CN107465642A - A kind of method and device for judging account abnormal login - Google Patents

A kind of method and device for judging account abnormal login Download PDF

Info

Publication number
CN107465642A
CN107465642A CN201610388097.7A CN201610388097A CN107465642A CN 107465642 A CN107465642 A CN 107465642A CN 201610388097 A CN201610388097 A CN 201610388097A CN 107465642 A CN107465642 A CN 107465642A
Authority
CN
China
Prior art keywords
login
abnormal
user
score
exception
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610388097.7A
Other languages
Chinese (zh)
Other versions
CN107465642B (en
Inventor
陈冉
安子岩
陆睿
乔恩奇
廉晓洋
高松
孟杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baidu Online Network Technology Beijing Co Ltd
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201610388097.7A priority Critical patent/CN107465642B/en
Publication of CN107465642A publication Critical patent/CN107465642A/en
Application granted granted Critical
Publication of CN107465642B publication Critical patent/CN107465642B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention discloses a kind of method and device for judging account abnormal login, this method includes:Obtain the login associated data of currently logged on user;Login associated data and login exception database based on the currently logged on user, the login exception score of the currently logged on user is determined, wherein, the login exception database, which includes, logs in abnormal data and the corresponding abnormal score of login;Abnormal score is logged according to identified, judges whether the account number login of the currently logged on user is abnormal.This programme realizes whether the account that automatic decision currently logs in is that fishing logs in, and effectively prevent because fishing logs in the loss brought to user, while improve Consumer's Experience.

Description

A kind of method and device for judging account abnormal login
Technical field
The present embodiments relate to computer technology, more particularly to a kind of method for judging account abnormal login and Device.
Background technology
In network application, server needs to test the relevant informations such as the username and password of user's input Card, can authorize corresponding authority after being verified and confirmed to the identity of user.Currently, fishing website is got over Come it is more, after these fishing websites get the relevant informations such as the username and password of user by illegal means Logged in, and then steal the fictitious assets of user, a large amount of losses are brought to user.
In the prior art, loss is brought to user in order to avoid account appropriator progress account logs in, generally worked as Server determines user in non-conventional login place or after non-conventional logging device logged in, then sends phase Checking information is closed so that user further confirms that, such as:Apply for checking information reserved during account, or to The reserved phone number in family sends checking short message etc..Although the program can avoid the damage of user to a certain extent Lose, but can not confirm whether this login behavior is that fishing logs in.Meanwhile as long as user exists in the program Non- conventional login place or non-conventional logging device are logged in, and need the checking again of user, and many feelings But it is the normal login of user itself under condition, thus brings poor Consumer's Experience to user, it is necessary to user Multi-pass operation.
The content of the invention
The present invention provides a kind of method and device for judging account abnormal login, can automatic decision currently log in Whether account is that fishing logs in, and effectively prevent because fishing logs in the loss brought to user, improves simultaneously Consumer's Experience.
In a first aspect, the embodiments of the invention provide a kind of method for judging account abnormal login, including:
Obtain the login associated data of currently logged on user;
Login associated data and login exception database based on the currently logged on user, are determined described current The login exception score of login user, wherein, it is described login exception database include log in abnormal data and It is corresponding to log in abnormal score;
Abnormal score is logged according to identified, judges whether the account number login of the currently logged on user is abnormal.
Second aspect, the embodiment of the present invention additionally provide a kind of device for judging account abnormal login, including:
Data acquisition module, for obtaining the login associated data of currently logged on user;
First logs in abnormal score determining module, for the login associated data based on the currently logged on user With log in exception database, determine the login exception score of the currently logged on user, wherein, the login Exception database, which includes, logs in abnormal data and the corresponding abnormal score of login;
Abnormal judge module, for logging in abnormal score determined by, judge the currently logged on user Account number log in it is whether abnormal.
The embodiment of the present invention current is logged in by obtaining the login associated data of currently logged on user based on described The login associated data and login exception database of user, determines that the login of the currently logged on user obtains extremely Point, abnormal score is logged according to identified, judges whether the account number login of the currently logged on user is abnormal, Solve the problems, such as that fishing logs in None- identified, realize whether the account that automatic decision currently logs in is fishing Log in, effectively prevent because fishing logs in the loss brought to user, while improve Consumer's Experience.
Brief description of the drawings
Fig. 1 is the flow chart of the method for the judgement account number exception that the embodiment of the present invention one provides;
Fig. 2 shows the flow chart of an example of the building process for logging in exception database;
Fig. 3 is the flow chart of the method for the judgement account number exception that the embodiment of the present invention two provides;
Fig. 4 is the flow chart of the method for the judgement account number exception that the embodiment of the present invention three provides;
Fig. 5 is the structural representation of the device for the judgement account number exception that the embodiment of the present invention four provides.
Embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this The specific embodiment of place description is used only for explaining the present invention, rather than limitation of the invention.Also need in addition It is noted that for the ease of description, part related to the present invention illustrate only in accompanying drawing and not all knot Structure.
Embodiment one
Fig. 1 is the flow chart of the method for the judgement account number exception that the embodiment of the present invention one provides, and the present embodiment can Situation about illegally being logged in after being obtained suitable for account number by fishing website, this method can be held by server OK, specifically include:
S101, the login associated data for obtaining currently logged on user;
Wherein, currently logged on user is to carry out account login or have logged in the user using account. After user is logged in using account number, the login associated data of the currently logged on user of acquisition can currently be stepped on Login IP, login region and logging device mark during record etc..Wherein log in region can be by server from It is dynamic that the IP of login is transformed, compare analysis for follow-up.
Here, abnormal login device identification can be such as International Mobile Station Equipment Identification (International Mobile EquIPment Identity, abbreviation IMEI) etc. can be identified for that the identification number of mobile terminal device. Abnormal login region refers to the region that local log-on occurs, and can be obtained, can also passed through by logging in IP Other positioning means identify.
S102, the login associated data based on the currently logged on user and login exception database, determine institute The login exception score of currently logged on user is stated, wherein, the login exception database, which includes, logs in abnormal number Abnormal score is logged according to this and correspondingly.
Login abnormal data and the corresponding abnormal score of login in the login exception database can pass through record And the historical operating data for analyzing login user obtains, it is preferable that can be by recording and analyzing at least two The historical operating data of login user obtains.
Fig. 2 shows the flow chart of an example of the building process for logging in exception database.As shown in Fig. 2 First, in S201, the historical operating data of at least two users of acquisition.Then, in S202, according to described Historical operating data carries out machine learning and Activity recognition judges to determine to log in abnormal data, and is stepped on according to described The frequency of occurrence of abnormal data is recorded, determines to log in abnormal score corresponding to the login abnormal data.Generally and Speech, it is higher to log in the frequency of occurrence of abnormal data, and logging in abnormal score corresponding to the login abnormal data gets over It is high.Then, in S203, the login abnormal data and the corresponding abnormal score of login are stored in the abnormal number According in storehouse.
It will be clear that the login exception database can be built in advance, can also build in real time. In real-time structure, S201 to S203 can be performed before S101, can also S101 and S102 it Between perform.
In addition, as described above, login associated data can be including at least one of following:Log in IP, login is set It is standby to identify and log in region.Correspondingly, abnormal data is logged in including at least one of following:Abnormal login IP, Abnormal login device identification and abnormal login region.
Wherein, when login associated data is logged on device identification or logs in region, based on currently logged on user Login associated data and log in exception database, determine that the login exception score of the currently logged on user can With including:When different in the presence of the login identified with logging device or login region matches in exception database is logged in During regular data, by the login for logging in abnormal score and being defined as currently logged on user corresponding with logging in abnormal data Abnormal score.Specifically, strategy is compared using strong matching, i.e., in exception database is logged in the presence of with it is described When logging device identifies or logged in the login abnormal data of region matching, it can be regarded as hit, will be set with abnormal login Score corresponding to standby mark or abnormal login region is defined as the login exception score of currently logged on user.Example Property, in the comparison process for logging in region, IP is calculated by using pre-defined IP text libraries Ownership place is as login region.
When the login associated data is logged on IP, the login associated data based on the currently logged on user With login exception database, determining the login exception score of the currently logged on user can include:Calculate institute State the similarity for logging in IP and each abnormal login IP in the login exception database;It will be calculated The minimum abnormal login IP of similarity be defined as the abnormal login IP matched with the login IP;Based on institute Abnormal score is logged in corresponding to the similarity and the abnormal login IP of the matching calculated, is calculated described current The login exception score of login user.
Exemplary, first, by the specific number of the IP in current the login IP and exception database that get Value is converted into 10 system numbers (numeral that 10 systems are converted into using IP as 256 systems), such as IP address It is for 1.2.3.4, the then IP for being converted into 10 system numbers accordingly 1*256^3+2*256^2+3*256+4=33818112, then calculate current login IP numerical value and exception database In all abnormal login IP numerical value absolute difference, such as current IP that logs in is 1.2.3.4, therein one Individual abnormal login IP is 1.2.4.2, and the difference of the two is specifically to value | (1*256^3+2*256^2+3*256+4)-(1*256^3+2*256^2+4*256+2) |=254, wherein 254 As the current similarity for logging in some abnormal login IP in IP and exception database.Similarly, count successively The current similarity logged between IP and all abnormal login IP is calculated, minimum phase is taken after Similarity Measure Login exception score of the abnormal score value as currently logged on user like corresponding to the abnormal login IP of degree.Specifically Computational methods be:(IP exceptions score value) * ((similarity threshold)-(similarity)/(similarity is pre- Put)), here, similarity threshold is the numerical value pre-set, such as 10000.
Moreover it is preferred that include logging in IP, logging device mark in the login associated data and log in ground When at least two in domain, the login exception score of the currently logged on user is to be directed to all kinds of login associated datas The login exception score sum calculated.
S103, abnormal score is logged in determined by, judging that the account number of the currently logged on user logs in is No exception.
Specifically, in one example, it is determined that after the login exception score of currently logged on user, generally will The login exception score subtracts as deduction from the fixed score (such as 10000) pre-set The login exception score, obtains final score, then, using final score compared with predetermined threshold, If fraction is more than the predetermined threshold, then it is assumed that logs in normally, otherwise it is assumed that logging in abnormal.
It will be apparent that it is only according to the identified account for logging in abnormal score, judging currently logged on user above Number log in whether an abnormal example.Other judgment modes well known in the art, are also applied for the present invention.
Moreover it is preferred that on the basis of above-mentioned technical proposal, methods described can also include:Judging When logging in abnormal for the account number of the currently logged on user, according to the login of the currently logged on user extremely Point, login behavior to the currently logged on user carries out respective handling, wherein the respective handling include to Registered user sends notice, notice is sent to keeper and releases at least one of current logged-on status.Example Property, as above obtained finally by subtracting the abnormal score of login from default fixed score (such as 10000) After score, predetermined threshold is 6000 here, it is assumed that final score can be without processing in [10000,6000]; Final score can send to registered user in (6000,4000) and notify, final score can in (4000,2000) Sent with to send notice to registered user and notified to keeper simultaneously, final score is in (2000,0) then to note While volume user and keeper send notice, release and currently log in state.
The technical scheme of the present embodiment, solve the problems, such as that fishing logs in None- identified, even if account is stolen, When stealing account person and logging in the account, technical scheme provided in an embodiment of the present invention can be based on, it is effectively real Whether the account that existing automatic decision currently logs in is that fishing logs in, and be effectively prevent because fishing is logged in user The loss brought, while improve Consumer's Experience.
In addition, in a preferred exemplary of this programme, because abnormal data used in comparison is according to extremely What the historical operating data of few two users determined, rather than it is true according only to the historical operating data institute of active user It is fixed, so can avoid determining the limitation caused by abnormal data according only to the personal behavior of active user, Make abnormal judgement more accurate.
Embodiment two
Fig. 3 is the flow chart of the method for the judgement account number exception that the embodiment of the present invention two provides.The present embodiment is The improvement embodiment of embodiment one.Compared to Figure 1, arrived except increasing S204 between S102 and S103 S206, and be that remaining step is identical with Fig. 1 outside S103 ' by S103 adaptations.Here, only Only to S204 to S206 and S103 ' illustrate, other steps repeat no more.It is true in step s 102 After making the login exception score of currently logged on user, in S204, judge whether related to the user Historical log checking information.Here, the historical log checking information can include logging device identification information With login IP information.The historical log checking information can be whole historical log checking informations, can also It is the historical log checking information in predetermined amount of time, for example logs in the historical log in 1 year apart from this and test Demonstrate,prove information.When in the absence of the historical log checking information related to the user, proceed to S103 ', utilize That is determined logs in abnormal score to judge that it is whether abnormal that the account number of currently logged on user logs in.
In history of existence login authentication information, proceed to S205, the historical log checking information based on user, Determine the weight coefficient that user currently logs in.In the example of the present invention, the weight coefficient can be with base Logging device identification information in historical log checking information and the occurrence number of IP information is logged in determine, Such as weight coefficient=logging device mark occurrence number+login IP occurrence numbers -1.Then, in S206, Based on identified weight coefficient, the login exception score of the currently logged on user to being determined is weighted Processing, for example abnormal score will be logged in and be multiplied with weight coefficient.Then, in S103 ', according to being weighted Login exception score after processing, judge whether the account number login of the currently logged on user is abnormal.
In the scheme of the present embodiment, by judging whether account introduces weight coefficient during exception, Further increase the accuracy rate of judgement.
Embodiment three
Fig. 4 show the flow chart of the method for the judgement account number exception of the offer of the embodiment of the present invention three, this implementation On the basis of embodiment one, further increase prevents from repeating in certain period of time to login example The operation of reason, is specifically included:
S301, the login associated data for obtaining currently logged on user.
S302, the login associated data based on the currently logged on user and login exception database, determine institute State the login exception score of currently logged on user.
S303, abnormal score is logged in based on identified, judge whether the account number login of currently logged on user is different Often, if then performing S304, if otherwise performing S306.
S304, be judged as currently logged on user account number log in it is abnormal when, judgement be within a predetermined period of time It is no to live through respective handling.If not living through respective handling, in S305, exception is logged according to identified Score score value carries out respective handling to the register of the active user.If living through respective handling, S306, without respective handling.
Wherein, the predetermined amount of time can be preferably half a day or one day, that is, there was only the login of the active user Respective handling was not affected by during the predetermined amount of time of setting, just performs and is entered according to the abnormal score score value of login The operation of row respective handling, prevents multiplicating from handling.
