CN115423030A - Equipment identification method and device - Google Patents

Equipment identification method and device Download PDF

Info

Publication number
CN115423030A
CN115423030A CN202211134929.4A CN202211134929A CN115423030A CN 115423030 A CN115423030 A CN 115423030A CN 202211134929 A CN202211134929 A CN 202211134929A CN 115423030 A CN115423030 A CN 115423030A
Authority
CN
China
Prior art keywords
devices
basic data
similarity
subgraph
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211134929.4A
Other languages
Chinese (zh)
Inventor
胡小燕
吕军
王美青
张元杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jingdong Technology Holding Co Ltd
Original Assignee
Jingdong Technology Holding Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jingdong Technology Holding Co Ltd filed Critical Jingdong Technology Holding Co Ltd
Priority to CN202211134929.4A priority Critical patent/CN115423030A/en
Publication of CN115423030A publication Critical patent/CN115423030A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9024Graphs; Linked lists

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a method and a device for equipment identification, and relates to the technical field of computers. One embodiment of the method comprises: constructing a device relation network diagram according to the device basic data and the user basic data of each device; dividing the device relationship network graph into a plurality of sub-graphs by adopting a community discovery algorithm; and determining the similarity between the devices in the subgraph, and identifying whether abnormal devices exist in the subgraph according to the similarity between the devices in the subgraph. According to the method, whether abnormal equipment exists in the subgraph is identified through the construction and division of the equipment relation network graph and the similarity of each piece of equipment in the subgraph, the method can effectively identify whether the abnormal equipment exists, the accuracy and efficiency of identifying the abnormal equipment can be improved, and an effective equipment risk strategy is provided for the wind control service.

Description

Equipment identification method and device
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for device identification.
Background
With the development of internet technology, the application range of terminal equipment is more and more extensive. The terminal device may be used for an improper purpose, for example, by tampering with the device information to implement a batch abnormal operation behavior with the same device.
In the prior art, the mode of identifying abnormal equipment by identifying tampered software and a simulator is single in mode, poor in identification effect and low in identification efficiency; in the method of identification based on the equipment information base, because the information update of the equipment information base has delay, abnormal equipment cannot be identified in time, and the identification amount is limited.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for identifying a device, which can effectively identify whether an abnormal device exists, improve accuracy and efficiency of identifying the abnormal device, and provide an effective device risk policy for a wind control service.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a method of device identification, including:
constructing a device relation network diagram according to the device basic data and the user basic data of each device;
dividing the device relationship network graph into a plurality of sub-graphs by adopting a community discovery algorithm;
and determining the similarity among the devices in the subgraph, and identifying whether abnormal devices exist in the subgraph according to the similarity among the devices in the subgraph.
Optionally, before constructing the device relationship network graph according to the device basic data and the user basic data of each device, the method includes:
and preprocessing the equipment basic data and the user basic data to remove default values or abnormal values in the equipment basic data and the user basic data.
Optionally, the device basic data includes one or more features of a device name, a device identifier, an MAC address, an electric quantity, a screen size, and a root attribute; and/or
The user basic data comprises one or more characteristics of order data of the user and/or login data of the user.
Optionally, constructing a device relationship network graph according to the device basic data and the user basic data includes:
taking each device as a node, and establishing an edge relationship between two devices with the same device basic data or user basic data to determine the edge relationship between the nodes;
and obtaining the equipment relationship network graph according to each node and the edge relationship among the nodes.
Optionally, determining a similarity between the devices in the subgraph includes:
and calculating the similarity of any feature of any two devices in the subgraph aiming at any feature of the device basic data and the user basic data of each device to obtain each similarity corresponding to the any feature.
Optionally, identifying whether an abnormal device exists in the subgraph according to the similarity between the devices in the subgraph includes:
for any feature, determining a first number of similarity degrees corresponding to the feature, determining a second number of similarity degrees, which are greater than a preset similarity threshold value, in the similarity degrees corresponding to the feature, determining the percentage of the second number in the first number, and if the percentage is greater than a preset proportion threshold value, marking the feature as a similar feature;
in the case where there are multiple similar features in the sub-graph, determining that there is an abnormal device in the sub-graph.
Optionally, the community discovery algorithm is one or more of an Infomap algorithm, a Louvain algorithm, or an LPA algorithm.
According to still another aspect of the embodiments of the present invention, there is provided an apparatus for device identification, including:
the construction module is used for constructing a device relation network graph according to the device basic data and the user basic data of each device;
the determining module is used for dividing the equipment relationship network graph into a plurality of sub-graphs by adopting a community discovery algorithm;
and the recognition module is used for determining the similarity among the devices in the subgraph and recognizing whether abnormal devices exist in the subgraph or not according to the similarity among the devices in the subgraph.
According to another aspect of an embodiment of the present invention, there is provided an electronic apparatus including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for device identification provided by the present invention.
According to still another aspect of embodiments of the present invention, there is provided a computer-readable medium on which a computer program is stored, the program, when executed by a processor, implementing a device identification method provided by the present invention.
One embodiment of the above invention has the following advantages or benefits: the method comprises the steps of constructing a device relationship network graph by using device basic data and user basic data so as to be convenient for associating abnormal devices, then dividing the device relationship network graph by adopting a community division algorithm to obtain a plurality of subgraphs, wherein each subgraph comprises a plurality of associated devices, and then identifying whether the abnormal devices exist in the subgraph by determining the similarity among the devices in the subgraph. According to the method, subgraphs with abnormal equipment are mined through the incidence relation and the similarity among the equipment, risks and abnormal users with the abnormal equipment are identified, the identification accuracy is high, the efficiency is high, and an effective equipment risk strategy is provided for the wind control service in more time.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic diagram of a main flow of a device identification method according to an embodiment of the present invention;
fig. 2 is a schematic view of a main flow of another device identification method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a device relationship network diagram according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a main flow of still another device identification method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of the main modules of an apparatus for device identification according to an embodiment of the present invention;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 7 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The embodiment of the invention provides a device identification method, which can effectively and accurately identify abnormal devices and abnormal users.
Fig. 1 is a schematic diagram of a main flow of a device identification method according to an embodiment of the present invention, and as shown in fig. 1, the device identification method includes the following steps:
step S101: constructing an equipment relationship network diagram according to the equipment basic data and the user basic data of each equipment;
step S102: dividing the device relationship network graph into a plurality of sub-graphs by adopting a community discovery algorithm;
step S103: and determining the similarity between the devices in the subgraph, and identifying whether abnormal devices exist in the subgraph according to the similarity between the devices in the subgraph.
It should be noted that, in the technical solution of the present disclosure, the processes of information acquisition, collection, storage, use, processing, etc. all conform to the regulations of related laws and regulations, and do not violate the customs of the public order.
In the embodiment of the invention, the equipment identification method is used for identifying abnormal equipment. The abnormal equipment is equipment with tampered basic data of the equipment and/or basic data of the user, and in the field of e-commerce, the equipment can be forged into other equipment for many times to perform abnormal behaviors of obtaining illegal benefits such as batch registration, advertisement diversion and the like.
In the embodiment of the present invention, the device basic data may include one or more features of a device name, a device identifier, a Media Access Control Address (MAC Address), an electric quantity, a screen size, and a root attribute; the user base data may include one or more characteristics of the user's order data and/or the user's login data. The device identifier may be an imei (International Mobile Equipment Identity), the power may be a battery power of the device at the current time, the root attribute may indicate whether the device is root-marked, the root-marked device has a permission that the device has an operating system, and a system bottom layer and a system file of the device may be modified or accessed. The device infrastructure data may also include data representing device attributes such as a device model number. The order data of the user can comprise a mobile phone number of a goods receiver, a goods receiving address and the like in the order of the user, and the login data of the user can comprise an ip address of equipment login, a login time period and the like.
Before constructing an equipment relation network diagram according to the equipment basic data and the user basic data of each equipment, judging whether the equipment is registered or logged in a platform, and then acquiring the equipment basic data and the user basic data of each equipment which is registered or logged in the platform, so that the abnormal equipment can be identified before a user utilizes the abnormal equipment to perform abnormal operation behaviors, and the economic loss is reduced.
In this embodiment of the present invention, before constructing the device relationship network graph according to the device basic data and the user basic data of each device, the method may include: and preprocessing the equipment basic data and the user basic data to remove default values or abnormal values in the equipment basic data and the user basic data. Namely, before constructing the device relationship network diagram, the acquired device basic data and user basic data of each device are preprocessed, that is, data cleaning is performed, invalid data values such as default values or abnormal values are removed, the device relationship network diagram can be constructed more accurately, and accuracy of abnormal device identification is improved. For example, for a MAC address, if it is the default value 0000000000, the default value is removed; for the ip address of lan 192.101.011.111, if the data is an outlier, the outlier needs to be removed.
In the embodiment of the present invention, as shown in fig. 2, constructing a device relationship network diagram according to device basic data and user basic data includes the following steps:
step S201: taking each device as a node, and establishing an edge relationship between two devices with the same device basic data or user basic data to determine the edge relationship between the nodes;
step S202: and obtaining the equipment relation network graph according to each node and the edge relation among the nodes.
In the embodiment of the invention, when the relational network graph is constructed, each device is used as a node, the device basic data and the user basic data of each device are analyzed and compared, the devices with the same device basic data or user basic data (namely with the same characteristics) are associated, namely, the edge relation between the devices is established, and then the two nodes are connected. Where an edge relationship represents a same device basis or user basis (i.e., feature), each device may establish an edge relationship with one or more devices. For example, if the MAC addresses of two devices are the same, an edge relationship between the devices is established; and if the login ip addresses of the two devices are the same, establishing an edge relation between the two devices.
The device relationship network graph can be obtained through each node and the edge relationship among the nodes. Fig. 3 is a schematic diagram of a device relationship network diagram according to an embodiment of the present invention, in which a device 1 and a device 2 establish a side relationship through the same login ip address, the device 1 and the device 4 establish a side relationship through the same MAC address, the device 4 and the device 5 establish a side relationship through the same login ip address, the device 4 and the device 6 establish a side relationship through the same imei, the device 6 and the device 7 establish a side relationship through the same MAC address, the device 1 and the device 7 establish a side relationship through the same imei, the device 3 and the device 7 establish a side relationship through the same login ip address, and the device relationship network diagram is formed through the side relationships between the devices.
When the device relationship network graph is constructed according to the device basic data and the user basic data, the edge relationship can be established between two devices with the similarity higher than the preset threshold value, namely the highly similar device basic data or user basic data, and the devices are associated, so that the subsequent division of the sub-graph and the identification of abnormal devices in the sub-graph are facilitated.
In the embodiment of the present invention, after obtaining the device relationship network graph, the device relationship network graph is input into a model based on a community discovery algorithm, the device relationship network graph is divided by using the community discovery algorithm, a plurality of subgraphs, that is, communities, are obtained, each subgraph includes a plurality of devices, and in the plurality of devices of each subgraph, each device has one or more devices associated therewith, and the association manner is that the devices have the same characteristics, which may be one or more characteristics in device basic data and/or user basic data, for example, there are devices with the same electric quantity in the subgraph, there are devices with the same login ip address, or there are devices with the same MAC address in the subgraph. The community discovery Algorithm may be one or more of an Infomap Algorithm, a Louvain Algorithm or an LPA Algorithm (label, propagation Algorithm, label Propagation Algorithm), and may also be a pedigree filter Algorithm (CPM), a KL (Kernighan-Lin) Algorithm, an LFM Algorithm, or the like. For example, the device network relationship graph may be partitioned by using an Infomap algorithm to obtain multiple sub-graphs.
In the embodiment of the present invention, determining the similarity between devices in the subgraph includes:
and calculating the similarity of any feature of any two devices in the subgraph aiming at any feature in the device basic data and the user basic data of each device to obtain each similarity corresponding to any feature.
In the embodiment of the invention, after the sub-graphs are obtained, the devices in each sub-graph are analyzed to determine the similarity among the devices, and if the devices in the sub-graphs are highly similar, the situation that abnormal devices exist in the sub-graphs is indicated, namely tampered devices exist. Whether abnormal equipment exists is determined by calculating the similarity between the equipment in the subgraph, and when the similarity between the equipment in the subgraph is determined, the similarity between any two equipment is calculated aiming at any characteristic, so that the similarity of any characteristic is obtained, for example, the similarity between any two equipment imei is calculated aiming at the characteristic imei, and a plurality of similarities can be obtained. The algorithm for calculating the similarity may adopt one or more of TF-IDF (Term Frequency-Inverse Document Frequency) Model, DSSM (Deep Structured Semantic Model), word2Vec (a Term embedded Model), cosine similarity algorithm, and tokard similarity algorithm.
In the embodiment of the present invention, as shown in fig. 4, identifying whether an abnormal device exists in a subgraph according to the similarity between devices in the subgraph includes the following steps:
step S401: for any feature, determining a first number of respective similarities corresponding to the any feature;
step S402: determining a second number of similarity degrees which are greater than a preset similarity degree threshold value in each similarity degree corresponding to any one feature;
step S403: determining a percentage of the second quantity to the first quantity;
step S404: if the percentage is larger than a preset proportion threshold value, marking any feature as a similar feature;
step S405: in the case where there are a plurality of similar features in the subgraph, it is determined that an abnormal device exists in the subgraph.
That is to say, after determining each similarity corresponding to any feature, determining a first number of similarities corresponding to the any feature, then determining a second number of similarities in which the similarities are greater than or equal to a preset similarity threshold in each similarity, calculating a percentage of the second number in the first number, and comparing the percentage with a preset proportion threshold, to determine whether the any feature is a similar feature, if the percentage is greater than or equal to the preset proportion threshold, the feature is a similar feature, otherwise, the feature is not a similar feature. If a plurality of similar features exist in the subgraph, the fact that the devices in the subgraph have high similarity is shown, and the fact that abnormal devices exist in the subgraph, namely tampering devices exist. For example, if each device in the subgraph satisfies more than two of imei high similarity, consistent device model, 100% of electric quantity, root of the devices, same device name, and the like, it is indicated that an abnormal device exists in the subgraph.
In the embodiment of the present invention, when identifying whether an abnormal device exists in the sub-graph according to the similarity between the devices in the sub-graph, it may be determined whether the similarity of the multiple preset features is greater than a preset similarity threshold, and if so, it is determined that the abnormal device exists in the sub-graph. The preset features may be custom settings, for example, the preset features may be at least two of imei, root attribute, device model, and login ip address.
In the embodiment of the invention, the similarity between the devices in the subgraph is determined, or each feature of each device can form a feature set, the similarity between the two devices is determined by calculating the similarity between the feature sets of the two devices, after the similarity between the two devices is determined, whether the similarity is greater than or equal to a preset similarity threshold is judged, if yes, the two devices are high in similarity, the number of the similarities, greater than or equal to the threshold similarity threshold, of the similarity in the subgraph is determined, the percentage of the total number of the similarities and the percentage is calculated, if the percentage exceeds the preset proportion threshold, the multiple devices in the subgraph are high in similarity, and the sub-graph is indicated to have abnormal devices.
The device identification method provided by the embodiment of the invention utilizes device basic data and user basic data to construct a device relationship network graph through multi-dimensional device association so as to associate tampered devices, then a community division algorithm is adopted to divide the device relationship network graph to obtain a plurality of sub-graphs, each sub-graph comprises a plurality of associated devices, and then whether abnormal devices exist in the sub-graphs is identified by determining the similarity among the devices in the sub-graphs. According to the method, subgraphs with tampered equipment are mined through the incidence relation and similarity among the equipment, risks of abnormal equipment and abnormal users are identified, the identification accuracy and efficiency are high, and the problem of mistaken interception of normal equipment in the prior art is effectively solved; and an effective equipment risk strategy can be provided for the wind control service in a more timely manner.
As shown in fig. 5, another aspect of the present invention provides an apparatus 500 for device identification, including:
a constructing module 501, which constructs a device relationship network diagram according to the device basic data and the user basic data of each device;
a determining module 502, which divides the device relationship network graph into a plurality of sub-graphs by using a community discovery algorithm;
and the identifying module 503 determines the similarity between the devices in the subgraph and identifies whether abnormal devices exist in the subgraph according to the similarity between the devices in the subgraph.
In this embodiment of the present invention, module 501 is further configured to: before constructing the device relationship network diagram according to the device basic data and the user basic data of each device, preprocessing the device basic data and the user basic data to remove default values or abnormal values in the device basic data and the user basic data.
In the embodiment of the invention, the basic data of the equipment comprises one or more characteristics of equipment name, equipment identification, MAC address, electric quantity, screen size and root attribute; and/or
The user basic data comprises one or more characteristics of order data of the user and/or login data of the user.
In an embodiment of the present invention, module 501 is further configured to: taking each device as a node, and establishing an edge relationship between two devices with the same device basic data or user basic data to determine the edge relationship between the nodes; and obtaining the equipment relation network graph according to each node and the edge relation among the nodes.
In this embodiment of the present invention, the identifying module 503 is further configured to: and calculating the similarity of any feature of any two devices in the subgraph aiming at any feature in the device basic data and the user basic data of each device to obtain each similarity corresponding to any feature.
In this embodiment of the present invention, the identifying module 503 is further configured to: for any feature, determining a first number of each similarity corresponding to the feature, determining a second number of similarities, which are greater than a preset similarity threshold, in each similarity corresponding to the feature, and determining the percentage of the second number in the first number; if the percentage is larger than a preset proportion threshold value, marking any feature as a similar feature; in the case where there are a plurality of similar features in the subgraph, it is determined that there is an abnormal device in the subgraph.
In this embodiment of the present invention, in the determining module 502, the community discovery algorithm is one or more of an Infomap algorithm, a Louvain algorithm, or an LPA algorithm.
In another aspect, an embodiment of the present invention provides an electronic device, including: one or more processors; the storage device is used for storing one or more programs, and when the one or more programs are executed by one or more processors, the one or more processors implement the method for device identification of the embodiment of the invention.
Yet another aspect of the embodiments of the present invention provides a computer-readable medium on which a computer program is stored, the program, when executed by a processor, implementing a method of device identification of an embodiment of the present invention.
Fig. 6 illustrates an exemplary system architecture 600 to which the method of device identification or apparatus of an embodiment of the present invention may be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 serves to provide a medium for communication links between the terminal devices 601, 602, 603 and the server 605. Network 604 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 601, 602, 603 to interact with the server 605 via the network 604 to receive or send messages or the like. The terminal devices 601, 602, 603 may have installed thereon various communication client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 601, 602, 603 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 605 may be a server providing various services, such as a background management server (for example only) providing support for shopping websites browsed by users using the terminal devices 601, 602, 603. The backend management server may analyze and process the received data such as the product information query request, and feed back a processing result (for example, target push information and product information — just an example) to the terminal device.
It should be noted that the method for device identification provided by the embodiment of the present invention is generally executed by the server 605, and accordingly, the device for device identification is generally disposed in the server 605.
It should be understood that the number of terminal devices, networks, and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use with a terminal device implementing embodiments of the present invention. The terminal device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the system 700 are also stored. The CPU 701, ROM 702, and RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a construction module, a determination module, and an identification module. Where the names of these modules do not in some cases constitute a limitation on the modules themselves, for example, a building module may also be described as "building a device relationship network graph from device and user base data for individual devices".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: constructing an equipment relationship network diagram according to the equipment basic data and the user basic data of each equipment; dividing the device relation network graph into a plurality of subgraphs by adopting a community discovery algorithm; and determining the similarity between the devices in the subgraph, and identifying whether abnormal devices exist in the subgraph according to the similarity between the devices in the subgraph.
According to the technical scheme of the embodiment of the invention, the device relation network graph is constructed by utilizing the device basic data and the user basic data through multi-dimensional device association so as to associate and tamper the devices, then the device relation network graph is divided by adopting a community division algorithm to obtain a plurality of sub-graphs, each sub-graph comprises a plurality of associated devices, and then whether abnormal devices exist in the sub-graphs is identified by determining the similarity among the devices in the sub-graphs. According to the method, subgraphs with tampered equipment are mined through the incidence relation and similarity among the equipment, risks of abnormal equipment and abnormal users are identified, the identification accuracy and efficiency are high, and the problem of mistaken interception of normal equipment in the prior art is effectively solved; and an effective equipment risk strategy can be provided for the wind control service in a more timely manner.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method of device identification, comprising:
constructing a device relation network diagram according to the device basic data and the user basic data of each device;
dividing the device relationship network graph into a plurality of sub-graphs by adopting a community discovery algorithm;
and determining the similarity between the devices in the subgraph, and identifying whether abnormal devices exist in the subgraph according to the similarity between the devices in the subgraph.
2. The method of claim 1, wherein before constructing the device relationship network graph based on the device basis data and the user basis data of the respective devices, the method comprises:
and preprocessing the device basic data and the user basic data to remove default values or abnormal values in the device basic data and the user basic data.
3. The method of claim 1, wherein the device base data comprises one or more of device name, device identification, MAC address, power, screen size, root attribute; and/or
The user basic data comprises one or more characteristics of order data of the user and/or login data of the user.
4. The method of claim 1, wherein constructing a device relationship network graph from the device grounding data and the user grounding data comprises:
taking each device as a node, and establishing an edge relationship between two devices with the same device basic data or user basic data to determine the edge relationship between the nodes;
and obtaining the equipment relation network graph according to each node and the edge relation among the nodes.
5. The method of claim 1, wherein determining the similarity between the devices in the subgraph comprises:
and calculating the similarity of any feature of any two devices in the subgraph aiming at any feature of the device basic data and the user basic data of each device to obtain each similarity corresponding to the any feature.
6. The method of claim 1, wherein identifying whether an anomalous device exists in the sub-graph based on similarities between devices in the sub-graph comprises:
for any feature, determining a first number of similarity degrees corresponding to the feature, determining a second number of similarity degrees, which are greater than a preset similarity threshold value, in the similarity degrees corresponding to the feature, and determining the percentage of the second number in the first number; if the percentage is larger than a preset proportion threshold value, marking any one feature as a similar feature;
in the case where there are a plurality of similar features in the subgraph, it is determined that there is an abnormal device in the subgraph.
7. The method of claim 1, wherein the community discovery algorithm is one or more of an Infomap algorithm, a Louvain algorithm, or an LPA algorithm.
8. An apparatus for device identification, comprising:
the construction module is used for constructing an equipment relation network diagram according to the equipment basic data and the user basic data of each equipment;
the determining module is used for dividing the equipment relationship network graph into a plurality of sub-graphs by adopting a community discovery algorithm;
and the identification module is used for determining the similarity between the devices in the subgraph and identifying whether abnormal devices exist in the subgraph according to the similarity between the devices in the subgraph.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
CN202211134929.4A 2022-09-19 2022-09-19 Equipment identification method and device Pending CN115423030A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211134929.4A CN115423030A (en) 2022-09-19 2022-09-19 Equipment identification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211134929.4A CN115423030A (en) 2022-09-19 2022-09-19 Equipment identification method and device

Publications (1)

Publication Number Publication Date
CN115423030A true CN115423030A (en) 2022-12-02

Family

ID=84204752

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211134929.4A Pending CN115423030A (en) 2022-09-19 2022-09-19 Equipment identification method and device

Country Status (1)

Country Link
CN (1) CN115423030A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116777473A (en) * 2023-05-04 2023-09-19 北京数美时代科技有限公司 Black ash production equipment identification method and system, storage medium and electronic equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116777473A (en) * 2023-05-04 2023-09-19 北京数美时代科技有限公司 Black ash production equipment identification method and system, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
CN107809331B (en) Method and device for identifying abnormal flow
US10547618B2 (en) Method and apparatus for setting access privilege, server and storage medium
US10897520B2 (en) Connected contact identification
CN111371858B (en) Group control equipment identification method, device, medium and electronic equipment
CN110300084B (en) IP address-based portrait method and apparatus, electronic device, and readable medium
CN108595448B (en) Information pushing method and device
CN112527649A (en) Test case generation method and device
CN110795315A (en) Method and device for monitoring service
CN111460129A (en) Method and device for generating identification, electronic equipment and storage medium
CN112015971A (en) Recommendation method and device for cloud product, electronic equipment and computer readable medium
CN107819745B (en) Method and device for defending against abnormal traffic
CN115145587A (en) Product parameter checking method and device, electronic equipment and storage medium
CN111401684A (en) Task processing method and device
CN115423030A (en) Equipment identification method and device
CN113761565B (en) Data desensitization method and device
CN116450622B (en) Method, apparatus, device and computer readable medium for data warehouse entry
CN110928594A (en) Service development method and platform
CN107634942B (en) Method and device for identifying malicious request
CN111865576B (en) Method and device for synchronizing URL classification data
CN109547317B (en) Method and device for establishing connection tunnel
CN113282455A (en) Monitoring processing method and device
CN111199437A (en) Data processing method and device
CN110717826A (en) Asset filtering method and device
CN113362097B (en) User determination method and device
CN114650252B (en) Routing method and device based on enterprise service bus and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination