CN103532797A - Abnormity monitoring method and device for user registration - Google Patents

Abnormity monitoring method and device for user registration Download PDF

Info

Publication number
CN103532797A
CN103532797A CN201310546009.8A CN201310546009A CN103532797A CN 103532797 A CN103532797 A CN 103532797A CN 201310546009 A CN201310546009 A CN 201310546009A CN 103532797 A CN103532797 A CN 103532797A
Authority
CN
China
Prior art keywords
described
user
information
login
historical log
Prior art date
Application number
CN201310546009.8A
Other languages
Chinese (zh)
Other versions
CN103532797B (en
Inventor
曹鲁
张红泽
董海疆
崔坤
Original Assignee
网之易信息技术(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 网之易信息技术(北京)有限公司 filed Critical 网之易信息技术(北京)有限公司
Priority to CN201310546009.8A priority Critical patent/CN103532797B/en
Publication of CN103532797A publication Critical patent/CN103532797A/en
Application granted granted Critical
Publication of CN103532797B publication Critical patent/CN103532797B/en

Links

Abstract

The invention embodiment provides an abnormity monitoring method for user registration. The method comprises the following steps: judging if the present registration behavior of a user is abnormal by utilizing history registration information corresponding to an user account according to and responding to a request related to the user account, if yes, storing the abnormal registration information corresponding to the abnormal registration behavior, and generating prompt information by utilizing the stored abnormal registration information and sending the prompt information to the user. The method, provided by the invention, can automatically finish the judgment and prompt of the abnormal user registration behavior according to the history user registration information and the user does not need to set the common registration place beforehand, so that the stealing risk of the user account is prominently reduced, the security of the user account is improved, the user operation complexity is decreased, and better experience is brought to the user. Furthermore, the embodiment of the invention further provides an abnormity monitoring device for the user registration.

Description

A kind of user logins method for monitoring abnormality and device

Technical field

Embodiments of the present invention relate to networking technology area, and more specifically, embodiments of the present invention relate to a kind of user and login method for monitoring abnormality and device.

Background technology

The embodiments of the present invention that be intended to for stating in claims this part provide background or context.Description herein can comprise the concept that can probe into, but the concept of having expected or having probed into not necessarily.Therefore, unless at this, point out, the content of describing in this part is not prior art for the application's specification and claims, and not because be included in just admit it is prior art in this part.

In network application, in order to realize the identification of user identity and checking, need user to input username and password in client, the username and password of user being submitted to by server end is verified, whether the password that password corresponding to user name that inspection user submits to preserved with server end is consistent, if consistent, determine that user is validated user, returns to login success message; If inconsistent, determine that user is illegal user, returns to refusal log messages.After user logins successfully, can use network application to enjoy corresponding application service.At present, application such as E-mail address, online game, online payment, microblogging is all to use this login mechanism to provide application service for user.

Yet when the username and password of user account is revealed or is stolen, existing login method can not guarantee the safety of user account.In order to improve the fail safe of user account, there is a kind of method in prior art, by user, set in advance or select conventional login ground, after receiving user's logging request, whether the address that judges this login of user is the conventional login ground that user sets in advance, if not, can judge that this time login is abnormal, to user, send prompting.

Summary of the invention

But, because needing user to set in advance conventional login ground, prior art can judge whether this login is abnormal, when user does not arrange conventional login ground, prior art can not guarantee the safety of user account, brings thus the problem that security of user account is low, risk is high.

Therefore in the prior art, protecting user account safety in process of user login, is very bothersome process.

For this reason, be starved of a kind of improved user and login method for monitoring abnormality and device, to monitor the abnormal behaviour in the process of accessing to your account, improve the fail safe of user account.

In the present context, embodiments of the present invention expectation provides a kind of user to login method for monitoring abnormality and device.

In the first aspect of embodiment of the present invention, a kind of method is provided, comprising:

In response to the request associated with user account, obtain the historical log information corresponding with described user account;

According to the historical log information corresponding with described user account, judge whether the current login behavior of user is abnormal login behavior;

When the current login behavior of judgement user is abnormal login behavior, preserve the abnormal login information relevant to described abnormal login behavior;

The abnormal login Information generation information of utilize preserving also sends described information, and described information for pointing out abnormal login behavior described in user when user gets described information.

Preferably, described request comprises:

Logging request for described user account; Or

Preset data operation requests for described user account.

Preferably, described method also comprises, when the current login behavior of judgement user is abnormal login behavior, feeds back the message rejecting said request.

Preferably, the described basis historical log information corresponding with described user account judges whether the current login behavior of user is that abnormal login behavior comprises:

According to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is abnormal login behavior.

Preferably, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:

Determine the historical log number of times of described user account;

Judge whether described historical log number of times is greater than the first setting threshold, to obtain the first judged result; And

When described the first judged result shows that described user account is not any active ues, determine that the current login behavior of described user is the behavior of normally logining;

Wherein, described any active ues is the user account that described historical log number of times is greater than described the first setting threshold.

Preferably, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:

According to historical log information corresponding with described user account in the first Preset Time interval, determine user's historical log positional information in described the first Preset Time interval;

According to described user's historical log positional information judgement quantity of user's historical log position in described the first Preset Time interval in described the first Preset Time interval, whether be greater than the second setting threshold, to obtain the second judged result; And

According to the historical log information corresponding with described user account, determine user's historical log positional information of described user account;

Determine the current login position of the user information that the current login behavior of user is corresponding;

Whether the ratio that the historical log number of days that judges the current login position of user that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;

When described the 3rd judged result and described the second judged result are while being, determine that the current login behavior of described user is abnormal login behavior.

Preferably, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:

According to the historical log information corresponding with described user account, determine user's historical log positional information of described user account;

Determine the current login position of the user information that the current login behavior of user is corresponding;

According to the historical log information corresponding with described user account in the current login behavior of distance users the second Preset Time interval, determine user's historical log positional information in the distance current login behavior of described user the second Preset Time interval;

Whether the ratio that the historical log number of days that judges the current login position of user that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;

In the current login behavior of judging distance user the second Preset Time interval, whether the quantity of user's historical log position is greater than the 4th setting threshold, to obtain the 4th judged result;

When described the 3rd judged result and described the 4th judged result are while being, determine that the current login behavior of user is abnormal login behavior.

Preferably, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:

According to the historical log information corresponding with described user account, determine user's historical log positional information of described user account;

Determine the current login position of the user information that the current login behavior of user is corresponding;

According to user's historical log positional information judgement successful login frequency corresponding with the current login position of user, whether be greater than the 5th setting threshold, to obtain the 5th judged result;

According to user's historical log positional information judgement abnormal login frequency corresponding with the current login position of user, account for the described ratio of successfully logining the frequency and whether be greater than the 6th setting threshold, to obtain the 6th judged result;

When described the 5th judged result and described the 6th judged result are while being, determine that the current login behavior of user is abnormal login behavior.

Preferably, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:

Determine the current login position of the user information that the current login behavior of user is corresponding;

Judge that current login position is whether consistent with the login position in default abnormal login list of locations, to obtain the 7th judged result; Wherein, the abnormal login frequency corresponding to login position in described default abnormal login list of locations is greater than the 7th setting threshold;

Judgment result is that while being when the described the 7th, determine that the current login behavior of user is abnormal login behavior.

Preferably, the abnormal login Information generation information that described utilization is preserved also sends described information and comprises:

Utilize the abnormal login Information generation information of preserving, described information at least comprises abnormal login positional information and/or abnormal login temporal information;

To the information recipient corresponding with described user account, send described information.

Preferably, describedly to the information recipient corresponding with described user account, send described information and comprise:

Obtain the mobile terminal identification information corresponding with described user account;

To the mobile terminal corresponding with described mobile terminal identification information, send described information; Wherein, described mobile terminal identification information is to obtain according to the user account of preserving in response to user's bindings request and the corresponding relation of mobile terminal identification information; Or, obtain the user bound account information corresponding with described user account, to the addresses of items of mail corresponding with described user bound account information, send described information.

Preferably, the abnormal login Information generation information that described utilization is preserved also sends described information and comprises:

Generate authorization information;

Utilize the abnormal login information of preserving to send described authorization information and make client corresponding to user account corresponding with described abnormal login behavior show described authorization information.

Preferably, described method also comprises:

Receive the authorization information of user's input;

Whether the authorization information that judges user's input is correct, obtains the 8th judged result;

When described the 8th judged result shows that authorization information that user inputs is correct, feedback is agreed to the message of described request;

When described the 8th judgement shows authorization information mistake that user inputs, the message that feedback rejects said request.

Preferably, described when the current login behavior of judgement user is abnormal login behavior, preserve the abnormal login information relevant to described abnormal login behavior and comprise:

When the current login behavior of judgement user is abnormal login behavior, the abnormal login information relevant to described abnormal login behavior is kept in local memory queue;

The abnormal login information being kept in local memory queue is sent in Message Queuing server, so that described Message Queuing server preserves described abnormal login information;

Utilize consumer's program module to obtain and be kept at the described abnormal login information in described Message Queuing server, and described abnormal login information is processed, be stored in abnormal login information database.

Preferably, before sending described information, described method also comprises:

Judge that whether user account corresponding to described abnormal login information meets filter condition, if met, does not send described information.

Preferably, described in, obtaining the historical log information corresponding with described user account comprises:

Obtain the historical log information in the 3rd Preset Time interval corresponding with described user account.

In the second aspect of embodiment of the present invention, a kind of device is provided, comprising:

The first acquisition module, is configured in response to the request associated with user account, obtains the historical log information corresponding with described user account;

The first judge module, is configured for according to the historical log information corresponding with described user account and judges whether the current login behavior of user is abnormal login behavior;

Memory module, is configured for when the current login behavior of judgement user is abnormal login behavior, preserves the abnormal login information relevant to described abnormal login behavior;

Reminding module, is configured for the abnormal login Information generation information of utilize preserving and sends described information, and described information for pointing out abnormal login behavior described in user when user gets described information.

Preferably, described the first acquisition module is configured for:

In response to the logging request for described user account, obtain the historical log information corresponding with described user account; Or, in response to the preset data operation requests for described user account, obtain the historical log information corresponding with described user account.

Preferably, described device also comprises:

Feedback module, is configured for when the current login behavior of judgement user is abnormal login behavior the message that feedback rejects said request.

Preferably, described the first judge module is configured for:

According to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is abnormal login behavior.

Preferably, described the first judge module comprises:

First determines subelement, is configured for the historical log number of times of determining described user account;

The first judgment sub-unit, is configured for and judges whether described historical log number of times is greater than the first setting threshold, to obtain the first judged result;

Second determines subelement, is configured for when described the first judged result shows that described user account is not any active ues, determines that the current login behavior of described user is the behavior of normally logining; Wherein, any active ues is the user account that described historical log number of times is greater than described the first setting threshold.

Preferably, described the first judge module comprises:

The 3rd determines subelement, is configured for according to the historical log information corresponding with described user account in the first Preset Time interval and determines user's historical log positional information in described the first Preset Time interval;

The second judgment sub-unit, be configured for according to described user's historical log positional information judgement quantity of user's historical log position in described the first Preset Time interval in described the first Preset Time interval whether be greater than the second setting threshold, to obtain the second judged result;

The 4th determines subelement, is configured for user's historical log positional information of determining described user account according to the historical log information corresponding with described user account;

The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;

The 3rd judgment sub-unit, whether the ratio that the historical log number of days that is configured for the current login position of user that judges that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;

The 6th determines subelement, is configured for and is while being when described the second judged result and described the 3rd judged result, and definite current login behavior of described user is abnormal login behavior.

Preferably, described the first judge module comprises:

The 4th determines subelement, is configured for user's historical log positional information of determining described user account according to the historical log information corresponding with described user account;

The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;

The 7th determines subelement, be configured for according to the historical log information corresponding with described user account in the current login behavior of distance users the second Preset Time interval, determine user's historical log positional information in the distance current login behavior of described user the second Preset Time interval;

The 3rd judgment sub-unit, whether the ratio that the historical log number of days that is configured for the current login position of user that judges that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;

The 4th judgment sub-unit, whether the quantity that is configured for user's historical log position in the current login behavior of judging distance user the second Preset Time interval is greater than the 4th setting threshold, to obtain the 4th judged result;

The 8th determines subelement, is configured for and is while being when described the 3rd judged result and described the 4th judged result, and definite current login behavior of user is abnormal login behavior.

Preferably, described the first judge module comprises:

The 4th determines subelement, is configured for user's historical log positional information of determining described user account according to the historical log information corresponding with described user account;

The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;

The 5th judgment sub-unit, is configured for according to user's historical log positional information judgement successful login frequency corresponding with the current login position of user whether be greater than the 5th setting threshold, to obtain the 5th judged result;

The 6th judgment sub-unit, is configured for according to user's historical log positional information and judges that the abnormal login frequency corresponding with the current login position of user accounts for the described ratio of successfully logining the frequency and whether be greater than the 6th setting threshold, to obtain the 6th judged result;

The 9th determines subelement, is configured for and is while being when described the 5th judged result and described the 6th judged result, and definite current login behavior of user is abnormal login behavior.

Preferably, described the first judge module comprises:

The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;

The 7th judgment sub-unit, is configured for and judges that current login position is whether consistent with the login position in default abnormal login list of locations, to obtain the 7th judged result; Wherein, the abnormal login frequency corresponding to login position in described default abnormal login list of locations is greater than the 7th setting threshold;

The tenth determines subelement, is configured for and judgment result is that while being, definite current login behavior of user is abnormal login behavior when the described the 7th.

Preferably, described reminding module comprises:

The first information generation unit, is configured for and utilizes the abnormal login Information generation information of preserving, and described information at least comprises abnormal login positional information and/or abnormal login temporal information;

The first information transmitting element, is configured for to the information recipient corresponding with described user account and sends described information.

Preferably, described the first information transmitting element is configured for:

Obtain the mobile terminal identification information corresponding with described user account, to the mobile terminal corresponding with described mobile terminal identification information, send described information; Wherein, described mobile terminal identification information is to obtain according to the user account of preserving in response to user's bindings request and the corresponding relation of mobile terminal identification information; Or, obtain the user bound account information corresponding with described user account, to the addresses of items of mail corresponding with described user bound account information, send described information.

Preferably, described reminding module comprises:

The second information generation unit, is configured for generation authorization information;

The second information transmitting element, is configured for and utilizes the abnormal login information of preserving to send described authorization information and make client corresponding to user account corresponding with described abnormal login behavior show described authorization information.

Preferably, described device also comprises:

Receiver module, is configured for the authorization information that receives user's input;

The second judge module, is configured for and judges that whether the authorization information of user's input is correct, obtains the 8th judged result;

Described feedback module also for:

When described the 8th judged result shows that authorization information that user inputs is correct, feedback is agreed to the message of described request; When described the 8th judgement shows authorization information mistake that user inputs, the message that feedback rejects said request.

Preferably, described memory module comprises:

Local memory queue, is configured for when the current login behavior of judgement user is abnormal login behavior, preserves the abnormal login information relevant to described abnormal login behavior in local memory queue;

Message Queuing server, is configured for the abnormal login information receiving from local memory queue, and preserves described abnormal login information;

Consumer's program module, is configured for and obtains the described abnormal login information being kept in described Message Queuing server, and described abnormal login information is processed, and to abnormal login information database, sends the abnormal login information after described processing;

Abnormal login information database, for the abnormal login information after stores processor.

Preferably, described device also comprises:

The 3rd judge module, for before sending described information, judges that whether user account corresponding to described abnormal login information meets filter condition, if met, does not send described information.

Preferably, described the first acquisition module is configured for:

In response to the request associated with user account, obtain the historical log information in the 3rd Preset Time interval corresponding with described user account.

According to the user of embodiment of the present invention, login method for monitoring abnormality and device, can be according to the request in response to associated with user account, utilize the historical log information corresponding with user account to judge whether the current login behavior of user is abnormal login behavior, if, preserve the abnormal login information corresponding with described abnormal login behavior, and utilize the abnormal login Information generation information of preserving and send information to user.Method and apparatus provided by the invention, without user, set in advance conventional login ground, can be according to judgement and the prompting of the behavior of the automatic completing user abnormal login of user's historical log information, thereby reduced significantly the stolen risk of user account, improved the fail safe of user account, and reduced the complexity of user's operation, for user has brought better experience.

summary of the invention

The inventor finds, because needing user to set in advance conventional login ground, prior art can judge whether this login is abnormal, when user does not arrange conventional login ground, prior art can not guarantee the safety of user account, brings thus the problem that security of user account is low, risk is high.For existing in prior art, security of user account is low, the problem of user's complicated operation, the invention provides a kind of user and login method for monitoring abnormality and device, can be according to the request in response to associated with user account, utilize the historical log information corresponding with user account to judge whether the current login behavior of user is abnormal login behavior, if, preserve the abnormal login information corresponding with described abnormal login behavior, and utilize the abnormal login Information generation information of preserving and send information to user.Method and apparatus provided by the invention, without user, set in advance conventional login ground, can be according to judgement and the prompting of the behavior of the automatic completing user abnormal login of user's historical log information, thereby reduced significantly the stolen risk of user account, improved the fail safe of user account, and reduced the complexity of user's operation, for user has brought better experience.

After having introduced basic principle of the present invention, lower mask body is introduced various non-limiting execution mode of the present invention.

application scenarios overview

First with reference to figure 2, the adaptable scene of embodiment of the present invention can be for example scene as shown in Figure 2, wherein, the client in Fig. 2 can be for providing login interface and display reminding information, and server (not shown) provided by the invention is used for realizing user and logins exception monitoring.

illustrative methods

Below in conjunction with the application scenarios of Fig. 2, be described with reference to Figure 3 the method for logining exception monitoring according to the user of exemplary embodiment of the invention.It should be noted that above-mentioned application scenarios only illustrates for the ease of understanding spirit of the present invention and principle, embodiments of the present invention are unrestricted in this regard.On the contrary, any scene that embodiments of the present invention can be applied to be suitable for.

As shown in Figure 3, for user according to an embodiment of the present invention logins the flow chart of method for monitoring abnormality, the method concrete example is as comprised:

S301, in response to the request associated with user account, obtains the historical log information corresponding with described user account.

S302, judges according to the historical log information corresponding with described user account whether the current login behavior of user is abnormal login behavior.

S303, when the current login behavior of judgement user is abnormal login behavior, preserves the abnormal login information relevant to described abnormal login behavior.

S304, the abnormal login Information generation information of utilize preserving also sends described information, and described information for pointing out abnormal login behavior described in user when user gets described information

Contrasting Fig. 3 below describes detailed realization of the present invention.

When specific implementation of the present invention, when receiving the request associated with user account, in response to the request associated with user account, obtain the historical log information corresponding with described user account.The described request associated with user account specifically can comprise: for the logging request of described user account, or, for the preset data operation requests of described user account.Wherein, for the preset data operation requests of user account such as comprising: for the password of user account revise request, for the cancellation of balances of accounts request of user account, for the article dealing request of user account etc.It should be noted that, default data operation request can be set in advance by server, also can by client, be set in advance by user, at this, does not limit.Wherein, obtaining the historical log information corresponding with user account is specifically as follows: obtain the historical log information in the 3rd Preset Time interval corresponding with described user account.The 3rd Preset Time interval can be preset by server, for example, can be 6 months, 3 months etc.It should be noted that, can further include the concept at the first Preset Time interval, the second Preset Time interval in the embodiment of the present invention, wherein, the first Preset Time interval, the second Preset Time interval are all less than or equal to the 3rd Preset Time interval.Obtaining the historical log information corresponding with user account can be also all historical log information corresponding with user account of obtaining preservation.User's historical log information can be logined daily record and obtain from user, and user logins daily record for the details of the each login of recording user, comprises the information such as account name, login IP, login time, login duration.Correspondingly, user's historical log information also can comprise user account, login IP(or login position), one or more in the information such as login time, login duration.

When step S302 specific implementation, according to the historical log information corresponding with described user account, judge whether the current login behavior of user is that abnormal login behavior specifically can comprise: according to judging according at least one in user's login position information and user's login frequency information whether the current login behavior of user is abnormal login behavior with historical log information corresponding to described user account.It should be noted that, be only a kind of exemplary execution mode of the present invention according to user's login position information and/or user's the current login behavior of login frequency information judgement user, is not considered as limitation of the present invention.Those skilled in the art all belong to protection scope of the present invention not paying other implementations of obtaining under creative work.

In a kind of possible implementation of the present invention, according to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is that abnormal login behavior comprises: the historical log number of times of determining described user account; Judge whether described historical log number of times is greater than the first setting threshold, to obtain the first judged result; And, when described the first judged result shows that described user account is not any active ues, determine that the current login behavior of described user is the behavior of normally logining; Wherein, any active ues is the user account that described historical log number of times is greater than described the first setting threshold.In this implementation, in order to prevent erroneous judgement, for the user account that is defined as non-any active ues, directly determine that its current login behavior is the behavior of normally logining.Wherein, any active ues is the user account that historical log number of times is greater than the first setting threshold, and non-any active ues is the user account that historical log number of times is less than or equal to the first setting threshold.The first setting threshold can be set as required, at this, does not limit.

In a kind of possible implementation of the present invention, according to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is that abnormal login behavior comprises: according to determine user's historical log positional information in described the first Preset Time interval with historical log information corresponding to described user account in the first Preset Time interval; According to described user's historical log positional information judgement quantity of user's historical log position in described the first Preset Time interval in described the first Preset Time interval, whether be greater than the second setting threshold, to obtain the second judged result; And, according to the historical log information corresponding with described user account, determine user's historical log positional information of described user account; Determine the current login position of the user information that the current login behavior of user is corresponding; Whether the ratio that the historical log number of days that judges the current login position of user that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result; When described the second judged result and described the 3rd judged result are while being, determine that the current login behavior of described user is abnormal login behavior.

During specific implementation, user's historical log position can obtain according to login IP in user's historical log information, and administrative division can be take as unit in historical log position, for example, take province, city to distinguish as unit.For the convenience of calculating, when determining historical log number of days corresponding to user login position, same login position (for example inside the province same) can be set and within one day, no matter login several times, be all only recorded as once.In order to reduce the memory space of data, when recording login position, can record at most N login position, N can preset, and record is not carried out in the login position that login times is few.When the ratio that the historical log number of days that is greater than the second setting threshold and the current login position of user corresponding to the current login behavior of user when judgement quantity of user's historical log position in the first Preset Time interval takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, determine that the current login behavior of user is abnormal login behavior.The first Preset Time interval can preset, for example, can be 1 month.During concrete judgement, first according to the historical log information corresponding with described user account in the first Preset Time interval, determine user's historical log positional information in described the first Preset Time interval, then according to described user's historical log positional information judgement quantity of user's historical log position in described the first Preset Time interval in described the first Preset Time interval, whether be greater than the second setting threshold, to obtain the second judged result.Similarly, also first according to user's historical log information, determine user's historical log positional information of user account, determine the current position that logs in of user, whether the ratio that the historical log number of days that then judges the current login position of user takies the total number of days of historical log of all historical log position, family is greater than the 3rd setting threshold, to obtain the 3rd judged result.Wherein, the second setting threshold and the 3rd setting threshold all can rule of thumb maybe need to set.When judging that the quantity of user's historical log position is greater than the second setting threshold in the first Preset Time interval, illustrate that user account is frequently logined in different login positions; When the ratio that takies the total number of days of historical log of all historical log position, family when the historical log number of days of the judgement current login position of user is less than the 3rd setting threshold, the current conventional position that logs in that position is not user that logs in is described.When two conditions meet simultaneously, determine that current login behavior is abnormal login behavior.With an example, describe, when the ratio that the login number of days that the quantity in the province of login surpasses the province of the second setting threshold and this login of user in this time login behavior of judgement user distance one month takies the number of days in all provinces of historical log, family is less than the 3rd setting threshold, can determine that this login behavior of user is abnormal login behavior.

In the implementation of another possibility of the present invention, according to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is that abnormal login behavior comprises: according to determining user's historical log positional information of described user account with historical log information corresponding to described user account; Determine the current login position of the user information that the current login behavior of user is corresponding; According to the historical log information corresponding with described user account in the current login behavior of distance users the second Preset Time interval, determine user's historical log positional information in the distance current login behavior of described user the second Preset Time interval; Whether the ratio that the historical log number of days that judges the current login position of user that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result; In the current login behavior of judging distance user the second Preset Time interval, whether the quantity of user's historical log position is greater than the 4th setting threshold, to obtain the 4th judged result; When described the 3rd judged result and described the 4th judged result are while being, determine that the current login behavior of user is abnormal login behavior.

During specific implementation, when the quantity that the ratio that takies the total number of days of historical log of all historical log position, family when the historical log number of days of the current login position of user corresponding to the current login behavior of user is less than user's historical log position in the 3rd setting threshold and the current login behavior of distance users the second Preset Time interval is greater than the 4th setting threshold, determine that the current login behavior of user is abnormal login behavior.Wherein, the second Preset Time interval can preset, for example, can be 24 hours.It should be noted that, the second Preset Time interval is less than or equal to the 3rd Preset Time interval.The second Preset Time interval is generally less than the first Preset Time interval.Certainly, can be also that other arrange more flexibly.When the ratio that takies the total number of days of historical log of all historical log position, family when the historical log number of days of the judgement current login position of user is less than the 3rd setting threshold, the current conventional position that logs in that position is not user that logs in is described.When the quantity of user's historical log position is greater than the 4th setting threshold in current login behavior the second Preset Time interval of judging distance user, illustrate that user's account is frequently logined in different login positions within short-term.When two conditions meet simultaneously, determine that current login behavior is abnormal login behavior.With an example, describe, when ratio that the login number of days in the province of judgement user this login takies the number of days in all provinces of historical log, family is less than the 3rd setting threshold and the current login behavior of the distance users quantity that user logins province in 24 hours forward and is greater than the 4th setting threshold, can determine that the current login behavior of user is abnormal login behavior.

In the implementation of another possibility of the present invention, according to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is that abnormal login behavior comprises: according to determining user's historical log positional information of described user account with historical log information corresponding to described user account; Determine the current login position of the user information that the current login behavior of user is corresponding; According to user's historical log positional information judgement successful login frequency corresponding with the current login position of user, whether be greater than the 5th setting threshold, to obtain the 5th judged result; According to user's historical log positional information judgement abnormal login frequency corresponding with the current login position of user, account for the described ratio of successfully logining the frequency and whether be greater than the 6th setting threshold, to obtain the 6th judged result; When described the 5th judged result and described the 6th judged result are while being, determine that the current login behavior of user is abnormal login behavior.

During specific implementation, when the judgement successful login frequency corresponding to the current login position of user is greater than the abnormal login frequency corresponding to the 5th setting threshold and the current login position of user and accounts for the described ratio of successfully logining the frequency and be greater than the 6th setting threshold, definite current login behavior of user is abnormal login behavior.For example, when the ratio that the frequency that is greater than the abnormal login the 5th setting threshold and this IP address causing when successful login times corresponding to the current login of judgement user IP address accounts for successfully login times is greater than the 6th setting threshold, think that this IP address success login times is too much, this is likely the attack of robot, at this moment, determine that the current login behavior of user is abnormal login behavior.

In the implementation of another possibility of the present invention, according to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is that abnormal login behavior comprises: determine the current login position of the user information that the current login behavior of user is corresponding; Judge that current login position is whether consistent with the login position in default abnormal login list of locations, to obtain the 7th judged result; Wherein, the abnormal login frequency corresponding to login position in described default abnormal login list of locations is greater than the 7th setting threshold; Judgment result is that while being when the described the 7th, determine that the current login behavior of user is abnormal login behavior.

During specific implementation, can abnormal login list of locations be set according to the abnormal login information of user's historical log information and/or storage.Wherein, the abnormal login frequency corresponding to the login position in abnormal login list of locations is greater than the 7th setting threshold.The 7th setting threshold can rule of thumb be set.When the abnormal login frequency causing when user's login position (corresponding login IP address) is greater than the 7th setting threshold, illustrate that the abnormal login number of times causing this login IP address is too much.When carrying out abnormal login judgement, can obtain the current login position of user information, then the login position in the current login position of user and abnormal login list of locations is compared, if consistent with at least one information in abnormal login list of locations, determine that login behavior corresponding to current login position is abnormal login behavior.

During specific implementation, above-mentioned determination methods may be used alone, can also be used in combination.

For example, in the another kind of possible implementation of the present invention, according to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is that abnormal login behavior comprises: the historical log number of times of determining described user account; Judge whether described historical log number of times is greater than the first setting threshold, to obtain the first judged result; And, when described the first judged result shows that described user account is not any active ues, determine that the current login behavior of described user is the behavior of normally logining; When described the first judged result shows that described user account is any active ues, according to historical log information corresponding with described user account in the first Preset Time interval, determine user's historical log positional information in described the first Preset Time interval; According to described user's historical log positional information judgement quantity of user's historical log position in described the first Preset Time interval in described the first Preset Time interval, whether be greater than the second setting threshold, to obtain the second judged result; And, according to the historical log information corresponding with described user account, determine user's historical log positional information of described user account; Determine the current login position of the user information that the current login behavior of user is corresponding; Whether the ratio that the historical log number of days that judges the current login position of user that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result; When described the second judged result and described the 3rd judged result are while being, determine that the current login behavior of described user is abnormal login behavior.

And for example, in another possible implementation of the present invention, according to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is that abnormal login behavior comprises: the historical log number of times of determining described user account; Judge whether described historical log number of times is greater than the first setting threshold, to obtain the first judged result; And, when described the first judged result shows that described user account is not any active ues, determine that the current login behavior of described user is the behavior of normally logining; When described the first judged result shows that described user account is any active ues, according to the historical log information corresponding with described user account, determine user's historical log positional information of described user account; Determine the current login position of the user information that the current login behavior of user is corresponding; According to the historical log information corresponding with described user account in the current login behavior of distance users the second Preset Time interval, determine user's historical log positional information in the distance current login behavior of described user the second Preset Time interval; Whether the ratio that the historical log number of days that judges the current login position of user that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result; In the current login behavior of judging distance user the second Preset Time interval, whether the quantity of user's historical log position is greater than the 4th setting threshold, to obtain the 4th judged result; When described the 3rd judged result and described the 4th judged result are while being, determine that the current login behavior of user is abnormal login behavior.

It should be noted that, these are only exemplary type explanation, during specific implementation of the present invention, can also take additive method to realize the judgement of abnormal login.Those skilled in the art all belong to protection scope of the present invention not paying other implementations of obtaining under creative work.

Fig. 4 schematically shows according to the flow chart of the abnormal login information storage means of further embodiment of this invention.

When specific implementation of the present invention, the prompting of the judgement of user's abnormal login behavior and abnormal login behavior has been carried out to decoupling zero, be provided with the memory module of abnormal login information, make storage and asynchronous the carrying out of abnormal login prompting of abnormal login information, to improve response and the processing speed of server end, and do not affect user's real-time login behavior.

During specific implementation, when the current login behavior of judgement user is abnormal login behavior, preserving the abnormal login information relevant to described abnormal login behavior comprises: when the current login behavior of judgement user is abnormal login behavior, the abnormal login information relevant to described abnormal login behavior is kept in local memory queue; The abnormal login information being kept in local memory queue is sent in Message Queuing server, so that described Message Queuing server preserves described abnormal login information; Utilize consumer's program module to obtain and be kept at the described abnormal login information in described Message Queuing server, and described abnormal login information is processed, be stored in abnormal login information database.

At length set forth below.When specific implementation of the present invention, by the judgement decoupling zero of the prompting of abnormal login information and abnormal login information, this is to operate than faster because the judgement of abnormal login is one, the prompting of abnormal login is an action more consuming time, such as comprising, sends short messages and sends out the network operations such as mail.In order being unlikely, to allow prompting operation consuming time block application server, to reduce response time and the concurrency of application server, so be necessary these two operation exceptions.In addition, abnormal login information is stored and abnormal login information can be carried out to persistent storage, facilitate the use of follow-up statistics and analysis.

Realizing when of the present invention, inventor finds, the transmission of abnormal login information and storage should guarantee abnormal login information as far as possible timely persistent storage get off, guarantee again certain concurrent and throughput, also the reliability of abnormal login information is had to certain requirement simultaneously.In order to meet above-mentioned requirements, the present invention has used message queue (Message Queue) when carrying out the storage of abnormal login information, message queue, for the non real-time business of those complexity is followed to online real-time main service detach, provides abundant characteristic and extensibility.

Below in conjunction with Fig. 4, at length introduce.In Fig. 4, application server is that the server of service is provided for user.Message Queuing server is the server for buffer memory abnormal login information.Consumer's program module is the abnormal login information of taking out in Message Queuing server, and abnormal login information is stored into the part of database.It is for according to abnormal login Information generation information and send the part of described information that the abnormal reminder module in backstage can be called again reminding module.These modules or program all can be deployed in server side.During specific implementation, when the current login behavior of judgement user is abnormal login behavior, the abnormal login information to be sent (sending/push (put) message in memory queue) of using memory queue buffer memory this locality, the proprietary thread pool on backstage sends these information to the corresponding queue of Message Queuing server simultaneously.Why will introduce memory queue, when main purpose is to prevent that network from connecting fault, the normal operation thread of application server can frequently be attempted creating and connect, thereby causes that user's request can not get response.Wherein, abnormal login message queue is to be positioned at message queue (MQ) server for storing the queue of abnormal login information, can be non-persistence queue.Consumer's program module, for the abnormal login information of abnormal login message queue is taken out, through format conversion, deposits database in, and in theory, consumer's process can have any number of, for accelerating consumption.The abnormal reminder module in backstage can be called again reminding module for extract the abnormal login information occurring in nearest a period of time from database, according to certain strategy, points out to corresponding user.Below the mode of prompting is described.

When specific implementation of the present invention, in a kind of possible implementation, step S304 specifically can comprise: utilize the abnormal login Information generation information of preserving, described information at least comprises abnormal login positional information and/or abnormal login temporal information; To the information recipient corresponding with described user account, send described information.

Wherein, to the information recipient corresponding with described user account, sending described information comprises: obtain the mobile terminal identification information corresponding with described user account; To the mobile terminal corresponding with described mobile terminal identification information, send described information; Wherein, described mobile terminal identification information is to obtain according to the user account of preserving in response to user's bindings request and the corresponding relation of mobile terminal identification information.During specific implementation, can be to sending information with the mobile terminal of user account binding.For example,, to the sending short message by mobile phone information with user account binding, for pointing out user's abnormal login positional information and/or abnormal login temporal information.Whether information can further include inquiry user needs the information such as Modify password.

Wherein, to the information recipient corresponding with described user account, sending described information comprises: obtain the user bound account information corresponding with described user account, to the addresses of items of mail corresponding with described user bound account information, send described information.During specific implementation, can be to sending information with other accounts of user account binding.For example, the addresses of items of mail corresponding to other accounts with the binding of active user's account sends mail information, for pointing out user's abnormal login positional information and/or abnormal login temporal information.Whether information can further include inquiry user needs the information such as Modify password.

When specific implementation of the present invention, in a kind of possible implementation, step S304 specifically can comprise: generate authorization information; Utilize the abnormal login information of preserving to send described authorization information and make client corresponding to user account corresponding with described abnormal login behavior show described authorization information.

During specific implementation, utilize the abnormal login information of preserving to send described authorization information and make client corresponding to user account corresponding with described abnormal login behavior show that described authorization information can comprise: (corresponding with server in client corresponding to user account, at least comprise and show login interface) demonstration authorization information, or to mobile terminal, send information, so that mobile terminal display reminding information.In front a kind of implementation, after generating information, on user's login interface of the client of using user or show authorization information on user interface, when user inputs correct authorization information, allow user's request; When the authorization information of user's input error, refuse user's request.In rear a kind of implementation, obtain the user account corresponding with described abnormal login behavior, obtain the mobile terminal identification information corresponding with described user account, to the mobile terminal corresponding with described mobile terminal identification information, send described authorization information, so that described mobile terminal shows described authorization information.For example, can be to the sending short message by mobile phone information with user account binding, for pointing out user's input validation code.Further, described information can also be for pointing out user's abnormal login positional information and/or abnormal login temporal information.

Further, method provided by the invention can also comprise: the authorization information that receives user's input; Whether the authorization information that judges user's input is correct, obtains the 8th judged result; When described the 8th judged result shows that authorization information that user inputs is correct, feedback is agreed to the message of described request; When described the 8th judgement shows authorization information mistake that user inputs, the message that feedback rejects said request.The authorization information of user's input can be from the client corresponding with login interface or operation interface, also can be from the mobile terminal with user's binding, when receiving the authorization information of feedback, judge that whether the authorization information that user inputs is correct, if correct, feedback is agreed to the information of user's request; If mistake, the information that feedback refuses user's request.

Further, before sending described information, described method also comprises: judge that whether user account corresponding to described abnormal login information meets filter condition, if met, does not send described information.When specific implementation, filter condition for example can comprise: the user login position corresponding with particular ip address; Or, in Preset Time, sent the user account of information; Or, the abnormal login information within the current prompting cycle not; Or the user account of abnormal login prompting etc. is not carried out in setting.Arranging of filter condition can be very flexibly, can arrange as required.It should be noted that, when carrying out the prompting of abnormal login, need to meet prompting in time, prompting by all kinds of means, and need to take into account and avoid too much harassing user.Therefore,, when specific implementation, the present invention can set in advance the prompting cycle to guarantee timely prompting, and adopts separate threads to point out.For fear of too much prompting, the frequency of prompting mode can be set, for example within 3 days, once mail is pointed out one day envelope etc. to short message prompt.User, carry out after specific operation, recalculate abnormal login information.For example, after user's Modify password, recalculate abnormal login information.

Further, described method also comprises: when the current login behavior of judgement user is abnormal login behavior, and the message that feedback rejects said request.When the current login behavior of judgement user is while normally logining behavior, feedback is agreed to the message of described request.

Further, method provided by the invention can also comprise: the abnormal login information to storage is carried out statistics and analysis.Such as comprising: statistics abnormal login scale the previous day, new increment, information amount etc.The present invention further can also comprise: inquiry abnormal login information, provides Exception Type distributes, abnormal login product distributes, abnormal login information of home location distributes statistics, analysis and inquiry.

exemplary apparatus

After having introduced according to the method for exemplary embodiment of the invention, next, with reference to 5 couples, figure, according to device exemplary embodiment of the invention, that login exception monitoring for user, describe.

, comprising:

The first acquisition module 501, is configured in response to the request associated with user account, obtains the historical log information corresponding with described user account;

The first judge module 502, is configured for according to the historical log information corresponding with described user account and judges whether the current login behavior of user is abnormal login behavior;

Memory module 503, is configured for when the current login behavior of judgement user is abnormal login behavior, preserves the abnormal login information relevant to described abnormal login behavior;

Reminding module 504, is configured for the abnormal login Information generation information of utilize preserving and sends described information, and described information for pointing out abnormal login behavior described in user when user gets described information.

Wherein, described the first acquisition module is configured for:

In response to the logging request for described user account, obtain the historical log information corresponding with described user account; Or, in response to the preset data operation requests for described user account, obtain the historical log information corresponding with described user account.

Further, described device also comprises:

Feedback module, is configured for when the current login behavior of judgement user is abnormal login behavior the message that feedback rejects said request.

Further, described the first judge module is configured for:

According to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is abnormal login behavior.

Further, described the first judge module comprises:

First determines subelement, is configured for the historical log number of times of determining described user account;

The first judgment sub-unit, is configured for and judges whether described historical log number of times is greater than the first setting threshold, to obtain the first judged result;

Second determines subelement, is configured for when described the first judged result shows that described user account is not any active ues, determines that the current login behavior of described user is the behavior of normally logining; Wherein, any active ues is the user account that described historical log number of times is greater than described the first setting threshold.

Further, described the first judge module comprises:

The 3rd determines subelement, is configured for according to the historical log information corresponding with described user account in the first Preset Time interval and determines user's historical log positional information in described the first Preset Time interval;

The second judgment sub-unit, be configured for according to described user's historical log positional information judgement quantity of user's historical log position in described the first Preset Time interval in described the first Preset Time interval whether be greater than the second setting threshold, to obtain the second judged result;

The 4th determines subelement, is configured for user's historical log positional information of determining described user account according to the historical log information corresponding with described user account;

The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;

The 3rd judgment sub-unit, whether the ratio that the historical log number of days that is configured for the current login position of user that judges that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;

The 6th determines subelement, is configured for and is while being when described the 3rd judged result and described the 4th judged result, and definite current login behavior of described user is abnormal login behavior.

Further, described the first judge module comprises:

The 4th determines subelement, is configured for user's historical log positional information of determining described user account according to the historical log information corresponding with described user account;

The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;

The 7th determines subelement, be configured for according to the historical log information corresponding with described user account in the current login behavior of distance users the second Preset Time interval, determine user's historical log positional information in the distance current login behavior of described user the second Preset Time interval;

The 3rd judgment sub-unit, whether the ratio that the historical log number of days that is configured for the current login position of user that judges that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;

The 4th judgment sub-unit, whether the quantity that is configured for user's historical log position in the current login behavior of judging distance user the second Preset Time interval is greater than the 4th setting threshold, to obtain the 4th judged result;

The 8th determines subelement, is configured for and is while being when described the 3rd judged result and described the 4th judged result, and definite current login behavior of user is abnormal login behavior.

Further, described the first judge module comprises:

The 4th determines subelement, is configured for user's historical log positional information of determining described user account according to the historical log information corresponding with described user account;

The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;

The 5th judgment sub-unit, is configured for according to user's historical log positional information judgement successful login frequency corresponding with the current login position of user whether be greater than the 5th setting threshold, to obtain the 5th judged result;

The 6th judgment sub-unit, is configured for according to user's historical log positional information and judges that the abnormal login frequency corresponding with the current login position of user accounts for the described ratio of successfully logining the frequency and whether be greater than the 6th setting threshold, to obtain the 6th judged result;

The 9th determines subelement, is configured for and is while being when described the 5th judged result and described the 6th judged result, and definite current login behavior of user is abnormal login behavior.

Further, described the first judge module comprises:

The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;

The 7th judgment sub-unit, is configured for and judges that current login position is whether consistent with the login position in default abnormal login list of locations, to obtain the 7th judged result; Wherein, the abnormal login frequency corresponding to login position in described default abnormal login list of locations is greater than the 7th setting threshold;

The tenth determines subelement, is configured for and judgment result is that while being, definite current login behavior of user is abnormal login behavior when the described the 7th.

Further, described reminding module comprises:

The first information generation unit, is configured for and utilizes the abnormal login Information generation information of preserving, and described information at least comprises abnormal login positional information and/or abnormal login temporal information;

The first information transmitting element, is configured for to the information recipient corresponding with described user account and sends described information.

Further, described the first information transmitting element is configured for:

Obtain the mobile terminal identification information corresponding with described user account, to the mobile terminal corresponding with described mobile terminal identification information, send described information; Wherein, described mobile terminal identification information is to obtain according to the user account of preserving in response to user's bindings request and the corresponding relation of mobile terminal identification information; Or, obtain the user bound account information corresponding with described user account, to the addresses of items of mail corresponding with described user bound account information, send described information.

Further, described reminding module comprises:

The second information generation unit, is configured for generation authorization information;

The second information transmitting element, is configured for and utilizes the abnormal login information of preserving to send described authorization information and make client corresponding to user account corresponding with described abnormal login behavior show described authorization information.

Further, described device also comprises:

Receiver module, is configured for the authorization information that receives user's input;

The second judge module, is configured for and judges that whether the authorization information of user's input is correct, obtains the 8th judged result;

Described feedback module also for:

When described the 8th judged result shows that authorization information that user inputs is correct, feedback is agreed to the message of described request; When described the 8th judgement shows authorization information mistake that user inputs, the message that feedback rejects said request.

Further, described memory module comprises:

Local memory queue, is configured for when the current login behavior of judgement user is abnormal login behavior, preserves the abnormal login information relevant to described abnormal login behavior in local memory queue;

Message Queuing server, is configured for the abnormal login information receiving from local memory queue, and preserves described abnormal login information;

Consumer's program module, is configured for and obtains the described abnormal login information being kept in described Message Queuing server, and described abnormal login information is processed, and to abnormal login information database, sends the abnormal login information after described processing;

Abnormal login information database, for the abnormal login information after stores processor.

Further, described device also comprises:

The 3rd judge module, for before sending described information, judges that whether user account corresponding to described abnormal login information meets filter condition, if met, does not send described information.

Further, described the first acquisition module specifically for:

In response to the request associated with user account, obtain the historical log information in the 3rd Preset Time interval corresponding with described user account

Although it should be noted that some devices or the sub-device of having mentioned equipment in above-detailed, this division is only not enforceable.In fact, according to the embodiment of the present invention, the feature of above-described two or more devices and function can be specialized in a device.Otherwise, the feature of an above-described device and function can Further Division for to be specialized by a plurality of devices.

In addition, although described in the accompanying drawings the operation of the inventive method with particular order,, this not requires or hint must be carried out these operations according to this particular order, or the operation shown in must carrying out all could realize the result of expectation.On the contrary, the step of describing in flow chart can change execution sequence.Additionally or alternatively, can omit some step, a plurality of steps be merged into a step and carry out, and/or a step is decomposed into a plurality of steps carries out.

The verb of mentioning in application documents " comprises ", those elements or the element step or the existence of step of recording in application documents do not got rid of in " comprising " and paradigmatic use thereof.Article before element " one " or " one " do not get rid of the existence of a plurality of this elements.

Although described spirit of the present invention and principle with reference to some embodiments, but should be appreciated that, the present invention is not limited to disclosed embodiment, the division of each side is not meant that to the feature in these aspects can not combine to be benefited yet, and this division is only the convenience in order to explain.The present invention is intended to contain interior included various modifications and the equivalent arrangements of spirit and scope of claims.The scope of claims meets the most wide in range explanation, thereby comprises all such modifications and equivalent structure and function.

Accompanying drawing explanation

By reference to accompanying drawing, read detailed description below, above-mentioned and other objects of exemplary embodiment of the invention, the feature and advantage easy to understand that will become.In the accompanying drawings, in exemplary and nonrestrictive mode, show some execution modes of the present invention, wherein:

Fig. 1 schematically shows the block diagram of the computing system 100 that is suitable for realizing embodiment of the present invention;

Fig. 2 schematically shows the application scenarios of the embodiment of the present invention;

Fig. 3 schematically shows the flow chart that user according to an embodiment of the invention logins method for monitoring abnormality;

Fig. 4 schematically shows according to the flow chart of the abnormal login information storage means of further embodiment of this invention;

The user that Fig. 5 schematically shows according to yet another embodiment of the invention logins exception monitoring device block diagram.

In the accompanying drawings, identical or corresponding label represents identical or corresponding part.

Embodiment

Below with reference to some illustrative embodiments, principle of the present invention and spirit are described.Should be appreciated that providing these execution modes is only used to make those skilled in the art can understand better and then realize the present invention, and not limit the scope of the invention by any way.On the contrary, it is in order to make the disclosure more thorough and complete that these execution modes are provided, and the scope of the present disclosure intactly can be conveyed to those skilled in the art.

Fig. 1 shows the block diagram of the exemplary computer system 100 that is suitable for realizing embodiment of the present invention.As shown in Figure 1, computing system 100 can comprise: CPU (CPU) 101, random-access memory (ram) 102, read-only memory (ROM) 103, system bus 104, hard disk controller 105, keyboard controller 106, serial interface controller 107, parallel interface controller 108, display controller 109, hard disk 110, keyboard 111, serial external equipment 112, parallel external equipment 113 and display 114.In these equipment, with system bus 104 coupling have CPU101, RAM102, ROM103, hard disk controller 105, keyboard controller 106, serial interface controller 107, parallel interface controller 108 and a display controller 109.Hard disk 110 and hard disk controller 105 couplings, keyboard 111 and keyboard controller 106 couplings, serial external equipment 112 and serial interface controller 107 couplings, parallel external equipment 113 and parallel interface controller 108 couplings, and display 114 and display controller 109 couplings.Should be appreciated that the structured flowchart described in Fig. 1 is only used to the object of example, rather than limitation of the scope of the invention.In some cases, can increase as the case may be or reduce some equipment.

Art technology technical staff knows, embodiments of the present invention can be implemented as a kind of system, method or computer program.Therefore, the disclosure can specific implementation be following form, that is: hardware, software (comprising firmware, resident software, microcode etc.), or the form of hardware and software combination completely completely, be commonly referred to as " circuit ", " module " or " system " herein.In addition, in certain embodiments, the present invention can also be embodied as the form of the computer program in one or more computer-readable mediums, comprises computer-readable program code in this computer-readable medium.

Can adopt the combination in any of one or more computer-readable media.Computer-readable medium can be computer-readable signal media or computer-readable recording medium.Computer-readable recording medium for example may be, but not limited to,, electricity, magnetic, optical, electrical magnetic, infrared ray or semi-conductive system, device or device, or the combination arbitrarily.The example more specifically of computer-readable recording medium (non exhaustive example) for example can comprise: the combination of portable computer diskette, hard disk, random-access memory (ram), read-only memory (ROM), erasable type programmable read only memory (EPROM or flash memory), Portable, compact disk read-only memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate.In presents, computer-readable recording medium can be any comprising or stored program tangible medium, and this program can be used or be combined with it by instruction execution system, device or device.

Computer-readable signal media can be included in base band or the data-signal of propagating as a carrier wave part, has wherein carried computer-readable program code.The data-signal of this propagation can adopt various ways, includes but not limited to the combination of electromagnetic signal, light signal or above-mentioned any appropriate.Computer-readable signal media can also be any computer-readable medium beyond computer-readable recording medium, and this computer-readable medium can send, propagates or transmit the program for being used or be combined with it by instruction execution system, device or device.

The program code comprising on computer-readable medium can be with any suitable medium transmission, includes but not limited to wireless, electric wire, optical cable, RF etc., or the combination of above-mentioned any appropriate.

Can combine to write for carrying out the computer program code of the present invention's operation with one or more programming languages or its, described programming language comprises object-oriented programming language-such as Java, Smalltalk, C++, also comprises conventional process type programming language-such as " C " language or similar programming language.Program code can fully be carried out on subscriber computer, part part on subscriber computer is carried out or on remote computer or server, carried out completely on remote computer.In relating to the situation of remote computer, remote computer can be connected to subscriber computer by the network (comprising local area network (LAN) (LAN) or wide area network (WAN)) of any kind, or, can be connected to outer computer (for example utilizing ISP to pass through Internet connection).

The flow chart of method and the block diagram of equipment (or system) below with reference to the embodiment of the present invention are described embodiments of the present invention.The combination that should be appreciated that each square frame in each square frame of flow chart and/or block diagram and flow chart and/or block diagram can be realized by computer program instructions.These computer program instructions can offer the processor of all-purpose computer, special-purpose computer or other programmable data processing unit, thereby produce a kind of machine, these computer program instructions are carried out by computer or other programmable data processing unit, have produced the device of the function/operation of stipulating in the square frame in realization flow figure and/or block diagram.

Also these computer program instructions can be stored in and can make in computer or the computer-readable medium of other programmable data processing unit with ad hoc fashion work, like this, the instruction being stored in computer-readable medium just produces a product that comprises the command device of the function/operation of stipulating in the square frame in realization flow figure and/or block diagram.

Also computer program instructions can be loaded on computer, other programmable data processing unit or miscellaneous equipment, make to carry out sequence of operations step on computer, other programmable data processing unit or miscellaneous equipment, to produce computer implemented process, thus the process of function/operation that the instruction that makes to carry out on computer or other programmable device is stipulated during the square frame in realization flow figure and/or block diagram can be provided.

According to the embodiment of the present invention, the method and apparatus that a kind of user logins exception monitoring has been proposed.

In this article, any number of elements in accompanying drawing is all unrestricted for example, and any name is all only for distinguishing, and does not have any limitation.

Below with reference to some representative embodiments of the present invention, explain in detail principle of the present invention and spirit.

Claims (32)

1. a method, comprising:
In response to the request associated with user account, obtain the historical log information corresponding with described user account;
According to the historical log information corresponding with described user account, judge whether the current login behavior of user is abnormal login behavior;
When the current login behavior of judgement user is abnormal login behavior, preserve the abnormal login information relevant to described abnormal login behavior;
The abnormal login Information generation information of utilize preserving also sends described information, and described information for pointing out abnormal login behavior described in user when user gets described information.
2. method according to claim 1, wherein, described request comprises:
Logging request for described user account; Or
Preset data operation requests for described user account.
3. method according to claim 1, described method also comprises:
When the current login behavior of judgement user is abnormal login behavior, the message that feedback rejects said request.
4. method according to claim 1, wherein, the described basis historical log information corresponding with described user account judges whether the current login behavior of user is that abnormal login behavior comprises:
According to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is abnormal login behavior.
5. method according to claim 4, wherein, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:
Determine the historical log number of times of described user account;
Judge whether described historical log number of times is greater than the first setting threshold, to obtain the first judged result; And
When described the first judged result shows that described user account is not any active ues, determine that the current login behavior of described user is the behavior of normally logining;
Wherein, described any active ues is the user account that described historical log number of times is greater than described the first setting threshold.
6. method according to claim 4, wherein, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:
According to historical log information corresponding with described user account in the first Preset Time interval, determine user's historical log positional information in described the first Preset Time interval;
According to described user's historical log positional information judgement quantity of user's historical log position in described the first Preset Time interval in described the first Preset Time interval, whether be greater than the second setting threshold, to obtain the second judged result;
According to the historical log information corresponding with described user account, determine user's historical log positional information of described user account;
Determine the current login position of the user information that the current login behavior of user is corresponding;
Whether the ratio that the historical log number of days that judges the current login position of user that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;
When described the second judged result and described the 3rd judged result are while being, determine that the current login behavior of described user is abnormal login behavior.
7. method according to claim 4, wherein, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:
According to the historical log information corresponding with described user account, determine user's historical log positional information of described user account;
Determine the current login position of the user information that the current login behavior of user is corresponding;
According to the historical log information corresponding with described user account in the current login behavior of distance users the second Preset Time interval, determine user's historical log positional information in the distance current login behavior of described user the second Preset Time interval;
Whether the ratio that the historical log number of days that judges the current login position of user that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;
In the current login behavior of judging distance user the second Preset Time interval, whether the quantity of user's historical log position is greater than the 4th setting threshold, to obtain the 4th judged result;
When described the 3rd judged result and described the 4th judged result are while being, determine that the current login behavior of user is abnormal login behavior.
8. method according to claim 4, wherein, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:
According to the historical log information corresponding with described user account, determine user's historical log positional information of described user account;
Determine the current login position of the user information that the current login behavior of user is corresponding;
According to user's historical log positional information judgement successful login frequency corresponding with the current login position of user, whether be greater than the 5th setting threshold, to obtain the 5th judged result;
According to user's historical log positional information judgement abnormal login frequency corresponding with the current login position of user, account for the described ratio of successfully logining the frequency and whether be greater than the 6th setting threshold, to obtain the 6th judged result;
When described the 5th judged result and described the 6th judged result are while being, determine that the current login behavior of user is abnormal login behavior.
9. method according to claim 4, wherein, the described basis historical log information corresponding with described user account judges according at least one in user's login position information and user's login frequency information whether the current login behavior of user is that abnormal login behavior comprises:
Determine the current login position of the user information that the current login behavior of user is corresponding;
Judge that current login position is whether consistent with the login position in default abnormal login list of locations, to obtain the 7th judged result; Wherein, the abnormal login frequency corresponding to login position in described default abnormal login list of locations is greater than the 7th setting threshold;
Judgment result is that while being when the described the 7th, determine that the current login behavior of user is abnormal login behavior.
10. method according to claim 1, wherein, the abnormal login Information generation information that described utilization is preserved also sends described information and comprises:
Utilize the abnormal login Information generation information of preserving, described information at least comprises abnormal login positional information and/or abnormal login temporal information;
To the information recipient corresponding with described user account, send described information.
11. methods according to claim 10, wherein, describedly send described information to the information recipient corresponding with described user account and comprise:
Obtain the mobile terminal identification information corresponding with described user account;
To the mobile terminal corresponding with described mobile terminal identification information, send described information; Wherein, described mobile terminal identification information is to obtain according to the user account of preserving in response to user's bindings request and the corresponding relation of mobile terminal identification information;
Or
Obtain the user bound account information corresponding with described user account, to the addresses of items of mail corresponding with described user bound account information, send described information.
12. methods according to claim 1, wherein, the abnormal login Information generation information that described utilization is preserved also sends described information and comprises:
Generate authorization information;
Utilize the abnormal login information of preserving to send described authorization information and make client corresponding to user account corresponding with described abnormal login behavior show described authorization information.
13. methods according to claim 11, described method also comprises:
Receive the authorization information of user's input;
Whether the authorization information that judges user's input is correct, obtains the 8th judged result;
When described the 8th judged result shows that authorization information that user inputs is correct, feedback is agreed to the message of described request;
When described the 8th judgement shows authorization information mistake that user inputs, the message that feedback rejects said request.
14. methods according to claim 1, wherein, described when the current login behavior of judgement user is abnormal login behavior, preserve the abnormal login information relevant to described abnormal login behavior and comprise:
When the current login behavior of judgement user is abnormal login behavior, the abnormal login information relevant to described abnormal login behavior is kept in local memory queue;
The abnormal login information being kept in local memory queue is sent in Message Queuing server, so that described Message Queuing server preserves described abnormal login information;
Utilize consumer's program module to obtain and be kept at the described abnormal login information in described Message Queuing server, and described abnormal login information is processed, be stored in abnormal login information database.
15. methods according to claim 1, before sending described information, described method also comprises:
Judge that whether user account corresponding to described abnormal login information meets filter condition, if met, does not send described information.
16. methods according to claim 1, wherein, described in obtain the historical log information corresponding with described user account and comprise:
Obtain the historical log information in the 3rd Preset Time interval corresponding with described user account.
17. 1 kinds of devices, comprising:
The first acquisition module, is configured in response to the request associated with user account, obtains the historical log information corresponding with described user account;
The first judge module, is configured for according to the historical log information corresponding with described user account and judges whether the current login behavior of user is abnormal login behavior;
Memory module, is configured for when the current login behavior of judgement user is abnormal login behavior, preserves the abnormal login information relevant to described abnormal login behavior;
Reminding module, is configured for the abnormal login Information generation information of utilize preserving and sends described information, and described information for pointing out abnormal login behavior described in user when user gets described information.
18. devices according to claim 17, wherein, described the first acquisition module is configured for:
In response to the logging request for described user account, obtain the historical log information corresponding with described user account; Or, in response to the preset data operation requests for described user account, obtain the historical log information corresponding with described user account.
19. devices according to claim 17, described device also comprises:
Feedback module, is configured for when the current login behavior of judgement user is abnormal login behavior the message that feedback rejects said request.
20. devices according to claim 17, wherein, described the first judge module is configured for:
According to the historical log information corresponding with described user account, according at least one in user's login position information and user's login frequency information, judge whether the current login behavior of user is abnormal login behavior.
21. devices according to claim 20, wherein, described the first judge module comprises:
First determines subelement, is configured for the historical log number of times of determining described user account;
The first judgment sub-unit, is configured for and judges whether described historical log number of times is greater than the first setting threshold, to obtain the first judged result;
Second determines subelement, is configured for when described the first judged result shows that described user account is not any active ues, determines that the current login behavior of described user is the behavior of normally logining; Wherein, any active ues is the user account that described historical log number of times is greater than described the first setting threshold.
22. devices according to claim 20, wherein, described the first judge module comprises:
The 3rd determines subelement, is configured for according to the historical log information corresponding with described user account in the first Preset Time interval and determines user's historical log positional information in described the first Preset Time interval;
The second judgment sub-unit, be configured for according to described user's historical log positional information judgement quantity of user's historical log position in described the first Preset Time interval in described the first Preset Time interval whether be greater than the second setting threshold, to obtain the second judged result;
The 4th determines subelement, is configured for user's historical log positional information of determining described user account according to the historical log information corresponding with described user account;
The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;
The 3rd judgment sub-unit, whether the ratio that the historical log number of days that is configured for the current login position of user that judges that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;
The 6th determines subelement, is configured for and is while being when described the second judged result and described the 3rd judged result, and definite current login behavior of described user is abnormal login behavior.
23. devices according to claim 20, wherein, described the first judge module comprises:
The 4th determines subelement, is configured for user's historical log positional information of determining described user account according to the historical log information corresponding with described user account;
The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;
The 7th determines subelement, be configured for according to the historical log information corresponding with described user account in the current login behavior of distance users the second Preset Time interval, determine user's historical log positional information in the distance current login behavior of described user the second Preset Time interval;
The 3rd judgment sub-unit, whether the ratio that the historical log number of days that is configured for the current login position of user that judges that the current login behavior of user is corresponding takies the total number of days of historical log of all historical log position, family is less than the 3rd setting threshold, to obtain the 3rd judged result;
The 4th judgment sub-unit, whether the quantity that is configured for user's historical log position in the current login behavior of judging distance user the second Preset Time interval is greater than the 4th setting threshold, to obtain the 4th judged result;
The 8th determines subelement, is configured for and is while being when described the 3rd judged result and described the 4th judged result, and definite current login behavior of user is abnormal login behavior.
24. devices according to claim 20, wherein, described the first judge module comprises:
The 4th determines subelement, is configured for user's historical log positional information of determining described user account according to the historical log information corresponding with described user account;
The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;
The 5th judgment sub-unit, is configured for according to user's historical log positional information judgement successful login frequency corresponding with the current login position of user whether be greater than the 5th setting threshold, to obtain the 5th judged result;
The 6th judgment sub-unit, is configured for according to user's historical log positional information and judges that the abnormal login frequency corresponding with the current login position of user accounts for the described ratio of successfully logining the frequency and whether be greater than the 6th setting threshold, to obtain the 6th judged result;
The 9th determines subelement, is configured for and is while being when described the 5th judged result and described the 6th judged result, and definite current login behavior of user is abnormal login behavior.
25. devices according to claim 20, wherein, described the first judge module comprises:
The 5th determines subelement, is configured for and determines the current login position of user information corresponding to the current login behavior of user;
The 7th judgment sub-unit, is configured for and judges that current login position is whether consistent with the login position in default abnormal login list of locations, to obtain the 7th judged result; Wherein, the abnormal login frequency corresponding to login position in described default abnormal login list of locations is greater than the 7th setting threshold;
The tenth determines subelement, is configured for and judgment result is that while being, definite current login behavior of user is abnormal login behavior when the described the 7th.
26. devices according to claim 17, wherein, described reminding module comprises:
The first information generation unit, is configured for and utilizes the abnormal login Information generation information of preserving, and described information at least comprises abnormal login positional information and/or abnormal login temporal information;
The first information transmitting element, is configured for to the information recipient corresponding with described user account and sends described information.
27. devices according to claim 26, wherein, described the first information transmitting element is configured for:
Obtain the mobile terminal identification information corresponding with described user account, to the mobile terminal corresponding with described mobile terminal identification information, send described information; Wherein, described mobile terminal identification information is to obtain according to the user account of preserving in response to user's bindings request and the corresponding relation of mobile terminal identification information; Or, obtain the user bound account information corresponding with described user account, to the addresses of items of mail corresponding with described user bound account information, send described information.
28. devices according to claim 17, wherein, described reminding module comprises:
The second information generation unit, is configured for generation authorization information;
The second information transmitting element, is configured for and utilizes the abnormal login information of preserving to send described authorization information and make client corresponding to user account corresponding with described abnormal login behavior show described authorization information.
29. devices according to claim 28, described device also comprises:
Receiver module, is configured for the authorization information that receives user's input;
The second judge module, is configured for and judges that whether the authorization information of user's input is correct, obtains the 8th judged result;
Described feedback module also for:
When described the 8th judged result shows that authorization information that user inputs is correct, feedback is agreed to the message of described request; When described the 8th judgement shows authorization information mistake that user inputs, the message that feedback rejects said request.
30. devices according to claim 17, wherein, described memory module comprises:
Local memory queue, is configured for when the current login behavior of judgement user is abnormal login behavior, preserves the abnormal login information relevant to described abnormal login behavior in described local memory queue;
Message Queuing server, is configured for and receives the abnormal login information sending from local memory queue, and preserve described abnormal login information;
Consumer's program module, is configured for and obtains the described abnormal login information being kept in described Message Queuing server, and described abnormal login information is processed, and to abnormal login information database, sends the abnormal login information after described processing;
Abnormal login information database, is configured for the abnormal login information after stores processor.
31. devices according to claim 17, described device also comprises:
The 3rd judge module, for before sending described information, judges that whether user account corresponding to described abnormal login information meets filter condition, if met, does not send described information.
32. devices according to claim 17, wherein, described the first acquisition module is configured for:
In response to the request associated with user account, obtain the historical log information in the 3rd Preset Time interval corresponding with described user account.
CN201310546009.8A 2013-11-06 2013-11-06 A kind of User logs in method for monitoring abnormality and device CN103532797B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310546009.8A CN103532797B (en) 2013-11-06 2013-11-06 A kind of User logs in method for monitoring abnormality and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310546009.8A CN103532797B (en) 2013-11-06 2013-11-06 A kind of User logs in method for monitoring abnormality and device

Publications (2)

Publication Number Publication Date
CN103532797A true CN103532797A (en) 2014-01-22
CN103532797B CN103532797B (en) 2017-07-04

Family

ID=49934496

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310546009.8A CN103532797B (en) 2013-11-06 2013-11-06 A kind of User logs in method for monitoring abnormality and device

Country Status (1)

Country Link
CN (1) CN103532797B (en)

Cited By (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104144419A (en) * 2014-01-24 2014-11-12 腾讯科技(深圳)有限公司 Identity authentication method, device and system
CN104378360A (en) * 2014-10-23 2015-02-25 腾讯科技(深圳)有限公司 Account safety prompt method, device and system
CN104539741A (en) * 2015-01-26 2015-04-22 北京奇艺世纪科技有限公司 Prompting method and prompting device for account login
CN104618336A (en) * 2014-12-30 2015-05-13 广州酷狗计算机科技有限公司 Account number management method, device and system
CN104657856A (en) * 2015-03-11 2015-05-27 上海美迪索科电子科技有限公司 Position certification based intelligent mobile client payment method and server system
CN104852886A (en) * 2014-02-14 2015-08-19 腾讯科技(深圳)有限公司 Protection method and device for user account
CN104902033A (en) * 2014-03-05 2015-09-09 腾讯科技(深圳)有限公司 Method and device for recording login address
CN104917643A (en) * 2014-03-11 2015-09-16 腾讯科技(深圳)有限公司 Abnormal account detection method and device
CN104954350A (en) * 2014-03-31 2015-09-30 腾讯科技(深圳)有限公司 Account information protection method and system thereof
CN104967594A (en) * 2014-10-23 2015-10-07 腾讯科技(深圳)有限公司 Stolen account identification method and apparatus
CN104980400A (en) * 2014-04-08 2015-10-14 深圳市腾讯计算机系统有限公司 Login access control method and login access control server
CN105046423A (en) * 2015-07-01 2015-11-11 安徽海澄德畅电子科技有限公司 Book management device
CN105227532A (en) * 2014-06-30 2016-01-06 阿里巴巴集团控股有限公司 A kind of blocking-up method of malicious act and device
CN105323144A (en) * 2014-07-16 2016-02-10 腾讯科技(深圳)有限公司 Method and system for prompting message abnormity in instant messenger
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
CN105516915A (en) * 2014-09-24 2016-04-20 阿里巴巴集团控股有限公司 Method and apparatus for acquiring range of activity of user
CN105516138A (en) * 2015-12-09 2016-04-20 赛肯(北京)科技有限公司 Verification method and device based on login log analysis
CN105635066A (en) * 2014-11-03 2016-06-01 天翼电子商务有限公司 Management method and device of client application program
CN105653536A (en) * 2014-11-13 2016-06-08 阿里巴巴集团控股有限公司 Method and device for data processing
CN105763505A (en) * 2014-12-15 2016-07-13 阿里巴巴集团控股有限公司 Operation method and device based on user account
CN105847277A (en) * 2016-04-29 2016-08-10 乐视控股(北京)有限公司 Service account share management method and system used for third party application
CN105871784A (en) * 2015-01-22 2016-08-17 阿里巴巴集团控股有限公司 Information change processing method and device
CN105992211A (en) * 2015-02-12 2016-10-05 深圳市腾讯计算机系统有限公司 Account stealing detection method, device and system
CN106215416A (en) * 2016-07-19 2016-12-14 网易(杭州)网络有限公司 Game services method for monitoring state, device and system
CN106251214A (en) * 2016-08-02 2016-12-21 东软集团股份有限公司 account monitoring method and device
CN106302323A (en) * 2015-05-19 2017-01-04 腾讯科技(深圳)有限公司 Security message sending method and device
CN106375960A (en) * 2016-09-29 2017-02-01 北京奇虎科技有限公司 Method and system for sending farewell reminder to online friend account, and client
CN106534119A (en) * 2016-11-09 2017-03-22 福建中金在线信息科技有限公司 Method and device for prompting client software login information
CN106572057A (en) * 2015-10-10 2017-04-19 百度在线网络技术(北京)有限公司 Method and device for detecting exception information of user login
CN106656995A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Device control method and device
CN106657139A (en) * 2017-01-18 2017-05-10 杭州迪普科技股份有限公司 Login password processing method, apparatus and system
CN106657073A (en) * 2016-12-26 2017-05-10 北京五八信息技术有限公司 Method and system for screening abnormal login users
CN106776973A (en) * 2016-12-05 2017-05-31 深圳前海微众银行股份有限公司 Blacklist data generation method and device
CN106936806A (en) * 2015-12-31 2017-07-07 阿里巴巴集团控股有限公司 A kind of recognition methods of account abnormal login and device
CN106953738A (en) * 2016-10-11 2017-07-14 阿里巴巴集团控股有限公司 Risk control method and device
CN106992977A (en) * 2017-03-28 2017-07-28 北京小米移动软件有限公司 alarm method, device and equipment
CN107018138A (en) * 2017-04-11 2017-08-04 百度在线网络技术(北京)有限公司 Method and apparatus for defining the competence
CN107040494A (en) * 2015-07-29 2017-08-11 深圳市腾讯计算机系统有限公司 User account exception prevention method and system
CN107040497A (en) * 2016-02-03 2017-08-11 阿里巴巴集团控股有限公司 Network account theft preventing method and device
CN107046550A (en) * 2017-06-14 2017-08-15 微梦创科网络科技(中国)有限公司 A kind of detection method and device of abnormal login behavior
CN107172104A (en) * 2017-07-17 2017-09-15 顺丰科技有限公司 One kind logs in method for detecting abnormality, system and equipment
CN107273263A (en) * 2017-05-26 2017-10-20 努比亚技术有限公司 A kind of analysis method of misoperation, application terminal and monitoring server
CN107277036A (en) * 2017-07-05 2017-10-20 云南撇捺势信息技术有限公司 Login validation method based on multistation point data, checking equipment and storage medium
CN107295153A (en) * 2016-03-31 2017-10-24 宇龙计算机通信科技(深圳)有限公司 A kind of management method and terminal for switching logon account
CN107395585A (en) * 2017-07-17 2017-11-24 顺丰科技有限公司 A kind of acquisition methods, system and the equipment of the abnormal index based on timing node
CN107465642A (en) * 2016-06-02 2017-12-12 百度在线网络技术(北京)有限公司 A kind of method and device for judging account abnormal login
CN107743129A (en) * 2017-11-02 2018-02-27 深圳市金立通信设备有限公司 Method, terminal and the computer-readable recording medium of dynamically distributes Cookie expired times
CN107743108A (en) * 2016-09-21 2018-02-27 腾讯科技(深圳)有限公司 A kind of Media Access Control address recognition methods and device
CN107911395A (en) * 2017-12-30 2018-04-13 世纪龙信息网络有限责任公司 Login validation method and system, computer-readable storage medium and equipment
CN107911396A (en) * 2017-12-30 2018-04-13 世纪龙信息网络有限责任公司 Log in method for detecting abnormality and system
CN108256313A (en) * 2017-12-18 2018-07-06 广东睿江云计算股份有限公司 A kind of right management method, system and device
US10554655B2 (en) 2014-01-24 2020-02-04 Tencent Technology (Shenzhen) Company Limited Method and system for verifying an account operation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN102664877A (en) * 2012-03-30 2012-09-12 北京千橡网景科技发展有限公司 Method and device for exception handling in login process
CN103023718A (en) * 2012-11-29 2013-04-03 北京奇虎科技有限公司 Device and method for monitoring user login

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN102664877A (en) * 2012-03-30 2012-09-12 北京千橡网景科技发展有限公司 Method and device for exception handling in login process
CN103023718A (en) * 2012-11-29 2013-04-03 北京奇虎科技有限公司 Device and method for monitoring user login

Cited By (72)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104144419B (en) * 2014-01-24 2017-05-24 腾讯科技(深圳)有限公司 Identity authentication method, device and system
US10200362B2 (en) 2014-01-24 2019-02-05 Tencent Technology (Shenzhen) Company Limited Method and system for verifying an account operation
CN104144419A (en) * 2014-01-24 2014-11-12 腾讯科技(深圳)有限公司 Identity authentication method, device and system
US10554655B2 (en) 2014-01-24 2020-02-04 Tencent Technology (Shenzhen) Company Limited Method and system for verifying an account operation
CN104852886A (en) * 2014-02-14 2015-08-19 腾讯科技(深圳)有限公司 Protection method and device for user account
CN104902033A (en) * 2014-03-05 2015-09-09 腾讯科技(深圳)有限公司 Method and device for recording login address
CN104902033B (en) * 2014-03-05 2019-08-13 腾讯科技(深圳)有限公司 Log in address recording method and device
CN104917643B (en) * 2014-03-11 2019-02-01 腾讯科技(深圳)有限公司 Abnormal account detection method and device
CN104917643A (en) * 2014-03-11 2015-09-16 腾讯科技(深圳)有限公司 Abnormal account detection method and device
CN104954350A (en) * 2014-03-31 2015-09-30 腾讯科技(深圳)有限公司 Account information protection method and system thereof
CN104980400A (en) * 2014-04-08 2015-10-14 深圳市腾讯计算机系统有限公司 Login access control method and login access control server
CN105227532A (en) * 2014-06-30 2016-01-06 阿里巴巴集团控股有限公司 A kind of blocking-up method of malicious act and device
CN105227532B (en) * 2014-06-30 2018-09-18 阿里巴巴集团控股有限公司 A kind of blocking-up method and device of malicious act
CN105323144A (en) * 2014-07-16 2016-02-10 腾讯科技(深圳)有限公司 Method and system for prompting message abnormity in instant messenger
CN105471819B (en) * 2014-08-19 2019-08-30 腾讯科技(深圳)有限公司 Account method for detecting abnormality and device
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
CN105516915A (en) * 2014-09-24 2016-04-20 阿里巴巴集团控股有限公司 Method and apparatus for acquiring range of activity of user
CN105516915B (en) * 2014-09-24 2019-05-07 阿里巴巴集团控股有限公司 The method and apparatus for obtaining User Activity range
CN104378360B (en) * 2014-10-23 2016-04-13 腾讯科技(深圳)有限公司 Account number safety reminding method, device and system
CN104378360A (en) * 2014-10-23 2015-02-25 腾讯科技(深圳)有限公司 Account safety prompt method, device and system
CN104967594B (en) * 2014-10-23 2017-03-22 腾讯科技(深圳)有限公司 Stolen account identification method and apparatus
CN104967594A (en) * 2014-10-23 2015-10-07 腾讯科技(深圳)有限公司 Stolen account identification method and apparatus
CN105635066A (en) * 2014-11-03 2016-06-01 天翼电子商务有限公司 Management method and device of client application program
CN105635066B (en) * 2014-11-03 2019-06-28 天翼电子商务有限公司 A kind of management method and device of client application
CN105653536B (en) * 2014-11-13 2018-10-23 阿里巴巴集团控股有限公司 Data processing method and device
CN105653536A (en) * 2014-11-13 2016-06-08 阿里巴巴集团控股有限公司 Method and device for data processing
CN105763505A (en) * 2014-12-15 2016-07-13 阿里巴巴集团控股有限公司 Operation method and device based on user account
CN105763505B (en) * 2014-12-15 2019-02-26 阿里巴巴集团控股有限公司 Operating method and device based on user account
CN104618336A (en) * 2014-12-30 2015-05-13 广州酷狗计算机科技有限公司 Account number management method, device and system
CN104618336B (en) * 2014-12-30 2018-05-18 广州酷狗计算机科技有限公司 A kind of account management method, equipment and system
CN105871784A (en) * 2015-01-22 2016-08-17 阿里巴巴集团控股有限公司 Information change processing method and device
CN104539741B (en) * 2015-01-26 2019-10-15 北京奇艺世纪科技有限公司 A kind of reminding method and device of Account Logon
CN104539741A (en) * 2015-01-26 2015-04-22 北京奇艺世纪科技有限公司 Prompting method and prompting device for account login
CN105992211B (en) * 2015-02-12 2019-09-17 深圳市腾讯计算机系统有限公司 A kind of steal-number detection method, device and system
CN105992211A (en) * 2015-02-12 2016-10-05 深圳市腾讯计算机系统有限公司 Account stealing detection method, device and system
CN104657856A (en) * 2015-03-11 2015-05-27 上海美迪索科电子科技有限公司 Position certification based intelligent mobile client payment method and server system
CN106302323A (en) * 2015-05-19 2017-01-04 腾讯科技(深圳)有限公司 Security message sending method and device
CN105046423A (en) * 2015-07-01 2015-11-11 安徽海澄德畅电子科技有限公司 Book management device
CN107040494A (en) * 2015-07-29 2017-08-11 深圳市腾讯计算机系统有限公司 User account exception prevention method and system
CN106572057A (en) * 2015-10-10 2017-04-19 百度在线网络技术(北京)有限公司 Method and device for detecting exception information of user login
CN105516138B (en) * 2015-12-09 2019-02-15 广州密码科技有限公司 A kind of verification method and device based on login log analysis
CN105516138A (en) * 2015-12-09 2016-04-20 赛肯(北京)科技有限公司 Verification method and device based on login log analysis
CN106936806A (en) * 2015-12-31 2017-07-07 阿里巴巴集团控股有限公司 A kind of recognition methods of account abnormal login and device
CN107040497A (en) * 2016-02-03 2017-08-11 阿里巴巴集团控股有限公司 Network account theft preventing method and device
CN107295153A (en) * 2016-03-31 2017-10-24 宇龙计算机通信科技(深圳)有限公司 A kind of management method and terminal for switching logon account
CN105847277A (en) * 2016-04-29 2016-08-10 乐视控股(北京)有限公司 Service account share management method and system used for third party application
CN107465642A (en) * 2016-06-02 2017-12-12 百度在线网络技术(北京)有限公司 A kind of method and device for judging account abnormal login
CN106215416A (en) * 2016-07-19 2016-12-14 网易(杭州)网络有限公司 Game services method for monitoring state, device and system
CN106251214A (en) * 2016-08-02 2016-12-21 东软集团股份有限公司 account monitoring method and device
CN107743108A (en) * 2016-09-21 2018-02-27 腾讯科技(深圳)有限公司 A kind of Media Access Control address recognition methods and device
CN106375960A (en) * 2016-09-29 2017-02-01 北京奇虎科技有限公司 Method and system for sending farewell reminder to online friend account, and client
CN106375960B (en) * 2016-09-29 2019-08-06 北京安云世纪科技有限公司 It is a kind of to send method, client and the system parted and reminded to online good friend's account
CN106953738A (en) * 2016-10-11 2017-07-14 阿里巴巴集团控股有限公司 Risk control method and device
CN106656995A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Device control method and device
CN106534119A (en) * 2016-11-09 2017-03-22 福建中金在线信息科技有限公司 Method and device for prompting client software login information
CN106776973A (en) * 2016-12-05 2017-05-31 深圳前海微众银行股份有限公司 Blacklist data generation method and device
CN106657073A (en) * 2016-12-26 2017-05-10 北京五八信息技术有限公司 Method and system for screening abnormal login users
CN106657139A (en) * 2017-01-18 2017-05-10 杭州迪普科技股份有限公司 Login password processing method, apparatus and system
CN106992977A (en) * 2017-03-28 2017-07-28 北京小米移动软件有限公司 alarm method, device and equipment
CN107018138A (en) * 2017-04-11 2017-08-04 百度在线网络技术(北京)有限公司 Method and apparatus for defining the competence
CN107273263A (en) * 2017-05-26 2017-10-20 努比亚技术有限公司 A kind of analysis method of misoperation, application terminal and monitoring server
CN107046550A (en) * 2017-06-14 2017-08-15 微梦创科网络科技(中国)有限公司 A kind of detection method and device of abnormal login behavior
CN107277036A (en) * 2017-07-05 2017-10-20 云南撇捺势信息技术有限公司 Login validation method based on multistation point data, checking equipment and storage medium
CN107277036B (en) * 2017-07-05 2019-01-18 云南撇捺势信息技术有限公司 Login validation method, verifying equipment and storage medium based on multistation point data
CN107172104A (en) * 2017-07-17 2017-09-15 顺丰科技有限公司 One kind logs in method for detecting abnormality, system and equipment
CN107395585A (en) * 2017-07-17 2017-11-24 顺丰科技有限公司 A kind of acquisition methods, system and the equipment of the abnormal index based on timing node
CN107395585B (en) * 2017-07-17 2019-12-27 顺丰科技有限公司 Method, system and equipment for acquiring anomaly index based on time node
CN107172104B (en) * 2017-07-17 2019-12-27 顺丰科技有限公司 Login abnormity detection method, system and equipment
CN107743129A (en) * 2017-11-02 2018-02-27 深圳市金立通信设备有限公司 Method, terminal and the computer-readable recording medium of dynamically distributes Cookie expired times
CN108256313A (en) * 2017-12-18 2018-07-06 广东睿江云计算股份有限公司 A kind of right management method, system and device
CN107911395A (en) * 2017-12-30 2018-04-13 世纪龙信息网络有限责任公司 Login validation method and system, computer-readable storage medium and equipment
CN107911396A (en) * 2017-12-30 2018-04-13 世纪龙信息网络有限责任公司 Log in method for detecting abnormality and system

Also Published As

Publication number Publication date
CN103532797B (en) 2017-07-04

Similar Documents

Publication Publication Date Title
US9241259B2 (en) Method and apparatus for managing the transfer of sensitive information to mobile devices
CA2848655C (en) Providing a network-accessible malware analysis
US9223950B2 (en) Security challenge assisted password proxy
KR100943012B1 (en) Merging multi-line log entries
US20120266245A1 (en) Multi-Nodal Malware Analysis
US8990909B2 (en) Out-of-band challenge question authentication
CN103975337A (en) Predictive heap overflow protection
CN104077689A (en) Information verification method, relevant device and system
US20120254770A1 (en) Messaging interface
US20100281536A1 (en) Phish probability scoring model
CN102857484B (en) A kind of method, system and device realizing single-sign-on
JP2004326318A (en) Communication device
US9451014B2 (en) Across-application network communication method and device
KR20120090905A (en) Secure safe sender list
CN104468249B (en) Account abnormity detection method and device
US20170155748A1 (en) Information Processing Method, Information Processing Device, and Apparatus
CN104601641B (en) Application link sharing method, apparatus and system
US20130139236A1 (en) Imposter account report management in a social networking system
CN103532797B (en) A kind of User logs in method for monitoring abnormality and device
US8695027B2 (en) System and method for application security assessment
US10104029B1 (en) Email security architecture
CN104125062A (en) Login method, device, login authentication device, server, terminals and system
CN102624677B (en) Method and server for monitoring network user behavior
US20150350232A1 (en) Method, Device and System for Recognizing Network Behavior of Program
CN103916244B (en) Verification method and device

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
GR01 Patent grant
GR01 Patent grant