The technical scheme of the present embodiment, it is interior during predetermined amount of time, single treatment is only carried out, is avoided repeatedly Reprocess and excessive interference is carried out to the abnormal login of misrecognition, so as to further improve Consumer's Experience.
Example IV
Fig. 5 is the structural representation of the device for the judgement account number exception that the embodiment of the present invention four provides, specific to wrap Include:Data acquisition module 1, first logs in abnormal score determining module 2 and abnormal judge module 3.
Wherein, data acquisition module, for obtaining the login associated data of currently logged on user;
First logs in abnormal score determining module, for the login associated data based on the currently logged on user With log in exception database, determine the login exception score of the currently logged on user, wherein, the login Exception database, which includes, logs in abnormal data and the corresponding abnormal score of login;
Abnormal judge module, for logging in abnormal score determined by, judge the currently logged on user Account number log in it is whether abnormal.
The technical scheme of the present embodiment, solve the problems, such as that fishing logs in None- identified, even if account is stolen, When stealing account person and logging in the account, technical scheme provided in an embodiment of the present invention can be based on, it is effectively real Whether the account that existing automatic decision currently logs in is that fishing logs in, and be effectively prevent because fishing is logged in user The loss brought, while improve Consumer's Experience.
On the basis of above-mentioned technical proposal, the data acquisition module is additionally operable to:Obtain at least two users Historical operating data;And described device also includes:Second logs in abnormal score determining module, for pair The historical operating data carries out statistical analysis and obtains logging in abnormal data and the corresponding abnormal score of login, by institute State and log in abnormal data and the corresponding login abnormal score deposit exception database.
On the basis of above-mentioned technical proposal, described second, which logs in abnormal score determining module, is specifically used for:Root Machine learning is carried out according to the historical operating data and Activity recognition judges to determine to log in abnormal data;According to institute The frequency of occurrence for logging in abnormal data is stated, determines to log in abnormal score corresponding to the login abnormal data.
On the basis of above-mentioned technical proposal, it is logged on device identification in the login associated data or logs in ground During domain, described first, which logs in abnormal score determining module, is specifically used for:When in the login exception database , will be different with the login during in the presence of the login abnormal data matched with logging device mark or login region The login exception score that abnormal score is defined as the currently logged on user is logged in corresponding to regular data;Or When the login associated data is logged on IP, described first, which logs in abnormal score determining module, is specifically used for:Meter Calculate the login IP and each abnormal login IP in the login exception database similarity;It will be counted The abnormal login IP of the similarity minimum calculated is defined as the abnormal login IP matched with the login IP;Base In logging in abnormal score corresponding to the similarity and the abnormal login IP of the matching calculated, described in calculating The login exception score of currently logged on user.
On the basis of above-mentioned technical proposal, include logging in IP, logging device mark in the login associated data When knowing and logging at least two in region, the login exception score of the currently logged on user is stepped on for all kinds of The login exception score sum that record associated data calculates.
On the basis of above-mentioned technical proposal, described device also includes:Weight coefficient determining module, for During user's history of existence login authentication information, the historical log checking information based on user, determine that user is current The weight coefficient of login;And the first login exception obtains sub-module and is additionally operable to weight based on determined by and is Number, the login exception score of the currently logged on user to being determined are weighted processing, the abnormal judgement Module is additionally operable to:According to the login exception score being weighted after handling, judge the currently logged on user's Whether account number logs in abnormal.
On the basis of above-mentioned technical proposal, it is characterised in that described device also includes:Exception processing module, During for logging in abnormal in the account number for being judged as the currently logged on user, according to the currently logged on user's Abnormal score is logged in, the login behavior to the currently logged on user carries out respective handling, wherein described corresponding Processing includes sending notice to registered user, notice is sent to keeper and is released in current logged-on status at least It is a kind of.
The said goods can perform the method that any embodiment of the present invention is provided, and possess the corresponding work(of execution method Can module and beneficial effect.
Pay attention to, above are only presently preferred embodiments of the present invention and institute's application technology principle.Those skilled in the art It will be appreciated that the invention is not restricted to specific embodiment described here, can enter for a person skilled in the art Row is various significantly to be changed, readjust and substitutes without departing from protection scope of the present invention.Therefore, though So the present invention is described in further detail by above example, but the present invention be not limited only to Upper embodiment, without departing from the inventive concept, other more equivalent embodiments can also be included, And the scope of the present invention is determined by scope of the appended claims.

Claims (16)

  1. A kind of 1. method for judging account abnormal login, it is characterised in that including:
    Obtain the login associated data of currently logged on user;
    Login associated data and login exception database based on the currently logged on user, are determined described current The login exception score of login user, wherein, it is described login exception database include log in abnormal data and It is corresponding to log in abnormal score;
    Abnormal score is logged according to identified, judges whether the account number login of the currently logged on user is abnormal.
  2. 2. according to the method for claim 1, it is characterised in that described to log in abnormal data and correspondingly step on Abnormal score is recorded to be determined according to the historical operating data of at least two login users.
  3. 3. according to the method for claim 2, it is characterised in that also include:
    Obtain the historical operating data of at least two users;
    Statistical analysis is carried out to the historical operating data to obtain login abnormal data and correspond to log in abnormal obtain Point;
    The login abnormal data and the corresponding abnormal score of login are stored in the exception database.
  4. 4. according to the method for claim 3, it is characterised in that the historical operating data is united Meter analysis obtains logging in abnormal data and corresponding to the abnormal score of login including:
    Machine learning is carried out according to the historical operating data and Activity recognition judges to determine to log in abnormal data;
    According to the frequency of occurrence of the login abnormal data, determine that login corresponding to the login abnormal data is different Chang get Fen.
  5. 5. according to the method described in any claim in claim 1-4, it is characterised in that the login Associated data includes at least one of following:
    Log in IP, logging device mark and log in region;And
    The login abnormal data includes at least one of following:
    Abnormal login IP, abnormal login device identification and abnormal login region.
  6. 6. according to the method for claim 5, it is characterised in that be logged in the login associated data When device identification or login region, login associated data and the abnormal number of login based on the currently logged on user According to storehouse, determining the login exception score of the currently logged on user includes:
    Stepped on when existing in the login exception database with what logging device mark or login region matched When recording abnormal data, it corresponding with the login abnormal data will log in abnormal score and be defined as described currently stepping on Employ the login exception score at family;Or
    When the login associated data is logged on IP, the login associated data based on the currently logged on user With login exception database, determining the login exception score of the currently logged on user includes:
    Calculate the login IP and each abnormal login IP in the login exception database similarity;
    The minimum abnormal login IP of the similarity calculated is defined as the exception matched with the login IP Log in IP;
    Based on abnormal score is logged in corresponding to the similarity calculated and the abnormal login IP of the matching, count Calculate the login exception score of the currently logged on user.
  7. 7. according to the method for claim 6, it is characterised in that include stepping in the login associated data When recording IP, logging device mark and logging at least two in region, the login of the currently logged on user is abnormal Score is the login exception score sum calculated for all kinds of login associated datas.
  8. 8. according to the method for claim 7, it is characterised in that believe in user's history of existence login authentication During breath, methods described also includes:
    Historical log checking information based on user, determine the weight coefficient that user currently logs in;
    Based on identified weight coefficient, the login exception score of the currently logged on user to being determined is carried out Weighting is handled, and
    Abnormal score is logged according to identified, judges whether the account number login of the currently logged on user is abnormal Including:
    According to the login exception score being weighted after handling, judge that the account number of the currently logged on user logs in It is whether abnormal.
  9. 9. according to the method for claim 8, it is characterised in that methods described also includes:
    When the account number for being judged as the currently logged on user logs in abnormal, according to the currently logged on user's Abnormal score is logged in, the login behavior to the currently logged on user carries out respective handling,
    Wherein described respective handling includes sending notice to registered user, notice is sent to keeper and is released and is worked as At least one of preceding logging status.
  10. A kind of 10. device for judging account abnormal login, it is characterised in that including:
    Data acquisition module, for obtaining the login associated data of currently logged on user;
    First logs in abnormal score determining module, for the login associated data based on the currently logged on user With log in exception database, determine the login exception score of the currently logged on user, wherein, the login Exception database, which includes, logs in abnormal data and the corresponding abnormal score of login;
    Abnormal judge module, for logging in abnormal score determined by, judge the currently logged on user Account number log in it is whether abnormal.
  11. 11. device according to claim 10, it is characterised in that
    The data acquisition module is additionally operable to:Obtain the historical operating data of at least two users;It is and described Device also includes:
    Second logs in abnormal score determining module, is obtained for carrying out statistical analysis to the historical operating data Log in abnormal data and correspond to and log in abnormal score, by the login abnormal data and the corresponding abnormal score of login It is stored in the exception database.
  12. 12. device according to claim 11, it is characterised in that the abnormal score of second login is true Cover half block is specifically used for:
    Machine learning is carried out according to the historical operating data and Activity recognition judges to determine to log in abnormal data;
    According to the frequency of occurrence of the login abnormal data, determine that login corresponding to the login abnormal data is different Chang get Fen.
  13. 13. device according to claim 12, it is characterised in that it is described login associated data be to step on When recording apparatus identifies or logs in region, described first, which logs in abnormal score determining module, is specifically used for:
    Stepped on when existing in the login exception database with what logging device mark or login region matched When recording abnormal data, it corresponding with the login abnormal data will log in abnormal score and be defined as described currently stepping on Employ the login exception score at family;Or
    When the login associated data is logged on IP, described first, which logs in abnormal score determining module, specifically uses In:
    Calculate the login IP and each abnormal login IP in the login exception database similarity;
    The minimum abnormal login IP of the similarity calculated is defined as the exception matched with the login IP Log in IP;
    Based on abnormal score is logged in corresponding to the similarity calculated and the abnormal login IP of the matching, count Calculate the login exception score of the currently logged on user.
  14. 14. device according to claim 13, it is characterised in that include in the login associated data When logging in IP, logging device mark and logging at least two in region, the login of the currently logged on user is different Chang get Fen is the login exception score sum calculated for all kinds of login associated datas.
  15. 15. device according to claim 14, it is characterised in that described device also includes:
    Weight coefficient determining module, in user's history of existence login authentication information,
    Historical log checking information based on user, determine the weight coefficient that user currently logs in;And
    Described first, which logs in the abnormal sub-module that obtains, is additionally operable to the weight coefficient based on determined by, to what is determined The login exception score of currently logged on user is weighted processing,
    The abnormal judge module is additionally operable to:
    According to the login exception score being weighted after handling, judge that the account number of the currently logged on user logs in It is whether abnormal.
  16. 16. device according to claim 15, it is characterised in that described device also includes:
    Exception processing module, for be judged as the currently logged on user account number log in it is abnormal when, according to The login exception score of the currently logged on user, the login behavior to the currently logged on user carry out corresponding Processing, wherein the respective handling includes sending notice to registered user, notice is sent to keeper and is released At least one of current logged-on status.
CN201610388097.7A 2016-06-02 2016-06-02 Method and device for judging abnormal login of account Active CN107465642B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610388097.7A CN107465642B (en) 2016-06-02 2016-06-02 Method and device for judging abnormal login of account

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610388097.7A CN107465642B (en) 2016-06-02 2016-06-02 Method and device for judging abnormal login of account

Publications (2)

Publication Number Publication Date
CN107465642A true CN107465642A (en) 2017-12-12
CN107465642B CN107465642B (en) 2020-12-11

Family

ID=60545539

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610388097.7A Active CN107465642B (en) 2016-06-02 2016-06-02 Method and device for judging abnormal login of account

Country Status (1)

Country Link
CN (1) CN107465642B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109558951A (en) * 2018-11-23 2019-04-02 北京知道创宇信息技术有限公司 A kind of fraud account detection method, device and its storage medium
CN109740352A (en) * 2018-12-28 2019-05-10 微梦创科网络科技(中国)有限公司 A kind of account processing method, device and electronic equipment
CN109889485A (en) * 2018-12-28 2019-06-14 顺丰科技有限公司 A kind of user's abnormal operation behavioral value method, system and storage medium
CN110062380A (en) * 2019-04-28 2019-07-26 广东电网有限责任公司 A kind of connected reference request safety detection method of mobile application system
CN110362981A (en) * 2019-06-29 2019-10-22 上海淇毓信息科技有限公司 The method and system of abnormal behaviour are judged based on credible equipment fingerprint
CN110502896A (en) * 2019-08-28 2019-11-26 杭州安恒信息技术股份有限公司 A kind of leakage monitoring method, system and the relevant apparatus of site information
CN110839003A (en) * 2018-08-16 2020-02-25 北京嘀嘀无限科技发展有限公司 Method and device for identifying number stealing behavior, computer equipment and storage medium
CN111311285A (en) * 2020-02-21 2020-06-19 深圳壹账通智能科技有限公司 Method, device, equipment and storage medium for preventing user from illegally logging in
CN111385272A (en) * 2018-12-29 2020-07-07 北京奇虎科技有限公司 Weak password detection method and device
CN113810329A (en) * 2020-06-11 2021-12-17 中国科学院计算机网络信息中心 Detection method and detection system for mailbox account abnormity

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110839003A (en) * 2018-08-16 2020-02-25 北京嘀嘀无限科技发展有限公司 Method and device for identifying number stealing behavior, computer equipment and storage medium
CN109558951A (en) * 2018-11-23 2019-04-02 北京知道创宇信息技术有限公司 A kind of fraud account detection method, device and its storage medium
CN109740352A (en) * 2018-12-28 2019-05-10 微梦创科网络科技(中国)有限公司 A kind of account processing method, device and electronic equipment
CN109889485A (en) * 2018-12-28 2019-06-14 顺丰科技有限公司 A kind of user's abnormal operation behavioral value method, system and storage medium
CN111385272A (en) * 2018-12-29 2020-07-07 北京奇虎科技有限公司 Weak password detection method and device
CN110062380A (en) * 2019-04-28 2019-07-26 广东电网有限责任公司 A kind of connected reference request safety detection method of mobile application system
CN110362981A (en) * 2019-06-29 2019-10-22 上海淇毓信息科技有限公司 The method and system of abnormal behaviour are judged based on credible equipment fingerprint
CN110502896A (en) * 2019-08-28 2019-11-26 杭州安恒信息技术股份有限公司 A kind of leakage monitoring method, system and the relevant apparatus of site information
CN110502896B (en) * 2019-08-28 2021-07-27 杭州安恒信息技术股份有限公司 Leakage monitoring method and system for website information and related device
CN111311285A (en) * 2020-02-21 2020-06-19 深圳壹账通智能科技有限公司 Method, device, equipment and storage medium for preventing user from illegally logging in
CN113810329A (en) * 2020-06-11 2021-12-17 中国科学院计算机网络信息中心 Detection method and detection system for mailbox account abnormity

Also Published As

Publication number Publication date
CN107465642B (en) 2020-12-11

Similar Documents

Publication Publication Date Title
CN107465642A (en) A kind of method and device for judging account abnormal login
US10965668B2 (en) Systems and methods to authenticate users and/or control access made by users based on enhanced digital identity verification
CN108062629B (en) Transaction event processing method, terminal device and medium
US10187369B2 (en) Systems and methods to authenticate users and/or control access made by users on a computer network based on scanning elements for inspection according to changes made in a relation graph
US10250583B2 (en) Systems and methods to authenticate users and/or control access made by users on a computer network using a graph score
US9888007B2 (en) Systems and methods to authenticate users and/or control access made by users on a computer network using identity services
CN105791255B (en) Computer risk identification method and system based on account clustering
JP6732806B2 (en) Account theft risk identification method, identification device, and prevention/control system
CN106529288A (en) Account risk identification method and device
CN105243252B (en) A kind of method and device of account risk assessment
CN109344583B (en) Threshold determination and body verification method and device, electronic equipment and storage medium
CN106789844B (en) Malicious user identification method and device
CN110892675B (en) Method and apparatus for monitoring block chains
CN109698809A (en) A kind of recognition methods of account abnormal login and device
CN112184241B (en) Identity authentication method and device
CN110598383B (en) Method and device for removing account authority limit
CN113162923B (en) User reliability evaluation method and device based on user behaviors and storage medium
CN108229157A (en) Server attack early warning method and apparatus
CN110839003A (en) Method and device for identifying number stealing behavior, computer equipment and storage medium
CN106375259B (en) Same-user account identification method and device
CN105828322B (en) A kind of method, mobile terminal and security centre that user logs in
CN107888576B (en) Anti-collision library safety risk control method using big data and equipment fingerprints
CN107040497A (en) Network account theft preventing method and device
KR20150131846A (en) Method and System for preventing Login ID theft using captcha
CN114358543A (en) Information processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant