CN109145544A - A kind of human-computer behavior detection system and method - Google Patents

A kind of human-computer behavior detection system and method Download PDF

Info

Publication number
CN109145544A
CN109145544A CN201811033854.4A CN201811033854A CN109145544A CN 109145544 A CN109145544 A CN 109145544A CN 201811033854 A CN201811033854 A CN 201811033854A CN 109145544 A CN109145544 A CN 109145544A
Authority
CN
China
Prior art keywords
user
user data
information
machine
webpage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811033854.4A
Other languages
Chinese (zh)
Inventor
陈煜文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201811033854.4A priority Critical patent/CN109145544A/en
Publication of CN109145544A publication Critical patent/CN109145544A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Social Psychology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the present application discloses a kind of human-computer behavior detection system and method, when user accesses Webpage by client, information acquisition module obtains generated user data of the user when accessing Webpage by client in system, and the user data is sent to Man-machine Analyze system, modeling analysis is carried out to user data by the man-machine analysis system, to judge the corresponding user of the user data as machine or people, to realize the purpose for going identifying code to carry out human-computer behavior judgement.It can be seen that, by detection system provided by the embodiments of the present application, accurate judgement can be carried out according to user data, and intelligently the user of judgement operation client is machine or people in the case where user's unaware, and the operation that user inputs identifying code is eliminated, it improves the user experience.

Description

A kind of human-computer behavior detection system and method
Technical field
This application involves field of information security technology, and in particular to a kind of human-computer behavior detection system and method.
Background technique
With the continuous development of information technology, information is as a kind of resource, its generality, sharing, appreciation, Ke Chu Rationality and multi-purpose, make it have especially important meaning for the mankind, and information security issue also shows and protrudes day.
To prevent information system or information network from various types of threats, interference and destruction, such as registration corpse account Family, Brute Force and web crawlers etc. are various to carry out automation malicious attack behavior to website.Full-automatic computer and people The turing test technology of class, also referred to as verification code technology, come into being, and distinguish operation net by way of generating identifying code The user of page is computer or people.
However, identifying code breaking techniques are also evolving with the development of verification code technology, attacker can be using each The technologies such as kind image procossing, data analysis crack identifying code, and existing verification code technology is caused to be difficult to identify that operation Computer or people when the user of webpage.
Summary of the invention
In view of this, the embodiment of the present application provides a kind of human-computer behavior detection system and method, more accurately distinguished with realizing The user of webpage Chu not operated.
To solve the above problems, technical solution provided by the embodiments of the present application is as follows:
In a first aspect, the embodiment of the present application provides a kind of human-computer behavior detection system, which includes:
Information acquisition module, for acquiring user data when user accesses Webpage by client;The user Data are user's generated data when accessing Webpage by client;
Information acquisition module is also used to the user data being sent to Man-machine Analyze system;
The Man-machine Analyze system, for analyzing the user data, to judge the user of access Webpage It is machine or people.
In one possible implementation, the Man-machine Analyze system is also used to be determined according to judging result for institute State the decision information of judging result;The decision information is that response user accesses Webpage or terminates user's access webpage page Face;When it is machine that the judging result, which is user, the decision information is that the suspension user accesses Webpage;When described Judging result is user when being people, and the decision information is that response user accesses Webpage.
In one possible implementation, the user data includes: client system information and user behavior information.
In one possible implementation, the information acquisition module includes:
System information acquisition component, for acquiring the FTP client FTP environmental information;The FTP client FTP environment letter It is one or more that breath includes at least operating system, IP address, host id and system user ID;
User behavior acquisition component, for acquiring the user behavior information;The user behavior information includes user behaviour It is at least one or more of to make mouse message, user's percussion keypad information.
In one possible implementation, the Man-machine Analyze system includes:
Information receiving module, the user data sent for receiving the information acquisition module;And by the user Data are sent to data preprocessing module;
The data preprocessing module, for carrying out cleaning and association process to the user data, and by treated User data is sent to analysis module;
The analysis module, for will be in treated the user data input analysis model, to obtain the judgement As a result, and the judging result is sent to decision-making module;
The decision-making module, for determining the decision information according to the judging result.
In one possible implementation, the analysis model using statistical analysis model, regression analysis model or Deep learning model.
In one possible implementation, the Man-machine Analyze system further include:
Database, for storing the user data, treated user data and the judging result.
Second aspect, the embodiment of the present application provide a kind of human-computer behavior detection method, this method comprises:
Receive the user data that information acquisition module is sent;The user data is that user is accessing webpage by client Generated data when the page;
The user data is analyzed, to judge that the user of access Webpage is machine or people.
In one possible implementation, the analysis user data, to judge the user of access Webpage It is machine or people, specifically includes:
Cleaning and association process are carried out to the user data, obtain treated user data;
In user data input analysis model that treated by described in, analysis result is obtained;
User according to the analysis result judgement access Webpage is machine or people.
In one possible implementation, the method also includes:
The decision information for being directed to the judging result is determined according to judging result;The decision information is response user's access Webpage terminates user's access Webpage;When it is machine that the judging result, which is user, the decision information is The termination user accesses Webpage;When it is people that the judging result, which is user, the decision information is that response user visits Ask Webpage.
It can be seen that the embodiment of the present application has the following beneficial effects:
When user accesses Webpage by client, information acquisition module obtains user and is passing through the embodiment of the present application Client accesses generated user data when Webpage, and the user data is sent to Man-machine Analyze system, by this Man-machine Analyze system to user data carry out modeling analysis, using judge the corresponding user of the user data as machine or people, from And realize the purpose for going identifying code to carry out human-computer behavior judgement.It, can be with as it can be seen that by detection system provided by the embodiments of the present application Accurate judgement is carried out according to user data, and intelligently the user of judgement operation client is in the case where user's unaware Machine or people, and the operation that user inputs identifying code is eliminated, it improves the user experience.In addition, when judging user When for machine, user can be terminated and continue to access Webpage, effectively defend the automation attack for network english teaching Behavior improves network security.
Detailed description of the invention
Fig. 1 is a kind of human-computer behavior detection system structure chart provided by the embodiments of the present application;
Fig. 2 is another human-computer behavior detection system structure chart provided by the embodiments of the present application;
Fig. 3 is a kind of flow chart of human-computer behavior detection method provided by the embodiments of the present application.
Specific embodiment
In order to make the above objects, features, and advantages of the present application more apparent, with reference to the accompanying drawing and it is specific real Mode is applied to be described in further detail the embodiment of the present application.
Technical solution provided by the present application for ease of understanding will first be illustrated the background technique of the application below.
Inventor has found in traditional online checking research, and computer is also when user to distinguish operation Webpage It is people, avoids computer from carrying out automation malicious attack behavior, generally use verification code technology and realized, i.e., user is passing through When client browser accesses website, the server for providing Web application service returns to identifying code to client, when user is to calculate When machine, due to can not identify the identifying code of client, lead to not subsequent input identifying code, then judge user for computer, To which server does not provide Web application service;And when user is people, when user inputs the identifying code, server authentication passes through, To judge that user behaves.
However, identifying code breaking techniques are also evolving with the continuous development of verification code technology, attacker can be adopted Identifying code is cracked with technologies such as image procossing, data analyses, to cause to identify when user is computer Identifying code out, and identifying code is inputted, so that server authentication passes through, so that the true body of user can not be recognized accurately in server Part, so that illegality equipment carries out malicious attack to server.In addition, traditional verification code technology, needs user to be manually entered, shadow Ring user experience.
Based on this, the embodiment of the present application provides a kind of human-computer behavior detection system, information collection mould in the detection system Block can acquire user data, and the user data is sent to man-machine point when user accesses Webpage by client Analysis system carries out data analysis and excavation to user data by Man-machine Analyze system, to analyze the difference of human-computer behavior mode, from And in the case where user's unaware, accurately judge that user is machine or people, and then effectively defend for application service The automation malicious attack of device, provides network security, and improve user experience.
Technical solution provided by the embodiments of the present application for ease of understanding, below in conjunction with attached drawing to the man-machine behavioral value system System is illustrated.
Referring to Fig. 1, which is a kind of human-computer behavior detection system provided by the embodiments of the present application, as shown in Figure 1, the system Include:
Information acquisition module 10, for acquiring user data when user accesses Webpage by client.
In the present embodiment, information acquisition module 10 can be used as the plug-in unit of Webpage or browser, when user passes through visitor When the browser at family end accesses Webpage, client browser can load the plug-in unit, and then information acquisition module 10 acquires User's data generated when accessing Webpage by client, the behavior which can be used for characterizing the user are special Sign.
In specific implementation, which may include client system information and user behavior information.Wherein, client End system information indicates environmental information locating for client, for example, host model, cpu type, browser type, system language And system time etc..User behavior information expression user is performed when accessing Webpage by client browser Operation information, for example, user, which clicks mouse time, the speed of mobile mouse and user, taps keyboard time, key assignments etc..
When information acquisition module 10 obtains above-mentioned user data, it is also used to for user data to be sent to Man-machine Analyze system 20, so that Man-machine Analyze system 20 carries out human-computer behavior judgement according to user data.
Man-machine Analyze system 20, for analyzing user data, to judge that the user of access Webpage is machine Or people.
In the present embodiment, Man-machine Analyze system 20 is analyzed and is excavated to received user data, from the user of acquisition The difference of human-computer behavior mode and feature is distinguished in data, to judge that accessing the user of Webpage by client is machine Device or people.In specific implementation, Man-machine Analyze system may operate in server, obtain information collection mould by server The user data that block is sent.
In practical applications, Man-machine Analyze system 20 can be by user data input to the disaggregated model of trained completion In, the disaggregated model user data can be exported according to the user data of input corresponding to user true identity.Having When body is realized, multiple groups user data can be acquired in advance, and tag along sort is added to multiple groups user data, which is used for User data with label is trained initial model as training data by the identity information for identifying the user data, To obtain disaggregated model, the disaggregated model is allowed to determine the classification of the user data according to the user data of input.
In addition, when host analysis system has determined the classification of user data, that is, when judging that the user is machine or people, The decision information for being directed to the judging result, that is, the decision of reply different user identity can also be determined according to judging result. The decision information, which can access Webpage for response user or terminate user, accesses Webpage.In specific implementation, when When the user that host analysis system is judged to access Webpage is machine, access request that server submits client into Row stops, and no longer provides Web application service for the client, to prevent automation malicious attack.When host analysis system judges When the user for accessing Webpage out is people, the access request that server can be submitted with customer in response end provides for the client Web application service.
Through the foregoing embodiment it is found that the embodiment of the present application is when user accesses Webpage by client, information is adopted Collect module and obtain generated user data of the user when accessing Webpage by client, and the user data is sent Man-machine Analyze system is given, modeling analysis is carried out to user data by the man-machine analysis system, to judge that the user data is corresponding User is machine or people, to realize the purpose for going identifying code to carry out human-computer behavior judgement.As it can be seen that passing through the embodiment of the present application The detection system of offer can carry out accurate judgement according to user data, and intelligently sentence in the case where user's unaware The user of disconnected operation client is machine or people, and eliminates the operation that user inputs identifying code, improves user and uses body It tests.In addition, can terminate user when judging user is machine and continue to access Webpage, effectively defend for network The automation attack of application service improves network security.
The concrete function of said detecting system is realized for ease of understanding, below in conjunction with attached drawing to the function of the detection system Realization is illustrated.
Referring to fig. 2, which is another human-computer behavior detection system provided by the embodiments of the present application, as shown in Fig. 2, this is System includes: information acquisition module 10 and Man-machine Analyze system 20.
In the present embodiment, which is sent to man-machine point for obtaining user data by information acquisition module 10 Analysis system 20 analyzes user data by the man-machine analysis system, to judge that accessing the user of Webpage is machine Or people.Wherein, user data may include client system information and user behavior information.
In specific implementation, information acquisition module 10 may include system information acquisition component 101 and user behavior acquisition Component.
System information acquisition component 101, for acquiring FTP client FTP environmental information;Wherein, FTP client FTP environment is believed It is one or more that breath includes at least operating system, IP address, host id and system user ID.
In the present embodiment, system information acquisition component acquires the system environmental information of client, so as to Man-machine Analyze system By the FTP client FTP environmental information, the FTP client FTP can be identified.Wherein, FTP client FTP environmental information may include Operating system, IP address, host id and system user ID etc. are at least one or more of.
User behavior acquisition component 102, for acquiring user behavior information;Wherein, user behavior information includes user behaviour It is at least one or more of to make mouse message, user's percussion keypad information.
In the present embodiment, user behavior acquisition component can be obtained and be used when user accesses Webpage by client The practical operation information at family, further to distinguish human-computer behavior according to the practical operation information.Wherein, user behavior packet It is at least one or more of to include at least user's operation mouse message and user's percussion keypad information etc..User's operation mouse message can be with Mouse time, speed, coordinate and mobile mouse track and speed are clicked including user;User taps keypad information User taps keyboard time, speed with key assignments.
In specific implementation, Man-machine Analyze system can establish pair of FTP client FTP environmental information Yu user behavior information It should be related to, and record corresponding user behavior information under the FTP client FTP environmental information, when Man-machine Analyze system receives again When to same FTP client FTP environmental information, new user behavior information and pre-recorded user behavior information is utilized to carry out Comparative analysis, to judge the user of this visit Webpage as machine or people.
In a kind of possible implementation of the application, Man-machine Analyze system 20 may include: information receiving module 201, Data preprocessing module 202, analysis module 203, decision-making module 204.
In the present embodiment, information receiving module 201, for receiving the user data of information acquisition module transmission;And it will use User data is sent to data preprocessing module 202.
Data preprocessing module 202, for carrying out cleaning and association process to user data, and will treated number of users According to being sent to analysis module 203.
In this example, data preprocessing module can carry out pretreatment operation to the user data that receives, specifically can be with For, user data is cleaned to reject repeated data and influence lesser data to judging result, reduces the quantity of user data, To provide important user data for analysis module, mitigate the operating pressure of analysis module.Meanwhile data prediction mould User data after cleaning can also be associated by block with client, the pass of user data and client after establishing cleaning Connection relationship, to carry out the client before quick positioning obtains using above-mentioned incidence relation when the client accesses again Access transmitted user data when webpage.
Analysis module 203 and will for will be in treated user data input analysis model, to obtain judging result Judging result is sent to decision-making module 204.
In the present embodiment, analysis module can be modeled previously according to historical use data, analysis model be obtained, in reality Border in application, will treated user data input into analysis model, with obtain should treated the corresponding use of user data Family is machine or people.Wherein, analysis model can be statistical analysis model, regression analysis model or deep learning mould Type will introduce three kinds of analysis models respectively below.
(1) statistical analysis model
Statistical analysis model is to carry out mathematics system to the user data of acquisition with mathematical way, founding mathematical models Meter and analysis, to determine the corresponding specific identity of client of the user data.
(2) regression analysis model
Regression analysis model utilizes data statistics principle, carries out Mathematical treatment to a large number of users data, and determine number of users According to the incidence relation between judging result, the regression equation of a good relationship is established, and is extrapolated, to predict other The analysis method of user data and judging result.
(3) deep learning model
Deep learning model is based on carrying out feature learning to user data, with the distribution characteristics of acquisition data, and according to User data training with label generates disaggregated model, which has extracted corresponding number of users when client is machine Corresponding user data feature when according to feature and client being people, thus when Man-machine Analyze system is by this point of user data input When class model, the feature of the user data can be extracted, so that it is determined that the identity of the corresponding client of the user data.
It should be noted that Man-machine Analyze system can also user data update and optimizing and analyzing model based on the received, So that analysis model can more accurately identify the true identity of user.
In the present embodiment, when analysis model obtains judging result, which is sent to decision-making module, so as to decision Module determines the decision information for being directed to the judging result according to judging result.
Decision-making module 204, for determining decision information according to judging result.
In the present embodiment, decision-making module can determine that the decision for the judging result is believed according to different judging results Breath.When the user that judging result is access Webpage is machine, server carries out the access request that client is submitted Stop, no longer provide Web application service for the client, to prevent automation malicious attack.When judging result is access webpage When the user of the page is people, the access request that server can be submitted with customer in response end provides Web application clothes for the client Business.
In a kind of possible implementation of the embodiment of the present application, Man-machine Analyze system 20 can also include database, should Database can be used for storing user data, treated user data and judging result.
By foregoing description, system information acquisition component and user behavior acquisition component in information acquisition module can divide FTP client FTP environmental information and user behavior information are not acquired not in real time, and above- mentioned information are sent to Man-machine Analyze system, Received user data is sent to data preprocessing module by the information receiving module in Man-machine Analyze system, to user data Handled, then to treated, user data is analyzed by analysis module, using judge user as machine or people, finally Decision for above-mentioned judging result is determined by decision-making module, when judging user is machine, user's continuation can be terminated Webpage is accessed, the automation attack for network english teaching has effectively been defendd, improves network security.
Based on the above system embodiment, present invention also provides a kind of human-computer behavior detection methods, below in conjunction with attached drawing This method is illustrated.
Referring to Fig. 3, which is a kind of human-computer behavior detection method provided by the embodiments of the present application, as shown in figure 3, this method May include:
S301: the user data that information acquisition module is sent is received:.
Wherein, user data is user's generated data when accessing Webpage by client.User data package It includes: client system information and user behavior information.FTP client FTP environmental information includes at least operating system, IP address, master Machine ID and system user ID are one or more;User behavior information includes user's operation mouse message, user's percussion keyboard letter It ceases at least one or more of.
Realization about acquisition client system information and user behavior information may refer to the reality of system described in Fig. 1 and Fig. 2 Apply example.
S302: analysis institute's user data, to judge that the user of access Webpage is machine or people.
In one possible implementation, analyze user data, with judge access Webpage user be machine also It is people, specifically includes: cleaning and association process is carried out to user data, obtain treated user data;After the processing User data input analysis model in, obtain analysis result;The user of judgement access Webpage is machine based on the analysis results Device or people.
In the present embodiment, analysis model uses statistical analysis model, regression analysis model or deep learning model.
In one possible implementation, the method also includes:
The decision information for being directed to judging result is determined according to judging result;Decision information is that response user accesses Webpage Or it terminates user and accesses Webpage;When it is machine that judging result, which is user, decision information is termination user access Webpage;When it is people that the judging result, which is user, decision information is that response user accesses Webpage.
In one possible implementation, the method also includes:
In the database by user data, treated user data and judging result storage.
When user accesses Webpage by client, information acquisition module obtains user and is passing through the embodiment of the present application Client accesses generated user data when Webpage, and the user data is sent to Man-machine Analyze system, by this Man-machine Analyze system to user data carry out modeling analysis, using judge the corresponding user of the user data as machine or people, from And realize the purpose for going identifying code to carry out human-computer behavior judgement.It, can be with as it can be seen that by detection system provided by the embodiments of the present application Accurate judgement is carried out according to user data, and intelligently the user of judgement operation client is in the case where user's unaware Machine or people, and the operation that user inputs identifying code is eliminated, it improves the user experience.In addition, when judging user When for machine, user can be terminated and continue to access Webpage, effectively defend the automation attack for network english teaching Behavior improves network security.
It should be noted that each embodiment in this specification is described in a progressive manner, each embodiment emphasis is said Bright is the difference from other embodiments, and the same or similar parts in each embodiment may refer to each other.For reality For applying system or device disclosed in example, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, phase Place is closed referring to method part illustration.
It should be appreciated that in this application, " at least one (item) " refers to one or more, and " multiple " refer to two or two More than a."and/or" indicates may exist three kinds of relationships, for example, " A and/or B " for describing the incidence relation of affiliated partner It can indicate: only exist A, only exist B and exist simultaneously tri- kinds of situations of A and B, wherein A, B can be odd number or plural number.Word Symbol "/" typicallys represent the relationship that forward-backward correlation object is a kind of "or"." at least one of following (a) " or its similar expression, refers to Any combination in these, any combination including individual event (a) or complex item (a).At least one of for example, in a, b or c (a) can indicate: a, b, c, " a and b ", " a and c ", " b and c ", or " a and b and c ", and wherein a, b, c can be individually, can also To be multiple.
It should also be noted that, herein, relational terms such as first and second and the like are used merely to one Entity or operation are distinguished with another entity or operation, without necessarily requiring or implying between these entities or operation There are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant are intended to contain Lid non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology In any other form of storage medium well known in field.
The foregoing description of the disclosed embodiments makes professional and technical personnel in the field can be realized or use the application. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the application.Therefore, the application It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

Claims (10)

1. a kind of human-computer behavior detection system, which is characterized in that the system comprises:
Information acquisition module, for acquiring user data when user accesses Webpage by client;The user data For user when accessing Webpage by client generated data;
Information acquisition module is also used to the user data being sent to Man-machine Analyze system;
The Man-machine Analyze system, for analyzing the user data, to judge that the user of access Webpage is machine Device or people.
2. system according to claim 1, which is characterized in that the Man-machine Analyze system is also used to according to judging result Determine the decision information for being directed to the judging result;The decision information is that response user accesses Webpage or terminates user Access Webpage;When it is machine that the judging result, which is user, the decision information is that the suspension user accesses webpage The page;When it is people that the judging result, which is user, the decision information is that response user accesses Webpage.
3. system according to claim 1, which is characterized in that the user data includes: client system information and user Behavioural information.
4. system according to claim 3, which is characterized in that the information acquisition module includes:
System information acquisition component, for acquiring the FTP client FTP environmental information;The FTP client FTP environmental information is extremely It less include operating system, IP address, host id and system user ID one or more;
User behavior acquisition component, for acquiring the user behavior information;The user behavior information includes user's operation mouse It is at least one or more of to mark information, user's percussion keypad information.
5. system according to claim 2, which is characterized in that the Man-machine Analyze system includes:
Information receiving module, the user data sent for receiving the information acquisition module;And by the user data It is sent to data preprocessing module;
The data preprocessing module, for carrying out cleaning and association process to the user data, and will treated user Data are sent to analysis module;
The analysis module, for will in treated the user data input analysis model, to obtain the judging result, And the judging result is sent to decision-making module;
The decision-making module, for determining the decision information according to the judging result.
6. system according to claim 5, which is characterized in that the analysis model is using statistical analysis model, recurrence Analysis model or deep learning model.
7. according to the described in any item systems of claim 5 or 6, which is characterized in that the Man-machine Analyze system further include:
Database, for storing the user data, treated user data and the judging result.
8. a kind of human-computer behavior detection method, which is characterized in that the described method includes:
Receive the user data that information acquisition module is sent;The user data is that user is accessing Webpage by client When generated data;
The user data is analyzed, to judge that the user of access Webpage is machine or people.
9. according to the method described in claim 8, it is characterized in that, described analyze the user data, to judge to access webpage The user of the page is machine or people, is specifically included:
Cleaning and association process are carried out to the user data, obtain treated user data;
In user data input analysis model that treated by described in, analysis result is obtained;
User according to the analysis result judgement access Webpage is machine or people.
10. method according to claim 8 or claim 9, which is characterized in that the method also includes:
The decision information for being directed to the judging result is determined according to judging result;The decision information is that response user accesses webpage The page terminates user's access Webpage;When it is machine that the judging result, which is user, the decision information is described It terminates user and accesses Webpage;When it is people that the judging result, which is user, the decision information is that response user accesses net The page page.
CN201811033854.4A 2018-09-05 2018-09-05 A kind of human-computer behavior detection system and method Pending CN109145544A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811033854.4A CN109145544A (en) 2018-09-05 2018-09-05 A kind of human-computer behavior detection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811033854.4A CN109145544A (en) 2018-09-05 2018-09-05 A kind of human-computer behavior detection system and method

Publications (1)

Publication Number Publication Date
CN109145544A true CN109145544A (en) 2019-01-04

Family

ID=64827191

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811033854.4A Pending CN109145544A (en) 2018-09-05 2018-09-05 A kind of human-computer behavior detection system and method

Country Status (1)

Country Link
CN (1) CN109145544A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110147659A (en) * 2019-05-15 2019-08-20 四川长虹电器股份有限公司 Noninductive verification method based on machine learning
CN110266727A (en) * 2019-07-09 2019-09-20 中国工商银行股份有限公司 Recognition methods, server and the client of simulation browser behavior
CN110312045A (en) * 2019-05-16 2019-10-08 厦门快商通信息咨询有限公司 The anti-harassment method, apparatus of customer service system, equipment and storage medium
CN110808995A (en) * 2019-11-08 2020-02-18 中国工商银行股份有限公司 Safety protection method and device
WO2020177273A1 (en) * 2019-03-07 2020-09-10 南京智慧光信息科技研究院有限公司 意识方法、装置、系统、机器人和计算模型
CN112580004A (en) * 2020-12-23 2021-03-30 北京通付盾人工智能技术有限公司 Webpage end user behavior acquisition method and system based on biological probe technology
CN116566735A (en) * 2023-06-27 2023-08-08 北京云科安信科技有限公司 Method for identifying malicious traffic through machine learning

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103530540A (en) * 2013-09-27 2014-01-22 西安交通大学 User identity attribute detection method based on man-machine interaction behavior characteristics
US20170185758A1 (en) * 2015-12-28 2017-06-29 Unbotify Ltd. Utilizing Behavioral Features To Identify Bot
CN107330311A (en) * 2017-06-29 2017-11-07 苏州锦佰安信息技术有限公司 A kind of method and apparatus of man-machine identification
US20170366564A1 (en) * 2015-11-16 2017-12-21 Tencent Technology (Shenzhen) Company Limited Identity authentication method, apparatus, and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103530540A (en) * 2013-09-27 2014-01-22 西安交通大学 User identity attribute detection method based on man-machine interaction behavior characteristics
US20170366564A1 (en) * 2015-11-16 2017-12-21 Tencent Technology (Shenzhen) Company Limited Identity authentication method, apparatus, and system
US20170185758A1 (en) * 2015-12-28 2017-06-29 Unbotify Ltd. Utilizing Behavioral Features To Identify Bot
CN107330311A (en) * 2017-06-29 2017-11-07 苏州锦佰安信息技术有限公司 A kind of method and apparatus of man-machine identification

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020177273A1 (en) * 2019-03-07 2020-09-10 南京智慧光信息科技研究院有限公司 意识方法、装置、系统、机器人和计算模型
CN110147659A (en) * 2019-05-15 2019-08-20 四川长虹电器股份有限公司 Noninductive verification method based on machine learning
CN110312045A (en) * 2019-05-16 2019-10-08 厦门快商通信息咨询有限公司 The anti-harassment method, apparatus of customer service system, equipment and storage medium
CN110266727A (en) * 2019-07-09 2019-09-20 中国工商银行股份有限公司 Recognition methods, server and the client of simulation browser behavior
CN110808995A (en) * 2019-11-08 2020-02-18 中国工商银行股份有限公司 Safety protection method and device
CN110808995B (en) * 2019-11-08 2022-12-23 中国工商银行股份有限公司 Safety protection method and device
CN112580004A (en) * 2020-12-23 2021-03-30 北京通付盾人工智能技术有限公司 Webpage end user behavior acquisition method and system based on biological probe technology
CN116566735A (en) * 2023-06-27 2023-08-08 北京云科安信科技有限公司 Method for identifying malicious traffic through machine learning
CN116566735B (en) * 2023-06-27 2023-09-12 北京云科安信科技有限公司 Method for identifying malicious traffic through machine learning

Similar Documents

Publication Publication Date Title
CN109145544A (en) A kind of human-computer behavior detection system and method
US11190562B2 (en) Generic event stream processing for machine learning
CN112866023B (en) Network detection method, model training method, device, equipment and storage medium
CN111866004B (en) Security assessment method, apparatus, computer system, and medium
CN109413023A (en) The training of machine recognition model and machine identification method, device, electronic equipment
CN104852916A (en) Social engineering-based webpage verification code recognition method and system
Rahman et al. New biostatistics features for detecting web bot activity on web applications
CN114036531A (en) Multi-scale code measurement-based software security vulnerability detection method
CN113128196A (en) Text information processing method and device, storage medium
Li et al. Event extraction for criminal legal text
Hahner Architectural access control policy refinement and verification under uncertainty
CN109711849B (en) Ether house address portrait generation method and device, electronic equipment and storage medium
CN111159241A (en) Click conversion estimation method and device
EP4169223A1 (en) Method and apparatus to detect scripted network traffic
Pfleeger Experimental design and analysis in software engineering, part 5: Analyzing the data
CN107220530B (en) Turing test method and system based on user service behavior analysis
Loyola-González et al. An approach based on contrast patterns for bot detection on Web log files
CN116318974A (en) Site risk identification method and device, computer readable medium and electronic equipment
CN110401626A (en) A kind of hacker attack hierarchical detection method and device
RU2745362C1 (en) System and method of generating individual content for service user
CN110069910A (en) A kind of machine behavior determines method, web browser and web page server
CN111401067B (en) Honeypot simulation data generation method and device
Park et al. A new forecasting system using the latent dirichlet allocation (LDA) topic modeling technique
CN113568739A (en) User resource limit distribution method and device and electronic equipment
Parkinson et al. Security auditing in the fog

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190104

RJ01 Rejection of invention patent application after publication