CN-122022832-A - Risk assessment method, risk assessment device, computer equipment and storage medium

Abstract

The application discloses a risk assessment method, a risk assessment device, computer equipment and a storage medium, wherein the risk assessment method comprises the steps of responding to any business event in a trigger diagnosis accompanying service flow, collecting corresponding behavior data, preprocessing and structuring the behavior data to obtain structured behavior data; the method comprises the steps of determining a target object according to identification information in structured behavior data, collecting the structured behavior data associated with the target object into flow data according to time sequence, identifying a behavior mode based on the flow data, extracting associated features, generating risk features associated with the target object, determining a risk state of the target object according to the risk features and a preset rule base, determining a target treatment strategy according to the risk state, generating corresponding treatment instructions, and executing corresponding treatment operation on the target object according to the treatment instructions, so that the risk identification and treatment capability of the accompanying business form can be improved.

Inventors

• LIU YANG

Assignees

• 杏林居(北京)科技有限公司

Dates

Publication Date

20260512

Application Date

20251224

Claims (10)

1. 1. A risk assessment method, comprising: responding to any business event in a triggering business process, collecting corresponding behavior data, and preprocessing and structuring the behavior data to obtain structured behavior data; determining a target object according to the identification information in the structured behavior data, and classifying the structured behavior data associated with the target object into flow data according to time sequence; identifying a behavior mode based on the flow data, extracting associated features, and generating risk features associated with the target object; Determining the risk state of the target object according to the risk characteristics and a preset rule base; And determining a target treatment strategy according to the risk state, generating corresponding treatment instructions, and executing corresponding processing operations on the target object according to the treatment instructions.
2. 2. The risk assessment method according to claim 1, wherein the responding to any business event in the triggering business process, collecting corresponding behavior data, and preprocessing and structuring the behavior data to obtain structured behavior data, includes: Acquiring original behavior data in response to triggering the business event; Carrying out validity check, format specification and time sequencing on the original behavior data to obtain a corresponding behavior sequence; Based on the behavior sequence, counting the number of the behavior records in a preset time window to obtain a behavior frequency parameter, calculating the time difference between adjacent behavior records to obtain a time interval parameter, and counting the starting time and the ending time of the behavior sequence to obtain a behavior duration parameter; And combining the behavior frequency parameter, the time interval parameter, the behavior duration parameter, the corresponding event type and the identification information to form the structured behavior data.
3. 3. The method of claim 1, wherein determining a target object based on identification information in the structured behavior data and chronologically grouping structured behavior data associated with the target object into flow data, wherein the identification information includes at least one of an order identification, a first user identification, and a second user identification, and comprises: When the identification information comprises a first user identification and an order associated with the first user identification is not associated with a second user identification, taking a user corresponding to the first user identification as a target object, and collecting structured behavior data associated with the first user identification and the order identification under the name thereof into the flow data according to an event occurrence time sequence; When the identification information comprises a second user identification and the order associated with the second user identification is not associated with a first user identification, taking a service party corresponding to the second user identification as a target object, and classifying structured behavior data associated with the second user identification into flow data according to an event occurrence time sequence; And when the identification information at least comprises an order identification and a second user identification, taking a diagnosis accompanying order corresponding to the order identification as a target object, and classifying and collecting the structured behavior data associated with the order identification, the first user identification and the second user identification into the flow data according to the time sequence association of event occurrence.
4. 4. The risk assessment method according to claim 2, wherein the identifying a behavior pattern and extracting associated features based on the flow data, generating risk features associated with a target object, comprises: Based on the occurrence time of the event, the event type and the logic relation among the events, analyzing the time dimension and the behavior dimension of the flow data, and identifying the sequence structure, the repetition mode, the deletion mode and the abnormal insertion mode of the behavior action in the flow data to obtain the behavior mode of the target object; Based on the behavior mode, carrying out statistical analysis on the flow data, extracting characteristic parameters related to behavior frequency, behavior density and adjacent event time intervals, and forming an associated characteristic set of the target object; And performing association mapping on the association feature set and the target accompany order, and generating risk features associated with the target object based on the degree of behavioral abnormality, the integrality of the behavioral link and the consistency between the user behavior and the order flow.
5. 5. The risk assessment method according to claim 4, wherein determining the risk status level of the target object according to the risk characteristics and a preset rule base comprises: Based on the risk characteristics, matching rules in the preset rule base, and determining whether a triggered risk rule exists or not; generating corresponding risk events based on specific content of the risk rules and related data of the target object in response to the existence of the triggered risk rules; Performing context association analysis on the risk event, and calculating a comprehensive risk score by combining historical behavior records, account credit information, association relation information and other recently triggered risk events of the target object; and comparing the comprehensive risk score with a preset risk level threshold value, and judging a risk state corresponding to the target object.
6. 6. A risk assessment method according to claim 3, wherein said determining a target treatment strategy and generating corresponding treatment instructions according to said risk status level, and performing corresponding processing operations on said target object according to said treatment instructions, comprises: the processing operation triggered by the treatment instruction comprises at least one of freezing a accompany order, executing a right limiting or blocking operation on the user account, issuing an enhanced verification request to the user account and pushing a risk prompt message; The processing operation triggered by the disposal instruction comprises at least one of freezing a accompany order, executing order receiving authority limit on the business service account, suspending service qualification, issuing a security check instruction to the business service account and pushing a risk alarm message; And when the target object is a diagnosis order, the processing operation triggered by the disposal instruction comprises at least one of terminating the diagnosis order, marking the diagnosis order as a suspected abnormal order, triggering an order checking flow, and respectively pushing order risk notices to a first user and a second user associated with the order.
7. 7. The risk assessment method according to claim 6, further comprising, prior to generating the treatment instruction: calibrating the current risk state based on the historical risk state of the target object in a preset time window; when the historical risk state is continuously in a medium risk or high risk interval, the treatment strategy level corresponding to the current risk state is improved; and when the historical risk state is stably in the low risk interval, reducing the treatment strategy level corresponding to the current risk state.
8. 8. A risk assessment apparatus, the apparatus comprising: The data processing module is used for responding to any business event in the triggering business process, collecting corresponding behavior data, and preprocessing and structuring the behavior data to obtain structured behavior data; The object determining module is used for determining a target object according to the identification information in the structured behavior data and classifying the structured behavior data associated with the target object into flow data according to time sequence; the risk feature determining module is used for identifying a behavior mode based on the flow data and extracting associated features to generate risk features associated with the target object; the risk state determining module is used for determining the risk state of the target object according to the risk characteristics and a preset rule base; And the execution module is used for determining a target treatment strategy according to the risk state, generating a corresponding treatment instruction and executing corresponding processing operation on the target object according to the treatment instruction.
9. 9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 7 when the computer program is executed by the processor.
10. 10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.

Description

Risk assessment method, risk assessment device, computer equipment and storage medium Technical Field The present application relates to the field of information processing technologies, and in particular, to a risk assessment method, a risk assessment device, a computer device, and a storage medium. Background Under the promotion of the Internet plus medical mode, the SaaS-based diagnosis accompanying system gradually becomes a main channel for a user to acquire diagnosis accompanying services. The users place orders and match with the consultants and complete the service through the platform, and the grades, flow distribution and income of the consultants often depend on the order quantity, evaluation and service data of the platform. In order to promote ranking or obtain subsidies, some chaperones begin to make false service records in a "form of brush", for example, under acquaintance's substitution, false chaperones, exchange of sheets, etc., making it difficult for the platform to accurately evaluate the chaperone's ability, and also destroying the overall service ecology. In order to maintain platform fairness, a reverse billing technique capable of identifying diversified abnormal modes in a consultation service scenario is required. Existing anti-swipe schemes typically rely on basic wind control means, such as rule detection based on IP, device fingerprint, account registration information, etc., or limiting the identified cheating account through a blacklist mechanism. However, the method has obvious defects in the accompanying service scene that the detection dimension is limited, the hidden behavior of the true order but not the true service is difficult to identify, meanwhile, the service flow of the accompanying service is not combined, the effective monitoring is not available at key nodes such as service start, service end and service evaluation, in addition, most detection modes cannot be intercepted in real time, abnormal orders are often identified after the abnormal orders are completed, and even the normal behavior is easy to misjudge in the service peak period. The prior art has obvious defects in the aspects of accuracy, instantaneity and service understanding capability. Disclosure of Invention The application provides a risk assessment method, a risk assessment device, computer equipment and a storage medium capable of improving the accompany business bill risk identification and treatment capability. In one aspect, the present application provides a risk assessment method, including: Responding to any business event in the triggering business process, collecting corresponding behavior data, and preprocessing and structuring the behavior data to obtain structured behavior data; Determining a target object according to the identification information in the structured behavior data, and classifying the structured behavior data associated with the target object into flow data according to time sequence; Identifying a behavior mode based on the flow data, extracting associated features, and generating risk features associated with the target object; Determining the risk state of the target object according to the risk characteristics and a preset rule base; And determining a target treatment strategy according to the risk state, generating corresponding treatment instructions, and executing corresponding processing operations on the target object according to the treatment instructions. In another aspect, the present application provides a risk assessment apparatus, the apparatus comprising: The data processing module is used for responding to any business event in the triggering business process, collecting corresponding behavior data, and preprocessing and structuring the behavior data to obtain structured behavior data; The object determining module is used for determining a target object according to the identification information in the structured behavior data and classifying the structured behavior data associated with the target object into flow data according to time sequence; The risk feature determining module is used for identifying a behavior mode based on the flow data, extracting associated features and generating risk features associated with the target object; the risk state determining module is used for determining the risk state of the target object according to the risk characteristics and a preset rule base; And the execution module is used for determining a target treatment strategy according to the risk state, generating a corresponding treatment instruction and executing corresponding processing operation on the target object according to the treatment instruction. In yet another aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the risk assessment method of the first aspect. In yet another aspect, the present application provides a computer device