CN-121563243-B - Cross-border E-commerce risk monitoring system and method based on data analysis

Abstract

The invention relates to the technical field of cross-border e-commerce risk monitoring and discloses a cross-border e-commerce risk monitoring system and method based on data analysis. The method includes constructing an initial interaction chain for cross-domain parsing of an original trade record. And identifying deviation of the behavior and the synthetic template through characteristic disturbance analysis, generating disturbance signals and injecting the disturbance signals into a deep audit process, so as to guide the backtracking of events of specific interactive chain fragments, and further locate source operation events which cause risk generation. And (5) extracting event attributes, mapping the event attributes to a multidimensional risk assessment space, carrying out cluster analysis, and reconstructing a risk evolution path. And extracting key time sequence inflection points on the paths, carrying out matching verification with the compliance time sequence grids, and triggering the dynamic monitoring instruction and generating a customized monitoring parameter set if verification fails. And finally integrating all information output risk structure diagrams. The method realizes accurate positioning of the risk source and time sequence monitoring of the evolution process.

Inventors

• HUANG BIN

Assignees

• 莆田学院

Dates

Publication Date

20260508

Application Date

20260121

Claims (9)

1. 1. A cross-border e-commerce risk monitoring method based on data analysis, the method comprising: Performing cross-domain analysis on the obtained original trade record, and constructing an initial interaction chain reflecting interaction behaviors among transaction entities; performing characteristic disturbance analysis on nodes in the initial interaction chain to identify the deviation degree between the interaction behavior mode and a preset combined standard; Generating a characteristic disturbance signal according to the deviation degree, and injecting the characteristic disturbance signal into a preset depth audit process; And in the deep audit process, carrying out event backtracking on a specific interactive chain segment based on the injected characteristic disturbance signal, and positioning a source operation event generating the deviation degree, wherein the event comprises the following steps: performing event backtracking on the specific interactive chain segment based on the injected characteristic disturbance signal; Taking a node corresponding to the associated node identifier in the characteristic disturbance signal packet as a current backtracking center; the characteristic disturbance signal packet comprises signal intensity level, associated node identification and abnormal characteristic dimension details; Intercepting an interactive chain fragment which takes the current backtracking center as an end point and traces back a specific time window forwards from all the interactive chain data loaded by the deep audit process as a fragment to be analyzed; in the fragment to be analyzed, reversely tracking source nodes of each fund or goods flowing into the current backtracking center to form an upstream path set, and analyzing own graph feature vectors of each source node in the upstream path set and interaction modes of each source node and the current backtracking center; Identifying a source node and a corresponding interaction event, wherein the source node and the corresponding interaction event have remarkable transition in the abnormal feature dimension or the interaction mode of the source node occur for the first time; determining the interaction event as a source operation event which causes the accumulation of the subsequent deviation degree; extracting all trade attributes corresponding to the source operation event, and mapping all trade attributes to a multidimensional risk assessment space; clustering and deviation calculating are carried out on all the mapped trade attributes according to a pre-constructed risk portrait library in the multidimensional risk assessment space; reconstructing a risk evolution path associated with the source operation event according to the clustering and deviation calculation result; Extracting a key time sequence inflection point on the risk evolution path, and carrying out matching verification on the key time sequence inflection point and a compliance time sequence grid; Triggering a dynamic monitoring instruction generation flow when the matching verification fails, and generating a customized monitoring parameter set according to the attribute of the risk evolution path; integrating the customized monitoring parameter set, the key time sequence inflection point and the risk evolution path, and outputting a final risk structure diagram.
2. 2. The method for cross-border e-commerce risk monitoring based on data analysis of claim 1, wherein the step of performing cross-domain analysis on the obtained original trade record to construct an initial interaction chain reflecting interaction behavior between transaction entities comprises: synchronously extracting original trade record fragments containing a stream, a fund stream and an information stream from a plurality of heterogeneous data sources; performing entity disambiguation and normalization processing on each original trade record segment, and unifying the index identifiers of the same trade entity in different segments; Splicing the original trade record fragments into continuous trade behavior streams according to the sequence of the time stamps based on the unified reference marks; analyzing the interaction type and interaction direction represented by each record in the trade behavior flow; According to the analyzed interaction action type and interaction direction, converting records in the trade behavior flow into directed edges with weights; and constructing an initial interactive chain representing the complete trade business relationship in a period of time by taking the transaction entity as a node and the weighted directed edge as a connection.
3. 3. The method for cross-border e-commerce risk monitoring based on data analysis according to claim 2, wherein the step of performing feature perturbation analysis on the nodes in the initial interaction chain to identify the degree of deviation between the interaction behavior pattern and a preset total specification comprises: Stripping out node subgraphs representing the behaviors of single transaction entities from the initial interaction chain; calculating graph feature vectors of the node subgraphs in topological structure, connection strength and interaction frequency dimension; calling a preset compliance standard library, wherein the preset compliance standard library stores the standard diagram feature vector range of various compliance transaction entities; Comparing the calculated map feature vector with the corresponding standard map feature vector range dimension by dimension; for the dimension exceeding the standard graph feature vector range, recording the exceeding value and marking the dimension as an abnormal feature dimension; and counting the number and the severity of all abnormal feature dimensions, and comprehensively calculating to obtain the overall deviation degree of the node behaviors and the compliance standard.
4. 4. The method for cross-border e-commerce risk monitoring based on data analysis according to claim 3, wherein the step of generating the characteristic disturbance signal according to the deviation degree and injecting the characteristic disturbance signal into a preset deep audit process comprises the following steps: Setting a plurality of grade thresholds for the deviation degree, wherein each grade threshold corresponds to one signal strength grade; Determining a corresponding signal intensity level according to the calculated level threshold value to which the overall deviation degree belongs, and generating a characteristic disturbance signal packet containing the signal intensity level, an associated node identifier and abnormal characteristic dimension details; Asynchronously pushing the characteristic disturbance signal packet to a message queue of a deep audit process; the deep audit flow continuously monitors the message queue, and when the characteristic disturbance signal packet is captured, audit computing resources are dynamically allocated according to the signal intensity level in the characteristic disturbance signal packet; and loading all interactive chain data of the associated node in a preset history period from a history database according to the associated node identification by the deep audit flow so as to be ready for event backtracking.
5. 5. The method for cross-border e-commerce risk monitoring based on data analysis of claim 4, wherein the step of extracting all trade attributes corresponding to the source operational event and mapping the all trade attributes to a multidimensional risk assessment space comprises: Extracting transaction amount, commodity class, trade opponent region, logistics channel, payment tool type and customs information attribute from the original trade record segment for recording the source operation event; Performing numerical coding or vectorization coding on each extracted attribute to form an original attribute vector of the source operation event; invoking a pre-trained multidimensional risk assessment spatial mapping model, wherein the mapping model defines a transformation relation from an original attribute vector to a risk assessment spatial coordinate; And inputting the original attribute vector into the mapping model, and outputting a multidimensional coordinate point of the source operation event in a risk assessment space.
6. 6. The method for cross-border e-commerce risk monitoring based on data analysis according to claim 5, wherein the step of clustering and deviation calculating the mapped all trade attributes according to a pre-constructed risk portrait library in the multidimensional risk assessment space comprises the following steps: The risk portrait library stores centroid coordinates of known risk types and influence radiuses thereof in a risk assessment space; Calculating Euclidean distance between a multidimensional coordinate point of the source operation event and each known risk type centroid coordinate in a risk image library; If the Euclidean distance is smaller than the influence radius of the corresponding risk type, judging that the source operation event belongs to the risk type, and classifying the source operation event into a corresponding cluster; for event coordinate points belonging to a plurality of risk types affecting radius overlapping areas, calculating a distance weighted sum of the event coordinate points to each related centroid so as to determine main risk attribution; For an event coordinate point which does not fall into any known risk type influence radius, calculating the distance from the event coordinate point to the nearest centroid as a basic deviation degree; and correcting the basic deviation degree by combining the density distribution of the risk clusters to which the basic deviation degree belongs to obtain the final polymerization deviation degree.
7. 7. The method of claim 6, wherein reconstructing a risk evolution path associated with the source operational event based on the clustering and bias computation results comprises: taking a coordinate point of the source operation event in a risk assessment space as a path starting point; searching for a subsequent event which is later than the source operation event in time sequence and has direct or indirect interaction with the associated node from the interaction chain data of the deep audit process; Extracting all corresponding trade attributes from each subsequent event, mapping all trade attributes to a multidimensional risk assessment space, and clustering and deviation calculating all mapped trade attributes according to a pre-constructed risk portraits library in the multidimensional risk assessment space to obtain an aggregate deviation; sequentially connecting the path starting point with all subsequent event coordinate points with aggregation deviation degree according to a time sequence; and carrying out smoothing treatment on the fold lines formed by connection, and marking event time, risk type attribution and aggregate deviation degree value of each node to form a complete risk evolution path.
8. 8. The method for cross-border e-commerce risk monitoring based on data analysis according to claim 7, wherein the step of extracting key timing inflection points on the risk evolution path and matching and checking the key timing inflection points with a compliance timing grid comprises the steps of: Analyzing curvature change of the risk evolution path, identifying coordinate points with abrupt change of path direction or abrupt increase of aggregate deviation degree as key time sequence inflection points, and acquiring actual occurrence time of events corresponding to each key time sequence inflection point; the compliance timing grid defines the sequence and frequency of operations that different service types are allowed to occur within a specific time period; Matching the actual occurrence time of the key time sequence inflection point and the sequence of the front event and the rear event thereof with templates of corresponding time periods in a compliance time sequence grid; Checking whether the actual occurrence time is in a time window allowed by the template and whether the event sequence accords with the sequence relation specified by the template; And if the actual occurrence time deviates from a time window or the event sequence violates the order relation, judging that the key time sequence inflection point matching verification fails.
9. 9. A cross-border e-commerce risk monitoring system based on data analysis, comprising a memory, a processor and a computer program stored in the memory and running on the processor, characterized in that the processor, when executing the computer program, implements the steps of the cross-border e-commerce risk monitoring method based on data analysis as claimed in any one of the preceding claims 1 to 8.

Description

Cross-border E-commerce risk monitoring system and method based on data analysis Technical Field The invention relates to the technical field of cross-border e-commerce risk monitoring, in particular to a cross-border e-commerce risk monitoring system and method based on data analysis. Background In the cross-border e-commerce field, the on-line and complicating trade behavior makes the violation operation more hidden. Existing risk monitoring techniques rely primarily on rule matching and static model analysis of structured transaction data. The method marks the abnormal transaction records through preset risk index threshold values or blacklist comparison, and can find out obvious risk points deviating from the conventional statistical characteristics. However, such approaches typically only output a final anomaly score or label in the face of employing a stepped, cross-link avoidance maneuver. The monitoring system cannot penetrate through complex interaction relations among multiple layers of transaction entities, causes of abnormality are difficult to explain, and further cannot trace back to an initial operation link of a risk chain, so that risk treatment stays on the surface, and effective intervention is difficult to implement aiming at a risk source. Another drawback of the existing solutions is that the analysis of the behavioral sequential logic is inadequate. Conventional timing analysis focuses on detecting fluctuation anomalies of indexes such as transaction frequency, amount and the like, and lacks the capability of systematically comparing the arrangement sequence and interval of a series of operation events on a time axis with the mandatory time rules of a compliance business process. This makes those individual links appear to be compliant, but the behavior of achieving evasion purposes by reversing the critical order of operations, compressing the necessary time intervals, is not noticeable. The result output by the monitoring system is usually a discrete risk point, the dynamic evolution process from sprouting and development to appearance of the risk cannot be described, and prospective control and early warning are difficult to support. Disclosure of Invention The invention aims to provide a cross-border E-commerce risk monitoring system and method based on data analysis, so as to solve the problems in the background technology. In order to achieve the above object, the present invention provides a cross-border e-commerce risk monitoring method based on data analysis, the method comprising: Performing cross-domain analysis on the obtained original trade record, and constructing an initial interaction chain reflecting interaction behaviors among transaction entities; performing characteristic disturbance analysis on nodes in the initial interaction chain to identify the deviation degree between the interaction behavior mode and a preset combined standard; Generating a characteristic disturbance signal according to the deviation degree, and injecting the characteristic disturbance signal into a preset depth audit process; in the depth audit flow, carrying out event backtracking on a specific interactive chain segment based on the injected characteristic disturbance signal, and positioning a source operation event generating the deviation degree; extracting all trade attributes corresponding to the source operation event, and mapping all trade attributes to a multidimensional risk assessment space; clustering and deviation calculating are carried out on all the mapped trade attributes according to a pre-constructed risk portrait library in the multidimensional risk assessment space; reconstructing a risk evolution path associated with the source operation event according to the clustering and deviation calculation result; Extracting a key time sequence inflection point on the risk evolution path, and carrying out matching verification on the key time sequence inflection point and a compliance time sequence grid; Triggering a dynamic monitoring instruction generation flow when the matching verification fails, and generating a customized monitoring parameter set according to the attribute of the risk evolution path; integrating the customized monitoring parameter set, the key time sequence inflection point and the risk evolution path, and outputting a final risk structure diagram. Preferably, the step of performing cross-domain analysis on the obtained original trade record to construct an initial interaction chain reflecting interaction behaviors between transaction entities includes: synchronously extracting original trade record fragments containing a stream, a fund stream and an information stream from a plurality of heterogeneous data sources; performing entity disambiguation and normalization processing on each original trade record segment, and unifying the index identifiers of the same trade entity in different segments; Splicing the original trade record fragments into continuous