Flink CEP与风控规则表结合的银行反欺诈系统
1. 实现思路
规则加载:
使用Flink的JDBC Source定期从risk_rules表中加载规则。
将规则广播到所有Flink任务中。
动态模式构建:
根据规则表中的条件动态构建Flink CEP的模式。
将交易数据流与规则广播流结合,实现动态规则匹配。
规则匹配:
使用Flink CEP对交易数据进行模式匹配。
如果匹配成功,生成风控结果并输出。
2. 表设计
2.1 风控规则表(risk_rules)
字段名 类型 说明
rule_id BIGINT 规则ID(主键)
rule_name VARCHAR 规则名称
rule_condition VARCHAR 规则条件(如:amount > 10000)
rule_action VARCHAR 规则动作(如:告警、拦截)
priority INT 规则优先级
is_active BOOLEAN 是否启用
create_time TIMESTAMP 创建时间
update_time TIMESTAMP 更新时间
2.2 交易数据表(transaction_data)
字段名 类型 说明
transaction_id VARCHAR 交易ID(主键)
user_id VARCHAR 用户ID
amount DECIMAL 交易金额
timestamp TIMESTAMP 交易时间
3. 代码实现
3.1 定义POJO
java
复制
// 交易数据POJO
c
public class Transaction {
private String transactionId;
private String userId;
private Double amount;
private Long timestamp;
// getters and setters
}
// 风控规则POJO
public class RiskRule {
private Long ruleId;
private String ruleName;
private String ruleCondition; // 规则条件(如:amount > 10000)
private String ruleAction; // 规则动作(如:告警、拦截)
private Integer priority; // 规则优先级
private Boolean isActive; // 是否启用
// getters and setters
}
// 风控结果POJO
public class RiskResult {
private String userId;
private List<String> transactionIds;
private String riskLevel;
private String actionTaken;
private Long createTime;
// getters and setters
}
## 3.2 规则加载与动态模式构建
java
```c
public class FraudDetectionCEPWithRules {
public static void main(String[] args) throws Exception {
StreamExecutionEnvironment env = StreamExecutionEnvironment.getExecutionEnvironment();
// 交易数据流
DataStream<Transaction> transactionStream = env.addSource(transactionSource)
.assignTimestampsAndWatermarks(
WatermarkStrategy.<Transaction>forBoundedOutOfOrderness(Duration.ofSeconds(5))
.withTimestampAssigner((event, timestamp) -> event.getTimestamp())
);
// 规则数据流(从JDBC加载)
DataStream<RiskRule> ruleStream = env.addSource(
JdbcSource.buildJdbcSource()
.setQuery("SELECT * FROM risk_rules WHERE is_active = true")
.setRowTypeInfo(RiskRule.getTypeInfo())
);
// 广播规则流
BroadcastStream<RiskRule> broadcastRuleStream = ruleStream.broadcast(RuleDescriptor.of());
// 连接交易数据流和规则广播流
DataStream<RiskResult> riskResultStream = transactionStream
.connect(broadcastRuleStream)
.process(new DynamicPatternProcessFunction());
// 输出结果
riskResultStream.addSink(new AlertSink());
env.execute("Fraud Detection with Flink CEP and Dynamic Rules");
}
}3.3 动态模式匹配逻辑
c
public class DynamicPatternProcessFunction
extends BroadcastProcessFunction<Transaction, RiskRule, RiskResult> {
private transient MapState<Long, Pattern<Transaction, ?>> patternState;
@Override
public void open(Configuration parameters) {
// 初始化模式状态
MapStateDescriptor<Long, Pattern<Transaction, ?>> patternDescriptor =
new MapStateDescriptor<>("patternState", Types.LONG, Types.POJO(Pattern.class));
patternState = getRuntimeContext().getMapState(patternDescriptor);
}
@Override
public void processElement(
Transaction transaction,
ReadOnlyContext ctx,
Collector<RiskResult> out) throws Exception {
// 遍历所有规则模式
for (Map.Entry<Long, Pattern<Transaction, ?>> entry : patternState.entries()) {
Long ruleId = entry.getKey();
Pattern<Transaction, ?> pattern = entry.getValue();
// 使用Flink CEP进行模式匹配
PatternStream<Transaction> patternStream = CEP.pattern(
transactionStream.keyBy(Transaction::getUserId),
pattern
);
// 处理匹配结果
DataStream<RiskResult> resultStream = patternStream.process(
new PatternProcessFunction<Transaction, RiskResult>() {
@Override
public void processMatch(
Map<String, List<Transaction>> match,
Context ctx,
Collector<RiskResult> out) throws Exception {
RiskResult result = new RiskResult();
result.setUserId(match.get("first").get(0).getUserId());
result.setTransactionIds(
match.values().stream()
.flatMap(List::stream)
.map(Transaction::getTransactionId)
.collect(Collectors.toList())
);
result.setRiskLevel("HIGH");
result.setActionTaken("ALERT");
result.setCreateTime(System.currentTimeMillis());
out.collect(result);
}
}
);
// 输出结果
resultStream.addSink(new AlertSink());
}
}
@Override
public void processBroadcastElement(
RiskRule rule,
Context ctx,
Collector<RiskResult> out) throws Exception {
// 动态构建模式
Pattern<Transaction, ?> pattern = Pattern.<Transaction>begin("first")
.where(new SimpleCondition<Transaction>() {
@Override
public boolean filter(Transaction transaction) {
return evaluateCondition(transaction, rule.getRuleCondition());
}
})
.next("second")
.where(new SimpleCondition<Transaction>() {
@Override
public boolean filter(Transaction transaction) {
return evaluateCondition(transaction, rule.getRuleCondition());
}
})
.next("third")
.where(new SimpleCondition<Transaction>() {
@Override
public boolean filter(Transaction transaction) {
return evaluateCondition(transaction, rule.getRuleCondition());
}
})
.within(Time.minutes(10));
// 更新模式状态
patternState.put(rule.getRuleId(), pattern);
}
// 规则条件评估
private boolean evaluateCondition(Transaction transaction, String condition) {
if ("amount > 10000".equals(condition)) {
return transaction.getAmount() > 10000;
}
// 其他条件
return false;
}
}4. 总结
动态规则加载:通过JDBC Source从risk_rules表加载规则。
动态模式构建:根据规则表中的条件动态构建Flink CEP模式。
规则匹配:使用Flink CEP对交易数据进行模式匹配,并生成风控结果。
通过以上实现,可以将Flink CEP与风控规则表结合,实现动态、灵活的反欺诈系统。