CN105516138A - Verification method and device based on login log analysis - Google Patents

Verification method and device based on login log analysis Download PDF

Info

Publication number
CN105516138A
CN105516138A CN201510900838.0A CN201510900838A CN105516138A CN 105516138 A CN105516138 A CN 105516138A CN 201510900838 A CN201510900838 A CN 201510900838A CN 105516138 A CN105516138 A CN 105516138A
Authority
CN
China
Prior art keywords
login
time
behavior
distribution curve
logging
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510900838.0A
Other languages
Chinese (zh)
Other versions
CN105516138B (en
Inventor
吴洪声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou cipher technology Co., Ltd.
Original Assignee
Secken Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secken Inc filed Critical Secken Inc
Priority to CN201510900838.0A priority Critical patent/CN105516138B/en
Publication of CN105516138A publication Critical patent/CN105516138A/en
Application granted granted Critical
Publication of CN105516138B publication Critical patent/CN105516138B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Alarm Systems (AREA)

Abstract

The invention discloses a verification method based on login log analysis. The method comprises: obtaining a login log of a user in a preset time period, wherein the login log comprises at least once login behavior; counting the login behavior distribution of the user in the preset time period of every time period all day according to the login log and obtaining a distribution curve; obtaining the safety levels of the subsequent login behaviors of the user according to the distribution curve; and determining the verification mode of the subsequent login behavior of this time according to the safety levels. The invention also discloses a verification device based on login log analysis.

Description

A kind of verification method and device based on logging in log analysis
Technical field
The present invention relates to field of information security technology, particularly relating to a kind of verification method and device based on logging in log analysis.
Background technology
Along with the development of network technology, the communication technology and network application, in the modern society that informationization is highly developed, people will have the needs carrying out authentication in a large number every day, and such as entering application program each time all needs user to input password, gesture or sound etc. to carry out authentication.But of this sort authentication frequently exists the problem of making troubles to user, the requirement of the convenient safety again of user cannot be met: understandably, conveniently, the logic of subscriber authentication will inevitably be reduced, but the reduction of fail safe can be caused; On the contrary, in order to safety, authentication logic will inevitably be increased, but result in the increase of proving time.
Therefore, a kind of not only safety but also easy verifying logic is needed.
Summary of the invention
Given this, the invention provides a kind of proof scheme based on login log analysis newly, to try hard to solve or at least alleviate Problems existing above.
According to an aspect of the present invention, provide a kind of based on logging in the verification method of log analysis, the method comprises: obtain user's login daily record within a predetermined period of time, and this login daily record comprises and logs in behavior at least one times; According to login daily record, in statistics predetermined amount of time, user distributes in the login behavior of whole day each time period, and obtains distribution curve; The safe class of the follow-up login behavior of user is obtained according to this distribution curve; And the verification mode of this follow-up login behavior is determined according to safe class.
Alternatively, in verification method according to the present invention, login behavior comprises the login time that this time logs in behavior, and the step that in statistics predetermined amount of time, user distributes in the login behavior of whole day each time period comprises: in statistics predetermined amount of time, user distributes at the login times of whole day each time period; And the step obtaining distribution curve comprises: obtain login time distribution curve.
Alternatively, in verification method according to the present invention, login behavior also comprises the login place that this time logs in behavior, and the step that in statistics predetermined amount of time, user distributes in the login behavior of whole day each time period also comprises: in statistics predetermined amount of time, user distributes in the login place of whole day each time period; And the step obtaining distribution curve also comprises: obtain and log in place distribution curve.
Alternatively, in verification method according to the present invention, login behavior comprises the logging in network that this time logs in behavior, and the step that in statistics predetermined amount of time, user distributes in the login behavior of whole day each time period comprises: in statistics predetermined amount of time, user distributes at the logging in network of whole day each time period; And the step obtaining distribution curve also comprises: obtain logging in network distribution curve.
Alternatively, in verification method according to the present invention, login time distribution curve is with whole day each time period for abscissa, and the login times of each time period is the normal distribution curve of ordinate.
Alternatively, in verification method according to the present invention, logging in place distribution curve is with whole day each time period for abscissa, and the login place of each time period is the normal distribution curve of ordinate.
Alternatively, in verification method according to the present invention, the ordinate logging in place distribution curve comprises at least one and conventionally logs in place and other log in place, and this is conventional, and to log in place be to log in daily record occurrence number more than the login place of the first numerical value.
Alternatively, in verification method according to the present invention, logging in network distribution curve is with whole day each time period for abscissa, and the logging in network of each time period is the normal distribution curve of ordinate.
Alternatively, in verification method according to the present invention, the ordinate of logging in network distribution curve comprises at least one conventional logging in network and other logging in network, and conventional logging in network is log in occurrence number in daily record to exceed the logging in network of second value.
Alternatively, in verification method according to the present invention, the step obtaining the safe class of user's follow-up login behavior according to distribution curve comprises: judge whether follow-up login behavior is abnormal login by distribution curve, if so, then determine that safe class is inferior grade.
Alternatively, in verification method according to the present invention, judge that whether follow-up login behavior is that the step of abnormal login comprises by distribution curve: judge whether the login time of follow-up login behavior meets login time distribution curve; Judge whether the login place of follow-up login behavior meets and log in place distribution curve; And judge whether the logging in network of follow-up login behavior meets described logging in network distribution curve; If follow-up login behavior does not meet above-mentioned any one, then this login behavior is abnormal login.
Alternatively, in verification method according to the present invention, judge that the step whether login time of follow-up login behavior meets login time distribution curve comprises: estimated time corresponding on comparison login time and login time distribution curve, both acquisitions comparison value, if comparison value meets the first scope, then the login time of this follow-up login behavior meets login time distribution curve, otherwise does not meet; Judge whether the login place of follow-up login behavior meets the step logging in place distribution curve and comprise: comparison logs in place and logs in estimation place corresponding on the distribution curve of place, both acquisitions comparison value, if comparison value meets the second scope, then the login place of this follow-up login behavior meets login place distribution curve, otherwise does not meet; And judge that the step whether logging in network of follow-up login behavior meets logging in network distribution curve comprises: estimation network corresponding on the logging in network of the follow-up login behavior of comparison and logging in network distribution curve, both acquisitions comparison value, if comparison value is 1, then the logging in network of this follow-up login behavior meets logging in network distribution curve, otherwise do not meet logging in network distribution curve, and make this comparison value be 0; Wherein comparison value deducts the difference of the actual value in described login behavior and the estimated value on described distribution curve divided by this estimated value by 1, then takes absolute value and draw.
Alternatively, in verification method according to the present invention, the first scope, the second scope are [0,1].
Alternatively, in verification method according to the present invention, judge the logging in network of follow-up login behavior comprises before whether meeting the step of logging in network distribution curve: whether the logging in network judging follow-up login behavior is the trust network that user adds, if so, then determine that safe class is Special High Grade; Whether the logging in network judging follow-up login behavior is public network, if so, then determines that safe class is inferior grade; If the two is all no, then judge whether the logging in network of follow-up login behavior meets logging in network distribution curve.
Alternatively, in verification method according to the present invention, the step obtaining the safe class of user's follow-up login behavior according to distribution curve also comprises: after judging that follow-up login behavior is not abnormal login, the comparison value of landing time, the login comparison value in place, the comparison value of logging in network are added after being multiplied by respective weight respectively, draw safety value; And the safe class of this follow-up login behavior is determined according to safety value.
Alternatively, in verification method according to the present invention, wherein landing time, the weight that logs in place and logging in network are respectively 0.2,0.4 and 0.4.
Alternatively, in verification method according to the present invention, determine that according to safety value the step of the safe class of this follow-up login behavior comprises: when safety value meets high-grade scope, determine that safe class is high-grade; When safety value meets middle grade scope, determine that safe class is middle grade; When safety value meets inferior grade scope, determine that safe class is inferior grade.
Alternatively, in verification method according to the present invention, determine that according to safe class the step of the verification mode of this follow-up login behavior comprises: when the safe class of follow-up login behavior is Special High Grade, do not verify; When the safe class of follow-up login behavior is high-grade, determine gesture verification mode; When the safe class of follow-up login behavior is middle grade, determine face verification mode or voice print verification mode; And when the safe class of follow-up login behavior is inferior grade, determine gesture checking and face verification mode, or gesture is verified and vocal print verification mode.
According to another aspect of the present invention, provide and a kind ofly to comprise: log acquisition module based on logging in the demo plant of log analysis, be suitable for obtaining user's login daily record within a predetermined period of time, this login daily record comprises and logs in behavior at least one times; Curve fitting module, be suitable for according to login daily record, in statistics predetermined amount of time, user distributes in the login behavior of whole day each time period, and obtains distribution curve; Safety analysis module, is suitable for the safe class obtaining the follow-up login behavior of user according to distribution curve; Also be suitable for the verification mode determining this follow-up login behavior according to safe class.
Alternatively, in demo plant according to the present invention, login behavior comprises the login time that this time logs in behavior, and curve fitting module is suitable for user in statistics predetermined amount of time and distributes at the login times of whole day each time period, is suitable for obtaining login time distribution curve.
Alternatively, in demo plant according to the present invention, login behavior also comprises the login place that this time logs in behavior, and curve fitting module is suitable for user in statistics predetermined amount of time and, in the distribution of the login place of whole day each time period, is suitable for obtaining login place distribution curve.
Alternatively, in demo plant according to the present invention, login behavior comprises the logging in network that this time logs in behavior, and curve fitting module is suitable for user in statistics predetermined amount of time and distributes at the logging in network of whole day each time period, is suitable for obtaining logging in network distribution curve.
Alternatively, in demo plant according to the present invention, login time distribution curve is with whole day each time period for abscissa, and the login times of each time period is the normal distribution curve of ordinate.
Alternatively, in demo plant according to the present invention, logging in place distribution curve is with whole day each time period for abscissa, and the login place of each time period is the normal distribution curve of ordinate.
Alternatively, in demo plant according to the present invention, the ordinate logging in place distribution curve comprises at least one and conventionally logs in place and other log in place, and this is conventional, and to log in place be to log in daily record occurrence number more than the login place of the first numerical value.
Alternatively, in demo plant according to the present invention, logging in network distribution curve is with whole day each time period for abscissa, and the logging in network of each time period is the normal distribution curve of ordinate.
Alternatively, in demo plant according to the present invention, the ordinate of logging in network distribution curve comprises at least one conventional logging in network and other logging in network, and this conventional logging in network is log in occurrence number in daily record to exceed the logging in network of second value.
Alternatively, in demo plant according to the present invention, safety analysis module is suitable for judging whether follow-up login behavior is abnormal login by distribution curve, if so, then determines that safe class is inferior grade.
Alternatively, in demo plant according to the present invention, safety analysis module is suitable for judging whether the login time of follow-up login behavior meets login time distribution curve; Judge whether the login place of follow-up login behavior meets and log in place distribution curve; And judge whether the logging in network of follow-up login behavior meets logging in network distribution curve; If follow-up login behavior does not meet above-mentioned any one, then this login behavior is abnormal login.
Alternatively, in demo plant according to the present invention, safety analysis module is suitable for estimated time corresponding on comparison login time and login time distribution curve, both acquisitions comparison value, if comparison value meets the first scope, then the login time of this follow-up login behavior meets login time distribution curve, otherwise does not meet; Also be suitable for comparison login place and log in estimation place corresponding on the distribution curve of place, both acquisitions comparison value, if comparison value meets the second scope, then the login place of this follow-up login behavior meets login place distribution curve, otherwise does not meet; And be also suitable for estimation network corresponding on the logging in network of the follow-up login behavior of comparison and logging in network distribution curve, both acquisitions comparison value, if comparison value is 1, then the logging in network of this follow-up login behavior meets logging in network distribution curve, otherwise do not meet logging in network distribution curve, and make this comparison value be 0; Wherein comparison value deducts the difference of the actual value in described login behavior and the estimated value on distribution curve divided by this estimated value by 1, then takes absolute value and draw.
Alternatively, in demo plant according to the present invention, the first scope, the second scope are [0,1].
Alternatively, in demo plant according to the present invention, safety analysis module is also suitable for judging whether the logging in network of follow-up login behavior is the trust network that user adds, and if so, then determines that safe class is Special High Grade; Whether the logging in network judging follow-up login behavior is public network, if so, then determines that safe class is inferior grade; If the two is all no, then safety analysis module judges whether the logging in network of follow-up login behavior meets logging in network distribution curve.
Alternatively, in demo plant according to the present invention, after safety analysis module is also suitable for judging that follow-up login behavior is not abnormal login, the comparison value of landing time, the login comparison value in place, the comparison value of logging in network is added after being multiplied by respective weight respectively, draws safety value; And the safe class of this follow-up login behavior is determined according to this safety value.
Alternatively, in demo plant according to the present invention, wherein landing time, the weight that logs in place and logging in network are respectively 0.2,0.4 and 0.4.
Alternatively, in demo plant according to the present invention, safety analysis module is also suitable for when safety value meets high-grade scope, determines that safe class is high-grade; When safety value meets middle grade scope, determine that safe class is middle grade; And when safety value meets inferior grade scope, determine that safe class is inferior grade.
Alternatively, in demo plant according to the present invention, safety analysis module is also suitable for, when the safe class of follow-up login behavior is Special High Grade, not verifying; When the safe class of follow-up login behavior is high-grade, determine gesture verification mode; When the safe class of follow-up login behavior is middle grade, determine face verification mode or voice print verification mode; And when the safe class of follow-up login behavior is inferior grade, determine gesture checking and face verification mode, or gesture is verified and vocal print verification mode.
According to the proof scheme based on logging in log analysis of the present invention, analyzed by login daily record record user being logged in behavior, obtain login behavior distribution curve, this login behavior distribution curve is utilized to determine that ensuing user logs in the safe class of behavior, and determine corresponding login authentication mode, therefore achieve and log in behavioural habits according to user, the verifying logic providing safe class different under different scenes, Consumer's Experience can be improved while guarantee safety, save the proving time.
Accompanying drawing explanation
In order to realize above-mentioned and relevant object; combine description below and accompanying drawing herein to describe some illustrative aspect; these aspects indicate the various modes can putting into practice principle disclosed herein, and all aspects and equivalent aspect thereof are intended to fall in the scope of theme required for protection.Read detailed description below in conjunction with the drawings, above-mentioned and other object of the present disclosure, Characteristics and advantages will become more obvious.Throughout the disclosure, identical Reference numeral is often referred to for identical parts or element.
Fig. 1 shows the structured flowchart of the demo plant 100 based on login log analysis according to an illustrative embodiment of the invention; And
Fig. 2 shows according to an embodiment of the invention based on the flow chart of the verification method 200 of login log analysis.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Fig. 1 shows the structured flowchart of the demo plant 100 based on login log analysis according to an illustrative embodiment of the invention.This demo plant 100 can reside in the various client application of mobile terminal, also can reside in various Website server.Such as, client application allows user to operate with the account of this application usually, in order to ensure safety, when user undertaken logging in by its account or other sensitive operation time, need to carry out authentication, this client application determines the verification mode of the authentication carried out by demo plant 100 according to the present invention.
As shown in Figure 1, log acquisition module 110, curve fitting module 120 and safety analysis module 130 can be comprised based on the demo plant 100 logging in log analysis.For the register of user, log acquisition module 110 is suitable for obtaining user's login daily record within a predetermined period of time, this predetermined amount of time is generally at least 1 year, login daily record in this section of predetermined amount of time can comprise and logs in behavior at least one times, such as, login daily record in 1 year comprise user in the previous year in all login behaviors.
The curve fitting module 120 be connected with log acquisition module 110 is suitable for according to above-mentioned login daily record, and in statistics predetermined amount of time, user distributes in the login behavior of whole day each time period, and obtains distribution curve.The behavior that wherein logs at least can comprise this time log in behavior login time, log in place and logging in network, login time can log in certain client application for a some time point user, and time format is 24 hours systems; Log in place and for GPS position information during login, can comprise latitude, longitude; Logging in network for the network information connected during login, such as, can comprise the wifi information of IP address and SSID.
Curve fitting module 120 can be added up user in predetermined amount of time and be distributed at the login times of whole day each time period, and obtains login time distribution curve.Such as, in login daily record in certain predetermined amount of time, user arrives the login times of early 10 up to 90 times morning 8, the login times of 12 reaches 80 times at noon, the login times in evening 10 is arrived up to 100 times evening 8, according to above-mentioned statistics, can simulate with whole day each time period for abscissa (such as from 0:00 to 23:00), the login times of each time period is the normal distribution curve of ordinate, i.e. login time distribution curve.
Curve fitting module 120 can also be added up user in predetermined amount of time and be distributed in the login place of whole day each time period, and obtains login place distribution curve.This login place distribution curve can be with whole day each time period for abscissa, and the login place of each time period is the normal distribution curve of ordinate.The ordinate of this login place distribution curve can comprise at least one conventional login place and other log in place, and this conventional place that logs in is that in login daily record, occurrence number is more than the login place of the first numerical value, and wherein the first numerical value can be 3.Such as, according to the login daily record in certain predetermined amount of time, 9 points late 8 o'clock to second day morning can be counted, user is arranged in house and logs in, early 9 are positioned at company's login to 6 pm, be positioned at other places 6 pm to evening 8 to log in, wherein family, company are the conventional login place occurring more than 3 times, login place except family and company logs in place for other, for the ease of post analysis, family, company and other places can be represented in order to numeral (such as 1,2,3 etc.) respectively.
Curve fitting module 120 can also be added up user in predetermined amount of time and be distributed at the logging in network of whole day each time period, and obtains logging in network distribution curve.Identically with login place distribution curve, logging in network distribution curve can be for abscissa with whole day each time period, the logging in network of each time period is the normal distribution curve of ordinate, the ordinate of this logging in network distribution curve comprises at least one conventional logging in network and other logging in network, conventional logging in network is log in occurrence number in daily record to exceed the logging in network of second value, and wherein second value can be 3.
After curve fitting module 120 obtains above-mentioned distribution curve, the safety analysis module 130 be connected with curve fitting module 120 can obtain the safe class of the follow-up login behavior of user according to this distribution curve, this safe class at least can comprise Special High Grade, high-grade, middle grade and inferior grade.
First, by distribution curve, safety analysis module 130 can judge whether follow-up login behavior is abnormal login, if so, then can determine that this follow-up safe class logging in behavior is inferior grade.Particularly, safety analysis module 130 can judge whether the login time of follow-up login behavior meets login time distribution curve; Judge whether the login place of follow-up login behavior meets and log in place distribution curve; And judge whether the logging in network of follow-up login behavior meets logging in network distribution curve; If follow-up login behavior does not meet above-mentioned any one, then safety analysis module 130 can determine that this login behavior is abnormal login.
Wherein, safety analysis module 130 is suitable for estimated time corresponding on the login time of the follow-up login behavior of comparison and login time distribution curve, both acquisitions comparison value, if comparison value meets the first scope, then determine that the login time of this follow-up login behavior meets login time distribution curve, otherwise do not meet, this first scope is [0,1] normally; Also be suitable for comparison log in place and log in estimation place corresponding on the distribution curve of place, both acquisitions comparison value, if comparison value meets the second scope, then determine that the login place of this follow-up login behavior meets and log in place distribution curve, otherwise do not meet, this second scope is [0,1] equally; And be also suitable for estimation network corresponding on the logging in network of the follow-up login behavior of comparison and logging in network distribution curve, both acquisitions comparison value, if comparison value is 1, then determine that the logging in network of this follow-up login behavior meets logging in network distribution curve, otherwise do not meet logging in network distribution curve, and make this comparison value be 0.Wherein comparison value deducts the difference of the actual value in login behavior and the estimated value on distribution curve divided by this estimated value by 1, then takes absolute value and draw.
Further, safety analysis module 130 is before judging whether the logging in network of follow-up login behavior meets logging in network distribution curve, whether the logging in network that can also judge this follow-up login behavior is the trust network that user adds, this trust network can be the trust network connected in trust place (family or company etc.), if so, then can determine that this follow-up safe class logging in behavior is Special High Grade; Whether the logging in network that can also judge follow-up login behavior is public network, if so, then can determine that safe class is inferior grade; If the two is all no, then next safety analysis module 130 can judge whether the logging in network of follow-up login behavior meets logging in network distribution curve.
After safety analysis module 130 judges that this follow-up login behavior is not abnormal login, then the comparison value of landing time in this follow-up login behavior, the login comparison value in place, the comparison value of logging in network can be added after being multiplied by respective weight respectively, draw safety value, and determine the safe class of this follow-up login behavior according to this safety value.
Suppose that the comparison value of landing time is x 1, the comparison value of debarkation point is x 2, the comparison value of logging in network is x 3, respective weight is respectively a, b and c, wherein a=0.2, b=c=0.4.
Suppose certain once follow-up login time be 8 a.m., the estimated time on the login time distribution curve of its correspondence is 8 a.m. half, then x 1=| 1-30/ (24*60) |=0.98;
Suppose that logging in the corresponding numerical value in place is 100, the corresponding numerical value in the estimation place on the login place distribution curve of its correspondence is 200, so x 2=| 1-100/1000|=0.9;
Suppose that logging in network meets logging in network distribution curve completely, then x3=1;
So, according to above-mentioned weight allocation, the safety value result of calculating is:
1*0.4+0.98*0.2+0.9*0.4=0.97。
Further, safety analysis module 130 can judge when safety value meets high-grade scope, determines that safe class is high-grade; When safety value meets middle grade scope, determine that safe class is middle grade; And when safety value meets inferior grade scope, determine that safe class is inferior grade.Such as, [0,0.3] can be divided into inferior grade scope, [0.3,0.8] be divided into middle grade scope, [0.8,1] is divided into high-grade scope, then numerical value be 0.97 safety value belong to high-grade.
Then safety analysis module 130 determines the verification mode of this follow-up login behavior according to safe class.Particularly, safety analysis module 130 is suitable for, when the safe class of follow-up login behavior is Special High Grade, not verifying; When the safe class of follow-up login behavior is high-grade, determine gesture verification mode; When the safe class of follow-up login behavior is middle grade, determine face verification mode or voice print verification mode; And when the safe class of follow-up login behavior is inferior grade, determine gesture checking and face verification mode, or gesture is verified and vocal print verification mode, the verification mode that wherein each safe class is corresponding is not limited to above-mentioned, and the present invention does not limit this.Achieve like this and log in behavioural habits according to user, accurately judge the safe class under different scenes, verifying logic suitable under this safe class is provided, while guarantee safety, improve Consumer's Experience, save the proving time.
Fig. 2 shows according to an embodiment of the invention based on the flow chart of the verification method 200 of login log analysis.Verification method 200 is suitable for performing in based on the demo plant 100 logging in log analysis, and this verification method 200 starts from step S210, in step S210, obtains user login daily record within a predetermined period of time, and this login daily record comprises and logs in behavior at least one times.
Next, in step S220, according to login daily record, add up user in this predetermined amount of time and distribute in the login behavior of whole day each time period, and obtain distribution curve.
Wherein, according to an embodiment of the invention, login behavior can comprise the login time that this time logs in behavior, and the step that in statistics predetermined amount of time, user distributes in the login behavior of whole day each time period can comprise: in statistics predetermined amount of time, user distributes at the login times of whole day each time period; And the step obtaining distribution curve can comprise: obtain login time distribution curve, this login time distribution curve can be with whole day each time period for abscissa, and the login times of each time period is the normal distribution curve of ordinate.
According to another implementation of the invention, login behavior can also comprise the login place that this time logs in behavior, and the step that in statistics predetermined amount of time, user distributes in the login behavior of whole day each time period can also comprise: in statistics predetermined amount of time, user distributes in the login place of whole day each time period; And the step obtaining distribution curve can also comprise: obtain and log in place distribution curve.This login place distribution curve can be for abscissa with whole day each time period, the login place of each time period is the normal distribution curve of ordinate, the ordinate of this login place distribution curve can comprise at least one conventional place that logs in and log in place with other, and this conventional place that logs in is log in occurrence number in daily record to exceed the login place of second value.
According to another implementation of the invention, login behavior can also comprise the logging in network that this time logs in behavior, and the step that in statistics predetermined amount of time, user distributes in the login behavior of whole day each time period can comprise: in statistics predetermined amount of time, user distributes at the logging in network of whole day each time period; And the step obtaining distribution curve can also comprise: obtain logging in network distribution curve.This logging in network distribution curve can be for abscissa with whole day each time period, the logging in network of each time period is the normal distribution curve of ordinate, the ordinate of this logging in network distribution curve can comprise at least one conventional logging in network and other logging in network, and this conventional logging in network is log in occurrence number in daily record to exceed the logging in network of second value.
Then in step S230, obtain the safe class of the follow-up login behavior of user according to distribution curve.According to another implementation of the invention, this step S230 can comprise step: judge whether follow-up login behavior is abnormal login by distribution curve, if so, then determine that safe class is inferior grade.
Particularly, judge that whether follow-up login behavior is that the step of abnormal login comprises by distribution curve: judge the whether described login time distribution curve of the login time of follow-up login behavior; Judge whether the login place of follow-up login behavior meets and log in place distribution curve; And judge whether the login place of follow-up login behavior meets logging in network distribution curve; If follow-up login behavior does not meet above-mentioned any one, then this login behavior is abnormal login.
Wherein, judge that the step whether login time of follow-up login behavior meets login time distribution curve comprises: estimated time corresponding on comparison login time and login time distribution curve, both acquisitions comparison value, if comparison value meets the first scope, then the login time of this follow-up login behavior meets login time distribution curve, otherwise do not meet, the first scope can be [0,1].
Judge whether the login place of follow-up login behavior meets the step logging in place distribution curve and comprise: comparison logs in place and logs in estimation place corresponding on the distribution curve of place, both acquisitions comparison value, if comparison value meets the second scope, then the login place of this follow-up login behavior meets login place distribution curve, otherwise do not meet, second scope can be [0,1]; And
Judge that the step whether logging in network of follow-up login behavior meets logging in network distribution curve comprises: estimation network corresponding on the logging in network of the follow-up login behavior of comparison and logging in network distribution curve, both acquisitions comparison value, if comparison value is 1, then the logging in network of this follow-up login behavior meets logging in network distribution curve, otherwise do not meet logging in network distribution curve, and make this comparison value be 0;
Wherein comparison value deducts the difference of the actual value in login behavior and the estimated value on distribution curve divided by this estimated value by 1, then takes absolute value and draw.
According to another implementation of the invention, judge the logging in network of follow-up login behavior can comprise before whether meeting the step of logging in network distribution curve: whether the logging in network judging follow-up login behavior is the trust network that user adds, if so, then determine that safe class is Special High Grade; Whether the logging in network judging follow-up login behavior is public network, if so, then determines that safe class is inferior grade; If the two is all no, then judge whether the logging in network of follow-up login behavior meets logging in network distribution curve again.
Step S230 can also comprise: after judging that follow-up login behavior is not abnormal login, the comparison value of landing time, the login comparison value in place, the comparison value of logging in network is added after being multiplied by respective weight respectively, draws safety value; And the safe class of this follow-up login behavior is determined according to safety value.Wherein landing time, the weight that logs in place and logging in network can be 0.2,0.4 and 0.4 respectively.
According to another implementation of the invention, determine that according to safety value the step of the safe class of this follow-up login behavior can comprise: when safety value meets high-grade scope, determine that safe class is high-grade; When safety value meets middle grade scope, determine that safe class is middle grade; When safety value meets inferior grade scope, determine that safe class is inferior grade.
Last in step S240, the verification mode of this follow-up login behavior is determined according to safe class.Particularly, when the safe class of follow-up login behavior is Special High Grade, do not verify; When the safe class of follow-up login behavior is high-grade, determine gesture verification mode; When the safe class of follow-up login behavior is middle grade, determine face verification mode or voice print verification mode; And when the safe class of follow-up login behavior is inferior grade, determine gesture checking and face verification mode, or gesture is verified and vocal print verification mode.
Illustrate at composition graphs 1 above in the specific descriptions of demo plant 100 and detailed explanation has been carried out to the respective handling in each step, no longer duplicate contents is repeated here.
In specification provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires than the feature more multiple features clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are to be understood that the module of the equipment in example disclosed herein or unit or assembly can be arranged in equipment as depicted in this embodiment, or alternatively can be positioned in one or more equipment different from the equipment in this example.Module in aforementioned exemplary can be combined as a module or can be divided into multiple submodule in addition.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
The present invention also comprises: A6, method as described in A3, described login place distribution curve is with whole day each time period for abscissa, and the login place of described each time period is the normal distribution curve of ordinate.A7, method as described in A6, the ordinate of described login place distribution curve comprises at least one and conventionally logs in place and other log in place, described conventional login place be in described login daily record occurrence number more than the login place of the first numerical value.A8, method as described in A4, described logging in network distribution curve is with whole day each time period for abscissa, and the logging in network of described each time period is the normal distribution curve of ordinate.A9, method as described in A8, the ordinate of described logging in network distribution curve comprises at least one conventional logging in network and other logging in network, and described conventional logging in network is the logging in network that in described login daily record, occurrence number exceedes second value.A10, method as described in A1-9, the described step obtaining the safe class of user's follow-up login behavior according to distribution curve comprises: judge whether described follow-up login behavior is abnormal login by distribution curve, if so, then determine that described safe class is inferior grade.By distribution curve, A11, method as described in A10, describedly judge that whether follow-up login behavior is that the step of abnormal login comprises: judge whether the login time of described follow-up login behavior meets described login time distribution curve; Judge whether the login place of described follow-up login behavior meets described login place distribution curve; And judge whether the logging in network of described follow-up login behavior meets described logging in network distribution curve; If described follow-up login behavior does not meet above-mentioned any one, then this login behavior is abnormal login.A12, method as described in A10, the described step judging whether the login time of follow-up login behavior meets login time distribution curve comprises: estimated time corresponding on login time described in comparison and described login time distribution curve, both acquisitions comparison value, if described comparison value meets the first scope, then the login time of this follow-up login behavior meets login time distribution curve, otherwise does not meet; Describedly judge whether the login place of follow-up login behavior meets the step logging in place distribution curve and comprise: described in comparison, log in estimation place corresponding on place and described login place distribution curve, both acquisitions comparison value, if described comparison value meets the second scope, then the login place of this follow-up login behavior meets login place distribution curve, otherwise does not meet; And the described step judging whether the logging in network of follow-up login behavior meets logging in network distribution curve comprises: estimation network corresponding on the logging in network of follow-up login behavior described in comparison and described logging in network distribution curve, both acquisitions comparison value, if described comparison value is 1, then the logging in network of this follow-up login behavior meets logging in network distribution curve, otherwise do not meet logging in network distribution curve, and make this comparison value be 0; Wherein said comparison value deducts the difference of the actual value in described login behavior and the estimated value on described distribution curve divided by described estimated value by 1, then takes absolute value and draw.A13, method as described in A12, described first scope, the second scope are [0,1].A14, method as described in A11-13, describedly judge the logging in network of follow-up login behavior comprises before whether meeting the step of logging in network distribution curve: whether the logging in network judging described follow-up login behavior is the trust network that user adds, if so, then determine that described safe class is Special High Grade; Whether the logging in network judging described follow-up login behavior is public network, if so, then determines that described safe class is inferior grade; If the two is all no, then judge whether the logging in network of described follow-up login behavior meets logging in network distribution curve.A15, method as described in A10-14, the described step obtaining the safe class of user's follow-up login behavior according to distribution curve also comprises: after judging that described follow-up login behavior is not abnormal login, the comparison value of described landing time, the login comparison value in place, the comparison value of logging in network are added after being multiplied by respective weight respectively, draw safety value; And the safe class of this follow-up login behavior is determined according to described safety value.A16, method as described in A15, wherein said landing time, the weight logging in place and logging in network are respectively 0.2,0.4 and 0.4.A17, method as described in A15 or 16, describedly determine that according to safety value the step of the safe class of this follow-up login behavior comprises: when described safety value meets high-grade scope, determine that described safe class is high-grade; When described safety value meets middle grade scope, determine that described safe class is middle grade; When described safety value meets inferior grade scope, determine that described safe class is inferior grade.A18, method as described in A17, describedly determine that according to safe class the step of the verification mode of this follow-up login behavior comprises: when the safe class of described follow-up login behavior is Special High Grade, do not verify; When the safe class of described follow-up login behavior is high-grade, determine gesture verification mode; When the safe class of described follow-up login behavior is middle grade, determine face verification mode or voice print verification mode; And when the safe class of described follow-up login behavior is inferior grade, determine gesture checking and face verification mode, or gesture is verified and vocal print verification mode.
B24, device as described in B21, described login place distribution curve is with whole day each time period for abscissa, and the login place of described each time period is the normal distribution curve of ordinate.B25, device as described in B24, the ordinate of described login place distribution curve comprises at least one and conventionally logs in place and other log in place, described conventional login place be in described login daily record occurrence number more than the login place of the first numerical value.B26, device as described in B22, described logging in network distribution curve is with whole day each time period for abscissa, and the logging in network of described each time period is the normal distribution curve of ordinate.B27, device as described in B26, the ordinate of described logging in network distribution curve comprises at least one conventional logging in network and other logging in network, and described conventional logging in network is the logging in network that in described login daily record, occurrence number exceedes second value.B28, device according to any one of B19-27, described safety analysis module is suitable for judging whether follow-up login behavior is abnormal login by distribution curve, if so, then determines that described safe class is inferior grade.B29, device as described in B28, described safety analysis module is suitable for judging whether the login time of described follow-up login behavior meets described login time distribution curve; Judge whether the login place of described follow-up login behavior meets described login place distribution curve; And judge whether the logging in network of described follow-up login behavior meets described logging in network distribution curve; If described follow-up login behavior does not meet above-mentioned any one, then this login behavior is abnormal login.B30, device as described in B28, described safety analysis module is suitable for estimated time corresponding on login time described in comparison and described login time distribution curve, both acquisitions comparison value, if described comparison value meets the first scope, then the login time of this follow-up login behavior meets login time distribution curve, otherwise does not meet; Also be suitable for logging in described in comparison estimation place corresponding on place and described login place distribution curve, both acquisitions comparison value, if described comparison value meets the second scope, then the login place of this follow-up login behavior meets login place distribution curve, otherwise does not meet; And be also suitable for estimation network corresponding on the logging in network of follow-up login behavior described in comparison and described logging in network distribution curve, both acquisitions comparison value, if described comparison value is 1, then the logging in network of this follow-up login behavior meets logging in network distribution curve, otherwise do not meet logging in network distribution curve, and make this comparison value be 0; Wherein said comparison value deducts the difference of the actual value in described login behavior and the estimated value on described distribution curve divided by described estimated value by 1, then takes absolute value and draw.B31, device as described in B30, described first scope, the second scope are [0,1].B32, device according to any one of B29-31, described safety analysis module is also suitable for judging whether the logging in network of described follow-up login behavior is the trust network that user adds, and if so, then determines that described safe class is Special High Grade; Whether the logging in network judging described follow-up login behavior is public network, if so, then determines that described safe class is inferior grade; If the two is all no, then described safety analysis module judges whether the logging in network of described follow-up login behavior meets logging in network distribution curve.B33, device according to any one of B28-32, after described safety analysis module is also suitable for judging that described follow-up login behavior is not abnormal login, the comparison value of described landing time, the login comparison value in place, the comparison value of logging in network are added after being multiplied by respective weight respectively, draw safety value; And the safe class of this follow-up login behavior is determined according to described safety value.B34, device as described in B33, wherein said landing time, the weight logging in place and logging in network are respectively 0.2,0.4 and 0.4.B35, device as described in B33 or 34, described safety analysis module is also suitable for when described safety value meets high-grade scope, determines that described safe class is high-grade; When described safety value meets middle grade scope, determine that described safe class is middle grade; And when described safety value meets inferior grade scope, determine that described safe class is inferior grade.B36, device as described in B35, described safety analysis module is also suitable for, when the safe class of described follow-up login behavior is Special High Grade, not verifying; When the safe class of described follow-up login behavior is high-grade, determine gesture verification mode; When the safe class of described follow-up login behavior is middle grade, determine face verification mode or voice print verification mode; And when the safe class of described follow-up login behavior is inferior grade, determine gesture checking and face verification mode, or gesture is verified and vocal print verification mode.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary compound mode.
In addition, some in described embodiment are described as at this can by the processor of computer system or the method implemented by other device performing described function or the combination of method element.Therefore, there is the device of processor formation for implementing the method or method element of the necessary instruction for implementing described method or method element.In addition, the element described herein of device embodiment is the example as lower device: this device is for implementing the function performed by the element of the object in order to implement this invention.
As used in this, unless specifically stated so, use ordinal number " first ", " second ", " the 3rd " etc. to describe plain objects and only represent the different instances relating to similar object, and be not intended to imply the object be described like this must have the time upper, spatially, sequence aspect or in any other manner to definite sequence.
Although the embodiment according to limited quantity describes the present invention, benefit from description above, those skilled in the art understand, in the scope of the present invention described thus, it is contemplated that other embodiment.In addition, it should be noted that the language used in this specification is mainly in order to object that is readable and instruction is selected, instead of select to explain or limiting theme of the present invention.Therefore, when not departing from the scope and spirit of appended claims, many modifications and changes are all apparent for those skilled in the art.For scope of the present invention, be illustrative to disclosing of doing of the present invention, and nonrestrictive, and scope of the present invention is defined by the appended claims.

Claims (10)

1., based on the verification method logging in log analysis, the method comprises:
Obtain user login daily record within a predetermined period of time, described login daily record comprises and logs in behavior at least one times;
According to described login daily record, add up user in described predetermined amount of time and distribute in the login behavior of whole day each time period, and obtain distribution curve;
The safe class of the follow-up login behavior of user is obtained according to described distribution curve; And
The verification mode of this follow-up login behavior is determined according to described safe class.
2. the method for claim 1, described login behavior comprises the login time that this time logs in behavior, and the step that in described statistics predetermined amount of time, user distributes in the login behavior of whole day each time period comprises:
In statistics predetermined amount of time, user distributes at the login times of whole day each time period; And
The step obtaining distribution curve comprises:
Obtain login time distribution curve.
3. method as claimed in claim 1 or 2, described login behavior also comprises the login place that this time logs in behavior, and the step that in described statistics predetermined amount of time, user distributes in the login behavior of whole day each time period also comprises:
In statistics predetermined amount of time, user distributes in the login place of whole day each time period; And
The step of described acquisition distribution curve also comprises:
Obtain and log in place distribution curve.
4. the method as described in claim 1-3, described login behavior comprises the logging in network that this time logs in behavior, and the step that in described statistics predetermined amount of time, user distributes in the login behavior of whole day each time period comprises:
In statistics predetermined amount of time, user distributes at the logging in network of whole day each time period; And
The step of described acquisition distribution curve also comprises:
Obtain logging in network distribution curve.
5. method as claimed in claim 2, described login time distribution curve is with whole day each time period for abscissa, and the login times of described each time period is the normal distribution curve of ordinate.
6., based on the demo plant logging in log analysis, comprising:
Log acquisition module, is suitable for obtaining user login daily record within a predetermined period of time, and described login daily record comprises and logs in behavior at least one times;
Curve fitting module, is suitable for according to described login daily record, adds up user in described predetermined amount of time and distributes in the login behavior of whole day each time period, and obtain distribution curve;
Safety analysis module, is suitable for the safe class obtaining the follow-up login behavior of user according to described distribution curve; Also be suitable for the verification mode determining this follow-up login behavior according to described safe class.
7. device as claimed in claim 6, described login behavior comprises the login time that this time logs in behavior, and described curve fitting module is suitable for user in statistics predetermined amount of time and distributes at the login times of whole day each time period, is suitable for obtaining login time distribution curve.
8. device as claimed in claims 6 or 7, described login behavior also comprises the login place that this time logs in behavior, described curve fitting module is suitable for user in statistics predetermined amount of time and, in the distribution of the login place of whole day each time period, is suitable for obtaining login place distribution curve.
9. device as claimed in claim 7 or 8, described login behavior comprises the logging in network that this time logs in behavior, described curve fitting module is suitable for user in statistics predetermined amount of time and distributes at the logging in network of whole day each time period, is suitable for obtaining logging in network distribution curve.
10. device as claimed in claim 7, described login time distribution curve is with whole day each time period for abscissa, and the login times of described each time period is the normal distribution curve of ordinate.
CN201510900838.0A 2015-12-09 2015-12-09 A kind of verification method and device based on login log analysis Active CN105516138B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510900838.0A CN105516138B (en) 2015-12-09 2015-12-09 A kind of verification method and device based on login log analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510900838.0A CN105516138B (en) 2015-12-09 2015-12-09 A kind of verification method and device based on login log analysis

Publications (2)

Publication Number Publication Date
CN105516138A true CN105516138A (en) 2016-04-20
CN105516138B CN105516138B (en) 2019-02-15

Family

ID=55723775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510900838.0A Active CN105516138B (en) 2015-12-09 2015-12-09 A kind of verification method and device based on login log analysis

Country Status (1)

Country Link
CN (1) CN105516138B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209862A (en) * 2016-07-14 2016-12-07 微梦创科网络科技(中国)有限公司 A kind of steal-number defence implementation method and device
CN106251214A (en) * 2016-08-02 2016-12-21 东软集团股份有限公司 account monitoring method and device
CN106790072A (en) * 2016-12-21 2017-05-31 微梦创科网络科技(中国)有限公司 The recognition methods of malice entry address and device
CN107612882A (en) * 2017-08-03 2018-01-19 北京奇安信科技有限公司 A kind of user behavior recognition method and device based on middle daily record
CN107665301A (en) * 2016-07-28 2018-02-06 腾讯科技(深圳)有限公司 Verification method and device
CN107689936A (en) * 2016-08-03 2018-02-13 阿里巴巴集团控股有限公司 Security verification system, the method and device of logon account
CN108173864A (en) * 2017-12-29 2018-06-15 咪咕文化科技有限公司 A kind of Information Authentication mode method of adjustment and device and storage medium
CN108306861A (en) * 2017-12-29 2018-07-20 亿阳安全技术有限公司 It is a kind of to generate the method and device for logging in peak period time reference
CN110138791A (en) * 2019-05-20 2019-08-16 四川长虹电器股份有限公司 Web service account takeover method of real-time and system based on Flink
CN110232270A (en) * 2018-03-06 2019-09-13 中国移动通信集团有限公司 A kind of method of safety certification, unit and storage medium
CN110688633A (en) * 2019-09-10 2020-01-14 阿里巴巴集团控股有限公司 Login mode pushing method and device, storage medium and equipment
CN110889094A (en) * 2019-11-18 2020-03-17 中国银行股份有限公司 Login authentication method and device
CN112910905A (en) * 2021-02-07 2021-06-04 中国工商银行股份有限公司 Security verification method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572629A (en) * 2009-05-31 2009-11-04 腾讯科技(深圳)有限公司 Method and device for processing IP data
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN102347929A (en) * 2010-07-28 2012-02-08 阿里巴巴集团控股有限公司 Verification method of user identity and apparatus thereof
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN103581108A (en) * 2012-07-19 2014-02-12 阿里巴巴集团控股有限公司 Login authentication method, login authentication client, login authentication server and login authentication system
CN104144419A (en) * 2014-01-24 2014-11-12 腾讯科技(深圳)有限公司 Identity authentication method, device and system
CN104767723A (en) * 2014-01-08 2015-07-08 中国移动通信集团河北有限公司 Authentication method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572629A (en) * 2009-05-31 2009-11-04 腾讯科技(深圳)有限公司 Method and device for processing IP data
CN102347929A (en) * 2010-07-28 2012-02-08 阿里巴巴集团控股有限公司 Verification method of user identity and apparatus thereof
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN103581108A (en) * 2012-07-19 2014-02-12 阿里巴巴集团控股有限公司 Login authentication method, login authentication client, login authentication server and login authentication system
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN104767723A (en) * 2014-01-08 2015-07-08 中国移动通信集团河北有限公司 Authentication method and device
CN104144419A (en) * 2014-01-24 2014-11-12 腾讯科技(深圳)有限公司 Identity authentication method, device and system

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209862A (en) * 2016-07-14 2016-12-07 微梦创科网络科技(中国)有限公司 A kind of steal-number defence implementation method and device
CN106209862B (en) * 2016-07-14 2019-08-06 微梦创科网络科技(中国)有限公司 A kind of steal-number defence implementation method and device
CN107665301A (en) * 2016-07-28 2018-02-06 腾讯科技(深圳)有限公司 Verification method and device
CN107665301B (en) * 2016-07-28 2021-03-19 腾讯科技(深圳)有限公司 Verification method and device
CN106251214A (en) * 2016-08-02 2016-12-21 东软集团股份有限公司 account monitoring method and device
CN107689936A (en) * 2016-08-03 2018-02-13 阿里巴巴集团控股有限公司 Security verification system, the method and device of logon account
CN106790072A (en) * 2016-12-21 2017-05-31 微梦创科网络科技(中国)有限公司 The recognition methods of malice entry address and device
CN107612882B (en) * 2017-08-03 2020-09-29 奇安信科技集团股份有限公司 User behavior identification method and device based on intermediate log
CN107612882A (en) * 2017-08-03 2018-01-19 北京奇安信科技有限公司 A kind of user behavior recognition method and device based on middle daily record
CN108306861A (en) * 2017-12-29 2018-07-20 亿阳安全技术有限公司 It is a kind of to generate the method and device for logging in peak period time reference
CN108173864B (en) * 2017-12-29 2020-12-15 咪咕文化科技有限公司 Information verification mode adjusting method and device and storage medium
CN108173864A (en) * 2017-12-29 2018-06-15 咪咕文化科技有限公司 A kind of Information Authentication mode method of adjustment and device and storage medium
CN108306861B (en) * 2017-12-29 2022-06-07 亿阳安全技术有限公司 Method and device for generating login peak time reference
CN110232270A (en) * 2018-03-06 2019-09-13 中国移动通信集团有限公司 A kind of method of safety certification, unit and storage medium
CN110232270B (en) * 2018-03-06 2022-06-10 中移动信息技术有限公司 Security authentication method, equipment, device and storage medium
CN110138791A (en) * 2019-05-20 2019-08-16 四川长虹电器股份有限公司 Web service account takeover method of real-time and system based on Flink
CN110688633A (en) * 2019-09-10 2020-01-14 阿里巴巴集团控股有限公司 Login mode pushing method and device, storage medium and equipment
CN110889094A (en) * 2019-11-18 2020-03-17 中国银行股份有限公司 Login authentication method and device
CN112910905A (en) * 2021-02-07 2021-06-04 中国工商银行股份有限公司 Security verification method and device

Also Published As

Publication number Publication date
CN105516138B (en) 2019-02-15

Similar Documents

Publication Publication Date Title
CN105516138A (en) Verification method and device based on login log analysis
Menasce et al. Performance by design: computer capacity planning by example
CN110826071B (en) Software vulnerability risk prediction method, device, equipment and storage medium
US9813423B2 (en) Trust-based computing resource authorization in a networked computing environment
CN107688485B (en) Method and system for policy-based access to virtualized applications
Kim A quality model for evaluating IoT applications
CN106487603B (en) Response testing method and device
CN109753808B (en) Privacy leakage risk assessment method and device
CN110784446A (en) User permission-based cloud resource acquisition method and device and computer equipment
US10148738B2 (en) System and method for equitable processing of asynchronous messages in a multi-tenant platform
CN107944000B (en) Flight freight rate updating method and device, electronic equipment and storage medium
CN109543891B (en) Method and apparatus for establishing capacity prediction model, and computer-readable storage medium
CN108804399B (en) Form verification method and device
US9928099B1 (en) Fingerprint-based capacity management of physical hosts
US10862984B2 (en) Methods and apparatus to monitor usage of virtual computing environments
US11138645B2 (en) Virtualized services discovery and recommendation engine
CN108494841B (en) Management and control method and device based on use condition of terminal equipment
WO2021262294A1 (en) Modify assigned privilege levels and limit access to resources
CN111241107A (en) Service processing method, device, medium and electronic equipment
CN102281260B (en) Generating method and server of monitoring rule
CN107645510A (en) A kind of computational methods and computing device of regional safety prevention ability
US9942116B2 (en) Interconnecting electronic devices for reporting device status
CN103051623A (en) Method for limiting calling of open platform
US11030024B2 (en) Assigning a severity level to a computing service using tenant telemetry data
EP4025994A1 (en) Enhanced virtual machine image management system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20170523

Address after: 510660, room 2, 388 central street, Huangcun village, Guangzhou, Guangdong, Tianhe District

Applicant after: Guangzhou cipher technology Co., Ltd.

Address before: 100000 Beijing city Chaoyang District South Mill Road No. 37 room 1701-1703 (Downtown North boring centralized Office District No. 177427)

Applicant before: SECKEN, INC.

GR01 Patent grant
GR01 Patent grant