FAQ - build a business security platform architecture. Here are all the answers you want!

For the architecture design of business security platform , We specially selected and sorted out some live audience questions and answers , For your reference .

About the technical support of business security platform architecture

Q1： Excuse me, your real-time computing module is self-developed , It still uses the flow computing framework ？

Zhang Xiaoke ： All products and tools of the top image security platform are self-developed . There are two starting points for our self-study , One is to cover multiple business scenarios （ Marketing high concurrency scenario 、 Bank transactions and credit scenarios ）, These scenarios will have special computing methods and high real-time requirements ; Second, light weight 、 Maintainability considerations , In the process of serving users , We should ensure our operation and maintenance personnel 、 R & D personnel can get started quickly , Provide services for users .

Q2： Design of rule engine , What language is the top image developed in , How the performance ？

Zhang Xiaoke ： Yes, it is java Developed . a 8c16g Machine , Under the condition of ensuring the accuracy of the strategy ,qps（ Query rate per second ） Accessible 4000. When it comes to performance , When we design and implement , Try to avoid using heavy frameworks or third-party libraries , The lighter the weight 、 The simpler , Performance will be better .

Q3： I have also learned about the open source rule engine before , Can enterprises with R & D capabilities develop independently ？

Zhang Xiaoke ： It's completely self-study , The biggest advantage of self research is that it is closer to its own business scenario , Solving problems is more targeted . But there is also a problem with self-study , Early investment is small , But as the business grows 、 Continuous improvement of attack and defense evolution , The requirements for professional operation ability will be higher and higher , Business volume gradually increases , The requirements for stability and performance are also higher and higher , The cost of long-term investment is still large , And the prevention and control effect is not necessarily good .

Q4： How to ensure the real-time and safety of your products against black ash production ?

Zhang Xiaoke ： There is a security defense cloud behind all products and tools of Dingxiang , The defense cloud provides the latest business security intelligence , The latest cheating tool for black ash production / The way / Cheating process has analysis and targeted prevention and control strategy design , There is also a corresponding policy upgrade package for this attack , Our users can quickly apply the latest prevention and control strategies with one click .

Q5： Some internal customized black ash production tools , If there is no way to obtain samples , How do you perceive or detect ？

Zhang Xiaoke ： you 're right , There is indeed a certain lag in the confrontation between black ash production . Some tools cannot detect in real time , So we specially developed real-time perception defense products , It is an upgraded version of the device fingerprint , It can be App Achieve real-time detection and perception of abnormal behavior and operation risk on the end , The backstage can defend against abnormal behaviors and risks , Give disposal suggestions , such as ： Special mark this device and request 、 Pop up tips 、 Give Way App Abnormal exit, etc .

Q6： Is there an offline risk identification scenario in the top image ？ If there is , How to support the engine level ？

Zhang Xiaoke ：  yes , we have . Offline risk identification has two dimensions , One is offline batch running , You can use the offline task scheduling module , Send all offline data to the risk control platform ; The second is offline analysis and modeling , After the model goes online , Make online real-time prediction . The rule engine can be supported functionally , Model prediction is also an input variable in comprehensive decision-making .

Q7： Which models are easy to implement in business security ？ What are the current scenarios that are difficult to identify ？

Zhang Xiaoke ： In various scenarios of business anti fraud , Gang anti fraud is easier to implement , The reason is that for a single request , General risk control strategies can intercept , The feature dimensions that the model can use are similar to the strategies . The definition of modeling tags is a difficult problem , Unless manpower is invested to identify and mark the misjudgments and omissions in the results of the current strategy , The gang anti fraud belongs to unsupervised or semi supervised learning , The requirements for labels are not very high . In multiple business scenarios , Just from the perspective of strategy , The recognition effect in the group dimension is not enough , You need to associate multiple business data , The strategy needs to match the list of gangs and relevant indicators , In order to further improve the recognition effect from the group dimension .

Q8： In the process of facing risk confrontation , Risk diagnosis 、 Risk decision making 、 How to quickly close the loop of risk disposal ？

Zhang Xiaoke ：  This involves a one-stop architecture , You need a full link security tool set , It can quickly form a multi link coverage of business and a closed loop of prevention and control . Such as end reinforcement 、 Device fingerprint 、 Real time perception defense products can detect risks at the front end 、 Diagnosis and data protection on the link , Through the real-time decision-making system , Real time risk identification and risk level setting , Disposal of different risk levels , Verification code can be used 、 SMS 、 Face 、 Freeze payments 、 Prohibit comments and other disposal methods .

Q9： Suppose there are problems in the use of the business security platform , In order to ensure business continuity , Without affecting the business , When designing the business security platform architecture , What safety mechanisms or escape mechanisms need to be designed in advance ？

Zhang Xiaoke ： This is a better question , When we do architecture design , Degradation and fault tolerance mechanisms are essential . Like the various modules of the top image （ The fingerprint 、 Verification Code 、 Real time decision making ） Both have degradation and fault tolerance mechanisms , In this way, the cluster goes down , Or when a service times out and something goes wrong , Automatic degradation and fault tolerance , It will not affect the business process and experience of users .

About the future and application scenarios of business security platform architecture

Q10： Can you talk about the future 3、5 What is the possible trend of risk control technology in ？

Zhang Xiaoke ： One is in AI In depth application of capabilities 、 There will be more exploration and trial application in automated risk operation . Second, the security cloud will be behind 3~5 A technical architecture focus for a period of years or more , There will also be long-term experience in operation , For example, the acquisition of the latest business security information 、 Intelligent strategy precipitation 、 Risk data precipitation , Between industries 、 Form a safe operation experience sharing base among enterprises , Improve the overall safety prevention and control level of domestic enterprises .

Q11： In government and enterprise / The medical field , What are the usage scenarios for business security , Is it convenient to give an example ？

Zhang Xiaoke ： In fact, whether in government or enterprise 、 Medical treatment or other industries , There are some general scenarios that can apply business security technology , Such as registration （ Junk registration 、 Hacking ）、 Sign in （ Malicious login 、 Storehouse ）、 Data theft （ Important data ）. Like Internet medicine , There will be more scenes , There is a personal diagnosis report in the background 、 Purchase drug records 、 Disease management, etc , Are private personal data ; And online registration , In particular, the expert number is usually snatched by scalpers , They are all scenarios where business security can be applied .

Last , Let me give you a brief introduction to the top image 《 Business security lecture hall 》 Series live lessons , This series brings together the masters in the industry to form a luxury lecturer Group , Analyze all kinds of fraud , Explain the cutting-edge safety technology in detail , Help enterprises deal with new risks of business security .

In the next issue, Guan Sheng, the director of research and development of Dingxiang and an AI expert, will bring you the theme of 《 Business security practices — Practical deduction of credit scoring model 》 Technology live course , Coming soon ！