CN104301286A - User login authentication method and device - Google Patents
User login authentication method and device Download PDFInfo
- Publication number
- CN104301286A CN104301286A CN201310295620.8A CN201310295620A CN104301286A CN 104301286 A CN104301286 A CN 104301286A CN 201310295620 A CN201310295620 A CN 201310295620A CN 104301286 A CN104301286 A CN 104301286A
- Authority
- CN
- China
- Prior art keywords
- user
- data set
- input
- behavior
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Input From Keyboards Or The Like (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a user login authentication method and device. The method comprises the following steps: capturing input behavior characteristic data of a user according to a preset user behavior indicator when the user inputs login information; judging whether the user behavior is abnormal according to the input behavior characteristic data; verifying the login information when the user behavior is normal; when the user behavior is abnormal, verifying the identity of the logined user,and judging whether the login operation is performed by a legal user; verifying the login information when the login operation is performed by the legal user; or sending alarming information to the legal user when the login operation is not performed by the legal user. The invention further provides a user login authentication device for realizing above method.
Description
Technical field
The present invention relates to business support technical field, particularly relate to a kind of user log-in authentication method and device.
Background technology
Heilungkiang is moved provides the Internet VPN access interface to enterprise's application such as comprehensive customer service system (CRM), the office automation systems (OA), enterprises user, nearly 15000 people of third party user, the double factor authentication pattern that login authentication pattern mainly adopts static password+dynamic note password to combine.
As shown in Figure 1, prior art handling process is described below:
1, user is by access Web page https: //vpn.hl.chinamobile.com login system, and Firepass4300 VPN IAD returns SSLVPN system login page after receiving user's request.
2, user inputs user name and static password in login page, submits to and waiting system checking.
3, password trigger server receives user name and static password inside the province, and sends to group Radius certificate server;
4, the user profile of the user name received, static password and user's management platform database is compared checking by group Radius certificate server, is proved to be successful, and triggers dynamic password and generates; Authentication failed, returns information, requires that user re-enters user name and static password.
5, after SMAP dynamic password generation server generates random 6 dynamic passwords, the dynamic password of generation is returned to group's Radius certificate server and store, trigger short message server simultaneously and send dynamic password to user.
6, user uses the dynamic password received to carry out secondary login authentication.
7, password trigger server receives user name and dynamic password and sends to group Radius server inside the province.
8, group Radius carries out user name and verifying dynamic password, is proved to be successful, user's Successful login application system; Authentication failed, returns information, requires that user re-enters dynamic password and carries out secondary login authentication.
As shown in Figure 2, SSLVPN system in existing system topological structure uses the dynamic note password based on static password to carry out certification to user, the hardware configuration of Verification System is 3 Firepass4300, is wherein configured to cluster mode of operation by the fault-tolerant of 2 firepass4300 configurations to the 3rd.
In sum, current login system authentication mode is the certification of user name code data coupling, mainly there is following technology drawback:
1. traditional Verification System cannot carry out monitoring analysis to whole verification process, and then effectively cannot judge authentication result.After traditional certificate server is verified user profile, if checking logins successfully, enter system, otherwise log in page will point out the information of " user name or code error " to user.The shortcoming of this authentication techniques is: when 1. Bad user name or password is repeatedly inputted exploration by disabled user, and system will freeze process to this user name, then cause normal login user also cannot use immediately.If 2. validated user is stolen by others when have input correct username and password, disabled user can imitate validated user and carry out system login, thus steals its capsule information, and thus security assurance level is lower.
2., when the illegal login of generation or log-on message are stolen, keeper can only carry out passive maintenance.Because the conventional authentication method of prior art application is relatively simple to the mode of user rs authentication, cause system login threshold lower, potential safety hazard is numerous, very easily grasped the lawless person of certain crime means or hacker clique utilize.Be stolen once the illegal login of generation or log-on message, system manager cannot be found by prior art in the very first time, can only carry out passive maintenance by the feedback of user, and the safety now having caused system information is revealed, so this drawback is urgently improved.
Summary of the invention
In order to solve illegal in prior art login or the stolen technical problem causing Information Security to reduce of log-on message, the present invention proposes a kind of user log-in authentication method and device.
One aspect of the present invention, provides a kind of user log-in authentication method, comprising:
While user inputs log-on message, catch the input behavior characteristic of user according to the user behavior index preset;
Judge that whether user behavior is abnormal according to input behavior characteristic;
When user behavior is normal, log-on message is verified; When user behavior is abnormal, authentication is carried out to the user logged in, determines whether the register that legitimate user himself carries out;
When be legitimate user himself carry out register time, log-on message is verified; When be not legitimate user himself carry out register time, send a warning message to legitimate user himself.
Another aspect of the present invention, provides a kind of user log-in authentication device, comprising:
Capture module, while inputting log-on message user, catches the input behavior characteristic of user according to the user behavior index preset;
Characteristics analysis module, for judging that according to input behavior characteristic whether user behavior is abnormal;
Authentication module, when user behavior is abnormal, carries out authentication to the user logged in, determines whether the register that legitimate user himself carries out;
Login authentication module, for when user behavior is normal, verifies log-on message; When be legitimate user himself carry out register time, log-on message is verified;
Alarm module, for when be not legitimate user himself carry out register time, send a warning message to legitimate user himself.
User log-in authentication method of the present invention and device, input behavior during by logging in user is analyzed, and determines whether the input operation that user carries out.The profound behavioural analysis based on user characteristics custom achieved when user logs in detects, and improves logging in system by user safe class further, to ensure Operational Visit quality, to improve user's experience.Meanwhile, reduce system safety maintenance cost, reduce failure rate.
Accompanying drawing explanation
Fig. 1 is prior art login method schematic flow sheet;
Fig. 2 is prior art login system structural representation;
Fig. 3 is the flow chart of user log-in authentication embodiment of the method for the present invention;
Fig. 4 is the dependence schematic diagram between user behavior index of the present invention;
Fig. 5 is the flow chart of user behavior anomaly analysis embodiment of the present invention;
Fig. 6 is the flow chart that the present invention calculates the abnormal probability embodiment of user behavior;
Fig. 7 is the structure chart of user log-in authentication device embodiment of the present invention;
Fig. 8 is the structure chart of capture module embodiment of the present invention;
Fig. 9 is the structure chart of characteristics analysis module embodiment of the present invention;
Figure 10 is the structural representation of login system of the present invention;
Figure 11 is the schematic flow sheet of login method of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in detail.
As shown in Figure 3, user log-in authentication embodiment of the method for the present invention comprises the following steps:
Step 302, while user inputs log-on message, catches the input behavior characteristic of user according to the user behavior index preset;
According to input behavior characteristic, step 304, judges that whether user behavior is abnormal; When user behavior is normal, perform step 308; When user behavior is abnormal, perform step 306;
Step 306, carries out authentication to the user logged in, determines whether the register that legitimate user himself carries out; When be legitimate user himself carry out register time, perform step 308; When be not legitimate user himself carry out register time, perform step 310;
Step 308, verifies log-on message;
Step 310, sends a warning message to legitimate user himself.
User behavior index of the present invention mainly comprises following four:
(1) input character time interval index
Input character time interval index is a time range, may be defined as a mean value in the time interval of login user when multiple character such as input login username and static password etc.Say to a certain extent, this index can be used as the one of a kind of user to the user name set and static password familiarity and judges thus have actual using value.
(2) alphabet time index is inputted
Input alphabet time index is a time period, in whole login process, user carries out the critical field of input operation temporal summation, is defined as from user clicks input through keyboard operation to the time inputted last character.This index can be used for weighing user to the qualification of logon operation.
(3) button frequency index
Button frequency index is the summation of all touch potentials in the whole login process of user, and the beginning and ending time is input alphabet time range, comprises all touch potentials such as correct, mistake and rollback.This index can be used for weighing user to the qualification of logon operation.
(4) number of times index is changed
Change number of times index is the summation of rollback touch potential in the whole login process of user, and the beginning and ending time is input alphabet time range.This index can be used for weighing user to the qualification of logon operation.
Above four indices is all user in certain hour section and carries out the desired value of normal register acquisition through what accumulate, analyze and refine and formed, has very strong data validity and actual operability.
In the present invention, catch mainly for the input character time interval, input alphabet time, the button frequency and these four user behavior indexs of change number of times, fully take into account user's issuable this key character of input change behavior in practical operation, contemplate input alphabet time, the button frequency these two simultaneously and there is the important indicator value that obvious personal characteristics has summation attribute concurrently, and by very not large for this meaning of key time durations secondary index desalination, thus more rationally, catch the importance of user behavior feature all sidedly.User's input habit and style are carried out record by the form of index put on record, catching action process is transparent unaware to user, can not experience cause any inconvenience to the service application of client.
The input behavior characteristic captured comprise capture the input character time interval, input the alphabet time, the button frequency and change number of times numerical value.
Above-mentioned steps 302, the concrete mode catching the input behavior characteristic of user is as follows:
When detecting that user to position a cursor in input field and to push button, be judged to be that user inputs beginning, record input initial time Time_InputBegin and user key-press time Time_Press;
When detecting that user presses " logging in ", key carries out data submission, is judged to be that user inputs and terminates completely, record input termination time Time_InputEnd, and is 1 by button frequency Num_Sum assignment;
When not detecting that user presses " logging in ", key carries out data submission, and be judged to be that user continues in input state, user often presses the button once except " logging in " key, is increased progressively by the numerical value of button frequency Num_Sum and adds 1;
When user being detected often by a rollback button, the numerical value of change times N um_Change being increased progressively and adds 1;
Input alphabet time Time_Sum=Time_InputEnd-Time_InputBegin is calculated according to input initial time and input termination time;
Input character time interval Time_Dwell=(Time_Sum-Time_Press*Num_Sum)/(Num_Sum-1) is calculated according to input alphabet time, user key-press time and the button frequency;
So far, catch algorithm to terminate.Four indices numerical value according to getting: user inputs character time interval Time_Dwell, user input alphabet time Time_Sum, user key-press frequency Num_Sum, user changes the process that times N um_Change carries out subsequent step.
According to the data target characteristic that the present invention relates to business, Bayesian Classification Arithmetic can be adopted to carry out user behavior analysis.
Bayesian Classification Arithmetic is that a class utilizes probability statistics knowledge to carry out the Statistical Classification method of classifying, in the method system that it is huge, naive Bayesian (Naive Bayesian, NB) sorting algorithm is the basic algorithm be widely adopted that can compare favourably with decision tree and neural network classification algorithm, this algorithm can apply in large database, and method is simple, classification accuracy is high, speed is fast.
But because Bayes' theorem supposes that a property value is on the value of the impact of given class independent of other attribute, and this hypothesis is often invalid in a practical situation, especially in the present invention in practical problem to be dealt with, the Feature Dependence relation of various data target is stronger, independence is relatively weak to each other, and its classification accuracy can be caused to decline.Therefore, the present invention adopts a kind of Bayesian Classification Arithmetic reducing independence assumption of more realistic problem in Bayesian Classification Arithmetic system: TAN (Tree Augmented Bayes Network) algorithm.
TAN algorithm by find attribute between dependence reduce in NB and independently suppose between any attribute, be increase on the basis of NB network configuration attribute between association (limit) realize
As shown in Figure 4, in figure, node represents attribute, represent the dependence between attribute with directed edge, the limit between attribute Ai and Aj means that attribute Ai also depends on the value of attribute Aj to the impact of class variable C, and class variable C is normal category user object and abnormal class user object herein.
As shown in Figure 5, according to input behavior characteristic, above-mentioned steps 304, judges that whether user behavior is abnormal and specifically comprises:
Step 502, the abnormal user catch history and the input behavior characteristic of normal users generate abnormal behaviour data set and normal behaviour data set respectively, input behavior characteristic when user at every turn being inputted is as a behavioural characteristic character string (hereinafter referred to as TOKEN string), such as, input character time interval Time_Dwell=0.8s, input alphabet time Time_Sum=15s, button frequency Num_Sum=16, change times N um_Change=2 etc. are as a TOKEN string;
Step 504, obtains one or more TOKEN go here and there from capturing the current input behavior characteristic of user;
Step 506, calculates the probability of occurrence P that TOKEN goes here and there at normal behaviour data set and abnormal behaviour data set
1(t
i) and P
2(t
i);
Step 508, according to P
1(t
i) and P
2(t
i) calculate the abnormal probability P (A/t of user behavior
i);
Step 510, by P (A/t
i) compare, as P (A/t with the probability threshold value preset
i) when exceeding probability threshold value, judge that this user is as abnormal user.
As shown in Figure 6, above-mentioned steps 508 specifically comprises:
Step 602, calculates length L1, the L2 of normal behaviour data set and Hash table corresponding to abnormal behaviour data set;
Step 604, adds up occurrence number F1, F2 that TOKEN goes here and there at normal behaviour data set and abnormal behaviour data set;
Step 606, calculates the probability of occurrence of TOKEN string at normal behaviour data set: P
1(t
i)=F1/L1; TOKEN string is at the probability of occurrence of abnormal behaviour data set: P
2(t
i)=F2/L2.
Step 608, calculates the abnormal probability of user behavior:
wherein, A represents that active user is abnormal event, t
irepresent behavioural characteristic character string, for working as P (A/t from user
i) front input behavior characteristic obtains behavioural characteristic character string t
itime, the abnormal probability of this user behavior, P
1(t
i) for behavioural characteristic character string is at the probability of occurrence of normal behaviour data set, P
2(t
i) for behavioural characteristic character string is at the probability of occurrence of abnormal behaviour data set; Or
P(A/t
1,t
2,...t
n)=P(A/t
1)*P(A/t
2)*...P(A/t
n)/
{ P (A/t
1) * P (A/t
2) * ... P (A/t
n)+[1-P (A/t
1)] * [1-P (A/t
2)] * ... [1-P (A/t
n)] wherein, P (A/t
1, t
2... t
n) for obtain n behavioural characteristic character string t from the input behavior characteristic that user is current
1, t
2... t
ntime, the abnormal probability of this user behavior.
Above-mentioned TAN algorithm be have employed to user behavior analysis, fully taken into account in user behavior feature the specific object dependence of the multinomial data targets such as the input character time interval, input alphabet time, the button frequency and input change number of times, it is comparatively accurate to make user behavior analysis.
Normal behaviour data set or abnormal behaviour data centralization are stored into, as the foundation of subsequent analysis according to behavioural analysis result for the input behavior characteristic captured.
When determining the operation that legitimate user himself carries out after above-mentioned steps 306, the input behavior characteristic this user logged in includes normal behaviour data set in.User is individual as living nature natural person, behavioural characteristic can not be unalterable, will inevitably at a time, a certain period occur fluctuation situation, in view of this changeability and fluctuation feature, for improving the applicability of the data set set up for it, the data value comprising wave characteristic must be included in data set scope in time, participate in follow-up behavioural analysis in the lump.Such as: within user A days, forget wear a pair of spectacles when carrying out register and visual unclear, slow a lot of than usual when causing its input username and password, this by directly affect the seizure value of user behavior capture module to its four indices deviate from its usual time normal data scope then trigger abnormal behaviour audit, and after the fluctuation data under analogue being included in time in the analysis of its data set scope participative behavior, the second time when analogue occurs user A can be avoided to trigger abnormal behaviour audit, then improve Consumer's Experience.
Based on same inventive concept, the present invention also provides a kind of user log-in authentication device, and as shown in Figure 7, this device comprises: capture module 71, characteristics analysis module 72, authentication module 73, login authentication module 74 and alarm module 75.
Capture module, while user inputs log-on message, catches the input behavior characteristic of user according to the user behavior index preset.According to input behavior characteristic, characteristics analysis module judges that whether user behavior is abnormal.When user behavior is abnormal, authentication module carries out authentication to the user logged in, and determines whether the register that legitimate user himself carries out.When user behavior is normal, login authentication module is verified log-on message; When be legitimate user himself carry out register time, login authentication module is verified log-on message.When be not legitimate user himself carry out register time, alarm module sends a warning message to legitimate user himself.
As shown in Figure 8, the concrete structure of capture module comprises: detection sub-module 81, timing submodule 82, counting submodule 83 and calculating sub module 84.
Detection sub-module detects user and to position a cursor in input field and the behavior pushed button, and the behavior of key carries out data submission that user presses " logging in ", user presses the behavior of the button except " logging in " key, and user presses the behavior of rollback button.
When detecting that user to position a cursor in input field and to push button, be judged to be that user inputs beginning, timing submodule record input initial time and user key-press time; When detecting that user presses " logging in ", key carries out data submission, is judged to be that user inputs and terminates completely, the timing submodule record input termination time.
When detecting that user presses " logging in ", key carries out data submission, and button frequency assignment is 1 by counting submodule; When not detecting that user presses " logging in ", key carries out data submission, and user often presses the button once except " logging in " key, and the numerical value of the button frequency increases progressively and adds 1 by counting submodule; When user being detected often by a rollback button, the numerical value of change number of times increases progressively and adds 1 by counting submodule.
Calculating sub module calculates the input alphabet time according to input initial time and input termination time; The input character time interval is calculated according to input alphabet time, user key-press time and the button frequency.
As shown in Figure 9, the concrete structure of characteristics analysis module comprises: data set generates submodule 91, text string generation submodule 92, calculating sub module 93 and comparison sub-module 94.
The abnormal behaviour of this user that history catches by data set generation submodule and the input behavior characteristic of normal behaviour generate abnormal behaviour data set and normal behaviour data set respectively, and input behavior characteristic when user at every turn being inputted is as a behavioural characteristic character string;
Text string generation submodule obtains one or more behavioural characteristic character string from capturing the current input behavior characteristic of user;
Calculating sub module calculates the behavioural characteristic character string probability of occurrence at normal behaviour data set and abnormal behaviour data set, and calculates the abnormal probability of user behavior according to behavioural characteristic character string at the probability of occurrence of normal behaviour data set and abnormal behaviour data set;
Abnormal for user behavior probability compares with the probability threshold value preset by comparison sub-module, when the abnormal probability of user behavior exceedes probability threshold value, judges that this user is as abnormal user.
As shown in Figure 10, during specific implementation, the improvement that the present invention carries out the login system residing for user log-in authentication device is as follows:
1, before Firepass4300 works cluster, arrange front end processor region, in region, the initial stage fixes tentatively and arranges two front end processors: wherein a front end processor is Web load-balanced server, is responsible for web load balancing traffic distribution; Another front end processor is password trigger server inside the province, is responsible for transmitting user name and static password to group Radius server, obtains Radius server authentication state, represents a series of functions such as proofing state information in time.
2, set up two user behavior capture servers, catch the four indices data that login user inputs the character such as user name, static password in real time, then complete the record to user's Entered state, behavioural characteristic.This server requirement possesses high stability and high robustness.
3, set up a user feature analysis Modeling Server, finishing analysis is carried out, the foundation of completing user behavioural characteristic model then to the desired value caught.This server requirement possesses the high efficiency of operational performance aspect.
4, abnormal behaviour audit and warning information trigger module are optimized again, promote Consumer's Experience.
As shown in figure 11, during specific implementation, the handling process of login system is as follows:
1, user is by access Web page https: //vpn.hl.chinamobile.com login system.
2, the Web load-balanced server in front end processor region carries out traffic distribution to the access of this user.
3, Firepass4300VPN IAD returns SSLVPN system login page after receiving user's request.
4, user inputs user name and static password in login page, submits to and waiting system checking; Meanwhile, user behavior capture server catches the indices of user inputs character in real time.
5, user feature analysis Modeling Server logs in behavior indices to user's whole process and arranges and analyze, then according to modeling standard, and confirmation modeling.If meet modeling standard, enter into the 6th step and continue flow process; If do not meet modeling standard, direct triggering abnormal behaviour audit server carries out authentication to this operator: if judging is the operation that legitimate user himself carries out, then this user can be logged in behavioural characteristic and include its model data scope in, then user feature analysis Modeling Server is according to indices aggregate-value, upgrade legal value (user habit value) scope, thus upgrade modeling standard, require that user re-enters user name and static password simultaneously, submit to and waiting system checking; If judge it is not the operation that legitimate user himself carries out, then can be rapidly to legitimate user himself and send short message alarm prompting, whether oneself account-related information leaks to require it to check.
6, user feature analysis Modeling Server sets up personal behavior model according to above-mentioned analysis result, and meanwhile, password trigger server receives user name and static password and sends to group Radius server inside the province.
7, the user profile of the user name received, static password and user's management platform database is compared checking by group Radius certificate server, be proved to be successful, triggering dynamic password generates, the result is returned to password trigger server inside the province to judge: if the match is successful simultaneously, inform user " trigger dynamic password, please short message be receive! ", if it fails to match, inform that " user name code error, please logs in user again.", namely return information, require that user re-enters user name and static password.
8, after SMAP dynamic password generation server generates random 6 dynamic passwords, the dynamic password of generation is returned to group's Radius certificate server and store, trigger short message server simultaneously and send dynamic password to user.
9, user uses the dynamic password received to carry out secondary login authentication.Password trigger server receives user name and dynamic password and sends to group Radius server inside the province.Group Radius server carries out user name and verifying dynamic password, is proved to be successful, user's Successful login application system; Authentication failed, returns information, requires that user re-enters dynamic password and carries out secondary login authentication.
User log-in authentication method of the present invention and device embodiment, input behavior during by logging in user is analyzed, and determines whether the input operation that user carries out.The profound behavioural analysis based on user characteristics custom achieved when user logs in detects, and improves logging in system by user safe class further, to ensure Operational Visit quality, to improve user's experience.Meanwhile, save human resources, reduced system safety maintenance cost, reduce failure rate.
It is noted that above embodiment is only in order to illustrate the present invention and unrestricted, the present invention is also not limited in above-mentioned citing, and all do not depart from technical scheme and the improvement thereof of the spirit and scope of the present invention, and it all should be encompassed in right of the present invention.
Claims (11)
1. a user log-in authentication method, is characterized in that, comprising:
While user inputs log-on message, catch the input behavior characteristic of user according to the user behavior index preset;
Judge that whether described user behavior is abnormal according to described input behavior characteristic;
When described user behavior is normal, described log-on message is verified; When described user behavior is abnormal, authentication is carried out to the user of described login, determines whether the register that legitimate user himself carries out;
When be legitimate user himself carry out register time, described log-on message is verified; When be not legitimate user himself carry out register time, send a warning message to described legitimate user himself.
2. method according to claim 1, is characterized in that, described user behavior index comprises:
The input character time interval, input alphabet time, the button frequency and change number of times;
Described input behavior characteristic comprise capture the input character time interval, input the alphabet time, the button frequency and change number of times numerical value.
3. method according to claim 2, is characterized in that, while user inputs log-on message, the input behavior characteristic catching user according to the user behavior index preset comprises:
When detecting that user to position a cursor in input field and to push button, be judged to be that user inputs beginning, record input initial time and user key-press time;
When detecting that user presses " logging in ", key carries out data submission, is judged to be that user inputs and terminates completely, the record input termination time, and is 1 by described button frequency assignment;
When not detecting that user presses " logging in ", key carries out data submission, and be judged to be that user continues in input state, user often presses the button once except " logging in " key, is increased progressively by the numerical value of the described button frequency and adds 1;
When user being detected often by a rollback button, the numerical value of change number of times being increased progressively and adds 1;
Calculate the described input alphabet time according to described input initial time and input termination time, calculate the described input character time interval according to described input alphabet time, described user key-press time and the button frequency.
4. according to the method in claim 2 or 3, it is characterized in that, judge whether described user behavior comprises extremely according to described input behavior characteristic:
The abnormal behaviour of this user catch history and the input behavior characteristic of normal behaviour generate abnormal behaviour data set and normal behaviour data set respectively, and input behavior characteristic when user at every turn being inputted is as a behavioural characteristic character string;
One or more behavioural characteristic character string is obtained from capturing the current input behavior characteristic of user;
Calculate the behavioural characteristic character string probability of occurrence at described normal behaviour data set and abnormal behaviour data set, calculate the abnormal probability of user behavior according to described behavioural characteristic character string at the probability of occurrence of described normal behaviour data set and abnormal behaviour data set;
When the abnormal probability of described user behavior exceedes default probability threshold value, judge that this user is as abnormal behavior user.
5. method according to claim 4, is characterized in that, calculates behavioural characteristic character string and comprises at the probability of occurrence of described normal behaviour data set and abnormal behaviour data set:
Calculate the length of described normal behaviour data set and Hash table corresponding to abnormal behaviour data set;
Add up the occurrence number of described behavioural characteristic character string at described normal behaviour data set and abnormal behaviour data set;
Calculating described behavioural characteristic character string at the probability of occurrence of described normal behaviour data set is described behavioural characteristic character string in the occurrence number of described normal behaviour data set divided by the length of Hash table corresponding to normal behaviour data set;
Calculating described behavioural characteristic character string at the probability of occurrence of described abnormal behaviour data set is described behavioural characteristic character string in the occurrence number of described abnormal behaviour data set divided by the length of Hash table corresponding to abnormal behaviour data set.
6. method according to claim 5, is characterized in that, comprises according to the abnormal probability of probability of occurrence calculating user behavior of described behavioural characteristic character string at described normal behaviour data set and abnormal behaviour data set:
wherein, A represents the dystropic event of active user, t
irepresent behavioural characteristic character string, P (A/t
i) for obtain behavioural characteristic character string t from the input behavior characteristic that user is current
itime, the abnormal probability of this user behavior, P
1(t
i) for described behavioural characteristic character string is at the probability of occurrence of described normal behaviour data set, P
2(t
i) for described behavioural characteristic character string is at the probability of occurrence of described abnormal behaviour data set;
Or
P (A/t
1, t
2... t
n)=P (A/t
1) * P (A/t
2) * ... P (A/t
n)/{ P (A/t
1) * P (A/t
2) * ... P (A/t
n)+[1-P (A/t
1)] * [1-P (A/t
2)] * ... [1-P (A/t
n)] wherein, P (A/t
1, t
2... t
n) for obtain n behavioural characteristic character string t from the input behavior characteristic that user is current
1, t
2... t
ntime, the abnormal probability of this user behavior.
7. a user log-in authentication device, is characterized in that, comprising:
Capture module, while inputting log-on message user, catches the input behavior characteristic of user according to the user behavior index preset;
Characteristics analysis module, for judging that according to described input behavior characteristic whether described user behavior is abnormal;
Authentication module, when described user behavior is abnormal, carries out authentication to the user of described login, determines whether the register that legitimate user himself carries out;
Login authentication module, for when described user behavior is normal, verifies described log-on message; When be legitimate user himself carry out register time, described log-on message is verified;
Alarm module, for when be not legitimate user himself carry out register time, send a warning message to described legitimate user himself.
8. device according to claim 7, is characterized in that, described user behavior index comprises: the input character time interval, input alphabet time, the button frequency and change number of times; Described input behavior characteristic comprise capture the input character time interval, input the alphabet time, the button frequency and change number of times numerical value;
Described capture module comprises:
Detection sub-module, to position a cursor in input field and the behavior pushed button for detecting user, the behavior of key carries out data submission that user presses " logging in ", and user presses the behavior of the button except " logging in " key, and user presses the behavior of rollback button;
Timing submodule, for when detect that user to position a cursor in input field and to push button, is judged to be that user inputs beginning, record input initial time and user key-press time; When detecting that user presses " logging in ", key carries out data submission, is judged to be that user inputs and terminates completely, the record input termination time;
Described button frequency assignment, for when detect that user presses " logging in ", key carries out data submission, is 1 by counting submodule; When not detecting that user presses " logging in ", key carries out data submission, and user often presses the button once except " logging in " key, is increased progressively by the numerical value of the described button frequency and adds 1; When user being detected often by a rollback button, the numerical value of change number of times being increased progressively and adds 1;
Calculating sub module, calculates the described input alphabet time according to described input initial time and input termination time; The described input character time interval is calculated according to described input alphabet time, described user key-press time and the button frequency.
9. device according to claim 7, is characterized in that, described characteristics analysis module comprises:
Data set generates submodule, generate abnormal behaviour data set and normal behaviour data set respectively for the abnormal behaviour of this user that history caught and the input behavior characteristic of normal behaviour, input behavior characteristic when user at every turn being inputted is as a behavioural characteristic character string;
Text string generation submodule, for obtaining one or more behavioural characteristic character string from capturing the current input behavior characteristic of user;
Calculating sub module, for calculating the probability of occurrence of behavioural characteristic character string at described normal behaviour data set and abnormal behaviour data set, and calculate the abnormal probability of user behavior according to described behavioural characteristic character string at the probability of occurrence of described normal behaviour data set and abnormal behaviour data set;
Comparison sub-module, for being compared with the probability threshold value preset by abnormal for described user behavior probability, when the abnormal probability of described user behavior exceedes described probability threshold value, judges that this user is as abnormal user.
10. device according to claim 9, is characterized in that, described calculating sub module, for calculating the length of described normal behaviour data set and Hash table corresponding to abnormal behaviour data set; Add up the occurrence number of described behavioural characteristic character string at described normal behaviour data set and abnormal behaviour data set; Calculating described behavioural characteristic character string at the probability of occurrence of described normal behaviour data set is described behavioural characteristic character string in the occurrence number of described normal behaviour data set divided by the length of Hash table corresponding to normal behaviour data set; Calculating described behavioural characteristic character string at the probability of occurrence of described abnormal behaviour data set is described behavioural characteristic character string in the occurrence number of described abnormal behaviour data set divided by the length of Hash table corresponding to abnormal behaviour data set.
11. devices according to claim 9, is characterized in that, described calculating sub module, as follows for calculating the abnormal probability of user behavior:
wherein, A represents the dystropic event of active user, t
irepresent behavioural characteristic character string, P (A/t
i) for obtain behavioural characteristic character string t from the input behavior characteristic that user is current
itime, the abnormal probability of this user behavior, P
1(t
i) for described behavioural characteristic character string is at the probability of occurrence of described normal behaviour data set, P
2(t
i) for described behavioural characteristic character string is at the probability of occurrence of described abnormal behaviour data set;
Or
P (A/t
1, t
2... t
n)=P (A/t
1) * P (A/t
2) * ... P (A/t
n)/{ P (A/t
1) * P (A/t
2) * ... P (A/t
n)+[1-P (A/t
1)] * [1-P (A/t
2)] * ... [1-P (A/t
n)] wherein, P (A/t
1, t
2... t
n) for obtain n behavioural characteristic character string t from the input behavior characteristic that user is current
1, t
2... t
ntime, the abnormal probability of this user behavior.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310295620.8A CN104301286B (en) | 2013-07-15 | 2013-07-15 | User log-in authentication method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310295620.8A CN104301286B (en) | 2013-07-15 | 2013-07-15 | User log-in authentication method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104301286A true CN104301286A (en) | 2015-01-21 |
CN104301286B CN104301286B (en) | 2018-03-23 |
Family
ID=52320858
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310295620.8A Active CN104301286B (en) | 2013-07-15 | 2013-07-15 | User log-in authentication method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104301286B (en) |
Cited By (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104980279A (en) * | 2014-10-16 | 2015-10-14 | 腾讯科技(深圳)有限公司 | Identity authentication method, and related equipment and system |
CN105306496A (en) * | 2015-12-02 | 2016-02-03 | 中国科学院软件研究所 | User identity detection method and system |
CN105577692A (en) * | 2016-02-03 | 2016-05-11 | 杭州朗和科技有限公司 | Website login authentication method and device |
CN106127400A (en) * | 2016-06-29 | 2016-11-16 | 北京奇虎科技有限公司 | Work behavior analyzes method and device |
CN106372470A (en) * | 2016-08-30 | 2017-02-01 | 维沃移动通信有限公司 | Method for reminding of inputting password and mobile terminal |
CN106453205A (en) * | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Identity verification method and identity verification device |
CN106656978A (en) * | 2016-10-19 | 2017-05-10 | 广东欧珀移动通信有限公司 | Account login method and server |
CN106650350A (en) * | 2016-10-21 | 2017-05-10 | 中国银联股份有限公司 | Identity authentication method and system |
CN106817342A (en) * | 2015-11-30 | 2017-06-09 | 北京计算机技术及应用研究所 | Active identity authorization system based on user behavior feature recognition |
CN106878323A (en) * | 2017-03-13 | 2017-06-20 | 山东浪潮云服务信息科技有限公司 | A kind of identity identifying method, device and system |
CN106888090A (en) * | 2015-12-16 | 2017-06-23 | 阿里巴巴集团控股有限公司 | A kind of user authentication method, apparatus and system |
CN106919816A (en) * | 2015-12-24 | 2017-07-04 | 北京搜狗科技发展有限公司 | A kind of user authen method and device, a kind of device for user authentication |
CN107093076A (en) * | 2016-02-18 | 2017-08-25 | 卡巴斯基实验室股份制公司 | The system and method for detecting fraudulent user transaction |
CN107104973A (en) * | 2017-05-09 | 2017-08-29 | 北京潘达互娱科技有限公司 | The method of calibration and device of user behavior |
CN107330128A (en) * | 2017-07-24 | 2017-11-07 | 上海众人网络安全技术有限公司 | Certification abnormality judgment method and device |
CN107612922A (en) * | 2017-09-30 | 2018-01-19 | 北京梆梆安全科技有限公司 | User ID authentication method and device based on user operation habits and geographical position |
CN107623696A (en) * | 2017-09-30 | 2018-01-23 | 北京梆梆安全科技有限公司 | A kind of user ID authentication method and device based on user behavior feature |
CN107632722A (en) * | 2017-09-30 | 2018-01-26 | 北京梆梆安全科技有限公司 | A kind of various dimensions user ID authentication method and device |
CN107657156A (en) * | 2017-09-30 | 2018-02-02 | 北京梆梆安全科技有限公司 | User ID authentication method and device based on user operation habits and contact pressure area |
CN107657157A (en) * | 2017-09-30 | 2018-02-02 | 北京梆梆安全科技有限公司 | A kind of auth method and device based on input time interval |
CN107786349A (en) * | 2016-08-24 | 2018-03-09 | 腾讯科技(深圳)有限公司 | A kind of method for managing security and device for user account |
US9917848B2 (en) | 2015-04-21 | 2018-03-13 | Alibaba Group Holding Limited | Method and system for identifying a human or machine |
CN108011863A (en) * | 2017-08-23 | 2018-05-08 | 北京车和家信息技术有限责任公司 | Identify the method and device of Brute Force |
CN108711013A (en) * | 2018-05-24 | 2018-10-26 | 深圳市买买提信息科技有限公司 | Abnormal behaviour determines method, apparatus, equipment and storage medium |
CN108965291A (en) * | 2018-07-11 | 2018-12-07 | 平安科技(深圳)有限公司 | Registration login method, system and the computer equipment of mixed application |
CN109660453A (en) * | 2019-01-24 | 2019-04-19 | 太仓红码软件技术有限公司 | A kind of safety monitoring method and its system |
CN109873813A (en) * | 2019-01-28 | 2019-06-11 | 平安科技(深圳)有限公司 | Text input abnormality monitoring method, device, computer equipment and storage medium |
CN109889507A (en) * | 2019-01-24 | 2019-06-14 | 太仓红码软件技术有限公司 | It is a kind of for monitoring the monitoring method and its system of mailbox safe operation |
CN110427971A (en) * | 2019-07-05 | 2019-11-08 | 五八有限公司 | Recognition methods, device, server and the storage medium of user and IP |
WO2020000346A1 (en) * | 2018-06-29 | 2020-01-02 | Huawei Technologies Co., Ltd. | Intruder detection method and apparatus |
CN110781487A (en) * | 2019-09-27 | 2020-02-11 | 广西英腾教育科技股份有限公司 | Safety auxiliary verification method, system, medium and equipment |
CN111209551A (en) * | 2020-01-15 | 2020-05-29 | 国网河北省电力有限公司信息通信分公司 | Identity authentication method and device |
CN111416809A (en) * | 2020-03-13 | 2020-07-14 | 国网河北省电力有限公司信息通信分公司 | Continuous authentication method and device based on keystroke recognition |
CN111491300A (en) * | 2020-03-11 | 2020-08-04 | 中移(杭州)信息技术有限公司 | Risk detection method, device, equipment and storage medium |
CN111737668A (en) * | 2020-08-18 | 2020-10-02 | 广东睿江云计算股份有限公司 | Security authentication method and system based on user input behavior characteristics |
CN112037818A (en) * | 2020-08-30 | 2020-12-04 | 北京嘀嘀无限科技发展有限公司 | Abnormal condition determining method and forward matching formula generating method |
CN112699369A (en) * | 2021-01-12 | 2021-04-23 | 安芯网盾(北京)科技有限公司 | Method and device for detecting abnormal login through stack backtracking |
CN113179281A (en) * | 2021-05-26 | 2021-07-27 | 中国银行股份有限公司 | Method, device, equipment and storage medium for determining database collision attack |
CN113641971A (en) * | 2021-08-20 | 2021-11-12 | 武汉极意网络科技有限公司 | Exception handling system based on behavior verification |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050223234A1 (en) * | 2002-01-19 | 2005-10-06 | Mcowan Peter W | Authentication systems |
CN1957355A (en) * | 2004-04-01 | 2007-05-02 | 道夫·雅各布森 | Mouse performance identification |
CN101159715A (en) * | 2007-11-16 | 2008-04-09 | 腾讯科技(深圳)有限公司 | Safety information checking method and safety information checking device and client terminal |
CN101557287A (en) * | 2008-04-07 | 2009-10-14 | 冀连有 | Method for identity identification according to characteristics of user keystroke |
CN101674184A (en) * | 2009-10-19 | 2010-03-17 | 北京微通新成网络科技有限公司 | Identity recognition method based on user keystroke characteristic |
CN101833619A (en) * | 2010-04-29 | 2010-09-15 | 西安交通大学 | Method for judging identity based on keyboard-mouse crossed certification |
CN102509044A (en) * | 2011-10-17 | 2012-06-20 | 镇江金钛软件有限公司 | Mouse behavior characteristic-based password authentication method |
-
2013
- 2013-07-15 CN CN201310295620.8A patent/CN104301286B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050223234A1 (en) * | 2002-01-19 | 2005-10-06 | Mcowan Peter W | Authentication systems |
CN1957355A (en) * | 2004-04-01 | 2007-05-02 | 道夫·雅各布森 | Mouse performance identification |
CN101159715A (en) * | 2007-11-16 | 2008-04-09 | 腾讯科技(深圳)有限公司 | Safety information checking method and safety information checking device and client terminal |
CN101557287A (en) * | 2008-04-07 | 2009-10-14 | 冀连有 | Method for identity identification according to characteristics of user keystroke |
CN101674184A (en) * | 2009-10-19 | 2010-03-17 | 北京微通新成网络科技有限公司 | Identity recognition method based on user keystroke characteristic |
CN101833619A (en) * | 2010-04-29 | 2010-09-15 | 西安交通大学 | Method for judging identity based on keyboard-mouse crossed certification |
CN102509044A (en) * | 2011-10-17 | 2012-06-20 | 镇江金钛软件有限公司 | Mouse behavior characteristic-based password authentication method |
Cited By (59)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104980279A (en) * | 2014-10-16 | 2015-10-14 | 腾讯科技(深圳)有限公司 | Identity authentication method, and related equipment and system |
US10404720B2 (en) | 2015-04-21 | 2019-09-03 | Alibaba Group Holding Limited | Method and system for identifying a human or machine |
US9917848B2 (en) | 2015-04-21 | 2018-03-13 | Alibaba Group Holding Limited | Method and system for identifying a human or machine |
CN106453205B (en) * | 2015-08-07 | 2019-12-10 | 阿里巴巴集团控股有限公司 | identity verification method and device |
CN106453205A (en) * | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Identity verification method and identity verification device |
CN106817342A (en) * | 2015-11-30 | 2017-06-09 | 北京计算机技术及应用研究所 | Active identity authorization system based on user behavior feature recognition |
CN105306496A (en) * | 2015-12-02 | 2016-02-03 | 中国科学院软件研究所 | User identity detection method and system |
CN105306496B (en) * | 2015-12-02 | 2020-04-14 | 中国科学院软件研究所 | User identity detection method and system |
CN106888090A (en) * | 2015-12-16 | 2017-06-23 | 阿里巴巴集团控股有限公司 | A kind of user authentication method, apparatus and system |
CN106888090B (en) * | 2015-12-16 | 2020-01-21 | 阿里巴巴集团控股有限公司 | User verification method, device and system |
CN106919816A (en) * | 2015-12-24 | 2017-07-04 | 北京搜狗科技发展有限公司 | A kind of user authen method and device, a kind of device for user authentication |
CN105577692A (en) * | 2016-02-03 | 2016-05-11 | 杭州朗和科技有限公司 | Website login authentication method and device |
CN107093076A (en) * | 2016-02-18 | 2017-08-25 | 卡巴斯基实验室股份制公司 | The system and method for detecting fraudulent user transaction |
CN107093076B (en) * | 2016-02-18 | 2021-07-13 | 卡巴斯基实验室股份制公司 | System and method for detecting fraudulent user transactions |
US10943235B2 (en) | 2016-02-18 | 2021-03-09 | AO Kaspersky Lab | System and method of software-imitated user transactions using machine learning |
CN106127400A (en) * | 2016-06-29 | 2016-11-16 | 北京奇虎科技有限公司 | Work behavior analyzes method and device |
CN107786349B (en) * | 2016-08-24 | 2021-06-25 | 腾讯科技(深圳)有限公司 | Security management method and device for user account |
CN107786349A (en) * | 2016-08-24 | 2018-03-09 | 腾讯科技(深圳)有限公司 | A kind of method for managing security and device for user account |
CN106372470A (en) * | 2016-08-30 | 2017-02-01 | 维沃移动通信有限公司 | Method for reminding of inputting password and mobile terminal |
CN106656978A (en) * | 2016-10-19 | 2017-05-10 | 广东欧珀移动通信有限公司 | Account login method and server |
CN106650350B (en) * | 2016-10-21 | 2020-02-07 | 中国银联股份有限公司 | Identity authentication method and system |
CN106650350A (en) * | 2016-10-21 | 2017-05-10 | 中国银联股份有限公司 | Identity authentication method and system |
CN106878323A (en) * | 2017-03-13 | 2017-06-20 | 山东浪潮云服务信息科技有限公司 | A kind of identity identifying method, device and system |
CN107104973A (en) * | 2017-05-09 | 2017-08-29 | 北京潘达互娱科技有限公司 | The method of calibration and device of user behavior |
CN107330128A (en) * | 2017-07-24 | 2017-11-07 | 上海众人网络安全技术有限公司 | Certification abnormality judgment method and device |
CN107330128B (en) * | 2017-07-24 | 2020-12-08 | 上海众人网络安全技术有限公司 | Authentication abnormity judgment method and device |
CN108011863A (en) * | 2017-08-23 | 2018-05-08 | 北京车和家信息技术有限责任公司 | Identify the method and device of Brute Force |
CN108011863B (en) * | 2017-08-23 | 2020-12-15 | 北京车和家信息技术有限责任公司 | Method and device for identifying brute force cracking |
CN107632722A (en) * | 2017-09-30 | 2018-01-26 | 北京梆梆安全科技有限公司 | A kind of various dimensions user ID authentication method and device |
CN107612922A (en) * | 2017-09-30 | 2018-01-19 | 北京梆梆安全科技有限公司 | User ID authentication method and device based on user operation habits and geographical position |
CN107623696B (en) * | 2017-09-30 | 2020-11-24 | 北京梆梆安全科技有限公司 | User identity verification method and device based on user behavior characteristics |
CN107657157A (en) * | 2017-09-30 | 2018-02-02 | 北京梆梆安全科技有限公司 | A kind of auth method and device based on input time interval |
CN107657156A (en) * | 2017-09-30 | 2018-02-02 | 北京梆梆安全科技有限公司 | User ID authentication method and device based on user operation habits and contact pressure area |
CN107657156B (en) * | 2017-09-30 | 2021-03-19 | 北京梆梆安全科技有限公司 | User identity authentication method and device based on user operation habit and touch area |
CN107623696A (en) * | 2017-09-30 | 2018-01-23 | 北京梆梆安全科技有限公司 | A kind of user ID authentication method and device based on user behavior feature |
CN108711013A (en) * | 2018-05-24 | 2018-10-26 | 深圳市买买提信息科技有限公司 | Abnormal behaviour determines method, apparatus, equipment and storage medium |
WO2020000346A1 (en) * | 2018-06-29 | 2020-01-02 | Huawei Technologies Co., Ltd. | Intruder detection method and apparatus |
US11393306B2 (en) | 2018-06-29 | 2022-07-19 | Huawei Cloud Computing Technologies Co., Ltd. | Intruder detection method and apparatus |
US10783759B2 (en) | 2018-06-29 | 2020-09-22 | Futurewei Technologies, Inc. | Intruder detection method and apparatus |
WO2020010726A1 (en) * | 2018-07-11 | 2020-01-16 | 平安科技(深圳)有限公司 | Registration and login method for hybrid application program, system, and computer device |
CN108965291B (en) * | 2018-07-11 | 2021-04-16 | 平安科技(深圳)有限公司 | Registration login method and system of hybrid application program and computer equipment |
CN108965291A (en) * | 2018-07-11 | 2018-12-07 | 平安科技(深圳)有限公司 | Registration login method, system and the computer equipment of mixed application |
CN109889507A (en) * | 2019-01-24 | 2019-06-14 | 太仓红码软件技术有限公司 | It is a kind of for monitoring the monitoring method and its system of mailbox safe operation |
CN109660453A (en) * | 2019-01-24 | 2019-04-19 | 太仓红码软件技术有限公司 | A kind of safety monitoring method and its system |
CN109889507B (en) * | 2019-01-24 | 2021-08-06 | 印象(山东)大数据有限公司 | Monitoring method and system for monitoring mailbox operation safety |
CN109873813A (en) * | 2019-01-28 | 2019-06-11 | 平安科技(深圳)有限公司 | Text input abnormality monitoring method, device, computer equipment and storage medium |
CN110427971A (en) * | 2019-07-05 | 2019-11-08 | 五八有限公司 | Recognition methods, device, server and the storage medium of user and IP |
CN110781487A (en) * | 2019-09-27 | 2020-02-11 | 广西英腾教育科技股份有限公司 | Safety auxiliary verification method, system, medium and equipment |
CN111209551B (en) * | 2020-01-15 | 2022-10-14 | 国网河北省电力有限公司信息通信分公司 | Identity authentication method and device |
CN111209551A (en) * | 2020-01-15 | 2020-05-29 | 国网河北省电力有限公司信息通信分公司 | Identity authentication method and device |
CN111491300B (en) * | 2020-03-11 | 2023-04-28 | 中移(杭州)信息技术有限公司 | Risk detection method, apparatus, device and storage medium |
CN111491300A (en) * | 2020-03-11 | 2020-08-04 | 中移(杭州)信息技术有限公司 | Risk detection method, device, equipment and storage medium |
CN111416809A (en) * | 2020-03-13 | 2020-07-14 | 国网河北省电力有限公司信息通信分公司 | Continuous authentication method and device based on keystroke recognition |
CN111737668B (en) * | 2020-08-18 | 2020-12-11 | 广东睿江云计算股份有限公司 | Security authentication method and system based on user input behavior characteristics |
CN111737668A (en) * | 2020-08-18 | 2020-10-02 | 广东睿江云计算股份有限公司 | Security authentication method and system based on user input behavior characteristics |
CN112037818A (en) * | 2020-08-30 | 2020-12-04 | 北京嘀嘀无限科技发展有限公司 | Abnormal condition determining method and forward matching formula generating method |
CN112699369A (en) * | 2021-01-12 | 2021-04-23 | 安芯网盾(北京)科技有限公司 | Method and device for detecting abnormal login through stack backtracking |
CN113179281A (en) * | 2021-05-26 | 2021-07-27 | 中国银行股份有限公司 | Method, device, equipment and storage medium for determining database collision attack |
CN113641971A (en) * | 2021-08-20 | 2021-11-12 | 武汉极意网络科技有限公司 | Exception handling system based on behavior verification |
Also Published As
Publication number | Publication date |
---|---|
CN104301286B (en) | 2018-03-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104301286B (en) | User log-in authentication method and device | |
US10764297B2 (en) | Anonymized persona identifier | |
US10044731B2 (en) | System and method for validating users using social network information | |
US20230237134A1 (en) | Biometric identification platform | |
EP3510516B1 (en) | Computer user authentication using machine learning | |
US20210152555A1 (en) | System and method for unauthorized activity detection | |
WO2019228004A1 (en) | Identity verification method and apparatus | |
US10542021B1 (en) | Automated extraction of behavioral profile features | |
Traore et al. | Combining mouse and keystroke dynamics biometrics for risk-based authentication in web environments | |
Serwadda et al. | Examining a large keystroke biometrics dataset for statistical-attack openings | |
US8843754B2 (en) | Continuous user identification and situation analysis with identification of anonymous users through behaviormetrics | |
US8856892B2 (en) | Interactive authentication | |
CN104202339B (en) | A kind of across cloud authentication service method based on user behavior | |
US11775623B2 (en) | Processing authentication requests to secured information systems using machine-learned user-account behavior profiles | |
CN110602021A (en) | Safety risk value evaluation method based on combination of HTTP request behavior and business process | |
CN116957049B (en) | Unsupervised internal threat detection method based on countermeasure self-encoder | |
US11968184B2 (en) | Digital identity network alerts | |
Stanić | Continuous user verification based on behavioral biometrics using mouse dynamics | |
RU2659736C1 (en) | System and method of detecting new devices under user interaction with banking services | |
CN110445790A (en) | A kind of account method for detecting abnormality logging in behavior based on user | |
Monschein et al. | SPCAuth: scalable and privacy-preserving continuous authentication for web applications | |
CN116032501A (en) | Network abnormal behavior detection method and device, electronic equipment and storage medium | |
Bicakci et al. | Analysis and evaluation of keystroke dynamics as a feature of contextual authentication | |
CN108241803B (en) | A kind of access control method of heterogeneous system | |
Vassallo et al. | Privacy-preserving behavioral authentication on smartphones |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |