CN103699822B - User's anomaly detection method in ecommerce based on mouse behavior - Google Patents
User's anomaly detection method in ecommerce based on mouse behavior Download PDFInfo
- Publication number
- CN103699822B CN103699822B CN201310747420.1A CN201310747420A CN103699822B CN 103699822 B CN103699822 B CN 103699822B CN 201310747420 A CN201310747420 A CN 201310747420A CN 103699822 B CN103699822 B CN 103699822B
- Authority
- CN
- China
- Prior art keywords
- user
- characteristic vector
- mouse
- point
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
Abstract
The present invention relates to user's anomaly detection method in a kind of ecommerce based on mouse behavior, application system includes B2C electricity business website, mouse behavioral data acquisition module, detection module, data base.Method includes step one, and normal user mode is extracted;Step 2, matching detection.The present invention is directed to application circumstances, the mouse behavior characteristics vector of design personalized, strengthen authentication reliable, it is ensured that the transaction security of ecommerce.
Description
Technical field
The invention belongs to authentication householder method based on mouse behavior.
Background technology
Continuous progressive along with society, the Internet just with qualitative leap in development, occur therewith carries out the ecommerce of commodity and service marketing by network and has become the trend that global enterprise is irresistible.From 1997 so far, the ecommerce of China is vigorously grown up, and from initial Deng Ji home Web site of group of Alibaba competition, has had evolved to the state nowadays let a hundred schools contend, has attracted increasing people to be conducted business activities by network trading and online payment.
Safety is a vital key problem in ecommerce, and it requires that network is provided that a kind of end-by-end security solution.Go fishing for website, also different Prevention Technique means are occurred in that, such as filtrating mail (IE7 that Microsoft releases), E-mail authentication (the Sender ID Framework that Microsoft releases, the DK plan that Yahoo uses), Standford University proposes the technology such as two kinds of prevention method PwdHash and SpoofGuard based on browser client, and SSL digital certificate.The technology emphasis of these means is all positioned at strick precaution above, it is therefore intended that prevention user suffers phishing attack.In order to protect the rights and interests of the user by phishing attack, the Authentication Questions solving user is also necessary, thus ensures that on technological layer the user participating in network trading is " trusted users ".
This patent towards situation be that at present in network trading, the method for commonly used digital certificate carries out authentication, the maximum drawback of this mechanism is exactly that the information such as password are easily revealed, and there is serious potential safety hazard.When password is simpler, just can be cracked by Brute Force based on dictionary.Simultaneously because phishing and the information leakage of regular website, hacker can obtain the digital certificate of user, and then fake user identity carries on business, therefore use digital certificate mode can not ideally solve the believable problem of user identity, there is certain defect.
Summary of the invention
Present invention aim at disclosing user's anomaly detection method in a kind of ecommerce based on mouse behavior, for application circumstances, the mouse behavior characteristics vector of design personalized, strengthen authentication reliable, it is ensured that the transaction security of ecommerce.
The technical scheme that the present invention is given is:
The application system of user's unusual checking in a kind of ecommerce based on mouse behavior, it is characterised in that
Including B2C electricity business website, provide the user shopping environment;
Including mouse behavioral data acquisition module, for collecting, user's shopping process operates the data that mouse produces;Described mouse behavioral data acquisition module is embedded in e-commerce website, uses JavaScript script.The data item gathered during mouse-click mainly has: page sequence number, X, Y-axis coordinate figure, timestamp etc..Gather data when mouse moves, need to preset a sample rate, gather data and include page sequence number, X, Y-axis coordinate figure, timestamp, translational speed, acceleration, traveling angle angle value etc., latter three cannot directly gather, and need by drawing the initial data gathered through a series of mathematical operations.
Including detection module, utilize cluster scheduling algorithm that the mouse data collected during training carries out the solidification of normal behaviour pattern, carry out active user's behavioral pattern calculating generation, finally carry out matching detection operation.
Including data base, in user's shopping process, operate, for storing data acquisition module, the data that mouse produces, the most standby normal behaviour pattern is supplied to detection module simultaneously and is used for carrying out matching detection to active user's behavioral pattern.
User's anomaly detection method in a kind of ecommerce based on mouse behavior, it is characterised in that
Step one, normal user mode is extracted: the normal mouse behavioral data gathered during training is carried out pretreatment, utilizes the methods such as K-means clustering algorithm based on Euclidean distance, extracts the normal behaviour pattern of user.
Step 2, matching detection: active user's mouse data is carried out same treatment, obtain the mouse behavioral pattern of active user, carry out the matching analysis with normal mode.
The invention belongs to identity identifying method based on mouse behavior, be the behavior characteristics by studying this computer entry device of mouse, identify the identity of user.The mouse behavior of user can be studied by this authentication method from man-machine interaction and physiology aspect.
Mouse behavioral data acquisition module, operates the produced data of mouse device motion during carrying out ecommerce by Real-time Collection user, and is extracted and stored the data message of necessity by the mathematical calculation of certain step.
User's mouse behavioral value system is extracted and two module compositions of active user's behavior matching detection by normal user mode.Normal user mode extraction module, carries out pretreatment to the normal mouse behavioral data gathered during training, utilizes the methods such as K-means clustering algorithm based on Euclidean distance, extracts the normal behaviour pattern of user.Active user's behavior matching detection module, carries out same treatment to active user's mouse data, obtains the mouse behavioral pattern of active user, carries out the matching analysis with normal mode, thus judges that whether abnormal user behavior is.
The innovative point of the present invention and beneficial effect:
1, computer system will carry out the thought of authentication based on mouse behavior, be used in user's unusual checking of ecommerce, as the supplementary means of digital authenticating.
2, combine the flow process of user's shopping in ecommerce, propose a kind of detection model using for reference automat idea.
3, for application circumstances, the mouse behavior characteristics vector of design personalized.
Accompanying drawing explanation
The present invention is described in further detail with embodiment below in conjunction with the accompanying drawings:
Fig. 1 is system integrated stand composition;
Fig. 2 is window coordinates system;
Fig. 3 is detection model;
Fig. 4 is characterized the extraction flow chart of vector;
Fig. 5 is matching detection flow chart.
Detailed description of the invention
As shown in Figure 1, 2: B2C electricity business website is used for analog subscriber shopping environment, mouse behavioral data acquisition module is collected and operates, in storage user's shopping process, the data that mouse produces, detection module then utilizes cluster scheduling algorithm that the mouse data collected during training carries out the solidification of normal behaviour pattern, carry out active user's behavioral pattern calculating and generate, finally carry out matching detection operation.
Mouse behavioral data acquisition module is embedded in e-commerce website, uses JavaScript script.The data item gathered during mouse-click mainly has: page sequence number, X, Y-axis coordinate figure, timestamp etc..Gather data when mouse moves, need to preset a sample rate, gather data and include page sequence number, X, Y-axis coordinate figure, timestamp, translational speed, acceleration, traveling angle angle value etc., latter three cannot directly gather, and need by obtaining the initial data gathered through a series of mathematical operation youngsters.The coordinate system that lower Fig. 2 sets up is used when gathering data.
As shown in Figure 3: the operation principle of detection module, being to select user when electricity business website carries out shopping operation, occurred real may have the ordering behavior of substantial damage to be analyzed user benefit.Concrete as it is shown on figure 3, this detection model has used for reference state set in automat, input character and the idea of transfer function, each circle represents a state, and arrow represents transfer function, and symbol 1 and 0 represents that whether behavioral pattern mates respectively.When shifting each time, it is required for using the characteristic vector of customization, respectively FeatureVector0, FeatureVector1, FeatureVector2, FeatureVector3.When detecting active user's behavior, mating the characteristic vector generated, the most once during transfer, coupling, beyond certain threshold value, is the most directly judged as exception.
As shown in Figure 4: the extraction flow process of characteristic vector, then utilizing the data collected, simultaneously taking account of applied environment is e-commerce purchases website, and for embodying characteristic, therefore each state transition has the characteristic vector oneself customized in shopping process.Specifically, as when logging status shifts, user name in view of each user is different from the length of password, input difficulty, input hands speed etc., user is clicked on user name text box, time difference between cryptogram frame and login button as a part for characteristic vector, take its meansigma methods as eigenvalue;On the other hand, the user clicking on region when clicking on login button also varies with each individual, this coordinate figure also elects a part for characteristic vector as, the a large amount of click-point coordinates that will collect, by K-Means clustering algorithm based on Euclidean distance, obtain the coordinate figure of bunch heart coordinate of dense cluster as eigenvalue.It is defined as FeatureVector0=(T1, T2, Point), wherein T1 represents the time difference between single click user name text box and cryptogram frame, T2 represents the time difference clicked between cryptogram frame and login button, and Point is bunch heart coordinate points data of the most intensive several bunches.Browse choose state time, different user hobby difference, physiologic habit is different, using frequent clicking on region and mouse translational speed, acceleration, traveling angle angle value etc. all as characteristic vector.Definition FeatureVector1=(Point, v, a, angle), wherein Point is bunch heart coordinate points data acquisition system that click-point is distributed the most intensive several bunches, v represents the minima of translational speed, maximum and densely distributed meansigma methods array, and a represents the maximum of translational acceleration and densely distributed meansigma methods array, and angle represents the densely distributed value array of traveling angle angle value.
As shown in Figure 5: the idiographic flow of matching detection is as shown below.During coupling, directly calculate the distance between characteristic vector, owing to each component of each characteristic vector is different, therefore seek the distance between the component of same type respectively, exceed certain threshold value (threshold value is drawn by abundant experimental results and summary of experience), be i.e. judged as exception.
Claims (2)
1. user's anomaly detection method in an ecommerce based on mouse behavior, it is characterised in that
Step one, normal user mode is extracted: the normal mouse behavioral data gathered during training is carried out pretreatment, utilizes K-means clustering algorithm method based on Euclidean distance, extracts the normal behaviour pattern of user;
Step 2, matching detection: active user's mouse data is carried out same treatment, obtain the mouse behavioral pattern of active user, carry out the matching analysis with normal mode;
Described schema extraction is to use the method extracting characteristic vector to realize, and specifically includes:
Pretreatment stage, carries out clustering processing rejecting abnormalities point to gathering data coordinates point;
In the generation mode stage, calculate according to characteristic vector definition, and to database purchase characteristic vector;
The more new stage, the pretreatment stage that is recycled to of variable interval is optimized renewal to characteristic vector;
The design of described characteristic vector, then utilize the data collected, and simultaneously taking account of applied environment is e-commerce purchases website, and for embodying characteristic, therefore each state transition has the characteristic vector oneself customized in shopping process;
Specifically, as when logging status shifts, different in view of user name and the length of password of each user, input difficulty, input hands speed, user is clicked on user name text box, time difference between cryptogram frame and login button as a part for characteristic vector, take its meansigma methods as eigenvalue;On the other hand, the user clicking on region when clicking on login button also varies with each individual, this coordinate figure also elects a part for characteristic vector as, the a large amount of click-point coordinates that will collect, by K-Means clustering algorithm based on Euclidean distance, obtain the coordinate figure of bunch heart coordinate of dense cluster as eigenvalue;It is defined as FeatureVector0=(T1, T2, Point), wherein T1 represents the time difference between single click user name text box and cryptogram frame, T2 represents the time difference clicked between cryptogram frame and login button, and Point is bunch heart coordinate points data of the most intensive several bunches;Browse choose state time, different user hobby difference, physiologic habit is different, using frequent clicking on region and mouse translational speed, acceleration, traveling angle angle value all as characteristic vector;Definition FeatureVector1=(Point, v, a, angle), wherein Point is bunch heart coordinate points data acquisition system that click-point is distributed the most intensive several bunches, v represents the minima of translational speed, maximum and densely distributed meansigma methods array, and a represents the maximum of translational acceleration and densely distributed meansigma methods array, and angle represents the densely distributed value array of traveling angle angle value.
User's anomaly detection method in ecommerce based on mouse behavior the most according to claim 1, it is characterized in that, described matching detection, being to select user when electricity business website carries out shopping operation, occurred real may have the ordering behavior of substantial damage to be analyzed user benefit;This detection model has used for reference state set in automat, input character and the idea of transfer function, and each circle represents a state, and arrow represents transfer function, and symbol 1 and 0 represents that whether behavioral pattern mates respectively;When shifting each time, it is required for using the characteristic vector of customization, is respectively described FeatureVector0, FeatureVector1;When detecting active user's behavior, mating the characteristic vector generated, the most once during transfer, coupling, beyond certain threshold value, is the most directly judged as exception.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310747420.1A CN103699822B (en) | 2013-12-31 | 2013-12-31 | User's anomaly detection method in ecommerce based on mouse behavior |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310747420.1A CN103699822B (en) | 2013-12-31 | 2013-12-31 | User's anomaly detection method in ecommerce based on mouse behavior |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103699822A CN103699822A (en) | 2014-04-02 |
| CN103699822B true CN103699822B (en) | 2016-11-02 |
Family
ID=50361349
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310747420.1A Active CN103699822B (en) | 2013-12-31 | 2013-12-31 | User's anomaly detection method in ecommerce based on mouse behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103699822B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104281795B (en) * | 2014-09-25 | 2017-10-31 | 同济大学 | Password fault-tolerance approach based on mouse behavior |
| CN104318435A (en) * | 2014-09-25 | 2015-01-28 | 同济大学 | Immunization method for user behavior detection in electronic transaction process |
| CN104881594B (en) * | 2015-05-06 | 2018-04-03 | 镇江乐游网络科技有限公司 | It is a kind of based on the smart mobile phone ownership detection method precisely drawn a portrait |
| CN106817342A (en) * | 2015-11-30 | 2017-06-09 | 北京计算机技术及应用研究所 | Active identity authorization system based on user behavior feature recognition |
| CN105976201B (en) * | 2016-04-28 | 2021-04-20 | 北京小米移动软件有限公司 | Purchasing behavior monitoring method and device for e-commerce system |
| CN106156362A (en) * | 2016-08-01 | 2016-11-23 | 陈包容 | A kind of method and device automatically providing solution for early warning |
| CN106339316B (en) * | 2016-08-24 | 2019-01-11 | 上海爱企网络科技有限公司 | A kind of method and device that code segment is diagnosed in e-commerce platform |
| CN106384027A (en) * | 2016-09-05 | 2017-02-08 | 四川长虹电器股份有限公司 | User identity recognition system and recognition method thereof |
| CN107122641B (en) * | 2017-04-25 | 2020-06-16 | 杭州义盾信息技术有限公司 | Intelligent equipment owner identification method and intelligent equipment owner identification device based on use habit |
| CN107335220B (en) * | 2017-06-06 | 2021-01-26 | 广州华多网络科技有限公司 | Negative user identification method and device and server |
| CN107395562A (en) * | 2017-06-14 | 2017-11-24 | 广东网金控股股份有限公司 | A kind of financial terminal security protection method and system based on clustering algorithm |
| CN107908300B (en) * | 2017-11-17 | 2019-08-13 | 哈尔滨工业大学(威海) | A kind of synthesis of user's mouse behavior and analogy method and system |
| CN109407947A (en) * | 2018-09-30 | 2019-03-01 | 北京金山云网络技术有限公司 | Interface alternation and its verification method, logging request generation and verification method and device |
| CN111917801A (en) * | 2020-08-18 | 2020-11-10 | 南京工业大学浦江学院 | Petri network-based user behavior authentication method in private cloud environment |
| CN113569656B (en) * | 2021-07-02 | 2023-08-29 | 广州大学 | Examination room monitoring method based on deep learning |
| CN117194202B (en) * | 2023-11-08 | 2024-01-02 | 北京网藤科技有限公司 | System and method for detecting user operation dilemma based on webpage mouse behaviors |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004097601A1 (en) * | 2003-05-02 | 2004-11-11 | Ahmed Awad El-Sayed Ahmed | System and method for determining a computer user profile from a motion-based input device |
| CN1957355A (en) * | 2004-04-01 | 2007-05-02 | 道夫·雅各布森 | Mouse performance identification |
| EP2490149A1 (en) * | 2011-02-17 | 2012-08-22 | Deutsche Telekom AG | System for verifying user identity via mouse dynamics |
-
2013
- 2013-12-31 CN CN201310747420.1A patent/CN103699822B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004097601A1 (en) * | 2003-05-02 | 2004-11-11 | Ahmed Awad El-Sayed Ahmed | System and method for determining a computer user profile from a motion-based input device |
| CN1957355A (en) * | 2004-04-01 | 2007-05-02 | 道夫·雅各布森 | Mouse performance identification |
| EP2490149A1 (en) * | 2011-02-17 | 2012-08-22 | Deutsche Telekom AG | System for verifying user identity via mouse dynamics |
Non-Patent Citations (2)
| Title |
|---|
| 基于鼠标动力学模型的用户身份认证与监控;房超等;《西安交通大学学报》;20081031;第42卷(第10期);正文第1.2,2.2,2.3节,图5 * |
| 行为截获技术对鼠标动力学身份认证的影响;王淼等;《微电子学与计算机》;20130430;第30卷(第4期);正文第3.3节,图3 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103699822A (en) | 2014-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103699822B (en) | User's anomaly detection method in ecommerce based on mouse behavior | |
| CN102970289B (en) | The identity identifying method of sing on web user behavior pattern | |
| WO2021025926A1 (en) | Digital content prioritization to accelerate hyper-targeting | |
| CN104796392B (en) | One kind jumping context synchronizing device, method and client | |
| CN105205055A (en) | Big data analyzing system | |
| CN103562925B (en) | Information processing system, information processing method and information processor | |
| CN103034508A (en) | Software recommending method and software recommending system | |
| WO2017084205A1 (en) | Network user identity authentication method and system | |
| CN103353880B (en) | A kind of utilization distinctiveness ratio cluster and the data digging method for associating | |
| Cherqi et al. | Analysis of hacking related trade in the darkweb | |
| CN101957968A (en) | Online transaction service aggregation method based on Hadoop | |
| Selvakumar et al. | Enhanced K-means clustering algorithm for evolving user groups | |
| Han et al. | Fitnet: Identifying fashion influencers on twitter | |
| CN103179205B (en) | A kind of advertisement push system based on the Internet | |
| CN105205046A (en) | System and method for on-line user recommendation based on semantic analysis | |
| Özeltürkay et al. | How Turkish banks benefit from social media: analyzing banks formal links | |
| CN109478219A (en) | For showing the user interface of network analysis | |
| Zhang et al. | Kadetector: Automatic identification of key actors in online hack forums based on structured heterogeneous information network | |
| Kim et al. | Crowdsourced promotions in doubt: Analyzing effective crowdsourced promotions | |
| Patil et al. | A novel approach for social network analysis & web mining for counter terrorism | |
| Osial et al. | Smartphone recommendation system using web data integration techniques | |
| TWI818213B (en) | System and method of product recommendation and computer readable medium | |
| Vlachos et al. | A social network analysis tool for uncovering cybersecurity threats | |
| JP2015522884A (en) | Website monitoring | |
| Macskassy | Leveraging contextual information to explore posting and linking behaviors of bloggers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |