package rules
import com.sample.model.Transaction
import com.sample.model.TransactionType
declare Transaction
@role ( event )
end
rule "Transaction is suspect if more than 3 transactions occur in less than 5 seconds"
when
$transaction: Transaction()
Number(intValue > 3) from accumulate (
$t: Transaction(userID == $transaction.getUserID()) over window:time (5s),
count($t)
)
then
$transaction.setDenied(true);
$transaction.setDeniedCause("Transaction Denied! More than 3 transactions in less than 5 seconds");
//System.out.println("Transaction Denied! More than 3 transactions in less than 5 seconds");
end
rule "Transaction is suspect if the amount is more than twice the average of the last 4 Credit Card transactions"
when
$transaction: Transaction($transactionValue: value, $transactionUserID: userID)
$average: Number((intValue * 2) < $transactionValue) from accumulate (
Transaction($value: value) over window:length ( 4 ) from entry-point "Credit Card",
average($value)
)
then
$transaction.setDenied(true);
$transaction.setDeniedCause("Transaction Denied! This Credit Card transaction amount of RMB " + $transaction.getValue() + " is more than twice the average amount ( RMB " + $average + ") of the last 4 Credit Card Transactions");
//System.out.println("$transactionUserID=" + $transactionUserID + ", $average=" + $average + ", $transactionValue=" + $transactionValue);
end
rule "Withdrawal transaction is suspect if it occurs less than 10 seconds after a credit card transaction"
when
$creditCardTransaction: Transaction( ) from entry-point "Credit Card"
$withDrawTransaction: Transaction( this after [0s, 10s] $creditCardTransaction, userID == $creditCardTransaction.getUserID(), type == TransactionType.WITHDRAW )
then
$withDrawTransaction.setDenied(true);
$withDrawTransaction.setDeniedCause("Transaction Denied! A withdrawal transaction is not allowed less than 10 seconds after a Credit Card transaction");
//System.out.println("Transaction Denied! A withdrawal transaction is not allowed less than 10 seconds after a Credit Card transaction");
end
rule "Maximum amount should less than 1 000 000 in the 10 seconds time interval"
when
$transaction: Transaction()
$total : Number(longValue > 1000000) from accumulate (
$t: Transaction($value : value ) over window:time (10s),
sum($value)
)
then
$transaction.setDenied(true);
$transaction.setDeniedCause("Transaction Denied! Total amount ( RMB " + $total + ") larger than 1,000,000 in the 10 seconds");
end
rule "Maximum amount should less than 200 000 in the 10 seconds time interval for a specifc user"
when
$transaction: Transaction($transactionUserID: userID)
$total : Number(longValue > 200000) from accumulate (
$t: Transaction($value : value, userID == $transactionUserID) over window:time (10s),
sum($value)
)
then
$transaction.setDenied(true);
$transaction.setDeniedCause("Transaction Denied! Total amount ( RMB " + $total + ") larger than 200,000 in the 10 seconds for user[" + $transactionUserID + "]");
end欺骗交易侦测
业务简介
对系统交易进行监控,对欺骗交易能进行侦测和限制。
欺骗交易的类型如下表:
| 名称 | 描述 |
|---|---|
固定时间内交易次数限制 |
对一个用户,在固定时间内的交易次数有限制,例如,一个用户在 5 秒内不能有超过 3 笔的交易,如果超过则认为是欺诈交易。 |
大额交易限制 |
对一个用户的一次交易, 有最大额度的限制,但最大额度不是固定的数目,例如,如果当前交易的额度是过去 4 次交易平均额度的 2 倍,则认为当前交易为欺诈交易。 |
交易撤销限制 |
交易完成 10 秒钟内不能撤销 |
固定时间内交易次数限制 |
固定时间内交易总额是有限制的,例如 10 秒钟内交易的总额不能超过 1 000 000 万。 |
用户固定时间内交易次数限制 |
对某一个用户,固定时间内交易总额是有限制的,例如 10 秒钟内交易的总额不能超过 200 000 万。 |
规则
运行
本地运行
1. 编译 & 构建
$ mvn clean package2. 本地运行
$ java -jar target/cep-fraud-detection-0.1.0.jar部署到 OpenShift
1. 创建工程
$ oc new-project rules-service2. 部署到 OpenShift
$ mvn package fabric8:deploy -Popenshift测试
固定时间内交易次数限制
5 秒内连续访问如下链接 3 次
http://$HOST/transactions/transaction?userID=USE1001&balance=10&type=CREDIT-
The first 2 times' response like
{"value":10,"denied":false,"deniedCause":null,"type":"CREDIT"}. -
The 3rd time response is
{"value":10,"denied":true,"deniedCause":"Transaction Denied! More than 3 transactions in less than 5 seconds","type":"CREDIT"}.
大额交易限制
Request with below link 5 times(make sure no 3 continue request in 5 seconds):
http://$HOST/transactions/transaction?userID=USE1001&balance=$BALANCE&type=CREDITThe BALANCE can be any number, but the 5th times balance should larger than twice the average of the last 4 Credit.
-
The first 4 times' response should like
{"value":40,"denied":false,"deniedCause":null,"type":"CREDIT"}. -
The 5th times' response like
{"value":300,"denied":true,"deniedCause":"Transaction Denied! This Credit Card transaction amount of USD 300 is more than twice the average amount ( USD 122.5) of the last 4 Credit Card Transactions","type":"CREDIT"}.
交易撤销
Request with below 2 links in less than 10 seconds:
http://$HOST/transactions/transaction?userID=USE1001&balance=10&type=CREDIT
http://$HOST/transactions/transaction?userID=USE1001&balance=10&type=WITHDRAW-
The first request response
{"value":10,"denied":false,"deniedCause":null,"type":"CREDIT"}. -
The second request response
{"value":10,"denied":true,"deniedCause":"Transaction Denied! A withdrawal transaction is not allowed less than 10 seconds after a Credit Card transaction","type":"WITHDRAW"}.
最大交易额度
Execute the below 6 requests
http://$HOST/transactions/transaction?userID=USE1001&balance=200000&type=CREDIT
http://$HOST/transactions/transaction?userID=USE1002&balance=200000&type=CREDIT
http://$HOST/transactions/transaction?userID=USE1003&balance=200000&type=CREDIT
http://$HOST/transactions/transaction?userID=USE1004&balance=200000&type=CREDIT
http://$HOST/transactions/transaction?userID=USE1005&balance=200000&type=CREDIT
http://$HOST/transactions/transaction?userID=USE1006&balance=200000&type=CREDIT|
Note
|
the USE1006 credit requtest be denied. |
单个最大交易额度
Execute the below 2 requests
http://$HOST/transactions/transaction?userID=USE1001&balance=150000&type=CREDIT
http://$HOST/transactions/transaction?userID=USE1001&balance=150000&type=CREDIT|
Note
|
the USE1001 credit requtest be denied with {"userID":"USE1001","value":150000,"denied":true,"deniedCause":"Transaction Denied! Total amount ( RMB 300000) larger than 200,000 in the 10 seconds for user[USE1001]","type":"CREDIT"} notification.
|