A few days ago, the "CCF-GAIR Global Artificial Intelligence and Robot Summit" co-organized by Leifeng Net Whale Rhino Channel and Tencent's "Thousand Sails Project" was held in Shenzhen. At the closed-door meeting on "How to Use SaaS to Empower Enterprise Transformation and Upgrade", Liang Kun, co-founder & CTO of Sumei Technology, published a titled " Challenges and Practices of Online Business Security-Building a Full-stack Intelligent Risk Control System " Wonderful speech.
Liang Kun emphasized at the meeting: " With the increasing degree of Internet-based business, shopping, travel, finance and other industries are shifting from transactional to user-operated, and as user dividends decline, customer acquisition costs are increasing. Higher up, business, marketing, content and other aspects are facing increasingly severe security challenges. "
It also pointed out that the existing risk control solutions have weak defense capabilities, difficult to unify standards, poor defense timeliness, and slow defense evolution. It further elaborates the deployment control system, strategy system, profile system, and operation system, a total of four full-stack risk control systems, as well as real-time risk control architectures such as risk control data flow, risk control platform architecture, risk control model architecture, and multi-cluster deployment architecture.
At the same time, Liang Kun from Sumei Technology introduced a full-stack real-time risk control solution based on cases such as marketing anti-fraud, non-personal payment, and content security.
The following content is compiled based on the on-site speech record:
With the advent of the digital age, a large number of enterprises have migrated their businesses to the Internet to provide customers with convenient services. At the same time, they are also facing risks in various aspects from illegal production promotion, billing, and wool to UGC and PGC content security. challenge.
For enterprises, their own digital transformation has become a trend. How to avoid all kinds of fraud threats and content compliance risks that may be encountered during the transformation, and to ensure the smoothness of the overall business logic of the enterprise, has become an issue that enterprises must consider.
Liang Kun: Shumei Technology was established in 2015 and has been committed to providing professional AI online business risk control and anti-fraud services to global customers. Up to now, we have served thousands of different companies, including the Internet, Internet + finance and other fields . Through this speech, I want to share our practical experience and achievements of Sumei Technology with you.
This speech is mainly divided into four parts: risk situation, full-stack risk control system, real-time risk control architecture, and practical cases .
Risk posture
With the development and popularization of the mobile Internet, all walks of life, including clothing, food, housing, transportation, education, finance, and medical care, are gradually putting their business on the Internet, and through more intuitive forms including graphics, text, audio and video. It appears that this year's epidemic has also greatly accelerated the process of online business.
Another trend is that with the gradual slowdown in the growth of mobile Internet users today, the cost of acquiring a single customer is rapidly rising, and more and more companies have gradually shifted their business philosophy from transaction to single-type to user-operated.
What is the traditional transaction into single type? Enter a store, order a cup of coffee, I pay him to give me the goods, the interaction between the user and the store is over. This is not the case with the current user-operated type. Stores will operate their users in their own hands through App and other channels, and provide users with more services to increase user activity and ultimately increase their transaction volume.
Under these two trends, online business itself, marketing, and content will face increasingly severe challenges.
A few typical examples will be given later. The first typical example is payment fraud. Before 2015, payment risk control had been done relatively well in China, when the proportion of domestic payment fraud was very low. However, with the shift of various businesses to the Internet, today we can see that the scale of third-party payment transactions is growing rapidly, and at the same time, the amount of loss from payment fraud is also increasing.
The second typical scenario is marketing related. Crazy arbitrage by the black production and wool party. There are many types of marketing activities we have seen, such as rewards for doing tasks, rewards for sharing, user fission, and ordering. But there are only two essential logics: one is to spend money to buy users, the main goal is to attract new users, for example, registration is rewarded, new users are rewarded for the first order, user fission, etc., by giving profits and spending money to buy some new users; With this logic, each user has a price, and the black product can create some fake users in batches and make profits in this way.
The second essential logic is to spend money to buy activity, such as sign-in rewards, points, viewing rewards, etc. As long as the essential logic is to spend money to buy activity, there will be a price for each activity of the user, and black production will use machine methods to make some fakes. Active selling to you.
As long as we do such marketing activities online, regardless of the form of the marketing activities, these two essences are always inevitable, and there is an opportunity for arbitrage of black products.
When it comes to content security, almost every App currently has UGC content. Users can post their own comments, upload avatars, and voice and video chat. How to ensure that these contents are not illegal or illegal? How to ensure that it will not cause user discomfort?
When facing these risks, traditional methods will face four different challenges: First, weak defense capabilities, traditional blacklists, simple rules, etc., will find it easy to be bypassed; second, standards are difficult to unify and rely only on manual labor Judgment is very time-consuming and labor-intensive; the third is the poor timeliness of defense; the fourth is the slow evolution of defense.
Full stack risk control system
At the beginning of 2016, we used some single-point methods. Is it possible to stop black production by building an SDK? Is it possible to recognize robots and real people during the registration process? Is it possible to build a verification code model? In the painful process of confronting the black industry, we proposed a concept we call a full-stack risk control system.
It is mainly divided into four parts. In our opinion, if we want to solve the risk control better, these four parts are indispensable.
1. Deployment control system . The deployment control system is never a single point deployment control, but a multi-point deployment control. For example, startup, registration, login, and business behaviors. Why can't a single point of defense work? Because it has several challenges. Defensive at one point, no matter how strong this point is, just like Maginot's line of defense, once this point is breached, it will be flat.
The first principle of our risk control is to control the overall risk under the worst conditions. Often this breakthrough is not a technical problem, but some problems in the business of the partner. In essence, when multiple points are deployed and controlled, any one of the points can always control the overall situation, and it can also identify more such problems.
2. Strategy system . How to detect the risk, from which aspects should the risk be detected? We believe that the inspection should be conducted from four aspects: to detect whether the equipment is at risk, and whether the equipment has been subjected to a lot of bad tampering? Is there an impact at the behavioral level?
An account is frequently accessed three or more times per second. Then, is there any violation or risk detection for audio, video, image, and text content? Finally, the detection of fraudulent gangs. Like virtual machines, one technology is used for multiple applications, and equipment is tampered with. As mentioned earlier, people use some gray and black production methods to operate on WeChat. This is very dangerous. This can be identified by technical means.
How to detect behavior? The human is operating on the device to detect. During the operation, the acceleration of the mobile phone's gyroscope does not change, which is probably done by the machine. If your registration, login, task, and withdrawal are timeline operations, it is probably done by the machine. These are two relatively simple situations. Black production is very smart. He will use some random methods. At this time, he needs to use complex models to solve similar problems.
How to identify risk content? How does the UGC content know whether it contains illegal content, such as pornography, gambling, and drugs? How to ensure that your platform does not have uncomfortable content? Traditional methods rely on people to review, and now they can be assisted by machines to understand the semantics of speech, vision, and text based on deep learning. Hundreds of tags are recognized at the same time.
How to detect fraudulent gangs? In particular, the wool party and channels are never completed by one person. They are all gangs committing crimes. How to quickly identify gangs is the key to risk control. Therefore, using unsupervised algorithms such as associated networks and risk spreading to discover gangs can identify potential And new types of fraud threats.
3. Portrait system . We know that portraits are mostly used in the marketing field, and portraits are very important in risk control. There are many types of portraits, more of them are portraits of fraudulent gangs. This system also explains why multiple points of control are used, and the portrait system can really do it. Open up the data of multiple scenes with each other to jointly identify black products.
For example, there is a wool party that was not discovered when he registered. As his behaviors increase, there are logins, business activities, and final withdrawals, but he is recognized when he receives coupons, and when he receives coupons and withdraws cash. You can see all his previous behaviors through the portrait system, and judge whether he is the wool party through all the behaviors. This is the front of the portrait system, and it is recognized that this account is the wool party.
4. Operation system . What is the core difference between risk control and other SaaS software? When soft SaaS is delivered, most of the functions of the software have been completed, and the rest is more maintenance and adding some new requirements and purposes. The deployment of the entire risk control work has just been completed, such as from the information, analysis, rule discovery, feature extraction, model training to online, this is a continuous iteration, only this iteration, the continuous iteration of the operating system, The model can evolve rapidly, and then identify and effectively fight against black production.
Real-time risk control architecture
I talked about the strategic model of business risk control. Now I will talk about the architecture of real-time risk control.
The first point here is that the business system must be decoupled from the risk control system . If the risk control logic is tied to the business logic, it will be painful to maintain it later. Every business upgrade may cause problems with the risk control logic. Conversely, every update of the risk control logic needs to be online in the business system. It will slow down the confrontation with risks.
We suggest that the business system and the risk control platform are independent of each other, and the two interact through standard APIs.
The second point is the risk control decision-making system, which is divided into several layers . The bottom layer is the risk profile mentioned earlier. Above this is the basic engine layer including equipment risk engine, deep learning engine, and community discovery engine. Each basic engine judges the risk of the current request from a specific aspect.
On top of the basic engine is an intelligent decision engine. After the decision engine gets all the risk information provided by the basic engine, it executes scenario-specific risk control strategies for different scenarios. Supported by the architecture of this risk control platform, risk control of multiple different scenarios can be realized on the same platform, and there are specific models and strategies suitable for each scenario in different scenarios.
The third point is that the risk control system must respond very quickly so that it can intercept and handle risks in real time . To achieve fast response, two points must be achieved: one is that the performance of the engine must be high enough; the other is that the risk control system must be deployed "near" to the business system to avoid network overhead. We have deployed 7 different clusters around the world to facilitate customers' nearby access.
Finally, there are some practical cases. The first one is the service we provided to financial institutions before, the situation of non-personal transactions. The second is the live broadcast platform, content risk and wool party arbitrage. The third is the e-commerce social platform, which has a lot of content risks. That's it for my report, thank you all!
Liang Kun, co-founder & CTO of Shumei Technology:
Master of Computer Science from Peking University, well-known domestic machine learning and data mining expert. He used to be Baidu, Xiaomi, senior engineer, architect, and has many years of experience in machine learning and artificial intelligence.