当前位置:网站首页>开源 | HMGNN:异构小图神经网络及其在拉新裂变风控场景的应用

开源 | HMGNN:异构小图神经网络及其在拉新裂变风控场景的应用

2020-11-09 10:50:00 InfoQ

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爱奇艺风控团队负责公司全业务风险防控,面向业务提供通用与定制相结合的一站式解决方案,为业务赋能,加强业务核心竞争力。风控中台提供涵盖账户安全、会员安全、内容生态保护、拉新裂变反作弊、营销活动、金融支付等各个互联网风险场景的专属解决方案,已接入30+业务线,300+业务风险点。本论文由爱奇艺与南京大学共同完成,是双方产学研合作的一部分,旨在探索图神经网络在拉新裂变反作弊场景的应用。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"背景"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在流量为王的时代,拉新裂变是各大互联网公司争夺新用户的重要手段。活动可观的用户奖励(现金、会员卡等),也使其成为黑灰产的重点攻击目标之一。为了保障活动效果及用户质量,高准召的风控也显得日益重要。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"黑灰产通常采用模拟器、多开分身、改机、设备农场、代理IP、接码平台、众包平台等工具批量伪造新用户参与活动,将活动奖励据为己有。造成公司资金损失、业务关键指标下降、正常用户体验受损等多方面影响。针对此类攻击,业界已有一些较为成熟的防御模型:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"频繁集检测(FP-Growth):批量攻击往往会在设备、网络、时间、地点等维度或维度组合上出现大量聚集,此时频繁集检测是简单有效的检测与预警算法。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"聚类\/无监督:K-means、iForest等,一般提取行为特征后进行聚类或异常点检测,以找到行为相似异常聚集或异于正常行为的用户。具有较高的鲁棒性,但是准确率不易掌控。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有监督模型:LR、XGBoost等,提取手工特征,根据已知正负样本训练模型。准确率一般较高,但是泛化能力很差。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"社区检测:Louvain、Fraudar、高密子图等,引入了关系信息,可提升对频繁换物料的攻击的识别能力,可以理解为频繁集检测的升级版,同时可以用于标签传播,提升召回。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"图神经网络:GCN,GraphSage等,能够使特征信息在节点间传播,并发挥出神经网络对于特征的抽象能力,同时也支持只有部分标签进行半监督学习。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文基于拉新裂变场景中普遍存在的关联数据(邀请关联、设备关联、网络关联等)以及业务场景特点,创新地提出了异构小图神经网络模型(HMGNN),进一步提升了对攻击的识别能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"简介"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"业务场景"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"用户参加拉新活动,符合以下条件均可获得积分、奖品或现金:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"老用户邀请新用户达到一定数量"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"用户参加各种激励活动(签到、下载、答题等)"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一些典型的攻击方式包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"伪造新设备:活动需通过设备id来判断新用户,通过模拟器、多开分身、改机、设备农场等,都可以伪装成新的设备,从而绕过一些简单的设备判新规则。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"伪造新用户:活动需要通过手机号来验证新用户,通过虚拟小号、海外黑卡、私域黑卡等物料,辅助猫池、接码平台等工具,攻击者可以全自动化完成的手机号验证。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"IP:IP是经典的黑产与风控攻防维度,通过代理IP、秒拨IP等,可以绕过一些简单的IP策略。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"建模与挑战"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}

版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://www.infoq.cn/article/UVkmZNHqYbUKgWdF9wXv?utm_source=rss&utm_medium=article