature vectors that conform to the input format of the target recurrent neural network model. These vectors contain key information about the user's current behavior and can be effectively processed by the target recurrent neural network model.
[0035] Step S132: Input the user behavior feature vector into the input layer of the target recurrent neural network model, and map the user behavior feature vector into a low-dimensional dense behavior feature embedding vector through the embedding layer of the target recurrent neural network model, while retaining the key semantic information of the user behavior.
[0036] The preprocessed user behavior feature vectors are input into the input layer of the target recurrent neural network model. The input layer is the entry point for the model to receive data, passing the user behavior feature vectors to the next layer. Next, the embedding layer of the target recurrent neural network model processes the user behavior feature vectors. The main function of the embedding layer is to map the high-dimensional, sparse user behavior feature vectors into low-dimensional, dense behavior feature embedding vectors. In this process, the embedding layer preserves the key semantic information of the user behavior. For example, a user's browsing of a loan page will be transformed into a low-dimensional vector under the mapping of the embedding layer, while still containing the key information about the user's interest in loan services. In this way, the embedding layer can reduce the dimensionality of the data, improve the computational efficiency of the model, and retain important information, providing a better data representation for analysis.
[0037] Step S133: Call the recurrent computation layer of the target recurrent neural network model to extract temporal features from the behavioral feature embedding vector, analyze the changing trend of user behavior in the time dimension and the degree of matching with historical fraud behavior patterns, and generate a user behavior risk matching feature vector.
[0038] Step S1331: In the recurrent computation layer of the target recurrent neural network model, long short-term memory units are used to perform time-step sequential processing on the behavioral feature embedding vector. The inflow and forgetting of behavioral feature information are controlled by a gating mechanism to capture the long-term dependency relationship of user behavior.
[0039] The recurrent computation layer of the target recurrent neural network model uses Long Short-Term Memory (LSTM) units to process behavioral feature embedding vectors. LSTM is a special type of recurrent neural network unit with a gating mechanism, enabling it to efficiently process sequential data. When processing behavioral feature embedding vectors, LSTM processes the vectors step-by-step over time. For example, for user behavior data over a period of time, LSTM processes the behavioral feature embedding vectors at each time point sequentially. The gating mechanism includes an input gate, a forget gate, and an output gate. The input gate controls the inflow of new behavioral feature information, determining which information can enter the LSTM unit; the forget gate controls the forgetting of old information, determining which historical information needs to be retained or discarded; the output gate controls the final output information, determining which information can be used as the output of the current time step. Through this gating mechanism, LSTM can capture long-term dependencies in user behavior. For example, there may be some correlation between consecutive user actions over a period of time; LSTM can learn this correlation through the gating mechanism, thereby better understanding user behavior patterns.
[0040] Step S1332: Calculate the similarity between the hidden state vector output by the long short-term memory unit and the temporal evolution model of historical fraud behavior patterns. Use cosine similarity to measure the degree of matching between the current user behavior features and the features of each historical fraud pattern to obtain an initial matching score.
[0041] After the LSTM processes the behavioral feature embedding vector, it outputs a hidden state vector containing the user's behavioral features at the current time step. This hidden state vector is then compared to a temporal evolution model of historical fraud behavior patterns for similarity calculation. Cosine similarity is used to measure the degree of matching between the current user behavior features and the features of each historical fraud pattern. Cosine similarity is an exemplary similarity measurement method that measures the similarity between two vectors by calculating the cosine of the angle between them. A high cosine similarity value indicates that the current user behavior features are relatively similar to a certain historical fraud pattern feature; conversely, a low cosine similarity value indicates a low similarity. This method yields an initial matching score, which reflects the preliminary matching status between the current user behavior and each historical fraud pattern.
[0042] Step S1333: Based on the time sequence of user behavior, perform weighted summation on the initial matching scores at different time steps to generate a time-weighted comprehensive matching index.
[0043] After obtaining the initial matching scores at different time points, it's necessary to process these scores considering the chronological order of user behavior. This is because behaviors at different points in time may have varying degrees of importance for the current risk assessment. For example, recent behavior may reflect a user's current risk profile more accurately than older behavior. Based on the chronological order of user behavior, the initial matching scores at different time points are weighted and summed. A weight is assigned to each initial matching score at each time point, with higher weights for recent behaviors and lower weights for older behaviors. Then, each initial matching score at each time point is multiplied by its corresponding weight, and all results are summed to obtain a time-weighted comprehensive matching index. This index comprehensively considers changes in user behavior over time, more accurately reflecting the degree of matching between user behavior and historical fraud patterns.
[0044] Step S1334: Perform correlation analysis between the comprehensive matching degree index and the user feature correlation matrix, adjust the matching degree weights under different fraud scenarios, and generate a user behavior risk matching degree feature vector that integrates time factors and user characteristics.
[0045] The time-weighted comprehensive matching degree index obtained earlier is then correlated with the user feature correlation matrix. The user feature correlation matrix reflects the degree of feature correlation between different users. Through correlation analysis, the impact of user characteristics on the matching degree can be considered. For example, certain user characteristics may make users more susceptible to certain types of fraud. In the correlation analysis, the matching degree weights for different fraud scenarios can be adjusted based on these characteristics. For fraud scenarios with a high correlation to user characteristics, their matching degree weights are appropriately increased; for fraud scenarios with a low correlation, their matching degree weights are decreased. In this way, a user behavior risk matching degree feature vector that integrates time factors and user characteristics is generated. This vector comprehensively considers the changes in user behavior over time and the user's own characteristics, more comprehensively reflecting the degree of matching and risk between user behavior and fraud patterns.
[0046] Step S134: Input the user behavior risk matching feature vector into the output layer of the target recurrent neural network model, calculate the risk probability distribution of the user under test in each preset fraud scenario, determine the risk level and vulnerability assessment value corresponding to each preset fraud scenario based on the risk probability distribution, and combine them to form a node-based risk assessment result containing multiple risk assessment nodes.
[0047] Step S1341: Flatten the user behavior risk matching feature vector into a one-dimensional feature vector and input it into the output layer of the target recurrent neural network model. The output layer contains the same number of neurons as the preset fraud scenarios, and each neuron corresponds to a risk probability prediction for a fraud scenario.
[0048] The user behavior risk matching feature vector, which integrates time factors and user characteristics, is flattened and transformed into a one-dimensional feature vector. This design is intended to adapt it to the input requirements of the output layer of the target recurrent neural network model. The output layer of the target recurrent neural network model contains the same number of neurons as the preset fraud scenarios. For example, if multiple fraud scenarios such as online loan fraud, investment fraud, and telecommunications fraud are preset, the output layer will have a corresponding number of neurons. Each neuron corresponds to a risk probability prediction for one fraud scenario. When the one-dimensional feature vector is input to the output layer, each neuron calculates based on the input information and outputs a risk probability prediction value related to the corresponding fraud scenario.
[0049] Step S1342: Apply the softmax activation function to normalize the output values of each neuron in the output layer, and convert the output values into the risk probability distribution of the user in each preset fraud scenario.
[0050] The output values of each neuron in the output layer can be values within any range. To convert these values into a probability distribution, a softmax activation function is applied for normalization. The softmax activation function maps the output values to a probability distribution such that the sum of all output values is 1. After processing by the softmax activation function, the output value of each neuron represents the risk probability of the tested user in the corresponding preset fraud scenario. For example, the output value of a neuron, after softmax processing, becomes a specific probability value, representing the risk probability of the tested user in that preset fraud scenario. In this way, the risk probability distribution of the user in various preset fraud scenarios is obtained.
[0051] Step S1343: Based on the preset risk probability threshold range, map the risk probability value of each preset fraud scenario to the corresponding risk level, and use the risk probability value as the susceptibility assessment value under the corresponding preset fraud scenario.
[0052] This step predefines a series of risk probability threshold ranges, each corresponding to a risk level, such as low risk, medium risk, and high risk. Based on these threshold ranges, the risk probability values for each pre-defined fraud scenario are mapped. For example, if the risk probability value of a pre-defined fraud scenario falls within the low-risk threshold range, then the risk level for that fraud scenario is low risk; if it falls within the high-risk threshold range, then the risk level is high risk. Simultaneously, the risk probability value is directly used as an assessment value for the likelihood of being scammed under the corresponding pre-defined fraud scenario. This assessment value intuitively reflects the probability that the tested user is easily scammed in each pre-defined fraud scenario.
[0053] Step S1344: Create a risk assessment node for each preset fraud scenario, using the risk level and vulnerability assessment value of the preset fraud scenario as node attributes, and classify and organize the risk assessment nodes according to the type of fraud scenario to form a structured node-based risk assessment result.
[0054] A risk assessment node is created for each preset fraud scenario. Each node contains the risk level and vulnerability assessment value for that preset fraud scenario as node attributes. For example, for the preset fraud scenario of online loan fraud, a risk assessment node is created, and the node attributes include the risk level of the scenario (e.g., medium risk) and the vulnerability assessment value (e.g., a specific probability value). Then, these risk assessment nodes are categorized and organized according to the type of fraud scenario. Different types of risk assessment nodes, such as online loan fraud, investment fraud, and telecommunications fraud, are classified separately. In this way, a structured, node-based risk assessment result is formed, which comprehensively displays the risk status of the tested user under various preset fraud scenarios in the form of nodes.
[0055] Step S140: Based on the node-based risk assessment results, generate a differentiated anti-fraud information push strategy adapted to the risk characteristics of the user under test and push it to the user's terminal device. Continuously track and collect the user's interaction response information to the differentiated push strategy. Adjust the corresponding risk assessment node in the node-based risk assessment results according to the interaction response information. Iterate, optimize and update the differentiated push strategy based on the adjusted node-based risk assessment results.
[0056] Step S141: Based on the node-based risk assessment results, generate a differentiated anti-fraud information push strategy adapted to the risk characteristics of the user under test and push it to the terminal device of the user under test.
[0057] Step S1411: Perform feature evolution analysis on each risk assessment node in the nodeized risk assessment results to identify the correlation characteristics between risk level and vulnerability probability assessment value as user behavior sequence changes, and determine the risk sensitivity dimension of the user under test in different fraud scenarios.
[0058] Each risk assessment node in the previously obtained node-based risk assessment results undergoes feature evolution analysis. Taking the test users of a financial service platform as an example, the changes in risk level and vulnerability probability assessment values with user behavior sequences are analyzed. For example, changes in user login frequency, transaction amount, and page browsing behavior sequences over a period of time are observed, and these changes are analyzed to determine how they affect the risk level and vulnerability probability assessment values under various fraud scenarios. Through this analysis, the correlation characteristics between risk level and vulnerability probability assessment values as a function of user behavior sequences are identified. For example, it is found that when users frequently log in to loan pages and make large transactions, the risk level and vulnerability probability assessment values under online loan fraud scenarios increase significantly. Based on these correlation characteristics, the risk sensitivity dimensions of the test users under different fraud scenarios are determined. For online loan fraud scenarios, risk sensitivity dimensions may include the user's loan needs and credit status; for investment and wealth management fraud scenarios, risk sensitivity dimensions may include the user's investment experience and investment preferences.
[0059] Step S1412: Search the anti-fraud information resource library according to the risk sensitivity dimension, and extract the anti-fraud information feature set that matches the risk sensitivity dimension. The anti-fraud information feature set includes the semantic features of the information content, the modal features of the presentation format, and the behavioral guidance features of the prevention suggestions.
[0060] Based on the identified risk sensitivity dimensions of the test users under different fraud scenarios, an anti-fraud information resource database is retrieved. This database stores a large amount of anti-fraud information, including various types such as text descriptions, images, and videos. During the retrieval process, a set of anti-fraud information features matching each risk sensitivity dimension is extracted. For example, in the case of online loan fraud, if the risk sensitivity dimensions are the user's loan needs and credit status, information related to loan fraud prevention and credit protection will be retrieved from the resource database. The anti-fraud information feature set includes semantic features of the information content, such as keywords and themes; modal features of the presentation format, such as whether the information is presented as text, images, or videos; and behavioral guidance features of prevention suggestions, such as specific preventative measures and operational steps provided in the information. In this way, a set of anti-fraud information features matching the risk sensitivity dimensions of the test users is extracted.
[0061] Step S1413: Perform semantic association modeling on the anti-fraud information feature set and the user feature vector of the user to be tested, and mine the implicit association between information features and user features at the semantic level through a bidirectional attention mechanism to generate a correlation-weighted information feature sequence.
[0062] Step S14131: Input the information feature vectors in the anti-fraud information feature set and the user feature vector of the user to be tested into the feature alignment layer of the bidirectional attention model, and calculate the initial semantic relevance matrix through cosine similarity.
[0063] Each information feature vector in the anti-fraud information feature set and the user feature vector of the target user are input into the feature alignment layer of the bidirectional attention model. The function of the feature alignment layer is to process the input vectors, enabling effective comparison and analysis. In the feature alignment layer, an initial semantic relevance matrix is calculated using cosine similarity. Cosine similarity measures the degree of semantic similarity between two vectors. For each information feature vector and user feature vector, their cosine similarity values are calculated, and these values are combined into a matrix, namely the initial semantic relevance matrix, which reflects the initial semantic relevance between the anti-fraud information features and the user features.
[0064] Step S14132: Using the query-key-value mechanism of the bidirectional attention model, with the user feature vector as the query vector and the information feature vector as the key vector, calculate the weight distribution of user attention to different information features.
[0065] The bidirectional attention model employs a query-key-value mechanism. In this mechanism, the user's feature vector is used as the query vector, and the information feature vectors from the anti-fraud information feature set are used as the key vectors. This mechanism calculates the weight distribution of user attention to different information features. Specifically, the query vector is compared with each key vector, and an attention weight is assigned to each information feature vector based on the comparison result. The attention weight represents the degree of user interest in that information feature; a higher weight indicates a greater likelihood of user interest in that information feature.
[0066] Step S14133: Using the information feature vector as the query vector and the user feature vector as the key vector, calculate the fit weight distribution of the information feature to the user feature.
[0067] Reversing the previous steps, this time we use the information feature vector from the anti-fraud information feature set as the query vector and the user feature vector of the user to be tested as the key vector. We also utilize the query-key-value mechanism of the bidirectional attention model to calculate the weight distribution of the fit between information features and user features. Through this reverse calculation, we can analyze the degree of fit between each information feature and the user features from the perspective of information features. The higher the fit weight, the more suitable the information feature is for the user.
[0068] Step S14134: Integrate the attention weight distribution and the fit weight distribution to generate a bidirectional correlation weight matrix. Obtain the comprehensive correlation weight of each information feature by normalizing the matrix element values.
[0069] The previously obtained weighted distributions of user attention to different information features and the weighted distributions of the fit between information features and user features are then merged. This can be achieved using methods such as weighted averaging to combine these two weighted distributions, generating a bidirectional correlation weight matrix. This matrix comprehensively considers both the degree of user attention to information features and the degree of fit between information features and users. Then, the element values of the bidirectional correlation weight matrix are normalized to ensure that each element value falls within a suitable range. After normalization, the comprehensive correlation weight of each information feature is obtained, which more accurately reflects the semantic correlation between information features and user features.
[0070] Step S14135: Based on the comprehensive correlation weight, the information feature vectors in the anti-fraud information feature set are weighted and sorted to generate a correlation-weighted information feature sequence arranged from high to low correlation.
[0071] Based on the comprehensive relevance weights of the information features obtained earlier, the information feature vectors in the anti-fraud information feature set are weighted and sorted. Information feature vectors with higher relevance weights are ranked first, and those with lower relevance weights are ranked last. In this way, a relevance-weighted information feature sequence is generated, arranged from highest to lowest relevance. This sequence provides a basis for information push, prioritizing the delivery of information with high relevance to user characteristics.
[0072] Step S1414: Call the multimodal feature fusion module to perform cross-modal information collaborative processing on the correlation weighted information feature sequence, map semantic features, modal features and behavioral guidance features to a unified feature space, and generate a multimodal fusion feature vector with user risk feature adaptability.
[0073] The multimodal feature fusion module processes the relevance-weighted information feature sequence, which includes semantic features of the information content, modal features of the presentation format, and behavioral guidance features for prevention suggestions, among other modalities. The multimodal feature fusion module performs cross-modal information collaborative processing, mapping these different modal features to a unified feature space. For example, it fuses semantic features of text information, visual features of images, and dynamic features of videos, enabling these different modal features to be represented in the same feature space. In this way, a multimodal fusion feature vector with user risk profile adaptability is generated. This vector integrates information from multiple modalities and is adapted to the risk profile of the user being tested, providing better data support for generating personalized anti-fraud information push strategies.
[0074] Step S1415: Construct an anti-fraud information push strategy generation model based on the multimodal fusion feature vector, output a differentiated anti-fraud information push strategy that includes information presentation order, modal combination method and behavior guidance intensity through a sequence generation algorithm, encode the differentiated anti-fraud information push strategy into a push instruction that can be parsed by the terminal device and transmit it to the terminal device of the user to be tested.
[0075] Based on the previously generated multimodal fusion feature vectors adapted to user risk characteristics, an anti-fraud information push strategy generation model is constructed. This model can employ deep learning models, such as recurrent neural networks and convolutional neural networks. Through sequence generation algorithms, the model outputs differentiated anti-fraud information push strategies that include information presentation order, modal combination method, and behavioral guidance intensity, according to the multimodal fusion feature vectors. The information presentation order determines the order in which anti-fraud information is displayed; the modal combination method determines whether the information is presented in the form of text, images, videos, or a combination thereof; and the behavioral guidance intensity indicates the strength of the prevention suggestions provided in the information. After generating the differentiated anti-fraud information push strategy, it is encoded into push instructions that can be parsed by terminal devices. For example, the strategy is converted into a set format so that the terminal devices of the users under test (such as mobile phones, computers, etc.) can recognize and process it. Finally, the push instructions are transmitted to the terminal devices of the users under test to realize the push of anti-fraud information.
[0076] Step S142: Continuously track and collect the interaction response information of the user under test in response to the differentiated push strategy, and adjust the corresponding risk assessment node in the nodeized risk assessment result according to the interaction response information.
[0077] Step S1421: Record the interactive response information of the user under test to the differentiated anti-fraud information push strategy through the terminal behavior acquisition module, and extract the behavior time sequence from the response information. The behavior time sequence includes the viewing time change trend, the click position distribution, and the semantic sentiment tendency of the feedback.
[0078] A terminal behavior collection module records the interactive responses of test users to differentiated anti-fraud information push strategies. This module, which can be software installed on the test user's terminal device, monitors the user's interaction with the push information in real time. For example, it records the duration of time a user views anti-fraud information, analyzes the trend of this duration (whether it gradually increases, decreases, or remains stable), records the location distribution of clicks on information to determine which parts of the information the user is more interested in, and collects user feedback and analyzes its semantic sentiment to determine whether the user's attitude is positive, negative, or neutral. This information is extracted to form a behavioral time sequence, reflecting the user's interaction with the push information at different points in time.
[0079] Step S1422: Perform temporal dependency analysis on the behavior time sequence to identify the changing pattern of user interaction behavior with the presentation order of push information, and construct the association mapping relationship between response behavior and risk node in combination with the risk assessment node corresponding to the push information.
[0080] A temporal dependency analysis is performed on the behavioral time sequence. By analyzing the changes in user interaction behavior over time, the pattern of changes in user interaction behavior according to the presentation order of push information can be identified. For example, it may be found that users initially focus more on the title of the information, and as time goes on, they will look at the specific content more in depth. A correlation mapping relationship between response behavior and risk nodes is constructed by combining the risk assessment nodes corresponding to the push information. For each risk assessment node, the user interaction behavior of the corresponding push information is analyzed to establish the correlation between the two. For example, if users view the push information corresponding to a certain risk assessment node for a long time and provide positive feedback, it indicates that the risk situation corresponding to that risk assessment node may have received user attention and recognition.
[0081] Step S1423: Calculate the user response intensity corresponding to each risk assessment node based on the aforementioned association mapping relationship; wherein, the response intensity is positively correlated with viewing duration, click frequency, and sentiment tendency of positive feedback opinions, and the viewing duration, click frequency, and sentiment tendency of positive feedback opinions are weighted and fused after standardization processing.
[0082] Based on the previously established mapping relationship between response behavior and risk nodes, the user response intensity corresponding to each risk assessment node is calculated. User response intensity is a comprehensive indicator, positively correlated with viewing duration, click frequency, and the sentiment tendency of positive feedback. First, viewing duration, click frequency, and the sentiment tendency of positive feedback are standardized to make these indicators comparable. Then, a weight is assigned to each indicator, and the standardized indicators are weighted and fused according to these weights. For example, a higher weight for viewing duration indicates that viewing duration has a greater impact on user response intensity. The weighted fusion result is used as the user response intensity corresponding to each risk assessment node, which reflects the user's level of attention and participation in the push information corresponding to each risk assessment node.
[0083] Step S1424: Input the user response intensity into the risk node adjustment model, and redistribute the feature weights of each risk assessment node through the feature importance transfer algorithm. The feature weights of risk nodes with high response intensity are increased, and the feature weights of risk nodes with low response intensity are decreased.
[0084] The user response intensity calculated earlier is input into the risk node adjustment model. This model is used to adjust the feature weights of risk assessment nodes. In this model, a feature importance transfer algorithm is used to redistribute the feature weights of each risk assessment node. For risk nodes with high user response intensity, it indicates that users are more concerned about the risk associated with these nodes, thus increasing their feature weights; for risk nodes with low user response intensity, their feature weights are decreased. In this way, the feature weights of risk assessment nodes can be dynamically adjusted according to user responses, more accurately reflecting the user's actual risk situation.
[0085] Step S1425: Update the risk level and vulnerability assessment value of each risk assessment node according to the adjusted feature weights, and generate the adjusted node-based risk assessment results.
[0086] Based on the previously reallocated feature weights, the risk level and vulnerability assessment value of each risk assessment node are updated. Changes in feature weights affect the risk assessment results. For example, increasing the feature weight of a risk assessment node may raise its corresponding risk level and vulnerability assessment value. By updating these values, adjusted node-based risk assessment results are generated. These results more accurately reflect the risk situation of the tested users in various fraud scenarios, providing a more reliable basis for optimizing push strategies.
[0087] Step S143: Iteratively optimize and update the differentiated push strategy based on the adjusted node-based risk assessment results.
[0088] Step S1431: Compare the differences in feature distribution of the node-based risk assessment results before and after adjustment, calculate the feature drift degree of the risk assessment nodes, and screen the target risk assessment nodes whose feature drift degree exceeds the preset threshold.
[0089] Compare the feature distribution differences of the node-based risk assessment results before and after the adjustment. Each risk assessment node has its corresponding features, such as risk level and vulnerability probability assessment value. Calculate the changes in these features before and after the adjustment to obtain the feature drift degree of the risk assessment node. For example, if the risk level of a risk assessment node changes from low risk to high risk, its feature drift degree is relatively large. Set a preset threshold to filter out target risk assessment nodes whose feature drift degree exceeds the threshold. These nodes indicate that their risk situation has changed significantly, and the push strategy needs to be adjusted accordingly.
[0090] Step S1432: For the target risk assessment node, re-execute the retrieval and semantic association modeling process of the anti-fraud information feature set, and extract and adjust the updated information feature subset that matches the risk features.
[0091] For the selected target risk assessment nodes, the retrieval and semantic association modeling process for the anti-fraud information feature set is re-executed. Based on the adjusted risk features, matching information is re-retrieved from the anti-fraud information resource database. For example, if the risk level of a target risk assessment node increases, higher-level prevention information needs to be retrieved. Semantic association modeling is then re-performed to analyze the correlation between this information and user characteristics. Through this process, an updated subset of information features matching the adjusted risk features is extracted; this subset contains anti-fraud information features that are more suitable for the target risk assessment nodes.
[0092] Step S1433: Perform feature replacement processing on the updated information feature subset and the original information feature sequence, and retain the information features in the original sequence whose correlation weights have not changed through the sliding window mechanism to generate a partially updated information feature sequence.
[0093] The updated subset of information features is replaced with the original sequence of information features. For information features related to the target risk assessment node, features from the updated subset are used for replacement. Simultaneously, a sliding window mechanism is used to retain information features whose relevance weights have not changed in the original sequence. The sliding window mechanism can check the changes in the relevance weights of information features within a certain range. If the relevance weight of a certain information feature does not change significantly, it means that the feature is still applicable to the current push strategy and is retained in the sequence. In this way, a partially updated sequence of information features is generated, which includes both updated information features and retains some still valid original information features, providing a better data foundation for generating a more optimized push strategy.
[0094] Step S1434: Call the multimodal feature fusion module to re-execute cross-modal information collaborative processing on the partially updated information feature sequence, map semantic features, modal features and behavioral guidance features to a unified feature space, and generate an updated multimodal fusion feature vector of the adapted and adjusted risk features.
[0095] The multimodal feature fusion module is invoked again to process the partially updated information feature sequence. This sequence contains both updated and retained original information features. The multimodal feature fusion module performs cross-modal collaborative processing on these features, mapping features from different modalities, such as semantic features of information content, modal features of presentation format, and behavioral guidance features of prevention suggestions, to a unified feature space. In this way, an updated multimodal fusion feature vector adapted to the adjusted risk features is generated. This vector matches the adjusted risk features, providing more accurate data support for generating updated anti-fraud information push strategies.
[0096] Step S1435: Based on the updated multimodal fusion feature vector, reconstruct the differentiated anti-fraud information push strategy through the strategy generation model, adjust the information presentation order, modal combination method and behavior guidance intensity, and complete the iterative optimization of the push strategy.
[0097] Based on updated multimodal fusion feature vectors, a differentiated anti-fraud information push strategy is reconstructed through a strategy generation model. The strategy generation model recalculates the information presentation order, modal combination method, and behavioral guidance intensity based on the updated vectors. For example, if the risk level of a target risk assessment node increases, the information presentation order may be adjusted, displaying information related to that node earlier; the modal combination method may be adjusted to adopt a more vivid and intuitive presentation format; and the behavioral guidance intensity may be enhanced to provide more detailed and specific prevention suggestions. Through these adjustments, the push strategy is iteratively optimized, enabling it to better adapt to changes in the risk profile of the users being tested.
[0098] As a standalone embodiment, the method further includes:
[0099] Step S210: Based on the real-time behavior sequence of the user under test and the risk prediction results of the target recurrent neural network model, adjust the timing and content depth of the differentiated anti-fraud information push strategy. The real-time behavior sequence includes the user's application operation records, information browsing trajectory and social interaction behavior on the terminal device.
[0100] In the application scenarios of this invention, the real-time behavior sequence of the user under test contains rich information. Taking the user under test on a financial service platform as an example, the real-time behavior sequence includes the user's application operation records on the terminal device, such as the time of login, the transaction operations performed (transfer, recharge, withdrawal, etc.), and the usage of application functions; information browsing trajectory, such as the content of the pages browsed and the time spent there; and social interaction behavior, such as communication with other users and sharing information. Based on the risk prediction results of the target recurrent neural network model, the timing and content depth of the differentiated anti-fraud information push strategy are adjusted. For example, if the target recurrent neural network model predicts that a user faces a high risk of fraud within a certain time period, anti-fraud information can be pushed in advance; if the user's real-time behavior shows that they are particularly interested in content related to a certain fraud scenario, the content depth of the anti-fraud information in that scenario can be increased.
[0101] Step S220: Extract the real-time behavior sequence of the user under test within the most recent preset time period through a sliding time window, convert the real-time behavior sequence into a real-time behavior feature vector and input it into the target recurrent neural network model to generate a short-term risk prediction result. The short-term risk prediction result includes the risk level change trend of each risk assessment node within a future preset time period.
[0102] A sliding time window is used to capture the real-time behavior sequence of the user under test within the most recent preset time period. The sliding time window is a fixed-length period that slides forward continuously over time to capture the latest real-time behavior data. For example, if the preset time period is one day, the sliding time window will capture the user's real-time behavior sequence within the most recent day. The captured real-time behavior sequence is converted into a real-time behavior feature vector, which contains the user's key behavioral characteristics within that time period. Then, the real-time behavior feature vector is input into a target recurrent neural network model. The target recurrent neural network model calculates based on the input vector to generate a short-term risk prediction result, which includes the trend of risk level changes at each risk assessment node within the preset time period. For example, it predicts whether the risk level of a certain risk assessment node will increase or decrease in the next few hours.
[0103] Step S230: Compare the short-term risk prediction results with the current node-based risk assessment results. When the predicted risk level of any risk assessment node is detected to have increased by more than a preset amount, trigger the instant push mechanism to push the anti-fraud information corresponding to that risk assessment node in advance.
[0104] The previously generated short-term risk prediction results are compared with the current node-based risk assessment results. For each risk assessment node, its predicted risk level in the short-term risk prediction results is compared with its risk level value in the current node-based risk assessment results. When the predicted risk level value of any risk assessment node is detected to increase by more than a preset range, it indicates that the risk situation corresponding to that node has a significant deterioration trend. At this time, an instant push mechanism is triggered to push anti-fraud information corresponding to that risk assessment node in advance. For example, if the risk level of a certain risk assessment node is predicted to rise from low risk to high risk, and the increase exceeds a preset range, anti-fraud information related to that risk assessment node is immediately pushed to the terminal device of the user being tested, reminding the user to take precautions.
[0105] Step S240: Analyze the frequency of user operations on high-risk scenario-related applications in the real-time behavior sequence. If the operation frequency exceeds the preset frequency, increase the content depth of the prevention measures under the preset fraud scenario in the push strategy and supplement it with guiding information including operation step demonstrations.
[0106] Analyze the frequency of user actions on high-risk scenarios within the real-time behavior sequences of the test users. For example, in financial service platforms, high-risk scenarios might include loan apps and investment / wealth management apps. Count the number of times and duration of user actions on these apps within a certain timeframe to calculate the operation frequency. If the operation frequency exceeds a preset frequency, it indicates a higher level of user engagement with these high-risk scenarios and a relatively greater risk. In this case, increase the depth of content on preventative measures for the preset fraud scenario in the push notification strategy. For example, for online loan fraud scenarios, supplement with guiding information including demonstrations of operation steps, explaining in detail how to correctly identify fake loan information and how to avoid falling into loan traps, helping users better prevent fraud.
[0107] Step S250: If a user behavior sequence is detected to have low-risk characteristics and lasts for more than a preset duration, the push frequency is reduced and the depth of the information content is simplified.
[0108] Continuously monitor the behavioral sequences of users under test. If the user's behavioral sequences exhibit low-risk characteristics, such as standardized operating procedures and safe browsing content, and these low-risk characteristics persist for more than a preset duration, it indicates that the user currently faces a low risk of fraud. In this case, reduce the frequency of differentiated anti-fraud information push strategies, decreasing the number of pushes. Simultaneously, simplify the depth of information content, avoiding pushing overly complex and lengthy information to users. For example, only push some basic prevention tips, without providing detailed case analyses and operational demonstrations.
[0109] In another, independent embodiment, the method further includes:
[0110] Step S310: Based on the node-based risk assessment results and interactive response information of multiple users to be tested, a risk feature propagation path network is constructed to realize the collaborative push of community-level anti-fraud information. The risk feature propagation path network uses users as nodes and risk feature similarity as edge weights.
[0111] In the application scenario of this invention, the case of multiple users to be tested is considered. Taking multiple users of a large financial service platform as an example, a risk feature propagation path network is constructed based on their node-based risk assessment results and interaction response information. This network uses users as nodes, with each user corresponding to a node in the network. Risk feature similarity is used as the edge weight. Risk feature similarity can be calculated by comparing features such as risk level and susceptibility to fraud assessment values in the node-based risk assessment results of different users. If two users have high risk feature similarity, the edge weight between them is larger; conversely, the edge weight is smaller. By constructing such a network, the risk feature propagation relationship between users can be analyzed, enabling community-level collaborative push of anti-fraud information.
[0112] Step S320: Perform risk feature clustering on the node-based risk assessment results of all users to be tested, identify user groups with similar risk feature distributions, and connect user nodes within the same group through edge weights to form a community subnet.
[0113] Risk feature clustering is performed on the node-based risk assessment results of all users to be tested. Clustering algorithms, such as K-means clustering, can be used to divide users into different groups based on the similarity of risk features. For example, users with high risk levels and similar susceptibility to fraud can be grouped into one group. After identifying user groups with similar risk feature distributions, user nodes within the same group are connected by edge weights to form a community subnet. In the community subnet, users have a high degree of similarity in risk features and may face similar fraud risks. In this way, users can be divided into different communities, facilitating targeted anti-fraud information pushes.
[0114] Step S330: Analyze the interaction response information of users in each community subnet, extract the common risk sensitivity dimensions and information acceptance preferences of the group, and generate a community-level anti-fraud information feature template. The community-level anti-fraud information feature template includes the types of fraud scenarios that the group pays high attention to, the preferred information modality combinations, and the behavior guidance methods.
[0115] Analyze the interactive response information of users within each community subnet. This information includes user behaviors such as viewing, clicking, and responding to push notifications. By analyzing this information, we can extract common risk sensitivity dimensions and information acceptance preferences among the groups. For example, users within a certain community subnet may be more concerned about online loan fraud scenarios and prefer anti-fraud information presented in video format. Based on these analysis results, we generate a community-level anti-fraud information feature template. This template includes the types of fraud scenarios that the group frequently focuses on, preferred information modal combinations (such as text + images, videos, etc.), and behavioral guidance methods (such as gentle guidance, mandatory reminders, etc.). By generating this community-level anti-fraud information feature template, we can provide anti-fraud information that better meets the needs of users within the community.
[0116] Step S340: Track the direction and speed of risk feature propagation within the community subnet through the risk feature propagation path network. When the risk level of a target user node increases and the edge weight exceeds a preset threshold, push early warning anti-fraud information to the community neighbor nodes of the target user node in advance.
[0117] The propagation direction and speed of risk features within the community subnet are tracked through a risk feature propagation path network. The propagation trend and speed of risk features are analyzed as they spread among user nodes within the community subnet. When a target user node's risk level increases and the edge weight between that node and other nodes exceeds a preset threshold, it indicates that the target user node's risk situation may affect its community neighbor nodes. In this case, early warning anti-fraud information is pushed to the target user node's community neighbor nodes. For example, neighbor nodes are reminded to be aware of the same type of fraud risk as the target user node, and some basic prevention suggestions are provided to help neighbor nodes prepare in advance.
[0118] Step S350: According to the set update cycle, update the edge weights and community subnet structure of the risk feature propagation path network, and dynamically expand the network size by combining the node-based risk assessment results of newly added users.
[0119] The risk feature propagation path network is updated according to a set update cycle. The update cycle can be set based on actual conditions, such as daily or weekly. During the update process, the edge weights of the risk feature propagation path network are recalculated. As user behavior and risk situations change, the similarity of risk features among users also changes, thus requiring updates to the edge weights to reflect these changes. Simultaneously, the community subnet structure is updated, adjusting the subnet division based on the new risk feature clustering results. If new users join, they are added to the risk feature propagation path network based on their node-based risk assessment results, dynamically expanding the network size. In this way, the risk feature propagation path network ensures that it can promptly reflect the latest risk situations of users, providing more accurate support for community-level anti-fraud information collaborative push.
[0120] By applying this embodiment of the invention, a target recurrent neural network model is obtained by retrieving historical anti-fraud training datasets from a cloud-based anti-fraud database for model training. This model is then used to assess the risk of user behavior data, generating node-based risk assessment results. Based on these results, a differentiated anti-fraud information push strategy is developed, and the strategy is adjusted and optimized according to user interaction responses and real-time behavior sequences. Simultaneously, community-level collaborative anti-fraud information push is achieved. In this way, by comprehensively considering user behavioral characteristics, risk levels, and information needs, the targeting and effectiveness of anti-fraud information push can be effectively improved, helping users better prevent fraud.
[0121] In addition, the above-mentioned anti-fraud information push method using deep learning involves multiple neural network models, network layers and modules. The specific types and parameter configurations are detailed below.
[0122] I. The target recurrent neural network model employs a Long Short-Term Memory (LSTM) network, with the number of neurons in its input layer determined by the input data. After converting the current behavior data of the user to be tested into a user behavior feature vector, if the vector contains 80 features, then the input layer is configured with 80 neurons, ensuring that each feature corresponds to an input node. The hidden layer contains 256 LSTM units. The input gate, forget gate, and output gate within the LSTM units use the sigmoid activation function, ranging from 0 to 1, to control the inflow, retention, and output of information. Cell state updates use the tanh activation function, ranging from -1 to 1, to enhance the model's ability to capture long-term dependencies. The number of neurons in the output layer is consistent with the number of preset fraud scenarios. If 15 fraud scenarios are preset, the output layer has 15 neurons, with each neuron outputting a predicted risk probability value for the corresponding fraud scenario. The learning rate was set to 0.0005. After multiple experiments and optimizations, this value can balance the model's convergence speed and stability. The batch size was 32, with 32 samples selected for each training session, balancing computational efficiency and model generalization ability. The number of training epochs was 80, allowing the model to fully learn the data features.
[0123] The embedding layer of the target recurrent neural network model employs word embedding technology to map high-dimensional, sparse user behavior feature vectors into low-dimensional, dense behavior feature embedding vectors. The embedding dimension is set to 32, mapping the original feature vectors to a 32-dimensional vector space, which reduces data dimensionality while preserving key semantic information. The embedding layer learns a low-dimensional representation of each feature through training, making similar features closer together in the embedding space.
[0124] Second, the recurrent computation layer employs a Long Short-Term Memory (LSTM) network, similar to the hidden layer structure of the target recurrent neural network model mentioned earlier. The input behavioral feature embedding vector has a dimension of 32, consistent with the output dimension of the embedding layer. The LSTM unit has 128 units to further process the sequence data and capture long-term dependencies in user behavior. The input, forget, and output gates of each LSTM unit also use the sigmoid activation function, while cell state updates use the tanh activation function.
[0125] In the output layer, after inputting the user behavior risk matching feature vector, the number of neurons corresponds to the number of preset fraud scenarios, such as 15. The softmax activation function is used to normalize the output values of each neuron, converting them into a risk probability distribution for the user under each preset fraud scenario. The softmax activation function ensures that the sum of all output probabilities is 1, facilitating the determination of risk level and vulnerability assessment value.
[0126] III. The bidirectional attention model is used to semantically associate the anti-fraud information feature set with the user feature vector of the test user. The input layer receives information feature vectors and user feature vectors. If the information feature vector has a dimension of 64 and the user feature vector has a dimension of 80, the input layer can process these two vectors of different dimensions simultaneously. The hidden layer has 64 neurons to enhance the model's non-linear mapping capability. A bidirectional attention mechanism is adopted, and attention weights are calculated through a query-key-value mechanism. The query vector, key vector, and value vector are obtained by linear transformation of the input feature vectors, and the dimension of the weight matrix of the linear transformation is determined according to the dimension of the input vector and the number of neurons in the hidden layer. The number of attention heads is set to 4, and the multi-head attention mechanism can capture the correlation between information features and user features from different perspectives.
[0127] IV. The multimodal feature fusion module employs a combination of convolutional neural networks (CNNs) and fully connected layers. The input correlation-weighted information feature sequence includes multimodal information such as semantic features, modal features, and behavioral guidance features. The CNN part uses three convolutional layers: the first layer has a 3x3 kernel size, 16 kernels, a stride of 1, and uses "same" padding to ensure the feature map size remains unchanged after convolution; the second layer has a 3x3 kernel size, 32 kernels, and a stride of 1; the third layer has a 3x3 kernel size, 64 kernels, and a stride of 1. Each convolutional layer is followed by a max-pooling layer with a 2x2 kernel size and a stride of 2 to reduce the dimensionality of the feature map and extract important features. After CNN processing, the feature map is flattened into a one-dimensional vector and input into the fully connected layer. The fully connected layer has 128 neurons and finally outputs a multimodal fusion feature vector with a dimension of 64, adapted to user risk features.
[0128] V. Risk Node Adjustment Model: A Multilayer Perceptron (MLP) is employed. The input layer receives user response intensity, which is composed of three indicators: viewing duration, click frequency, and sentiment tendency of feedback. The input layer has three neurons. Two hidden layers are used: the first has 64 neurons, and the second has 32 neurons, both employing the ReLU activation function to enhance the model's non-linear expressive power. The number of neurons in the output layer matches the number of features in the risk assessment node. For example, if a risk assessment node has five features, the output layer has five neurons to redistribute the feature weights across the risk assessment nodes.
[0129] VI. The anti-fraud information push strategy generation model adopts a sequence-to-sequence (Seq2Seq) model, including an encoder and a decoder. The encoder uses an LSTM network, taking a multimodal fusion feature vector as input with a dimension of 64. The LSTM has 128 units and encodes the input sequence to extract its semantic information. The decoder also uses an LSTM network to generate differentiated anti-fraud information push strategies based on the context vector output by the encoder, including the information presentation order, modal combination method, and behavioral guidance strength. The decoder also has 128 LSTM units, and the length of the output sequence is determined according to the complexity of the actual push strategy, such as setting it to 20 time steps, with one strategy element output at each time step.
[0130] VII. Risk Feature Propagation Path Network: Users are the nodes, and risk feature similarity is the edge weight. The number of nodes equals the number of users to be tested; with 1000 users, there are 1000 nodes in the network. Edge weights are obtained by calculating the similarity of features such as risk level and susceptibility to fraud in the node-based risk assessment results of different users. Cosine similarity can be used for similarity calculation. The network is updated weekly, recalculating edge weights and the community subnet structure each week, and dynamically expanding the network size based on the node-based risk assessment results of newly added users.
[0131] In summary, the embodiments of the present invention first call historical anti-fraud training datasets from the cloud-based anti-fraud database, and then train the initial recurrent neural network model based on fraud behavior patterns and user characteristics learning based on this dataset. The model parameters are then optimized by combining the temporal evolution of fraud behavior patterns and the correlation between user characteristics to obtain the target recurrent neural network model. This enables the model to deeply learn the complex patterns of fraud behavior and the intrinsic relationship between user characteristics and fraud risk, thereby improving the accuracy and reliability of the model's user risk assessment.
[0132] Secondly, the current behavioral data of the users to be tested is input into the target recurrent neural network model to perform a matching degree analysis between user behavior and fraud patterns and to perform risk assessment operations, generating node-based risk assessment results. The node-based assessment method can meticulously present the risk level and susceptibility assessment value of the users to be tested in different target fraud scenarios, providing an accurate basis for anti-fraud information push.
[0133] Then, based on the node-based risk assessment results, a differentiated anti-fraud information push strategy adapted to the risk characteristics of the users under test is generated and pushed to the terminal devices, realizing personalized anti-fraud information push and improving the targeting and effectiveness of the information. The interaction response information of the users under test to the differentiated push strategy is continuously tracked and collected. The corresponding risk assessment nodes in the node-based risk assessment results are adjusted according to the interaction response information, and the differentiated push strategy is iteratively optimized and updated based on the adjusted node-based risk assessment results. This allows the anti-fraud information push strategy to be dynamically adjusted and optimized according to the actual feedback of users and changes in risk, continuously improving the adaptability and accuracy of the push strategy, thereby more effectively helping users prevent fraud risks and improving the overall accuracy and flexibility of anti-fraud information push.
[0134] Please see Figure 2 The figure is a schematic diagram of the basic structure of an anti-fraud information push system 200 provided in an embodiment of the present invention. The anti-fraud information push system 200 includes: a processor 201; a storage device 202 on which a computer program 2020 is stored; and a network interface 203 for providing network communication functions. When the computer program 2020 is executed by the processor 201, the processor 201 implements any of the anti-fraud information push methods using deep learning.
[0135] Please see Figure 3 The present invention provides a functional module block diagram of an anti-fraud information push device, which includes:
[0136] The data retrieval module is used to retrieve historical anti-fraud training datasets from the cloud-based anti-fraud database. These historical anti-fraud training datasets record information on historical fraud cases and corresponding preventative measures, as well as records of users' historical interaction behaviors when faced with fraudulent information.
[0137] The network training module is used to train the initial recurrent neural network model based on fraud behavior patterns and user characteristics using the historical anti-fraud training dataset, and optimize the model parameters by combining the temporal evolution of fraud behavior patterns and the correlation of user characteristics to obtain the target recurrent neural network model.
[0138] The risk assessment module is used to input the current behavior data of the user to be tested into the target recurrent neural network model, and perform risk assessment operations through the matching degree analysis of user behavior and fraud pattern by the target recurrent neural network model to generate a node-based risk assessment result consisting of multiple risk assessment nodes. Each risk assessment node corresponds to the risk level and susceptibility probability assessment value of the user to be tested in the target fraud scenario.
[0139] The anti-fraud push module is used to generate a differentiated anti-fraud information push strategy adapted to the risk characteristics of the user under test based on the node-based risk assessment results and push it to the user's terminal device. It continuously tracks and collects the user's interaction response information in response to the differentiated push strategy, adjusts the corresponding risk assessment node in the node-based risk assessment results according to the interaction response information, and iteratively optimizes and updates the differentiated push strategy based on the adjusted node-based risk assessment results.
[0140] Based on the above, a readable storage medium is provided, on which a program or instructions are stored, and when the program or instructions are executed by a processor, the steps of the above method are implemented.
[0141] Furthermore, it should be noted that this embodiment of the invention also provides a computer program product, which may include a computer program that can be stored in a computer-readable storage medium. The processor of the anti-fraud information push system reads the computer program from the computer-readable storage medium, and the processor can execute the computer program, causing the anti-fraud information push system to perform the aforementioned... Figure 1 The methods described in the corresponding embodiments are already known, and therefore will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated. For technical details not disclosed in the computer program product embodiments related to this invention, please refer to the description of the method embodiments of this invention.
[0142] It should be noted that the various embodiments in this specification are described in a progressive manner, with each embodiment focusing on the differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. For the systems or apparatus disclosed in the embodiments, since they correspond to the methods disclosed in the embodiments, the descriptions are relatively simple, and relevant parts can be referred to the method section.
Claims
1. A method for pushing anti-fraud information using deep learning, characterized in that, The method includes: The historical anti-fraud training dataset is retrieved from the cloud-based anti-fraud database. The historical anti-fraud training dataset records information on historical fraud cases and corresponding preventive measures, as well as records of users' historical interaction behaviors when faced with fraudulent information. The initial recurrent neural network model is trained using the historical anti-fraud training dataset based on fraud behavior patterns and user characteristics. The model parameters are then optimized by combining the temporal evolution of fraud behavior patterns and the correlation of user characteristics to obtain the target recurrent neural network model. The current behavior data of the user to be tested is input into the target recurrent neural network model. The target recurrent neural network model performs a risk assessment operation by analyzing the matching degree between user behavior and fraud pattern, and generates a node-based risk assessment result consisting of multiple risk assessment nodes. Each risk assessment node corresponds to the risk level and susceptibility probability assessment value of the user to be tested in the target fraud scenario. Based on the node-based risk assessment results, a differentiated anti-fraud information push strategy adapted to the risk characteristics of the user under test is generated and pushed to the user's terminal device. The interaction response information of the user under test to the differentiated push strategy is continuously tracked and collected. The corresponding risk assessment nodes in the node-based risk assessment results are adjusted according to the interaction response information. The differentiated push strategy is iteratively optimized and updated based on the adjusted node-based risk assessment results. The step of generating a differentiated anti-fraud information push strategy adapted to the risk characteristics of the user under test based on the node-based risk assessment results and pushing it to the user's terminal device includes: Perform feature evolution analysis on each risk assessment node in the nodeized risk assessment results to identify the correlation characteristics between risk level and vulnerability probability assessment value as user behavior sequence changes, and determine the risk sensitivity dimension of the user under test in different fraud scenarios; Based on the risk sensitivity dimension, the anti-fraud information resource library is retrieved, and a set of anti-fraud information features matching the risk sensitivity dimension is extracted. The set of anti-fraud information features includes the semantic features of the information content, the modal features of the presentation format, and the behavioral guidance features of the prevention suggestions. The anti-fraud information feature set is semantically associated with the user feature vector of the user to be tested. The implicit relationship between information features and user features at the semantic level is mined through a bidirectional attention mechanism to generate a correlation-weighted information feature sequence. The multimodal feature fusion module is invoked to perform cross-modal information collaborative processing on the correlation-weighted information feature sequence, mapping semantic features, modal features, and behavioral guidance features to a unified feature space to generate a multimodal fusion feature vector with user risk feature adaptability; Based on the multimodal fusion feature vector, an anti-fraud information push strategy generation model is constructed. A sequence generation algorithm is used to output a differentiated anti-fraud information push strategy that includes the information presentation order, modal combination method and behavior guidance intensity. The differentiated anti-fraud information push strategy is encoded into a push instruction that can be parsed by the terminal device and transmitted to the terminal device of the user to be tested.
2. The method as described in claim 1, characterized in that, The process of training the initial recurrent neural network model using the historical anti-fraud training dataset based on fraud behavior patterns and user characteristics, and optimizing the model parameters by combining the temporal evolution of fraud behavior patterns and the correlation of user characteristics to obtain the target recurrent neural network model includes: The historical fraud case information in the historical anti-fraud training dataset is structured and analyzed to extract behavioral feature sequences corresponding to different fraud types. The evolution of the behavioral feature sequences over time is explored through time series analysis to construct a time series evolution model of fraud behavior patterns. User features are extracted from the user's historical interaction behavior records in the historical anti-fraud training dataset to generate user feature vectors containing user basic attributes, behavioral habits and historical fraud experiences. The similarity between different user feature vectors is calculated to establish a user feature correlation matrix. The temporal evolution model of the fraud behavior pattern and the user feature correlation matrix are input into the initial recurrent neural network model. The hidden layer neurons of the initial recurrent neural network model perform nonlinear mapping learning on the correlation between the temporal evolution model of the fraud behavior pattern and the user feature correlation matrix. The backpropagation algorithm is used to adjust the network weights and bias parameters according to the prediction error. During model training, the risk assessment accuracy of the model is monitored in real time using a validation dataset. When the assessment accuracy reaches the preset accuracy for a set number of consecutive preset times, model training is stopped and the current model parameters are saved as the final parameter configuration of the target recurrent neural network model.
3. The method as described in claim 1, characterized in that, The process involves inputting the current behavior data of the user under test into the target recurrent neural network model, and performing a risk assessment operation through the target recurrent neural network model on the matching degree analysis of user behavior and fraud patterns, generating a node-based risk assessment result consisting of multiple risk assessment nodes, including: The current behavior data of the user to be tested is preprocessed and converted into a user behavior feature vector that conforms to the input format of the model. The user behavior feature vector is input into the input layer of the target recurrent neural network model. The embedding layer of the target recurrent neural network model maps the user behavior feature vector into a low-dimensional dense behavior feature embedding vector, while retaining the key semantic information of the user behavior. The recurrent computation layer of the target recurrent neural network model is invoked to extract temporal features from the behavioral feature embedding vector, analyze the changing trend of user behavior in the time dimension and the degree of matching with historical fraud behavior patterns, and generate a user behavior risk matching feature vector. The user behavior risk matching feature vector is input into the output layer of the target recurrent neural network model to calculate the risk probability distribution of the user under test in each preset fraud scenario. Based on the risk probability distribution, the risk level and vulnerability assessment value corresponding to each preset fraud scenario are determined and combined to form a node-based risk assessment result containing multiple risk assessment nodes.
4. The method as described in claim 3, characterized in that, The process involves calling the recurrent computation layer of the target recurrent neural network model to extract temporal features from the behavioral feature embedding vector, analyzing the changing trends of user behavior over time and its degree of matching with historical fraud behavior patterns, and generating a user behavior risk matching feature vector, including: In the recurrent computation layer of the target recurrent neural network model, long short-term memory units are used to perform time-step sequential processing on the behavioral feature embedding vector. The inflow and forgetting of behavioral feature information are controlled by a gating mechanism to capture the long-term dependency relationship of user behavior. The hidden state vector output by the long short-term memory unit is compared with the temporal evolution model of historical fraud behavior patterns. The cosine similarity is used to measure the degree of matching between the current user behavior features and the features of each historical fraud pattern, and an initial matching score is obtained. Based on the chronological order of user behavior, the initial matching scores at different time steps are weighted and summed to generate a time-weighted comprehensive matching index. The comprehensive matching degree index is correlated with the user feature correlation matrix, and the matching degree weights under different fraud scenarios are adjusted to generate a user behavior risk matching degree feature vector that integrates time factors and user characteristics.
5. The method as described in claim 3, characterized in that, The user behavior risk matching feature vector is input into the output layer of the target recurrent neural network model to calculate the risk probability distribution of the user under test in each preset fraud scenario. Based on the risk probability distribution, the risk level and vulnerability assessment value corresponding to each preset fraud scenario are determined, and the results are combined to form a node-based risk assessment result containing multiple risk assessment nodes, including: After flattening the user behavior risk matching feature vector into a one-dimensional feature vector, it is input into the output layer of the target recurrent neural network model. The output layer contains the same number of neurons as the preset fraud scenario, and each neuron corresponds to the risk probability prediction of a fraud scenario. The output values of each neuron in the output layer are normalized by applying the softmax activation function, and the output values are converted into the risk probability distribution of users in each preset fraud scenario. Based on the preset risk probability threshold range, the risk probability value of each preset fraud scenario is mapped to the corresponding risk level, and the risk probability value is used as the susceptibility assessment value under the corresponding preset fraud scenario. A risk assessment node is created for each preset fraud scenario. The risk level and the probability of being deceived are used as node attributes. The risk assessment nodes are classified and organized according to the type of fraud scenario to form a structured node-based risk assessment result.
6. The method as described in claim 1, characterized in that, The step involves semantically associating the anti-fraud information feature set with the user feature vector of the user to be tested, and using a bidirectional attention mechanism to mine the implicit semantic relationships between information features and user features to generate a correlation-weighted information feature sequence, including: Each information feature vector in the anti-fraud information feature set and the user feature vector of the user to be tested are input into the feature alignment layer of the bidirectional attention model, and the initial semantic association matrix is calculated by cosine similarity. Using the query-key-value mechanism of the bidirectional attention model, with the user feature vector as the query vector and the information feature vector as the key vector, the weight distribution of user attention to different information features is calculated. In reverse, using the information feature vector as the query vector and the user feature vector as the key vector, calculate the weight distribution of the fit between information features and user features; By integrating the attention weight distribution and the fit weight distribution, a bidirectional correlation weight matrix is generated. The comprehensive correlation weight of each information feature is obtained by normalizing the matrix element values. Based on the comprehensive correlation weight, the information feature vectors in the anti-fraud information feature set are weighted and sorted to generate a correlation-weighted information feature sequence arranged from high to low correlation.
7. The method as described in claim 1, characterized in that, The continuous tracking and collection of the user's interaction response information in response to the differentiated push strategy, and the adjustment of the corresponding risk assessment node in the node-based risk assessment result based on the interaction response information, includes: The terminal behavior acquisition module records the interactive response information of the user under test to the differentiated anti-fraud information push strategy, and extracts the behavioral time sequence from the response information. The behavioral time sequence includes the viewing time change trend, the click position distribution, and the semantic sentiment tendency of the feedback. Perform temporal dependency analysis on the behavioral time sequence to identify the changing pattern of user interaction behavior with the presentation order of push information, and construct the association mapping relationship between response behavior and risk node by combining the risk assessment node corresponding to the push information; The user response intensity corresponding to each risk assessment node is calculated based on the aforementioned correlation mapping relationship; wherein, the response intensity is positively correlated with viewing duration, click frequency, and sentiment tendency of positive feedback, and the viewing duration, click frequency, and sentiment tendency of positive feedback are weighted and fused after standardization processing; The user response intensity is input into the risk node adjustment model, and the feature weights of each risk assessment node are redistributed through the feature importance transfer algorithm. The feature weights of risk nodes with high response intensity are increased, and the feature weights of risk nodes with low response intensity are decreased. The risk level and vulnerability assessment value of each risk assessment node are updated according to the adjusted feature weights to generate the adjusted node-based risk assessment results. The iterative optimization and update of the differentiated push strategy based on the adjusted node-based risk assessment results includes: By comparing the differences in the feature distribution of the node-based risk assessment results before and after the adjustment, the feature drift degree of the risk assessment nodes is calculated, and target risk assessment nodes whose feature drift degree exceeds the preset threshold are selected. For the target risk assessment node, the retrieval and semantic association modeling process of the anti-fraud information feature set is re-executed, and the updated information feature subset matching the adjusted risk features is extracted; The updated information feature subset is replaced with the original information feature sequence. The information features whose correlation weights have not changed in the original sequence are retained by the sliding window mechanism to generate a partially updated information feature sequence. The multimodal feature fusion module is invoked to re-execute cross-modal information collaborative processing on the partially updated information feature sequence, generating an updated multimodal fusion feature vector that adapts and adjusts the risk features; Based on the updated multimodal fusion feature vector, a differentiated anti-fraud information push strategy is reconstructed through a strategy generation model, adjusting the information presentation order, modal combination method, and behavioral guidance intensity to complete the iterative optimization of the push strategy.
8. An anti-fraud information push system, characterized in that, include: A processor; a storage device having a computer program stored thereon; a network interface for providing network communication functions; when the computer program is executed by the processor, the processor enables the processor to implement the anti-fraud information push method using deep learning as described in any one of claims 1-7.
9. A readable storage medium, characterized in that, The program or instructions are stored on the readable storage medium, and when the program or instructions are executed by the processor, they implement the anti-fraud information push method using deep learning as described in any one of claims 1-7.