CN109145544A - A kind of human-computer behavior detection system and method - Google Patents
A kind of human-computer behavior detection system and method Download PDFInfo
- Publication number
- CN109145544A CN109145544A CN201811033854.4A CN201811033854A CN109145544A CN 109145544 A CN109145544 A CN 109145544A CN 201811033854 A CN201811033854 A CN 201811033854A CN 109145544 A CN109145544 A CN 109145544A
- Authority
- CN
- China
- Prior art keywords
- user
- user data
- information
- machine
- webpage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Social Psychology (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the present application discloses a kind of human-computer behavior detection system and method, when user accesses Webpage by client, information acquisition module obtains generated user data of the user when accessing Webpage by client in system, and the user data is sent to Man-machine Analyze system, modeling analysis is carried out to user data by the man-machine analysis system, to judge the corresponding user of the user data as machine or people, to realize the purpose for going identifying code to carry out human-computer behavior judgement.It can be seen that, by detection system provided by the embodiments of the present application, accurate judgement can be carried out according to user data, and intelligently the user of judgement operation client is machine or people in the case where user's unaware, and the operation that user inputs identifying code is eliminated, it improves the user experience.
Description
Technical field
This application involves field of information security technology, and in particular to a kind of human-computer behavior detection system and method.
Background technique
With the continuous development of information technology, information is as a kind of resource, its generality, sharing, appreciation, Ke Chu
Rationality and multi-purpose, make it have especially important meaning for the mankind, and information security issue also shows and protrudes day.
To prevent information system or information network from various types of threats, interference and destruction, such as registration corpse account
Family, Brute Force and web crawlers etc. are various to carry out automation malicious attack behavior to website.Full-automatic computer and people
The turing test technology of class, also referred to as verification code technology, come into being, and distinguish operation net by way of generating identifying code
The user of page is computer or people.
However, identifying code breaking techniques are also evolving with the development of verification code technology, attacker can be using each
The technologies such as kind image procossing, data analysis crack identifying code, and existing verification code technology is caused to be difficult to identify that operation
Computer or people when the user of webpage.
Summary of the invention
In view of this, the embodiment of the present application provides a kind of human-computer behavior detection system and method, more accurately distinguished with realizing
The user of webpage Chu not operated.
To solve the above problems, technical solution provided by the embodiments of the present application is as follows:
In a first aspect, the embodiment of the present application provides a kind of human-computer behavior detection system, which includes:
Information acquisition module, for acquiring user data when user accesses Webpage by client;The user
Data are user's generated data when accessing Webpage by client;
Information acquisition module is also used to the user data being sent to Man-machine Analyze system;
The Man-machine Analyze system, for analyzing the user data, to judge the user of access Webpage
It is machine or people.
In one possible implementation, the Man-machine Analyze system is also used to be determined according to judging result for institute
State the decision information of judging result;The decision information is that response user accesses Webpage or terminates user's access webpage page
Face;When it is machine that the judging result, which is user, the decision information is that the suspension user accesses Webpage;When described
Judging result is user when being people, and the decision information is that response user accesses Webpage.
In one possible implementation, the user data includes: client system information and user behavior information.
In one possible implementation, the information acquisition module includes:
System information acquisition component, for acquiring the FTP client FTP environmental information;The FTP client FTP environment letter
It is one or more that breath includes at least operating system, IP address, host id and system user ID;
User behavior acquisition component, for acquiring the user behavior information;The user behavior information includes user behaviour
It is at least one or more of to make mouse message, user's percussion keypad information.
In one possible implementation, the Man-machine Analyze system includes:
Information receiving module, the user data sent for receiving the information acquisition module;And by the user
Data are sent to data preprocessing module;
The data preprocessing module, for carrying out cleaning and association process to the user data, and by treated
User data is sent to analysis module;
The analysis module, for will be in treated the user data input analysis model, to obtain the judgement
As a result, and the judging result is sent to decision-making module;
The decision-making module, for determining the decision information according to the judging result.
In one possible implementation, the analysis model using statistical analysis model, regression analysis model or
Deep learning model.
In one possible implementation, the Man-machine Analyze system further include:
Database, for storing the user data, treated user data and the judging result.
Second aspect, the embodiment of the present application provide a kind of human-computer behavior detection method, this method comprises:
Receive the user data that information acquisition module is sent;The user data is that user is accessing webpage by client
Generated data when the page;
The user data is analyzed, to judge that the user of access Webpage is machine or people.
In one possible implementation, the analysis user data, to judge the user of access Webpage
It is machine or people, specifically includes:
Cleaning and association process are carried out to the user data, obtain treated user data;
In user data input analysis model that treated by described in, analysis result is obtained;
User according to the analysis result judgement access Webpage is machine or people.
In one possible implementation, the method also includes:
The decision information for being directed to the judging result is determined according to judging result;The decision information is response user's access
Webpage terminates user's access Webpage;When it is machine that the judging result, which is user, the decision information is
The termination user accesses Webpage;When it is people that the judging result, which is user, the decision information is that response user visits
Ask Webpage.
It can be seen that the embodiment of the present application has the following beneficial effects:
When user accesses Webpage by client, information acquisition module obtains user and is passing through the embodiment of the present application
Client accesses generated user data when Webpage, and the user data is sent to Man-machine Analyze system, by this
Man-machine Analyze system to user data carry out modeling analysis, using judge the corresponding user of the user data as machine or people, from
And realize the purpose for going identifying code to carry out human-computer behavior judgement.It, can be with as it can be seen that by detection system provided by the embodiments of the present application
Accurate judgement is carried out according to user data, and intelligently the user of judgement operation client is in the case where user's unaware
Machine or people, and the operation that user inputs identifying code is eliminated, it improves the user experience.In addition, when judging user
When for machine, user can be terminated and continue to access Webpage, effectively defend the automation attack for network english teaching
Behavior improves network security.
Detailed description of the invention
Fig. 1 is a kind of human-computer behavior detection system structure chart provided by the embodiments of the present application;
Fig. 2 is another human-computer behavior detection system structure chart provided by the embodiments of the present application;
Fig. 3 is a kind of flow chart of human-computer behavior detection method provided by the embodiments of the present application.
Specific embodiment
In order to make the above objects, features, and advantages of the present application more apparent, with reference to the accompanying drawing and it is specific real
Mode is applied to be described in further detail the embodiment of the present application.
Technical solution provided by the present application for ease of understanding will first be illustrated the background technique of the application below.
Inventor has found in traditional online checking research, and computer is also when user to distinguish operation Webpage
It is people, avoids computer from carrying out automation malicious attack behavior, generally use verification code technology and realized, i.e., user is passing through
When client browser accesses website, the server for providing Web application service returns to identifying code to client, when user is to calculate
When machine, due to can not identify the identifying code of client, lead to not subsequent input identifying code, then judge user for computer,
To which server does not provide Web application service;And when user is people, when user inputs the identifying code, server authentication passes through,
To judge that user behaves.
However, identifying code breaking techniques are also evolving with the continuous development of verification code technology, attacker can be adopted
Identifying code is cracked with technologies such as image procossing, data analyses, to cause to identify when user is computer
Identifying code out, and identifying code is inputted, so that server authentication passes through, so that the true body of user can not be recognized accurately in server
Part, so that illegality equipment carries out malicious attack to server.In addition, traditional verification code technology, needs user to be manually entered, shadow
Ring user experience.
Based on this, the embodiment of the present application provides a kind of human-computer behavior detection system, information collection mould in the detection system
Block can acquire user data, and the user data is sent to man-machine point when user accesses Webpage by client
Analysis system carries out data analysis and excavation to user data by Man-machine Analyze system, to analyze the difference of human-computer behavior mode, from
And in the case where user's unaware, accurately judge that user is machine or people, and then effectively defend for application service
The automation malicious attack of device, provides network security, and improve user experience.
Technical solution provided by the embodiments of the present application for ease of understanding, below in conjunction with attached drawing to the man-machine behavioral value system
System is illustrated.
Referring to Fig. 1, which is a kind of human-computer behavior detection system provided by the embodiments of the present application, as shown in Figure 1, the system
Include:
Information acquisition module 10, for acquiring user data when user accesses Webpage by client.
In the present embodiment, information acquisition module 10 can be used as the plug-in unit of Webpage or browser, when user passes through visitor
When the browser at family end accesses Webpage, client browser can load the plug-in unit, and then information acquisition module 10 acquires
User's data generated when accessing Webpage by client, the behavior which can be used for characterizing the user are special
Sign.
In specific implementation, which may include client system information and user behavior information.Wherein, client
End system information indicates environmental information locating for client, for example, host model, cpu type, browser type, system language
And system time etc..User behavior information expression user is performed when accessing Webpage by client browser
Operation information, for example, user, which clicks mouse time, the speed of mobile mouse and user, taps keyboard time, key assignments etc..
When information acquisition module 10 obtains above-mentioned user data, it is also used to for user data to be sent to Man-machine Analyze system
20, so that Man-machine Analyze system 20 carries out human-computer behavior judgement according to user data.
Man-machine Analyze system 20, for analyzing user data, to judge that the user of access Webpage is machine
Or people.
In the present embodiment, Man-machine Analyze system 20 is analyzed and is excavated to received user data, from the user of acquisition
The difference of human-computer behavior mode and feature is distinguished in data, to judge that accessing the user of Webpage by client is machine
Device or people.In specific implementation, Man-machine Analyze system may operate in server, obtain information collection mould by server
The user data that block is sent.
In practical applications, Man-machine Analyze system 20 can be by user data input to the disaggregated model of trained completion
In, the disaggregated model user data can be exported according to the user data of input corresponding to user true identity.Having
When body is realized, multiple groups user data can be acquired in advance, and tag along sort is added to multiple groups user data, which is used for
User data with label is trained initial model as training data by the identity information for identifying the user data,
To obtain disaggregated model, the disaggregated model is allowed to determine the classification of the user data according to the user data of input.
In addition, when host analysis system has determined the classification of user data, that is, when judging that the user is machine or people,
The decision information for being directed to the judging result, that is, the decision of reply different user identity can also be determined according to judging result.
The decision information, which can access Webpage for response user or terminate user, accesses Webpage.In specific implementation, when
When the user that host analysis system is judged to access Webpage is machine, access request that server submits client into
Row stops, and no longer provides Web application service for the client, to prevent automation malicious attack.When host analysis system judges
When the user for accessing Webpage out is people, the access request that server can be submitted with customer in response end provides for the client
Web application service.
Through the foregoing embodiment it is found that the embodiment of the present application is when user accesses Webpage by client, information is adopted
Collect module and obtain generated user data of the user when accessing Webpage by client, and the user data is sent
Man-machine Analyze system is given, modeling analysis is carried out to user data by the man-machine analysis system, to judge that the user data is corresponding
User is machine or people, to realize the purpose for going identifying code to carry out human-computer behavior judgement.As it can be seen that passing through the embodiment of the present application
The detection system of offer can carry out accurate judgement according to user data, and intelligently sentence in the case where user's unaware
The user of disconnected operation client is machine or people, and eliminates the operation that user inputs identifying code, improves user and uses body
It tests.In addition, can terminate user when judging user is machine and continue to access Webpage, effectively defend for network
The automation attack of application service improves network security.
The concrete function of said detecting system is realized for ease of understanding, below in conjunction with attached drawing to the function of the detection system
Realization is illustrated.
Referring to fig. 2, which is another human-computer behavior detection system provided by the embodiments of the present application, as shown in Fig. 2, this is
System includes: information acquisition module 10 and Man-machine Analyze system 20.
In the present embodiment, which is sent to man-machine point for obtaining user data by information acquisition module 10
Analysis system 20 analyzes user data by the man-machine analysis system, to judge that accessing the user of Webpage is machine
Or people.Wherein, user data may include client system information and user behavior information.
In specific implementation, information acquisition module 10 may include system information acquisition component 101 and user behavior acquisition
Component.
System information acquisition component 101, for acquiring FTP client FTP environmental information;Wherein, FTP client FTP environment is believed
It is one or more that breath includes at least operating system, IP address, host id and system user ID.
In the present embodiment, system information acquisition component acquires the system environmental information of client, so as to Man-machine Analyze system
By the FTP client FTP environmental information, the FTP client FTP can be identified.Wherein, FTP client FTP environmental information may include
Operating system, IP address, host id and system user ID etc. are at least one or more of.
User behavior acquisition component 102, for acquiring user behavior information;Wherein, user behavior information includes user behaviour
It is at least one or more of to make mouse message, user's percussion keypad information.
In the present embodiment, user behavior acquisition component can be obtained and be used when user accesses Webpage by client
The practical operation information at family, further to distinguish human-computer behavior according to the practical operation information.Wherein, user behavior packet
It is at least one or more of to include at least user's operation mouse message and user's percussion keypad information etc..User's operation mouse message can be with
Mouse time, speed, coordinate and mobile mouse track and speed are clicked including user;User taps keypad information
User taps keyboard time, speed with key assignments.
In specific implementation, Man-machine Analyze system can establish pair of FTP client FTP environmental information Yu user behavior information
It should be related to, and record corresponding user behavior information under the FTP client FTP environmental information, when Man-machine Analyze system receives again
When to same FTP client FTP environmental information, new user behavior information and pre-recorded user behavior information is utilized to carry out
Comparative analysis, to judge the user of this visit Webpage as machine or people.
In a kind of possible implementation of the application, Man-machine Analyze system 20 may include: information receiving module 201,
Data preprocessing module 202, analysis module 203, decision-making module 204.
In the present embodiment, information receiving module 201, for receiving the user data of information acquisition module transmission;And it will use
User data is sent to data preprocessing module 202.
Data preprocessing module 202, for carrying out cleaning and association process to user data, and will treated number of users
According to being sent to analysis module 203.
In this example, data preprocessing module can carry out pretreatment operation to the user data that receives, specifically can be with
For, user data is cleaned to reject repeated data and influence lesser data to judging result, reduces the quantity of user data,
To provide important user data for analysis module, mitigate the operating pressure of analysis module.Meanwhile data prediction mould
User data after cleaning can also be associated by block with client, the pass of user data and client after establishing cleaning
Connection relationship, to carry out the client before quick positioning obtains using above-mentioned incidence relation when the client accesses again
Access transmitted user data when webpage.
Analysis module 203 and will for will be in treated user data input analysis model, to obtain judging result
Judging result is sent to decision-making module 204.
In the present embodiment, analysis module can be modeled previously according to historical use data, analysis model be obtained, in reality
Border in application, will treated user data input into analysis model, with obtain should treated the corresponding use of user data
Family is machine or people.Wherein, analysis model can be statistical analysis model, regression analysis model or deep learning mould
Type will introduce three kinds of analysis models respectively below.
(1) statistical analysis model
Statistical analysis model is to carry out mathematics system to the user data of acquisition with mathematical way, founding mathematical models
Meter and analysis, to determine the corresponding specific identity of client of the user data.
(2) regression analysis model
Regression analysis model utilizes data statistics principle, carries out Mathematical treatment to a large number of users data, and determine number of users
According to the incidence relation between judging result, the regression equation of a good relationship is established, and is extrapolated, to predict other
The analysis method of user data and judging result.
(3) deep learning model
Deep learning model is based on carrying out feature learning to user data, with the distribution characteristics of acquisition data, and according to
User data training with label generates disaggregated model, which has extracted corresponding number of users when client is machine
Corresponding user data feature when according to feature and client being people, thus when Man-machine Analyze system is by this point of user data input
When class model, the feature of the user data can be extracted, so that it is determined that the identity of the corresponding client of the user data.
It should be noted that Man-machine Analyze system can also user data update and optimizing and analyzing model based on the received,
So that analysis model can more accurately identify the true identity of user.
In the present embodiment, when analysis model obtains judging result, which is sent to decision-making module, so as to decision
Module determines the decision information for being directed to the judging result according to judging result.
Decision-making module 204, for determining decision information according to judging result.
In the present embodiment, decision-making module can determine that the decision for the judging result is believed according to different judging results
Breath.When the user that judging result is access Webpage is machine, server carries out the access request that client is submitted
Stop, no longer provide Web application service for the client, to prevent automation malicious attack.When judging result is access webpage
When the user of the page is people, the access request that server can be submitted with customer in response end provides Web application clothes for the client
Business.
In a kind of possible implementation of the embodiment of the present application, Man-machine Analyze system 20 can also include database, should
Database can be used for storing user data, treated user data and judging result.
By foregoing description, system information acquisition component and user behavior acquisition component in information acquisition module can divide
FTP client FTP environmental information and user behavior information are not acquired not in real time, and above- mentioned information are sent to Man-machine Analyze system,
Received user data is sent to data preprocessing module by the information receiving module in Man-machine Analyze system, to user data
Handled, then to treated, user data is analyzed by analysis module, using judge user as machine or people, finally
Decision for above-mentioned judging result is determined by decision-making module, when judging user is machine, user's continuation can be terminated
Webpage is accessed, the automation attack for network english teaching has effectively been defendd, improves network security.
Based on the above system embodiment, present invention also provides a kind of human-computer behavior detection methods, below in conjunction with attached drawing
This method is illustrated.
Referring to Fig. 3, which is a kind of human-computer behavior detection method provided by the embodiments of the present application, as shown in figure 3, this method
May include:
S301: the user data that information acquisition module is sent is received:.
Wherein, user data is user's generated data when accessing Webpage by client.User data package
It includes: client system information and user behavior information.FTP client FTP environmental information includes at least operating system, IP address, master
Machine ID and system user ID are one or more;User behavior information includes user's operation mouse message, user's percussion keyboard letter
It ceases at least one or more of.
Realization about acquisition client system information and user behavior information may refer to the reality of system described in Fig. 1 and Fig. 2
Apply example.
S302: analysis institute's user data, to judge that the user of access Webpage is machine or people.
In one possible implementation, analyze user data, with judge access Webpage user be machine also
It is people, specifically includes: cleaning and association process is carried out to user data, obtain treated user data;After the processing
User data input analysis model in, obtain analysis result;The user of judgement access Webpage is machine based on the analysis results
Device or people.
In the present embodiment, analysis model uses statistical analysis model, regression analysis model or deep learning model.
In one possible implementation, the method also includes:
The decision information for being directed to judging result is determined according to judging result;Decision information is that response user accesses Webpage
Or it terminates user and accesses Webpage;When it is machine that judging result, which is user, decision information is termination user access
Webpage;When it is people that the judging result, which is user, decision information is that response user accesses Webpage.
In one possible implementation, the method also includes:
In the database by user data, treated user data and judging result storage.
When user accesses Webpage by client, information acquisition module obtains user and is passing through the embodiment of the present application
Client accesses generated user data when Webpage, and the user data is sent to Man-machine Analyze system, by this
Man-machine Analyze system to user data carry out modeling analysis, using judge the corresponding user of the user data as machine or people, from
And realize the purpose for going identifying code to carry out human-computer behavior judgement.It, can be with as it can be seen that by detection system provided by the embodiments of the present application
Accurate judgement is carried out according to user data, and intelligently the user of judgement operation client is in the case where user's unaware
Machine or people, and the operation that user inputs identifying code is eliminated, it improves the user experience.In addition, when judging user
When for machine, user can be terminated and continue to access Webpage, effectively defend the automation attack for network english teaching
Behavior improves network security.
It should be noted that each embodiment in this specification is described in a progressive manner, each embodiment emphasis is said
Bright is the difference from other embodiments, and the same or similar parts in each embodiment may refer to each other.For reality
For applying system or device disclosed in example, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, phase
Place is closed referring to method part illustration.
It should be appreciated that in this application, " at least one (item) " refers to one or more, and " multiple " refer to two or two
More than a."and/or" indicates may exist three kinds of relationships, for example, " A and/or B " for describing the incidence relation of affiliated partner
It can indicate: only exist A, only exist B and exist simultaneously tri- kinds of situations of A and B, wherein A, B can be odd number or plural number.Word
Symbol "/" typicallys represent the relationship that forward-backward correlation object is a kind of "or"." at least one of following (a) " or its similar expression, refers to
Any combination in these, any combination including individual event (a) or complex item (a).At least one of for example, in a, b or c
(a) can indicate: a, b, c, " a and b ", " a and c ", " b and c ", or " a and b and c ", and wherein a, b, c can be individually, can also
To be multiple.
It should also be noted that, herein, relational terms such as first and second and the like are used merely to one
Entity or operation are distinguished with another entity or operation, without necessarily requiring or implying between these entities or operation
There are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant are intended to contain
Lid non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology
In any other form of storage medium well known in field.
The foregoing description of the disclosed embodiments makes professional and technical personnel in the field can be realized or use the application.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the application.Therefore, the application
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. a kind of human-computer behavior detection system, which is characterized in that the system comprises:
Information acquisition module, for acquiring user data when user accesses Webpage by client;The user data
For user when accessing Webpage by client generated data;
Information acquisition module is also used to the user data being sent to Man-machine Analyze system;
The Man-machine Analyze system, for analyzing the user data, to judge that the user of access Webpage is machine
Device or people.
2. system according to claim 1, which is characterized in that the Man-machine Analyze system is also used to according to judging result
Determine the decision information for being directed to the judging result;The decision information is that response user accesses Webpage or terminates user
Access Webpage;When it is machine that the judging result, which is user, the decision information is that the suspension user accesses webpage
The page;When it is people that the judging result, which is user, the decision information is that response user accesses Webpage.
3. system according to claim 1, which is characterized in that the user data includes: client system information and user
Behavioural information.
4. system according to claim 3, which is characterized in that the information acquisition module includes:
System information acquisition component, for acquiring the FTP client FTP environmental information;The FTP client FTP environmental information is extremely
It less include operating system, IP address, host id and system user ID one or more;
User behavior acquisition component, for acquiring the user behavior information;The user behavior information includes user's operation mouse
It is at least one or more of to mark information, user's percussion keypad information.
5. system according to claim 2, which is characterized in that the Man-machine Analyze system includes:
Information receiving module, the user data sent for receiving the information acquisition module;And by the user data
It is sent to data preprocessing module;
The data preprocessing module, for carrying out cleaning and association process to the user data, and will treated user
Data are sent to analysis module;
The analysis module, for will in treated the user data input analysis model, to obtain the judging result,
And the judging result is sent to decision-making module;
The decision-making module, for determining the decision information according to the judging result.
6. system according to claim 5, which is characterized in that the analysis model is using statistical analysis model, recurrence
Analysis model or deep learning model.
7. according to the described in any item systems of claim 5 or 6, which is characterized in that the Man-machine Analyze system further include:
Database, for storing the user data, treated user data and the judging result.
8. a kind of human-computer behavior detection method, which is characterized in that the described method includes:
Receive the user data that information acquisition module is sent;The user data is that user is accessing Webpage by client
When generated data;
The user data is analyzed, to judge that the user of access Webpage is machine or people.
9. according to the method described in claim 8, it is characterized in that, described analyze the user data, to judge to access webpage
The user of the page is machine or people, is specifically included:
Cleaning and association process are carried out to the user data, obtain treated user data;
In user data input analysis model that treated by described in, analysis result is obtained;
User according to the analysis result judgement access Webpage is machine or people.
10. method according to claim 8 or claim 9, which is characterized in that the method also includes:
The decision information for being directed to the judging result is determined according to judging result;The decision information is that response user accesses webpage
The page terminates user's access Webpage;When it is machine that the judging result, which is user, the decision information is described
It terminates user and accesses Webpage;When it is people that the judging result, which is user, the decision information is that response user accesses net
The page page.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811033854.4A CN109145544A (en) | 2018-09-05 | 2018-09-05 | A kind of human-computer behavior detection system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811033854.4A CN109145544A (en) | 2018-09-05 | 2018-09-05 | A kind of human-computer behavior detection system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109145544A true CN109145544A (en) | 2019-01-04 |
Family
ID=64827191
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811033854.4A Pending CN109145544A (en) | 2018-09-05 | 2018-09-05 | A kind of human-computer behavior detection system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109145544A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110147659A (en) * | 2019-05-15 | 2019-08-20 | 四川长虹电器股份有限公司 | Noninductive verification method based on machine learning |
CN110266727A (en) * | 2019-07-09 | 2019-09-20 | 中国工商银行股份有限公司 | Recognition methods, server and the client of simulation browser behavior |
CN110312045A (en) * | 2019-05-16 | 2019-10-08 | 厦门快商通信息咨询有限公司 | The anti-harassment method, apparatus of customer service system, equipment and storage medium |
CN110808995A (en) * | 2019-11-08 | 2020-02-18 | 中国工商银行股份有限公司 | Safety protection method and device |
WO2020177273A1 (en) * | 2019-03-07 | 2020-09-10 | 南京智慧光信息科技研究院有限公司 | 意识方法、装置、系统、机器人和计算模型 |
CN112580004A (en) * | 2020-12-23 | 2021-03-30 | 北京通付盾人工智能技术有限公司 | Webpage end user behavior acquisition method and system based on biological probe technology |
CN116566735A (en) * | 2023-06-27 | 2023-08-08 | 北京云科安信科技有限公司 | Method for identifying malicious traffic through machine learning |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103530540A (en) * | 2013-09-27 | 2014-01-22 | 西安交通大学 | User identity attribute detection method based on man-machine interaction behavior characteristics |
US20170185758A1 (en) * | 2015-12-28 | 2017-06-29 | Unbotify Ltd. | Utilizing Behavioral Features To Identify Bot |
CN107330311A (en) * | 2017-06-29 | 2017-11-07 | 苏州锦佰安信息技术有限公司 | A kind of method and apparatus of man-machine identification |
US20170366564A1 (en) * | 2015-11-16 | 2017-12-21 | Tencent Technology (Shenzhen) Company Limited | Identity authentication method, apparatus, and system |
-
2018
- 2018-09-05 CN CN201811033854.4A patent/CN109145544A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103530540A (en) * | 2013-09-27 | 2014-01-22 | 西安交通大学 | User identity attribute detection method based on man-machine interaction behavior characteristics |
US20170366564A1 (en) * | 2015-11-16 | 2017-12-21 | Tencent Technology (Shenzhen) Company Limited | Identity authentication method, apparatus, and system |
US20170185758A1 (en) * | 2015-12-28 | 2017-06-29 | Unbotify Ltd. | Utilizing Behavioral Features To Identify Bot |
CN107330311A (en) * | 2017-06-29 | 2017-11-07 | 苏州锦佰安信息技术有限公司 | A kind of method and apparatus of man-machine identification |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020177273A1 (en) * | 2019-03-07 | 2020-09-10 | 南京智慧光信息科技研究院有限公司 | 意识方法、装置、系统、机器人和计算模型 |
CN110147659A (en) * | 2019-05-15 | 2019-08-20 | 四川长虹电器股份有限公司 | Noninductive verification method based on machine learning |
CN110312045A (en) * | 2019-05-16 | 2019-10-08 | 厦门快商通信息咨询有限公司 | The anti-harassment method, apparatus of customer service system, equipment and storage medium |
CN110266727A (en) * | 2019-07-09 | 2019-09-20 | 中国工商银行股份有限公司 | Recognition methods, server and the client of simulation browser behavior |
CN110808995A (en) * | 2019-11-08 | 2020-02-18 | 中国工商银行股份有限公司 | Safety protection method and device |
CN110808995B (en) * | 2019-11-08 | 2022-12-23 | 中国工商银行股份有限公司 | Safety protection method and device |
CN112580004A (en) * | 2020-12-23 | 2021-03-30 | 北京通付盾人工智能技术有限公司 | Webpage end user behavior acquisition method and system based on biological probe technology |
CN116566735A (en) * | 2023-06-27 | 2023-08-08 | 北京云科安信科技有限公司 | Method for identifying malicious traffic through machine learning |
CN116566735B (en) * | 2023-06-27 | 2023-09-12 | 北京云科安信科技有限公司 | Method for identifying malicious traffic through machine learning |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109145544A (en) | A kind of human-computer behavior detection system and method | |
US11190562B2 (en) | Generic event stream processing for machine learning | |
CN112866023B (en) | Network detection method, model training method, device, equipment and storage medium | |
CN111866004B (en) | Security assessment method, apparatus, computer system, and medium | |
CN109413023A (en) | The training of machine recognition model and machine identification method, device, electronic equipment | |
CN104852916A (en) | Social engineering-based webpage verification code recognition method and system | |
Rahman et al. | New biostatistics features for detecting web bot activity on web applications | |
CN114036531A (en) | Multi-scale code measurement-based software security vulnerability detection method | |
CN113128196A (en) | Text information processing method and device, storage medium | |
Li et al. | Event extraction for criminal legal text | |
Hahner | Architectural access control policy refinement and verification under uncertainty | |
CN109711849B (en) | Ether house address portrait generation method and device, electronic equipment and storage medium | |
CN111159241A (en) | Click conversion estimation method and device | |
EP4169223A1 (en) | Method and apparatus to detect scripted network traffic | |
Pfleeger | Experimental design and analysis in software engineering, part 5: Analyzing the data | |
CN107220530B (en) | Turing test method and system based on user service behavior analysis | |
Loyola-González et al. | An approach based on contrast patterns for bot detection on Web log files | |
CN116318974A (en) | Site risk identification method and device, computer readable medium and electronic equipment | |
CN110401626A (en) | A kind of hacker attack hierarchical detection method and device | |
RU2745362C1 (en) | System and method of generating individual content for service user | |
CN110069910A (en) | A kind of machine behavior determines method, web browser and web page server | |
CN111401067B (en) | Honeypot simulation data generation method and device | |
Park et al. | A new forecasting system using the latent dirichlet allocation (LDA) topic modeling technique | |
CN113568739A (en) | User resource limit distribution method and device and electronic equipment | |
Parkinson et al. | Security auditing in the fog |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190104 |
|
RJ01 | Rejection of invention patent application after publication |