Intelligent Risk Control Practices and Architecture at Shumei Technology

The presentation introduces the background of fraud in the internet ecosystem, highlighting the massive losses caused by black‑market activities and the difficulty B‑to‑C enterprises face in combating them.

It outlines the main challenges of existing risk‑control solutions: thin defensive capabilities relying on static blacklists, poor timeliness that allows attacks to succeed before detection, and slow evolution of defensive strategies.

A full‑stack risk‑control system is proposed, consisting of four subsystems: deployment (布控) system, strategy system, profiling system, and operation system. The deployment system monitors devices, registration, login, and business behavior, collecting over 100 features per request.

The strategy system detects fraudulent devices (using hardware, software, and network fingerprints), fraudulent behaviors (through clustering and statistical models), and fraudulent groups (via graph‑based risk propagation algorithms).

The profiling system builds real‑time and offline user/device profiles using Kafka, Spark Streaming, and Redis clusters, enabling rapid identification of high‑risk accounts and farmed devices.

The operation system maintains a closed‑loop workflow: a black‑market intelligence team researches new attack patterns, updates strategies, validates models, and deploys them to keep pace with adversaries.

Real‑time risk control architecture is described, showing how client SDKs report device and behavioral data to a low‑coupling engine that performs pre‑processing, blacklist checks, context handling, and model scoring (text, image, audio) before making a decision (allow, reject, or human review).

The platform’s core services include a workflow engine that assembles request‑specific pipelines, a Rete‑based rule engine that efficiently evaluates thousands of strategies, and a hybrid model stack (expert system, unsupervised clustering, supervised deep learning) that feeds into a final decision engine.

AI product components cover face recognition, OCR, voiceprint, speech content analysis, and risk‑propagation graphs, all integrated into the expert system for unified decision making.

Deployment spans nine global clusters with high availability, handling over 110 million risk events daily and achieving sub‑50 ms response times.

Two practical case studies are shared: (1) anti‑fraud for bank marketing, where 99 % of fraudulent accounts were blocked, saving roughly ¥25 million per month; (2) a major live‑streaming platform, where 99 % of fraudulent accounts and 99.6 % of ad‑driven abuse were eliminated.

The Q&A section explains the role of the probing engine for model validation and client‑specific strategy tuning, and discusses feature engineering methods combining principal component analysis and expert experience.