Abstract: Embodiments of the disclosure provide systems and methods for verifying digital payments for a payment platform. The system includes a communication interface configured to receive service data associated with a transaction from a terminal device associated with a user of the payment platform. The system further includes at least one processor configured to automatically determine whether an authentication is waived for the transaction based on the received service data and a blacklist generated using a machine learning model. The blacklist includes a list of suspicious users and transaction behaviors. The at least one processor further configured to approve the transaction without requesting user authentication information from the terminal device when the authentication is waived. The at least one processor also configured to request the user authentication information from the terminal device and validate the user authentication information when the authentication is not waived.

Abstract: Methods, systems, and apparatus for detecting malicious activities in a ride-hailing platforms are described. An exemplary method comprises: identifying a set of trips from historical data to form training data; training a classifier based on a plurality of features of the set of trips in the training data to identify whether a given trip is malicious or benign; deploying the classifier to classify new trips in the ride-hailing platform for a first period of time to obtain a plurality of malicious trip candidates; storing the plurality of malicious trip candidates in a staging database for a second period of time for data cleansing based on supplementary data collected during the second period of time; fetching, from the staging database, a set of malicious trip candidates that have been stored in the staging database longer than the second period of time; and re-training the classifier.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automatically adjusting strategies. One of the methods includes: determining one or more characteristics of a plurality of complaints, wherein each of the complaints corresponds to an order; classifying the plurality of complaints into a plurality of categories based on the one or more characteristics by using a trained classifier; selecting a category from the plurality of categories based on a number of complaints in the selected category; from a group of strategies each associated with one or more conditions and one or more actions, identifying a candidate strategy causing the complaints of the selected category, wherein the one or more actions are executed in response to the one or more conditions being satisfied; and optimizing the candidate strategy using a reinforcement learning model at least based on a plurality of historical orders.

Abstract: Embodiments of the disclosure provide systems and methods for verifying digital payments for a payment platform. The system includes a communication interface configured to receive service data associated with a transaction from a terminal device associated with a user of the payment platform. The system further includes at least one processor configured to automatically determine whether an authentication is waived for the transaction based on the received service data and a blacklist generated using a machine learning model. The blacklist includes a list of suspicious users and transaction behaviors. The at least one processor further configured to approve the transaction without requesting user authentication information from the terminal device when the authentication is waived. The at least one processor also configured to request the user authentication information from the terminal device and validate the user authentication information when the authentication is not waived.

Abstract: Embodiments of the disclosure provide systems and methods for protecting a login process to an application running on a device. The method may include interactively training a mock hacker artificial intelligence (AI) engine and a challenge generation AI engine to compete with each other. The challenge generation AI engine is configured to generate challenges that defeat hacking attacks by the mock hacker AI engine, and the mock hacker AI engine is configured to attack the challenges generated by the challenge generation AI engine. The method may further include generating a login challenge using the trained challenge generation AI engine. The method may additionally include providing the login challenge to a user attempting to access the application during the login process.

Abstract: Embodiments of the disclosure provide systems and methods for verifying digital payments for a payment platform. The system includes a communication interface configured to receive service data associated with a transaction from a terminal device associated with a user of the payment platform. The system further includes at least one processor configured to automatically determine whether an authentication is waived for the transaction based on the received service data and a blacklist generated using a machine learning model. The blacklist includes a list of suspicious users and transaction behaviors. The at least one processor further configured to approve the transaction without requesting user authentication information from the terminal device when the authentication is waived. The at least one processor also configured to request the user authentication information from the terminal device and validate the user authentication information when the authentication is not waived.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for decentralized data management are provided. One of the methods includes: instructing, by an operator, a client to obtain data from a data source, wherein the operator is not allowed to directly obtain data from the data source; receiving, by the operator, encrypted data from the client, wherein the encrypted data is generated by the client based on the obtained data from the data source and an encryption key of an authorized data consumer; and storing, by the operator, the encrypted data into a data store for the authorized data consumer to access and decrypt, wherein the operator is not allowed to read the saved encrypted data from the data store.

Abstract: Methods, systems, and apparatus for detecting malicious activities in a ride-hailing platforms are described. An exemplary method comprises: identifying a set of trips from historical data to form training data; training a classifier based on a plurality of features of the set of trips in the training data to identify whether a given trip is malicious or benign; deploying the classifier to classify new trips in the ride-hailing platform for a first period of time to obtain a plurality of malicious trip candidates; storing the plurality of malicious trip candidates in a staging database for a second period of time for data cleansing based on supplementary data collected during the second period of time; fetching, from the staging database, a set of malicious trip candidates that have been stored in the staging database longer than the second period of time; and re-training the classifier.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automatically adjusting strategies. One of the methods includes: determining one or more characteristics of a plurality of complaints, wherein each of the complaints corresponds to an order; classifying the plurality of complaints into a plurality of categories based on the one or more characteristics by using a trained classifier; selecting a category from the plurality of categories based on a number of complaints in the selected category; from a group of strategies each associated with one or more conditions and one or more actions, identifying a candidate strategy causing the complaints of the selected category, wherein the one or more actions are executed in response to the one or more conditions being satisfied; and optimizing the candidate strategy using a reinforcement learning model at least based on a plurality of historical orders.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for decentralized data management are provided. One of the methods includes: instructing, by an operator, a client to obtain data from a data source, wherein the operator is not allowed to directly obtain data from the data source; receiving, by the operator, encrypted data from the client, wherein the encrypted data is generated by the client based on the obtained data from the data source and an encryption key of an authorized data consumer; and storing, by the operator, the encrypted data into a data store for the authorized data consumer to access and decrypt, wherein the operator is not allowed to read the saved encrypted data from the data store.

Abstract: A computerized method is described that is adapted to compare extracted features of a received object under analysis with one or more features associated with each known malicious object of a plurality of known malicious objects accessible to the one or more servers. Responsive to determining that the extracted features satisfy a prescribed level of correlation with the one or more features of a first known malicious object of the plurality of known malicious objects, identifying the received object as a malicious object. Also, responsive to determining that the extracted features fail to satisfy the prescribed level of correlation, conducting a second analysis that includes a comparison of the extracted features to the one or more features associated with each of the plurality of known malicious objects being of a type of malware other than malware targeting a specific entity.

Abstract: An approach near instantly notifies devices onto which an application program is installed when the application program is identified as malware. An analysis system records application programs installed on devices. When an application program is identified as malware, the analysis system can locate a set of devices onto which the application program is installed. The analysis system notifies these devices near instantly when the particular application program is identified as malware. Users may be prompted to uninstall the application program from the devices. In addition, the devices may include instrumentations that block the application program from performing any malicious behavior. The application program may be identified as malware by malware detection methods that perform static and dynamic analysis of the application program on the analysis system or on mobile devices.

Abstract: An on-device security vulnerability detection method performs dynamic analysis of application programs on a mobile device. In one aspect, an operating system of a mobile device is configured to include instrumentations and an analysis application program package is configured for installation on the mobile device to interact with the instrumentations. When an application program executes on the mobile device, the instrumentations enables recording of information related to execution of the application program. The analysis application interfaces with the instrumented operating system to analyze the behaviors of the application program using the recorded information. The application program is categorized (e.g., as benign or malicious) based on its behaviors, for example by using machine learning models.

Abstract: An analysis system performs a dynamic analysis of application packages. In one aspect, the application package is configured for installation on a client device, and the analysis system includes an instrumented simulation engine for the client device. The application package is executed on the instrumented simulation engine. The behavior of the application package is recorded, and the application package is categorized (e.g., as benign or malicious) based on its behaviors.

Abstract: A computerized method is described in which one or more received objects are analyzed by an advanced persistent threat (APT) detection center to determine if the objects are APTs. The analysis may include the extraction of features describing and characterizing features of the received objects. The extracted features may be compared with features of known APT malware objects and known non-APT malware objects to determine a classification or probability of the received objects being APT malware. Upon determination that the received objects are APT malware, warning messages may be transmitted to a user of associated client devices. Classified objects may also be used to generate analytic data for the prediction and prevention of future APT attacks.

Abstract: A computerized method is described in which one or more received objects are analyzed by an advanced persistent threat (APT) detection center to determine if the objects are APTs. The analysis may include the extraction of features describing and characterizing features of the received objects. The extracted features may be compared with features of known APT malware objects and known non-APT malware objects to determine a classification or probability of the received objects being APT malware. Upon determination that the received objects are APT malware, warning messages may be transmitted to a user of associated client devices. Classified objects may also be used to generate analytic data for the prediction and prevention of future APT attacks.