CN117014173A - Information processing method, apparatus, computer device, and storage medium - Google Patents

Information processing method, apparatus, computer device, and storage medium Download PDF

Info

Publication number
CN117014173A
CN117014173A CN202211070710.2A CN202211070710A CN117014173A CN 117014173 A CN117014173 A CN 117014173A CN 202211070710 A CN202211070710 A CN 202211070710A CN 117014173 A CN117014173 A CN 117014173A
Authority
CN
China
Prior art keywords
intercepted
target
information
transmission
interception
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211070710.2A
Other languages
Chinese (zh)
Inventor
陈德和
李晶
林初仁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202211070710.2A priority Critical patent/CN117014173A/en
Publication of CN117014173A publication Critical patent/CN117014173A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Technology Law (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present application relates to an information processing method, apparatus, computer device, storage medium, and computer program product. The method comprises the following steps: acquiring interception attribute hit information corresponding to each intercepted transmission object in a reference application scene; acquiring target passing degrees corresponding to all intercepted transmission objects from a target application scene, and screening all the intercepted transmission objects from all the intercepted transmission objects based on the target passing degrees; clustering the intercepted transmission objects of each target based on interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster; acquiring target intercepted information corresponding to a target application scene, and classifying and identifying each sending object cluster based on the target intercepted information to obtain a blacklist object cluster; when information sent by a blacklist sending object in a blacklist object cluster is detected in a target application scene, information is intercepted. By adopting the method, the accuracy of information interception can be improved.

Description

Information processing method, apparatus, computer device, and storage medium
Technical Field
The present application relates to the field of network communications technologies, and in particular, to an information processing method, an apparatus, a computer device, a storage medium, and a computer program product.
Background
With the development of network communication technology, junk information is often received during network communication. At present, a rule for intercepting the junk information sent by a sender is usually preset. For example, a blacklist may be preset. When the information sent by the sender is received, whether the sender is in a blacklist or not can be detected, and when the information sent by the sender is in the blacklist, the information sent by the sender is indicated to be junk information, and at the moment, the information sent by the sender is intercepted, so that the junk information is prevented from being sent to a receiver. However, when the spam interception is performed through the black list in a new application scene, the accuracy of identifying the sender is reduced due to the fact that the blacklist is not accurate enough in the initial stage, and the accuracy of spam interception is low.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an information processing method, apparatus, computer device, computer-readable storage medium, and computer program product that can improve the accuracy of recognition of a transmission object, and thus improve the accuracy of information interception.
In a first aspect, the present application provides an information processing method. The method comprises the following steps:
Acquiring intercepted information corresponding to a reference application scene, and extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information;
acquiring target passing degrees corresponding to all intercepted transmission objects from a target application scene, and screening all the intercepted transmission objects from all the intercepted transmission objects based on the target passing degrees;
clustering the intercepted transmission objects of each target based on interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster;
acquiring target intercepted information corresponding to a target application scene, classifying and identifying each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters;
and taking the transmission object in the blacklist object cluster as a blacklist transmission object of the target application scene, and intercepting information when the information transmitted by the blacklist transmission object is detected in the target application scene.
In a second aspect, the present application also provides an information processing apparatus. The device comprises:
the attribute extraction module is used for acquiring intercepted information corresponding to the reference application scene and extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information;
The screening module is used for acquiring target passing degrees corresponding to the intercepted sending objects from the target application scene, and screening the intercepted sending objects to obtain the target intercepted sending objects based on the target passing degrees;
the clustering module is used for clustering the intercepted transmission objects of each target based on the interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster;
the identification module is used for acquiring target intercepted information corresponding to a target application scene, classifying and identifying each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters;
and the information interception module is used for taking the sending objects in the blacklist object cluster as blacklist sending objects of the target application scene and intercepting the information when the information sent by the blacklist sending objects is detected in the target application scene.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:
Acquiring intercepted information corresponding to a reference application scene, and extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information;
acquiring target passing degrees corresponding to all intercepted transmission objects from a target application scene, and screening all the intercepted transmission objects from all the intercepted transmission objects based on the target passing degrees;
clustering the intercepted transmission objects of each target based on interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster;
acquiring target intercepted information corresponding to a target application scene, classifying and identifying each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters;
and taking the transmission object in the blacklist object cluster as a blacklist transmission object of the target application scene, and intercepting information when the information transmitted by the blacklist transmission object is detected in the target application scene.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
Acquiring intercepted information corresponding to a reference application scene, and extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information;
acquiring target passing degrees corresponding to all intercepted transmission objects from a target application scene, and screening all the intercepted transmission objects from all the intercepted transmission objects based on the target passing degrees;
clustering the intercepted transmission objects of each target based on interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster;
acquiring target intercepted information corresponding to a target application scene, classifying and identifying each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters;
and taking the transmission object in the blacklist object cluster as a blacklist transmission object of the target application scene, and intercepting information when the information transmitted by the blacklist transmission object is detected in the target application scene.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:
Acquiring intercepted information corresponding to a reference application scene, and extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information;
acquiring target passing degrees corresponding to all intercepted transmission objects from a target application scene, and screening all the intercepted transmission objects from all the intercepted transmission objects based on the target passing degrees;
clustering the intercepted transmission objects of each target based on interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster;
acquiring target intercepted information corresponding to a target application scene, classifying and identifying each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters;
and taking the transmission object in the blacklist object cluster as a blacklist transmission object of the target application scene, and intercepting information when the information transmitted by the blacklist transmission object is detected in the target application scene.
The information processing method, the information processing device, the computer equipment, the storage medium and the computer program product are used for extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information by acquiring the intercepted information corresponding to the reference application scene; and obtaining the target passing degree corresponding to each intercepted transmission object from the target application scene, and screening by using the target passing degree of the target application scene to obtain each target intercepted transmission object. And then clustering each target intercepted transmission object by using interception attribute hit information of the reference application scene, classifying and identifying each transmission object cluster by using target intercepted information of the target application scene, and determining a blacklist object cluster of the target application scene, so that the accuracy of obtaining the blacklist object cluster of the target application scene can be improved, and then intercepting by using blacklist object cluster information, so that the interception accuracy of junk information in the target application scene can be improved.
Drawings
FIG. 1 is a diagram of an application environment for a method of information processing in one embodiment;
FIG. 2 is a flow chart of a method of processing information in one embodiment;
FIG. 3 is a flow diagram of obtaining intercepted information in one embodiment;
FIG. 4 is a flow diagram of obtaining intercept attribute hit information in one embodiment;
FIG. 5 is a flow diagram of obtaining each of the sending object clusters in one embodiment;
FIG. 6 is a flow diagram of determining a cluster of blacklisted objects in one embodiment;
FIG. 7 is a flow diagram of determining a cluster of whitelist objects in one embodiment;
FIG. 8 is a flow chart of a method of processing information in one embodiment;
FIG. 9 is a schematic diagram of a frame of a method of processing information in one embodiment;
FIG. 10 is a schematic diagram of an application scenario of an information processing method in an embodiment;
FIG. 11 is a block diagram showing the structure of an information processing apparatus in one embodiment;
FIG. 12 is an internal block diagram of a computer device in one embodiment;
fig. 13 is an internal structural view of a computer device in another embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The information processing method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be located on the cloud or other servers. The server 104 acquires intercepted information corresponding to the reference application scene, and extracts interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information; the server 104 obtains target passing degrees corresponding to the intercepted sending objects from the target application scene, and screens the intercepted sending objects to obtain the intercepted sending objects based on the target passing degrees; the server 104 clusters the intercepted transmission objects of all targets based on the interception attribute hit information corresponding to the intercepted transmission objects of all targets to obtain all transmission object clusters; the server 104 acquires target intercepted information corresponding to a target application scene, classifies and identifies each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters; the server 104 takes the transmission object in the blacklist object cluster as a blacklist transmission object of the target application scene, and intercepts information when detecting information transmitted by the blacklist transmission object through the terminal 102 in the target application scene. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.
In one embodiment, as shown in fig. 2, an information processing method is provided, and the method is applied to the server in fig. 1, for example, the method may also be applied to a terminal, and may also be applied to a system including the terminal and the server, and implemented through interaction between the terminal and the server. In this embodiment, the method includes the steps of:
step 202, obtaining intercepted information corresponding to a reference application scene, and extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information.
The reference application scene refers to an application scene for intercepting junk information in advance, the application scene can be an application scene capable of mutually communicating, and the application scene can be an instant messaging application scene, an email application scene, a short message application scene, a telephone application scene and the like. The reference application scenario may be an application scenario in which the mutual communication is performed on a single object basis, for example, the reference application scenario may be a personal application scenario. The intercepted information is used for representing junk information sent by each intercepted sending object intercepted in the reference application scene, and can comprise the intercepted sending objects and corresponding junk information. The intercepted transmission object refers to a transmission object of the intercepted information. The transmission object may be a real object, such as a person. The sending object may also be a virtual object, such as an artificial intelligence object, a virtual object, or the like. The interception attribute hit information is used for representing the number of times information that the junk information sent by the intercepted sending object within a period of time accords with each interception attribute, and the interception attribute is preset attribute for information interception judgment. Different junk information sent by the intercepted sending object in a period of time can accord with different interception attributes, and also can accord with the same interception attributes.
Specifically, the server may obtain the intercepted information corresponding to the reference application scenario from the database, may obtain the intercepted information corresponding to the reference application scenario from the service server, or may obtain the intercepted information corresponding to the reference application scenario from the service server providing the data service. Then, the intercepted information can be used for obtaining corresponding intercepted objects, and information, which is sent by the intercepted objects and accords with the interception attribute, of the intercepted information is obtained. And then counting the number of the intercepted information intercepted by each interception attribute according to the information that the intercepted information sent by the intercepted sending object accords with the interception attribute, so as to obtain interception attribute hit information corresponding to the intercepted sending object. And traversing each intercepted sending object to obtain interception attribute hit information corresponding to each intercepted sending object.
Step 204, obtaining target passing degrees corresponding to the intercepted transmission objects from the target application scene, and screening the intercepted transmission objects from the intercepted transmission objects based on the target passing degrees to obtain the intercepted transmission objects.
The target application scene refers to an application scene for intercepting junk information after the reference application scene. The target application scenario may be an application scenario in which the communication with each other is performed on the basis of a plurality of objects, for example, the reference application scenario may be a group application scenario. The target application scene and the reference application scene are the same type of application scene, for example, the reference application scene is a personal email application scene, and the target application scene may be a group email application scene. The target passing degree is used for representing the passing degree corresponding to the information sent by the intercepted sending object in the target application scene. The higher the target passing degree is, the less possibility that the information sent by the intercepted sending object in the target application scene is intercepted is indicated. The target intercepted sending object refers to an intercepted sending object in a target application scene and is obtained by screening all intercepted sending objects in a reference application scene.
Specifically, the server may obtain the target passing degrees of all the sending objects in the target application scene from the database, then match each intercepted sending object with the sending object in the target application scene, and use the target passing degrees of the sending objects in the target application scene consistent with the matching as the target passing degrees corresponding to the intercepted sending objects, thereby obtaining the target passing degrees corresponding to each intercepted sending object. And screening intercepted transmission objects with the target passing degree exceeding a preset passing degree threshold value from all the intercepted transmission objects, and taking the rest intercepted transmission objects as all the target intercepted transmission objects finally screened. When the target passing degree corresponding to the intercepted transmission object is not obtained from the target application scene, the information that the intercepted transmission object has not transmitted in the target application scene is described. At this time, the target passing degree corresponding to the intercepted transmission object is set to zero, or the intercepted transmission object is directly determined as the target intercepted transmission object.
And step 206, clustering the intercepted transmission objects of each target based on the interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster.
The sending object clusters refer to a set of target intercepted sending objects, and different types of targets intercept the set of sending objects when different sending object clusters are used.
Specifically, the server clusters the intercepted transmission objects of each target through interception attribute hit information corresponding to the intercepted transmission objects of each target by using a clustering algorithm to obtain clustered transmission object clusters. The clustering algorithm may be a prototype clustering algorithm, a density clustering algorithm, a hierarchical clustering algorithm, a model clustering algorithm, and the like.
Step 208, obtaining target intercepted information corresponding to a target application scene, and classifying and identifying each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters.
The intercepted information of the target refers to intercepted information in a period of time in the target application scene. The object cluster refers to an object set after classification and identification. Each of the transmission object clusters has a corresponding type, and each of the transmission object clusters corresponds to one of the object clusters. The respective transmission object clusters are of at least two types, including a blacklist object cluster or a whitelist object cluster, and in one embodiment, may also include a suspected blacklist object cluster, and so on. The blacklist object cluster refers to a set of blacklist objects, and the blacklist objects are transmission objects needing to intercept transmission information. The white list object cluster refers to a set of white list objects, which are normal transmission objects.
Specifically, the server may obtain target intercepted information corresponding to the target application scenario from the database. The target intercepted information corresponding to the target application scene can also be obtained from the service party. And then classifying and identifying each sending object cluster by using the target intercepted information, wherein the number of each history intercepted sending object corresponding to the target intercepted information in each sending object cluster can be calculated, classifying and identifying is carried out according to the number of the history intercepted sending objects in each sending object cluster, the sending object cluster with the number of the history intercepted sending objects exceeding the preset number is used as a blacklist object cluster, and the sending object cluster with the number of the history intercepted sending objects not exceeding the preset number is used as a whitelist object cluster, so that the category corresponding to each sending object cluster is obtained, and at least two types of object clusters are obtained.
Step 210, taking the sending object in the blacklist object cluster as a blacklist sending object of the target application scene, and intercepting the information when the information sent by the blacklist sending object is detected in the target application scene.
The information sent by the blacklist sending object refers to communication information sent by the blacklist sending object to the receiving object, and the communication information can be instant messaging information, short messages, emails and the like.
Specifically, the server takes a transmission object which is a blacklist object cluster in each transmission object cluster as a blacklist transmission object of the target application scene. And then when the information sent by the blacklist sending object is detected in the target application scene, intercepting the information sent by the blacklist sending object, namely, not sending the information sent by the blacklist sending object to the receiving object. The server may return the information transmitted by the blacklist transmission object.
According to the information processing method, intercepted information corresponding to the reference application scene is obtained, and interception attribute hit information corresponding to each intercepted transmission object is extracted based on the intercepted information; and obtaining the target passing degree corresponding to each intercepted transmission object from the target application scene, and screening by using the target passing degree of the target application scene to obtain each target intercepted transmission object. And then clustering each target intercepted transmission object by using interception attribute hit information of the reference application scene, classifying and identifying each transmission object cluster by using target intercepted information of the target application scene, and determining a blacklist object cluster of the target application scene, so that the accuracy of obtaining the blacklist object cluster of the target application scene can be improved, and then intercepting by using blacklist object cluster information, so that the interception accuracy of junk information in the target application scene can be improved.
In one embodiment, as shown in fig. 3, before step 202, before acquiring the intercepted information corresponding to the reference application scene, before extracting the interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information, the method further includes:
step 302, when the information to be detected sent by each sending object in the target time period is detected in the reference application scene, intercepting and detecting the information to be detected sent by each sending object by using a preset intercepting rule.
The target time period is a preset time period for acquiring intercepted information, and the time period can be set according to requirements, for example, the target time period can be set to be one month. The information to be detected is information required to be subjected to interception detection, and the information is information required to be transmitted to the receiving object by the transmitting object. The reception object is an object that receives information transmitted by the transmission object. The preset interception rules refer to preset rules for intercepting junk information, and may include scoring rules, machine learning model rules, URL (uniform resource locator, uniform resource locator system) rules, and the like, and the accuracy of interception using the preset interception rules is high.
Specifically, the transmission object transmits communication information to the reception object in the target period in the reference application scene. At this time, the server receives the communication information to be transmitted by the transmission object, takes the communication information as information to be detected, and then intercepts and detects the information to be detected by using a preset interception rule. And judging whether the information to be detected accords with a preset interception rule. For example, whether keywords exist in the information to be detected to perform keyword interception detection can be judged, and whether the information to be detected accords with a preset scoring rule can also be judged to perform interception detection. All the information to be detected sent by each sending object in the target time period is intercepted and detected in sequence, and parallel threads can be used for detecting all the information to be detected sent by each sending object in the target time period in parallel so as to improve the detection efficiency.
And step 304, when target information to be detected exists in the information to be detected sent by each sending object and accords with a preset interception rule, intercepting the target information to be detected.
The target information to be detected refers to information to be detected which accords with a preset interception rule.
Specifically, the server judges that the target information to be detected is junk information when the target information to be detected accords with at least one of preset interception rules, and then the target information to be detected needs to be intercepted. The preset interception rules comprise different interception rules.
Step 306, taking the sending object corresponding to the target to-be-detected information as the intercepted object, and obtaining the intercepted information based on the intercepted object and the target to-be-detected information.
Specifically, the server takes a sending object corresponding to each target to-be-detected information as an intercepted object, obtains the intercepted information according to each intercepted object and the corresponding target to-be-detected information, and finally can store the intercepted information of the reference application scene into a database.
In one embodiment, when the server obtains the intercepted information of the reference application scene, the server may directly extract the intercepting attribute hit information corresponding to each intercepted sending object, then store the intercepting attribute hit information corresponding to each intercepted sending object in the database, and when the server needs to use, may directly obtain the intercepting attribute hit information corresponding to each intercepted sending object in the reference application scene from the database.
In the embodiment, the intercepted information of the reference application scene is obtained by intercepting and detecting the information to be detected sent by each sending object in the reference application scene through the preset interception rule, so that the efficiency and the accuracy of obtaining the intercepted information are improved.
In one embodiment, as shown in fig. 4, step 202, that is, extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information, includes:
and step 402, carrying out similar combination on preset interception rules to obtain interception attributes.
Specifically, the server merges all the rules of the same type in the preset interception rules to obtain the interception attribute corresponding to the same type, namely, a plurality of interception attributes can be obtained. For example, the server merges the DNS-related interception rules in the preset interception rules into DNS interception attributes. The server merges the interception rules related to the scores into a score interception attribute. The server may incorporate keyword related interception rules into keyword interception attributes and the like. In one embodiment, each interception type in the preset interception types includes a plurality of interception rules, and the interception rules included in the same interception type are combined to obtain the interception attribute. The preset interception type is a preset type for intercepting junk information, and may include keyword interception, feature string interception, frequency interception, sample interception, DNS (Domain Name System ) interception, and the like.
Step 404, obtaining the number of times of rule hits of each intercepted object in the intercepted information, wherein the number of times of rule hits meets the preset interception rule.
The rule hit times are times when the information to be detected sent by the intercepted object in the target time period accords with each interception rule in the preset interception rules. For example, if the number of times that the information sent by the intercepted object in the target time period accords with the interception rule a is 2, the number of times of hit of the rule a is 2.
Specifically, the server may directly obtain, from the database, the number of rule hits for each intercepted object in the intercepted information that meets each interception rule in the preset interception rules. The server may also obtain, from the service party, a rule hit number of each intercepted object in the intercepted information conforming to each interception rule in the preset interception rules. The server may also obtain an interception history of each intercepted object, and count rule hits of each interception rule from the interception history.
Step 406, calculating the hit times of the interception attribute corresponding to the interception attribute based on the hit times of the rule, and obtaining the hit information of the interception attribute corresponding to each intercepted transmission object based on the hit times of the interception attribute and the interception attribute.
Wherein the interception attribute hit number refers to the sum of all interception rule hit numbers corresponding to the interception attribute
Specifically, the server calculates the sum of the hit times of the interception rules corresponding to each interception rule according to each interception rule used by the interception attribute in combination, and obtains the hit times of the interception attribute corresponding to the interception attribute. The server can calculate the hit times of the interception attribute corresponding to each interception attribute, and then takes each interception attribute and the hit times of the corresponding interception attribute as the hit information of the interception attribute corresponding to the intercepted sending object. Each intercepted sent object has various interception attributes and corresponding interception attribute hit times. In one embodiment, the sum of the numbers of the items, which are sent by each intercepted object in the target time period and are in accordance with the interception rule corresponding to the interception attribute, is used as the interception attribute hit information.
In the embodiment, the accuracy of the interception attribute hit information is improved by calculating the rule hit times and then calculating the interception attribute hit times corresponding to the interception attribute through the rule hit times, and then clustering is performed by using the interception attribute hit information, so that the clustering accuracy can be improved.
In one embodiment, step 204, obtaining a target passing degree corresponding to each intercepted transmission object from a target application scene, and screening each target intercepted transmission object from each intercepted transmission object based on the target passing degree, where the step includes the steps of:
acquiring information transmission total quantity and information throughput of each intercepted transmission object in a target application scene; calculating the ratio of the information throughput to the total information transmission amount to obtain the target passing degree, and taking the intercepted transmission objects with the target passing degree not exceeding the preset degree threshold as the intercepted transmission objects of each target.
The total information transmission amount refers to the total amount of information transmitted by the intercepted transmission object in the target time period. For example, the blocked sending object a sends the total number of emails in one month. Or the total number of instant messaging messages sent by the intercepted sending object A in one month. The throughput refers to the total amount of information that the intercepted transmission object transmits to the reception object within the target time period. For example, the total number of emails that the intercepted sending object a sent to the receiving object in one month. Or the total number of instant communication messages that the intercepted sending object a sent to the receiving object in one month.
Specifically, the server acquires the information transmission total amount and the information throughput of each intercepted transmission object in the target application scene in the target time period. The ratio of throughput to total amount of traffic is then calculated and the ratio is taken as the target throughput. And then taking the intercepted transmission objects with the target passing degree not exceeding the preset degree threshold as intercepted transmission objects of all targets. In one embodiment, the server may further obtain the number of complaints of information of each intercepted sending object in the target application scenario in the target time period. And calculating the normal information quantity according to the complaint quantity and the total information transmission quantity, calculating the ratio of the normal information quantity to the total information transmission quantity, and then carrying out weighted calculation according to the ratio of the total information throughput and the total information transmission quantity and the ratio of the normal information quantity to the total information transmission quantity to obtain the target passing degree. Then taking the intercepted transmission objects with the target passing degree not exceeding the preset degree threshold as the intercepted transmission objects of all the targets, thereby improving the accuracy of obtaining the intercepted transmission objects of all the targets.
In one embodiment, step 204, screening each intercepted transmission object from each intercepted transmission object based on the target passing degree, includes the steps of:
Screening each candidate intercepted transmission object from each intercepted transmission object based on the target passing degree; acquiring the total intercepted times of each candidate intercepted transmission object, and screening from each candidate intercepted transmission object based on the total intercepted times to obtain each target intercepted transmission object.
The candidate intercepted transmission object is an intercepted transmission object obtained by screening by using the target passing degree. The intercepted total number is used for representing the total number of times the information transmitted by the candidate intercepted transmission object is intercepted.
Specifically, the server firstly uses the target passing degree to screen out intercepted transmission objects with the target passing degree exceeding a pre-passing threshold, uses the rest intercepted transmission objects as candidate intercepted transmission objects, and then further screens out candidate intercepted transmission objects, namely, the total intercepted times of the candidate intercepted transmission objects are obtained, the candidate intercepted transmission objects with the total intercepted times not exceeding the total times threshold are screened out, and the rest candidate intercepted transmission objects are used as target intercepted transmission objects, for example, the candidate intercepted transmission objects with the total intercepted times being only one time are screened out. Therefore, the influence of interception can be avoided, and the accuracy of the obtained intercepted sending objects of each target is further improved.
In one embodiment, as shown in fig. 5, step 206, clustering each target intercepted transmission object based on interception attribute hit information corresponding to each target intercepted transmission object, to obtain each transmission object cluster, including:
step 502, obtaining the number of interception levels, and selecting interception attribute hit information of the interception level number from interception attribute hit information corresponding to the intercepted transmission object of each target as a clustering center.
The number of interception levels is the number of interception levels, the interception levels are used for representing the malicious degree of the intercepted sending object, and the higher the interception level is, the higher the malicious degree of the intercepted sending object is. The interception level may be set according to the need. The target intercepted sending objects with the same interception level are in the same object cluster, the target intercepted sending objects in each object cluster correspond to the same interception and the like, and different object clusters can be different interception levels.
Specifically, the server may obtain the number of interception levels, for example, 5 interception levels are preset, and the number of interception levels is 5. At this time, the number of interception levels is directly used as the number of clustering centers in clustering. And then selecting interception attribute hit information of the number of the cluster centers from interception attribute hit information corresponding to the intercepted and sent object of each target, and obtaining interception attribute hit information corresponding to the cluster centers. The interception attribute hit information may be selected randomly, or may be obtained according to a setting.
And step 504, calculating the similarity degree of interception attribute hit information corresponding to each target intercepted transmission object and the clustering center, and dividing each target intercepted transmission object based on the similarity degree to obtain each initial transmission object cluster.
The similarity is used for representing the similarity of the interception attribute hit information and the interception attribute hit information of the clustering center, and the higher the similarity is, the more the interception attribute hit information belongs to the cluster to which the clustering center belongs. The initial transmission object cluster is a transmission object cluster obtained by performing initial division.
Specifically, the server calculates the similarity between the interception attribute hit information corresponding to the intercepted sent object of each target and the interception attribute hit information corresponding to each cluster center by using a similarity algorithm, wherein the similarity algorithm can be a distance similarity algorithm, a cosine similarity algorithm and the like. And selecting a cluster center corresponding to the maximum similarity, dividing the intercepted target sending objects into clusters to which the cluster center belongs, dividing each target intercepted sending object in sequence, and obtaining each initial sending object cluster when the division is completed.
Step 506, updating the cluster center based on the interception attribute hit information corresponding to the intercepted transmission object of each target in each initial transmission object cluster to obtain an updated cluster center;
And step 508, taking the updated clustering center as a clustering center, and returning to calculate the similarity degree of the interception attribute hit information corresponding to each target intercepted transmission object and the clustering center, dividing each target intercepted transmission object based on the similarity degree, and performing iterative execution of the step of obtaining each initial transmission object cluster until the clustering completion condition is reached, so as to obtain each transmission object cluster.
The updated cluster center refers to the updated cluster center. The cluster completion condition refers to a condition of cluster end, including but not limited to no (or minimum number) of objects being reassigned to different clusters, no (or minimum number) of cluster center recurrence changes, and error squared and local minimum.
Specifically, the server updates the cluster center according to the interception attribute hit information corresponding to the intercepted transmission object in each initial transmission object cluster, wherein the average information in the interception attribute hit information corresponding to the intercepted transmission object in the initial transmission object cluster may be calculated, and the average information is used as the updated cluster center. And then, carrying out clustering calculation again by using an updated clustering center, namely taking the updated clustering center as the clustering center, and returning to calculate the similarity degree of interception attribute hit information corresponding to each target intercepted transmission object and the clustering center, dividing each target intercepted transmission object based on the similarity degree, and carrying out iterative execution on the step of obtaining each initial transmission object cluster until the clustering completion condition is reached, thereby obtaining each transmission object cluster.
In the above embodiment, the accuracy of each obtained sending object cluster can be improved by calculating the similarity between the interception attribute hit information corresponding to the intercepted sending object of each target of the similarity and the clustering center, and then performing clustering division by using the similarity and continuously performing loop iteration.
In one embodiment, step 206, clustering the intercepted transmission objects of each target based on the interception attribute hit information corresponding to the intercepted transmission objects of each target, to obtain each transmission object cluster, includes the steps of:
acquiring attribute information corresponding to each target intercepted transmission object, and clustering each target intercepted transmission object based on the attribute information and the interception attribute hit information to obtain each target transmission object cluster.
The attribute information refers to a basic attribute corresponding to the sending object, where the basic attribute may include a communication address, an object name, an object identity, a sending object information similar sample, and the like, different sending objects may have different attributes, and different sending objects may also have the same attribute.
Specifically, after the authorization of the target intercepted sending object passes, the server may obtain attribute information corresponding to the target intercepted sending object from the database and use the attribute information. At this time, the server may use the attribute information and the interception attribute hit information to cluster the intercepted transmission objects of each target through a clustering algorithm, where the attribute information may be converted into an attribute vector, the interception attribute hit information may be converted into an interception attribute hit vector, the attribute vector and the interception attribute hit vector are combined to obtain a combined vector, and then the combined vector is used to cluster the intercepted transmission objects of each target, and when the clustering is completed, each target transmission object cluster is obtained.
In one embodiment, the server may further acquire an information type portrait, an information pass portrait, and interception attribute hit information sent by the intercepted sending objects of each target, so as to cluster the intercepted sending objects of each target, and obtain each sending object cluster. The information type portrait is used for representing the information type sent by the intercepted sending object. The information passing portrait is used for representing the passing rate of the information transmitted by the intercepted transmitting object of the target.
In the above embodiment, the target intercepted transmission objects are clustered by using various different information of the target intercepted transmission objects to obtain target transmission object clusters, so that the accuracy of clustering can be improved, and then the target transmission object clusters are used for classification and identification to obtain blacklist object clusters, so that the accuracy of the obtained blacklist object clusters can be improved.
In one embodiment, as shown in fig. 6, step 208, that is, classifying and identifying each of the sending object clusters based on the target intercepted information, obtains at least two types of object clusters, where the object clusters include blacklisted object clusters, includes:
step 602, determining each history intercepted transmission object from the target intercepted information.
The history intercepted sending object refers to a sending object of history intercepted sending information in a target application scene. The target intercepted information comprises each history intercepted transmission object and corresponding history intercepted transmission information.
Specifically, the server may find each history intercepted transmission object from the target intercepted information, for example, the target intercepted information may be stored in a database in a list form, and the server may find each history intercepted transmission object corresponding to the transmission object column from the target intercepted information list in the database.
Step 604, calculating the intersection between each history intercepted transmission object and the transmission object of the current transmission object cluster in each transmission object cluster to obtain the interception intersection object set corresponding to the current transmission object cluster.
The current transmission object cluster refers to a transmission object cluster to be classified and identified currently. The interception intersection object set refers to a set of transmission objects that coexist in the transmission object cluster and in each of the history intercepted transmission objects.
Specifically, the server matches each of the historical intercepted transmission objects with the transmission objects in the current transmission object cluster, and when the consistent transmission objects exist, the consistent transmission objects are used as the transmission objects in the interception intersection object set corresponding to the current transmission object cluster. All consistent sending objects obtain an interception intersection object set corresponding to the current sending object cluster. The server traverses each sending object cluster, namely, each history intercepted sending object is matched with the sending object in each sending object cluster, then the consistent sending object is used as the sending object in the intercepting intersection object set, and after the matching is completed, the intercepting intersection object set corresponding to each sending object cluster is obtained.
And step 606, performing intersection proportion calculation based on the interception intersection object set and the current transmission object cluster to obtain a target interception proportion corresponding to the current transmission object cluster.
The target interception proportion is used for representing the proportion of the objects to be sent in the interception intersection object set to the objects to be sent in the object cluster. The higher the target interception ratio is, the more the sending objects of the intercepted sending information are in the sending object cluster is, namely, the higher the possibility that the sending object cluster is a blacklist sending object cluster is.
Specifically, the server counts the number of cluster objects of the transmission objects in the current transmission object cluster, and counts the number of intersection objects of the transmission objects in the interception intersection object set corresponding to the current transmission object cluster. And then calculating the ratio of the number of intersection objects to the number of cluster objects to obtain the target interception ratio corresponding to the current transmission object cluster. The server may traverse each sending object cluster in turn, i.e. count the number of cluster objects of the sending objects in each sending object cluster, and count the number of intersection objects of the sending objects in the interception intersection object set corresponding to each sending object cluster. And then calculating the ratio of the number of intersection objects to the number of cluster objects to obtain the target interception ratio corresponding to each sending object cluster.
And 608, determining that the current sending object cluster is a blacklist object cluster when the target interception ratio exceeds a preset interception threshold.
The preset interception threshold is a preset threshold used for representing that the sending pair cluster is a blacklist object cluster, and the preset interception threshold can be set according to requirements.
Specifically, the server compares the target interception ratio with a preset interception threshold, and when the target interception ratio exceeds the preset interception threshold, the server indicates that the ratio of the transmission objects of the current transmission object cluster to the intercepted transmission information is high, and at the moment, the current transmission object cluster is determined to be a blacklist object cluster. And when the target interception ratio does not exceed a preset interception threshold, determining that the current sending object cluster is a white list object cluster.
In one embodiment, when the target interception ratio is within a range of a preset whitelist threshold and a preset interception threshold, the preset whitelist threshold is smaller than the preset interception threshold, and at this time, it is determined that the current transmission object cluster is a suspected blacklist object cluster. And when the target interception ratio is smaller than a preset white list threshold value, determining that the current sending object cluster is a white list object cluster.
In the embodiment, the intersection proportion calculation is performed based on the interception intersection object set and the current sending object cluster to obtain the target interception proportion corresponding to the current sending object cluster, and then the current sending object cluster is determined to be the blacklist object cluster when the target interception proportion exceeds the preset interception threshold, so that the accuracy of the obtained blacklist object cluster can be improved, namely the sending object cluster can be automatically classified and identified, the clustering cluster does not need to be marked, and the efficiency is improved.
In one embodiment, as shown in fig. 7, the information processing method further includes:
step 702, obtaining target passed information corresponding to the target application scene, where the target passed information includes all target passed sending objects.
The target passed information is information for representing that each target in the target application scene has been transmitted through a transmission object, and may include that each target has passed through the transmission object and information that the corresponding transmitted information target has been transmitted through the transmission object refers to the transmission object that transmits to the receiving object.
Specifically, the server may obtain the target passed information corresponding to the target application scene from the database, or may obtain the target passed information corresponding to the target application scene from the service side, or may obtain the target passed information corresponding to the target application scene uploaded by the terminal. And then determines that each target has passed through the transmission object from the target passed information.
Step 704, calculating the intersection of the transmission object of each target passing through the transmission object and the current transmission object cluster in each transmission object cluster to obtain the passing intersection object set corresponding to the current transmission object cluster.
The intersection object set refers to a set of transmission objects commonly existing in a transmission object cluster and each target passing through the transmission objects.
Specifically, the server matches each target passing transmission object with the transmission objects in the current transmission object cluster, and when the consistent transmission objects exist, the server regards the consistent transmission objects as the transmission objects in the passing intersection object set corresponding to the current transmission object cluster. And all the consistent sending objects obtain a passing intersection object set corresponding to the current sending object cluster. The server traverses each sending object cluster, namely, each target passing sending object is matched with the sending object in each sending object cluster, then the consistent sending object is used as the sending object in the passing intersection object set, and after the matching is completed, the passing intersection object set corresponding to each sending object cluster is obtained.
And step 706, calculating the intersection proportion based on the intersection object set and the current transmission object cluster to obtain the target passing proportion corresponding to the current transmission object cluster.
The target passing proportion is used for representing the proportion of the sending objects in the sending object cluster in the intersecting object set. The higher the target passing ratio, the higher the likelihood that the transmission object cluster is the white list transmission object cluster.
Specifically, the server counts the number of cluster objects of the transmission objects in the current transmission object cluster, and counts the number of intersection objects of the transmission objects in the intersection object set corresponding to the current transmission object cluster. And then calculating the ratio of the number of intersection objects to the number of cluster objects to obtain the target passing proportion corresponding to the current transmission object cluster. The server may traverse or calculate the target passing proportion of each sending object cluster in parallel, that is, count the number of the cluster objects of the sending objects in each sending object cluster, and count the number of the intersection objects of the sending objects in the intersection object set corresponding to each sending object cluster. And then calculating the ratio of the number of intersection objects to the number of cluster objects to obtain the target passing proportion corresponding to each sending object cluster.
In step 708, when the target passing ratio exceeds the preset passing threshold, it is determined that the current transmission object cluster is a white list object cluster.
The preset passing threshold is a preset threshold used for representing that the sending pair cluster is a white list object cluster, and the preset passing threshold can be set according to requirements.
Specifically, the server compares the target passing ratio with a preset passing threshold, and when the target passing ratio exceeds the preset passing threshold, the server indicates that the possibility that the current transmission object cluster is a normal transmission object in the target application scene is high, and at the moment, the current transmission object cluster is determined to be a white list object cluster. And when the target interception ratio does not exceed a preset interception threshold, determining that the current sending object cluster is a blacklist object cluster.
In the above embodiment, the accuracy of the obtained blacklist object cluster can be improved by obtaining the target passed information corresponding to the target application scene and then using the target passed information to classify and identify each sending object cluster, thereby obtaining the blacklist object cluster.
In one embodiment, the information processing method further includes the steps of:
acquiring attribute information of each blacklist sending object in a blacklist object cluster in a target application scene, and extracting common attributes based on the attribute information of each blacklist sending object in the target application scene to obtain blacklist common attribute information; and acquiring attribute information of the to-be-identified transmitting object in the target application scene, and determining that the to-be-identified transmitting object is a blacklist transmitting object when the to-be-identified transmitting object has blacklist shared attribute information in the attribute information of the target application scene.
The blacklist common attribute information refers to information of the same attribute of different blacklist transmission objects. For example, when the communication addresses used when different blacklist transmission objects transmit information are the same, the communication addresses are blacklist common attribute information. The transmission object to be identified refers to a transmission object that needs to be identified whether or not it belongs to a blacklist.
Specifically, the server may obtain attribute information of each blacklist sending object in the blacklist object cluster in the target application scene from the database. And then counting the same attribute in the attribute information of each blacklist sending object to obtain blacklist sharing attribute information. And then when the to-be-identified transmitting object is required to be classified and identified, the server can acquire the attribute information of the to-be-identified transmitting object in the target application scene from the database, can acquire the attribute information of the to-be-identified transmitting object transmitted by the service party, and can also acquire the attribute information of the to-be-identified transmitting object uploaded by the terminal. And then judging whether the attribute information of the to-be-identified sending object has the attribute in the blacklist shared attribute information. When the attribute information of the to-be-identified sending object in the target application scene has the attribute in the blacklist shared attribute information, the to-be-identified sending object is indicated to be the blacklist sending object. In one embodiment, the server may also use the blacklist transmission objects exceeding the preset number as the blacklist sharing attribute information when the blacklist transmission objects exceeding the preset number all have the same attribute in the attribute information of each blacklist transmission object.
In the above embodiment, by identifying the transmission object using the blacklist common attribute information, the spread identification of the common attribute is realized, so that the coverage of the identification can be improved.
In one embodiment, the information processing method further includes the steps of:
acquiring interception attribute hit information to be identified of a to-be-identified transmitting object in a reference application scene, and calculating the similarity degree of the interception attribute hit information to be identified and each transmitting object cluster; when the similarity exceeds a preset threshold, taking the transmission object cluster exceeding the preset threshold as a target transmission object cluster corresponding to the transmission object to be identified; and when the target sending object cluster is a blacklist object cluster, determining that the sending object to be identified is a blacklist sending object.
The interception attribute hit information to be identified refers to interception attribute hit information corresponding to the sending object to be identified.
Specifically, when a transmission object to be identified in the target application scene exists in the reference application scene. At this time, the server can directly obtain the hit information of the interception attribute to be identified of the reference application scene, and then calculate the similarity degree between the hit information of the interception attribute to be identified and each sending object cluster, wherein a similarity algorithm can be used to calculate the similarity between the hit information of the interception attribute to be identified and the cluster center corresponding to each sending object cluster. And comparing the similarity with a preset threshold, when the similarity exceeds the preset threshold, taking the transmission object cluster exceeding the preset threshold as a target transmission object cluster corresponding to the transmission object to be identified, and when the target transmission object cluster is a blacklist object cluster, determining that the transmission object to be identified is a blacklist transmission object. And when the target sending object cluster is a white list object cluster, determining that the sending object to be identified is a white list sending object.
In the above embodiment, the similarity degree between the interception attribute hit information to be identified and each sending object cluster is calculated, and when the similarity degree exceeds a preset threshold, the sending object cluster exceeding the preset threshold is used as the target sending object cluster corresponding to the sending object to be identified; when the target sending object cluster is a blacklist object cluster, the sending object to be identified is determined to be the blacklist sending object, so that the efficiency of identifying the sending object can be improved.
In a specific embodiment, as shown in fig. 8, an information processing method is executed by a computer device, and specifically includes the following steps:
step 802, obtaining information to be detected sent by each sending object in a reference application scene of a target time period, using a preset interception rule to intercept and detect the information to be detected sent by each sending object, and intercepting the target information to be detected when the target information to be detected in the information to be detected sent by each sending object accords with the preset interception rule; and taking the sending object corresponding to the target to-be-detected information as an intercepted object, and obtaining the intercepted information based on the intercepted object and the target to-be-detected information.
Step 804, carrying out similar combination on the preset interception rules to obtain interception attributes, obtaining rule hit times of each intercepted object in the intercepted information according with the preset interception rules, calculating interception attribute hit times corresponding to the interception attributes based on the rule hit times, and obtaining interception attribute hit information corresponding to each intercepted sent object based on the interception attributes and the interception attribute hit times.
Step 806, obtaining the information transmission total amount and the information throughput of each intercepted transmission object in the target application scene, calculating the ratio of the information throughput to the information transmission total amount to obtain the target passing degree, and taking the intercepted transmission object of which the target passing degree does not exceed the preset degree threshold as each target intercepted transmission object;
step 808, clustering the intercepted transmission objects of each target based on the interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster;
step 810, obtaining target intercepted information corresponding to a target application scene, determining each history intercepted transmission object from the target intercepted information, and calculating the intersection of each history intercepted transmission object and the transmission object of each transmission object cluster to obtain the interception intersection object set corresponding to each transmission object cluster.
And step 812, calculating an intersection proportion based on each interception intersection object set and the corresponding transmission object cluster to obtain a target interception proportion corresponding to each transmission object cluster, and determining the transmission object cluster as a blacklist object cluster when the target interception proportion exceeds a preset interception threshold. When the target interception ratio does not exceed the preset interception threshold, determining that the sending object cluster is a white list object cluster, traversing each sending object cluster, and obtaining black and white list classification recognition results corresponding to each sending object cluster.
Step 814, taking the sending object in the blacklist object cluster as the blacklist sending object of the target application scene, and intercepting the information when the information sent by the blacklist sending object is detected in the target application scene.
In a specific embodiment, as shown in fig. 9, a frame diagram of an information processing method is provided, specifically: the information processing method is applied to an email platform, and the email platform is applied to a personal application scene and an enterprise application scene. In the personal application scene, the email platform acquires intercepted sender data of a personal mailbox, then the intercepted sender data can be interception data within one month, and the interception data is data for counting interception types and interception rules of anti-spam interception of emails sent by the intercepted sender. And then merging a plurality of interception rules under the same interception type to obtain interception attributes. Then, calculating the condition that each intercepted sender hits each interception attribute, for example, combining a plurality of different interception rules (a, b, c, d, e) to obtain an interception attribute (X). When calculating, if the interception data of the intercepted sender hits the interception rule a for 2 times and hits the interception rule c for 3 times, the value of the interception attribute X of the intercepted sender is 5, and interception attribute hit information of the intercepted sender is obtained. And then determining the interception portrait data of the sender according to each statistic value corresponding to the intercepted sender in the interception attribute set, namely the interception attribute hit information of the intercepted sender. And then the email platform acquires the target passing degree corresponding to each intercepted sender in the target application scene, wherein the target passing degree can be embodied by credit scoring. Then, the intercepted senders with the target passing degree exceeding a certain degree are removed from the intercepted senders, namely, the intercepted senders with good credit behaviors in the target application scene are removed, so that the interference of misjudgment on candidate blacklist identification is reduced. At this time, the intercepted senders of the respective targets are obtained. And then clustering all the target intercepted senders by using a K-means clustering algorithm, and clustering by using interception attribute hit information of the target intercepted senders. The number of cluster centers may be selected in association with the interception level. After the clustering is completed, each sender cluster is obtained. At this time, the respective transmission target clusters are further classified and identified. At this time, the email platform obtains the target intercepted information corresponding to the target application scene, and thus obtains each history intercepted sender. And then counting the senders which are shared with each sender cluster in each history intercepted sender, and counting the proportion of the senders which are shared with each cluster to the sender cluster. When the proportion exceeds a preset interception threshold value, the proportion of intercepted senders in a target application scene is high, the sender cluster is obtained to be a blacklist cluster, and senders in the sender cluster are blacklist senders, and the blacklist senders are senders for maliciously sending junk mails. When the proportion is smaller than a preset passing threshold, the condition that the proportion of the intercepted senders in the target application scene is low is indicated, the sender cluster is obtained to be a white list cluster, and senders in the sender cluster are white list senders. And then carrying out common attribute diffusion identification of the blacklist senders. The attribute information of the senders in the blacklist cluster is obtained, and then the common attribute of the blacklist senders is extracted. At this time, when the sender to be detected is obtained, the attribute information of the sender to be detected is matched with the common attribute of the blacklist sender, and when the attribute information of the sender to be detected has the common attribute of the blacklist sender, the sender to be detected is indicated to be the blacklist sender, so that attribute diffusion is realized to identify the blacklist sender, and the coverage is improved.
In a specific embodiment, as shown in fig. 10, an application scenario diagram of an information processing method is provided, specifically: the E-mail platform establishes a blacklist database in an offline state, wherein interception attribute hit information corresponding to each intercepted sender is obtained by using interception data of the personal mailbox sender. And screening the credit data of the senders of the enterprise mailbox, namely, the passing degree of the targets corresponding to the intercepted senders, so as to obtain intercepted senders of the targets, clustering the intercepted senders of the targets by using a k-means clustering algorithm according to the interception attribute hit information of the intercepted senders of the targets, so as to obtain clusters of the senders, classifying and identifying the clusters of the senders by using interception data of the senders of the enterprise mailbox, so as to obtain a blacklist cluster and a whitelist cluster, and storing the senders in the blacklist cluster into a blacklist database of the enterprise mailbox. And then, attribute diffusion identification can be performed to obtain a blacklist sender, and the blacklist sender is stored in an enterprise mailbox blacklist database. And then, when the E-mail platform acquires the new mail, the E-mail platform firstly performs the garbage mail inspection through the garbage sending system. I.e. spam recognition. The detection can be performed by judging whether the sender of the new mail is in the blacklist database, a detection result is obtained, and then whether the new mail is intercepted is determined according to the detection result. When the sender of the new mail is in the blacklist database, the new mail is intercepted, and the new mail can be returned to the sender.
In a specific embodiment, the information processing method may also be applied to a short message communication platform, specifically: the short message communication platform acquires intercepted short messages corresponding to the personal application scene, and extracts interception attribute hit information corresponding to each intercepted sending object based on the intercepted short messages; acquiring target passing degrees corresponding to all intercepted transmission objects from an enterprise application scene, and screening all the intercepted transmission objects from all the intercepted transmission objects based on the target passing degrees to obtain all the target intercepted transmission objects; clustering the intercepted transmission objects of each target based on interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster; acquiring target intercepted information corresponding to an enterprise application scene, and classifying and identifying each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters; and taking the sending object in the blacklist object cluster as a blacklist sending object of the enterprise application scene, and intercepting the short message when the short message sent by the blacklist sending object is detected in the enterprise application scene.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides an information processing device for realizing the above-mentioned related information processing method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation of one or more embodiments of the information processing device provided below may refer to the limitation of the information processing method hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 11, there is provided an information processing apparatus 1100 including: an attribute extraction module 1102, a screening module 1104, a clustering module 1106, an identification module 1108, and an information interception module 1110, wherein:
the attribute extraction module 1102 is configured to obtain intercepted information corresponding to the reference application scene, and extract interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information;
the screening module 1104 is configured to obtain a target passing degree corresponding to each intercepted transmission object from the target application scene, and screen each target intercepted transmission object from each intercepted transmission object based on the target passing degree;
the clustering module 1106 is configured to cluster each target intercepted sending object based on the interception attribute hit information corresponding to each target intercepted sending object, to obtain each sending object cluster;
The identifying module 1108 is configured to obtain target intercepted information corresponding to a target application scene, and classify and identify each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, where the object clusters include blacklist object clusters;
the information interception module 1110 is configured to intercept information when a transmitting object in the blacklist object cluster is used as a blacklist transmitting object of the target application scene and information transmitted by the blacklist transmitting object is detected in the target application scene.
In one embodiment, the information processing apparatus 1100 further includes:
the intercepted information obtaining module is used for intercepting and detecting the information to be detected sent by each sending object by using a preset interception rule when the information to be detected sent by each sending object in the target time period is detected in the reference application scene; when target information to be detected exists in the information to be detected sent by each sending object and accords with a preset interception rule, intercepting the target information to be detected; and taking the sending object corresponding to the target to-be-detected information as an intercepted object, and obtaining the intercepted information based on the intercepted object and the target to-be-detected information.
In one embodiment, the attribute extraction module 1102 is further configured to perform homogeneous combination on the preset interception rules to obtain an interception attribute; acquiring the number of times of rule hits, in which each intercepted object in the intercepted information accords with a preset interception rule; and calculating the hit times of the interception attribute corresponding to the interception attribute based on the hit times of the rule, and obtaining the hit information of the interception attribute corresponding to each intercepted transmission object based on the interception attribute and the hit times of the interception attribute.
In one embodiment, the filtering module 1104 is further configured to obtain, in the target application scenario, a total amount of information transmission and a throughput of information of each intercepted transmission object; calculating the ratio of the information throughput to the total information transmission amount to obtain the target passing degree, and taking the intercepted transmission objects with the target passing degree not exceeding the preset degree threshold as the intercepted transmission objects of each target.
In one embodiment, the filtering module 1104 is further configured to filter each candidate intercepted transmission object from each intercepted transmission object based on the target passing degree; acquiring the total intercepted times of each candidate intercepted transmission object, and screening from each candidate intercepted transmission object based on the total intercepted times to obtain each target intercepted transmission object.
In one embodiment, the clustering module 1106 is further configured to obtain the number of interception levels, and select interception attribute hit information of the number of interception levels from interception attribute hit information corresponding to the intercepted and sent object of each target as a clustering center; calculating the similarity degree of interception attribute hit information corresponding to each target intercepted transmission object and a clustering center, and dividing each target intercepted transmission object based on the similarity degree to obtain each initial transmission object cluster; updating the clustering center based on interception attribute hit information corresponding to each target intercepted transmission object in each initial transmission object cluster to obtain an updated clustering center; and taking the updated clustering center as a clustering center, and returning to calculate the similarity degree of interception attribute hit information corresponding to each target intercepted transmission object and the clustering center, dividing each target intercepted transmission object based on the similarity degree, and performing iterative execution of the step of obtaining each initial transmission object cluster until the clustering completion condition is reached, so as to obtain each transmission object cluster.
In one embodiment, the clustering module 1106 is further configured to obtain attribute information corresponding to each target intercepted transmission object, and cluster each target intercepted transmission object based on the attribute information and the interception attribute hit information, to obtain each target transmission object cluster.
In one embodiment, the identifying module 1108 is further configured to determine each history intercepted sent object from the target intercepted information; calculating the intersection of each history intercepted transmission object and the transmission object of the current transmission object cluster in each transmission object cluster to obtain an interception intersection object set corresponding to the current transmission object cluster; performing intersection proportion calculation based on the interception intersection object set and the current transmission object cluster to obtain a target interception proportion corresponding to the current transmission object cluster; and when the target interception ratio exceeds a preset interception threshold, determining that the current sending object cluster is a blacklist object cluster.
In one embodiment, the identifying module 1108 is further configured to obtain target passed information corresponding to the target application scenario, where the target passed information includes all target passed sending objects; calculating the intersection of each target passing object and the transmission object of the current transmission object cluster in each transmission object cluster to obtain a passing intersection object set corresponding to the current transmission object cluster; calculating an intersection proportion based on the intersection object set and the current transmission object cluster to obtain a target passing proportion corresponding to the current transmission object cluster; and when the target passing proportion exceeds a preset passing threshold, determining that the current sending object cluster is a white list object cluster.
In one embodiment, the information processing apparatus 1100 further includes:
the attribute identification module is used for acquiring attribute information of each blacklist sending object in the blacklist object cluster in the target application scene, and carrying out common attribute extraction based on the attribute information of each blacklist sending object in the target application scene to obtain blacklist common attribute information; and acquiring attribute information of the to-be-identified transmitting object in the target application scene, and determining that the to-be-identified transmitting object is a blacklist transmitting object when the to-be-identified transmitting object has blacklist shared attribute information in the attribute information of the target application scene.
In one embodiment, the information processing apparatus 1100 further includes:
the similarity recognition module is used for acquiring the hit information of the interception attribute to be recognized of the to-be-recognized transmitting object in the reference application scene and calculating the similarity degree of the hit information of the interception attribute to be recognized and each transmitting object cluster; when the similarity exceeds a preset threshold, taking the transmission object cluster exceeding the preset threshold as a target transmission object cluster corresponding to the transmission object to be identified; and when the target sending object cluster is a blacklist object cluster, determining that the sending object to be identified is a blacklist sending object.
Each of the modules in the above-described information processing apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 12. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer equipment is used for storing intercepted information corresponding to a reference application scene, target intercepted information and target passing degree corresponding to a target application scene, a blacklist sending object of the target application scene and the like. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an information processing method.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure thereof may be as shown in fig. 13. The computer device includes a processor, a memory, an input/output interface, a communication interface, a display unit, and an input means. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface, the display unit and the input device are connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement an information processing method. The display unit of the computer equipment is used for forming a visual picture, and can be a display screen, a projection device or a virtual reality imaging device, wherein the display screen can be a liquid crystal display screen or an electronic ink display screen, the input device of the computer equipment can be a touch layer covered on the display screen, can also be a key, a track ball or a touch pad arranged on a shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structures shown in fig. 12 or 13 are merely block diagrams of portions of structures associated with the present inventive arrangements and are not limiting of the computer device to which the present inventive arrangements may be implemented, and that a particular computer device may include more or fewer components than shown, or may be combined with certain components, or may have different arrangements of components.
In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims (15)

1. An information processing method, characterized in that the method comprises:
acquiring intercepted information corresponding to a reference application scene, and extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information;
acquiring target passing degrees corresponding to the intercepted transmission objects from a target application scene, and screening the intercepted transmission objects based on the target passing degrees to obtain the intercepted transmission objects;
Clustering the intercepted transmission objects of each target based on interception attribute hit information corresponding to the intercepted transmission objects of each target to obtain each transmission object cluster;
acquiring target intercepted information corresponding to the target application scene, and classifying and identifying each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters;
and taking the sending objects in the blacklist object cluster as blacklist sending objects of the target application scene, and intercepting the information when the information sent by the blacklist sending objects is detected in the target application scene.
2. The method according to claim 1, further comprising, before the acquiring the intercepted information corresponding to the reference application scene and extracting the interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information:
when the information to be detected sent by each sending object in the target time period is detected in the reference application scene, intercepting and detecting the information to be detected sent by each sending object by using a preset interception rule;
When target information to be detected exists in the information to be detected sent by each sending object and accords with the preset interception rule, intercepting the target information to be detected;
and taking the sending object corresponding to the target to-be-detected information as an intercepted object, and obtaining intercepted information based on the intercepted object and the target to-be-detected information.
3. The method according to claim 2, wherein extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information comprises:
similar combination is carried out on the preset interception rules to obtain interception attributes;
acquiring the rule hit times of each intercepted object in the intercepted information, wherein the rule hit times of each intercepted object accords with the preset interception rule;
and calculating the hit times of the interception attribute corresponding to the interception attribute based on the hit times of the rule, and obtaining the hit information of the interception attribute corresponding to each intercepted transmission object based on the hit times of the interception attribute and the interception attribute.
4. The method of claim 1, wherein the obtaining, from the target application scenario, the target passing degree corresponding to the intercepted transmission objects, and filtering, based on the target passing degree, each target intercepted transmission object from the intercepted transmission objects, includes:
Acquiring information transmission total quantity and information throughput of each intercepted transmission object in the target application scene;
and calculating the ratio of the information throughput to the total information transmission amount to obtain the target passing degree, and taking the intercepted transmission objects of which the target passing degree does not exceed a preset degree threshold as the intercepted transmission objects of each target.
5. The method of claim 1, wherein the screening each target intercepted transmission object from the each intercepted transmission objects based on the target passing degree comprises:
screening each candidate intercepted transmission object from the intercepted transmission objects based on the target passing degree;
acquiring the total intercepted times of each candidate intercepted transmission object, and screening from each candidate intercepted transmission object based on the total intercepted times to obtain each target intercepted transmission object.
6. The method according to claim 1, wherein clustering the target intercepted transmission objects based on the interception attribute hit information corresponding to the target intercepted transmission objects to obtain each transmission object cluster includes:
Acquiring the number of interception levels, and selecting interception attribute hit information of the number of interception levels from interception attribute hit information corresponding to the intercepted transmission object of each target as a clustering center;
calculating the similarity degree of interception attribute hit information corresponding to each target intercepted transmission object and the clustering center, and dividing each target intercepted transmission object based on the similarity degree to obtain each initial transmission object cluster;
updating the cluster center based on interception attribute hit information corresponding to the intercepted transmission objects of each target in each initial transmission object cluster to obtain an updated cluster center;
and taking the updated clustering center as a clustering center, and returning to calculate the similarity degree of interception attribute hit information corresponding to the intercepted transmission objects of each target and the clustering center, dividing the intercepted transmission objects of each target based on the similarity degree, and performing iteration of the step of obtaining each initial transmission object cluster until the clustering completion condition is reached, so as to obtain each transmission object cluster.
7. The method according to claim 1, wherein clustering the target intercepted transmission objects based on the interception attribute hit information corresponding to the target intercepted transmission objects to obtain each transmission object cluster includes:
Acquiring attribute information corresponding to the intercepted transmission objects of each target, and clustering the intercepted transmission objects of each target based on the attribute information and the interception attribute hit information to obtain target transmission object clusters.
8. The method of claim 1, wherein classifying and identifying the respective sending object clusters based on the target intercepted information results in at least two classes of object clusters, the object clusters comprising blacklisted object clusters, comprising:
determining each history intercepted transmission object from the target intercepted information;
calculating the intersection of each history intercepted transmission object and the transmission object of the current transmission object cluster in each transmission object cluster to obtain an interception intersection object set corresponding to the current transmission object cluster;
performing intersection proportion calculation based on the interception intersection object set and the current transmission object cluster to obtain a target interception proportion corresponding to the current transmission object cluster;
and when the target interception ratio exceeds a preset interception threshold, determining that the current sending object cluster is a blacklist object cluster.
9. The method of claim 7, wherein the method further comprises:
Acquiring target passed information corresponding to the target application scene, wherein the target passed information comprises all target passed sending objects;
calculating the intersection of the transmitted object of each target passing through object and the transmitted object of the current transmitted object cluster in each transmitted object cluster to obtain a passing intersection object set corresponding to the current transmitted object cluster;
calculating an intersection proportion based on the passing intersection object set and the current transmission object cluster to obtain a target passing proportion corresponding to the current transmission object cluster;
and when the target passing proportion exceeds a preset passing threshold, determining that the current sending object cluster is a white list object cluster.
10. The method according to claim 1, wherein the method further comprises:
acquiring attribute information of each blacklist sending object in the blacklist object cluster in the target application scene, and extracting common attributes based on the attribute information of each blacklist sending object in the target application scene to obtain blacklist common attribute information;
and acquiring attribute information of the to-be-identified transmitting object in the target application scene, and determining that the to-be-identified transmitting object is a blacklist transmitting object when the to-be-identified transmitting object has the blacklist shared attribute information in the attribute information of the target application scene.
11. The method according to claim 1, wherein the method further comprises:
acquiring interception attribute hit information to be identified of a to-be-identified transmitting object in the reference application scene, and calculating the similarity degree of the interception attribute hit information to be identified and each transmitting object cluster;
when the similarity exceeds a preset threshold, taking the transmission object cluster exceeding the preset threshold as a target transmission object cluster corresponding to the transmission object to be identified;
and when the target sending object cluster is a blacklist object cluster, determining that the sending object to be identified is a blacklist sending object.
12. An information processing apparatus, characterized in that the apparatus comprises:
the attribute extraction module is used for acquiring intercepted information corresponding to the reference application scene and extracting interception attribute hit information corresponding to each intercepted transmission object based on the intercepted information;
the screening module is used for acquiring target passing degrees corresponding to the intercepted sending objects from a target application scene, and screening the intercepted sending objects to obtain target intercepted sending objects based on the target passing degrees;
the clustering module is used for clustering the intercepted sending objects of each target based on the interception attribute hit information corresponding to the intercepted sending objects of each target to obtain each sending object cluster;
The identification module is used for acquiring target intercepted information corresponding to the target application scene, classifying and identifying each sending object cluster based on the target intercepted information to obtain at least two types of object clusters, wherein the object clusters comprise blacklist object clusters;
and the information interception module is used for taking the sending objects in the blacklist object cluster as blacklist sending objects of the target application scene, and intercepting the information when the information sent by the blacklist sending objects is detected in the target application scene.
13. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 11 when the computer program is executed.
14. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 11.
15. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 11.
CN202211070710.2A 2022-09-02 2022-09-02 Information processing method, apparatus, computer device, and storage medium Pending CN117014173A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211070710.2A CN117014173A (en) 2022-09-02 2022-09-02 Information processing method, apparatus, computer device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211070710.2A CN117014173A (en) 2022-09-02 2022-09-02 Information processing method, apparatus, computer device, and storage medium

Publications (1)

Publication Number Publication Date
CN117014173A true CN117014173A (en) 2023-11-07

Family

ID=88574994

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211070710.2A Pending CN117014173A (en) 2022-09-02 2022-09-02 Information processing method, apparatus, computer device, and storage medium

Country Status (1)

Country Link
CN (1) CN117014173A (en)

Similar Documents

Publication Publication Date Title
EP3771168B1 (en) Abnormal user identification method
US10516638B2 (en) Techniques to select and prioritize application of junk email filtering rules
US8055078B2 (en) Filter for blocking image-based spam
US9130778B2 (en) Systems and methods for spam detection using frequency spectra of character strings
US11539726B2 (en) System and method for generating heuristic rules for identifying spam emails based on fields in headers of emails
CN107305611B (en) Method and device for establishing model corresponding to malicious account and method and device for identifying malicious account
JP2015513133A (en) Spam detection system and method using character histogram
WO2010002892A1 (en) Systems and methods for reporter-based filtering of electronic communications and messages
US20130339456A1 (en) Techniques to filter electronic mail based on language and country of origin
US11929969B2 (en) System and method for identifying spam email
CN107172622B (en) Method, device and system for identifying and analyzing pseudo base station short message
CN112884121A (en) Traffic identification method based on generation of confrontation deep convolutional network
CN111612085A (en) Method and device for detecting abnormal point in peer-to-peer group
CN111651741B (en) User identity recognition method, device, computer equipment and storage medium
CN111245815B (en) Data processing method and device, storage medium and electronic equipment
CN117014173A (en) Information processing method, apparatus, computer device, and storage medium
US20230029312A1 (en) Similarity-based search for fraud prevention
CN106911660B (en) Information management method and device
JP6706397B1 (en) Learning system, learning method, and program
Dixit et al. Lohit: An online detection & control system for cellular sms spam
CN111860655A (en) User processing method, device and equipment
EP3716540B1 (en) System and method for generating heuristic rules for identifying spam emails
Saffarzadeh et al. Identifying Spam Tweets in Social Networks with Combined Approaches of Feature Selection and Deep Learning
KR20140127036A (en) Server and method for spam filtering
CN117155622A (en) Account risk judging method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination