Method, device and equipment for security monitoring of electronic purchase order and storage medium
By acquiring diverse and heterogeneous data, filling in missing values to generate a standard dataset, performing feature analysis and model training, the problem of insufficient accuracy in the security monitoring and identification of electronic procurement orders in existing technologies has been solved, and the accurate determination and identification of order security status has been achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHINA UNITED NETWORK COMM GRP CO LTD
- Filing Date
- 2026-02-13
- Publication Date
- 2026-06-05
AI Technical Summary
Existing electronic procurement order security monitoring technologies suffer from inaccurate data processing, incomplete feature analysis, lack of data basis for threshold setting, and missing feature correlation analysis, resulting in insufficient identification accuracy and an inability to effectively and accurately determine the security status of orders.
By acquiring diverse and heterogeneous data, filling in missing values to generate a standard dataset, performing feature analysis to generate a high-dimensional feature library, training a security identification model using a gradient boosting tree model, and performing nonlinear correlation analysis through a network model to generate security identification results.
It enables accurate determination of the security status of electronic purchase orders, improves recognition accuracy and reliability, and supports the stability and compliance of enterprise procurement processes.
Smart Images

Figure CN122153527A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of security monitoring, and in particular to a method, apparatus, equipment and storage medium for security monitoring of electronic purchase orders. Background Technology
[0002] E-procurement is a core component of enterprise supply chain management and digital operations. Order security monitoring, as a key part of the e-procurement risk control system, involves the integration of multiple technical fields such as data processing, machine learning, and risk control analysis. It aims to use technical means to accurately identify and effectively control the security status of procurement orders, thereby ensuring the compliance and stability of the enterprise's procurement process.
[0003] Existing electronic procurement order security monitoring technologies mostly adopt manual review combined with fixed rule matching, or rely on a single model for basic data processing. The data processing stage does not carry out refined operations for the characteristics of diverse and heterogeneous data.
[0004] Existing technologies suffer from inaccurate data processing, incomplete feature analysis, lack of data basis for threshold setting, and missing feature correlation analysis, resulting in insufficient identification accuracy for electronic procurement order security monitoring and an inability to effectively and accurately determine the security status of orders. Summary of the Invention
[0005] This application provides a method, apparatus, equipment, and storage medium for security monitoring of electronic purchase orders, in order to improve the accuracy of determining the security status of electronic purchase orders.
[0006] In a first aspect, embodiments of this application provide a method for security monitoring of electronic purchase orders, including:
[0007] Acquire diverse and heterogeneous data, including internal enterprise order data and external business information data;
[0008] Missing values for continuous and discrete variables in the multivariate heterogeneous data are filled to obtain a standard dataset;
[0009] Feature analysis is performed on the standard dataset to generate a high-dimensional feature library;
[0010] Based on the associated features in the high-dimensional feature library, a safety threshold is obtained by performing cumulative distribution difference analysis of samples and feature interval division.
[0011] A security identification model is generated by training the high-dimensional feature library using a preset gradient boosting tree model.
[0012] Obtain the order to be detected and input the order data of the order to be detected into the security identification model to obtain the security probability value;
[0013] The order security level is obtained by comparing the security probability value with the security threshold.
[0014] Based on a preset network model, nonlinear correlation analysis is performed on the features in the high-dimensional feature library to obtain feature correlation data.
[0015] A security identification result is generated based on the order security level and the feature correlation data.
[0016] In one possible implementation, missing values for continuous and discrete variables in the multivariate heterogeneous data are filled to obtain a standard dataset, including:
[0017] Missing values of continuous variables in the multivariate heterogeneous data are filled using the nearest neighbor algorithm, and missing values of discrete variables are filled using the mode, resulting in a preliminary processed dataset. The preliminary processed dataset is then deduplicated to obtain target data. Abnormal data in the target data is filtered based on preset outlier detection rules, and all fields in the target data are normalized. The normalized target data is then validated for field completeness and numerical reasonableness, and data items that fail the validation are added to obtain a standard dataset.
[0018] In one possible implementation, feature analysis is performed on the standard dataset to generate a high-dimensional feature library, including:
[0019] The correlation between features in the standard dataset and order security status is calculated using a preset correlation analysis algorithm. The correlation values are compared with a preset correlation threshold, and features with correlation values greater than or equal to the threshold are selected as valid features. Categorical features among the valid features are encoded to obtain a first feature. Continuous features among the valid features are transformed to obtain a second feature. Related features among the valid features are combined and derived to obtain a third feature. The first, second, and third features are integrated to obtain an initial feature set. Redundant features in the initial feature set are removed based on a preset redundancy judgment rule, and the validity of the initial feature set is verified to obtain a high-dimensional feature library.
[0020] In one possible implementation, the correlation degree between features in the standard dataset and order security status is calculated according to a preset correlation analysis algorithm, including:
[0021] The correlation between the feature and the order security status is quantified and calculated using the preset correlation analysis algorithm to obtain an initial correlation value; the initial correlation value is then normalized to obtain a processed correlation value.
[0022] In one possible implementation, a security identification model is generated by training the high-dimensional feature library using a preset gradient boosting tree model, including:
[0023] The hyperparameters of a preset gradient boosting tree model are adjusted using a preset parameter optimization algorithm to determine the target hyperparameter combination, resulting in a parameter-optimized model. Data in the high-dimensional feature library is divided into a training set and a validation set according to a preset ratio, and the parameter-optimized model is iteratively trained using the training set. The model performance metrics for each training iteration are recorded, and the trained model's performance is verified using the validation set to obtain the verification results. Based on the verification results, the model training parameters are adjusted until the model performance metrics meet a preset threshold, resulting in a secure identification model.
[0024] In one possible implementation, nonlinear correlation analysis is performed on the features in the high-dimensional feature library based on a preset network model to obtain feature correlation data, including:
[0025] The features in the high-dimensional feature library are classified and grouped according to preset grouping rules, and invalid features in each group are removed based on preset invalid feature judgment rules to obtain multiple feature groups to be analyzed. The feature groups to be analyzed are input into a preset network model to calculate the nonlinear correlation degree within and between feature groups, generating an initial correlation degree matrix. The initial correlation degree matrix is then subjected to a preset normalization algorithm to extract effective correlation information and filter invalid correlation data to obtain feature correlation degree data.
[0026] Secondly, embodiments of this application provide a security monitoring device for electronic purchase orders, comprising:
[0027] The acquisition module is used to acquire diverse heterogeneous data, including internal enterprise order data and external business information data;
[0028] The processing module is used to fill in the missing values of continuous and discrete variables in the multivariate heterogeneous data to obtain a standard dataset;
[0029] The feature module is used to perform feature analysis on the standard dataset and generate a high-dimensional feature library;
[0030] The calculation module is used to perform sample cumulative distribution difference analysis and feature interval division based on the associated features in the high-dimensional feature library to obtain the safety threshold;
[0031] The training module is used to train the high-dimensional feature library using a preset gradient boosting tree model to generate a security identification model.
[0032] The acquisition module is also used to acquire the order to be detected and input the order data of the order to be detected into the security identification model to obtain a security probability value;
[0033] The analysis module is used to compare the security probability value with the security threshold to obtain the order security level;
[0034] The analysis module is also used to perform nonlinear correlation analysis on the features in the high-dimensional feature library based on a preset network model to obtain feature correlation data.
[0035] The generation module is used to generate a security identification result based on the order security level and the feature correlation data.
[0036] In one possible implementation, the processing module is specifically used for:
[0037] Missing values of continuous variables in the multivariate heterogeneous data are filled using the nearest neighbor algorithm, and missing values of discrete variables are filled using the mode, resulting in a preliminary processed dataset. The preliminary processed dataset is then deduplicated to obtain target data. Abnormal data in the target data is filtered based on preset outlier detection rules, and all fields in the target data are normalized. The normalized target data is then validated for field completeness and numerical reasonableness, and data items that fail the validation are added to obtain a standard dataset.
[0038] In one possible implementation, the feature module is specifically used for:
[0039] The correlation between features in the standard dataset and order security status is calculated using a preset correlation analysis algorithm. The correlation values are compared with a preset correlation threshold, and features with correlation values greater than or equal to the threshold are selected as valid features. Categorical features among the valid features are encoded to obtain a first feature. Continuous features among the valid features are transformed to obtain a second feature. Related features among the valid features are combined and derived to obtain a third feature. The first, second, and third features are integrated to obtain an initial feature set. Redundant features in the initial feature set are removed based on a preset redundancy judgment rule, and the validity of the initial feature set is verified to obtain a high-dimensional feature library.
[0040] In one possible implementation, the feature module is further configured to:
[0041] The correlation between the feature and the order security status is quantified and calculated using the preset correlation analysis algorithm to obtain an initial correlation value; the initial correlation value is then normalized to obtain a processed correlation value.
[0042] In one possible implementation, the training module is specifically used for:
[0043] The hyperparameters of a preset gradient boosting tree model are adjusted using a preset parameter optimization algorithm to determine the target hyperparameter combination, resulting in a parameter-optimized model. Data in the high-dimensional feature library is divided into a training set and a validation set according to a preset ratio, and the parameter-optimized model is iteratively trained using the training set. The model performance metrics for each training iteration are recorded, and the trained model's performance is verified using the validation set to obtain the verification results. Based on the verification results, the model training parameters are adjusted until the model performance metrics meet a preset threshold, resulting in a secure identification model.
[0044] In one possible implementation, the analysis module is specifically used for:
[0045] The features in the high-dimensional feature library are classified and grouped according to preset grouping rules, and invalid features in each group are removed based on preset invalid feature judgment rules to obtain multiple feature groups to be analyzed. The feature groups to be analyzed are input into a preset network model to calculate the nonlinear correlation degree within and between feature groups, generating an initial correlation degree matrix. The initial correlation degree matrix is then subjected to a preset normalization algorithm to extract effective correlation information and filter invalid correlation data to obtain feature correlation degree data.
[0046] Thirdly, embodiments of this application provide an electronic device, including: a memory and a processor;
[0047] The memory stores computer-executed instructions;
[0048] The processor executes computer execution instructions stored in the memory, causing the processor to perform the first aspect and / or various possible implementations of the first aspect as described above.
[0049] Fourthly, embodiments of this application provide a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, are used to implement the first aspect and / or various possible implementations of the first aspect.
[0050] Fifthly, embodiments of this application provide a computer program product, including a computer program that, when executed by a processor, implements the first aspect and / or various possible implementations of the first aspect.
[0051] The electronic procurement order security monitoring method, apparatus, equipment, and storage medium provided in this application acquire multi-dimensional heterogeneous data including internal enterprise order data and external business information data. Missing values of continuous and discrete variables in the multi-dimensional heterogeneous data are filled to obtain a standard dataset. Feature analysis is performed on the standard dataset to generate a high-dimensional feature library. Based on the associated features in the high-dimensional feature library, sample cumulative distribution difference analysis and feature interval division are performed to determine the security threshold. A security identification model is generated by training the high-dimensional feature library using a preset gradient boosting tree model. The order data to be detected is input into the security identification model to obtain a security probability value. The security probability value is compared with the security threshold to obtain the order security level. A nonlinear correlation analysis is performed on the features in the high-dimensional feature library using a preset network model to obtain feature correlation data. The security identification result is generated by combining the order security level and the feature correlation data, achieving the effect of accurately determining the security status of electronic procurement orders and improving the accuracy and reliability of order security monitoring and identification. Attached Figure Description
[0052] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.
[0053] Figure 1 This is a schematic diagram illustrating an application scenario of the electronic purchase order security monitoring method provided in the embodiments of this application;
[0054] Figure 2 A flowchart illustrating the security monitoring method for electronic purchase orders provided in this application embodiment;
[0055] Figure 3 A schematic diagram of the structure of the security monitoring device for electronic purchase orders provided in the embodiments of this application;
[0056] Figure 4 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application.
[0057] The accompanying drawings illustrate specific embodiments of this application, which will be described in more detail below. These drawings and descriptions are not intended to limit the scope of the concept in any way, but rather to illustrate the concept of this application to those skilled in the art through reference to particular embodiments. Detailed Implementation
[0058] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.
[0059] First, let me explain the terms used in this application:
[0060] Multi-source heterogeneous data refers to a collection of data from multiple sources and of multiple types, including internal enterprise order data and external business information data.
[0061] Standard datasets refer to high-quality datasets obtained by imputing missing values, deduplicating, filtering outliers, normalizing formats, and performing validation on multivariate heterogeneous data.
[0062] High-dimensional feature library: refers to a feature set containing multiple types of high-value features obtained by calculating, filtering, encoding, transforming, deriving and removing redundancy from a standard dataset;
[0063] Safety threshold: refers to the critical value determined after performing cumulative distribution difference analysis and feature interval division on the associated features in the high-dimensional feature library;
[0064] Pre-selected gradient boosting tree model: refers to a pre-selected ensemble learning algorithm model, such as the extreme gradient boosting (XGBoost) model, the lightweight gradient boosting machine (LightGBM) model, etc.
[0065] Security identification model: refers to a model with the ability to predict the security status of orders, which is obtained by adjusting hyperparameters through preset parameter optimization algorithms, training with a high-dimensional feature library, and undergoing performance verification.
[0066] Security probability value: refers to the quantitative probability value that the security status of an order is represented by the output of the security identification model after the order data to be detected is input into the security identification model;
[0067] Order security level: refers to the business-meaning order security status level, which is determined by comparing the security probability value with the security threshold and classifying it according to preset rules.
[0068] Pre-selected network model: refers to the algorithm model selected in advance to explore the non-linear correlation between features, such as random forest model, generative adversarial network (GAN) and so on;
[0069] Feature correlation data refers to data that reflects the degree of correlation within and between feature groups after inputting the feature groups to be analyzed into a preset network model for calculation, normalization, extraction of effective information, and filtering of invalid data.
[0070] Existing technologies suffer from technical problems such as insufficient accuracy in monitoring and identifying the security of electronic procurement orders and inability to accurately determine the security status of orders. These problems arise from relying on manual review or fixed rule matching, crude data processing, incomplete feature analysis, lack of data basis for threshold setting, and failure to explore nonlinear relationships between features.
[0071] The electronic procurement order security monitoring method provided in this application solves the technical problems of insufficient accuracy in electronic procurement order security monitoring and recognition, and inability to accurately determine the security status of orders. This is achieved by acquiring diverse heterogeneous data and filling in missing values to obtain a standard dataset, generating a high-dimensional feature library through feature analysis of the standard dataset, obtaining a security threshold by performing sample cumulative distribution difference analysis and feature interval division based on associated features, training a security recognition model using a preset gradient boosting tree model, inputting the order data to be detected into the model to obtain a security probability value and comparing it with the security threshold to obtain the order security level, analyzing the nonlinear association of features through a preset network model to obtain feature association degree data, and combining the order security level and feature association data to generate a security recognition result.
[0072] The security monitoring method for electronic purchase orders provided in this application can be applied to scenarios such as risk control throughout the entire process of enterprise digital procurement, compliance monitoring of centralized procurement, and risk screening of supply chain collaborative procurement. Examples include real-time risk monitoring of internal purchase orders in large group enterprises, compliance verification of centralized procurement projects, and anomaly identification of collaborative purchase orders between upstream and downstream enterprises in the supply chain.
[0073] The technical solution of this application and how the technical solution of this application solves the above-mentioned technical problems are described in detail below with specific embodiments. These specific embodiments can be combined with each other, and the same or similar concepts or processes may not be described again in some embodiments. The embodiments of this application will now be described with reference to the accompanying drawings.
[0074] Figure 1 This is a schematic diagram illustrating an application scenario for the security monitoring method for electronic purchase orders provided in this application embodiment, such as... Figure 1 As shown, it includes: terminal 101 and server 102.
[0075] Terminal 101 is used to input order data to be tested, upload diverse and heterogeneous data such as internal enterprise order data and external business registration information, and display the security identification results and risk warning information of electronic procurement orders. Server 102 is used to receive the diverse and heterogeneous data and order data to be tested uploaded by terminal 101, and perform operations such as data missing value imputation, feature analysis, sample cumulative distribution difference analysis, gradient boosting tree model training, and nonlinear correlation analysis to generate a high-dimensional feature library, security threshold, security identification model, order security level and feature correlation data, and finally generate the electronic procurement order security identification result and feed it back to terminal 101.
[0076] Figure 2 This is a flowchart illustrating the security monitoring method for electronic purchase orders provided in this application embodiment. The executing entity in this embodiment can be... Figure 1 The server 102 in the illustrated embodiment can also be other computer-related devices, and this embodiment is not particularly limited.
[0077] like Figure 2 As shown, the security monitoring method for this electronic purchase order includes the following steps:
[0078] Step S201: Obtain diverse heterogeneous data, which includes internal enterprise order data and external business information data.
[0079] Specifically, the data collection process involves collecting internal data such as order data, financial data, and contract data from enterprises, as well as external data such as enterprise business registration big data and historical audit information. The data collection process can be carried out through one or more combinations of data asset subscription, application programming interface calls, and offline data collection, without any specific restrictions.
[0080] Internal order data directly reflects a company's operational status and financial condition, including but not limited to contract information, project information, engineering information, cash flow information, accounts receivable and arrears information, and internal process documents. Examples include contract signing time, contract execution time, contract counterparty, contract receivable (payable) amount, project initiation time, project construction time, project acceptance time, project acceptance payment time, material transfer category, material transfer time, online transaction history, offline transaction history, payment account, item classification, material code, purchase method, market category, etc.
[0081] External business registration information includes company information, risk profiles, and whether key personnel are involved in legal disputes. This data effectively reflects the objective situation and inherent risks of the company being acquired. For example, the number of taxpayers and the company's years of operation can serve as important indicators of profitability and operational stability. Data such as whether company managers are subject to consumption restrictions can reflect the company's current level of security.
[0082] Historical audit information includes audit model results data from previous years, such as security classification, security level, and amount involved; the company's audit problem logs, working papers, audit reports, and accountability handling methods from previous years' audits.
[0083] By fusing multi-source heterogeneous data, data silos are broken down, and data resources of different types and structures from both inside and outside the enterprise are integrated to form a comprehensive set of basic data. This provides complete and comprehensive data source support for subsequent data processing, feature analysis, and model training, thereby improving the comprehensiveness and reliability of subsequent analysis and model training.
[0084] Step S202: Fill in the missing values of continuous and discrete variables in the multivariate heterogeneous data to obtain the standard dataset.
[0085] Specifically, missing values for continuous variables are filled based on the principle of local data similarity, and missing values for discrete variables are filled based on the principle of the highest statistical frequency. Redundancy and errors in the data are eliminated through data cleaning rules, improving the quality of multivariate heterogeneous data and solving problems such as missing data, inconsistent formats, and outliers, so that the data meets the requirements of subsequent feature analysis and model training. The output is a standard dataset with a standardized structure, complete content, and accurate values, reducing the deviation caused by data quality issues in subsequent steps and improving the stability of the overall solution.
[0086] Step S203: Perform feature analysis on the standard dataset to generate a high-dimensional feature library.
[0087] Specifically, effective features are selected based on the correlation between features and target states; potential relationships between features are mined based on feature encoding, transformation, and derivation techniques; and invalid features are removed based on redundancy judgment rules. Representative features are extracted from standard datasets to enrich feature dimensions, reduce feature redundancy, provide high-quality input features for model training, generate a high-dimensional feature library containing effective and high-value features, improve the efficiency and accuracy of subsequent model training, and enhance the model's ability to identify order safety status.
[0088] Step S204: Based on the associated features in the high-dimensional feature library, perform cumulative distribution difference analysis of samples and feature interval division to obtain the safety threshold.
[0089] Specifically, by performing chi-square binning on the associated features in the high-dimensional feature library, the Kolmogorov-Smirnov (KS) values of different binning intervals are calculated, and the interval nodes corresponding to the peak values of the KS values are found, which are used as the basis for dividing the safety threshold.
[0090] The KS (Kolmogorov-Smirnov) value is calculated based on the difference in the cumulative distribution function (CDF). This assumes a good sample (no historical risk orders). The probability distribution function and bad samples (orders with historical risks). KS value definition:
[0091]
[0092] For all possible values, we can find the maximum difference between the cumulative distribution functions (CDS) of good and bad samples. This difference reflects the model's ability to distinguish between good and bad samples across different score ranges. By grouping the samples and calculating the proportion of good and bad samples within each group, we can progressively construct the CDS, providing an intuitive and quantifiable KS value as a clear numerical indicator that reflects the model's discriminative power. A higher KS value indicates that the model performs well in distinguishing between good and bad samples. The KS index is relatively insensitive to small changes in the sample distribution, exhibiting good robustness.
[0093] In this embodiment, historical data is used to perform chi-square binning on all continuous variables, and the optimal cutoff point is selected based on the KS value. Chi-square binning is used to discretize continuous features and determines whether adjacent intervals should be merged based on the chi-square test. For example, a continuous feature X is divided into n intervals. Each interval has a corresponding number of good samples, G. i and the number of bad samples The chi-square value is calculated based on a comparison of the observed and expected values. For each interval I... i Expected value E i This can be determined by the total number of good samples G, the total number of bad samples B, and the interval I. i The number of samples N i The calculation yielded:
[0094] (For good samples);
[0095] (For bad samples);
[0096] The formula for calculating the chi-square value is:
[0097]
[0098] If the chi-square value of two adjacent intervals is less than a preset threshold, these two intervals are merged. The advantage of this method is that it automatically determines the number of bins, eliminating the need to pre-specify the number of bins. Instead, it automatically merges intervals based on the distribution and characteristics of the data, and is relatively insensitive to minor changes in the data, resulting in more stable binning results.
[0099] Based on the chi-square test principle, continuous features are discretized and binned. The KS value is calculated based on the cumulative distribution function difference principle. The peak value of the KS value is used to determine the critical node with the strongest feature discrimination ability, providing a quantitative benchmark for determining the order safety status. The critical value that distinguishes different states is clearly defined, and a safety threshold with high discrimination ability is output, which improves the accuracy of subsequent order safety status determination and ensures the objectivity and consistency of the determination results.
[0100] Step S205: Train the high-dimensional feature library using a preset gradient boosting tree model to generate a security recognition model.
[0101] Specifically, the model residuals are fitted by iteratively constructing multiple decision trees, and regularization is used to prevent overfitting. The optimal hyperparameter combination is searched based on the parameter optimization algorithm to improve model performance and build a model that can accurately identify the order security status. The inherent laws of order security status are learned by using features in the high-dimensional feature library, generating a security identification model with high generalization ability and high recognition accuracy, providing core technical support for the security status determination of orders to be detected.
[0102] Step S206: Obtain the order to be inspected and input the order data of the order to be inspected into the security identification model to obtain the security probability value.
[0103] Specifically, order data of the orders to be detected is collected, and the order data is cleaned and normalized according to the processing rules of the standard dataset. The processed order data is then input into the security identification model, which outputs the corresponding security probability value. Based on the correlation between features learned during the model training phase and the order security status, feature matching and probability calculation are performed on the order data to be detected, transforming the order data into a quantified security probability value. This achieves a preliminary quantitative assessment of the order security status and improves the efficiency of the judgment.
[0104] Step S207: Compare the security probability value with the security threshold to obtain the order security level.
[0105] Specifically, the security probability value is compared with the security threshold, and orders are divided into different security levels according to preset classification rules. Based on the relationship between the security probability value and the security threshold, the security level range to which an order belongs is determined. The quantified security probability value is transformed into a business-meaning security level, making the judgment results more aligned with practical application needs, outputting clear and unambiguous order security levels, providing relevant personnel with an intuitive reference for order status, and improving the practicality of the judgment results.
[0106] Step S208: Perform nonlinear correlation analysis on the features in the high-dimensional feature library based on the preset network model to obtain feature correlation data.
[0107] Specifically, the importance of features is evaluated based on the principle of decision tree ensemble, nonlinear relationships between features are mined based on the principle of adversarial learning, effective correlation information is extracted based on the principle of matrix normalization, potential relationships between features in the high-dimensional feature library are found, the dimensions of order security status determination are enriched, more supporting information is provided for the final recognition results, and feature correlation data that can reflect the degree of correlation between features is output, thereby improving the comprehensiveness and reliability of subsequent recognition results.
[0108] Step S209: Generate security identification results based on order security level and feature correlation data.
[0109] Specifically, the system integrates order security level and feature correlation data, and according to preset result generation rules, combines security level, key feature correlation information, and other content into the final security identification result. Based on the principle of multi-dimensional information fusion, and combining the quantitative judgment result of order security level and the potential relationship information of feature correlation, it outputs a final identification result that is complete and readable, meeting the information display needs of practical applications. It generates identification results containing order security level and key feature correlation information, providing a comprehensive and accurate reference for procurement decisions.
[0110] The security monitoring method for electronic purchase orders provided in this invention integrates multi-source heterogeneous data, optimizes data processing procedures, constructs efficient feature engineering, trains high-precision recognition models, and fuses multi-dimensional analysis results to achieve accurate and efficient determination of the security status of electronic purchase orders. This improves the comprehensiveness and reliability of order monitoring and provides strong technical support for the stable operation of enterprise procurement business.
[0111] This embodiment details the process of filling in missing values for continuous and discrete variables in multivariate heterogeneous data to obtain a standard dataset, as described in the above embodiments. The specific implementation of this process includes the following steps:
[0112] Step a1: Fill missing values of continuous variables in multivariate heterogeneous data using the nearest neighbor algorithm, and fill missing values of discrete variables in multivariate heterogeneous data using the mode, to obtain the preliminary processed dataset.
[0113] Specifically, for continuous variables in multivariate heterogeneous data, the nearest neighbor algorithm (KNN, K-Nearest Neighbors) can be used to calculate the Euclidean distance between missing data points and other data points, select the nearest number of neighboring points, and fill the missing positions with the mean of the corresponding feature values of the neighboring points; for discrete variables, by statistically analyzing the frequency of each value under the corresponding feature, the mode with the highest frequency is selected to fill the missing positions, and the data after filling is integrated to obtain the preliminary processed dataset.
[0114] In data imputation scenarios, for continuous variables, suppose there is a data point containing a missing value, and this missing value needs to be filled based on its K nearest neighbors. For continuous features, the imputed value is usually the average of the feature values corresponding to the K nearest neighbors. Mathematically, let's assume the feature to be imputed is... Let P be the data point containing the missing value, and let its K nearest neighbors be (P, P ... Corresponding The eigenvalues are respectively The value to fill in The calculation method is as follows:
[0115]
[0116] Among them, continuous variables such as premium purchase amount, over-budget purchase amount, unbalanced bid amount, years of enterprise establishment, and number of employees paying social security can all be filled in this way.
[0117] For discrete features, the mode is used for imputation. That is, the category with the highest frequency among the feature values corresponding to the K nearest neighbors is used as the imputation value. When calculating nearest neighbors, Euclidean distance or other distance metrics are typically used to measure the distance between data points. For two data points... and The Euclidean distance is calculated as follows:
[0118]
[0119] Discrete variables such as whether to buy A and procure B, whether to package ICT for engineering, and whether to procure from high-risk suppliers can all be filled in using this method.
[0120] By filling in missing fields in diverse and heterogeneous data, the problem of incomplete information caused by missing data is solved, providing a basic data carrier for subsequent data processing. This results in a preliminary processed dataset without missing values, reducing the interference of missing data on subsequent analysis and model training, and ensuring the continuity of the data processing flow. Furthermore, KNN imputation fully considers the local characteristics of the data, determining the imputation value based on the nearest neighbors of the data point to be imputed, thus better reflecting the local data pattern of the data point. KNN imputation can also adaptively impute based on the specific location of the data point and the surrounding data, rather than using a single global statistical value, thereby reducing the bias introduced by the imputed data.
[0121] Step a2: Perform deduplication on the preliminary dataset to obtain the target data.
[0122] Specifically, based on a preset unique identifier field or a combination of multiple fields, the data records in the preliminary processing dataset are matched to identify and remove data records with completely duplicate content, and retain unique data records to form the target data.
[0123] Duplicate data records cause information redundancy. Removing them can avoid redundant calculations in subsequent processing. By eliminating data redundancy, the computational load of subsequent data processing is reduced, data processing efficiency is improved, target data without duplicate records is obtained, the data volume is reduced, and the accuracy of data processing is improved.
[0124] Step a3: Filter outlier data in the target data based on preset outlier judgment rules, and normalize the format of all fields in the target data.
[0125] Specifically, the preset outlier detection rules can employ preset statistical methods or preset business logic rules to identify and filter out abnormal data that exceeds a reasonable range in the target data. For all fields in the target data, standardized field naming conventions, data types, and units of measurement are implemented, and format normalization is performed. The preset outlier detection rules can employ truncation methods based on data distribution or limitation methods based on business thresholds; no specific restrictions are imposed here.
[0126] Outlier filtering is based on data distribution patterns or business logic constraints, removing data that deviates from the normal range; format normalization is based on the principle of data standardization, eliminating format differences between different fields, removing invalid data interference, unifying data format standards, ensuring data consistency in structure and content, obtaining well-organized data with uniform format and no outliers, improving data quality, and meeting the requirements of subsequent feature analysis.
[0127] Step a4: Perform field integrity and numerical rationality checks on the normalized target data, and complete the data items that fail the checks to obtain the standard dataset.
[0128] Specifically, the process involves checking whether the fields of the target data after normalization are complete and verifying whether the values of each field conform to the preset business logic range. For data items that fail the verification, the data is filled in again using the method described in step a1, and the verified and filled data is integrated to obtain a standard dataset. Based on data integrity constraints and business rationality rules, this ensures that the data is complete at the field level and without deviation at the numerical level, and fills in any missing data found during the verification process, thus guaranteeing the accuracy and usability of the data.
[0129] This invention improves the quality of diverse and heterogeneous data through a series of data processing operations, including missing value filling, data deduplication, outlier filtering, format normalization, and verification completion, laying a solid data foundation for subsequent feature analysis and model training for electronic procurement order security monitoring.
[0130] This embodiment provides a detailed description of the process of performing feature analysis on the standard dataset and generating a high-dimensional feature library as described in the above embodiments. The specific implementation of this process includes the following steps:
[0131] Step b1: Calculate the correlation between features in the standard dataset and order security status using a preset correlation analysis algorithm.
[0132] Specifically, the features within the standard dataset are calculated using a preset correlation analysis algorithm. The preset correlation analysis algorithm can be the decision tree correlation matching method or the information value (IV) comparison method, without any specific restrictions. The correlation between each feature and the order security status is quantified by the selected algorithm to obtain an initial correlation value. Then, the initial correlation value is normalized using a preset standardization algorithm to eliminate the difference in units and obtain the final correlation value.
[0133] The correlation between features and target states is quantified by standardizing the units of the correlation values of different features to ensure comparability. By quantifying the correlation between features and order security status, a quantitative basis is provided for subsequent feature selection, clarifying the contribution of each feature to the target state, and outputting standardized correlation values to achieve a quantitative assessment of feature importance.
[0134] Step b2: Compare the correlation value with the preset correlation threshold, and select features whose correlation value is greater than or equal to the preset correlation threshold as valid features.
[0135] Specifically, by comparing each feature's correlation score with a preset correlation threshold, features with correlation scores greater than or equal to the threshold are retained, and these retained features are integrated to form an effective feature set. Features with sufficient correlation are selected based on preset thresholds, while features with low impact on order security status and low-correlation features are removed, thus reducing the number of features, lowering the computational complexity of subsequent feature processing, and focusing on high-value features. This results in an effective feature set highly correlated with order security status, improving the targeting and efficiency of subsequent feature processing.
[0136] Step b3: Encode the categorical features among the valid features to obtain the first feature.
[0137] Specifically, the categorical features among the valid features are identified, and the categorical features are transformed using one-hot encoding. An equal-length vector is constructed based on the number of values of the categorical features, and vector mapping is performed on each categorical value to generate encoded feature data, thus obtaining the first feature.
[0138] One-hot encoding has a categorical feature with n distinct classes. For example, a vector of length n is created to represent each possible value of this feature. For each specific sample, if the feature value belongs to the i-th class (1 ≤ i ≤ n), then the i-th position of the corresponding encoding vector is 1, and the remaining positions are 0.
[0139] In a specific example, one-hot encoding is used to address data such as supplier qualifications, bid rigging, and multiple component purchases. For instance, the enumerated values for supplier qualifications are "no qualifications," "qualified," and "expired qualifications." "No qualifications" is encoded as [1, 0, 0], "qualified" as [0, 1, 0], and "expired qualifications" as [0, 0, 1]. This encoding method maps each category to a unit vector in an n-dimensional vector space. Different categories are orthogonal to each other in the vector space, meaning the inner product between different categories is 0. This clearly represents the independence between different categories, avoiding numerical comparisons and calculations between categories.
[0140] By mapping discrete categorical features to a high-dimensional orthogonal vector space, the values of categorical features are made independent, avoiding numerical comparison bias between categories. Non-numerical categorical features are converted into numerical features that meet the algorithm input requirements, thus adapting to the data format requirements of subsequent model training.
[0141] Step b4: Transform the continuous features in the effective features to obtain the second feature.
[0142] Specifically, continuous features are identified among the valid features, and weight of evidence (WOE) transformation and data standardization are performed on the continuous features in sequence. The non-linear relationship between continuous features and order security status is captured by WOE transformation, and the influence of feature dimensions is eliminated by minimum-maximum scaling or standardization. The integrated features are then used to obtain the second feature.
[0143] WOE can be used to capture the nonlinear relationship between features and target variables, and for some extreme values and outliers, it can be processed by binning to produce more stable features, and these features retain the solvable properties of the original features.
[0144] For example, the characteristic of exceeding the procurement amount X can have n different values (grouped). The corresponding number of samples with risky procurement were respectively The number of samples that did not exhibit risky procurement were as follows: ,in It is the total number of samples in the i-th group. The formula for calculating WOE is:
[0145]
[0146] This approach can generate 15 new features, such as "Procurement Amount Exceeding Project Requirement_woe", "Premium Procurement_woe", and "Procurement Amount of Multiple Components_woe".
[0147] By mapping feature values to a specific range, such as [0, 1] or [-1, 1], the influence of dimensions between different features is eliminated. The calculation and implementation methods for Min-MaxScaling and Standardization are as follows:
[0148] Minimum and maximum scaling: ;
[0149] standardization: ,in The mean, The standard deviation is denoted as .
[0150] Based on the WOE transformation principle, the ability of different intervals of continuous features to distinguish target states is quantified. Based on the data standardization principle, the numerical range of features is unified, the difference in dimensions is eliminated, the ability of continuous features to express the order safety status is enhanced, the interference of continuous features with different dimensions on subsequent analysis is reduced, and a second feature with nonlinear expressive ability and unified dimensions is output, thereby improving the analytical value of continuous features.
[0151] Step b5 involves combining and derivation of the associated features among the valid features to obtain the third feature.
[0152] Specifically, features with potential correlations among valid features are identified, and multinomial feature generation is used for combination and derivation processing to construct second- or third-order multinomial features. This generates combinations of features such as products and squares, and the derived features are integrated to obtain the third feature.
[0153] Derivation processing can enhance the expressive power of a model, capturing complex nonlinear relationships between features, enabling the model to better fit the data and improve prediction accuracy. For example, assuming there are original features... and For second-order polynomial feature generation, the new features can be obtained as follows: .in, express Its own square. Similarly. This represents the product of the two features. For third-order polynomial feature generation, the new features may include... etc. With For example, it means Multiply by itself three times consecutively. That is squared multiplied by .
[0154] In this way, multinomial feature generation can capture the non-linear relationships between the original features. In real-world data, the relationships between variables are usually not simple linear, and multinomials can more flexibly fit complex patterns. By using multinomial combinations of important feature variables such as "single source," "public tender amount," "inquiry amount," and "ICT order amount," 36 features can be generated, such as "single source × ICT order amount" and "ICT order amount / public tender amount."
[0155] Based on the principle of polynomial combination, we can mine the potential nonlinear relationships between features, generate new high-value features through feature combination, capture the correlation information that cannot be reflected by a single feature, improve the feature's ability to represent the order safety status, output a third feature containing feature correlation information, expand the feature's expression dimension, and provide more effective information for model training.
[0156] Step b6: Integrate the first feature, the second feature, and the third feature to obtain the initial feature set.
[0157] Specifically, a feature concatenation method is used to integrate three types of feature data to form an initial feature set containing encoded features, transformed features, and derived features. By integrating features obtained from different processing methods into a unified set, comprehensive coverage of feature information is achieved.
[0158] Step b7: Based on the preset redundancy judgment rules, redundant features in the initial feature set are removed, and the validity of the initial feature set is verified to obtain a high-dimensional feature library.
[0159] Specifically, redundant features in the initial feature set are identified based on preset redundancy judgment rules. These rules can be feature similarity calculation rules or feature contribution ranking rules, and no specific restrictions are imposed here. After removing the identified redundant features, a preset validity verification algorithm is used to evaluate the feature set after removal to verify the feature set's ability to represent the order's security status. After passing the verification, a high-dimensional feature library is obtained.
[0160] By effectively optimizing the feature set structure, removing redundant information, improving the quality and efficiency of the feature set, ensuring the feature's ability to represent the target state, a high-quality, low-redundancy high-dimensional feature library is obtained, providing accurate and efficient feature input for subsequent model training.
[0161] This invention generates a high-quality, high-dimensional feature library through a series of operations, including feature correlation calculation and screening, multi-type feature transformation and derivation, and feature integration and redundancy removal. This enhances the ability of features to represent the security status of orders and provides solid feature support for the subsequent training of electronic procurement order security monitoring models.
[0162] This embodiment provides a detailed explanation of the process in the above embodiment for calculating the correlation between features in the standard dataset and order security status based on a preset correlation analysis algorithm. The specific implementation of this process includes the following steps:
[0163] Step c1: Quantify the correlation between features and order security status using a preset correlation analysis algorithm to obtain an initial correlation value.
[0164] Specifically, a preset correlation analysis algorithm is selected to calculate the features in the standard dataset. The preset correlation analysis algorithm can be the decision tree correlation matching method or the information value (IV) comparison method, without specific restrictions. If the decision tree correlation matching method is used, the reduction in impurity of the feature at the split node of the decision tree is calculated, and this is used as the quantitative value of the correlation between the feature and the order security status. If the information value comparison method is used, the information value of each group of features is calculated and summarized to obtain the quantitative value of the correlation. The quantitative values of all features are integrated to obtain the initial correlation value.
[0165] When using the decision tree-based correlation matching method, the association is characterized by the degree to which feature splitting reduces data impurity; the greater the reduction in impurity, the stronger the association. When using the information value comparison method, the association is characterized by the ability of feature grouping to distinguish order security status; the higher the information value, the stronger the association. By transforming the potential association between features and order security status into quantifiable values, the influence of each feature on order security status is clarified, achieving a preliminary quantitative assessment of feature importance and laying a data foundation for subsequent normalization processing.
[0166] Step c2: Normalize the initial correlation coefficient values to obtain the processed correlation coefficient values.
[0167] Specifically, a preset standardization algorithm is used to process the initial correlation degree values. The preset standardization algorithm can be the min-max scaling algorithm or the Z-score algorithm, which can be selected according to the specific situation, without any specific restrictions. If the min-max scaling algorithm is used, the initial correlation degree values are mapped to the interval [0, 1]. If the standardization algorithm is used, the initial correlation degree values are converted into a distribution with a mean of 0 and a standard deviation of 1. The integrated values are used to obtain the final correlation degree values.
[0168] Based on the principle of numerical mapping, the range differences of the initial correlation values of different features are eliminated by minimax scaling, and the dimensional differences of the initial correlation values of different features are eliminated by standardization, ensuring that the correlation values of different features are in the same comparable dimension. By unifying the measurement standard of the correlation values of different features, misjudgment of feature importance caused by differences in the range of initial values is avoided, ensuring the fairness and accuracy of subsequent threshold comparison.
[0169] This invention, through the collaborative operation of quantitative calculation and normalization of correlation, outputs a standardized correlation value that is comparable, providing a precise quantitative basis for effective feature selection and improving the scientificity and reliability of subsequent feature analysis.
[0170] This embodiment details the process of training a high-dimensional feature library using a preset gradient boosting tree model to generate a security identification model, as described in the above embodiments. The specific implementation of this process includes the following steps:
[0171] Step d1: Adjust the hyperparameters of the preset gradient boosting tree model using a preset parameter optimization algorithm, determine the target hyperparameter combination, and obtain the optimized model.
[0172] Specifically, the preset parameter optimization algorithm can be a Bayesian optimization algorithm or a grid search algorithm, etc.; determine the range of hyperparameters to be optimized, including learning rate, number of iterations, decision tree depth, minimum loss reduction required for leaf node splitting, row sampling ratio, column sampling ratio, etc.; by selecting an algorithm to balance exploration and utilization in the parameter space, iteratively evaluate the model performance under different hyperparameter combinations, determine the optimal hyperparameter combination, and configure it into the preset gradient boosting tree model to obtain the parameter-optimized model.
[0173] The preset gradient boosting tree model can use either the extreme gradient boosting (XG Boost) model or the lightweight gradient boosting machine (Light GBM) model.
[0174] Based on the probabilistic surrogate model or exhaustive search principle of parameter optimization algorithm, this method seeks the parameter combination that maximizes model performance within the hyperparameter space. By regularizing the relevant hyperparameters to balance the model's fitting and generalization capabilities, it solves the problem of blindly configuring hyperparameters in gradient boosting tree models, optimizes the model's training efficiency and performance, and avoids overfitting or underfitting caused by unreasonable hyperparameters. This results in the output of a gradient boosting tree model with optimal parameter configuration, providing a high-performance algorithmic foundation for subsequent model training and improving the relevance and effectiveness of model training.
[0175] Step d2 involves dividing the data in the high-dimensional feature library into a training set and a validation set according to a preset ratio, and then using the training set to iteratively train the model with optimized parameters.
[0176] Specifically, the data in the high-dimensional feature library is randomly divided into training and validation sets according to a preset ratio, which can be flexibly set according to the data volume. The feature data of the training set and the corresponding order safety status labels are input into the optimized model. Based on the iterative training principle of gradient boosting trees, new decision trees are successively constructed to fit the prediction residuals of the previous model. By continuously stacking decision trees, the prediction accuracy of the model is improved, and multiple rounds of iterative training are completed.
[0177] By iteratively constructing multiple weak decision tree learners, the prediction results of all learners are weighted and integrated to form an ensemble model with strong predictive capabilities. By dividing the model into independent validation sets, the model training and performance evaluation are separated, allowing the model to learn the intrinsic correlation between features and order safety status from the training set, gradually building a model framework with predictive capabilities, and providing a basic model for subsequent performance verification.
[0178] Step d3: Record the model performance metrics for each training session, and verify the performance of the trained model using the validation set to obtain the validation results.
[0179] Specifically, after each iteration of training, the corresponding performance metrics of the model are recorded, including the area under the curve (AUC), accuracy, precision, etc. The feature data of the validation set is input into the trained model to obtain the model's prediction results. The prediction results are compared with the true labels of the validation set, the specific values of each performance metric are calculated, and the values are integrated to obtain the model performance verification results.
[0180] Based on the performance evaluation principle of independent datasets, the validation set is not involved in model training, thus objectively reflecting the model's generalization ability to unknown data. Quantitative performance metrics intuitively demonstrate the model's prediction accuracy and stability. By monitoring the model's training performance, overfitting or underfitting issues on the validation set can be identified promptly, pinpointing the model's current performance weaknesses and providing direction for further parameter adjustments.
[0181] Step d4: Adjust the model training parameters based on the verification results until the model performance indicators meet the preset indicator thresholds to obtain the secure identification model.
[0182] Specifically, the performance verification results output by the validation set are analyzed. If the model performance index does not reach the preset threshold, the model training parameters are adjusted based on the verification results. The adjusted parameters include the number of iterations, learning rate, decision tree depth, etc. The training set data is re-inputted for iterative training, and the performance is verified again through the validation set. The above adjustment, training, and verification process is repeated until the model performance index meets the preset threshold. The finally trained model is determined as the security recognition model.
[0183] The training strategy is dynamically adjusted based on the performance feedback from the validation set. By continuously correcting the model parameters, the model's predictive ability gradually approaches the preset performance standard, solving the overfitting and underfitting problems in the model training process, ensuring that the model performance meets the requirements of business applications, improving the model's practical application value, and outputting a safety identification model that meets the preset performance requirements, with high-precision order safety status prediction capabilities.
[0184] The modeling process is illustrated with an example, for instance:
[0185] The initial predicted value is established based on the mean of all sample target values: .
[0186] Where n is the total sample size of the dataset, and the sample size used in this case is 520,000 (520,000 supplier-related data and historical risk records) and n=520,000;
[0187] This represents the predicted value of the i-th sample at the initial stage (during the first iteration);
[0188] This represents the true label value of the i-th sample. This label is used to compare with the predicted label to calculate the relevant loss, which facilitates the next iteration.
[0189] Iterate and add tree model:
[0190] For the t-th iteration, calculate the loss function L with respect to the current predicted value. first derivative and second derivative For binary classification problems, the commonly used loss function is the logarithmic loss function:
[0191]
[0192]
[0193] Wherein, the first derivative The first derivative reflects the rate of change of the loss function at the current predicted value. By calculating the first derivative, we can determine whether the current predicted value leads to an increase or decrease in loss, thus deciding the direction of model parameter adjustment. If the first derivative is positive, it means the current predicted value is too small and needs to be increased; conversely, if the first derivative is negative, it means the current predicted value is too large and needs to be decreased. Secondly, the first derivative is used to determine the direction of gradient descent. When optimizing the model, the model parameters are usually updated along the direction of the fastest descent of the loss function (the direction of the negative gradient) to minimize the loss.
[0194] The second derivative reflects the rate of change of the first derivative and can measure the curvature of the loss function, i.e., the concavity or convexity of the function. In XGBoost, second derivative information helps to more accurately estimate the step size at each step, thus enabling more efficient model optimization. A larger second derivative indicates that the loss function changes rapidly, the model is more sensitive to that sample, and requires more careful adjustment; a smaller second derivative indicates that the loss function changes more gradually, and the model can be adjusted relatively more for that sample.
[0195] Based on derivative information, a new decision tree is generated using a greedy algorithm. The goal is to minimize the following objective function:
[0196]
[0197] in, T is the number of leaf nodes in the tree. These are parameters that control the generation of leaf nodes. It is a regularization parameter. It is the weight of the j-th leaf node.
[0198] The newly generated decision tree Add to the model and update the predicted values: .
[0199] The final predicted value is: ,in It's the sigmoid function: , is used to map the predicted value to the interval [0, 1] to represent the probability of belonging to category 1 and the probability of being a risk order.
[0200] This invention generates a high-performance security identification model through a series of operations, including hyperparameter optimization, dataset partitioning and iterative training, validation set performance verification, and parameter iterative adjustment. This improves the accuracy and generalization ability of predicting the security status of electronic procurement orders, providing reliable algorithmic support for order security monitoring.
[0201] This embodiment details the process described in the above embodiment of performing nonlinear correlation analysis on features in a high-dimensional feature library based on a preset network model to obtain feature correlation data. The specific implementation of this process includes the following steps:
[0202] Step e1: Classify and group the features in the high-dimensional feature library according to the preset grouping rules, and remove invalid features in each group based on the preset invalid feature judgment rules to obtain multiple feature groups to be analyzed.
[0203] Specifically, features in the high-dimensional feature library are classified and grouped according to preset grouping rules. These preset grouping rules can be feature business attribute rules, feature data type rules, etc., without specific restrictions. Preset invalid feature judgment rules are selected to identify invalid features in each group. These preset invalid feature judgment rules can be feature variance threshold rules, feature contribution threshold rules, etc. Feature grouping is completed according to the selected rules, invalid features are removed, and the remaining features are integrated to form multiple feature groups to be analyzed.
[0204] Grouping is performed based on the principle of feature homogeneity, so that features in the same group have similar attributes or business significance; invalid features are eliminated based on the principle of information density filtering, and low-value features that do not contribute to the association analysis are removed; the number of features is reduced, the computational complexity of subsequent nonlinear association analysis is reduced, and a feature group with clear structure and high information density is obtained, laying the data foundation for subsequent nonlinear association mining.
[0205] Step e2: Input the feature group to be analyzed into the preset network model to calculate the nonlinear correlation degree within and between the feature groups, and generate the initial correlation degree matrix.
[0206] Specifically, nonlinear correlation analysis is performed using a pre-defined network model. This model can be a random forest or a generative adversarial network (GAN), with no specific restrictions. If a random forest is used, multiple decision trees are constructed, and the reduction in Gini impurity at split nodes is calculated to quantify the correlation within and between feature groups. If a generative adversarial network is used, adversarial learning between the generator and discriminator captures potential nonlinear dependencies between features to assess the correlation within and between feature groups. Finally, the correlation quantification values of all features are integrated to generate an initial correlation matrix.
[0207] When using a random forest model, the degree to which feature splitting of the ensemble decision tree improves data impurity characterizes the correlation; the greater the reduction in impurity, the stronger the correlation. When using a generative adversarial network, the nonlinear mapping relationship between features is mined based on the principle of adversarial learning, and the degree of correlation is fed back by the difference between generated data and real data. This overcomes the limitations of linear correlation analysis, mines hidden nonlinear correlations between features, quantifies the degree of correlation within and between feature groups, provides quantitative data support for correlation analysis, generates an initial correlation degree matrix containing correlation information within and between feature groups, fully presents the overall correlation of the high-dimensional feature library, and enriches the dimensions of order security status analysis.
[0208] For example, Gini impurity measures the probability that two randomly selected samples from a dataset will belong to different classes. When splitting a feature, if the sum of the Gini impurities of the resulting child nodes is less than the sum of the Gini impurities before the split, the split is considered effective, reducing the data's clutter. By averaging this impurity reduction effect across multiple decision trees for each feature, we obtain the feature importance score. A higher score indicates a greater contribution of the feature to the model's predictive ability and a closer relationship with the target variable. Using a recursive approach, we progressively use the existing 36 features as the target variable, model and predict using the remaining 35 features, calculate their "feature importance," and then sort them in reverse order, combining the top three with the target feature.
[0209] The specific splitting method is as follows:
[0210] For example, feature A splits at node m, and the Gini impurity of node m before the split is... Left child node after split The impurity of the ginni is The number of samples is right child node The impurity of the ginni is The sample size is Then feature A is at node The importance of feature A is the average of the reduction in Gini impurity of all split nodes across all decision trees.
[0211] Data sampling to calculate Gini impurity:
[0212] A new subset (bootstrap sample) is formed by randomly selecting samples from the original dataset. The unselected samples are called out-of-bag (OOB) data, used to evaluate feature importance and randomly select some features, calculating the reduction in impurity at each possible split point. Taking Gini impurity as an example, suppose we want to split the feature "difference between the signing time and the establishment time of the supplier's winning bid contract," with possible split points 's', a sample set of nodes before splitting 'D', and a Gini impurity of 's'. The sample set of the left child node after splitting is The impurity of the gin is The sample set of the right child node is The impurity of the gin is The reduction in Gini impurity at the split point is:
[0213]
[0214] Select the split point with the largest reduction in Gini impurity for splitting, and recursively build a decision tree until the stopping condition is met (the stopping condition is such as the maximum tree depth of 5 and the number of leaf node samples of 20).
[0215] Calculate the importance score of feature F in the current decision tree:
[0216] Traverse all non-leaf nodes of the decision tree and sum the Gini impurity reduction of feature F at each node to obtain the total impurity reduction of feature F in the current decision tree. Repeat the above steps to build all decision trees and calculate the importance score of each feature in each decision tree. The calculation formula is as follows:
[0217]
[0218] Where N is the number of decision trees in the random forest. It is the importance score of feature F in the i-th decision tree.
[0219] Generative Adversarial Networks (GANs) consist of a generator and a discriminator. They utilize two features... (Contract premium procurement) and Taking (supplier establishment time) as an example, random forest determines that they have a high correlation. Define a generator G and a discriminator D. The generator G generates data similar to the real data distribution based on the input, and the discriminator D distinguishes between the generated data and the real data.
[0220] In standard GANs, the goal of the generator is to maximize the probability that the discriminator identifies the generated data as real data:
[0221]
[0222] Specific process: Initialize the parameters of generator G; from the prior distribution Sample random noise z; generator G generates data based on z. .
[0223] The discriminant distinguishes the differences between new data metrics and real data:
[0224] During training, the generator and discriminator continuously optimize their respective parameters, enabling the generator to generate features... and With more realistic data under certain conditions, the discriminator can more accurately distinguish between real and generated data. Through this training, the model gradually learns the features. and The correlation patterns between features can be analyzed to identify highly correlated features. A penalty term related to feature correlation can also be introduced into the loss function.
[0225]
[0226] Specific process: Initialize the parameters of the discriminator D; from the real data distribution Sample real data X and obtain relevant features. and .
[0227] The real data X and the features are respectively , and the data generated by the generator With features , Input discriminator D, obtain output and .
[0228] Calibration is performed based on the difference between the generated data and the real data calculated by the discriminator.
[0229] By using MSE as the loss metric for generating data and using mean squared error (MSE) to measure the difference between features, the generator's loss function becomes:
[0230]
[0231] Specific process: Calculate the generator's original loss according to the steps outlined above; calculate the features in the generated data. and Features in real data and Mean square error: Calculate the final loss of the generator, where It is a hyperparameter that controls the strength of the correlation penalty.
[0232] Through repeated iterative training, the model can learn how to generate reasonable data based on the correlation of features, thereby achieving the identification and understanding of high correlations between features.
[0233] Step e3 involves extracting effective association information and filtering invalid association data from the initial association degree matrix using a preset normalization algorithm to obtain feature association degree data.
[0234] Specifically, the initial correlation matrix is processed using a preset normalization algorithm. This algorithm can be either a min-max scaling algorithm or a Z-score algorithm. By selecting the algorithm, the values of the initial correlation matrix are mapped to a unified interval, eliminating dimensional differences in correlation values across different dimensions. Based on a preset correlation threshold, valid correlation information is extracted from the matrix, and invalid correlation data below the threshold is filtered out. The processed data is then integrated to obtain the feature correlation data. This effectively eliminates the interference of dimensional differences on correlation analysis, refines the quality of correlation information, filters out interference from invalid data, and improves the accuracy of the correlation data.
[0235] This invention generates high-quality feature correlation data through a series of operations, including feature grouping and invalid feature removal, nonlinear correlation degree quantification, and correlation information purification and filtering. This improves the comprehensiveness and accuracy of electronic procurement order security monitoring and analysis, and provides multi-dimensional correlation information support for order security status determination.
[0236] Figure 3 A schematic diagram of the structure of the security monitoring device for electronic purchase orders provided in this application embodiment. Figure 3 As shown, the security monitoring device 30 for the electronic purchase order includes:
[0237] The acquisition module 301 is used to acquire diverse and heterogeneous data, which includes internal enterprise order data and external business information data.
[0238] Processing module 302 is used to fill in the missing values of continuous and discrete variables in multivariate heterogeneous data to obtain a standard dataset;
[0239] Feature module 303 is used to perform feature analysis on standard datasets and generate a high-dimensional feature library;
[0240] Calculation module 304 is used to perform sample cumulative distribution difference analysis and feature interval division based on the associated features in the high-dimensional feature library to obtain the safety threshold;
[0241] Training module 305 is used to train a high-dimensional feature library using a preset gradient boosting tree model to generate a security recognition model;
[0242] The acquisition module 301 is also used to acquire the order to be detected and input the order data of the order to be detected into the security identification model to obtain the security probability value;
[0243] Analysis module 306 is used to compare the security probability value with the security threshold to obtain the order security level;
[0244] Analysis module 306 is also used to perform nonlinear correlation analysis on features in a high-dimensional feature library based on a preset network model to obtain feature correlation data;
[0245] The generation module 307 is used to generate security identification results based on order security level and feature correlation data.
[0246] In one possible implementation, the processing module 302 is specifically used for:
[0247] The preliminary processed dataset is obtained by filling missing values of continuous variables in multivariate heterogeneous data using the nearest neighbor algorithm and filling missing values of discrete variables using the mode. The preliminary processed dataset is then deduplicated to obtain the target dataset. Abnormal data in the target dataset is filtered based on preset outlier detection rules, and all fields in the target dataset are normalized. Finally, the normalized target data is validated for field integrity and numerical reasonableness, and data items that fail the validation are added to obtain the standard dataset.
[0248] In one possible implementation, feature module 303 is specifically used for:
[0249] The correlation between features in the standard dataset and order security status is calculated using a preset correlation analysis algorithm. The correlation values are compared with a preset correlation threshold, and features with correlation values greater than or equal to the threshold are selected as valid features. Categorical features among the valid features are encoded to obtain the first feature. Continuous features among the valid features are transformed to obtain the second feature. Related features among the valid features are combined and derived to obtain the third feature. The first, second, and third features are integrated to obtain an initial feature set. Redundant features in the initial feature set are removed based on preset redundancy judgment rules, and the validity of the initial feature set is verified to obtain a high-dimensional feature library.
[0250] In one possible implementation, feature module 303 is further configured to:
[0251] The correlation between features and order security status is quantified by a preset correlation analysis algorithm to obtain an initial correlation value; the initial correlation value is then normalized to obtain a processed correlation value.
[0252] In one possible implementation, the training module 305 is specifically used for:
[0253] The hyperparameters of a preset gradient boosting tree model are adjusted by a preset parameter optimization algorithm to determine the target hyperparameter combination, resulting in a parameter-optimized model. The data in the high-dimensional feature library is divided into training and validation sets according to a preset ratio, and the parameter-optimized model is iteratively trained using the training set. The model performance indicators for each training session are recorded, and the performance of the trained model is verified using the validation set to obtain the verification results. Based on the verification results, the model training parameters are adjusted until the model performance indicators meet the preset indicator thresholds, thus obtaining a secure identification model.
[0254] In one possible implementation, the analysis module 306 is specifically used for:
[0255] The features in the high-dimensional feature library are classified and grouped according to preset grouping rules, and invalid features in each group are removed based on preset invalid feature judgment rules to obtain multiple feature groups to be analyzed. The feature groups to be analyzed are input into a preset network model to calculate the nonlinear correlation degree within and between feature groups, generating an initial correlation degree matrix. The initial correlation degree matrix is then subjected to a preset normalization algorithm to extract effective correlation information and filter invalid correlation data to obtain feature correlation degree data.
[0256] The electronic purchase order security monitoring device provided in this embodiment can be used to execute the above-described electronic purchase order security monitoring method. Its implementation principle and technical effect are similar, and will not be described again in this embodiment.
[0257] Figure 4 A schematic diagram of the hardware structure of the electronic device provided in the embodiments of this application, such as... Figure 4 As shown, the electronic device 40 includes at least one processor 401 and a memory 402. Optionally, the electronic device 40 also includes a communication component 403. The processor 401, memory 402, and communication component 403 are connected via a bus 404.
[0258] In the specific implementation process, at least one processor 401 executes computer execution instructions stored in memory 402, causing at least one processor 401 to perform the above method.
[0259] The specific implementation process of processor 401 can be found in the above method embodiments, and its implementation principle and technical effect are similar. It will not be repeated here.
[0260] In the above embodiments, it should be understood that the processor can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), etc. The general-purpose processor can be a microprocessor or any conventional processor. The steps of the method disclosed in this invention can be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules within the processor.
[0261] The memory may include random access memory (RAM) and may also include non-volatile memory (NVM), such as at least one disk storage device.
[0262] The bus can be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus, etc. Buses can be categorized as address buses, data buses, control buses, etc. For ease of illustration, the buses shown in the accompanying drawings are not limited to a single bus or a single type of bus.
[0263] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the above-described method.
[0264] This application also provides a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, implement the above-described method.
[0265] The aforementioned readable storage medium can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic storage, flash memory, magnetic disk, or optical disk. The readable storage medium can be any available medium accessible to a general-purpose or special-purpose computer.
[0266] An exemplary readable storage medium is coupled to a processor, enabling the processor to read information from and write information to the readable storage medium. Of course, the readable storage medium can also be a component of the processor. The processor and the readable storage medium can reside in an Application Specific Integrated Circuit (ASIC). Alternatively, the processor and the readable storage medium can exist as discrete components in the device.
[0267] The division of units is merely a logical functional division; in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be indirect coupling or communication connection through some interfaces, devices, or units, and may be electrical, mechanical, or other forms.
[0268] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.
[0269] In addition, the functional units in the various embodiments of the present invention can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.
[0270] If a function is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this invention, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0271] Those skilled in the art will understand that all or part of the steps of the above-described method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When executed, the program performs the steps of the above-described method embodiments; and the aforementioned storage medium includes various media capable of storing program code, such as ROM, RAM, magnetic disks, or optical disks.
[0272] Finally, it should be noted that other embodiments of the invention will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention that follow the general principles of the invention and include common knowledge or customary techniques in the art not disclosed herein, and is not limited to the precise structures described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of the invention is limited only by the appended claims.
Claims
1. A method for security monitoring of electronic purchase orders, characterized in that, include: Acquire diverse and heterogeneous data, including internal enterprise order data and external business information data; Missing values for continuous and discrete variables in the multivariate heterogeneous data are filled to obtain a standard dataset; Feature analysis is performed on the standard dataset to generate a high-dimensional feature library; Based on the associated features in the high-dimensional feature library, a safety threshold is obtained by performing cumulative distribution difference analysis of samples and feature interval division. A security identification model is generated by training the high-dimensional feature library using a preset gradient boosting tree model. Obtain the order to be detected and input the order data of the order to be detected into the security identification model to obtain the security probability value; The order security level is obtained by comparing the security probability value with the security threshold. Based on a preset network model, nonlinear correlation analysis is performed on the features in the high-dimensional feature library to obtain feature correlation data. A security identification result is generated based on the order security level and the feature correlation data.
2. The method according to claim 1, characterized in that, Missing values for continuous and discrete variables in the aforementioned multivariate heterogeneous data are filled to obtain a standard dataset, including: The missing values of continuous variables in the multivariate heterogeneous data are filled by the nearest neighbor algorithm, and the missing values of discrete variables in the multivariate heterogeneous data are filled by the mode, thus obtaining a preliminary processed dataset; The preliminary dataset is deduplicated to obtain the target data; Abnormal data in the target data is filtered based on preset outlier judgment rules, and all fields in the target data are normalized in format. The normalized target data is then validated for field integrity and numerical rationality, and any data items that fail the validation are added to obtain a standard dataset.
3. The method according to claim 1, characterized in that, Feature analysis is performed on the standard dataset to generate a high-dimensional feature library, including: The correlation between the features in the standard dataset and the order security status is calculated based on a preset correlation analysis algorithm. The correlation score is compared with a preset correlation threshold, and features whose correlation score is greater than or equal to the preset correlation threshold are selected as valid features. The category features among the effective features are encoded to obtain the first feature; The continuous features in the effective features are transformed to obtain the second feature; The associated features among the effective features are combined and derived to obtain the third feature; The first feature, the second feature, and the third feature are integrated to obtain an initial feature set; Redundant features in the initial feature set are removed based on preset redundancy determination rules, and the validity of the initial feature set is verified to obtain a high-dimensional feature library.
4. The method according to claim 3, characterized in that, The correlation between features in the standard dataset and order security status is calculated using a preset correlation analysis algorithm, including: The correlation between the feature and the order security status is quantitatively calculated using the preset correlation analysis algorithm to obtain an initial correlation value. The initial correlation coefficient value is normalized to obtain the processed correlation coefficient value.
5. The method according to claim 1, characterized in that, A security identification model is generated by training the high-dimensional feature library using a preset gradient boosting tree model, including: The hyperparameters of the preset gradient boosting tree model are adjusted by a preset parameter optimization algorithm to determine the target hyperparameter combination and obtain the parameter-optimized model. The data in the high-dimensional feature library is divided into a training set and a validation set according to a preset ratio, and the training set is used to iteratively train the model with optimized parameters. Record the model performance metrics for each training session, and use the validation set to verify the performance of the trained model to obtain the validation results; Based on the verification results, the model training parameters are adjusted until the model performance indicators meet the preset indicator thresholds, thus obtaining a secure identification model.
6. The method according to claim 1, characterized in that, Based on a preset network model, nonlinear correlation analysis is performed on the features in the high-dimensional feature library to obtain feature correlation data, including: The features in the high-dimensional feature library are classified and grouped according to a preset grouping rule, and invalid features in each group are removed based on a preset invalid feature determination rule to obtain multiple feature groups to be analyzed. The nonlinear correlation degree within and between the feature groups to be analyzed is calculated by inputting the feature group to be analyzed into a preset network model, and an initial correlation degree matrix is generated. By using a pre-defined normalization algorithm to extract effective association information and filter out invalid association data from the initial association degree matrix, feature association degree data is obtained.
7. An order security monitoring device for electronic procurement, characterized in that, include: The acquisition module is used to acquire diverse heterogeneous data, including internal enterprise order data and external business information data; The processing module is used to fill in the missing values of continuous and discrete variables in the multivariate heterogeneous data to obtain a standard dataset; The feature module is used to perform feature analysis on the standard dataset and generate a high-dimensional feature library; The calculation module is used to perform sample cumulative distribution difference analysis and feature interval division based on the associated features in the high-dimensional feature library to obtain the safety threshold; The training module is used to train the high-dimensional feature library using a preset gradient boosting tree model to generate a security identification model. The acquisition module is also used to acquire the order to be detected and input the order data of the order to be detected into the security identification model to obtain a security probability value; The analysis module is used to compare the security probability value with the security threshold to obtain the order security level; The analysis module is also used to perform nonlinear correlation analysis on the features in the high-dimensional feature library based on a preset network model to obtain feature correlation data. The generation module is used to generate a security identification result based on the order security level and the feature correlation data.
8. An electronic device, characterized in that, include: Memory, processor; The memory stores computer-executed instructions; The processor executes computer execution instructions stored in the memory, causing the processor to perform the method as described in any one of claims 1-6.
9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which, when executed by a processor, are used to implement the method as described in any one of claims 1-6.
10. A computer program product, characterized in that, Includes a computer program that, when executed by a processor, implements the method as described in any one of claims 1-6.