CN105550175B - The recognition methods of malice account and device - Google Patents
The recognition methods of malice account and device Download PDFInfo
- Publication number
- CN105550175B CN105550175B CN201410588349.1A CN201410588349A CN105550175B CN 105550175 B CN105550175 B CN 105550175B CN 201410588349 A CN201410588349 A CN 201410588349A CN 105550175 B CN105550175 B CN 105550175B
- Authority
- CN
- China
- Prior art keywords
- account
- fuzzy
- identified
- information
- character
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The application provides a kind of malice account recognition methods and device.Method includes: to obtain account to be identified;Information is indicated according to Fuzzy Processing, Fuzzy processing is carried out to the account to be identified, to obtain the fuzzy account for retaining partial information in the account to be identified;Wherein, the Fuzzy Processing instruction information is to find the account in the account to be identified with same or similar information;The identification of malice account is carried out to the fuzzy account, with the malice account in the determination account to be identified.The precision of identification malice account can be improved in the application, reduces False Rate.
Description
[technical field]
This application involves Internet technical field more particularly to a kind of malice account recognition methods and devices.
[background technique]
With the development of internet technology, various application systems are more and more, such as e-commerce system.User is as answering
With the user of system, login account, such as E-mail address (email) are generally required, account can be used as the virtual body of user
Part identification information, user can log in application system by account, and the resource to use application system to provide or development correlation are lived
It moves.
In practical applications, some malicious users meeting high-volume login accounts, in order to steal provided by application system
Resource.By taking e-commerce system as an example, the logging on e-mail boxes e-commerce system that malicious user can be registered by high-volume,
To repeatedly get the red packet of e-commerce system offer.For application system, need to identify malice account.
A large amount of accounts that the registration of a kind of pair of same period exists in the prior art cluster, and identify malice account according to cluster result
Method.For clustering algorithm, need to set some parameters, such as the quantity of classification, distance radius etc., for account this
For one special object, due to too many uncontrollability, such as can not predict how many user's registration account the same period understands, also without
Method precognition understands that how many different types of account generates, therefore parameter needed for can not setting well clustering algorithm.Therefore, existing
There is this method to be easy to happen erroneous judgement, identifies that the precision of malice account is not high.
[summary of the invention]
The many aspects of the application provide a kind of malice account recognition methods and device, to improve identification malice account
Precision reduces False Rate.
The one side of the application provides a kind of malice account recognition methods, comprising:
Obtain account to be identified;
Indicate information according to Fuzzy Processing, Fuzzy processing carried out to the account to be identified, with obtain retain it is described to
Identify the fuzzy account of partial information in account;Wherein, the Fuzzy Processing instruction information is to find the account to be identified
In with same or similar information account;
The identification of malice account is carried out to the fuzzy account, with the malice account in the determination account to be identified.
The another aspect of the application provides a kind of malice account identification device, comprising:
Module is obtained, for obtaining account to be identified;
Fuzzy processing module carries out at blurring the account to be identified for indicating information according to Fuzzy Processing
Reason, to obtain the fuzzy account for retaining partial information in the account to be identified;Wherein, Fuzzy Processing instruction information to
It was found that with the account of same or similar information in the account to be identified;
Identification module, for carrying out the identification of malice account to the fuzzy account, in the determination account to be identified
Malice account.
In this application, account to be identified is obtained, information is indicated according to Fuzzy Processing, account to be identified is blurred
Processing obtains the fuzzy account for remaining partial information in account to be identified, wherein the effect of Fuzzy Processing instruction information is hair
With the account of same or similar information in existing account to be identified, thus can be found that with identical by comparing fuzzy account or
The account to be identified of analog information, these accounts generally fall into malice account, are based further on fuzzy account and carry out malice account
Identification can more accurately find the malice account in account to be identified, reduce False Rate.
[Detailed description of the invention]
It in order to more clearly explain the technical solutions in the embodiments of the present application, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is some realities of the application
Example is applied, it for those of ordinary skill in the art, without any creative labor, can also be attached according to these
Figure obtains other attached drawings.
Fig. 1 is the flow diagram for the malice account recognition methods that one embodiment of the application provides;
Fig. 2 is the flow diagram for the malice account recognition methods that another embodiment of the application provides;
Fig. 3 is the structural schematic diagram for the malice account identification device that one embodiment of the application provides.
[specific embodiment]
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is
Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall in the protection scope of this application.
Fig. 1 is the flow diagram for the malice account recognition methods that one embodiment of the application provides.As shown in Figure 1, the party
Method includes:
101, account to be identified is obtained.
102, information is indicated according to Fuzzy Processing, Fuzzy processing is carried out to account to be identified, it is to be identified to obtain reservation
The fuzzy account of partial information in account, the Fuzzy Processing indicate that information is same or similar to find to have in account to be identified
The account of information.
103, the identification of malice account is carried out to above-mentioned fuzzy account, with the malice account in determination account to be identified.
The present embodiment provides a kind of malice account recognition methods, can be executed by malice account identification device.Malice account
Identification device can be any required equipment for carrying out the identification of malice account, such as can be application service end or applications client
Deng.
When carrying out the identification of malice account, malice account identification device obtains account to be identified first.Account to be identified can
It can also include new registration account to include the registered account for being not yet identified as legal account.For example, malice account identifies
Device can at the appointed time, obtain at least one account of new registration in specified time interval as account to be identified.More
Specifically, at least one account that malice account identification device can periodically obtain the new registration within this period is used as wait know
Other account.The period can be one day, two days, one week or the longer time.
It is worth noting that the account in the present embodiment can be the various accounts for login, such as can be but not
It is limited to E-mail address.Account in the present embodiment generally has prefix and suffix two parts.For E-mail address, E-mail address
Prefix be@before part, suffix of the rest part as E-mail address.
In view of malice account generally has some apparent rules, such as name on account has apparent regularity, for example,
There are fixed prefix and duplicate suffix;Increase certainly using number or letter as sequence;Including the fixation with symbolical meanings
Character, etc..By taking E-mail address as an example, malicious user is possible to register following some E-mail addresses, luha001@in registration
163.com, luha002@163.com ..., luha007@163.com etc..It can be seen that malice account generally has phase
Same or similar information, is similar in comparison.Therefore, it can use feature similar between malice account to identify malice account
Family.
In order to find the account in account to be identified with same or similar information, mould can be configured for the purpose in advance
Paste processing instruction information, that is to say, that indicate that information is can be found that in account to be identified with same or similar by Fuzzy Processing
The account of information.Fuzzy Processing instruction information mainly includes some for limiting Fuzzy processing position, Fuzzy processing object
And how the information of fuzzification operation etc..
Malice account identification device indicates information according to Fuzzy Processing, Fuzzy processing is carried out to account to be identified, to obtain
The fuzzy account of partial information in account to be identified must be remained.In simple terms, fuzzy account remains in account to be identified
Partial information, another part information in account to be identified are blurred.The so-called fuzzy actually abstract meaning, i.e., will tool
The account to be identified of body is abstracted into fuzzy account.
For example, Fuzzy Processing indicates information by taking account luha3902@163.com and luha244@163.com as an example
It can indicate to obscure the number in account, and retain the digital number that is blurred, then it can be with after Fuzzy processing
Fuzzy account luha^^^^@163.com and luha^^^@163.com is obtained, wherein " ^ " represents the number being blurred, " ^'s "
Number indicates the digital number being blurred.The suffix of the two fuzzy accounts is identical, remaining character in prefix
Be it is identical, difference is that the digital number that obscures is different.This means that the two fuzzy corresponding accounts to be identified of account
All characters " luha " having the same and identical suffix "@163.com ", belong to similar account.
Again for example, by taking account luha3902@163.com and luha3903@163.com as an example, Fuzzy Processing instruction
Information can indicate to obscure the number in account, and retain the digital number being blurred, then after Fuzzy processing
Available fuzzy account luha^^^^@163.com and luha^^^^@163.com, wherein " ^ " represents the number being blurred,
The number of " ^ " indicates the digital number being blurred.The suffix of the two fuzzy accounts is identical, remaining word in prefix
It is also identical for according with, and the digital number being blurred is also identical, i.e., the two fuzzy accounts are identical.This means that this
The corresponding account all characters having the same " luha " to be identified of two fuzzy accounts, identical suffix and same number
Number belongs to close account.
From the above, it is seen that by carrying out Fuzzy processing to account to be identified, it will be possible different in account to be identified
Information to being obscured, to generate fuzzy account.Fuzzy account is more simple, and remains identical in account to be identified or phase
As information, therefore by obscure account can directly find in account to be identified with same or similar information account, no
It is easy to appear erroneous judgement.Therefore, malice account identification device can carry out the identification of malice account to fuzzy account, to be identified with determination
Malice account in account.
In an optional embodiment, malice account identification device can directly compare fuzzy account, find identical
Fuzzy account, the corresponding account to be identified of identical fuzzy account is determined as malice account.Alternatively, malice account is known
Other device can also directly compare fuzzy account, and discovery similarity degree meets the fuzzy account of default index of similarity, by these
Similarity degree meets the corresponding account to be identified of fuzzy account of index of similarity as malice account.Index of similarity can root
It is arranged according to different application scene adaptability, such as index of similarity can be that all characters are identical, suffix is identical and are blurred
The digital number fallen is identical;Or index of similarity is also possible to that all characters are identical, suffix is identical and the number that is blurred
Word number differs one, etc..
In an optional embodiment, malice account identification device can be grouped fuzzy account, by identical or
Similar fuzzy account is divided into one group;According to evaluation and test parameter, the fuzzy account in every group is evaluated and tested, obtain every group it is corresponding
Evaluation result;Later, determine that evaluation result meets account to be identified corresponding to the grouping of default malice condition as malice account
Family.
Wherein, evaluation result meets account to be identified corresponding to the grouping of default malice condition and refers to that evaluation result meets
The corresponding account to be identified of each fuzzy account in the grouping of default malice condition.
Optionally, index of similarity can be preset, judges whether two fuzzy accounts are similar according to index of similarity,
And then fuzzy account is divided into different groups.
Wherein, it is contemplated that malice account other than with same or similar information, registion time, number-of-registration,
More apparent feature can be all presented in information sharing etc..For example: the registion time with a batch malice account often compares
Compared with concentration, such as in interior registration on the same day.Registion time interval with a batch malice account has certain regularity, such as front and back
The registion time interval of two accounts is no more than 2 hours etc..The quantity of malice account is generally relatively more, such as may be at 100
More than.In addition, malicious user generally will use the identical information in part when registering malice account, such as malice account can be shared
Identical device internet protocol IP, MAC, UMID, TID, ID card No., telephone number and/or contact address etc..
Based on above-mentioned, evaluation and test parameter can include but is not limited to it is following at least one: when registration average time interval, registration
Between rule, the number of fuzzy account, the feature of grouping, the posterior probability of grouping, static shared range index, dynamic be altogether in grouping
It enjoys range index, static shared closeness index and dynamic and shares closeness index.
Wherein, registration average time interval refers to the equispaced of the registion time of the fuzzy account in same grouping.Mould
Paste the registion time of the namely fuzzy corresponding account to be identified of account of registion time of account.For each grouping, malice account
Family identification device can be ranked up the registion time of fuzzy account according to the registion time of the fuzzy account in the grouping, shape
At time series, the time interval of the registion time of former and later two fuzzy accounts is obtained, and then according to All Time obtained
The number of interval and time interval obtains registration average time interval.
If the corresponding registration average time interval of a grouping is shorter, illustrates that the fuzzy account in the grouping is concentrated and register
A possibility that it is larger, also mean that be malice account risk it is larger.
Wherein, registion time rule refers to the regularity having between the registion time for obscuring account in same grouping.It is right
In each grouping, malice account identification device can be according to the registion time of the fuzzy account in the grouping to the note of fuzzy account
The volume time is ranked up, and forms time series, and then according to the standard deviation of time series, obtains the rule that time series has.
If the corresponding registion time regularity of a grouping is very strong, illustrate the fuzzy account in the grouping by malicious registration
Possibility is larger, also means that a possibility that being malice account is larger.
Wherein, the number of fuzzy account refers to the number that account is obscured in same grouping in grouping.In practical applications, no
A possibility that same or similar with the account of user's registration, is smaller, and occurs a possibility that a large amount of same or similar account simultaneously
With regard to smaller, if therefore fuzzy account in grouping it is more, a possibility that explanation is malice account, is larger.
Wherein, the feature of grouping, which refers to, obscures the common trait that account has in same grouping, that is, the grouping has
Feature, such as all characters of the fuzzy account in the grouping are all identical, such as are all luha, and/or, in the grouping
Fuzzy account contain identical number of characters.Wherein, the feature of grouping is more, it is meant that the phase that the fuzzy account in grouping has
It is also more with feature, illustrate that the similarity of the fuzzy account in the grouping is higher, and then be meant to be the possibility of malice account
Property is larger.
Wherein, the posterior probability of grouping, which refers to, occurs belonging to the same period with the malice account having determined before in same grouping
The probability of the fuzzy account of login account.Since legitimate user and the probability of malicious user same period login account are lower, that is,
Say in practical application while there is legitimate user registrations legal account, occur the probability of malicious user registration malice account compared with
It is low, if therefore occur belonging to the fuzzy account of same period login account with the malice account that has determined in grouping, illustrate in the group
These same or similar fuzzy accounts a possibility that being malice account it is very high.
Wherein, there is the case where sharing static information between fuzzy account for characterizing in grouping in static shared range index
Number.Here static information is primarily referred to as some information for being not susceptible to variation used when user's registration account, such as
It can be the facility information used when registration, such as IP, MAC, UMID and/or TID of equipment;It can also be user when registration
Information, such as ID card No., telephone number, name and/or the contact address of user etc.;It can also be registration channel information,
Such as the information such as registration source, registration business source and/or registration source web.
As long as two fuzzy accounts have used any one or more identical static informations, then it is assumed that the two fuzzy accounts
Static information is shared between family.For each grouping, each fuzzy account in the available grouping of malice account identification device
The static information used, the static information used by comparing each fuzzy account, it can be found that whether being shared between fuzzy account
Static information.
Since the account of different user registration is lower using the probability of identical static information, if occurring in same grouping
The case where static information is shared between fuzzy is more, illustrate the fuzzy account in the group belong to malice account probability it is higher.
Wherein, dynamic shares range index for there is the case where shared multidate information between fuzzy account in characterization grouping
Number.Here multidate information refer to account in relation to and the information that can vary over, such as can be registration
The update of the facility information used when account, such as IP, MAC, UMID and/or TID of more new equipment;It can also be that user uses
The behavioural information of account, for example, generation log-in events, transaction events, event, Modify password are checked by CTU and/or modify it
The events such as his registration information;It can also be the Transaction Information that transaction generation is carried out using fuzzy account, such as transaction masters letter
Breath, transaction passive side's information, tradable commodity information (especially high-risk merchandise news), shipping address, masters of receiving information and/
Or passive side's information of receiving.
As long as two fuzzy accounts produce any one or more identical multidate informations because of its use, then it is assumed that this two
Multidate information is shared between a fuzzy account.It is each in the available grouping of malice account identification device for each grouping
The corresponding multidate information of account is obscured, by comparing the corresponding multidate information of each fuzzy account, it can be found that between fuzzy account
Whether multidate information is shared.
Further, it can also limit and whether within a specified time share multidate information between two fuzzy accounts, such as
Identical multidate information is shared on the same day.
Since the probability that different user generates identical behavior using account is lower, if occurring obscuring it in same grouping
Between share multidate information the case where it is more, illustrate the fuzzy account in the group belong to malice account probability it is higher.
Wherein, static shared closeness index is used to characterize between the fuzzy account of the shared static information occurred in grouping
The number for the static information shared.Here static information is identical with the definition of static information before, repeats no more.
Wherein, the static information that the fuzzy account of shared static information is shared is more, illustrates that two fuzzy accounts get over phase
Closely, a possibility that belonging to malice account is also just larger.For example, if the first fuzzy account and the second fuzzy account shared device simultaneously
The information such as IP, user identity card number, contact address, but the first fuzzy account and third, which obscure account, only has shared device IP
This static information then means that the first fuzzy account is more close with the second fuzzy account.For each grouping, malice account
The fuzzy account of family identification device shared static information available first, and then count the static state that these fuzzy accounts are shared
The number of information.
Wherein, dynamic shares closeness index and is used to characterize between the fuzzy account of the shared multidate information occurred in grouping
The number for the multidate information shared.Here multidate information is identical with the definition of multidate information before, repeats no more.
Wherein, the multidate information that the fuzzy account of shared multidate information is shared is more, illustrates that two fuzzy accounts get over phase
Closely, a possibility that belonging to malice account is also just larger.For example, if the first fuzzy account is carrying out on the same day with the second fuzzy account
It logs in, have modified password and have purchased same high-risk commodity, but the first fuzzy account and third, which obscure account, only to exist
It is logged on the same day, then means that the first fuzzy account is more close with the second fuzzy account.For each grouping, dislike
The fuzzy account of meaning account identification device shared multidate information available first, and then count what these fuzzy accounts were shared
The number of multidate information.
It is worth noting that being based on above-mentioned evaluation and test parameter, the fuzzy account in every group is evaluated and tested, to obtain every group pair
The mode for the evaluation result answered can there are many.For example, malice account identification device can independently be joined using any of the above-described evaluation and test
Number, evaluates and tests the fuzzy account in every group, to obtain every group of corresponding evaluation result.In another example malice account identification dress
Multiple evaluation and test parameters can be used simultaneously by setting, and be each evaluation and test parametric distribution difference weight, used each evaluation and test parameter pair respectively
Fuzzy account in grouping is evaluated and tested, and the corresponding evaluation and test value of each evaluation and test parameter is obtained, further according to commenting for each evaluation and test parameter
The weight of measured value and each evaluation and test parameter carries out numerical value processing, obtains final evaluation result.
For example, malice account identification device can determine registration average time after by above-mentioned evaluation process
Being spaced the corresponding account to be identified of the regular stronger grouping of smaller and registion time is malice account.Alternatively, by upper commentary
After survey processing, malice account identification device can determine registration, and average time interval is smaller, registion time it is regular more by force with
And the more corresponding account to be identified of grouping of fuzzy account number is malice account in grouping.Alternatively, at by above-mentioned evaluation and test
After reason, malice account identification device can determine that registration average time interval is smaller, in the regular relatively strong, grouping of registion time
Fuzzy account number is more, static shared range index is higher and dynamic share higher etc. the grouping of range index it is corresponding to
Identification account is malice account.
In conclusion in the present embodiment, obtaining account to be identified, information is indicated according to Fuzzy Processing, to account to be identified
Family carries out Fuzzy processing, obtains the fuzzy account for remaining partial information in account to be identified, wherein Fuzzy Processing instruction letter
The effect of breath is the account with same or similar information in discovery account to be identified, therefore can send out by comparing fuzzy account
Now there is the account to be identified of same or similar information, these accounts generally fall into malice account, are based further on fuzzy account
The identification of malice account is carried out, can more accurately find the malice account in account to be identified, reduces False Rate.
Fig. 2 is the flow diagram for the malice account recognition methods that another embodiment of the application provides.As shown in Fig. 2, should
Method includes:
201, account to be identified is obtained.
202, the controlling fuzzy parameter for at least one fuzzy granularity for including according to Fuzzy Processing instruction information, to account to be identified
Family carries out Fuzzy processing, to obtain the fuzzy account for remaining partial information in account to be identified under every kind of fuzzy granularity.
203, according to business scenario, targeted particle size is determined from the fuzzy granularity of at least one.
204, from all fuzzy accounts, the fuzzy account under targeted particle size is selected.
205, the fuzzy account under targeted particle size is grouped, same or similar fuzzy account is divided into one group.
206, according to evaluation and test parameter, the fuzzy account in every group is evaluated and tested, to obtain every group of corresponding evaluation result.
207, determining that evaluation result meets account to be identified corresponding to the grouping of default malice condition is malice account.
In the present embodiment, Fuzzy Processing instruction information includes the controlling fuzzy parameter of at least one fuzzy granularity.Different
Fuzzy granularity means the information being blurred in account to be identified difference.For example, at least one fuzzy granularity is fuzzy
Changing parameter can include but is not limited to: the controlling fuzzy parameter of the first fuzzy granularity, the controlling fuzzy parameter of the second fuzzy granularity, third
Controlling fuzzy parameter, the controlling fuzzy parameter of the 4th fuzzy granularity and the controlling fuzzy parameter of the 5th fuzzy granularity of fuzzy granularity.
Wherein, the controlling fuzzy parameter of the first fuzzy granularity is used to indicate: being obscured all numbers in account prefix, and is protected
Stay the digital number being blurred.
The controlling fuzzy parameter of second fuzzy granularity is used to indicate: being obscured all numbers in account prefix, is ignored by mould
The digital number that paste falls, need to identify the part obscured is number.
The controlling fuzzy parameter that third obscures granularity is used to indicate: being obscured all numbers in account prefix, is ignored by mould
The digital number that paste falls, and obscure its in account prefix in nonnumeric character in addition to the nonnumeric character of specified location
His nonnumeric character, and retain the number for the nonnumeric character being blurred.
The controlling fuzzy parameter of 4th fuzzy granularity is used to indicate: being obscured all numbers in account prefix, is ignored by mould
The digital number that paste falls, obscures other in account prefix in nonnumeric character in addition to the nonnumeric character of specified location
Nonnumeric character, and ignore the number for the nonnumeric character being blurred.
The controlling fuzzy parameter of 5th fuzzy granularity is used to indicate: obscuring all character combinations in account prefix, the word
Symbol combination refers to the combination of any other character in addition to the separating character for playing segmentation, and ignores the character being blurred
Character number in combination.
After obtaining account to be identified, it can be directed to every kind of fuzzy granularity, Fuzzy processing is carried out to account to be identified respectively,
The fuzzy account under every kind of fuzzy granularity can thus be obtained.Granularity not phase is obscured as required for different business scene
Together, it is possible to according to business scenario, determine required targeted particle size from all fuzzy granularities, and then from all fuzzy accounts
Fuzzy account under middle selection target granularity.It is worth noting that targeted particle size can be one or more fuzzy granularities.
Later, the identification of malice account is carried out for the fuzzy account under each targeted particle size.The identification process can be found in
The description of embodiment is stated, details are not described herein.The description as described in evaluation and test parameter also may refer to above-described embodiment, no longer superfluous herein
It states.
By taking account luha3902@163.com and luh244@163.com as an example, joined according to the blurring of the first fuzzy granularity
Number obtains fuzzy account after carrying out Fuzzy processing are as follows: luha^^^^@163.com and luh^^^@163.com;According to the second mould
The controlling fuzzy parameter of paste granularity obtains fuzzy account after carrying out Fuzzy processing are as follows: luha^@163.com and luh^@163.com;
Fuzzy account is obtained after the controlling fuzzy parameter that third obscures granularity carries out Fuzzy processing are as follows: lucc^@163.com and luc
^@163.com, wherein the nonnumeric character of specified location refers to 2 nonnumeric characters of beginning;By the 4th fuzzy granularity
Controlling fuzzy parameter obtains fuzzy account after carrying out Fuzzy processing are as follows: luc^@163.com and luc^@163.com;By the 5th
The controlling fuzzy parameter of fuzzy granularity obtains fuzzy account after carrying out Fuzzy processing are as follows: x@163.com and x@163.com.Wherein,
" ^ ", " c " and " x " in above-mentioned fuzzy account belong to after Fuzzy processing for substituting the identifier of former character.
For example, can choose the first fuzzy granularity is targeted particle size, then the mesh for the business scenario for registering E-mail address
Mark granularity under fuzzy account be luha^^^^@163.com and luh^^^@163.com, further to the two obscure account into
The identification of row malice account.It is grouped specifically, malice account identification device can obscure account to the two, it is assumed that the two
Fuzzy account is divided into one group, carries out evaluation process to the fuzzy account in the group using evaluation and test parameter later, obtains evaluation result.
For example, being evaluation and test parameter with registion time equispaced and static shared range index, then it is fuzzy that the two can be obtained first
The registion time interval of account obscures the grouping of account place to the two according to the registion time interval and makes a call to a score value;Further
Judge whether share static information between the two fuzzy accounts, is that the two obscure the grouping of accounts place again according to judging result
A score value is made a call to, according to the two score values, obtains the final score of the grouping, i.e. evaluation result.Later, malice account identification device
The final score of the grouping is compared with the score value thresholding in preset malice condition, if more than the thresholding, determines this point
The corresponding account to be identified of group, i.e. account luha3902@163.com and luh244@163.com belong to malice account;Otherwise, no
Belong to malice account.
In the present embodiment, Fuzzy Processing is carried out to account to be identified using different fuzzy granularities, obtained different fuzzy
Fuzzy account under granularity;These are obscured account and are grouped by the fuzzy account that required granularity is selected further according to business scenario,
Later using evaluation and test parameter, evaluated and tested for each grouping, and malice account is finally determined according to evaluation result, it can be more
It accurately finds the malice account in account to be identified, reduces False Rate.
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of
Combination of actions, but those skilled in the art should understand that, the application is not limited by the described action sequence because
According to the application, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know
It knows, the embodiments described in the specification are all preferred embodiments, related actions and modules not necessarily the application
It is necessary.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment
Point, reference can be made to the related descriptions of other embodiments.
Fig. 3 is the structural schematic diagram for the malice account identification device that one embodiment of the application provides.As shown in figure 3, the dress
Set includes: to obtain module 31, Fuzzy processing module 32 and identification module 33.
Module 31 is obtained, for obtaining account to be identified.
Fuzzy processing module 32 is connect with module 31 is obtained, for indicating information according to Fuzzy Processing, to acquisition module
31 accounts to be identified obtained carry out Fuzzy processing, to obtain the fuzzy account for retaining partial information in account to be identified;Its
In, Fuzzy Processing indicates information to find the account in account to be identified with same or similar information.
Identification module 33 is connect with Fuzzy processing module 32, the fuzzy account for obtaining to Fuzzy processing module 32
Family carries out the identification of malice account, with the malice account in determination account to be identified.
In an optional embodiment, identification module 33 is particularly used in: fuzzy account is grouped, by identical or
Similar fuzzy account is divided into one group;According to evaluation and test parameter, the fuzzy account in every group is evaluated and tested, to obtain every group of correspondence
Evaluation result;Determining that evaluation result meets account to be identified corresponding to the grouping of default malice condition is malice account.
In an optional embodiment, Fuzzy Processing instruction information includes the controlling fuzzy parameter of at least one fuzzy granularity.
Based on this, Fuzzy processing module 32 is particularly used in: according to the blurring of every kind of fuzzy granularity at least one fuzzy granularity
Parameter carries out Fuzzy processing to account to be identified respectively, retains part in account to be identified under every kind of fuzzy granularity to obtain
The fuzzy account of information.
Optionally, the account to be identified of the present embodiment may include: account prefix and account suffix.
Then the controlling fuzzy parameter of at least one fuzzy granularity includes:
The controlling fuzzy parameter of first fuzzy granularity is used to indicate: being obscured all numbers in account prefix, and is retained quilt
The digital number obscured;
The controlling fuzzy parameter of second fuzzy granularity is used to indicate: being obscured all numbers in account prefix, is ignored by mould
The digital number that paste falls, need to identify the part obscured is number;
The controlling fuzzy parameter that third obscures granularity is used to indicate: being obscured all numbers in account prefix, is ignored by mould
The digital number that paste falls, and obscure its in account prefix in nonnumeric character in addition to the nonnumeric character of specified location
His nonnumeric character, and retain the number for the nonnumeric character being blurred;
The controlling fuzzy parameter of 4th fuzzy granularity is used to indicate: being obscured all numbers in account prefix, is ignored by mould
The digital number that paste falls, obscures other in account prefix in nonnumeric character in addition to the nonnumeric character of specified location
Nonnumeric character, and ignore the number for the nonnumeric character being blurred;With
The controlling fuzzy parameter of 5th fuzzy granularity is used to indicate: obscuring all character combinations in account prefix, character group
The combination for referring to any other character in addition to the separating character for playing segmentation is closed, and ignores the character combination being blurred
In character number.
Based on the controlling fuzzy parameter of above-mentioned at least one fuzzy granularity, then identification module 33 is for dividing fuzzy account
The same or similar fuzzy account is divided into one group, specifically may is that by group
According to business scenario, targeted particle size is determined from the fuzzy granularity of at least one;
From all fuzzy accounts, the fuzzy account under targeted particle size is selected;
Fuzzy account under targeted particle size is grouped, the same or similar fuzzy account is divided into one group.
Optionally, above-mentioned evaluation and test parameter may include it is following at least one: registration average time interval, registion time rule
The number of fuzzy account, the feature of grouping, the posterior probability of grouping, static shared range index, dynamic are shared wide in rule, grouping
It spends index, static shared closeness index and dynamic and shares closeness index.
Wherein, there is the case where sharing static information between fuzzy account for characterizing in grouping in static shared range index
Number;
Dynamic, which shares range index and is used to characterize, there are the more of the case where sharing multidate information between fuzzy account in grouping
It is few;
The shared closeness index of static state is used to characterize to be total between the fuzzy account of the shared static information occurred in grouping
The number for the static information enjoyed;
Dynamic is shared to be total between fuzzy account of the closeness index for characterizing the shared multidate information occurred in grouping
The number for the multidate information enjoyed.
Malice account identification device provided in this embodiment, obtains account to be identified, indicates information according to Fuzzy Processing, right
Account to be identified carries out Fuzzy processing, obtains the fuzzy account for remaining partial information in account to be identified, wherein fuzzy place
The effect of reason instruction information is the account with same or similar information in discovery account to be identified, therefore by comparing fuzzy account
Family can be found that the account to be identified with same or similar information, these accounts generally fall into malice account, be based further on
Fuzzy account carries out the identification of malice account, can more accurately find the malice account in account to be identified, reduces False Rate.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the application
The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-
Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various
It can store the medium of program code.
Finally, it should be noted that above embodiments are only to illustrate the technical solution of the application, rather than its limitations;Although
The application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (10)
1. a kind of malice account recognition methods characterized by comprising
Obtain account to be identified;
Information is indicated according to Fuzzy Processing, and Fuzzy processing is carried out to the account to be identified, it is described to be identified to obtain reservation
The fuzzy account of partial information in account;Wherein, the Fuzzy Processing instruction information is to find having in the account to be identified
There is the account of same or similar information;
The fuzzy account is grouped, the same or similar fuzzy account is divided into one group;According to evaluation and test parameter
The fuzzy account in every group is evaluated and tested, to obtain every group of corresponding evaluation result;It is default to determine that evaluation result meets
Account to be identified corresponding to the grouping of malice condition is malice account.
2. the method according to claim 1, wherein Fuzzy Processing instruction information includes at least one fuzzy
The controlling fuzzy parameter of granularity;
It is described to indicate information according to Fuzzy Processing, Fuzzy processing is carried out to the account to be identified, with obtain retain it is described to
Identify the fuzzy account of partial information in account, comprising:
According to the controlling fuzzy parameter of every kind of fuzzy granularity at least one fuzzy granularity, respectively to the account to be identified into
Row Fuzzy processing, to obtain the fuzzy account for retaining partial information in the account to be identified under every kind of fuzzy granularity.
3. according to the method described in claim 2, it is characterized in that, after the account to be identified includes: account prefix and account
Sew;
The controlling fuzzy parameter of at least one fuzzy granularity includes:
The controlling fuzzy parameter of first fuzzy granularity is used to indicate: being obscured all numbers in account prefix, and is retained and be blurred
The digital number fallen;
The controlling fuzzy parameter of second fuzzy granularity is used to indicate: being obscured all numbers in account prefix, is ignored and be blurred
Digital number, need to identify the part obscured be number;
The controlling fuzzy parameter that third obscures granularity is used to indicate: being obscured all numbers in account prefix, is ignored and be blurred
Digital number, and obscure in account prefix in nonnumeric character in addition to the nonnumeric character of specified location other are non-
Numerical character, and retain the number for the nonnumeric character being blurred;
The controlling fuzzy parameter of 4th fuzzy granularity is used to indicate: being obscured all numbers in account prefix, is ignored and be blurred
Digital number, obscure other non-numbers in account prefix in nonnumeric character in addition to the nonnumeric character of specified location
Word character, and ignore the number for the nonnumeric character being blurred;With
The controlling fuzzy parameter of 5th fuzzy granularity is used to indicate: obscuring all character combinations in account prefix, the character group
The combination for referring to any other character in addition to the separating character for playing segmentation is closed, and ignores the character combination being blurred
In character number.
4. according to the method in claim 2 or 3, which is characterized in that it is described that the fuzzy account is grouped, by phase
The same or similar fuzzy account is divided into one group, comprising:
According to business scenario, targeted particle size is determined from least one fuzzy granularity;
From all fuzzy accounts, the fuzzy account under the targeted particle size is selected;
The fuzzy account under the targeted particle size is grouped, the same or similar fuzzy account is divided into one
Group.
5. method according to claim 1 or 2 or 3, which is characterized in that the evaluation and test parameter include it is following at least one:
Register average time interval, registion time rule, the number of fuzzy account in grouping, the feature of grouping, the posterior probability of grouping,
The shared range index of static state, dynamic share range index, static shared closeness index and dynamic and share closeness index;
Wherein, there is the case where sharing static information between fuzzy account for characterizing in grouping in the static shared range index
Number;
The dynamic, which shares range index and is used to characterize, there are the more of the case where sharing multidate information between fuzzy account in grouping
It is few;
The static shared closeness index is used to characterize to be total between the fuzzy account of the shared static information occurred in grouping
The number for the static information enjoyed;
The dynamic is shared to be total between fuzzy account of the closeness index for characterizing the shared multidate information occurred in grouping
The number for the multidate information enjoyed.
6. a kind of malice account identification device characterized by comprising
Module is obtained, for obtaining account to be identified;
Fuzzy processing module carries out Fuzzy processing to the account to be identified for indicating information according to Fuzzy Processing, with
Obtain the fuzzy account for retaining partial information in the account to be identified;Wherein, the Fuzzy Processing instruction information is to find
With the account of same or similar information in the account to be identified;
The same or similar fuzzy account is divided into one group for being grouped to the fuzzy account by identification module;
The fuzzy account in every group is evaluated and tested according to evaluation and test parameter, to obtain every group of corresponding evaluation result;Determine evaluation and test
As a result meeting account to be identified corresponding to the grouping of default malice condition is malice account.
7. device according to claim 6, which is characterized in that the Fuzzy Processing instruction information includes at least one fuzzy
The controlling fuzzy parameter of granularity;
The Fuzzy processing module is specifically used for: according to the blurring of every kind of fuzzy granularity at least one fuzzy granularity
Parameter carries out Fuzzy processing to the account to be identified respectively, retains the account to be identified under every kind of fuzzy granularity to obtain
The fuzzy account of partial information in family.
8. device according to claim 7, which is characterized in that after the account to be identified includes: account prefix and account
Sew;
The controlling fuzzy parameter of at least one fuzzy granularity includes:
The controlling fuzzy parameter of first fuzzy granularity is used to indicate: being obscured all numbers in account prefix, and is retained and be blurred
The digital number fallen;
The controlling fuzzy parameter of second fuzzy granularity is used to indicate: being obscured all numbers in account prefix, is ignored and be blurred
Digital number, need to identify the part obscured be number;
The controlling fuzzy parameter that third obscures granularity is used to indicate: being obscured all numbers in account prefix, is ignored and be blurred
Digital number, and obscure in account prefix in nonnumeric character in addition to the nonnumeric character of specified location other are non-
Numerical character, and retain the number for the nonnumeric character being blurred;
The controlling fuzzy parameter of 4th fuzzy granularity is used to indicate: being obscured all numbers in account prefix, is ignored and be blurred
Digital number, obscure other non-numbers in account prefix in nonnumeric character in addition to the nonnumeric character of specified location
Word character, and ignore the number for the nonnumeric character being blurred;With
The controlling fuzzy parameter of 5th fuzzy granularity is used to indicate: obscuring all character combinations in account prefix, the character group
The combination for referring to any other character in addition to the separating character for playing segmentation is closed, and ignores the character combination being blurred
In character number.
9. device according to claim 7 or 8, which is characterized in that the identification module is specifically used for:
According to business scenario, targeted particle size is determined from least one fuzzy granularity;
From all fuzzy accounts, the fuzzy account under the targeted particle size is selected;
The fuzzy account under the targeted particle size is grouped, the same or similar fuzzy account is divided into one
Group.
10. device described according to claim 6 or 7 or 8, which is characterized in that the evaluation and test parameter include it is following at least one:
Register average time interval, registion time rule, the number of fuzzy account in grouping, the feature of grouping, the posterior probability of grouping,
The shared range index of static state, dynamic share range index, static shared closeness index and dynamic and share closeness index;
Wherein, there is the case where sharing static information between fuzzy account for characterizing in grouping in the static shared range index
Number;
The dynamic, which shares range index and is used to characterize, there are the more of the case where sharing multidate information between fuzzy account in grouping
It is few;
The static shared closeness index is used to characterize to be total between the fuzzy account of the shared static information occurred in grouping
The number for the static information enjoyed;
The dynamic is shared to be total between fuzzy account of the closeness index for characterizing the shared multidate information occurred in grouping
The number for the multidate information enjoyed.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910039740.9A CN110033302B (en) | 2014-10-28 | 2014-10-28 | Malicious account identification method and device |
| CN201410588349.1A CN105550175B (en) | 2014-10-28 | 2014-10-28 | The recognition methods of malice account and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410588349.1A CN105550175B (en) | 2014-10-28 | 2014-10-28 | The recognition methods of malice account and device |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910039740.9A Division CN110033302B (en) | 2014-10-28 | 2014-10-28 | Malicious account identification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105550175A CN105550175A (en) | 2016-05-04 |
| CN105550175B true CN105550175B (en) | 2019-03-01 |
Family
ID=55829364
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410588349.1A Active CN105550175B (en) | 2014-10-28 | 2014-10-28 | The recognition methods of malice account and device |
| CN201910039740.9A Active CN110033302B (en) | 2014-10-28 | 2014-10-28 | Malicious account identification method and device |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910039740.9A Active CN110033302B (en) | 2014-10-28 | 2014-10-28 | Malicious account identification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN105550175B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106339615B (en) * | 2016-08-29 | 2020-06-16 | 北京红马传媒文化发展有限公司 | Method, system and equipment for identifying abnormal registration behavior |
| CN106651580B (en) * | 2016-12-15 | 2020-04-07 | 北京知道创宇信息技术股份有限公司 | Method and device for judging whether financial account is malicious or not and computing device |
| CN107135195B (en) * | 2017-02-20 | 2018-06-08 | 平安科技(深圳)有限公司 | The detection method and device of abnormal user account |
| CN107392801B (en) * | 2017-07-21 | 2021-11-23 | 上海携程商务有限公司 | Method and device for controlling order disorder, storage medium and electronic equipment |
| CN109426969A (en) * | 2017-08-25 | 2019-03-05 | 拓元股份有限公司 | Network ticket-booking system |
| CN109561050B (en) * | 2017-09-26 | 2021-11-09 | 武汉斗鱼网络科技有限公司 | Method and device for identifying batch account numbers |
| CN108984721A (en) * | 2018-07-10 | 2018-12-11 | 阿里巴巴集团控股有限公司 | The recognition methods of rubbish account and device |
| CN110876072B (en) * | 2018-08-31 | 2022-02-08 | 武汉斗鱼网络科技有限公司 | Batch registered user identification method, storage medium, electronic device and system |
| CN109150894A (en) * | 2018-09-12 | 2019-01-04 | 珠海豆饭科技有限公司 | A kind of method and system for identifying malicious user |
| CN109978033B (en) * | 2019-03-15 | 2020-08-04 | 第四范式(北京)技术有限公司 | Method and device for constructing same-operator recognition model and method and device for identifying same-operator |
| CN110995695B (en) * | 2019-11-29 | 2022-12-23 | 字节跳动有限公司 | Abnormal account detection method and device, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118043A (en) * | 2011-11-16 | 2013-05-22 | 阿里巴巴集团控股有限公司 | Identification method and equipment of user account |
| CN103164416A (en) * | 2011-12-12 | 2013-06-19 | 阿里巴巴集团控股有限公司 | Identification method and device of user relationship |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2669601B2 (en) * | 1994-11-22 | 1997-10-29 | インターナショナル・ビジネス・マシーンズ・コーポレイション | Information retrieval method and system |
| CN102457501B (en) * | 2010-10-26 | 2016-08-31 | 腾讯科技(深圳)有限公司 | The recognition methods of a kind of instant messaging account and system |
| US9189746B2 (en) * | 2012-01-12 | 2015-11-17 | Microsoft Technology Licensing, Llc | Machine-learning based classification of user accounts based on email addresses and other account information |
| CN103678962B (en) * | 2012-08-30 | 2018-04-03 | 腾讯科技(深圳)有限公司 | The method, apparatus and terminal of managing personal information |
| CN103927398B (en) * | 2014-05-07 | 2016-12-28 | 中国人民解放军信息工程大学 | The microblogging excavated based on maximum frequent itemsets propagandizes colony's discovery method |
-
2014
- 2014-10-28 CN CN201410588349.1A patent/CN105550175B/en active Active
- 2014-10-28 CN CN201910039740.9A patent/CN110033302B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118043A (en) * | 2011-11-16 | 2013-05-22 | 阿里巴巴集团控股有限公司 | Identification method and equipment of user account |
| CN103164416A (en) * | 2011-12-12 | 2013-06-19 | 阿里巴巴集团控股有限公司 | Identification method and device of user relationship |
Non-Patent Citations (3)
| Title |
|---|
| ★TheReturn★【1025教程】MAMA投票邮箱批量注册工具;shirey_g;《http://blog.sina.com.cn/s/blog_959ef1b701016yan.html》;20121025;第1-11页 |
| 批量注册好帮手v3;abcdefg;《http://tieba.baidu.com/p/1943633335》;20120810;第1-8页 |
| 邮箱批量注册教程,21cn邮箱注册机使用教程;佚名;《https://zhidao.baidu.com/question/238175422.html》;20140706;第1-4页 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105550175A (en) | 2016-05-04 |
| CN110033302A (en) | 2019-07-19 |
| CN110033302B (en) | 2023-08-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105550175B (en) | The recognition methods of malice account and device | |
| CN105791255B (en) | Computer risk identification method and system based on account clustering | |
| US20200226186A1 (en) | System and method for analyzing user device information | |
| US10785134B2 (en) | Identifying multiple devices belonging to a single user | |
| US9509688B1 (en) | Providing malicious identity profiles from failed authentication attempts involving biometrics | |
| JP5941163B2 (en) | Spam detection system and method using frequency spectrum of character string | |
| CN106302104B (en) | User relationship identification method and device | |
| CN110830445B (en) | Method and device for identifying abnormal access object | |
| WO2017040799A1 (en) | System and method for analyzing user device information | |
| CN107483381B (en) | Monitoring method and device of associated account | |
| CN110276060B (en) | Data processing method and device | |
| CN104408640B (en) | Application software recommends method and device | |
| CN105991620B (en) | The recognition methods of malice account and device | |
| CN110445772B (en) | Internet host scanning method and system based on host relationship | |
| CN111612085A (en) | Method and device for detecting abnormal point in peer-to-peer group | |
| CN111651741B (en) | User identity recognition method, device, computer equipment and storage medium | |
| Guo et al. | Safer: Social capital-based friend recommendation to defend against phishing attacks | |
| CN109446807A (en) | The method, apparatus and electronic equipment of malicious robot are intercepted for identification | |
| CN111414528B (en) | Method and device for determining equipment identification, storage medium and electronic equipment | |
| CN110351345B (en) | Method and device for processing service request | |
| CN102790707A (en) | Method and device for classifying object | |
| EP2616963A1 (en) | Method and arrangement for segmentation of telecommunication customers | |
| CN109587248B (en) | User identification method, device, server and storage medium | |
| CN111767481A (en) | Access processing method, device, equipment and storage medium | |
| CN114329449A (en) | System security detection method and device, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200924 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200924 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: Alibaba Group Holding Ltd. |
|
| TR01 | Transfer of patent right |