CN102917334B - A kind of violation terminal built-in behavior processing method, apparatus and system - Google Patents

A kind of violation terminal built-in behavior processing method, apparatus and system Download PDF

Info

Publication number
CN102917334B
CN102917334B CN201110218380.2A CN201110218380A CN102917334B CN 102917334 B CN102917334 B CN 102917334B CN 201110218380 A CN201110218380 A CN 201110218380A CN 102917334 B CN102917334 B CN 102917334B
Authority
CN
China
Prior art keywords
user
business
abnormal
confirmation
users
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110218380.2A
Other languages
Chinese (zh)
Other versions
CN102917334A (en
Inventor
胡铁
胡云
杨刚
张磊
水波
王珂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Beijing Co Ltd
Aspire Digital Technologies Shenzhen Co Ltd
Original Assignee
China Mobile Group Beijing Co Ltd
Aspire Digital Technologies Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Beijing Co Ltd, Aspire Digital Technologies Shenzhen Co Ltd filed Critical China Mobile Group Beijing Co Ltd
Priority to CN201110218380.2A priority Critical patent/CN102917334B/en
Publication of CN102917334A publication Critical patent/CN102917334A/en
Application granted granted Critical
Publication of CN102917334B publication Critical patent/CN102917334B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention discloses a kind of violation terminal built-in behavior processing method, apparatus and system, methods described includes the user behaviors log data of capturing service management platform whole user;Extract the daily record data that user uplink uses business;The each up frequency of the daily user terminal number is calculated by user terminal number, and judges the frequency whether in number range set in advance, in this way, then counts 1 frequency exception;Judge whether frequency frequency of abnormity of the user terminal number in some cycles exceedes setting number, in this way, be then determined as abnormal user;Operation to abnormal user program request SP business carries out subscription authentication control.The apparatus and system of the present invention are used to realize methods described.Using the present invention, it can accurately find the behavior of violation terminal built-in and effectively contain this behavior, reduce the situation of terminal violation fee suction, ensure user benefit from infringement.

Description

A kind of violation terminal built-in behavior processing method, apparatus and system
Technical field
The present invention relates to communication technical field, more particularly to a kind of violation terminal built-in behavior processing method, device and it is System.
Background technology
As the user group using mountain vallage machine increasingly increases, partial service provider gives birth in conjunction with solution business, mobile phone Business men, the SP built in violation in mountain vallage machine(ISP, Service Provider)Business, in the unwitting situation of user SP business built in violation is deducted fees in lower triggering, and here it is so-called " mountain vallage machine fee suction trap ".This Terminal Type(Mountain vallage machine)In violation The behavior of putting has triggered user largely to complain, and certain customers open in order to avoid closing mobile information service by fee suction even requirement Close, the serious popularization that have impact on regular traffic.At present, terminal(Mountain vallage machine)Behavior is many built in violation, and common disobeys Rule built-in manner includes:Built-in menu mode, when the built-in menu of user's click mountain vallage machine, that is, trigger service order or industry Make sure use;Built-in backdoor programs mode, Backdoor Software is random or triggers service order or business use according to user key-press;It is interior Put Games Software mode, mountain vallage machine user during playing mobile phone built-in game, it is necessary to when into next pass, by " it is determined that " Trigger service order or business uses;Application software mode, the application software that user downloads(Such as mobile phone theme)In, hide Fee suction trap, it is automatic to trigger service order or business use.
For violation terminal built-in behavior, at present in the means of checking, mainly there are the testing of mountain vallage machine, customer complaint verification two Kind.Mountain vallage machine testing, active testing is carried out for business conduct built in the violation in mountain vallage machine, discovery has analog subscriber and ordered Purchase, without reminding rates, menu content is vulgar, the problems such as not providing business tine of deducting fees, so as to judge terminal suspicion exist disobey The abnormal user of behavior built in rule and abnormal SP business.Its shortcoming is:Type limited coverage area, part mountain vallage machine can only be found Unlawful practice;Mountain vallage machine manufacturer is had been carried out as built in batch selectivity, therefore testing result has inaccuracy.Customer complaint Verification, then be to extract user by artificial mode according to customer complaint to be analyzed using business diary data, judges to complain In violation of rules and regulations whether the business that the authenticity of content and determination are complained.Its shortcoming is:Belong to passive processing, can not effectively reduce user The rate of complaints;Meanwhile being based on insufficient grounds as business violation, that evidence obtaining is difficult be present.
The content of the invention
The technical problem that the embodiment of the present invention solves is, there is provided a kind of violation terminal built-in behavior processing method, dress Put and system, can actively, effectively find the behavior of violation terminal built-in and be handled, reduce the situation of terminal violation fee suction, The rate of complaints of user to violation terminal built-in behavior fee suction is reduced, ensures user benefit from infringement.
To achieve these goals, the embodiments of the invention provide a kind of violation terminal built-in behavior processing method, including:
The user behaviors log data of capturing service management platform whole user;
Extract the daily record data that the user uplink uses business;
The each up frequency of the daily user terminal number is calculated by user terminal number, and whether judges the frequency In number range set in advance, in this way, then 1 frequency exception is counted;
Judge whether frequency frequency of abnormity of the user terminal number in some cycles exceedes setting number, in this way, then It is determined as abnormal user;
Operation to the abnormal user program request SP business carries out subscription authentication control.
Further, operation to the abnormal user program request SP business, which carries out the step of subscription authentication control, includes:
Groups of users authentication is carried out to the abnormal user, determines the groups of users belonging to it;
SP using the groups of users secondary-confirmation strategy corresponding to the groups of users of determination to the abnormal user program request Business carries out authentication control.
Further, groups of users authentication, the step of determining the groups of users belonging to it, tool are carried out to the abnormal user Body includes:
Frequency to the complaint amount of violation charge or is complained according to the abnormal user, determined belonging to the abnormal user Groups of users.
Further, the groups of users includes high sensitive groups of users and low sensitivity groups of users, wherein, to disobeying Advise the complaint amount of charge or complain frequency to reach the user of the first setting number condition and belong to high sensitive groups of users, to disobeying Advise the complaint amount of charge or complain frequency to reach the user of the second setting number condition and belong to low sensitivity groups of users.
Further, the corresponding groups of users secondary-confirmation strategy that the high sensitive groups of users is set as:Random code Secondary-confirmation or challenge secondary-confirmation;
The corresponding groups of users secondary-confirmation strategy that the low sensitivity groups of users is set as:Simple problem is secondary really Recognize.
Accordingly, the embodiment of the present invention additionally provides another violation terminal built-in behavior processing method, including:
The user behaviors log data of capturing service management platform whole user;
Extract the daily record data that the user uplink uses business;
The each up frequency of the daily user terminal number is calculated by user terminal number, and whether judges the frequency In number range set in advance, in this way, then 1 frequency exception is counted;
Judge whether frequency frequency of abnormity of the user terminal number in some cycles exceedes setting number, in this way, then It is determined as abnormal user;
Extract the SP service lists of the abnormal user up access of success in some cycles;
Row index is successfully gone up accordingly by the business statistics in the service lists;
Judge whether the successfully upper row index exceedes setting number, in this way, then judge the business for abnormal SP business;
Operation to abnormal SP business described in user's program request carries out service authentication control.
Further, the successfully upper row index includes abnormal user number, abnormal user successfully goes up line number and abnormal use Any one or more in the up accounting of family success.
Further, operation to abnormal SP business described in user's program request, which carries out the step of service authentication control, includes:
Service group's authentication is carried out to the abnormal SP business, determines its affiliated service group;
Authentication control is carried out to the SP business using service group's secondary-confirmation strategy corresponding to the service group of determination System.
Further, if abnormal SP business, then service group's authentication is carried out to the SP business, determines its affiliated industry The step of business group, specifically include:
According to the difference of the abnormal SP business violation order of severity, the business group belonging to the SP abnormal traffics is determined Group.
Further, the service group includes high violation degree service group, middle violation degree service group and low violation Service group is spent, wherein, the SP business that frequency of occurrence frequency of abnormity reaches the 3rd setting number condition belongs to high violation degree business Group, the SP business that frequency of occurrence frequency of abnormity reaches the 4th setting number condition belong to middle violation degree service group, frequency occur The SP business that secondary frequency of abnormity reaches the 5th setting number condition belongs to low violation degree service group.
Further, corresponding service group's secondary-confirmation strategy that the high violation degree service group sets as:It is secondary true It is the equal secondary-confirmation of each program request to recognize rule, and secondary-confirmation pattern is challenge secondary-confirmation or random code secondary-confirmation;
Corresponding service group's secondary-confirmation strategy that the middle violation degree service group sets as:Headed by secondary-confirmation rule Secondary program request secondary-confirmation, secondary-confirmation pattern are challenge secondary-confirmation or random code secondary-confirmation;
Corresponding service group's secondary-confirmation strategy that the low violation degree service group sets as:Headed by secondary-confirmation rule Secondary program request secondary-confirmation, secondary-confirmation pattern are simple problem secondary-confirmation.
Accordingly, present invention also offers a kind of violation terminal built-in behavior processing unit, including:
Collecting unit, the user behaviors log data for capturing service management platform whole user;
First extracting unit, the daily record data of business is used for extracting the user uplink;
First statistic unit, for calculating each up frequency of the daily user terminal number by user terminal number, And the frequency is judged whether in number range set in advance, in this way, then count 1 frequency exception;
First judging unit, for judging whether frequency frequency of abnormity of the user terminal number in some cycles exceedes Number is set, in this way, is then determined as abnormal user;
Subscription authentication control unit, subscription authentication control is carried out for the operation to the abnormal user program request SP business.
Further, the subscription authentication control unit further comprises:
First determining unit, for carrying out groups of users authentication to the user, determine the groups of users belonging to it;
First control unit, for the groups of users secondary-confirmation strategy corresponding to the groups of users using determination to described The SP business of user's program request carries out authentication control.
Further, described device also includes:
Second extracting unit, for extracting the SP business row of the abnormal user up access of success in some cycles Table;
Second statistic unit, for successfully going up row index accordingly by the business statistics in the service lists;
Second judging unit, for judging whether the successfully upper row index exceedes setting number, in this way, then it is determined as different Normal SP business;
Service authentication control unit, service authentication control is carried out for the operation to abnormal SP business described in user's program request.
Further, the service authentication control unit further comprises:
Second determining unit, for carrying out service group's authentication to the abnormal SP business, determine the business group belonging to it Group;
Second control unit, for service group's secondary-confirmation strategy corresponding to the service group using determination to described The SP business of user's program request carries out authentication control.
Accordingly, present invention also offers a kind of violation terminal built-in behavior processing system, the system, which includes checking, is System and Business Management Platform;
The audit system is used for the abnormal user for checking that terminal suspicion on Business Management Platform has behavior built in violation With abnormal SP business, and according to preparatory condition, the abnormal user and abnormal SP business are divided into different groups of users and industry Be engaged in group, and sets different groups of users secondary-confirmation strategies and service group for different groups of users and service group Secondary-confirmation strategy;
The Business Management Platform is used for after the SP service requests of user's program request are received, and judges that the user uses to be abnormal During family, groups of users authentication is carried out, then the SP business of user's program request is entered using corresponding groups of users secondary-confirmation strategy Row authentication control;Or after receiving the SP service requests of user's program request, it is not abnormal user to judge the user, then judge described When the SP business of program request is abnormal SP business, service group's authentication is carried out, then using corresponding service group's secondary-confirmation plan Authentication control slightly is carried out to the SP business of user's program request.
Further, the audit system includes:
Collecting unit, the user behaviors log data for capturing service management platform user;
Extracting unit, the daily record data of business is used for extracting user uplink;
Statistical analysis unit, the number abnormal for counting its daily frequency respectively by user terminal number, it is determined that abnormal User, and according to preparatory condition, it is included in different groups of users;And by the up using business of the abnormal user Daily record data, it is counted respectively according to SP business and successfully goes up row index, it is determined that abnormal SP business, and according to preparatory condition, by institute State abnormal SP business and be included in different service groups;
Dispensing unit, for setting different groups of users secondary-confirmation plans for different groups of users and service group Omit and service group's secondary-confirmation strategy.
Further, the Business Management Platform includes:
Subscription authentication module, for judging whether the user of program request SP business is abnormal user, and abnormal user, then sentence in this way The groups of users broken belonging to it, and using the groups of users secondary-confirmation strategy corresponding to the groups of users determined to the user The SP business of program request is authenticated;
Service authentication module, for judging whether the SP business of user's program request is abnormal SP business, abnormal SP business in this way, Then determine whether the service group belonging to it, and service group's secondary-confirmation strategy corresponding to using the service group determined The SP business of user's program request is authenticated.
Further, the subscription authentication module includes:
Judging unit, for judging whether the user of program request SP business is abnormal user;
Searching unit, the groups of users belonging to abnormal user judged for searching the judging unit;
Authenticating unit, groups of users secondary-confirmation plan corresponding to the groups of users found for the use searching unit Slightly the SP business of user's program request is authenticated.
Further, the service authentication module includes:
Judging unit, for judging whether the SP business of user's program request is abnormal SP business;
Searching unit, the service group belonging to abnormal traffic judged for searching the judging unit;
Authenticating unit, service group's secondary-confirmation plan corresponding to the service group found for the use searching unit Slightly the SP business of user's program request is authenticated.
Further, the Business Management Platform is secondary for different groups of users secondary-confirmation strategies and service group Confirm strategy, provided with different exam pools, including random code exam pool, challenge exam pool and simple problem exam pool, the exam pool The Business Management Platform can also be supplied to by audit system.
Implement the embodiment of the present invention, have the advantages that:
1st, judged by checking, statistical analysis user uplink uses the daily record data of business, can more accurately find There is the abnormal user of behavior built in violation and abnormal SP business in terminal suspicion, and then it is grouped, for different groups Different control strategies are set, realize fine-grained management.
2nd, for different groups of users and service group, using different secondary-confirmation control strategies, can realize Targetedly management operation, make that easily secondary-confirmation can not be completed for user built in terminal violation, it is significantly more efficient to reduce eventually The situation of violation fee suction is held, reduces complaint amount of the user to violation fee suction, ensures user benefit from infringement.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, without having to pay creative labor, may be used also To obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the flow chart of the first embodiment of the violation terminal built-in behavior processing method of the present invention;
Fig. 2 is the groups of users secondary-confirmation strategy configuration diagram of the present invention;
Fig. 3 is the flow chart of the second embodiment of the violation terminal built-in behavior processing method of the present invention;
Fig. 4 is service group's secondary-confirmation strategy configuration diagram of the present invention;
Fig. 5 is flow chart of the user using the method program request SP business of the present invention;
Fig. 6 is the structural representation of the first embodiment of the violation terminal built-in behavior processing unit of the present invention;
Fig. 7 is the structural representation of the subscription authentication control unit of the violation terminal built-in behavior processing unit of the present invention;
Fig. 8 is the structural representation of the second embodiment of the violation terminal built-in behavior processing unit of the present invention;
Fig. 9 is the structural representation of the service authentication control unit of the violation terminal built-in behavior processing unit of the present invention;
Figure 10 is an example structure schematic diagram of the violation terminal built-in behavior processing system of the present invention;
Figure 11 is the structural representation of the audit system of the present invention;
Figure 12 is the structural representation of the Business Management Platform of the present invention;
Figure 13 is the structural representation of the subscription authentication module of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.
Fig. 1 is referred to, is the flow chart of the first embodiment of violation terminal built-in behavior processing method of the present invention;The side Method includes:
Step S101, the user behaviors log data of capturing service management platform whole user.
In the specific implementation, the user behaviors log data of capturing service management platform whole user are prior art, herein no longer Repeat.
Step S102, extract the daily record data that the user uplink uses business.
In the specific implementation, it is prior art to extract the user uplink using the daily record data of business, here is omitted.
Step S103, each up frequency of the daily user terminal number is calculated by user terminal number, and judge institute The frequency is stated whether in number range set in advance, in this way, then counts 1 frequency exception.
Specifically, the frequency refers to that user passes through the up time interval using SP business of short message channel.If the frequency It is secondary in frequency abnormal ranges set in advance(Such as 0≤Pin≤10, it can match somebody with somebody), then 1 frequency exception is counted, is united according to this rule Count the daily frequency frequency of abnormity of Subscriber Number.
It judges that principle is as follows:The built-in in violation of rules and regulations terminal of SP business(Mountain vallage machine), generally click on menu triggering in user Or backdoor programs seizure user key-press will trigger upstream request automatically and use business, i.e., alternative family automatically initiates request, due to The time of user key-press is very short, and it is very short to may result in the up frequency of user, generally all there was only several seconds, and some is even same There is a situation where in one second repeatedly up.And normal users initiate request, input instruction short message is needed, is then retransmited, then is seen down Row result, then write program request instruction again and send short message, the up frequency is typically not less than 10 seconds.Therefore, the frequency can be less than The up program request of 10 seconds is considered as exception.
Step S104, judges whether frequency frequency of abnormity of the user terminal number in some cycles exceedes setting number Mesh, in this way, then it is determined as abnormal user.
Specifically, if user terminal number is up to use business, one week Nei Duo(Such as more than 3 days, can match somebody with somebody)Exist up The frequency is abnormal, or exists in one week multiple(Such as more than 7 times, can match somebody with somebody)The up frequency is abnormal, can assert that the user terminal number is Abnormal user.
Step S105, the operation to the abnormal user program request SP business carry out subscription authentication control.
In the specific implementation, the operation to the abnormal user program request SP business includes the step of carrying out subscription authentication control:
(One)Groups of users authentication is carried out to the abnormal user, determines the groups of users belonging to it;
(Two)Using the groups of users secondary-confirmation strategy corresponding to the groups of users of determination to the abnormal user program request SP business carry out authentication control.
Wherein, step(One)Groups of users authentication is carried out to the abnormal user, determines the step of the groups of users belonging to it Suddenly, specifically include:
Frequency to the complaint amount of violation charge or is complained according to the abnormal user, determined belonging to the abnormal user Groups of users.
The groups of users includes high sensitive groups of users and low sensitivity groups of users, wherein, to violation charge The user that complaint amount or complaint frequency reach the first setting number condition belongs to high sensitive groups of users, to violation charge The user that complaint amount or complaint frequency reach the second setting number condition belongs to low sensitivity groups of users.According to the exception User determines the groups of users belonging to the abnormal user to the complaint amount or complaint frequency of violation charge.
Step(Two)Using the groups of users secondary-confirmation strategy corresponding to the groups of users of determination to user's program request SP business carry out authentication control.
In the specific implementation, corresponding groups of users secondary-confirmation strategy is shown in Figure 2.
The corresponding groups of users secondary-confirmation strategy that the high sensitive groups of users is set as:Random code secondary-confirmation or Person's challenge secondary-confirmation, wherein random code and challenge are all provided by corresponding exam pool.Random code is generally a word Symbol string, its validation testing can be, such as:" please input character string ' ahgt21 ' to confirm program request ", user input " ahgt21 " Program request can be confirmed;Challenge refers to the problem of its answer is unique, such as:" 2 plus 3 equal to several" answer is " 5 ", user is defeated Program request can be confirmed by entering correct option.
The corresponding groups of users secondary-confirmation strategy that the low sensitivity groups of users is set as:Simple problem is secondary really Recognize, wherein simple problem is provided by corresponding exam pool, and simple problem refers to that its answer has many problem of, such as:" it please input Any Digit between 10 to 20 ", user can input " any one in 11,12 ... ..., 19 ", you can confirm program request.
It should be noted that groups of users secondary-confirmation strategy is random corresponding to high sensitive groups of users shown in figure Code secondary-confirmation or challenge secondary-confirmation;Groups of users secondary-confirmation strategy corresponding to low sensitivity groups of users is letter The pattern of single problem secondary-confirmation is not what is uniquely determined, can also there is other associative modes, as long as meeting a kind of user Group corresponds to a kind of pattern of secondary-confirmation.
The embodiment of the present invention has following technique effect:
1st, judged by checking, statistical analysis user uplink uses the daily record data of business, can more accurately find There is the abnormal user of behavior built in violation and abnormal SP business in terminal suspicion, and then it is grouped, for different groups Different control strategies are set, realize fine-grained management.
2nd, for different groups of users, using different groups of users secondary-confirmation control strategies, pin can have been realized Management operation to property, make that easily secondary-confirmation, significantly more efficient reduction terminal can not be completed for user built in terminal violation The situation of violation fee suction, complaint amount of the user to violation fee suction is reduced, meanwhile, it can also improve the sense that normal users use business Know.
Fig. 3 is referred to, is the flow chart of the second embodiment of violation terminal built-in behavior processing method of the present invention;The side Method includes:
Step S301, the user behaviors log data of capturing service management platform whole user.
In the specific implementation, it is identical with the step S101 in embodiment illustrated in fig. 1, it will not be repeated here.
Step S302, extract the daily record data that the user uplink uses business.
In the specific implementation, it is identical with the step S102 in embodiment illustrated in fig. 1, it will not be repeated here.
Step S303, each up frequency of the daily user terminal number is calculated by user terminal number, and judge institute The frequency is stated whether in number range set in advance, in this way, then counts 1 frequency exception.
In the specific implementation, it is identical with the step S103 in embodiment illustrated in fig. 1, it will not be repeated here.
Step S304, judges whether frequency frequency of abnormity of the user terminal number in some cycles exceedes setting number Mesh, in this way, then it is determined as abnormal user.
In the specific implementation, it is identical with the step S104 in embodiment illustrated in fig. 1, it will not be repeated here.
Step S305, extract the SP service lists of the abnormal user up access of success in some cycles.
In the specific implementation, for example, extract the abnormal user up access SP service lists of success in one week.
Step S306, row index is successfully gone up accordingly by the business statistics in the service lists.
In the specific implementation, the successfully upper row index includes abnormal user number, abnormal user successfully goes up line number and exception Any one or more in the up accounting of user's success.
The abnormal user number:Refer to " the abnormal user termination number quantity " that the business is accessed in the cycle;
The abnormal user successfully goes up line number:Refer to " abnormal user successfully goes up line number " that the business is accessed in the cycle;
The up accounting of the abnormal user success:The abnormal user for referring to the access business in the cycle successfully goes up line number and cycle The ratio of the successful upper line number of interior whole for accessing the business, can by " abnormal user successfully go up line number divided by successfully on line number, multiplied by Obtained with 100% ".
Step S307, judges whether the successfully upper row index exceedes setting number, in this way, then judges the business for exception SP business.
If in the specific implementation, in the cycle(Such as one week)Abnormal user number exceedes setting value(Such as 1000, it can match somebody with somebody)It is or " abnormal User successfully goes up line number " exceed setting value(Such as 5000, it can match somebody with somebody), and the up accounting of eminently successful exceedes setting value(Such as 10%, can Match somebody with somebody), then judge the business for abnormal SP business.
Step S308, the operation to abnormal SP business described in user's program request carry out service authentication control.
In the specific implementation, the operation to abnormal SP business described in user's program request includes the step of carrying out service authentication control:
(One)Service group's authentication is carried out to the abnormal SP business, determines its affiliated service group;
(Two)The SP business is reflected using service group's secondary-confirmation strategy corresponding to the service group of determination Power control.
Wherein, step(One)The step of carrying out service group's authentication to the SP business, determining its affiliated service group is entered One step includes:
According to the difference of the abnormal SP business violation order of severity, the business group belonging to the SP abnormal traffics is determined Group.
In the specific implementation, the service group include high violation degree service group, middle violation degree service group and it is low disobey Normality service group, wherein, the SP business that frequency of occurrence frequency of abnormity reaches the 3rd setting number condition belongs to high violation degree industry Be engaged in group, and the SP business that frequency of occurrence frequency of abnormity reaches the 4th setting number condition belongs to middle violation degree service group, occurs The SP business that frequency frequency of abnormity reaches the 5th setting number condition belongs to low violation degree service group.According to the abnormal SP industry The difference for the violation order of severity of being engaged in, determines the service group belonging to the SP abnormal traffics.
Step(Two)The SP business is entered using service group's secondary-confirmation strategy corresponding to the service group of determination Row authentication control.
In the specific implementation, corresponding service group's secondary-confirmation strategy is shown in Figure 4.
Service group's secondary-confirmation strategy corresponding to the high violation degree service group:Secondary-confirmation rule is each program request Equal secondary-confirmation, secondary-confirmation pattern are challenge secondary-confirmation or random code secondary-confirmation.Wherein, challenge is by phase The exam pool answered provides, and challenge refers to the problem of its answer is unique, such as:" 2 plus 3 equal to several" answer is " 5 ", user is defeated Program request can be confirmed by entering correct option.Random code is provided by corresponding exam pool.Random code is generally a character string, its confirmation side Formula can be, such as:" please input character string ' ahgt21 ' to confirm program request ", user, which inputs " ahgt21 ", can confirm program request.
Service group's secondary-confirmation strategy corresponding to the middle violation degree service group:Secondary-confirmation rule is program request first Secondary-confirmation, secondary-confirmation pattern are challenge secondary-confirmation or random code secondary-confirmation.Wherein, challenge is by corresponding Exam pool provide, challenge refers to the problem of its answer is unique, such as:" 2 plus 3 equal to several" answer is " 5 ", user's input Correct option can confirm program request.Random code is provided by corresponding exam pool.Random code is generally a character string, its validation testing Can be, such as:" please input character string ' ahgt21 ' to confirm program request ", user, which inputs " ahgt21 ", can confirm program request.
Service group's secondary-confirmation strategy corresponding to the low violation degree service group:Secondary-confirmation rule is program request first Secondary-confirmation, secondary-confirmation pattern are simple problem secondary-confirmation.Wherein simple problem is provided by corresponding exam pool, simple problem Refer to that its answer there are many problem of, such as:" Any Digit that please be input between 10 to 20 ", user can input " 11, Any one in 12 ... ..., 19 ", you can confirm program request.
It should be noted that secondary-confirmation rule is each program request corresponding to the high violation degree service group shown in figure Equal secondary-confirmation, corresponding secondary-confirmation pattern are challenge or random code secondary-confirmation, middle violation degree service group pair The secondary-confirmation rule answered is program request secondary-confirmation first, and corresponding secondary-confirmation pattern is that challenge or random code are secondary Confirm, secondary-confirmation corresponding to low violation degree service group is regular for program request secondary-confirmation first, corresponding secondary-confirmation pattern Pattern for simple problem secondary-confirmation is not what is uniquely determined, can also there is other associative modes, as long as meeting a kind of Service group corresponds to a kind of regular and a kind of secondary-confirmation pattern of secondary-confirmation.
Fig. 5 is referred to, the flow chart of the inventive method program request SP business is used for user.
1)User initiates up-on command demand (telecommunication) service to Short Message Service Gateway;
2)Order request is sent to Business Management Platform by Short Message Service Gateway;
3)Business Management Platform carries out the authentication operations such as subscription authentication, service authentication;
4)Business Management Platform does groups of users authentication, judges which group user belongs to;
5)Groups of users secondary-confirmation strategy authenticates, and judges the secondary-confirmation strategy corresponding to the groups of users of ownership;
6)Business Management Platform does service group's authentication, judges which group is business belong to;
7)Service group's secondary-confirmation strategy authentication, judges the secondary-confirmation strategy corresponding to the service group of ownership;
8)Business Management Platform returns to Short Message Service Gateway order request response, and mark needs user to carry out secondary-confirmation;
9)Business Management Platform carries secondary-confirmation strategy to sms center forwarding secondary-confirmation request;
10)Sms center combines corresponding secondary-confirmation short message according to secondary-confirmation strategy;
11)Sms center issues secondary-confirmation short message to user;
12)User replys secondary-confirmation short message;
13)Sms center initiates program request confirmation request to Business Management Platform;
14)Business Management Platform generates interim order relations;
15)Business Management Platform sends program request to Short Message Service Gateway and confirms response;
16)Short Message Service Gateway issues program request and confirms to respond to user.
The embodiment of the present invention has following technique effect:
1st, judged by checking, statistical analysis user uplink uses the daily record data of business, can more accurately find There is the abnormal user of behavior built in violation and abnormal SP business in terminal suspicion, and then it is grouped, for different groups Different control strategies are set, realize fine-grained management.
2nd, different secondary-confirmation strategies is used for different violation degree service groups, both can effectively controls mountain vallage machine to disobey Rule business uses, and makes that easily secondary-confirmation can not be completed for user built in terminal violation, significantly more efficient reduction terminal is in violation of rules and regulations The situation of fee suction, complaint amount of the user to violation fee suction is reduced, ensure user benefit from infringement.
Accordingly, the invention also discloses a kind of violation terminal built-in behavior processing unit, the violation that Fig. 6 is the present invention is whole The structural representation of the first embodiment of behavior processing unit built in end, as shown in Fig. 6, described device 1 includes:Collecting unit 11st, the first extracting unit 12, the first statistic unit 13, the first judging unit 14 and subscription authentication control unit 15.
The collecting unit 11, the user behaviors log data for capturing service management platform whole user.
Specifically, the collecting unit 11 is prior art, here is omitted.
First extracting unit 12, the daily record data of business is used for extracting the user uplink.
Specifically, first extracting unit 12 is prior art, here is omitted.
First statistic unit 13, it is up every time for calculating the daily user terminal number by user terminal number The frequency, and the frequency is judged whether in number range set in advance, in this way, then count 1 frequency exception.
Specifically, the frequency refers to that user passes through the up time interval using SP business of short message channel.If the frequency It is secondary in frequency abnormal ranges set in advance(Such as 0≤Pin≤10, it can match somebody with somebody), then 1 frequency exception, first statistics are counted Unit is according to the daily frequency frequency of abnormity of this rule-statistical Subscriber Number.
It judges that principle is as follows:The built-in in violation of rules and regulations terminal of SP business(Mountain vallage machine), generally click on menu triggering in user Or backdoor programs seizure user key-press will trigger upstream request automatically and use business, i.e., alternative family automatically initiates request, due to The time of user key-press is very short, and it is very short to may result in the up frequency of user, generally all there was only several seconds, and some is even same There is a situation where in one second repeatedly up.And normal users initiate request, input instruction short message is needed, is then retransmited, then is seen down Row result, then write program request instruction again and send short message, the up frequency is typically not less than 10 seconds.Therefore, the frequency can be less than The up program request of 10 seconds is considered as frequency exception.
First judging unit 14, for judging that frequency frequency of abnormity of the user terminal number in some cycles be It is no to exceed setting number, in this way, then it is determined as abnormal user.
Specifically, if user terminal number is up to use business, one week Nei Duo(Such as more than 3 days, can match somebody with somebody)Exist up The frequency is abnormal, or exists in one week multiple(Such as more than 7 times, can match somebody with somebody)The up frequency is abnormal, can assert that the user terminal number is Abnormal user.
Subscription authentication control unit 15, subscription authentication control is carried out for the operation to the abnormal user program request SP business System.
Specifically, the subscription authentication control unit 15 further comprises:First determining unit 151 and the first control unit 152, it is specific shown in Figure 7.
First determining unit 151, for carrying out groups of users authentication to the user, determine the customer group belonging to it Group.
In the specific implementation, the groups of users includes high sensitive groups of users and low sensitivity groups of users, wherein, it is right The user that the complaint amount or complaint frequency charged in violation of rules and regulations reach the first setting number condition belongs to high sensitive groups of users, right The user that the complaint amount or complaint frequency charged in violation of rules and regulations reach the second setting number condition belongs to low sensitivity groups of users.Root To the complaint amount of violation charge or frequency is complained according to the abnormal user, determines the groups of users belonging to the abnormal user.
First control unit 152, for the groups of users secondary-confirmation plan corresponding to the groups of users using determination Authentication control slightly is carried out to the SP business of user's program request.
In the specific implementation, corresponding groups of users secondary-confirmation strategy is shown in Figure 2.
The corresponding groups of users secondary-confirmation strategy that the high sensitive groups of users is set as:Random code secondary-confirmation or Person's challenge secondary-confirmation, wherein random code and challenge are all provided by corresponding exam pool.Random code is generally a word Symbol string, its validation testing can be, such as:" please input character string ' ahgt21 ' to confirm program request ", user input " ahgt21 " Program request can be confirmed;Challenge refers to the problem of its answer is unique, such as:" 2 plus 3 equal to several" answer is " 5 ", user is defeated Program request can be confirmed by entering correct option.
The corresponding groups of users secondary-confirmation strategy that the low sensitivity groups of users is set as:Simple problem is secondary really Recognize, wherein simple problem is provided by corresponding exam pool, and simple problem refers to that its answer has many problem of, such as:" it please input Any Digit between 10 to 20 ", user can input " any one in 11,12 ... ..., 19 ", you can confirm program request.
It should be noted that groups of users secondary-confirmation strategy is random corresponding to high sensitive groups of users shown in figure Code secondary-confirmation or challenge secondary-confirmation;Groups of users secondary-confirmation strategy corresponding to low sensitivity groups of users is letter The pattern of single problem secondary-confirmation is not what is uniquely determined, can also there is other associative modes, as long as meeting a kind of user Group corresponds to a kind of pattern of secondary-confirmation.
The embodiment of the present invention has following technique effect:
1st, judged by checking, statistical analysis user uplink uses the daily record data of business, can more accurately find There is the abnormal user of behavior built in violation in terminal suspicion, and then it is grouped, and different controls are set for different groups Strategy, realize fine-grained management.
2nd, for different groups of users, using different groups of users secondary-confirmation control strategies, pin can have been realized Management operation to property, make that easily secondary-confirmation, significantly more efficient reduction terminal can not be completed for user built in terminal violation The situation of violation fee suction, complaint amount of the user to violation fee suction is reduced, meanwhile, it can also improve the sense that normal users use business Know.
Fig. 8 is the structural representation of the second embodiment of the violation terminal built-in behavior processing unit of the present invention, such as Fig. 8 institutes Show, described device 2 includes:Collecting unit 21, the first extracting unit 22, the first statistic unit 23, the first judging unit 24, user Authenticate control unit 25, the second extracting unit 26, the second statistic unit 27, the second judging unit 28 and service authentication control Unit 29.
The collecting unit 21, the user behaviors log data for capturing service management platform whole user.
Specifically, identical with the collecting unit 11 in embodiment illustrated in fig. 6, here is omitted.
First extracting unit 22, the daily record data of business is used for extracting the user uplink.
Specifically, identical with the first extracting unit 12 in embodiment illustrated in fig. 6, here is omitted.
First statistic unit 23, it is up every time for calculating the daily user terminal number by user terminal number The frequency, and the frequency is judged whether in number range set in advance, in this way, then count 1 frequency exception.
Specifically, identical with the first statistic unit 13 in embodiment illustrated in fig. 6, here is omitted.
First judging unit 24, for judging that frequency frequency of abnormity of the user terminal number in some cycles be It is no to exceed setting number, in this way, then it is determined as abnormal user.
Specifically, identical with the first judging unit 14 in embodiment illustrated in fig. 6, here is omitted.
The subscription authentication control unit 25, subscription authentication is carried out for the operation to the abnormal user program request SP business Control.
Specifically, identical with the subscription authentication control unit 15 in embodiment illustrated in fig. 6, here is omitted.
Second extracting unit 26, for extracting the SP business of the abnormal user up access of success in some cycles List.
Specifically, for example, extract the abnormal user up access SP service lists of success in one week.
Second statistic unit 27, for successfully going up row index accordingly by the business statistics in the service lists.
Specifically, the successfully upper row index includes abnormal user number, abnormal user successfully goes up line number and abnormal user Successfully any one or more in up accounting.
The abnormal user number:Refer to " the abnormal user termination number quantity " that the business is accessed in the cycle;
The abnormal user successfully goes up line number:Refer to " abnormal user successfully goes up line number " that the business is accessed in the cycle;
The up accounting of the abnormal user success:The abnormal user for referring to the access business in the cycle successfully goes up line number and cycle The ratio of the successful upper line number of interior whole for accessing the business, can by " abnormal user successfully go up line number divided by successfully on line number, multiplied by Obtained with 100% ".
Second judging unit 28, for judging whether the successfully upper row index exceedes setting number, in this way, then it is determined as Abnormal SP business.
If in the specific implementation, in the cycle(Such as one week)Abnormal user number exceedes setting value(Such as 1000, it can match somebody with somebody)It is or " abnormal User successfully goes up line number " exceed setting value(Such as 5000, it can match somebody with somebody), and the up accounting of eminently successful exceedes setting value(Such as 10%, can Match somebody with somebody), then judge the business for abnormal SP business.
The service authentication control unit 29, service authentication is carried out for the operation to abnormal SP business described in user's program request Control.
Specifically, the service authentication control unit 29 further comprises:Second determining unit 291 and second
Control unit 292, it is specific shown in Figure 9.
Second determining unit 291, for carrying out service group's authentication to the abnormal SP business, determine belonging to it Service group.
In the specific implementation, the service group include high violation degree service group, middle violation degree service group and it is low disobey Normality service group, wherein, the SP business that frequency of occurrence frequency of abnormity reaches the 3rd setting number condition belongs to high violation degree industry Be engaged in group, and the SP business that frequency of occurrence frequency of abnormity reaches the 4th setting number condition belongs to middle violation degree service group, occurs The SP business that frequency frequency of abnormity reaches the 5th setting number condition belongs to low violation degree service group.According to the abnormal SP industry The difference for the violation order of severity of being engaged in, determines the service group belonging to the SP abnormal traffics.
Second control unit 292, for service group's secondary-confirmation plan corresponding to the service group using determination Authentication control slightly is carried out to the SP business of user's program request.
In the specific implementation, corresponding service group's secondary-confirmation strategy is shown in Figure 4.
Service group's secondary-confirmation strategy corresponding to the high violation degree service group:Secondary-confirmation rule is each program request Equal secondary-confirmation, secondary-confirmation pattern are challenge secondary-confirmation or random code secondary-confirmation.Wherein, challenge is by phase The exam pool answered provides, and challenge refers to the problem of its answer is unique, such as:" 2 plus 3 equal to several" answer is " 5 ", user is defeated Program request can be confirmed by entering correct option.Random code is provided by corresponding exam pool.Random code is generally a character string, its confirmation side Formula can be, such as:" please input character string ' ahgt21 ' to confirm program request ", user, which inputs " ahgt21 ", can confirm program request.
Service group's secondary-confirmation strategy corresponding to the middle violation degree service group:Secondary-confirmation rule is program request first Secondary-confirmation, secondary-confirmation pattern are challenge secondary-confirmation or random code secondary-confirmation.Wherein, challenge is by corresponding Exam pool provide, challenge refers to the problem of its answer is unique, such as:" 2 plus 3 equal to several" answer is " 5 ", user's input Correct option can confirm program request.Random code is provided by corresponding exam pool.Random code is generally a character string, its validation testing Can be, such as:" please input character string ' ahgt21 ' to confirm program request ", user, which inputs " ahgt21 ", can confirm program request.
Service group's secondary-confirmation strategy corresponding to the low violation degree service group:Secondary-confirmation rule is program request first Secondary-confirmation, secondary-confirmation pattern are simple problem secondary-confirmation.Wherein simple problem is provided by corresponding exam pool, simple problem Refer to that its answer there are many problem of, such as:" Any Digit that please be input between 10 to 20 ", user can input " 11, Any one in 12 ... ..., 19 ", you can confirm program request.
The embodiment of the present invention has following technique effect:
1st, judged by checking, statistical analysis user uplink uses the daily record data of business, can more accurately find There is the abnormal user of behavior built in violation and abnormal SP business in terminal suspicion, and then it is grouped, for different groups Different control strategies are set, realize fine-grained management.
2nd, for different groups of users and service group, using different groups of users secondary-confirmation control strategies and industry Business group secondary-confirmation strategy, can realize targetedly management operation, make easily replace user built in terminal violation Secondary-confirmation is completed, the significantly more efficient situation for reducing terminal violation fee suction, complaint amount of the user to violation fee suction is reduced, ensures User benefit is from infringement.
Accordingly, present invention also offers a kind of violation terminal built-in behavior processing system.Figure 10 is the violation of the present invention One example structure schematic diagram of terminal built-in behavior processing system, as shown in Figure 10, the system 1 include the He of audit system 11 Business Management Platform 12.
The audit system 11, the audit system are used to check that terminal suspicion is present built in violation on Business Management Platform The abnormal user of behavior and abnormal SP business, and according to preparatory condition, the abnormal user and abnormal SP business are divided into difference Groups of users and service group, and different groups of users secondary-confirmations is set for different groups of users and service group Strategy and service group's secondary-confirmation strategy.
Specifically, referring to Figure 11, the audit system 11 includes:Collecting unit 111, extracting unit 112, statistical analysis Unit 113 and dispensing unit 114.
The collecting unit 111, the user behaviors log data for capturing service management platform user.
The extracting unit 112, the daily record data of business is used for extracting user uplink.
The statistical analysis unit 113, the number abnormal for counting its daily frequency respectively by user terminal number, really Determine abnormal user, and according to preparatory condition, be included in different groups of users;And the up use by the abnormal user The daily record data of business, it is counted respectively according to SP business and successfully goes up row index, it is determined that abnormal SP business, and according to default bar Part, the abnormal SP business is included in different service groups.
The dispensing unit 114, for setting different groups of users two for different groups of users and service group It is secondary to confirm strategy and service group's secondary-confirmation strategy.
The Business Management Platform 12, for after the SP service requests of user's program request are received, judging the user to be different During conventional family, groups of users authentication is carried out, then the SP industry using corresponding groups of users secondary-confirmation strategy to user's program request Business carries out authentication control;Or after receiving the SP service requests of user's program request, it is not abnormal user to judge the user, then is judged When the SP business of the program request is abnormal SP business, service group's authentication is carried out, it is then secondary really using corresponding service group Recognize strategy and authentication control is carried out to the SP business of user's program request.
Wherein, the Business Management Platform is directed to different groups of users secondary-confirmation strategy and service group's secondary-confirmation Strategy, provided with different exam pools, including random code exam pool, challenge exam pool and simple problem exam pool, the exam pool also may be used To be supplied to the Business Management Platform by audit system.
Specifically, referring to Figure 12, the Business Management Platform 12 includes:Subscription authentication module 121 and service authentication mould Block 122.
Subscription authentication module 121, for judging whether the user of program request SP business is abnormal user, abnormal user in this way, Then judge the groups of users belonging to it, and using the groups of users secondary-confirmation strategy corresponding to the groups of users determined to described The SP business of user's program request is authenticated.
Service authentication module 122, for judging whether the SP business of user's program request is abnormal SP business, abnormal SP industry in this way Business, then determine whether the service group belonging to it, and service group's secondary-confirmation corresponding to using the service group determined Strategy authenticates to the SP business of user's program request.
Further, Figure 13 is referred to, is the structural representation of subscription authentication module 121.The subscription authentication module 121 Including:Judging unit 1211, searching unit 1212 and authenticating unit 1213.
The judging unit 1211, for judging whether the user of program request SP business is abnormal user.
The searching unit 1212, the groups of users belonging to abnormal user judged for searching the judging unit.
The authenticating unit 1213, groups of users two corresponding to the groups of users found for the use searching unit It is secondary to confirm that strategy authenticates to the SP business of user's program request.
Likewise, the service authentication module 122 includes:Judging unit, searching unit and authenticating unit.
The judging unit, for judging whether the SP business of user's program request is abnormal SP business.
The searching unit, the service group belonging to abnormal traffic judged for searching the judging unit.
The authenticating unit, service group corresponding to the service group found for the use searching unit are secondary really Recognize strategy to authenticate the SP business of user's program request.
Implement the embodiment of the present invention, have the advantages that:
1st, judged by checking, statistical analysis user uplink uses the daily record data of business, can more accurately find There is the abnormal user of behavior built in violation and abnormal SP business in terminal suspicion, and then it is grouped, for different groups Different control strategies are set, realize fine-grained management.
2nd, for different groups of users and service group, using different secondary-confirmation control strategies, can realize Targetedly management operation, make that easily secondary-confirmation can not be completed for user built in terminal violation, it is significantly more efficient to reduce eventually The situation of violation fee suction is held, reduces complaint amount of the user to violation fee suction, ensures user benefit from infringement.
One of ordinary skill in the art will appreciate that realize all or part of flow in above-described embodiment method, being can be with The hardware of correlation is instructed to complete by computer program, described program can be stored in a computer read/write memory medium In, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic Dish, CD, read-only memory(Read-Only Memory, ROM)Or random access memory(Random Access Memory, RAM)Deng.
Above disclosure is only preferred embodiment of present invention, can not limit the right model of the present invention with this certainly Enclose, one of ordinary skill in the art will appreciate that all or part of flow of above-described embodiment is realized, and will according to right of the present invention Made equivalent variations are sought, still falls within and invents covered scope.

Claims (18)

  1. A kind of 1. violation terminal built-in behavior processing method, it is characterised in that including:
    The user behaviors log data of capturing service management platform whole user;
    Extract the daily record data that the user uplink uses business;
    The each up frequency of the daily user terminal number is calculated by user terminal number, and judges the frequency whether pre- In the number range first set, in this way, then 1 frequency exception is counted, the frequency refers to that user passes through the up use of short message channel The time interval of SP business;
    Judge whether frequency frequency of abnormity of the user terminal number in some cycles exceedes setting number, in this way, then judge For abnormal user;
    Operation to the abnormal user program request SP business carries out subscription authentication control;
    The step of operation to the abnormal user program request SP business carries out subscription authentication control includes:
    Groups of users authentication is carried out to the abnormal user, determines the groups of users belonging to it;
    SP business using the groups of users secondary-confirmation strategy corresponding to the groups of users of determination to the abnormal user program request Carry out authentication control.
  2. 2. according to the method for claim 1, it is characterised in that groups of users authentication is carried out to the abnormal user, it is determined that The step of groups of users belonging to it, specifically include:
    Frequency to the complaint amount of violation charge or is complained according to the abnormal user, determines the user belonging to the abnormal user Group.
  3. 3. according to the method for claim 2, it is characterised in that the groups of users includes high sensitive groups of users and low Susceptibility groups of users, wherein, complaint amount or complaint frequency to violation charge reach the user of the first setting number condition Belong to high sensitive groups of users, the complaint amount or complaint frequency to violation charge reach the user of the second setting number condition Belong to low sensitivity groups of users.
  4. 4. according to the method for claim 3, it is characterised in that the corresponding customer group of the high sensitive groups of users setting Organizing secondary-confirmation strategy is:Random code secondary-confirmation or challenge secondary-confirmation;
    The corresponding groups of users secondary-confirmation strategy that the low sensitivity groups of users is set as:Simple problem secondary-confirmation.
  5. A kind of 5. violation terminal built-in behavior processing method, it is characterised in that including:
    The user behaviors log data of capturing service management platform whole user;
    Extract the daily record data that the user uplink uses business;
    The each up frequency of the daily user terminal number is calculated by user terminal number, and judges the frequency whether pre- In the number range first set, in this way, then 1 frequency exception is counted, the frequency refers to that user passes through the up use of short message channel The time interval of SP business;
    Judge whether frequency frequency of abnormity of the user terminal number in some cycles exceedes setting number, in this way, then judge For abnormal user;
    Extract the SP service lists of the abnormal user up access of success in some cycles;
    Row index is successfully gone up accordingly by the business statistics in the service lists;
    Judge whether the successfully upper row index exceedes setting number, in this way, then judge the business for abnormal SP business;
    Operation to abnormal SP business described in user's program request carries out service authentication control;
    The successfully upper row index includes abnormal user number, abnormal user successfully goes up line number and the up accounting of abnormal user success In any one or more.
  6. 6. according to the method for claim 5, it is characterised in that industry is entered in the operation to abnormal SP business described in user's program request The step of business authentication control, includes:
    Service group's authentication is carried out to the abnormal SP business, determines its affiliated service group;
    Authentication control is carried out to the SP business using service group's secondary-confirmation strategy corresponding to the service group of determination.
  7. 7. according to the method for claim 6, it is characterised in that if abnormal SP business, then the SP business is carried out Service group authenticates, and the step of determining its affiliated service group, specifically includes:
    According to the difference of the abnormal SP business violation order of severity, the service group belonging to the SP abnormal traffics is determined.
  8. 8. according to the method for claim 7, it is characterised in that the service group include high violation degree service group, in Violation degree service group and low violation degree service group, wherein, frequency of occurrence frequency of abnormity reaches the 3rd setting number condition SP business belong to high violation degree service group, the SP business that frequency of occurrence frequency of abnormity reaches the 4th setting number condition belongs to Middle violation degree service group, the SP business that frequency of occurrence frequency of abnormity reaches the 5th setting number condition belong to low violation degree business Group, the frequency refer to that user passes through the up time interval using SP business of short message channel.
  9. 9. according to the method for claim 8, it is characterised in that:
    Corresponding service group's secondary-confirmation strategy that the high violation degree service group sets as:Secondary-confirmation rule is each point Equal secondary-confirmation is broadcast, secondary-confirmation pattern is challenge secondary-confirmation or random code secondary-confirmation;
    Corresponding service group's secondary-confirmation strategy that the middle violation degree service group sets as:Secondary-confirmation rule is point first Secondary-confirmation is broadcast, secondary-confirmation pattern is challenge secondary-confirmation or random code secondary-confirmation;
    Corresponding service group's secondary-confirmation strategy that the low violation degree service group sets as:Secondary-confirmation rule is point first Secondary-confirmation is broadcast, secondary-confirmation pattern is simple problem secondary-confirmation.
  10. A kind of 10. violation terminal built-in behavior processing unit, it is characterised in that including:
    Collecting unit, the user behaviors log data for capturing service management platform whole user;
    First extracting unit, the daily record data of business is used for extracting the user uplink;
    First statistic unit, for calculating each up frequency of the daily user terminal number by user terminal number, and sentence Whether the frequency of breaking is in number range set in advance, in this way, then counts 1 frequency exception, the frequency refers to that user is led to Cross the up time interval using SP business of short message channel;
    First judging unit, for judging whether frequency frequency of abnormity of the user terminal number in some cycles exceedes setting Number, in this way, then it is determined as abnormal user;
    Subscription authentication control unit, subscription authentication control is carried out for the operation to the abnormal user program request SP business;
    The subscription authentication control unit further comprises:
    First determining unit, for carrying out groups of users authentication to the user, determine the groups of users belonging to it;
    First control unit, for the groups of users secondary-confirmation strategy corresponding to the groups of users using determination to the user The SP business of program request carries out authentication control.
  11. 11. device as claimed in claim 10, it is characterised in that described device further comprises:
    Second extracting unit, for extracting the SP service lists of the abnormal user up access of success in some cycles;
    Second statistic unit, for successfully going up row index accordingly by the business statistics in the service lists;
    Second judging unit, for judging whether the successfully upper row index exceedes setting number, in this way, then it is determined as abnormal SP Business;
    Service authentication control unit, service authentication control is carried out for the operation to abnormal SP business described in user's program request.
  12. 12. device as claimed in claim 11, it is characterised in that the service authentication control unit further comprises:
    Second determining unit, for carrying out service group's authentication to the abnormal SP business, determine the service group belonging to it;
    Second control unit, for service group's secondary-confirmation strategy corresponding to the service group using determination to the user The SP business of program request carries out authentication control.
  13. 13. a kind of violation terminal built-in behavior processing system, it is characterised in that the system includes audit system and service management Platform;
    The audit system is used to checking that terminal suspicion on Business Management Platform to have the abnormal user of behavior built in violation and different Normal SP business, and according to preparatory condition, the abnormal user and abnormal SP business are divided into different groups of users and business group Group, and it is secondary for the different groups of users secondary-confirmation strategy of different groups of users and service group's setting and service group Confirm strategy;
    The Business Management Platform is used for after the SP service requests of user's program request are received, and judges the user for abnormal user When, groups of users authentication is carried out, then the SP business of user's program request is carried out using corresponding groups of users secondary-confirmation strategy Authentication control;Or after receiving the SP service requests of user's program request, it is not abnormal user to judge the user, then judge the point When the SP business broadcast is abnormal SP business, service group's authentication is carried out, then using corresponding service group's secondary-confirmation strategy Authentication control is carried out to the SP business of user's program request.
  14. 14. system as claimed in claim 13, it is characterised in that the audit system includes:
    Collecting unit, the user behaviors log data for capturing service management platform user;
    Extracting unit, the daily record data of business is used for extracting user uplink;
    Statistical analysis unit, the number abnormal for counting its daily frequency respectively by user terminal number, determines abnormal user, And according to preparatory condition, different groups of users is included in, the frequency refers to that user uses SP by the way that short message channel is up The time interval of business;And the up daily record data using business by the abnormal user, counted respectively according to SP business It successfully goes up row index, it is determined that abnormal SP business, and according to preparatory condition, the abnormal SP business is included in different business groups Group;
    Dispensing unit, for for different groups of users and service group set different groups of users secondary-confirmation strategies and Service group's secondary-confirmation strategy.
  15. 15. system as claimed in claim 13, it is characterised in that the Business Management Platform includes:
    Subscription authentication module, for judging whether the user of program request SP business is abnormal user, and abnormal user, then judge it in this way Affiliated groups of users, and using the groups of users secondary-confirmation strategy corresponding to the groups of users determined to user's program request SP business authenticated;
    Service authentication module, for judging whether the SP business of user's program request is abnormal SP business, and abnormal SP business, then enter in this way One step judges the service group belonging to it, and using service group's secondary-confirmation strategy corresponding to the service group determined to institute The SP business for stating user's program request is authenticated.
  16. 16. system as claimed in claim 15, it is characterised in that the subscription authentication module includes:
    Judging unit, for judging whether the user of program request SP business is abnormal user;
    Searching unit, the groups of users belonging to abnormal user judged for searching the judging unit;
    Authenticating unit, groups of users secondary-confirmation strategy pair corresponding to the groups of users found for the use searching unit The SP business of user's program request is authenticated.
  17. 17. system as claimed in claim 15, it is characterised in that the service authentication module includes:
    Judging unit, for judging whether the SP business of user's program request is abnormal SP business;
    Searching unit, the service group belonging to abnormal traffic judged for searching the judging unit;
    Authenticating unit, service group's secondary-confirmation strategy pair corresponding to the service group found for the use searching unit The SP business of user's program request is authenticated.
  18. 18. system as claimed in claim 15, it is characterised in that the Business Management Platform is directed to different groups of users two It is secondary to confirm strategy and service group's secondary-confirmation strategy, provided with different exam pools, including random code exam pool, challenge exam pool with And simple problem exam pool, the exam pool are supplied to the Business Management Platform by audit system.
CN201110218380.2A 2011-08-01 2011-08-01 A kind of violation terminal built-in behavior processing method, apparatus and system Active CN102917334B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110218380.2A CN102917334B (en) 2011-08-01 2011-08-01 A kind of violation terminal built-in behavior processing method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110218380.2A CN102917334B (en) 2011-08-01 2011-08-01 A kind of violation terminal built-in behavior processing method, apparatus and system

Publications (2)

Publication Number Publication Date
CN102917334A CN102917334A (en) 2013-02-06
CN102917334B true CN102917334B (en) 2018-02-23

Family

ID=47615531

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110218380.2A Active CN102917334B (en) 2011-08-01 2011-08-01 A kind of violation terminal built-in behavior processing method, apparatus and system

Country Status (1)

Country Link
CN (1) CN102917334B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104519469A (en) * 2013-10-08 2015-04-15 华为技术有限公司 SMS (short message service) charging behavior detection method, device and terminal
CN105636076B (en) * 2014-11-07 2019-06-07 中国移动通信集团四川有限公司 A kind of auditing method, device and the equipment of the behavior of violation terminal built-in
CN105550348A (en) * 2015-12-25 2016-05-04 时趣互动(北京)科技有限公司 Cheating user decision method and device based on on-line behavior data of user
CN108668306B (en) * 2017-03-28 2021-10-22 江苏北弓智能科技有限公司 Data acquisition system with built-in mobile operating system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1523923A (en) * 2003-02-17 2004-08-25 �й��ƶ�ͨ�ż��Ź�˾ Safety authentication method of mobile terminal user identity
CN101203052A (en) * 2007-12-24 2008-06-18 华为技术有限公司 Method and apparatus for preventing malice business request
CN101207487A (en) * 2006-12-21 2008-06-25 国际商业机器公司 User authentication system and method for detecting and controlling fraudulent login behavior
CN102045319A (en) * 2009-10-21 2011-05-04 中国移动通信集团山东有限公司 Method and device for detecting SQL (Structured Query Language) injection attack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1523923A (en) * 2003-02-17 2004-08-25 �й��ƶ�ͨ�ż��Ź�˾ Safety authentication method of mobile terminal user identity
CN101207487A (en) * 2006-12-21 2008-06-25 国际商业机器公司 User authentication system and method for detecting and controlling fraudulent login behavior
CN101203052A (en) * 2007-12-24 2008-06-18 华为技术有限公司 Method and apparatus for preventing malice business request
CN102045319A (en) * 2009-10-21 2011-05-04 中国移动通信集团山东有限公司 Method and device for detecting SQL (Structured Query Language) injection attack

Also Published As

Publication number Publication date
CN102917334A (en) 2013-02-06

Similar Documents

Publication Publication Date Title
CN102209326B (en) Malicious behavior detection method and system based on smartphone radio interface layer
CN104376266B (en) The determination method and device of application software level of security
CN102917334B (en) A kind of violation terminal built-in behavior processing method, apparatus and system
CN102663642A (en) Financial transaction verification method and system thereof
JP2005520405A5 (en)
CN106550189A (en) A kind of interlock method, relevant device and system
CN110309473A (en) Merge the anti-brush ticket method and device of identity and voting behavior monitoring
CN113923048B (en) Network attack behavior identification method, device, equipment and storage medium
CN109460653A (en) Verification method, verifying equipment, storage medium and the device of rule-based engine
KR20090003134A (en) Illegal login protection system and method based on pc registratrion
CN103326865B (en) Network authentication method and system for making calls
CN107872428A (en) The login method and device of application program
CN102917352B (en) A kind of violation terminal built-in behavior processing method, apparatus and system
Nguyen et al. Blockchain and stackelberg game model for roaming fraud prevention and profit maximization
CN109120808A (en) A kind of shutdown fee payment method and device
CN102917335B (en) A kind of violation terminal built-in behavior processing method, apparatus and system
CN107623696A (en) A kind of user ID authentication method and device based on user behavior feature
US20040162142A1 (en) System for playing games through a communication device
CN111681004A (en) Business wind control method and system
CN115802359A (en) Method and device for preventing and treating spam short messages
CN109544764A (en) Lockage control method and system based on two dimensional code
CN102740451B (en) Activating and registering method for intelligent mobile phone
CN101212812B (en) Method for controlling call access in cluster system
CN110335401A (en) Anti- brush ticket method and device based on voting behavior monitoring
CN110149372A (en) A kind of collecting method and block chain node device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant