CN102831540B - Method for detecting and defending credit attack facing electronic commerce system, and system thereof - Google Patents

Abstract

The invention discloses a method for detecting and defending a credit attack facing an electronic commerce system, and a system thereof. The method and the system mainly detect buyer behaviors, with profit which is a core purpose of credit attacks as a detection index. Through a statistic method, relations of cost and profit in buyer transaction behaviors are detected, and a buyer with abnormal transaction behaviors is recognized to change a credit calculating strategy of the buyer, thereby reducing influence of abnormal transaction behaviors on a credit evaluation system. Sellers who trade with the buyer with abnormal transaction behaviors are counted and collected to submit to an electronic commerce platform service provider for further process. Thus, an attacker is hard to extract detection mode characteristics, so the system has strong robustness.

Description

The credit attack detecting of Electronic Commerce system and defence method and system thereof

Technical field

The present invention relates to electronic digit data processing field, be specifically related to a kind of credit attack detecting of Electronic Commerce system and defence method and system thereof.

Background technology

Along with the fast development of internet, ecommerce, shopping at network, due to its convenient, fast property, more and more obtains the favor of the person of expense.Ecommerce has three kinds of common schema: B2B (Business to Business, business to business), B2C (Business to Consumer, business to consumer) and C2C (Consumerto Consumer, consumer to consumer).Wherein with fastest developing speed is C2C electronic business mode towards individual consumer.Due to, in C2C electronic business mode, transaction agent is all transaction individual.It is honest whether the both sides participated in business select, and can the prospective earnings that depending on keeps one's word completely brings be greater than the prospective earnings of not keeping one's word and bringing.Its credit rating of transaction personal accomplishment economic entity is lower.Therefore, consumer is for time of the quality value of the article of online spending, Payment Methods, cargo transport and the distrust such as mode, after sale service; And online spending person also distrusts for the Payment Methods of consumer, actual willingness to pay etc., so just there is mutual mistrustful situation.Visible, credit problems is the problem that the development of C2C electronic business mode must solve.

Current most of C2C e-commerce website all establishes credit appraisal mechanism, solves the mutual trust problem of both parties.The theoretical foundation of credit evaluation system be the credit rating of potential trade partners by the Transaction Income following for impact, the credit rating of trading object is higher, and following income is higher.If transaction is only carried out once, both parties according to self benefits maximization principle, can select trading activity that is sincere or deception when concluding the business.But in the commercial activity of reality, transaction generally repeats, thus makes within the time period, and the credit of transaction agent may constantly add up, and know by other people.In this case, transaction agent will pay attention to the credit of each transaction, reduce the risk of self breaking one's promise, thus the income making oneself expect reaches maximization.The certification of identity is the basis that credit evaluation system runs, and the credit of credit evaluation system changes all relevant with both parties, if having no idea to confirm counterparty, credit evaluation system cannot run.But the electronic business mode of C2C needs based on the operation of a large amount of buyer seller, the buyer of special city huge number.Therefore in order to attract buyer can not arrange strict authentication rule and transaction threshold.As Taobao, specify that seller just can must be participated in business by the real name authentication of Taobao, and buyer is not just limited.This facilitate that buyer concludes the business, simplify income and the process of exchange of buyer, but also bring managerial deficiency simultaneously, if buyer breaks a contract, change an ID and just can begin the beguine; Seller also can collude with buyer and carry out the credit attack such as wash sale, malice transaction.C2C credit evaluation system, due to the demand of actual commercial affairs, is bound to operate on a faulty authentication infrastructure.

Credit evaluation system, from occurring just being paid close attention to widely, particularly thinks the colony therefrom obtaining special advantage.The fundamental purpose that credit is attacked improves seller's credit grade at short notice with minimum cost, also has the object of small part to be adopt that malice is poor to be commented and the method such as the return of goods causes seller to lose, to obtain competitive edge.The advantage of competition can be brought owing to obtaining C2C transaction system credit advantage, be directly converted to the economic targets such as trading volume.The raising method adopting mode efficiently to obtain credit emerges in an endless stream, and main mode has: Utilization assessment systems technology leak carries out attacking, seller oneself register account number buys oneself commodity, carry out wash sale etc. with other people collusion.Recently, there is intermediate structure website, copied the form of pattern with distributed tasks of C2C, organize seller buyer to carry out wash sale.Credit attacks the foundation stone having touched C2C ecommerce, and each platform provider has all been put into effect severe punishment policy and taken precautions against credit attack.But the method that current C2C e-commerce platform takes precautions against credit attack mainly detects for concrete attack, as transaction frequency, the amount of money, quantity etc., attack strategies adjustment targetedly is also done in easy victim identification.The punishment rule of attacker constantly research platform provider, adjusts attack method accordingly, attacks for credit evaluation system, and make a profit with this.Constantly game development is carried out between attacking and defending.Attack means, by seller individual wash sale, to banding with others to mutual accommodation trade, is upgraded to the attack in a organized way of present third party website employing distributed tasks formula.Particularly third party website distributed tasks formula attacks the problem having touched the self-defect of credit evaluation system buyer authentication, adopts the mode detecting concrete attack to be difficult to take precautions against.See Fig. 3.

Summary of the invention

Technical matters to be solved by this invention is that existing strick precaution credit attack method carries out detecting for concrete attack and easily victim identification do the deficiency of attack strategies adjustment targetedly, proposes a kind of credit attack detecting for " profit " the Electronic Commerce system that is Testing index and defence method and system thereof.

The core object " profit " that the present invention attacks with credit detects buyer behavior for Testing index, the costs and benefits relation in buyer transaction behavior is detected by the method for statistics, identify the buyer of trading activity exception, and change his credit calculative strategy, reduce the impact of abnormal trading activity on credit evaluation system.Statistics and the seller of its transaction, gather rear submission e-commerce platform operator, carry out subsequent treatment.

For solving the problem, the present invention is realized by following scheme:

The credit attack detecting of Electronic Commerce system and defence method, comprise following steps:

(1) Transaction Information extracts:

Detect desired data set by extracting in e-commerce system trading information data storehouse, the data acquisition of extraction comprises: transaction id, represents with set I; Buyer ID, represents by set B; Seller ID, represents by S set; Exchange hour, represents with set T; Tradable commodity price, represents with set P; Transaction results, represents with set Q, Transaction Success value 1, unsuccessful value 0; Transaction is evaluated, and represents with set R;

(2) system trading activity feature is obtained:

(2.1) the system time section participating in system statistics is determined;

(2.2) the sample X of the buyer's transaction record participating in statistics is chosen ₁, X ₂... X _n, wherein each sample is the transaction record (i, b, s, p, t, q, r) of a buyer;

(2.3) 1. employing formula calculates the buyer's intrusion scene Tr in each sample respectively,

$\mathrm{Tr}=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O$ ①

In formula, C ₀for the coefficient relevant to transaction value; The transaction value that buyer is each in the system time section determined is p _i, concluded the business K time altogether, the corresponding state of each transaction is q _i; O is the nonrecurring cost of buyer;

(2.4) all results of step (2.3) gained are averaged, calculate the average attack cost ATr of all samples;

(2.5) the employing formula 2. buyer calculated respectively in each sample is made a profit cost Cr,

$\mathrm{Cr}=\underset{i=1}{\overset{k}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ②

In formula, in the system time section determined, buyer has concluded the business K time altogether, seller's prestige changes values that △ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, and F is trading rules;

(2.6) all results of step (2.5) gained are averaged, calculate the average profit cost ACr of all samples;

(2.7) ratio C of formula 3. computing system trading activity feature is adopted,

$C=\frac{\mathrm{ATr}}{\mathrm{ACr}}$ ③

In formula, ATr is the average attack cost of all samples, and ACr is the average profit cost of all samples;

(3) trading activity of single buyer is detected:

(3.1) the buyer's time period participating in buyer's statistics is determined;

(3.2) transaction record (i, b, s, p, t, q, r) of buyer to be detected is extracted;

(3.3) 4. employing formula calculates intrusion scene Tr (b) of this buyer;

$\mathrm{Tr}\left(b\right)=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O\left(b\right)$ ④

In formula, C ₀for the coefficient relevant to transaction value; The transaction value that buyer is each within the buyer's time period determined is p _i, concluded the business K time altogether, the corresponding state of each transaction is q _i; The nonrecurring cost that O (b) is buyer;

(3.4) 5. employing formula calculates profit cost Cr (b) of this buyer;

$\mathrm{Cr}\left(b\right)=\underset{i=1}{\overset{m}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ⑤

In formula, within buyer's time period, buyer is with the individual different sellers transaction of m, seller's prestige changes values that △ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, and F is trading rules;

(3.5) profit/intrusion scene Ratc (b) of formula 6. this calculating buyer is adopted;

$\mathrm{Ratc}\left(b\right)=\frac{C\×\mathrm{Cr}\left(b\right)}{\mathrm{Tr}\left(b\right)}$ ⑥

In formula, C is the ratio of system trading activity feature, the profit cost that Cr (b) is buyer, the intrusion scene that Tr (b) is buyer;

(3.6) judge whether this buyer has aggressiveness according to profit/intrusion scene Ratc (b) of buyer; Namely, when profit/intrusion scene Ratc (b) of this buyer is greater than the attack propensity value of setting, judge that this buyer has and attack tendency, extract and report punishment system with the Bidder Information of its transaction and the credit weights of buyer are reduced to zero; When profit/intrusion scene Ratc (b) of this buyer is less than the attack propensity value of setting and is greater than the potential attack propensity value of setting, judge that this buyer has potential attack tendency, reduce the credit weights of this buyer; When profit/intrusion scene Ratc (b) of this buyer is less than the potential attack propensity value of setting, judge that this buyer is normal, the credit weights of buyer are constant.

In said method, in step (2.2), the preferably employing of choosing of the sample of buyer's transaction record is randomly drawed or category extraction mode.

In said method, the system time section participating in system statistics in step (2.1) is preferably middle with step (3.1), and to participate in buyer's time period that buyer adds up identical.

In said method, participate in the system time section of system statistics and step (3.1) in step (2.1) and participate in buyer's time period that buyer adds up and be preferably all set to 1 month or 2 months.

In said method, in step (3.6), the attack propensity value of setting is preferably 1.2, and potential attack propensity value is preferably 0.8.

The credit attack detecting of Electronic Commerce system and system of defense, the trading activity detecting unit primarily of Transaction Information extraction unit, system trading activity feature acquiring unit and single buyer is formed, wherein,

Transaction Information extraction unit: detect desired data set by extracting in e-commerce system trading information data storehouse, the data acquisition of extraction comprises: transaction id, represents with set I; Buyer ID, represents by set B; Seller ID, represents by S set; Exchange hour, represents with set T; Tradable commodity price, represents with set P; Transaction results, represents with set Q, Transaction Success value 1, unsuccessful value 0; Transaction is evaluated, and represents with set R;

The ratio calculation module that system trading activity feature acquiring unit comprises system time section determination module, module chosen by sample, buyer's intrusion scene computing module, average attack pricing module, buyer make a profit pricing module, average profit pricing module and system trading activity feature;

System time section determination module: determine the system time section participating in system statistics;

Module chosen by sample: the sample X choosing the buyer's transaction record participating in statistics ₁, X ₂... X _n, wherein each sample is the transaction record (i, b, s, p, t, q, r) of a buyer;

Buyer's intrusion scene computing module: 1. employing formula calculates the buyer's intrusion scene Tr in each sample respectively,

$\mathrm{Tr}=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O$ ①

In formula, C ₀for the coefficient relevant to transaction value; The transaction value that buyer is each in the system time section determined is p _i, concluded the business K time altogether, the corresponding state of each transaction is q _i; O is the nonrecurring cost of buyer;

Average attack pricing module: be averaged to all results of buyer's intrusion scene computing module gained, calculates the average attack cost ATr of all samples;

Buyer makes a profit pricing module: the employing formula 2. buyer calculated respectively in each sample is made a profit cost Cr,

$\mathrm{Cr}=\underset{i=1}{\overset{k}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ②

In formula, in the system time section determined, buyer has concluded the business K time altogether, seller's prestige changes values that △ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, and F is trading rules;

Average profit pricing module: buyer's all results of pricing module gained of making a profit are averaged, calculate the average profit cost ACr of all samples;

The ratio calculation module of system trading activity feature: the ratio C adopting formula 3. computing system trading activity feature,

$C=\frac{\mathrm{ATr}}{\mathrm{ACr}}$ ③

In formula, ATr is the average attack cost of all samples, and ACr is the average profit cost of all samples;

The trading activity detecting unit of single buyer comprises single buyer's time determination module, single buyer's transaction record extraction module, single buyer's intrusion scene computing module, single buyer make a profit the aggressive judge module of pricing module, single buyer's profit/intrusion scene computing module and single buyer;

Single buyer's time determination module: determine the buyer's time period participating in buyer's statistics;

Single buyer's transaction record extraction module: the transaction record (i, b, s, p, t, q, r) extracting buyer to be detected;

Single buyer's intrusion scene computing module: 4. employing formula calculates intrusion scene Tr (b) of this buyer;

$\mathrm{Tr}\left(b\right)=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O\left(b\right)$ ④

In formula, C ₀for the coefficient relevant to transaction value; The transaction value that buyer is each within the buyer's time period determined is p _i, concluded the business K time altogether, the corresponding state of each transaction is q _i; The nonrecurring cost that O (b) is buyer;

Single buyer makes a profit pricing module: 5. employing formula calculates profit cost Cr (b) of this buyer;

$\mathrm{Cr}\left(b\right)=\underset{i=1}{\overset{m}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ⑤

In formula, within buyer's time period, buyer is with the individual different sellers transaction of m, seller's prestige changes values that △ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, and F is trading rules;

Single buyer's profit/intrusion scene computing module: profit/intrusion scene Ratc (b) adopting formula 6. this calculating buyer;

$\mathrm{Ratc}\left(b\right)=\frac{C\×\mathrm{Cr}\left(b\right)}{\mathrm{Tr}\left(b\right)}$ ⑥

In formula, C is the ratio of system trading activity feature, the profit cost that Cr (b) is buyer, the intrusion scene that Tr (b) is buyer;

The aggressive judge module of single buyer: judge whether this buyer has aggressiveness according to profit/intrusion scene Ratc (b) of buyer; Namely, when profit/intrusion scene Ratc (b) of this buyer is greater than the attack propensity value of setting, judge that this buyer has and attack tendency, extract and report punishment system with the Bidder Information of its transaction and the credit weights of buyer are reduced to zero; When profit/intrusion scene Ratc (b) of this buyer is less than the attack propensity value of setting and is greater than the potential attack propensity value of setting, judge that this buyer has potential attack tendency, reduce the credit weights of this buyer; When profit/intrusion scene Ratc (b) of this buyer is less than the potential attack propensity value of setting, judge that this buyer is normal, the credit weights of buyer are constant.

In said system, the preferably employing of choosing that the sample of buyer's transaction record in module chosen by sample is randomly drawed or category extraction mode.

In said system, the system time section participating in system statistics in system time section determination module is preferably identical with participating in buyer's time period that buyer adds up in single buyer's time determination module.

In said system, the system time section participating in system statistics in system time section determination module preferably with single buyer's time determination module participates in buyer's time period that buyer adds up and is all set to 3 months or 6 months.

In said system, the attack propensity value set in the aggressive judge module of single buyer is preferably 1.2, and potential attack propensity value is preferably 0.8.

Compared with prior art, the present invention has following features:

1. the present invention's core object " profit " of attacking with credit is for Testing index, and be characterized as irrelevant with concrete attack row, assailant is difficult to extract detecting pattern feature, has stronger robustness;

2. automatically identifying attack by calculating the attack benefit of trading activity and the relationship characteristic (ratio) of intrusion scene, different attack identification and detection can be adapted to;

3. automatically adjust credit calculative strategy, at utmost reduce attack to the impact of system;

4. adopt the method for statistics for buyer's trading activity attack signatures generation, have nothing to do with concrete credit evaluation system;

5. can be combined with existing credit evaluation system.

Accompanying drawing explanation

Fig. 1 is a kind of credit attack detecting of Electronic Commerce system and the general flow chart of defence method;

Fig. 2 is the overhaul flow chart of the trading activity of single buyer;

Fig. 3 is current Credit Evaluation Model figure;

Fig. 4 is Credit Evaluation Model figure of the present invention.

Embodiment

See Fig. 1, the credit attack detecting of Electronic Commerce system and defence method, comprise the steps:

(1) Transaction Information extracts.

Desired data set is detected by extracting in e-commerce system trading information data storehouse.In the present embodiment, the data acquisition extracted comprises: transaction id (every part commodity of transaction all produce a transaction id), represents with set I; Buyer ID, represents by set B; Seller ID, represents by S set; Exchange hour, represents with set T; Tradable commodity price, represents with set P; Transaction results, represents with set Q, Transaction Success value 1, unsuccessful value 0; Transaction is evaluated, and represents with set R.Certainly, the expression symbol of the data acquisition of said extracted and I, B, S, P, T, Q, R etc. also can adopt other set symbols to substitute.The data to be tested collection TR extracted can be expressed as:

$\mathrm{TR}\⊆I\×B\×S\×P\×T\×Q\×R$

One in TR is recorded as: { (i, b, s, p, t, q, r) }, represents the trading activity of buyer for certain commodity.

(2) system trading activity feature is obtained.

No matter be the attack for credit evaluation system such as credit propagation or malice evaluation, be all adopt minimum cost to obtain maximum seller's credit rating to change for assailant, its behavior of concluding the business is distinguishing with the trading activity of normal buyer.Adopt statistical method, the transaction value that can obtain system buyer makes seller's credit rating change corresponding relation with it, whether based on this, by statistics buyer historical transaction record, detecting buyer has attack tendency.

The transaction feature of buyer is that the transaction value in buyer time period T is concluded the business together the relation that seller's credit record of bringing changes.If buyer carries out wash sale attack for transaction system, buyer does not have the price of real payment for merchandise, the tax policies, platform service cost etc. that only have same transaction value to be correlated with of expenditure.So in the present embodiment, be the same transaction value variable cost of being correlated with and call intrusion scene with the fixed cost that transaction value is irrelevant the transaction value Character adjustment of buyer, the change of the seller's credit rating brought of concluding the business is called profit cost.

(2.1) the system time section participating in system statistics is determined.

(2.2) the sample X1 of the buyer's transaction record participating in statistics is chosen, X2 ... Xn, wherein each sample is the transaction record (i, b, s, p, t, q, r) of a buyer.In the present embodiment, the employing of choosing of the sample of buyer's transaction record is randomly drawed or category extraction mode.Certainly, choosing of sample also can be other sample selection method better can reacting concrete ecommerce feature.

(2.3) 1. employing formula calculates the buyer's intrusion scene Tr in each sample respectively,

$\mathrm{Tr}=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O$ ①

In formula, C ₀for the coefficient relevant to transaction value; The transaction value that buyer is each in the system time section determined is p _i, concluded the business K time altogether, the corresponding state of each transaction is q _i; for the variable cost that same transaction value is relevant; O is that the nonrecurring cost of buyer is namely with the fixed cost that transaction value is irrelevant.

(2.4) all results of step (2.3) gained are averaged, calculate the average attack cost ATr of all samples.

(2.5) by transaction, buyer makes seller's credit change, and suppose that trading rules are F, different e-commerce platforms has different trading rules, but all determines.Each trading activity for buyer makes seller's prestige changes values can be expressed as △ f=F (i, b, s, p, t, q, r).

Attack existing both parties due to credit to gang up and carry out wash sale and propagandize the behavior of credit, also have that malice is poor comments the behavior waiting minimizing seller credit.The common ground of these two kinds of modes is all obtain larger credit value with less cost to change, and for the mode that credit reduces, can take absolute value unified process.The credit change Cr that the All Activity of buyer obtains is defined as: to the summation of the All Activity of buyer.In the present embodiment, the employing formula 2. buyer calculated respectively in each sample is made a profit cost Cr,

$\mathrm{Cr}=\underset{i=1}{\overset{k}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ②

In formula, in the system time section determined, buyer has concluded the business K time altogether, seller's prestige changes values that △ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, and F is trading rules.

(2.6) all results of step (2.5) gained are averaged, calculate the average profit cost ACr of all samples.

(2.7) ATr and ACr is as the transaction feature of the normal buyer of system, for judging other buyer's behaviors.In the present embodiment, adopt the ratio C of formula 3. computing system trading activity feature,

$C=\frac{\mathrm{ATr}}{\mathrm{ACr}}$ ③

In formula, ATr is the average attack cost of all samples, and ACr is the average profit cost of all samples.

(3) trading activity of single buyer is detected.See Fig. 2.

(3.1) the buyer's time period participating in buyer's statistics is determined.

In the present invention, buyer's time period that system time section and the participation buyer of participation system statistics add up can be identical, also can not be identical.But the buyer's time period participating in buyer's statistics should is longer than or equal to the system time section participating in system statistics, and 2 time periods are overlapping at least partly.If system statistics time is in January, 2012, buyer's timing statistics is also in January, 2012, then the system time section participating in system statistics is identical with buyer's time period that participation buyer adds up.If system statistics time is the 1-3 month in 2012, buyer's timing statistics is also in March, 2012, then the system time section participating in system statistics is not with to participate in buyer's time period that buyer adds up identical.In the present invention, the system time section of described participation system statistics is identical with buyer's time period that participation buyer adds up, and is namely 1 month or 2 months simultaneously.

(3.2) transaction record (i, b, s, p, t, q, r) of buyer to be detected is extracted;

(3.3) 4. employing formula calculates intrusion scene Tr (b) of this buyer;

$\mathrm{Tr}\left(b\right)=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O\left(b\right)$ ④

In formula, C ₀for the coefficient relevant to transaction value; The transaction value that buyer is each within the buyer's time period determined is p _i, concluded the business K time altogether, the corresponding state of each transaction is q _i; The nonrecurring cost that O (b) is buyer;

(3.4) calculate buyer conclude the business bring seller's credit change.Owing to existing, malice is poor comments flat possibility, and by attacking At (c), the profit of this buyer should distinguish seller's statistics, and within the buyer's time period participating in statistics, buyer is same, S1, S2 ..., Sm is m merchant transaction altogether.The attack of buyer is made a profit and is expressed as.5. employing formula calculates profit cost Cr (b) of this buyer;

$\mathrm{Cr}\left(b\right)=\underset{i=1}{\overset{m}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ⑤

In formula, within buyer's time period, buyer is with the individual different sellers transaction of m, and seller's prestige changes values that △ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, F is trading rules.

(3.5) in order to same buyer's intrusion scene carries out quantitative comparison, the profit/intrusion scene of buyer is expressed as Ratc (b).In the present embodiment, profit/intrusion scene Ratc (b) of formula 6. this calculating buyer is adopted;

$\mathrm{Ratc}\left(b\right)=\frac{C\×\mathrm{Cr}\left(b\right)}{\mathrm{Tr}\left(b\right)}$ ⑥

In formula, C is the ratio of system trading activity feature, the profit cost that Cr (b) is buyer, the intrusion scene that Tr (b) is buyer;

(3.6) judge whether this buyer has aggressiveness according to profit/intrusion scene Ratc (b) of buyer; Namely, when profit/intrusion scene Ratc (b) of this buyer is greater than the attack propensity value of setting, judge that this buyer has and attack tendency, extract and report punishment system with the Bidder Information of its transaction and the credit weights of buyer are reduced to zero; When profit/intrusion scene Ratc (b) of this buyer is less than the attack propensity value of setting and is greater than the potential attack propensity value of setting, judge that this buyer has potential attack tendency, reduce the credit weights of this buyer; When profit/intrusion scene Ratc (b) of this buyer is less than the potential attack propensity value of setting, judge that this buyer is normal, the credit weights of buyer are constant.

In the present embodiment, the attack propensity value of setting is 1.2, and potential attack propensity value is 0.8.Now, judge whether buyer has according to Rate (b) and attack tendency, method of discrimination is as follows:

If（Rate(b)>1.2）

Buyer's trading activity is abnormal, has and attacks tendency, extracts the vendor information with its transaction, punishes;

else

If（Rate(b)>0.8）

Buyer's trading activity is normal, likely has and attacks tendency, need to process further;

else

Buyer's trading activity is normal.

In C2C electronic business mode, credit rating is important for seller, and it has great impact by the trading volume in seller future and income, but the credit rating of buyer does not just have seller so important, does not have seller can refuse because of buyer's credit problems to conclude the business.The emphasis that buyer pays close attention to is the obtainable commodity of transaction and service, and how many credit proceed can be brought just so not to be concerned about to seller to trading activity.Therefore, can according to the transaction condition detection to buyer, the ability that dynamic adjustment buyer changes seller's credit, and do not cause buyer to oppose.Weights can increased in original electronic transaction credit evaluation system based on above reason, according to differentiation result dynamic conditioning buyer credit computation model, reach minimizing buyer and attack impact attack, the object of specification trading activity.

The credit attack detecting of a kind of Electronic Commerce system designed by said method and system of defense, as shown in Figure 4, the trading activity detecting unit primarily of Transaction Information extraction unit, system trading activity feature acquiring unit and single buyer is formed.Wherein,

Transaction Information extraction unit: detect desired data set by extracting in e-commerce system trading information data storehouse; The data acquisition of said extracted comprises: transaction id (every part commodity of transaction all produce a transaction id), represents with set I; Buyer ID, represents by set B; Seller ID, represents by S set; Exchange hour, represents with set T; Tradable commodity price, represents with set P; Transaction results, represents with set Q, Transaction Success value 1, unsuccessful value 0; Transaction is evaluated, and represents with set R.

The ratio calculation module that system trading activity feature acquiring unit comprises system time section determination module, module chosen by sample, buyer's intrusion scene computing module, average attack pricing module, buyer make a profit pricing module, average profit pricing module and system trading activity feature.

System time section determination module: determine the system time section participating in system statistics.

Module chosen by sample: the sample X choosing the buyer's transaction record participating in statistics ₁, X ₂... X _n, wherein each sample is the transaction record (i, b, s, p, t, q, r) of a buyer.In the present embodiment, sample choose the sample of buyer's transaction record in module choose adopt randomly draw, category extracts mode or other better can react the sample selection method of concrete ecommerce feature.

Buyer's intrusion scene computing module: 1. employing formula calculates the buyer's intrusion scene Tr in each sample respectively,

$\mathrm{Tr}=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O$ ①

In formula, C ₀for the coefficient relevant to transaction value; The transaction value that buyer is each in the system time section determined is p _i, concluded the business K time altogether, the corresponding state of each transaction is q _i; O is the nonrecurring cost of buyer.

Average attack pricing module: be averaged to all results of buyer's intrusion scene computing module gained, calculates the average attack cost ATr of all samples.

Buyer makes a profit pricing module: the employing formula 2. buyer calculated respectively in each sample is made a profit cost Cr,

$\mathrm{Cr}=\underset{i=1}{\overset{k}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ②

In formula, in the system time section determined, buyer has concluded the business K time altogether, seller's prestige changes values that △ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, and F is trading rules.

Average profit pricing module: buyer's all results of pricing module gained of making a profit are averaged, calculate the average profit cost ACr of all samples.

The ratio calculation module of system trading activity feature: the ratio C adopting formula 3. computing system trading activity feature,

$C=\frac{\mathrm{ATr}}{\mathrm{ACr}}$ ③

In formula, ATr is the average attack cost of all samples, and ACr is the average profit cost of all samples.

The trading activity detecting unit of single buyer comprises single buyer's time determination module, single buyer's transaction record extraction module, single buyer's intrusion scene computing module, single buyer make a profit the aggressive judge module of pricing module, single buyer's profit/intrusion scene computing module and single buyer.

Single buyer's time determination module: determine the buyer's time period participating in buyer's statistics.

Single buyer's transaction record extraction module: the transaction record (i, b, s, p, t, q, r) extracting buyer to be detected.

Single buyer's intrusion scene computing module: 4. employing formula calculates intrusion scene Tr (b) of this buyer;

$\mathrm{Tr}\left(b\right)=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O\left(b\right)$ ④

In formula, C ₀for the coefficient relevant to transaction value; The transaction value that buyer is each within the buyer's time period determined is p _i, concluded the business K time altogether, the corresponding state of each transaction is q _i; The nonrecurring cost that O (b) is buyer.

Single buyer makes a profit pricing module: 5. employing formula calculates profit cost Cr (b) of this buyer;

$\mathrm{Cr}\left(b\right)=\underset{i=1}{\overset{m}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ⑤

In formula, within buyer's time period, buyer is with the individual different sellers transaction of m, and seller's prestige changes values that △ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, F is trading rules.

Single buyer's profit/intrusion scene computing module: profit/intrusion scene Ratc (b) adopting formula 6. this calculating buyer,

$\mathrm{Ratc}\left(b\right)=\frac{C\×\mathrm{Cr}\left(b\right)}{\mathrm{Tr}\left(b\right)}$ ⑥

In formula, C is the ratio of system trading activity feature, the profit cost that Cr (b) is buyer, the intrusion scene that Tr (b) is buyer.

The aggressive judge module of single buyer: judge whether this buyer has aggressiveness according to profit/intrusion scene Ratc (b) of buyer; Namely, when profit/intrusion scene Ratc (b) of this buyer is greater than the attack propensity value of setting, judge that this buyer has and attack tendency, extract and report punishment system with the Bidder Information of its transaction and the credit weights of buyer are reduced to zero; When profit/intrusion scene Ratc (b) of this buyer is less than the attack propensity value of setting and is greater than the potential attack propensity value of setting, judge that this buyer has potential attack tendency, reduce the credit weights of this buyer; When profit/intrusion scene Ratc (b) of this buyer is less than the potential attack propensity value of setting, judge that this buyer is normal, the credit weights of buyer are constant.In the present embodiment, the attack propensity value set in the aggressive judge module of single buyer is 1.2, and potential attack propensity value is 0.8.

In the present invention, the system time section participating in system statistics in system time section determination module is identical with participating in buyer's time period that buyer adds up in single buyer's time determination module.Participating in participating in the system time section of system statistics and single buyer's time determination module buyer's time period that buyer adds up in system time section determination module is all set to 1 month or 2 months.

Claims (10)

1. the credit attack detecting of Electronic Commerce system and defence method, is characterized in that comprising the steps:

(1) Transaction Information extracts:

Desired data set is detected by extracting in e-commerce system trading information data storehouse; The data acquisition of said extracted comprises: transaction id, represents with set I; Buyer ID, represents by set B; Seller ID, represents by S set; Exchange hour, represents with set T; Tradable commodity price, represents with set P; Transaction results, represents with set Q, Transaction Success value 1, unsuccessful value 0; Transaction is evaluated, and represents with set R;

(2) system trading activity feature is obtained:

(2.1) the system time section participating in system statistics is determined;

(2.2) the sample X of the buyer's transaction record participating in statistics is chosen ₁, X ₂... X _n, wherein each sample is the transaction record (i, b, s, p, t, q, r) of a buyer;

(2.3) 1. employing formula calculates the buyer's intrusion scene Tr in each sample respectively,

$\mathrm{Tr}=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O$ ①

In formula, C ₀for the coefficient relevant to transaction value; p _ifor the transaction value that buyer in the system time section determined is each; q _ifor in the system time section determined, buyer concludes the business corresponding state at every turn; K is the number of times of buyer's transaction in the system time section determined; O is the nonrecurring cost of buyer;

(2.4) all results of step (2.3) gained are averaged, calculate the average attack cost ATr of all samples;

(2.5) the employing formula 2. buyer calculated respectively in each sample is made a profit cost Cr,

$\mathrm{Cr}=\underset{i=1}{\overset{k}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ②

In formula, k is the number of times that buyer concludes the business altogether in the system time section determined; Seller's prestige changes values that Δ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, F is trading rules;

(2.6) all results of step (2.5) gained are averaged, calculate the average profit cost ACr of all samples;

(2.7) ratio C of formula 3. computing system trading activity feature is adopted,

$C=\frac{\mathrm{ATr}}{\mathrm{ACr}}$ ③

In formula, ATr is the average attack cost of all samples, and ACr is the average profit cost of all samples;

(3) trading activity of single buyer is detected:

(3.1) the buyer's time period participating in buyer's statistics is determined;

(3.2) transaction record (i, b, s, p, t, q, r) of buyer to be detected is extracted;

(3.3) 4. employing formula calculates intrusion scene Tr (b) of this buyer;

$\mathrm{Tr}\left(b\right)=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O\left(b\right)$ ④

In formula, C ₀for the coefficient relevant to transaction value; p _ifor the transaction value that buyer in the system time section determined is each; q _ifor in the system time section determined, buyer concludes the business corresponding state at every turn; K is the number of times of buyer's transaction in the system time section determined; The nonrecurring cost that O (b) is buyer;

(3.4) 5. employing formula calculates profit cost Cr (b) of this buyer;

$\mathrm{Cr}\left(b\right)=\underset{i=1}{\overset{m}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ⑤

In formula, within buyer's time period, buyer is with the individual different sellers transaction of m, seller's prestige changes values that Δ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, and F is trading rules;

(3.5) profit/intrusion scene Ratc (b) of formula 6. this calculating buyer is adopted;

$\mathrm{Ratc}\left(b\right)=\frac{C\×\mathrm{Cr}\left(b\right)}{\mathrm{Tr}\left(b\right)}$ ⑥

In formula, C is the ratio of system trading activity feature, the profit cost that Cr (b) is buyer, the intrusion scene that Tr (b) is buyer;

(3.6) judge whether this buyer has aggressiveness according to profit/intrusion scene Ratc (b) of buyer; Namely, when profit/intrusion scene Ratc (b) of this buyer is greater than the attack propensity value of setting, judge that this buyer has and attack tendency, extract and report punishment system with the Bidder Information of its transaction and the credit weights of buyer are reduced to zero; When profit/intrusion scene Ratc (b) of this buyer is less than the attack propensity value of setting and is greater than the potential attack propensity value of setting, judge that this buyer has potential attack tendency, reduce the credit weights of this buyer; When profit/intrusion scene Ratc (b) of this buyer is less than the potential attack propensity value of setting, judge that this buyer is normal, the credit weights of buyer are constant.

2. the credit attack detecting of Electronic Commerce system according to claim 1 and defence method, is characterized in that, in step (2.2), the employing of choosing of the sample of buyer's transaction record is randomly drawed or category extracts mode.

3. the credit attack detecting of Electronic Commerce system according to claim 1 and defence method, it is characterized in that, the system time section participating in system statistics in step (2.1) and step (3.1) be middle, and to participate in buyer's time period that buyer adds up identical.

4. the credit attack detecting of Electronic Commerce system according to claim 3 and defence method, it is characterized in that, participate in the system time section of system statistics and step (3.1) in step (2.1) and participate in buyer's time period that buyer adds up and be all set to 1 month or 2 months.

5. the credit attack detecting of Electronic Commerce system according to claim 1 and defence method, is characterized in that, in step (3.6), the attack propensity value of setting is 1.2, and potential attack propensity value is 0.8.

6. the credit attack detecting of Electronic Commerce system and system of defense, is characterized in that, the trading activity detecting unit primarily of Transaction Information extraction unit, system trading activity feature acquiring unit and single buyer is formed, wherein,

Transaction Information extraction unit: detect desired data set by extracting in e-commerce system trading information data storehouse; The data acquisition of said extracted comprises: transaction id, represents with set I; Buyer ID, represents by set B; Seller ID, represents by S set; Exchange hour, represents with set T; Tradable commodity price, represents with set P; Transaction results, represents with set Q, Transaction Success value 1, unsuccessful value 0; Transaction is evaluated, and represents with set R;

The ratio calculation module that system trading activity feature acquiring unit comprises system time section determination module, module chosen by sample, buyer's intrusion scene computing module, average attack pricing module, buyer make a profit pricing module, average profit pricing module and system trading activity feature;

System time section determination module: determine the system time section participating in system statistics;

Module chosen by sample: the sample X choosing the buyer's transaction record participating in statistics ₁, X ₂... X _n, wherein each sample is the transaction record (i, b, s, p, t, q, r) of a buyer;

Buyer's intrusion scene computing module: 1. employing formula calculates the buyer's intrusion scene Tr in each sample respectively,

$\mathrm{Tr}=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O$ ①

In formula, C ₀for the coefficient relevant to transaction value; p _ifor the transaction value that buyer in the system time section determined is each; q _ifor in the system time section determined, buyer concludes the business corresponding state at every turn; K is the number of times of buyer's transaction in the system time section determined; O is the nonrecurring cost of buyer;

Average attack pricing module: be averaged to all results of buyer's intrusion scene computing module gained, calculates the average attack cost ATr of all samples;

Buyer makes a profit pricing module: the employing formula 2. buyer calculated respectively in each sample is made a profit cost Cr,

$\mathrm{Cr}=\underset{i=1}{\overset{k}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ②

In formula, k is the number of times of buyer's transaction in the system time section determined; Seller's prestige changes values that Δ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, F is trading rules;

Average profit pricing module: buyer's all results of pricing module gained of making a profit are averaged, calculate the average profit cost ACr of all samples;

The ratio calculation module of system trading activity feature: the ratio C adopting formula 3. computing system trading activity feature,

$C=\frac{\mathrm{ATr}}{\mathrm{ACr}}$ ③

In formula, ATr is the average attack cost of all samples, and ACr is the average profit cost of all samples;

The trading activity detecting unit of single buyer comprises single buyer's time determination module, single buyer's transaction record extraction module, single buyer's intrusion scene computing module, single buyer make a profit the aggressive judge module of pricing module, single buyer's profit/intrusion scene computing module and single buyer;

Single buyer's time determination module: determine the buyer's time period participating in buyer's statistics;

Single buyer's transaction record extraction module: the transaction record (i, b, s, p, t, q, r) extracting buyer to be detected;

Single buyer's intrusion scene computing module: 4. employing formula calculates intrusion scene Tr (b) of this buyer;

$\mathrm{Tr}\left(b\right)=C_0\underset{i=1}{\overset{k}{\mathrm{\Σ}}}(p_i\×q_i)+O\left(b\right)$ ④

In formula, C ₀for the coefficient relevant to transaction value; p _ifor the transaction value that buyer in the system time section determined is each; q _ifor in the system time section determined, buyer concludes the business corresponding state at every turn; K is the number of times of buyer's transaction in the system time section determined; The nonrecurring cost that O (b) is buyer;

Single buyer makes a profit pricing module: 5. employing formula calculates profit cost Cr (b) of this buyer;

$\mathrm{Cr}\left(b\right)=\underset{i=1}{\overset{m}{\mathrm{\Σ}}}\left|\mathrm{\Δf}\right|$ ⑤

In formula, within buyer's time period, buyer is with the individual different sellers transaction of m, seller's prestige changes values that Δ f=F (i, b, s, p, t, q, r) causes for each trading activity of buyer, and F is trading rules;

Single buyer's profit/intrusion scene computing module: profit/intrusion scene Ratc (b) adopting formula 6. this calculating buyer;

$\mathrm{Ratc}\left(b\right)=\frac{C\×\mathrm{Cr}\left(b\right)}{\mathrm{Tr}\left(b\right)}$ ⑥

In formula, C is the ratio of system trading activity feature, the profit cost that Cr (b) is buyer, the intrusion scene that Tr (b) is buyer;

The aggressive judge module of single buyer: judge whether this buyer has aggressiveness according to profit/intrusion scene Ratc (b) of buyer; Namely, when profit/intrusion scene Ratc (b) of this buyer is greater than the attack propensity value of setting, judge that this buyer has and attack tendency, extract and report punishment system with the Bidder Information of its transaction and the credit weights of buyer are reduced to zero; When profit/intrusion scene Ratc (b) of this buyer is less than the attack propensity value of setting and is greater than the potential attack propensity value of setting, judge that this buyer has potential attack tendency, reduce the credit weights of this buyer; When profit/intrusion scene Ratc (b) of this buyer is less than the potential attack propensity value of setting, judge that this buyer is normal, the credit weights of buyer are constant.

7. the credit attack detecting of Electronic Commerce system according to claim 6 and system of defense, is characterized in that, the employing of choosing that the sample of buyer's transaction record in module chosen by sample is randomly drawed or category extracts mode.

8. the credit attack detecting of Electronic Commerce system according to claim 6 and system of defense, it is characterized in that, the system time section participating in system statistics in system time section determination module is identical with participating in buyer's time period that buyer adds up in single buyer's time determination module.

9. the credit attack detecting of Electronic Commerce system according to claim 8 and system of defense, it is characterized in that, participating in participating in the system time section of system statistics and single buyer's time determination module buyer's time period that buyer adds up in system time section determination module is all set to 1 month or 2 months.

10. the credit attack detecting of Electronic Commerce system according to claim 6 and system of defense, is characterized in that, the attack propensity value set in the aggressive judge module of single buyer is 1.2, and potential attack propensity value is 0.8.