CN102761576B - Web system malicious polyphonic ringtone ordering preventing method and server - Google Patents
Web system malicious polyphonic ringtone ordering preventing method and server Download PDFInfo
- Publication number
- CN102761576B CN102761576B CN201110109049.7A CN201110109049A CN102761576B CN 102761576 B CN102761576 B CN 102761576B CN 201110109049 A CN201110109049 A CN 201110109049A CN 102761576 B CN102761576 B CN 102761576B
- Authority
- CN
- China
- Prior art keywords
- user
- request
- essential step
- server
- ordering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Abstract
The invention relates to a web system malicious polyphonic ringtone ordering preventing method and a server. The method includes: allowing the server to record activity route information of steps supposed to be selected by users in the ringtone ordering process, and pressing the activity route information into stack sensitive information; receiving ordering requests inputted by the users, and pressing the ordering requests into the stack sensitive information; calculating credibility indexes of the ordering requests by means of the preset association iterative algorithm based on the stack sensitive information; and filtering the ordering requests when the credibility indexes exceed a preset threshold. By introducing a stack mechanism and a like token ring mechanism, various malicious polyphonic ringtone ordering ways such as pretending legal user login by program simulated robots, accessing through browser addresses, multiple-time submitting by legal login users and the like can be effectively subjected to safety control, and accordingly, safety of the Web system is improved while common benefits among polyphonic ringtone users, operators and polyphonic ringtone content providers are guaranteed.
Description
Technical field
The present invention relates to communication technical field, the CRBT Web system particularly relating to a kind of browser end/server (Browser/Sever, B/S) framework prevents malice from ordering method and the server of bell sound.
Background technology
Along with the development of intelligent network business, Ring Back Tone service is more and more widely used.Wherein, the color bell sound displaying based on Web server, audition, order and the sequence of operations such as to give and all undertaken by Internet network, the opening of network makes the fail safe of network interaction on this basis and validity then seem quite important.
The CRBT Web service of current B/S framework, due to the environment that it is open, inevitably be subject to the impact of some negative factor, wherein malice orders the important content that bell sound is safety precaution, but because the characteristic of Web service limit, control ability in this link is relatively weak, and along with carrying out in a deep going way of Ring Back Tone service, existing Web system cannot meet quality and the security requirement of CRBT Web service.
Summary of the invention
Main purpose of the present invention is to provide a kind of CRBT Web system to prevent malice from ordering method and the server of bell sound, is intended to the fail safe improving CRBT Web system.
In order to achieve the above object, the present invention proposes a kind of CRBT Web system and prevents malice from ordering the method for bell sound, comprising:
Server record user is ordering the active path information of essential step in bell sound process, and by described active path information press-in storehouse sensitive information;
Receive the subscription request of user's input, and described subscription request is pressed into described storehouse sensitive information;
Based on described storehouse sensitive information, predetermined association iterative algorithm is adopted to calculate the confidence level target of described subscription request;
When described confidence level target exceedes predetermined threshold values, filter out described subscription request.
Preferably, described essential step comprises: log in, search for and/or browse.
Preferably, the active path information of login process comprises verification codes of pages assembly, IP address requesting, Subscriber Number and/or current request page address information.
Preferably, also comprise: when described confidence level target does not exceed predetermined threshold values, allow described subscription request to pass through.
Preferably, also comprise:
When receiving the logging request that user sends, server generates token field according to described logging request, and described token field is carried in login response message and returns to user.
Preferably, also comprise after step login response message being returned to user:
When browsing of receiving that user sends or searching request, server according to described in browse or searching request upgrades described token field, and the described token field after renewal is carried at browses or return to user in search response message.
Preferably, by browse or search response message return to the step of user after also comprise:
When receiving the request of the inquiry appointment bell message breath that user sends, server specifies the request of bell message breath to upgrade described token field according to described inquiry, and the described token field after upgrading is carried at inquiry and specifies in the response message of bell message breath and return to user.
The present invention also proposes a kind of CRBT Web system and prevents malice from ordering the server of bell sound, comprising:
Stack module, for recording user in the active path information ordering essential step in bell sound process, and by described active path information press-in storehouse sensitive information;
Receiver module, for receiving the subscription request of user's input, and is pressed into described storehouse sensitive information by described subscription request;
Computing module, for based on described storehouse sensitive information, adopts predetermined association iterative algorithm to calculate the confidence level target of described subscription request;
Subscription request processing module, for when described confidence level target exceedes predetermined threshold values, filters out described subscription request.
Preferably, described subscription request processing module also for when described confidence level target does not exceed predetermined threshold values, allows described subscription request to pass through.
Preferably, also comprise:
Token module, during for receiving logging request that user sends when server, generates token field according to described logging request, and described token field is carried in login response message and returns to user.
Preferably, described token module also for receive when server user send browse or searching request time, to browse or searching request upgrades described token field according to described, and the described token field after upgrading is carried at browses or return to user in search response message.
Preferably, during the request that the inquiry appointment bell message that described token module also sends for receiving user when server ceases, specify the request of bell message breath to upgrade described token field according to described inquiry, and the described token field after upgrading is carried at inquiry and specifies in the response message of bell message breath and return to user.
A kind of CRBT Web system that the present invention proposes prevents malice from ordering method and the server of bell sound, by introducing Stack mechanism, recording user orders the active path information in the essential step of Web site in bell sound process, and by active path information press-in storehouse sensitive information; Based on this storehouse sensitive information, predetermined association iterative algorithm is adopted to calculate the confidence level target of subscription request; When confidence level target exceedes predetermined threshold values, filter out this subscription request, thus the fail safe of CRBT Web system is control effectively; Simultaneously, on this basis, further introducing class token ring mechanism, be carried in corresponding response message according to the request generation token field of the essential step of user and return to user, and according to the request of subsequent user, related update is carried out to this token field, can effectively prevent to a great extent repeating to send or send after distorting after hacker's means are caught to normal messages.Pass through the present invention, pretend to be validated user to log in process simulation robot, all carry out fail safe control by the access of browser address, legal login user by the approach of multiple malice order bell sounds such as repeatedly submitting to, improve the fail safe of Web system, also ensure that color ring user, common interests between operator and CRBT content supplier to a certain extent.
Accompanying drawing explanation
Fig. 1 is that CRBT Web system of the present invention prevents malice from ordering the method one embodiment schematic flow sheet of bell sound;
Fig. 2 is that CRBT Web system of the present invention prevents malice from ordering the active path information of server record user essential step in order bell sound process in method one embodiment of bell sound, and by the schematic flow sheet of active path information press-in storehouse sensitive information;
Fig. 3 is that CRBT Web system of the present invention prevents malice from ordering the active path information of server record user essential step in order bell sound process in another embodiment of method of bell sound, and by the schematic flow sheet of active path information press-in storehouse sensitive information;
Fig. 4 is that CRBT Web system of the present invention prevents malice from ordering the server one example structure schematic diagram of bell sound;
Fig. 5 is that CRBT Web system of the present invention prevents malice from ordering another example structure schematic diagram of server of bell sound.
In order to make technical scheme of the present invention clearly, understand, be described in further detail below in conjunction with accompanying drawing.
Embodiment
Solution for embodiment of the invention main thought is: because the behavior of bell sound malice order presents following principal character mostly: the abnormality in behavior, the behavior that such as domestic consumer seldom or hardly may do; Regularity in behavior is such as identical or in cycle operating time of a certain sequence; Regularity in data, what such as all order bell sounds were numbered presents natural sequence relation etc., and therefore, the present embodiment is for said circumstances, pretend to be validated user to carry out logging in for process simulation robot and the malice bell sound orderability question that causes, introduce the path tracking technique of Stack mechanism; The malice bell sound undertaken by repeatedly submitting to for the access of browser address and legal login user is ordered, and introduces the request filter of class token ring mechanism, to control effectively to the fail safe of CRBT Web system.
In following examples, server is Web server.
As shown in Figure 1, one embodiment of the invention proposes a kind of CRBT Web system and prevents malice from ordering the method for bell sound, comprising:
Step S101, server record user is ordering the active path information of essential step in bell sound process, and by active path information press-in storehouse sensitive information;
The malice bell sound orderability question that the present embodiment is pretended to be validated user to carry out logging in for process simulation robot and caused, introduce the path tracking technique of Stack mechanism, the active state of dynamic tracking user in CRBT Web system, and judge whether current SUBSCRIBE Operation is initiated by user by the situation of these state variation, invalid SUBSCRIBE Operation is considered as to the state behavior of exception.
Make a concrete analysis of as follows: common color ring user can simplified characterization be following key operations from signing in order behavior: login, browse/search, displaying, according to bell sound numbering initiate order, complete and order and point out.Disabled user then only comprises order and waits Partial key operation, compare known, the disabled user that malice is ordered is generally by URL address shortcut, or intercept and capture and distort legitimate messages, repeat send and complete order fast, for normal domestic consumer, some essential steps are as logged in, search, the operation such as to browse all can not be performed, these operations simultaneously initiating malice order perform very frequent, and between required parameter, also meet certain rule, because the realization of software really can not simulate actual random request, such as the final bell sound ordered probably only belongs to a SP (Service Provider, service provider) etc.
Therefore, the present embodiment asks the technical limitations of channel by such as user, in logging request, such as add the sensitive informations such as verification codes of pages assembly, IP address requesting, Subscriber Number, current request page address, these information all must be pressed into stack information through the active path of step in Web site by recording user, in the end to eject during SUBSCRIBE Operation, the confidence level target of algorithm to subscription request of class association rules is adopted to calculate.
Step S102, receives the subscription request of user's input, and subscription request is pressed into storehouse sensitive information;
Step S103, based on storehouse sensitive information, adopts predetermined association iterative algorithm to calculate the confidence level target of subscription request;
Step S104, when confidence level target exceedes predetermined threshold values, filters out subscription request.
In above-mentioned steps S103 and step S104, judged by the legitimacy of confidence level target to the subscription request of user of subscription request.Wherein, the confidence level target of subscription request is calculated by association iterative algorithm and obtains.The computing formula of association iterative algorithm is:
Current essential step x is the confidence level=P (the essential step x-1 of essential step x|) of normal users
P (the essential step x-1 of essential step x|) performs the conditional probability of essential step x after referring to essential step x-1 execution.
When the current essential step x of calculating is the confidence level of normal users, need from storehouse sensitive information, extract corresponding active path information, to obtain user from the essential step signed in subscription procedure.
Conditional probability refers to any one occurrence A and event B, the conditional probability that time A occurs under the condition that known time B occurs.The computing formula of conditional probability is:
P(A|B)=P(AB)/P(B);
Wherein, P (AB) refers to the sample points that A comprises under the condition of B generation; P (B) refers to sample points under the condition of B generation.
To log in, to search for and to order three essential steps, if log-in events is A, if search events is B, if subscription event is C, and the probability simultaneously establishing initial value normal users log-in events to occur and P (A)=0.9, the probability that normal users search events occurs and P (B)=0.8, the probability that normal users subscription event occurs is 0.5.
Essential step is logged in, the confidence level P (A)=0.9 of the normal users occurred in login situation;
For essential step search, in login situation, the confidence level of the normal users that hunting action occurs is: P (B|A)=P (AB)/P (A)=P (B)/P (A)=0.8/0.9=0.89;
In like manner, order for essential step, the confidence level of the normal users occurred in search situation is:
P(C|B)=P(CB)/P(B)=0.5/0.89=0.56;
As can be seen from above-mentioned computing formula, current operation is the confidence level that the confidence level of normal users depends on all essential steps above, pass through iterative computation, whether the incidence relations such as redirect are had along with the increase of path and between the page and the page, normal users, this confidence level target is higher, otherwise then lower, finally can be fallen abnormal subscription request by the threshold filtering preset.
When confidence level target does not exceed predetermined threshold values, show that this subscribed users is normal users, then allow subscription request to pass through.
As shown in Figure 2, step S101 comprises:
Step S1011, receive the logging request that user sends, the active path information of the verification codes of pages assembly in record logging request, IP address requesting, Subscriber Number and/or current request page address, and by the active path information of this logging request press-in storehouse sensitive information;
Step S1012, returns logging request response message to user;
Step S1013, receives the browse/search request that user sends, and by the active path information of browse/search request press-in storehouse sensitive information;
Step S1014, returns browse/search request response to user;
Step S1015, receives the appointment bell sound information request that user sends, and will specify the active path information press-in storehouse sensitive information of bell sound information request;
Step S1016, returns to user and specifies bell message breath request response.
The present embodiment is by introducing Stack mechanism, and recording user orders the active path information in the essential step of Web site in bell sound process, and by active path information press-in storehouse sensitive information; Based on this storehouse sensitive information, predetermined association iterative algorithm is adopted to calculate the confidence level target of subscription request; When confidence level target exceedes predetermined threshold values, filter out this subscription request, thus the fail safe of CRBT Web system is control effectively, while raising security of system, also ensure that the common interests of color ring user, operator and CRBT content supplier.
As shown in Figure 3, another embodiment of the present invention proposes a kind of CRBT Web system and prevents malice from ordering the method for bell sound, and on the basis of above-described embodiment, step S101 comprises:
Step S1011, receive the logging request that user sends, the active path information of the verification codes of pages assembly in record logging request, IP address requesting, Subscriber Number and/or current request page address, and by the active path information of this logging request press-in storehouse sensitive information;
Step S10112, generate token field, and token field is carried in login response message according to logging request;
Step S1012, returns logging request response message to user;
Step S1013, receives the browse/search request that user sends, and by the active path information of browse/search request press-in storehouse sensitive information;
Step S10134, according to browse or searching request upgrades described token field, and is carried at the token field after upgrading and browses or in search response message;
Step S1014, returns browse/search request response to user;
Step S1015, receives the appointment bell sound information request that user sends, and will specify the active path information press-in storehouse sensitive information of bell sound information request;
Step S10156, the request according to inquiry appointment bell message breath upgrades token field, and is carried in the response message of inquiry appointment bell message breath by the token field after upgrading;
Step S1016, returns to user and specifies bell message breath request response.
The difference of the present embodiment and above-described embodiment is, the present embodiment is on the basis of above-described embodiment, the malice bell sound undertaken by repeatedly submitting to for the access of browser address and legal login user is ordered, introduce class token (Token) ring mechanism, each request message of initiating is filtered, message request is only effective within a session cycle, and other is all considered as invalid operation.
It is on the basis of stack trace technology, add class token ring mechanism again that the anti-malice of class token ring mechanism orders scheme, as by technological means such as joining day stamp, MD5 algorithms, ensure the token field of the always up-to-date generation that active user uses on the one hand, on the other hand, current token is associated by the token of last action to generate, therefore, can effectively prevent to a great extent repeating to send or send after distorting after hacker's means are caught to normal messages.
The present embodiment is on the basis of above-described embodiment, further introducing class token ring mechanism, be carried in corresponding response message according to the request generation token field of the essential step of user and return to user, and according to the request of subsequent user, related update is carried out to this token field, can effectively prevent to a great extent repeating to send or send after distorting after hacker's means are caught to normal messages, further improve the fail safe of Web system, ensure that color ring user, common interests between operator and CRBT content supplier.
As shown in Figure 4, one embodiment of the invention proposes a kind of CRBT Web system and prevents malice from ordering the server of bell sound, comprising: stack module 401, receiver module 402, computing module 403 and subscription request processing module 404, wherein:
Stack module 401, for recording user in the active path information ordering essential step in bell sound process, and by active path information press-in storehouse sensitive information;
Receiver module 402, for receiving the subscription request of user's input, and is pressed into storehouse sensitive information by subscription request;
Computing module 403, for based on storehouse sensitive information, adopts predetermined association iterative algorithm to calculate the confidence level target of subscription request;
Subscription request processing module 404, during for exceeding predetermined threshold values when confidence level target, filters out subscription request.
Subscription request processing module 404 is not also for exceeding predetermined threshold values during when confidence level target, subscription request is allowed to pass through.
The malice bell sound orderability question that the present embodiment is pretended to be validated user to carry out logging in for process simulation robot and caused, introduce the path tracking technique of Stack mechanism, the active state of dynamic tracking user in CRBT Web system, and judge whether current SUBSCRIBE Operation is initiated by user by the situation of these state variation, invalid SUBSCRIBE Operation is considered as to the state behavior of exception.
Make a concrete analysis of as follows: common color ring user can simplified characterization be following key operations from signing in order behavior: login, browse/search, displaying, according to bell sound numbering initiate order, complete and order and point out.Disabled user then only comprises order and waits Partial key operation, compare known, the disabled user that malice is ordered is generally by URL address shortcut, or intercept and capture and distort legitimate messages, repeat send and complete order fast, for normal domestic consumer, some essential steps are as logged in, search, the operation such as to browse all can not be performed, these operations simultaneously initiating malice order perform very frequent, and also meet certain rule between required parameter (because the realization of software really can not simulate actual random request, such as the final bell sound ordered probably only belongs to a SP etc.).
Therefore, the present embodiment asks the technical limitations of channel by such as user, in logging request, such as add the sensitive informations such as verification codes of pages assembly, IP address requesting, Subscriber Number, current request page address, these information all must be pressed into stack information through the active path of step in Web site by recording user, in the end to eject during SUBSCRIBE Operation, the confidence level target of algorithm to subscription request of class association rules is adopted to calculate.
Judged by the legitimacy of confidence level target to the subscription request of user of subscription request.Wherein, the confidence level target of subscription request is calculated by association iterative algorithm and obtains.The computing formula of association iterative algorithm is:
Current essential step x is the confidence level=P (the essential step x-1 of essential step x|) of normal users
P (the essential step x-1 of essential step x|) performs the conditional probability of essential step x after referring to essential step x-1 execution.
When the current essential step x of calculating is the confidence level of normal users, need from storehouse sensitive information, extract corresponding active path information, to obtain user from the essential step signed in subscription procedure.
Conditional probability refers to any one occurrence A and event B, the conditional probability that time A occurs under the condition that known time B occurs.The computing formula of conditional probability is:
P(A|B)=P(AB)/P(B);
Wherein, P (AB) refers to the sample points that A comprises under the condition of B generation; P (B) refers to sample points under the condition of B generation.
To log in, to search for and to order three essential steps, if log-in events is A, if search events is B, if subscription event is C, and the probability simultaneously establishing initial value normal users log-in events to occur and P (A)=0.9, the probability that normal users search events occurs and P (B)=0.8, the probability that normal users subscription event occurs is 0.5.
Essential step is logged in, the confidence level P (A)=0.9 of the normal users occurred in login situation;
For essential step search, in login situation, the confidence level of the normal users that hunting action occurs is:
P(B|A)=P(AB)/P(A)=P(B)/P(A)=0.8/0.9=0.89;
In like manner, order for essential step, the confidence level of the normal users occurred in search situation is:
P(C|B)=P(CB)/P(B)=0.5/0.89=0.56;
Namely current operation is the confidence level that the confidence level of normal users depends on all essential steps above, pass through iterative computation, whether the incidence relations such as redirect are had along with the increase of path and between the page and the page, normal users, this confidence level target is higher, otherwise then lower, finally can be fallen abnormal subscription request by the threshold filtering preset.
When confidence level target does not exceed predetermined threshold values, show that this subscribed users is normal users, then allow subscription request to pass through.
As shown in Figure 5, another embodiment of the present invention proposes a kind of CRBT Web system and prevents malice from ordering the server of bell sound, on the basis of above-described embodiment, also comprises:
Token module 405, is connected between stack module 401 and receiver module 402, during for receiving logging request that user sends when server, generate token field, and token field is carried in login response message and returns to user according to logging request.
Further, token module 405 also for receive when server user send browse or searching request time, to browse or searching request upgrades described token field according to described, and the described token field after upgrading is carried at browses or return to user in search response message.
During the request that the inquiry appointment bell message that token module 405 also sends for receiving user when server ceases, specify the request of bell message breath to upgrade described token field according to described inquiry, and the described token field after upgrading is carried at inquiry and specifies in the response message of bell message breath and return to user.
The difference of the present embodiment and above-described embodiment is, the present embodiment is on the basis of above-described embodiment, the malice bell sound undertaken by repeatedly submitting to for the access of browser address and legal login user is ordered, introduce class token (Token) ring mechanism, each request message of initiating is filtered, message request is only effective within a session cycle, and other is all considered as invalid operation.
It is on the basis of stack trace technology, add class token ring mechanism again that the anti-malice of class token ring mechanism orders scheme, as by technological means such as joining day stamp, MD5 algorithms, ensure the token field of the always up-to-date generation that active user uses on the one hand, on the other hand, current token is associated by the token of last action to generate, therefore, can effectively prevent to a great extent repeating to send or send after distorting after hacker's means are caught to normal messages.
Embodiment of the present invention CRBT Web system prevents malice from ordering method and the server of bell sound, by introducing Stack mechanism, recording user orders the active path information in the essential step of Web site in bell sound process, and by active path information press-in storehouse sensitive information; Based on this storehouse sensitive information, predetermined association iterative algorithm is adopted to calculate the confidence level target of subscription request; When confidence level target exceedes predetermined threshold values, filter out this subscription request, thus the fail safe of CRBT Web system is control effectively; Simultaneously, on this basis, further introducing class token ring mechanism, be carried in corresponding response message according to the request generation token field of the essential step of user and return to user, and according to the request of subsequent user, related update is carried out to this token field, can effectively prevent to a great extent repeating to send or send after distorting after hacker's means are caught to normal messages.Pass through the present invention, pretend to be validated user to log in process simulation robot, all carry out fail safe control by the access of browser address, legal login user by the approach of multiple malice order bell sounds such as repeatedly submitting to, improve the fail safe of Web system, also ensure that color ring user, common interests between operator and CRBT content supplier to a certain extent.
The foregoing is only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or flow process conversion; or be directly or indirectly used in other relevant technical field, be all in like manner included in scope of patent protection of the present invention.
Claims (12)
1. CRBT network Web system prevents malice from ordering a method for bell sound, it is characterized in that, comprising:
Server record user is ordering the active path information of essential step in bell sound process, and by described active path information press-in storehouse sensitive information;
Receive the subscription request of user's input, and described subscription request is pressed into described storehouse sensitive information;
Based on described storehouse sensitive information, predetermined association iterative algorithm is adopted to calculate the confidence level target of described subscription request; The computing formula of described association iterative algorithm is:
Current essential step x is the confidence level=P (the essential step x-1 of essential step x|) of normal users
P (the essential step x-1 of essential step x|) performs the conditional probability of essential step x after referring to essential step x-1 execution; When the current essential step x of calculating is the confidence level of normal users, need from storehouse sensitive information, extract corresponding active path information, to obtain user from the essential step signed in subscription procedure;
When described confidence level target exceedes predetermined threshold values, filter out described subscription request.
2. method according to claim 1, is characterized in that, described essential step comprises: log in, search for and/or browse.
3. method according to claim 2, is characterized in that, the active path information of login process comprises verification codes of pages assembly, request procotol IP address, Subscriber Number and/or current request page address information.
4. method according to claim 1, is characterized in that, also comprises: when described confidence level target does not exceed predetermined threshold values, allows described subscription request to pass through.
5. the method according to any one of claim 1-4, is characterized in that, also comprises:
When receiving the logging request that user sends, server generates token field according to described logging request, and described token field is carried in login response message and returns to user.
6. method according to claim 5, is characterized in that, also comprises after step login response message being returned to user:
When browsing of receiving that user sends or searching request, server according to described in browse or searching request upgrades described token field, and the described token field after renewal is carried at browses or return to user in search response message.
7. method according to claim 6, is characterized in that, by browse or search response message return to the step of user after also comprise:
When receiving the request of the inquiry appointment bell message breath that user sends, server specifies the request of bell message breath to upgrade described token field according to described inquiry, and the described token field after upgrading is carried at inquiry and specifies in the response message of bell message breath and return to user.
8. CRBT Web system prevents malice from ordering a server for bell sound, it is characterized in that, comprising:
Stack module, for recording user in the active path information ordering essential step in bell sound process, and by described active path information press-in storehouse sensitive information;
Receiver module, for receiving the subscription request of user's input, and is pressed into described storehouse sensitive information by described subscription request;
Computing module, for based on described storehouse sensitive information, adopts predetermined association iterative algorithm to calculate the confidence level target of described subscription request; The computing formula of described association iterative algorithm is:
Current essential step x is the confidence level=P (the essential step x-1 of essential step x|) of normal users
P (the essential step x-1 of essential step x|) performs the conditional probability of essential step x after referring to essential step x-1 execution; When the current essential step x of calculating is the confidence level of normal users, need from storehouse sensitive information, extract corresponding active path information, to obtain user from the essential step signed in subscription procedure;
Subscription request processing module, for when described confidence level target exceedes predetermined threshold values, filters out described subscription request.
9. server according to claim 8, is characterized in that, described subscription request processing module also for when described confidence level target does not exceed predetermined threshold values, allows described subscription request to pass through.
10. server according to claim 8 or claim 9, is characterized in that, also comprise:
Token module, during for receiving logging request that user sends when server, generates token field according to described logging request, and described token field is carried in login response message and returns to user.
11. servers according to claim 10, it is characterized in that, described token module also for receive when server user send browse or searching request time, to browse or searching request upgrades described token field according to described, and the described token field after upgrading is carried at browses or return to user in search response message.
12. servers according to claim 11, it is characterized in that, during the request that the inquiry appointment bell message that described token module also sends for receiving user when server ceases, specify the request of bell message breath to upgrade described token field according to described inquiry, and the described token field after upgrading is carried at inquiry and specifies in the response message of bell message breath and return to user.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110109049.7A CN102761576B (en) | 2011-04-28 | 2011-04-28 | Web system malicious polyphonic ringtone ordering preventing method and server |
| PCT/CN2011/076205 WO2012145962A1 (en) | 2011-04-28 | 2011-06-23 | Method and server in color ring web system for preventing vicious ring tone subscriptions. |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110109049.7A CN102761576B (en) | 2011-04-28 | 2011-04-28 | Web system malicious polyphonic ringtone ordering preventing method and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102761576A CN102761576A (en) | 2012-10-31 |
| CN102761576B true CN102761576B (en) | 2015-04-01 |
Family
ID=47055897
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110109049.7A Expired - Fee Related CN102761576B (en) | 2011-04-28 | 2011-04-28 | Web system malicious polyphonic ringtone ordering preventing method and server |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102761576B (en) |
| WO (1) | WO2012145962A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103856920B (en) * | 2012-11-28 | 2017-09-12 | 中国移动通信集团河南有限公司 | A kind of data processing method and device |
| CN108289077B (en) * | 2017-01-09 | 2021-09-21 | 中兴通讯股份有限公司 | Method and device for carrying out fuzzy detection analysis on WEB server security |
| CN109088999B (en) * | 2017-06-13 | 2021-04-06 | 中兴通讯股份有限公司 | Method, device and computer readable storage medium for playing ring back tone |
| CN110351259A (en) * | 2019-06-28 | 2019-10-18 | 深圳数位传媒科技有限公司 | A kind of method and device obtaining APP authentication information based on network packet capturing |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217392A (en) * | 2007-12-27 | 2008-07-09 | 华为技术有限公司 | A behavior collection and analysis method and system |
| CN101257518A (en) * | 2008-03-27 | 2008-09-03 | 中国联合通信有限公司 | Method and system for preventing lawless ordering without through charging gateway in WAP platform |
| CN101888619A (en) * | 2010-06-09 | 2010-11-17 | 中兴通讯股份有限公司 | Method and device for preventing malicious orders by utilizing third party interactive voice response platform |
| CN101998372A (en) * | 2009-08-21 | 2011-03-30 | 中国移动通信集团广东有限公司 | Method, device and system for checking value added service ordering validity |
-
2011
- 2011-04-28 CN CN201110109049.7A patent/CN102761576B/en not_active Expired - Fee Related
- 2011-06-23 WO PCT/CN2011/076205 patent/WO2012145962A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217392A (en) * | 2007-12-27 | 2008-07-09 | 华为技术有限公司 | A behavior collection and analysis method and system |
| CN101257518A (en) * | 2008-03-27 | 2008-09-03 | 中国联合通信有限公司 | Method and system for preventing lawless ordering without through charging gateway in WAP platform |
| CN101998372A (en) * | 2009-08-21 | 2011-03-30 | 中国移动通信集团广东有限公司 | Method, device and system for checking value added service ordering validity |
| CN101888619A (en) * | 2010-06-09 | 2010-11-17 | 中兴通讯股份有限公司 | Method and device for preventing malicious orders by utilizing third party interactive voice response platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102761576A (en) | 2012-10-31 |
| WO2012145962A1 (en) | 2012-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7144117B2 (en) | Model training system and method and storage medium | |
| CN103023710B (en) | A kind of safety test system and method | |
| US8996669B2 (en) | Internet improvement platform with learning module | |
| CN109309666A (en) | Interface security control method and terminal device in a kind of network security | |
| US20220124094A1 (en) | Integrated bot and captcha techniques | |
| WO2012113272A1 (en) | Method, system and device for improving security of terminal when surfing internet | |
| US10250629B2 (en) | Captcha risk or score techniques | |
| CN104683313B (en) | Multimedia service processing unit, method and system | |
| CN106936793A (en) | A kind of information intercepting processing method and terminal | |
| US9544317B2 (en) | Identification of potential fraudulent website activity | |
| CN105187394A (en) | Proxy server having mobile terminal malicious software behavior detection capability and method | |
| CN103905395B (en) | WEB access control method and system based on redirection | |
| CN101340434A (en) | Malicious content detection and verification method and system for network station | |
| CN104618412A (en) | Page skipping method and device | |
| CN102761576B (en) | Web system malicious polyphonic ringtone ordering preventing method and server | |
| CN105871919A (en) | Network application firewall system and realization method thereof | |
| CN102946396B (en) | User agent's device, host web server and user authen method | |
| CN102185830B (en) | A kind of method and system of security filtration of network television browser | |
| CN113221156A (en) | Front-end authority control method and device, electronic equipment and storage medium | |
| CN101557403A (en) | Website login method, device and system | |
| WO2021078062A1 (en) | Ssl certificate verification method, apparatus and device, and computer storage medium | |
| CN109635222A (en) | Webpage privilege control method, apparatus, equipment and computer readable storage medium | |
| CN110611611B (en) | Web security access method for home gateway | |
| EP2973192B1 (en) | Online privacy management | |
| Ben Jaballah et al. | A grey-box approach for detecting malicious user interactions in web applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150401 Termination date: 20200428 |