CN107018115A

CN107018115A - Account treating method and apparatus

Info

Publication number: CN107018115A
Application number: CN201610055868.0A
Authority: CN
Inventors: 史文峰
Original assignee: Alibaba Group Holding Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2016-01-27
Filing date: 2016-01-27
Publication date: 2017-08-04
Anticipated expiration: 2036-01-27
Also published as: CN107018115B; CN111343197A; CN111343197B

Abstract

The account treating method and apparatus that the embodiment of the present application is provided calculates the stolen value-at-risk of account or upstream seller's value-at-risk of target account by having the interlock account of identical account medium with target account or being transferred to the downstream account of relation with resource, value-at-risk is stolen further according to account or upstream seller's value-at-risk determines that air control strategy is handled these accounts, it is ensured that the normal operation of network service platform.

Description

Account treating method and apparatus

Technical field

The application is related to technical field of network security, more particularly to a kind of account treating method and apparatus.

Background technology

With the fast development of network technology, such as social network sites, gaming platform, electric business platform and online silver The quantity of the network service platforms such as row is more and more.User is led to after network service platform register platforms account Cross and operate the platform account to initiate service request to network service platform, just can obtain corresponding network service, The great convenience life of people.

However, the adventure account that there may exist one of for example following accounts of these network service platforms：1、 Stolen account, platform account is probably due to user's unforced error or the network attack by Dao Ka team etc. are a variety of Factor causes password to reveal and become stolen account, and for example virtual goods of original users is belonged in stolen account The Internet resources of coin, game article etc are likely to stolen card people and dumped；2nd, upstream seller account, upstream The Internet resources that seller's account typically all can have stolen account are transferred to, though upstream seller's account does not participate in directly stealing Block but also there is larger possibility to belong to Dao Ka team.These adventure accounts have had a strong impact on network service platform Normal operation, it is easy to caused any property loss to user.

In the prior art, network service platform lacks the method for detecting these adventure accounts, is only capable of by buying The family mode reported a case to the security authorities finds adventure account, causes to be difficult in time to handle adventure account.

The content of the invention

The purpose of the embodiment of the present application is to provide a kind of account treating method and apparatus, is capable of detecting when that network takes Business platform in adventure account and be acted upon.

In order to solve the above technical problems, the embodiment of the present application provides a kind of account processing method, including：

The interlock account that there is identical account medium with target account is obtained, the target account has account There is basic value-at-risk, the interlock account account to be stolen risk probability；

The quantity of account medium according to common to the interlock account and target account and with the account The quantity of all accounts of family medium, determines account incidence coefficient；

According to the account of the interlock account is stolen risk probability and the account incidence coefficient is determined The account of target account is stolen risk probability；

Risk probability is stolen according to the basic value-at-risk of the account of the target account and account and determines that account is stolen Value-at-risk；

Value-at-risk is stolen based on the account and selectes air control strategy, according to the air control strategy to the target account Family is handled.

The downstream account of target account is obtained, the downstream account is there are Internet resources to be transferred to the target There is the account of account, the downstream account account to be stolen risk probability；

According to the resource transfers remarks content and account relation data between the downstream account and target account, Determine account transfer risk factor；

Risk probability is stolen according to the account of the downstream account and the account transfer risk factor is determined Upstream seller's value-at-risk of the target account；

Air control strategy is selected based on the upstream seller value-at-risk, according to the air control strategy to the target account Family is handled.

In order to solve the above technical problems, the embodiment of the present application provides a kind of account processing unit, including：

Interlock account acquisition module, for obtaining and target account has an identical account medium associates account Family, the target account has the basic value-at-risk of account, and there is the interlock account account to be stolen risk probability；

Incidence coefficient determining module, for the account medium according to common to the interlock account and target account Quantity and all accounts with the account medium quantity, determine account incidence coefficient；

Risk probability determining module, for being stolen risk probability and described according to the account of the interlock account Account incidence coefficient determines that the account of the target account is stolen risk probability；

Value-at-risk determining module, wind is stolen for the basic value-at-risk of account and account according to the target account Dangerous determine the probability account is stolen value-at-risk；

Air control strategy processing module, selectes air control strategy, according to institute for being stolen value-at-risk based on the account Air control strategy is stated to handle the target account.

Downstream account acquisition module, the downstream account for obtaining target account, the downstream account is to exist Internet resources are transferred to the account of the target account, and there is the downstream account account to be stolen risk probability；

Risk of transferring accounts determining module, for standby according to the resource transfers between the downstream account and target account Content and account relation data are noted, account transfer risk factor is determined；

Upstream seller's determining module, for being stolen risk probability and described according to the account of the downstream account Account transfer risk factor determines upstream seller's value-at-risk of the target account；

Air control strategy processing module, for selecting air control strategy based on the upstream seller value-at-risk, according to institute Air control strategy is stated to handle the target account.

At the technical scheme provided from above the embodiment of the present application, the account that the embodiment of the present application is provided Reason method and apparatus are by having the interlock account of identical account medium with target account or turning with resource Enter the downstream account of relation and be stolen value-at-risk or upstream seller's value-at-risk, then root to calculate the account of target account Value-at-risk is stolen according to account or upstream seller's value-at-risk determines that air control strategy is handled these accounts, is protected Demonstrate,prove the normal operation of network service platform.

Brief description of the drawings

, below will be to implementing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art The accompanying drawing used required in example or description of the prior art is briefly described, it should be apparent that, describe below In accompanying drawing be only some embodiments described in the application, for those of ordinary skill in the art, Without having to pay creative labor, other accompanying drawings can also be obtained according to these accompanying drawings.

The Organization Chart for the network system that Fig. 1 is applicable by account processing method in the embodiment of the present application.

The schematic diagram for the account cluster that Fig. 2 is applicable by account processing method in the embodiment of the present application.

The curve map for the preset function that Fig. 3 is applicable by account processing method in the embodiment of the present application.

Fig. 4 is the process of account processing method in the embodiment of the present application.

Fig. 5 is the process of account processing method in another embodiment of the application.

Fig. 6 is the module map of account processing unit in the embodiment of the present application.

Fig. 7 is the module map of account processing unit in another embodiment of the application.

Embodiment

The embodiment of the present application provides a kind of account processing method and processing device.

In order that those skilled in the art more fully understand the technical scheme in the application, below in conjunction with this Apply for the accompanying drawing in embodiment, the technical scheme in the embodiment of the present application be clearly and completely described, Obviously, described embodiment is only some embodiments of the present application, rather than whole embodiments.Base Embodiment in the application, those of ordinary skill in the art are obtained under the premise of creative work is not made The every other embodiment obtained, should all belong to the scope of the application protection.

Network system includes air control server 100, and air control server 100 is used as account in the embodiment of the present application The executive agent of family processing method.Air control server 100 is connected with network service platform 200 by network 300 Pick up and.

Network service platform 200 can be social network sites, gaming platform, electric business platform or Web bank etc.. Network service platform 200 can be set up with terminal device 500 by network 400 and is connected.

Network 300 and network 400 can include wired or wireless telecommunication device, for example, each network 300 With 400 can include LAN (" LAN "), wide area network (" WAN "), in-house network, internet, Mobile telephone network, Virtual Private Network (VPN), honeycomb fashion or other mobile communications networks, bluetooth, NFC Or its any combinations.

Terminal device 500 is to include to send and receiving the dress of the communication module of data via network 400 Put.Terminal device 500 can be desktop computer, laptop computer, tablet PC, smart mobile phone, The equipment such as handheld computer, personal digital assistant (" PDA ").

The process that user accesses network service platform 200 by terminal device 500 to obtain network service has Body is as follows：User is first by the customer end A pp on terminal device 500 in network service platform 200 Upper register platforms account, then logs in be registered to platform account, finally by behaviour on customer end A pp Make the platform account and initiate service request to network service platform 200, to obtain corresponding network service.Net The quantity of platform account in network service platform 200 gradually increases, the risk account in these platform accounts The quantity at family may also increase therewith, and these adventure accounts cause network service platform 200 not run normally.

After air control server 100 is connected by network 300 and the foundation of network service platform 200, Neng Goushi Whether the platform account for not going out network service platform 200 is adventure account, and selectes air control strategy accordingly and come pair Platform account is handled, to ensure the normal operation of network service platform 200.

The exemplary plot for the account cluster that Fig. 2 is applicable by account processing method in the embodiment of the present application.

Account cluster is located in network service platform 200, and the multiple platform accounts registered by user are constituted, Include the platform account that is mutually related, and there is the platform account of Internet resources transfer relationship.

There is platform account A and B in account cluster, the two platform accounts are the related accounts in card case is stolen Family, has clearly been stolen account.

Platform account C and platform account A and B are respectively provided with a common account medium, platform account D Peaceful account family B has 2 common account media, and platform account E peace accounts family D has one Common account medium.

Account medium is used for the logging device environment and householder's identity information for describing platform account, and account medium can To be at least one of following：Equipment physical address MAC Address, equipment Unique Material identification code UMID codes, Terminal client identification module SIM card number, equipment International Mobile Station Equipment Identification IMEI code, unit type, silver Row card card number, address list relation and householder's identification card number.Certainly, account medium is not limited to aforementioned list Content, can also have other media types, will not be described here.

MAC Address, UMID codes, SIM card number, IMEI code and unit type, are used to description flat The logging device environment at account family, platform account is logged in user by customer end A pp on terminal device 500 During family, network service platform can then record the MAC Address, UMID codes, SIM of terminal device 500 Card number, IMEI code or unit type, and associated with the platform account, using the account as the platform account Medium.

Bank card number, address list relation and householder's identification card number are used to describe householder's identity of platform account Information, during user's registration and using platform account, can add available in its platform account Bank's card number come be easy to shopping, addition address list in order to maintain good friend or communication be used, add householder's identity Card number is used with system of real name certification or account safety.Network service platform 200 can equally record bank card card Number, address list relation and householder's identification card number, using the account medium as the platform account.

Interlock account and target account have identical account medium, then show interlock account and target account it Between there is relevance, this relevance can be logged on the association of facility environment, such as interlock account and target Account has identical equipment physical address MAC Address, then it is to use to show interlock account and target account Same terminal device is logged in；This relevance can also be the association of householder's identity, such as interlock account There is identical householder's identification card number with target account, then show that interlock account and target account are same families It is main.

C and E have Internet resources transfer relationship at platform account F peace accounts family.Specifically, platform account Platform account F is transferred to and there are Internet resources in family C and E.

Internet resources can be that there may be the money of economic value for real money, ideal money, game article etc. Source.

It is worth noting that, previous platform account A is not limited in account cluster to F, in addition to other platforms Account, will not be described here.

Preset function is to the number for the account medium being had between account by existing big data treatment technology Mathematics generalization of the quantity of amount and all accounts with account medium to relevance between account.

Based on the preset function, account incidence coefficient can be calculated.The abscissa X of preset function is with being total to The quantity of some account media is inversely proportional the target scaled value of gained, or the account with common account medium The quantity at family, ordinate Y is account incidence coefficient.Below in conjunction with account processing method, preset function is described in detail Utilization process.

Fig. 4 is the process of account processing method in the embodiment of the present application.The executive agent of account processing method can To be air control server 100, this method comprises the following steps.

S110, acquisition and target account have the interlock account of identical account medium, and target account has account There is family basis value-at-risk, interlock account account to be stolen risk probability.

Target account can be network service platform 200 account cluster in any one platform account.At this Apply in embodiment, air control server 100 can be successively to all platform accounts in network service platform 200 Account handling process provided herein is performed, to determine whether to have the account with stolen risk And these adventure accounts are acted upon.

Interlock account and target account are under the jurisdiction of in the account cluster in same network service platform 200, After selected target account, interlock account can be determined according to the account medium of the target account.Interlock account Quantity can be to be one or more, as long as there is the platform account of identical account medium with target account is exactly it Interlock account.

In the embodiment of the present application, it is determined that after target account, being screened according to foregoing account medium, so as to obtain To the interlock account with target account with same account medium.

With reference to shown in Fig. 2, so that target account is platform account C as an example, its interlock account is platform account A and B；So that target account is platform account D as an example, its interlock account is platform account B；With target Account is exemplified by platform account E, its interlock account is platform account D.

Network service platform 200 in the process of running, can be by involved by its network service data, account Case data and user are preserved by the peration data of platform account, based on data.Air control is serviced Device 100 is extracted these basic datas and set up using these basic datas in basic risk storehouse, basic risk storehouse The basic value-at-risk of the account for each platform account that is stored with.It is determined that the basic wind can be inquired about after target account Dangerous storehouse, therefrom to obtain the basic value-at-risk of each platform account.

Basic data can include two kinds of off-line data and real time data, and off-line data is network service platform Case data and user involved by 200 network service datas periodically preserved, account pass through platform account Peration data, it, to one of off-line data supplement, is when periodically preserving off-line data that real time data, which is, Between aforementioned data in gap.The basic data being made up of off-line data and real time data sets up basic wind Dangerous storehouse, ensure that the accuracy in basic risk storehouse.

So that network service platform 200 is electric business platform as an example, network service data is transaction data, transaction Data include the information such as transaction Description of Goods, the platform account of both parties and the amount of money of transaction.Case number of packages According to being to have reported to the data of the platform account theft case of network service platform 200, user takes in network The data for the operation behaviors such as the click of platform 200 of being engaged in.The basic risk storehouse set up based on these data, can Embody whether platform account can be adventure account.

In embodiments herein, air control server 100 is obtaining basic number from network service platform 200 According to rear, data processing can be done to basic data, to meet the data demand for setting up basic risk storehouse.

Data processing specifically includes data cleansing, data mart modeling and data and merges three parts.Data cleansing is main For unwanted data in basic data to be removed to reduce the data volume of subsequent treatment；Data mart modeling It is mainly used in the inconsistent data mart modeling of the form of expression in basic data into the data class for meeting requirement for construction data base Type, a plurality of transaction data recorded according to time point still by taking electric business platform as an example, can be counted and be remembered Carry to describe the numeral of trading volume.Data merge be mainly used in by it is same type of, positioned at different memory modules Interior basic data is merged, still by taking electric business platform as an example, product can be bought into data, telephone recharge The different pieces of informations such as data merge into transaction data in the lump.Because data handling procedure is ordinary skill people Technology known to member, will not be described here.

Air control server 100 generates basic value-at-risk using at least one of following data in basic data：Account Family alive data, account address date, account safety data.Certainly, air control server 100 can also pass through The data of other in basic data generate basic value-at-risk, will not be described here.

Account alive data includes at least one of following：Account Successful Transaction number of times, account successfully transfer accounts number of times, The account purchase result of target product, account last withdraw deposit number of days and account enlivens number of times.Wherein, account Last number of days of withdrawing deposit is withdrawn deposit apart from the number of days at current time for account last, and this number of days can also be according to withdrawing deposit Mode be adjusted, such as credit card repayment and the mode commonly withdrawn deposit could be arranged to difference.Account is purchased The result for buying target product determines that such as account has bought target production according to whether account buys target product The result that account is then bought target product by product is designated as 1, and result on the contrary then that account is bought into target product is remembered For 0.

Air control server 100 can also be adjusted by the Fixed Initial Point to above-mentioned quantity, for example, it can be set to Account Successful Transaction number of times is just started at at least more than 3 times, if it is 0, account then directly to be calculated below 3 times Successful Transaction number of times is 3 and is designated as 1, and account Successful Transaction number of times is 4 and is designated as 2.

Air control server 100 can be defined with passage time scope to account alive data, for example can be with Account Successful Transaction number of times in 12 months current times of chosen distance, account are successfully transferred accounts number of times, distance The result of the purchase such as target product of Yuebao or wealth bringing in treasured etc in 30 days current times, distance is worked as Number of times is enlivened in preceding 60 days moment.

Account address date includes at least one of following：Account is often with quantity, the account in province where IP address Family is often often saved with the quantity in province where ship-to, account with where the ownership place of the phone number of consignee The quantity of part, the quantity in the ownership place place province of the phone number of account binding, the identity card of account binding Address where province quantity, account binding bank card address where province quantity, login account Home zone of mobile phone number where identity quantity and logon account phone number ownership place where save The quantity of part.

Account safety data include at least one of following：Account credible equipment quantity, the knot of account real-name authentication Really, account installs the result of result, the quantity of account security problem, account the binding mobile phone of digital certificate. Wherein, if account has real-name authentication, then the result of account real-name authentication is designated as 1, otherwise is designated as 0；Account Family is mounted with digital certificate, then the result of account installation digital certificate is designated as 1, otherwise is designated as 0；Account is tied up Mobile phone is determined, then the result of account binding mobile phone is designated as 1, otherwise is designated as 0.

Air control server 100 is by the way that the account alive data of each account, account address date and account are pacified Total each numerical value in is all added the basic value-at-risk for obtaining the account.

In the embodiment of the present application, air control server 100 also to account alive data, account address date or Account safety data are normalized, and the data after normalized are added up to obtain basis Value-at-risk.

To the processing of account alive data, account address date or account safety data normalization by following public Formula is realized：I '=(I-I_min)/(I_max-I_min).Wherein, I is the number of the data of pending normalized Value, I ' is the numerical value for the data for having performed normalized, I_maxAnd I_minFor pending normalized Maximum and minimum value in all composition datas of classification where data.For example account alive data is carried out Normalized, then I_maxAnd I_minFor the maximum and minimum in all composition datas in account alive data Value.

Interlock account has a stolen risk probability, and stolen risk probability is used to describing the account stolen probability, Stolen risk probability is stored after equally being associated with account to default risk storehouse, is easy to 100 pairs of risk server It is called.

The stolen risk probability of interlock account can be the stolen wind of the account by being associated with the interlock account Dangerous probability, which is calculated, obtains or is identified as stolen account, then can preset the stolen of interlock account Risk probability is 1.

S130, the quantity of account medium according to common to interlock account and target account and it is situated between with account The quantity of all accounts of matter, determines account incidence coefficient.

In the embodiment of the present application, risk server 100 can be by account medium in network service platform Screened in 200, to obtain the quantity of all accounts with account medium.

Risk server 100 can obtain account incidence coefficient in the following way：Interlock account and target When the quantity of the shared account medium of account is one, according to the quantity of the account with account medium come with advance If function, account incidence coefficient is obtained；The quantity of interlock account and the shared account medium of target account is extremely When few two, the target scaled value and default letter of the gained that is inversely proportional according to the quantity with common account medium Number, obtains account incidence coefficient.

With reference to shown in Fig. 3, preset function is a function being gradually reduced as abscissa increases.When It is more according to the quantity of the account with account medium when the quantity of shared account medium is one, then account Family incidence coefficient is smaller.When the quantity of interlock account and the shared account medium of target account is at least two When, according to more with the quantity of common account medium, target scaled value is smaller, then account incidence coefficient It is bigger.

Target scaled value can be the quantity of common account medium and the poor inverse of default value.It is default Numerical value can be 1 or other numbers, it is only necessary to ensure number of the default value than common account medium Amount is small, will not be described here.

Relevance between target account and interlock account can be embodied by account incidence coefficient, with account The increase of incidence coefficient, the relevance between target account and interlock account is also higher.

With reference to shown in Fig. 2, so that target account is platform account C as an example, its interlock account is platform account A and B, platform account C and platform account A and B incidence coefficient can pass through calculating platform account respectively Family C and A account incidence coefficient, platform account C and B account incidence coefficient, then it is and tired by two Plus obtain.

Platform account C and A shared association medium only has one, and association medium for example can be Mac Location, then be used as abscissa X by the quantity of all platform accounts on the Mac addresses and substitute into preset function, Platform account C and A account incidence coefficient can then be obtained.Similarly, can obtain platform account C and B account incidence coefficient, the two coefficients are added up, then obtain platform account C and platform account A and B Incidence coefficient.

So that target account is platform account D as an example, its interlock account is platform account B, platform account D 2 account media are had between B, then the target scaled value as obtained by being inversely proportional the quantity of account medium Preset function is substituted into as abscissa X, then can obtain platform account D and B account incidence coefficient.

S150, risk probability and account incidence coefficient are stolen according to the account of interlock account determine target account Account be stolen risk probability.

On the basis of the account of interlock account is stolen risk probability, with reference to embodying target account and associate account The account incidence coefficient of relevance between family, the account for extrapolating target account is stolen risk probability.

In the embodiment of the present application, can be by the way that the account of each interlock account be stolen into risk probability and account The product of incidence coefficient does cumulative, using the stolen risk probability as target account.

It is preferred that, the account of interlock account can also be stolen to risk probability, account incidence coefficient and preset The product of attenuation coefficient does cumulative, using the stolen risk probability as target account.

Default attenuation coefficient is the product of layer attenuation coefficient and diectric attenuation coefficient.Layer attenuation coefficient is one pre- If value, the decay for characterizing the stolen risk probability of this layer from interlock account to target account；Medium declines It is also a preset value to subtract coefficient, for characterize caused by the presence due to account medium by interlock account to The decay of the stolen risk probability of target account.

Diectric attenuation coefficient can also be adjusted according to the type of account medium, for example can be by account medium It is divided into strong medium and weak medium, strong medium includes MAC Address, UMID codes, SIM card number, IMEI Code and unit type, weak medium include bank card number, address list relation and householder's identification card number.Setting is strong The diectric attenuation coefficient of medium is more than the diectric attenuation coefficient of weak medium.

With reference to shown in Fig. 2, so that target account is platform account C as an example, its interlock account is platform account A and B.Platform account C account is stolen risk probability, can distinguish calculating platform account C and A The product of account incidence coefficient and platform account A stolen risk probability, platform account C and B account The product of incidence coefficient and platform account B stolen risk probability, then and obtain two product accumulations.

Herein, platform account A and B is account in theft case, can specify it and be stolen, then Platform account A and B stolen risk probability can be preset as 1, so as to obtain the stolen of platform account C Risk probability.

Certainly, in the other embodiment of the application, it is stolen risk in the account for calculating other target accounts general During rate, the stolen risk probability of its interlock account can also be by account processing method provided herein Obtain, so that using the platform account of known stolen risk probability, network clothes are obtained in progressive mode The account of all accounts in platform of being engaged in is stolen risk probability.

So that target account is platform account D as an example, its interlock account is platform account B, platform account D The product of risk probability is stolen with platform account B account with B account incidence coefficient, then is platform account Family D account is stolen risk probability.

So that target account is platform account E as an example, its interlock account is platform account D, platform account E The product of risk probability is stolen with platform account D account with D account incidence coefficient, then is platform account Family E account is stolen risk probability.

S170, risk probability is stolen according to the basic value-at-risk of the account of target account and account determines that account is stolen Value-at-risk.

Specifically, the product that the basic value-at-risk of the account of target account and account are stolen into risk probability is used as account Family is stolen value-at-risk.

S190, value-at-risk is stolen based on account selectes air control strategy, target account is carried out according to air control strategy Processing.

Air control strategy includes security strategy and danger strategy.Account is stolen value-at-risk and is more than default stolen risk threshold During value, then it is adventure account to show target account, and it is dangerous strategy to determine air control strategy, according to dangerous strategy Target account is handled, dangerous strategy can include closing down the target account, to the target account Transaction residing for family is locked etc..When account is stolen value-at-risk less than default stolen risk threshold value, then show Target account is secured account, and it is security strategy to determine air control strategy, and target account is entered according to security strategy Row processing, security strategy can include permitting to pass through transaction where target account.

The account processing method that the embodiment of the present application is provided, by with target account there is identical account to be situated between The interlock account of matter is stolen value-at-risk to calculate the account of target account, and value-at-risk institute is stolen really further according to account Determine air control strategy to handle these accounts, can be by network service platform by progressive mode In all accounts process, it is ensured that the normal operation of network service platform.

Illustrate the account processing method that another embodiment of the application is provided, account processing side below in conjunction with Fig. 5 The executive agent of method can be equally air control server 100, and this method comprises the following steps.

There are S210, the downstream account for obtaining target account, downstream account Internet resources to be transferred to target account, There is downstream account account to be stolen risk probability.

Target account can be any one platform account in network service platform 200.In the embodiment of the present application In, air control server 100 can perform the application to all platform accounts in network service platform 200 successively The account processing method provided, with the account for determining whether to have upstream seller's risk and handles these Adventure account.

Downstream account and target account are under the jurisdiction of same network service platform 200, after selected target account, Downstream account can be determined according to occurring Internet resources injection behavior with the target account.

There is downstream account account to be stolen risk probability, and account is stolen risk probability and is stolen for describing the account Probability, stolen risk probability stores after equally being associated with account to default risk storehouse, is easy to risk service Device 100 is called to it.

The stolen risk probability of downstream account can be obtained by abovementioned steps S110 to S190, can also It is to be identified as being related to robber's card case to have confirmed that stolen account, then can presets the account quilt of interlock account It is 1 to steal risk probability.

S230, according to the resource transfers remarks content between downstream account and target account and account relation number According to determining account transfer risk factor.

Resource transfers remarks content refers in Internet resources transfer process, is filled in by the householder of downstream account Be used for the remark information of this Internet resources displacement behavior is described, wherein the mesh of resource transfers can be included , the information such as resource amount to be transferred.By presetting some default keys often occurred in card case is stolen Word, such as " black card ", " getting stuck ".If there is preset keyword in resource transfers remarks content, set Account transfer risk factor is determined for the first predetermined coefficient.

Account relation data includes the relation for being used to describe the account relation between target account and downstream account Label, account relation can be friend relation, strange relationship etc..When account relation is friend relation, account Family relation data includes corresponding account friend relation label.Account relation data also includes setting for description The account device label of standby security, when equipment used in account is not directed to steal card case, account equipment Label is then account equipment safety label.Include account friend relation label and account in account relation data During equipment safety label, account transfer risk factor is set as the second predetermined coefficient.

Do not include preset keyword and account in resource transfers content between downstream account and target account When relation data does not include account friend relation label and account equipment safety label, account transfer risk is determined Coefficient is the 3rd predetermined coefficient.

In the embodiment of the present application, the first predetermined coefficient is more than the 3rd predetermined coefficient, and the 3rd predetermined coefficient is more than Second predetermined coefficient.

With reference to shown in Fig. 2, platform account F peace accounts family D and E have the relation of transferring accounts of Internet resources. Platform account D and E and platform account F account transfer risk system can be confirmed respectively by step S230 Number, then two coefficients are added up, then obtain platform account F account transfer risk factor.

S250, risk probability and account transfer risk factor are stolen according to the account of downstream account determine target Upstream seller's value-at-risk of account.

The product that the account of each downstream account is stolen into risk probability and account transfer risk factor does cumulative, Using upstream seller's value-at-risk as target account.

S270, air control strategy selected based on upstream seller's value-at-risk, target account is carried out according to air control strategy Processing.

The account processing method that the embodiment of the present application is provided, by with target account there is resource to be transferred to relation Downstream account calculate upstream seller's value-at-risk of target account, determined further according to upstream seller's value-at-risk Air control strategy is handled these accounts, it is ensured that the normal operation of network service platform.

Fig. 4 is the module map of account processing unit in the embodiment of the present application, account processing unit and Fig. 2 institutes The account processing method shown is to be based on identical thinking, and its ins and outs refers to this method, do not do expand herein Exhibition.

Account processing unit includes：

Interlock account acquisition module 110, has associating for identical account medium for obtaining with target account Account, target account has the basic value-at-risk of account, and there is interlock account account to be stolen risk probability；

Incidence coefficient determining module 130, for the account medium according to common to interlock account and target account Quantity and all accounts with account medium quantity, determine account incidence coefficient；

Risk probability determining module 150, for being stolen risk probability and account according to the account of interlock account Incidence coefficient determines that the account of target account is stolen risk probability；

Value-at-risk determining module 170, wind is stolen for the basic value-at-risk of account and account according to target account Dangerous determine the probability account is stolen value-at-risk；

Air control strategy processing module 190, selectes air control strategy, according to wind for being stolen value-at-risk based on account Control strategy is handled target account.

In embodiments herein, account medium includes at least one of following：Equipment physical address MAC Location, equipment Unique Material identification code UMID codes, terminal client identification module SIM card number, equipment are international Mobile device mark IMEI code, unit type, bank card number, address list relation and householder's identification card number.

In embodiments herein, incidence coefficient determining module 130, specifically for：

When the quantity of shared account medium is one, according to the quantity of the account with account medium with presetting Function, obtains account incidence coefficient；

The quantity of shared account medium be at least two when, according to the quantity with common account medium into Target scaled value and preset function obtained by inverse ratio, obtain account incidence coefficient.

Target scaled value is the quantity of common account medium and the poor inverse of default value.

In embodiments herein, risk probability determining module 150, specifically for：

The product that the account of each interlock account is stolen into risk probability and account incidence coefficient does cumulative, to make For the stolen risk probability of target account.

The account of interlock account is stolen to the product of risk probability, account incidence coefficient and default attenuation coefficient Do cumulative, using the stolen risk probability as target account.

In embodiments herein, the product that attenuation coefficient is layer attenuation coefficient and diectric attenuation coefficient is preset.

In embodiments herein, value-at-risk determining module 170, specifically for：

The product that the basic value-at-risk of the account of target account and account are stolen into risk probability is stolen as account Value-at-risk.

In embodiments herein, device also includes basic risk enquiry module, specifically for：

The basic risk storehouse of inquiry, obtains the basic value-at-risk of account of target account, basic risk storehouse internal memory is There is the basic value-at-risk that account and each account have.

In embodiments herein, what basic value-at-risk was generated based at least one of following data：Account is lived Jump data, account address date, account safety data.

In embodiments herein, account alive data includes at least one of following：Account Successful Transaction number of times, Successfully transfer accounts number of times, the account purchase result of target product, account last of account withdraws deposit number of days and account is lived Jump number of times.

In embodiments herein, account address date includes at least one of following：Account often uses IP address Quantity, the account in place province often often use the mobile phone of consignee with the quantity in province where ship-to, account The number in province where the quantity in province, the ownership place of the phone number of account binding where the ownership place of number Where the quantity in province, the address of the bank card of account binding where amount, the address of the identity card of account binding The quantity and the mobile phone of logon account of identity where the quantity in province, the home zone of mobile phone number of login account The quantity in province where the ownership place of number.

In embodiments herein, account safety data include at least one of following：Account credible equipment quantity, Result, the account of account real-name authentication install result, quantity, the account of account security problem of digital certificate Bind the result of mobile phone.

In embodiments herein, basic value-at-risk is based at least one of following data and passes through normalized again Generated later：Account alive data, account address date, account safety data.

In embodiments herein, air control strategy includes security strategy and danger strategy；

Air control strategy processing module 190, specifically for：

When the account is stolen value-at-risk more than default stolen risk threshold value, it is danger to determine the air control strategy Strategy, is handled the target account according to the dangerous strategy；

When the account is stolen value-at-risk less than default stolen risk threshold value, it is safety to determine the air control strategy Strategy, is handled the target account according to the security strategy.

The account processing unit that the embodiment of the present application is provided, by with target account there is identical account to be situated between The interlock account of matter is stolen value-at-risk to calculate the account of target account, and value-at-risk institute is stolen really further according to account Determine air control strategy to handle these accounts, can be by network service platform by progressive mode In all accounts process, it is ensured that the normal operation of network service platform.

Fig. 5 is the module map of account processing unit in another embodiment of the application, account processing unit and figure Account processing method shown in 3 is to be based on identical thinking, and its ins and outs refers to this method, herein not Do and extend.

Account processing unit, including：

Downstream account acquisition module 210, the downstream account for obtaining target account, the downstream account tool There are Internet resources to be transferred to the target account, there is the downstream account account to be stolen risk probability；

Risk of transferring accounts determining module 230, for being turned according to the resource between the downstream account and target account Remarks content and account relation data are moved, account transfer risk factor is determined；

Upstream seller's determining module 250, for according to the account of the downstream account be stolen risk probability and The account transfer risk factor determines upstream seller's value-at-risk of the target account；

Air control strategy processing module 270, for selecting air control strategy, root based on the upstream seller value-at-risk The target account is handled according to the air control strategy.

In embodiments herein, the risk determining module 230 of transferring accounts, specifically for：

When resource transfers content between the downstream account and target account includes preset keyword, really Account transfer risk factor is determined for the first predetermined coefficient；

Account relation data between the downstream account and target account includes account friend relation mark When label and account equipment safety label, it is the second predetermined coefficient to determine account transfer risk factor；

In resource transfers content between the downstream account and target account do not include preset keyword and When account relation data does not include account friend relation label and account equipment safety label, account transfer is determined Risk factor is the 3rd predetermined coefficient.

In embodiments herein, the first predetermined coefficient is more than the 3rd predetermined coefficient, and the described 3rd presets Coefficient is more than second predetermined coefficient.

In embodiments herein, upstream seller's determining module 250, specifically for：

The product that the account of each downstream account is stolen into risk probability and the account transfer risk factor is done It is cumulative, using upstream seller's value-at-risk as the target account.

The air control strategy processing module 270, specifically for：

The account processing unit that the embodiment of the present application is provided, by with target account there is resource to be transferred to relation Downstream account calculate upstream seller's value-at-risk of target account, determined further according to upstream seller's value-at-risk Air control strategy is handled these accounts, it is ensured that the normal operation of network service platform.

In the 1990s, can clearly to distinguish be changing on hardware for the improvement of a technology The improvement entered on (for example, improvement to circuit structures such as diode, transistor, switches) or software is (right In the improvement of method flow).However, with the development of technology, the improvement of many method flows now is Through directly improving for hardware circuit can be considered as.Designer is nearly all by by improved method flow It is programmed into hardware circuit to obtain corresponding hardware circuit.Therefore, it cannot be said that method flow Improvement cannot be realized with hardware entities module.For example, PLD (Programmable Logic Device, PLD) (for example field programmable gate array (Field Programmable Gate Array, FPGA)) it is exactly such a integrated circuit, its logic function is determined by user to device programming.By setting Meter personnel are voluntarily programmed a digital display circuit " integrated " on a piece of PLD, without asking chip Manufacturer designs and made special IC chip 2.Moreover, nowadays, substitution manually makes " logic compiler (logic compiler) " software is also used in IC chip, this programming instead mostly Realize, software compiler used is similar when it writes with program development, and the original generation before compiling Code also write by handy specific programming language, and this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but have many kinds, such as ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、 MyHDL, PALASM, RHDL (Ruby Hardware Description Language) etc., at present Most generally use VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog2.Those skilled in the art also will be apparent to the skilled artisan that only need to by Method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages, it is possible to It is readily available the hardware circuit for realizing the logical method flow.

Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor Or processor and storage can by (micro-) computing device computer readable program code (such as software Or firmware) computer-readable medium, gate, switch, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), the form of programmable logic controller (PLC) and embedded microcontroller, controller Example include but is not limited to following microcontroller：ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20 and Silicone Labs C8051F320, Memory Controller is also implemented as depositing A part for the control logic of reservoir.It is also known in the art that except with pure computer-readable program Code means are realized beyond controller, can cause control by the way that method and step is carried out into programming in logic completely Device is with the shape of gate, switch, application specific integrated circuit, programmable logic controller (PLC) and embedded microcontroller etc. Formula realizes identical function.Therefore this controller is considered a kind of hardware component, and to being wrapped in it The device for realizing various functions included can also be considered as the structure in hardware component.Or even, can be with It not only can will be the software module of implementation method for realizing that the device of various functions is considered as but also can be hardware Structure in part.

System, device, module or module that above-described embodiment is illustrated, specifically can be by computer chip or reality Body is realized, or is realized by the product with certain function.

For convenience of description, it is divided into various modules during description apparatus above with function to describe respectively.Certainly, The function of each module can be realized in same or multiple softwares and/or hardware when implementing the application.

It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or meter Calculation machine program product.Therefore, the present invention can be using complete hardware embodiment, complete software embodiment or knot The form of embodiment in terms of conjunction software and hardware.Wherein wrapped one or more moreover, the present invention can be used Containing computer usable program code computer-usable storage medium (include but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) on the form of computer program product implemented.

The present invention is with reference to the production of method according to embodiments of the present invention, equipment (system) and computer program The flow chart and/or block diagram of product is described.It should be understood that can by computer program instructions implementation process figure and / or each flow and/or square frame in block diagram and the flow in flow chart and/or block diagram and/ Or the combination of square frame.These computer program instructions can be provided to all-purpose computer, special-purpose computer, insertion Formula processor or the processor of other programmable data processing devices are to produce a machine so that pass through and calculate The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one The device for the function of being specified in individual flow or multiple flows and/or one square frame of block diagram or multiple square frames.

These computer program instructions, which may be alternatively stored in, can guide computer or the processing of other programmable datas to set In the standby computer-readable memory worked in a specific way so that be stored in the computer-readable memory Instruction produce include the manufacture of command device, the command device realization in one flow or multiple of flow chart The function of being specified in one square frame of flow and/or block diagram or multiple square frames.

These computer program instructions can be also loaded into computer or other programmable data processing devices, made Obtain and perform series of operation steps on computer or other programmable devices to produce computer implemented place Reason, so that the instruction performed on computer or other programmable devices is provided for realizing in flow chart one The step of function of being specified in flow or multiple flows and/or one square frame of block diagram or multiple square frames.

In a typical configuration, computing device includes one or more processors (CPU), input/defeated Outgoing interface, network interface and internal memory.

Internal memory potentially includes the volatile memory in computer-readable medium, random access memory And/or the form, such as read-only storage (ROM) or flash memory (flash RAM) such as Nonvolatile memory (RAM). Internal memory is the example of computer-readable medium.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by appointing What method or technique realizes that information is stored.Information can be computer-readable instruction, data structure, program Module or other data.The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), dynamic random access memory (DRAM), its Random access memory (RAM), read-only storage (ROM), the electrically erasable of his type are read-only Memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM), digital versatile disc (DVD) or other optical storages, magnetic cassette tape, tape magnetic Disk storage or other magnetic storage apparatus or any other non-transmission medium, can be calculated available for storage The information that equipment is accessed.Defined according to herein, computer-readable medium does not include temporary computer-readable matchmaker The data-signal and carrier wave of body (transitory media), such as modulation.

It should also be noted that, term " comprising ", "comprising" or its any other variant be intended to it is non- It is exclusive to include, so that process, method, commodity or equipment including a series of key elements are not only wrapped Include those key elements, but also other key elements including being not expressly set out, or also include for this process, Method, commodity or the intrinsic key element of equipment.In the absence of more restrictions, by sentence " including One ... " key element that limits, it is not excluded that in the process including the key element, method, commodity or set Also there is other identical element in standby.

It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer journey Sequence product.Therefore, the application can using complete hardware embodiment, complete software embodiment or combine software and The form of the embodiment of hardware aspect.Moreover, the application can be used wherein includes calculating one or more Machine usable program code computer-usable storage medium (include but is not limited to magnetic disk storage, CD-ROM, Optical memory etc.) on the form of computer program product implemented.

The application can be described in the general context of computer executable instructions, example Such as program module.Usually, program module includes performing particular task or realizes particular abstract data type Routine, program, object, component, data structure etc..This can also be put into practice in a distributed computing environment Application, in these DCEs, by the remote processing devices connected by communication network come Execution task.In a distributed computing environment, program module can be located at local including storage device In remote computer storage medium.

Each embodiment in this specification is described by the way of progressive, identical phase between each embodiment As part mutually referring to, what each embodiment was stressed be it is different from other embodiment it Place.For system embodiment, because it is substantially similar to embodiment of the method, so description Fairly simple, the relevent part can refer to the partial explaination of embodiments of method.

Embodiments herein is the foregoing is only, the application is not limited to.For this area skill For art personnel, the application can have various modifications and variations.All institutes within spirit herein and principle Any modification, equivalent substitution and improvements of work etc., should be included within the scope of claims hereof.

Claims

1. a kind of account processing method, it is characterised in that including：

2. the method as described in claim 1, it is characterised in that the account medium is included as follows at least One：Equipment physical address MAC Address, equipment Unique Material identification code UMID codes, terminal client are known Other Module SIM card number, equipment International Mobile Station Equipment Identification IMEI code, unit type, bank card number, Address list relation and householder's identification card number.

3. the method as described in claim 1, it is characterised in that according to the interlock account and target account The quantity of the quantity of account medium common to family and all accounts with the account medium, determines account Family incidence coefficient, is specifically included：

When the quantity of the shared account medium is one, according to the number of the account with the account medium Amount and preset function, obtain account incidence coefficient；

When the quantity of the shared account medium is at least two, according to the number with common account medium The target scaled value and preset function for the gained that is inversely proportional are measured, account incidence coefficient is obtained.

4. method as claimed in claim 3, it is characterised in that the target scaled value is by described common The quantity of some account media and the poor inverse of default value.

5. the method as described in claim 1, it is characterised in that according to the account quilt of the interlock account Steal risk probability and the account incidence coefficient determines that the account of the target account is stolen risk probability, tool Body includes：

The product that the account of each interlock account is stolen into risk probability and the account incidence coefficient does cumulative, Using the stolen risk probability as the target account.

6. method as claimed in claim 5, it is characterised in that be stolen the account of each interlock account The product of risk probability and the account incidence coefficient does cumulative, using the stolen risk as the target account Probability, is specifically included：

The account of the interlock account is stolen risk probability, the account incidence coefficient and default decay system Several products does cumulative, using the stolen risk probability as the target account.

7. method as claimed in claim 6, it is characterised in that the default attenuation coefficient is decayed for layer The product of coefficient and diectric attenuation coefficient, the layer attenuation coefficient be used for characterize interlock account to target account this The decay of one layer of stolen risk probability, diectric attenuation coefficient is caused by association account for characterizing account medium Decay of the family to the stolen risk probability of target account.

8. the method as described in claim 1, it is characterised in that according to the account base of the target account Plinth value-at-risk and account are stolen risk probability and determine that account is stolen value-at-risk, specifically include：

The product that the basic value-at-risk of the account of the target account and account are stolen into risk probability is used as account Stolen value-at-risk.

9. the method as described in claim 1, it is characterised in that obtain has identical with target account Before the interlock account of account medium, methods described also includes：

The basic risk storehouse of inquiry, obtains the basic value-at-risk of account of the target account, the basic risk storehouse Internal memory has the basic value-at-risk that all accounts and each account have.

10. method as claimed in claim 9, it is characterised in that the basic value-at-risk is based on as follows extremely One item missing data are generated：Account alive data, account address date, account safety data.

11. method as claimed in claim 10, it is characterised in that the account alive data is included such as It is at least one of lower：Account Successful Transaction number of times, account successfully transfer accounts number of times, account buy target product knot Really, account last withdraws deposit number of days and account enlivens number of times.

12. method as claimed in claim 10, it is characterised in that the account address date is included such as It is at least one of lower：Account is often with the quantity in province where IP address, account often with province where ship-to Quantity, the hand often bound with the quantity in province, account where the ownership place of the phone number of consignee of account The quantity in the address place province for the identity card that the quantity in province, account where the ownership place of machine number are bound, Body where the quantity in province, the home zone of mobile phone number of login account where the address of the bank card of account binding The quantity in province where the ownership place of the quantity of part and the phone number of logon account.

13. method as claimed in claim 10, it is characterised in that the account safety data are included such as It is at least one of lower：Account credible equipment quantity, the result of account real-name authentication, account install digital certificate As a result, the quantity of account security problem, account bind the result of mobile phone.

14. method as claimed in claim 9, it is characterised in that the basic value-at-risk is based on as follows extremely What one item missing data were generated later by normalized again：Account alive data, account address date, account Family secure data.

15. the method as described in claim 1, it is characterised in that the air control strategy includes security strategy With danger strategy；

Value-at-risk is stolen based on the account and selectes air control strategy, according to the air control strategy to the target account Family is handled, and is specifically included：

16. a kind of account processing method, it is characterised in that including：

17. method as claimed in claim 16, it is characterised in that according to the downstream account and target Resource transfers content and account relation data between account, determine account transfer risk factor, specifically include：

18. method as claimed in claim 17, it is characterised in that first predetermined coefficient is more than institute The 3rd predetermined coefficient is stated, the 3rd predetermined coefficient is more than second predetermined coefficient.

19. method as claimed in claim 16, it is characterised in that according to the account of the downstream account Stolen risk probability and the account transfer risk factor determine upstream seller's risk of the target account Value, is specifically included：

20. method as claimed in claim 16, it is characterised in that the air control strategy includes safe plan Slightly with danger strategy；

When the upstream seller value-at-risk is more than default seller's risk threshold value, it is danger to determine the air control strategy Strategy, is handled the target account according to the dangerous strategy；

When the upstream seller value-at-risk is less than default seller's risk threshold value, it is safety to determine the air control strategy Strategy, is handled the target account according to the security strategy.

21. a kind of device for detecting account risk, it is characterised in that including：

22. device as claimed in claim 21, it is characterised in that the account medium is included as follows extremely One item missing：Equipment physical address MAC Address, equipment Unique Material identification code UMID codes, terminal client Identification module SIM card number, equipment International Mobile Station Equipment Identification IMEI code, unit type, bank card number, Address list relation and householder's identification card number.

23. device as claimed in claim 21, it is characterised in that the incidence coefficient determining module, Specifically for：

24. device as claimed in claim 23, it is characterised in that the target scaled value is the institute The quantity of shared account medium and the poor inverse of default value.

25. device as claimed in claim 21, it is characterised in that the risk probability determining module, Specifically for：

The product that the account of each interlock account is stolen into risk probability and the account incidence coefficient does cumulative, Risk probability is stolen using the account as the target account.

26. device as claimed in claim 25, it is characterised in that the risk probability determining module, Specifically for：

The account of the interlock account is stolen risk probability, the account incidence coefficient and default decay system Several products does cumulative, and risk probability is stolen using the account as the target account.

27. device as claimed in claim 26, it is characterised in that the default attenuation coefficient declines for layer Subtract the product of coefficient and diectric attenuation coefficient, the layer attenuation coefficient is used to characterize interlock account to target account The decay of the stolen risk probability of this layer, diectric attenuation coefficient is caused by associating for characterizing account medium Decay of the account to the stolen risk probability of target account.

28. device as claimed in claim 21, it is characterised in that the value-at-risk determining module, tool Body is used for：

29. device as claimed in claim 21, it is characterised in that described device also includes basic risk Enquiry module, specifically for：

30. device as claimed in claim 29, it is characterised in that the basic value-at-risk is based on as follows At least one of data generate：Account alive data, account address date, account safety data.

31. device as claimed in claim 29, it is characterised in that the account alive data is included such as It is at least one of lower：Account Successful Transaction number of times, account successfully transfer accounts number of times, account buy target product knot Really, account last withdraws deposit number of days and account enlivens number of times.

32. device as claimed in claim 29, it is characterised in that the account address date is included such as It is at least one of lower：Account is often with the quantity in province where IP address, account often with province where ship-to Quantity, the hand often bound with the quantity in province, account where the ownership place of the phone number of consignee of account The quantity in the address place province for the identity card that the quantity in province, account where the ownership place of machine number are bound, Body where the quantity in province, the home zone of mobile phone number of login account where the address of the bank card of account binding The quantity in province where the ownership place of the quantity of part and the phone number of logon account.

33. device as claimed in claim 29, it is characterised in that the account safety data are included such as It is at least one of lower：Account credible equipment quantity, the result of account real-name authentication, account install digital certificate As a result, the quantity of account security problem, account bind the result of mobile phone.

34. device as claimed in claim 29, it is characterised in that the basic value-at-risk is based on as follows What at least one data was generated later by normalized again：Account alive data, account address date, Account safety data.

35. device as claimed in claim 21, it is characterised in that the air control strategy includes safe plan Slightly with danger strategy；

The air control strategy processing module, specifically for：

36. a kind of device for detecting account risk, it is characterised in that including：

37. device as claimed in claim 36, it is characterised in that the risk determining module of transferring accounts, Specifically for：

38. device as claimed in claim 37, it is characterised in that first predetermined coefficient is more than institute The 3rd predetermined coefficient is stated, the 3rd predetermined coefficient is more than second predetermined coefficient.

39. device as claimed in claim 36, it is characterised in that the upstream seller determining module, Specifically for：

40. method as claimed in claim 36, it is characterised in that the air control strategy includes safe plan Slightly with danger strategy；

The air control strategy processing module, specifically for：