CN108684044A - A kind of user behavior detecting system, method and device - Google Patents
A kind of user behavior detecting system, method and device Download PDFInfo
- Publication number
- CN108684044A CN108684044A CN201810638963.2A CN201810638963A CN108684044A CN 108684044 A CN108684044 A CN 108684044A CN 201810638963 A CN201810638963 A CN 201810638963A CN 108684044 A CN108684044 A CN 108684044A
- Authority
- CN
- China
- Prior art keywords
- equipment
- behavior
- facility information
- user
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Transfer Between Computers (AREA)
Abstract
An embodiment of the present invention provides a kind of user behavior detecting system, method and device, which includes:Client, background server, Cloud Server;Client sends the service request for including the first equipment mark code to background server, and the first equipment mark code is Cloud Server according to the identification code that the facility information of the first equipment is the distribution of the first equipment, equipment of first equipment where client;Background server receives service request, and sends the user behavior detection request for carrying the first equipment mark code to Cloud Server according to service request;The detection request of cloud server user behavior, and the risk factor that characterization target user's behavior belongs to fraud is obtained, as target risk coefficient and it is sent to background server;Background server receives target risk coefficient, and determines whether target user's behavior is fraud according to target risk coefficient.It can ensure interests of the service side in providing a user service process using technical solution provided in an embodiment of the present invention.
Description
Technical field
The present invention relates to Internet technical fields, more particularly to a kind of user behavior detecting system, method and device.
Background technology
With the development of Internet technology, service side is more and more common in such a way that internet provides a user service.
By way of network offering services, while being brought convenience to user, also challenge is brought to the operation way of service side.
For example, service side is in order to carry out service popularization, it will usually release the activity for providing a user discount coupon.In this work
In dynamic, service side ensures the income of itself while extension service, it will usually limit the discount coupon number that user can get
Amount.However during user gets discount coupon, some users in order to use discount coupon be used for multiple times service side popularization
Service, it will usually quantity limited more than service side discount coupon is got using the repeatedly modes such as registration, so that service side
Interests incur loss in providing a user service process.
Based on this, there is an urgent need for a kind of effective methods to detect user behavior to ensure that service side is providing a user clothes
Interests during business.
Invention content
The embodiment of the present invention is designed to provide a kind of user behavior detecting system, method and device, to realize detection
Whether user behavior is fraud, to ensure interests of the service side in providing a user service process.Specific technical solution
It is as follows:
The one side that the present invention is implemented, provides a kind of user behavior detecting system, which includes:Client, backstage
Server, Cloud Server, wherein
The client, for sending the service request for including the first equipment mark code to the background server, wherein
First equipment mark code is:The Cloud Server is according to the mark that the facility information of the first equipment is first equipment distribution
Know code, first equipment is:Equipment where the client;
The background server, for receiving the service request, and according to the service request to the Cloud Server
Send user behavior detection request, wherein carry first equipment mark code in the user behavior detection request;
The Cloud Server for receiving the user behavior detection request, and is obtained for characterizing target user's behavior
The risk factor for belonging to fraud, as target risk coefficient, wherein target user's behavior is:The client is logical
It crosses to the background server and sends the service request and ask the behavior serviced;The mesh is sent to the background server
Mark risk factor;
The background server determines institute for receiving the target risk coefficient, and according to the target risk coefficient
State whether target user's behavior is fraud.
It is optionally, described to obtain for characterizing the step of target user's behavior belongs to the risk factor of fraud,
Including:
In the mapping relations of pre-stored equipment mark code and facility information, it includes first device identification to search
The mapping relations of code, as the first mapping relations;
The facility information that calculation risk coefficient is used in the facility information that first mapping relations include is obtained, as the
A kind of facility information;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the risk of each facility information
Value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk system for belonging to fraud for characterizing target user's behavior
Number.
Optionally, the facility information for calculation risk coefficient includes at least one of following information:
Equipment is characterized whether using the information acted on behalf of;
Whether characterization equipment has obtained the information of root authority.
Optionally, after the reception risk factor the step of, further include:
The historical service request for including first equipment mark code is obtained, according to historical service request determination
The request number of times of service request;
Correspondingly, described to determine that the step of whether target user's behavior is fraud is wrapped according to the risk factor
It includes:
According to the risk factor and the request number of times, determine whether target user's behavior is fraud.
Optionally, the client is additionally operable to detection logging request, and is completed after logging according to the logging request, obtains
The information that computing device identification code is used in the facility information of the first equipment is taken, as the second class facility information, and by described the
Two class facility informations are sent to the Cloud Server;
The Cloud Server is additionally operable to receive the second class facility information that the client is sent, and described in calculating
For between the information of computing device identification code in the facility information that second class facility information includes respectively with each mapping relations
Similarity;
The similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value is judged, if so, by target
The equipment mark code for including in mapping relations is determined as first equipment mark code, and first equipment mark code is fed back
To the client, wherein the target mapping relations are:Include the mapping relations of target device information, the target device
Information is:Including being more than for the similarity between the information and the second class facility information of computing device identification code default
The facility information of threshold value;
If not, according to preset correspondence between facility information and identification code, the second class equipment is determined
The identification code of each information in information, merge determined by each identification code obtain first equipment mark code, by described the
One equipment mark code feeds back to the client, and the first identifier code and the second class facility information are stored to described
In mapping relations.
Optionally, the information for computing device identification code includes at least one of following information:
Language that systematic name, system version, device type, unit type, the country residing for equipment, equipment use, screen
Geographical location, Internet Service Provider, user residing for the equipment that curtain resolution ratio, CPU models, local IP, public network IP, IP are characterized
Act on behalf of UserAgent, ad identifier IDFA, IDFV, Virtual Private Network VPN, Universally Unique Identifier UUID, longitude and latitude,
Network type, operator, country code, network number, random access memory ram, read-only memory mirror image ROM, device battery capacity,
Equipment manufacturers, international mobile subscriber identity IMSI, network/MAC address, the equipment sequence that equipment manufacturers are equipment distribution
Number, the time zone in geographical location residing for international mobile equipment identification number IMEI, screen size, baseband version, equipment, device network system
Browser uses in the kernel of browser, equipment in formula, equipment language, web protocol, equipment are maximum while touching points, sail
Cloth fingerprint.
The another aspect that the present invention is implemented additionally provides a kind of user behavior detection method, is applied to user behavior detection system
Cloud Server in system, wherein the user behavior detecting system includes:Client, background server and Cloud Server, it is described
Method includes:
Receive the user behavior detection request that background server is sent, wherein carried in the user behavior detection request
First equipment mark code, first equipment mark code are:The Cloud Server is described according to the facility information of the first equipment
The identification code of first equipment distribution, first equipment are:Equipment where the client;
It obtains and belongs to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient,
Wherein, target user's behavior is:The client sends the service request to the background server and asks to service
Behavior;
The target risk coefficient is sent to the background server, so that the background server is according to the target wind
Dangerous coefficient determines whether target user's behavior is fraud.
It is optionally, described to obtain for characterizing the step of target user's behavior belongs to the risk factor of fraud,
Including:
In the mapping relations of pre-stored equipment mark code and facility information, it includes first device identification to search
The mapping relations of code, as the first mapping relations;
The facility information that calculation risk coefficient is used in the facility information that first mapping relations include is obtained, as the
A kind of facility information;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the risk of each facility information
Value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk system for belonging to fraud for characterizing target user's behavior
Number.
Optionally, the method further includes:
Receive the second class facility information that the client is sent;
It calculates and is used for computing device in the facility information that the second class facility information includes respectively with each mapping relations
Similarity between the information of identification code;
The similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value is judged, if so, by target
The equipment mark code for including in mapping relations is determined as first equipment mark code, and first equipment mark code is fed back
To the client, wherein the target mapping relations are:Include the mapping relations of target device information, the target device
Information is:Including being more than for the similarity between the information and the second class facility information of computing device identification code default
The facility information of threshold value;
If not, according to preset correspondence between facility information and identification code, the second class equipment is determined
The identification code of each information in information, merge determined by each identification code obtain first equipment mark code, by described the
One equipment mark code feeds back to the client, and the first identifier code and the second class facility information are stored to described
In mapping relations.
The another aspect that the present invention is implemented additionally provides a kind of user behavior detection method, is applied to user behavior and detects
Background server in system, wherein the user behavior detecting system includes:Client, background server and Cloud Server,
The method includes:
Receive the service request for including the first equipment mark code that client is sent, wherein first equipment mark code
For:The Cloud Server is according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment
For:Equipment where the client;
The risk factor for belonging to fraud for characterizing target user's behavior is obtained, as target risk coefficient, wherein
Target user's behavior is:The client sends the service request to the background server and asks the row serviced
For;
Determine whether target user's behavior is fraud according to the target risk coefficient.
Optionally, described to obtain for characterizing the step of target user's behavior belongs to the risk factor of fraud, including:
User behavior detection request is sent to the Cloud Server according to the service request, so that the Cloud Server obtains
The risk factor for belonging to fraud in characterization target user's behavior is taken, as target risk coefficient, wherein the use
First equipment mark code is carried in the behavioral value request of family, target user's behavior is:The client is by institute
Background server is stated to send the service request and ask the behavior serviced;
Receive the target risk coefficient that the Cloud Server is sent.
Optionally, described to obtain for characterizing the step of target user's behavior belongs to the risk factor of fraud, including:
Obtain the facility information of the first equipment corresponding with first equipment mark code;
The facility information for calculation risk coefficient for including in acquired facility information is determined, as first kind equipment
Information;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the risk of each facility information
Value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk system for belonging to fraud for characterizing target user's behavior
Number.
Optionally, after the acquisition is for characterizing the step of target user's behavior belongs to the risk factor of fraud,
Further include:
The historical service request for including first equipment mark code is obtained, according to historical service request determination
The request number of times of service request;
Correspondingly, described to determine that the step of whether target user's behavior is fraud is wrapped according to the risk factor
It includes:
According to the risk factor and the request number of times, determine whether target user's behavior is fraud.
The another aspect of the embodiment of the present invention additionally provides a kind of user behavior detection method, is applied to user behavior and detects
Client in system, wherein the user behavior detecting system includes:Client, background server and Cloud Server, it is described
Method includes:
Obtain the first equipment mark code, wherein first equipment mark code is:The Cloud Server is according to the first equipment
Facility information be first equipment distribution identification code, first equipment is:Equipment where the client;
The service request for including the first equipment mark code is sent to background server, so that the background server is according to institute
It states service request and obtains the risk factor for belonging to fraud for characterizing target user's behavior, as target risk coefficient, and
Determine whether target user's behavior is fraud according to the target risk coefficient, wherein target user's behavior
For:The client sends the service request to the background server and asks the behavior serviced.
Optionally, the method further includes:
Logging request is detected, and is completed after logging according to the logging request, the facility information of first equipment is obtained,
And the facility information of the first acquired equipment is sent to Cloud Server, so that the Cloud Server is according to first equipment
Facility information determine first equipment mark code.
The another aspect of the embodiment of the present invention additionally provides a kind of user behavior detection device, is applied to user behavior and examines
Cloud Server in examining system, wherein the user behavior detecting system includes:Client, background server and Cloud Server,
Described device includes:
Request receiving module is detected, the user behavior for receiving background server transmission detects request, wherein the use
The first equipment mark code is carried in the behavioral value request of family, first equipment mark code is:The Cloud Server is according to first
The facility information of equipment is the identification code of first equipment distribution, and first equipment is:Equipment where the client;
Risk factor obtains module, for obtaining the risk system for belonging to fraud for characterizing target user's behavior
Number, as target risk coefficient, wherein target user's behavior is:The client sends institute to the background server
It states service request and asks the behavior serviced;
Risk factor sending module, for sending the target risk coefficient to the background server, so that after described
Platform server determines whether target user's behavior is fraud according to the target risk coefficient.
Optionally, risk factor obtains module, is specifically used for,
In the mapping relations of pre-stored equipment mark code and facility information, it includes first device identification to search
The mapping relations of code, as the first mapping relations;
The facility information that calculation risk coefficient is used in the facility information that first mapping relations include is obtained, as the
A kind of facility information;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the risk of each facility information
Value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk system for belonging to fraud for characterizing target user's behavior
Number.
Optionally, described device further includes:
Facility information receiving module, the second class facility information sent for receiving the client;
Similarity calculation module, the equipment for including with each mapping relations respectively for calculating the second class facility information
For the similarity between the information of computing device identification code in information;
Identification code determining module is more than the phase of predetermined threshold value in the similarity for judging to be calculated with the presence or absence of numerical value
Like degree,
In the case where the judgment result is yes, the equipment mark code for including in target mapping relations is determined as described by execution
First equipment mark code, and first equipment mark code is fed back into the client, wherein the target mapping relations
For:Include the mapping relations of target device information, the target device information is:Including the letter for computing device identification code
Similarity between breath and the second class facility information is more than the facility information of predetermined threshold value;
In the case where judging result is no, execute according to preset corresponding pass between facility information and identification code
System, determines the identification code of each information in the second class facility information, merge determined by each identification code obtain described the
First equipment mark code is fed back to the client by one equipment mark code, and by the first identifier code and the second class
In facility information storage to the mapping relations.
The another aspect that the present invention is implemented additionally provides a kind of user behavior detection device, is applied to user behavior and detects
Background server in system, wherein the user behavior detecting system includes:Client, background server and Cloud Server,
Described device includes:
Receiving module, the service request for including the first equipment mark code for receiving client transmission, wherein described the
One equipment mark code is:The Cloud Server is the identification code of first equipment distribution according to the facility information of the first equipment,
First equipment is:Equipment where the client;
Module is obtained, for obtaining the risk factor for belonging to fraud for characterizing target user's behavior, as target
Risk factor, wherein target user's behavior is:The client send the service request to the background server and
Ask the behavior of service;
Determining module, for determining whether target user's behavior is fraud according to the target risk coefficient.
Optionally, module is obtained, is specifically used for,
User behavior detection request is sent to the Cloud Server according to the service request, so that the Cloud Server obtains
The risk factor for belonging to fraud in characterization target user's behavior is taken, as target risk coefficient, wherein the use
First equipment mark code is carried in the behavioral value request of family, target user's behavior is:The client is by institute
Background server is stated to send the service request and ask the behavior serviced;
Receive the target risk coefficient that the Cloud Server is sent.
Optionally, module is obtained, is specifically used for,
Obtain the facility information of the first equipment corresponding with first equipment mark code;
The facility information for calculation risk coefficient for including in acquired facility information is determined, as first kind equipment
Information;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the risk of each facility information
Value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk system for belonging to fraud for characterizing target user's behavior
Number.
Optionally, described device further includes:
Request number of times acquisition module, for obtaining the historical service request for including first equipment mark code, according to institute
State the request number of times that historical service request determines the service request;
Correspondingly, determining module is specifically used for,
According to the risk factor and the request number of times, determine whether target user's behavior is fraud.
The another aspect that the present invention is implemented additionally provides a kind of user behavior detection device, is applied to user behavior and detects
Client in system, wherein the user behavior detecting system includes:Client, background server and Cloud Server, it is described
Device includes:
Identification code obtains module, for obtaining the first equipment mark code, wherein first equipment mark code is:It is described
Cloud Server is the identification code of first equipment distribution according to the facility information of the first equipment, and first equipment is:It is described
Equipment where client;
Service request sending module, for sending the service request for including the first equipment mark code to background server, with
The background server is set to obtain the risk system for belonging to fraud for characterizing target user's behavior according to the service request
Number, determines whether target user's behavior is fraud as target risk coefficient, and according to the target risk coefficient,
Wherein, target user's behavior is:The client sends the service request to the background server and asks to service
Behavior.
Optionally, described device further includes:Login module is detected, is asked for detecting logging request, and according to the login
After asking completion to log in, the facility information of first equipment is obtained, and the facility information of the first acquired equipment is sent to
Cloud Server, so that the Cloud Server determines first equipment mark code according to the facility information of first equipment.
The another aspect that the present invention is implemented, additionally provides a kind of server, which is characterized in that is connect including processor, communication
Mouth, memory and communication bus, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any of the above-described use applied to Cloud Server
Family behavioral value method.
The another aspect that the present invention is implemented, additionally provides a kind of server, which is characterized in that is connect including processor, communication
Mouth, memory and communication bus, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, is realized any of the above-described applied to background server
Primary user's behavioral value method.
The another aspect that the present invention is implemented, additionally provides a kind of terminal, which is characterized in that including processor, communication interface,
Memory and communication bus, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any of the above-described user applied to client
Behavioral value method.
At the another aspect that the present invention is implemented, a kind of computer readable storage medium is additionally provided, it is described computer-readable
Instruction is stored in storage medium, when run on a computer so that computer executes any of the above-described applied to cloud service
The user behavior detection method of device.
At the another aspect that the present invention is implemented, a kind of computer readable storage medium is additionally provided, it is described computer-readable
Instruction is stored in storage medium, when run on a computer so that computer executes any of the above-described backstage that is applied to and takes
The user behavior detection method of business device.
At the another aspect that the present invention is implemented, a kind of computer readable storage medium is additionally provided, it is described computer-readable
Instruction is stored in storage medium, when run on a computer so that computer executes any of the above-described applied to client
User behavior detection method.
At the another aspect that the present invention is implemented, the embodiment of the present invention additionally provides a kind of computer program production comprising instruction
Product, when run on a computer so that computer executes the user behavior detection method of any of the above-described Cloud Server.
At the another aspect that the present invention is implemented, the embodiment of the present invention additionally provides a kind of computer program production comprising instruction
Product, when run on a computer so that computer executes the user behavior detection method of any of the above-described background server.
At the another aspect that the present invention is implemented, the embodiment of the present invention additionally provides a kind of computer program production comprising instruction
Product, when run on a computer so that computer executes the user behavior detection method of any of the above-described client.
User behavior detecting system provided in an embodiment of the present invention, method and device, Cloud Server can be according to client
The facility information of the first equipment of place is that the first equipment distributes the first equipment mark code, is taken when client is sent to background server
When business request, the first equipment mark code is carried in service request, background server upon receipt of a service request, can be according to connecing
The service request received sends the user behavior detection request for carrying the first equipment mark code to Cloud Server, and according to cloud service
Device feedback is used to characterize the risk factor that target user's behavior belongs to fraud, determines whether target user's behavior is fraud
Behavior.Due to equipment mark code be Cloud Server according to the facility information of equipment be equipment distribution being capable of the unique mark equipment
Identification code, be based on this, system provided in an embodiment of the present invention can chase after target user's behavior by equipment mark code
Track, and the risk factor of fraud is belonged to according to characterization target user's behavior, determine whether target user's behavior is fraud row
For, and then can ensure interests of the service side in providing a user service process.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is the structural schematic diagram of user behavior detecting system provided in an embodiment of the present invention;
Fig. 2 is interactive process schematic diagram in user behavior detecting system provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of the first user behavior detection method provided in an embodiment of the present invention;
Fig. 4 is the flow diagram of second of user behavior detection method provided in an embodiment of the present invention;
Fig. 5 be it is provided in an embodiment of the present invention the third be used for behavioral value method flow diagram;
Fig. 6 is the structural schematic diagram of the first user behavior detection device provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram of second of user behavior detection device provided in an embodiment of the present invention;
Fig. 8 is the structural schematic diagram of the third user behavior detection device provided in an embodiment of the present invention;
Fig. 9 is a kind of structural schematic diagram of server provided in an embodiment of the present invention;
Figure 10 is the structural schematic diagram of another server provided in an embodiment of the present invention;
Figure 11 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Referring to Fig.1, it is a kind of structural schematic diagram of user behavior detecting system provided in an embodiment of the present invention, the system packet
It includes:Client 100, background server 200, Cloud Server 300 are user's detection system provided in an embodiment of the present invention with reference to Fig. 2
System interactive process schematic diagram,
Specifically, client 100 detects logging request, and completed after logging according to logging request, obtains itself place
The first equipment facility information in be used for computing device identification code information, as the second class facility information and be sent to cloud clothes
Business device 300, Cloud Server 300 are the first equipment assigned identification codes according to the second class facility information received, are set as first
Standby identification code simultaneously feeds back to client 100;
Client 100 sends the service request for setting identification code comprising first, background server 200 to background server 200
After receiving service request, sends the user behavior comprising the first equipment mark code to Cloud Server 300 and detect request, cloud service
After device 300 receives user behavior detection request, the risk factor for belonging to fraud for characterizing target user's behavior is obtained,
As target risk coefficient and background server 200 is fed back to, target user's behavior is:The client is by the backstage
Server sends the service request and asks the behavior serviced;
It, can when background server 200 determines that target user's behavior is fraud according to the target risk coefficient received
To feed back the result of inhibition request service to client 100;Background server 200 is determined according to the target risk coefficient received
When target user's behavior is not belonging to fraud, requested content can be asked to 100 back services of client.
System provided in an embodiment of the present invention can be true according to the facility information of equipment where client by Cloud Server
Fixed equipment mark code is tracked target user's behavior, and belongs to the risk of fraud according to characterization target user's behavior
Coefficient determines whether target user's behavior is fraud, and then can ensure service side in providing a user service process
Interests.
User behavior detecting system provided in an embodiment of the present invention will be described in detail below, specifically,
Client 100, for sending the service request for including the first equipment mark code to background server 200, wherein the
One equipment mark code is:According to the identification code that the facility information of the first equipment is the distribution of the first equipment, first sets Cloud Server 300
It is standby to be:Equipment where client 100;
Background server 200 sends user's row for receiving service request, and according to service request to Cloud Server 300
It is asked for detection, wherein carry the first equipment mark code in user behavior detection request;
Cloud Server 300 for receiving user behavior detection request, and is obtained to belong to for characterizing target user's behavior and be taken advantage of
The risk factor of swindleness behavior, as target risk coefficient, wherein target user's behavior is:Client 100 is by background service
Device 200 sends service request and asks the behavior serviced;Target risk coefficient is sent to background server 200;
Background server 200 determines target user's behavior for receiving target risk coefficient, and according to target risk coefficient
Whether it is fraud.
Target user's behavior is:Client 100 asks the row of service by sending service request to background server 200
For for example, what client 100 sent to background server is the request for getting discount coupon, correspondingly, target user's behavior is then
For:The behavior of discount coupon is got in request.
In a kind of realization method, obtain for characterizing the step of target user's behavior belongs to the risk factor of fraud,
Including:
Step 1, in the mapping relations of pre-stored equipment mark code and facility information, it includes the first equipment to search
The mapping relations of identification code, as the first mapping relations;
Step 2 obtains the facility information for being used for calculation risk coefficient in the facility information that the first mapping relations include, makees
For first kind facility information;
Step 3 obtains the value-at-risk of each facility information in first kind facility information, wherein the wind of each facility information
Danger value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk for belonging to fraud for characterizing target user's behavior by step 4
Coefficient.
In practical application, Cloud Server 300 can be in the facility information for receiving the transmission of client 100, and according to reception
After the facility information arrived is the equipment distributing equipment identification code where client 100, establish facility information and equipment mark code it
Between mapping relations, a mapping relations include:100 institute of equipment mark code and client of equipment where client 100
Equipment facility information.Based on this, Cloud Server 300 upon receipt platform server 200 send include the first equipment
After the user behavior detection request of identification code, the mapping for including the first equipment mark code can be searched in the mapping relations of foundation
Relationship, obtains the facility information for including in the mapping relations found, so according in acquired facility information for calculating
The information of risk factor determines risk factor.
Specifically, the facility information for calculation risk coefficient includes at least one of following information:
Equipment is characterized whether using the information acted on behalf of;
Whether characterization equipment has obtained the information of root authority.
Can be understood as equipment using agency needs the website accessed to send visit by providing the third direction of agency service
Ask request so that website is considered the access request that third party sends, and detection third party is gone whether to meet access consideration, to
So that equipment itself bypasses the detection of website.
Root authority expression obtains the highest permission of system, and user can be to any file in system after obtaining root authority
It modifies, for example modifies to the facility information of equipment.In practical application, root power can be obtained by third party software
Limit;For example, the mobile phone of android system can obtain root authority by root softwares, the mobile phone of ios systems can be by more
Prison software obtains root authority.
It can be seen that when equipment is using agency or has obtained root authority, it can indicate that user asks the behavior of service to be deposited
Can be that each facility information for calculation risk coefficient distributes a value-at-risk, wind in advance therefore in the risk of fraud
Danger value is there are when the facility information, and user belongs to the risk factor of fraud.For example, value-at-risk is up to 10, setting
Equipment is 6 using the value-at-risk of agency.
Correspondingly, when calculating user behavior and belonging to the risk factor of fraud, by facility information each based on
The value-at-risk for calculating the facility information of risk factor is added to obtain risk factor, and the value of obtained risk factor is bigger, then shows
The probability that user behavior belongs to fraud is higher.Based on this, in a kind of realization method, background server 200 can set
One threshold value, when the target risk coefficient received is more than the first threshold of setting, it is determined that target user's behavior belongs to fraud
Behavior repeatedly obtains service to reduce user by way of changing facility information.
In order to more accurately determine whether user behavior is fraud, a kind of realization method of the embodiment of the present invention
In, after the step of receiving the risk factor, further include:
The historical service request for including the first equipment mark code is obtained, asking for service request is determined according to historical service request
Seek number;
Correspondingly, determine that the step of whether target user's behavior is fraud includes according to risk factor:
According to risk factor and request number of times, determine whether target user's behavior is fraud.
In a kind of realization method, background server 200 can carry out the service request received according to equipment mark code
Service request comprising same equipment mark code in service request is divided into one group and recorded, that is, will led to by grouped record
It crosses the service request that same equipment is sent and is classified as one group, be based on this, background server 200 upon receipt of a service request, obtains
That group service request identical with the equipment mark code for including in the service request, and then determine the service request received
Request number of times.For example, background server 200 receives the service request for getting discount coupon, the equipment for including in the service request
Identification code is A, that group service request for including equipment mark code A in recorded each group is obtained, so that it is determined that the group service
The request number of times of the service request of discount coupon is got in request.
Correspondingly, background server 200 can set a second threshold, so when risk factor be more than first threshold and
When request number of times is more than second threshold, determine that target user's behavior belongs to fraud, technical side provided in an embodiment of the present invention
Case can consider risk factor and request number of times so that testing result is more acurrate.
In order to reduce the probability that equipment mark code is tampered, in a kind of realization method of the embodiment of the present invention,
Client 100 is additionally operable to detection logging request, and is completed after logging according to logging request, obtains the first equipment
It is used for the information of computing device identification code in facility information, is sent as the second class facility information, and by the second class facility information
To Cloud Server 300;
Cloud Server 300 is additionally operable to receive the second class facility information that client 100 is sent, and calculates the second class equipment
For the similarity between the information of computing device identification code in the facility information that information includes respectively with each mapping relations;
The similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value is judged, if so, by target
The equipment mark code for including in mapping relations is determined as the first equipment mark code, and the first equipment mark code is fed back to client
100, wherein target mapping relations are:Include the mapping relations of target device information, target device information is:Including being used for
Similarity between the information of computing device identification code and the second class facility information is more than the facility information of predetermined threshold value;
If not, according to preset correspondence between facility information and identification code, the second class facility information is determined
In each information identification code, merge determined by each identification code obtain the first equipment mark code, by the first equipment mark code
The client is fed back to, and will be in first identifier code and the storage to mapping relations of the second class facility information.
Predetermined threshold value can be set as needed, and the threshold value set is higher to judge two equipment as the same equipment
Standard is higher.
Information for computing device identification code includes at least one of following information:
Language that systematic name, system version, device type, unit type, the country residing for equipment, equipment use, screen
Geographical location, Internet Service Provider, user residing for the equipment that curtain resolution ratio, CPU models, local IP, public network IP, IP are characterized
Act on behalf of UserAgent, ad identifier IDFA, IDFV, Virtual Private Network VPN, Universally Unique Identifier UUID, longitude and latitude,
Network type, operator, country code, network number, random access memory ram, read-only memory mirror image ROM, device battery capacity,
Equipment manufacturers, international mobile subscriber identity IMSI, network/MAC address, the equipment sequence that equipment manufacturers are equipment distribution
Number, the time zone in geographical location residing for international mobile equipment identification number IMEI, screen size, baseband version, equipment, device network system
Browser uses in the kernel of browser, equipment in formula, equipment language, web protocol, equipment are maximum while touching points, sail
Cloth fingerprint.
Systematic name is used the title of system by equipment, may include:Android system, ios systems, Windows systems
System.
System version is used the version of system by equipment, for example, android system includes:Android7.0 versions,
Android8.0 versions;Ios systems include:Ios11.0 versions, ios10.0 versions;Windows systems include:Windows XP
Version, Windows10 versions.
Device type may include:Mobile terminal style, immobile terminal type;Wherein, belong to mobile terminal style
Equipment includes:Mobile phone, notebook, tablet computer;The equipment for belonging to immobile terminal type includes:Desktop computer.
One kind that IDFV (identifier For Vendor) belongs to unique identifier in ios systems is by number and word
Mother's composition, for identifying the character string of equipment uniqueness.
Device network standard includes mainly:Global system for mobile communications GSM (Global System for Mobile
Communication), CDMA CDMA (Code Division Multiple Access), 3rd generation mobile communication technology
3G (3rd-Generation), fourth generation mobile phone mobile communication standard 4G (the 4th Generation mobile
communication technology)。
The maximum points that touch simultaneously of equipment are the behaviour that can be responded operator simultaneously and carry out human-computer interaction on device screen
It counts.
Canvas fingerprint refers to being used as " encryption key " by parameters such as resolution ratio, the color digits of each equipment, is led to
It crosses and utilizes canvas draw pictures on a web browser, and the graphic code of picture that calculating and plotting goes out, it is unique as equipment
Identification code.
In a kind of realization method, Cloud Server 300 can calculate the second class received using cosine similarity algorithm
Facility information respectively in the facility information that each mapping relations include be used for computing device identification code information between it is similar
Degree, when there are when the similarity that numerical value is more than predetermined threshold value, then show to exist comprising receiving in the similarity being calculated
The mapping relations of second class facility information are based on this, can will be in the mapping relations comprising the second class facility information received
Equipment mark code as the first equipment equipment mark code and be sent to client 100, without further according to received
Two class facility informations calculate the equipment mark code of 100 place equipment of client.
In a kind of realization method, using cosine similarity algorithm come calculate the second class facility information received respectively with often
It is for the expression formula of similarity between the information of computing device identification code in the facility information that one mapping relations include:
Wherein, x indicates that the information that computing device identification code is used in the facility information that each mapping relations include, y indicate
The information for computing device identification code received, n indicate that the quantity of the information for computing device identification code, i indicate i-th
A information for computing device identification code.
When similarity of the numerical value more than predetermined threshold value is not present in the similarity calculated, then show that there is no comprising reception
The mapping relations of the second class facility information arrived then need, according to each information in the second class facility information, to determine client
The equipment mark code of 100 place equipment.Can be that computing device identification code is used in facility information in advance in a kind of realization method
Each information assigned identification codes, specifically, be directed to CPU type informations, can be different CPU models distribute different marks
Code, for example, the CPU models of apple 7:A1660, the then identification code distributed for the CPU models are:1660, apple 7Plus's
CPU models:A1661, the then identification code distributed for the CPU models are:1661.Based on this, it is used for according in facility information
When the information of computing device identification code determines equipment mark code, it can obtain and be used for computing device identification code in advance facility information
Each information assigned identification codes, the identification code of acquired each information is then merged into the device identification for obtaining the equipment
Code.
Specifically, during generating equipment mark code, Cloud Server can be by the identification code of the facility information got
Sequential concatenation successively, for example, the identification code of systematic name is:1111;The identification code of system version is:The mark of 2222, CPU models
It is 1660 to know code, then the result successively after sequential concatenation is:111122221660, the result for then obtaining splicing passes through MD5
(Message-Digest Algorithm 5) is encrypted, and is equipment mark code by encrypting acquired results.A kind of realization method
In, different identification code splicing sequences can be distributed for different system in advance according to the difference of the used system of equipment, for example,
Android system identification code is spliced into:The identification code of the identification code+CPU models of identification code+system version of systematic name;
Ios systematic identification codes splicing sequence be:The identification code of the identification code+CPU models of identification code+systematic name of system version.
In technical solution provided in an embodiment of the present invention, client all can after completing to log according to logging request every time
Information for computing device identification code in the facility information of equipment where itself is sent to Cloud Server, to obtain equipment
Identification code is based on this, can reduce the probability that equipment mark code is tampered, to ensure the accuracy detected to user behavior.
It is the first user behavior detection method provided in an embodiment of the present invention referring to Fig. 3, is applied to user behavior and detects
Cloud Server in system, wherein user behavior detecting system includes:Client, background server and Cloud Server, this method
Including:
S410 receives the user behavior detection request that background server is sent, wherein carried in user behavior detection request
First equipment mark code, the first equipment mark code are:Cloud Server is distributed according to the facility information of the first equipment for the first equipment
Identification code, the first equipment is:Equipment where client;
S420 is obtained and is belonged to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient,
Wherein, target user's behavior is:Client sends service request to background server and asks the behavior serviced;
S430 sends target risk coefficient to background server, so that background server is determined according to target risk coefficient
Whether target user's behavior is fraud.
In a kind of realization method of the embodiment of the present invention, obtains and belong to fraud for characterizing target user's behavior
The step of risk factor, including:
Step 1, in the mapping relations of pre-stored equipment mark code and facility information, it includes the first equipment to search
The mapping relations of identification code, as the first mapping relations;
Step 2 obtains the facility information for being used for calculation risk coefficient in the facility information that the first mapping relations include, makees
For first kind facility information;
Step 3 obtains the value-at-risk of each facility information in first kind facility information, wherein the wind of each facility information
Danger value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk for belonging to fraud for characterizing target user's behavior by step 4
Coefficient.
In a kind of realization method, the facility information for calculation risk coefficient includes at least one of following information:
Equipment is characterized whether using the information acted on behalf of;
Whether characterization equipment has obtained the information of root authority.
In a kind of realization method of the embodiment of the present invention, user behavior detection method further includes:
Step 1 receives the second class facility information that client is sent;
Step 2 is calculated in the facility information that the second class facility information includes respectively with each mapping relations and is set for calculating
Similarity between the information of standby identification code;
Step 3 judges the similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value, if so,
The equipment mark code for including in target mapping relations is determined as the first equipment mark code, and the first equipment mark code is fed back to
Client, wherein target mapping relations are:Include the mapping relations of target device information, target device information is:Including using
Similarity between the information and the second class facility information of computing device identification code is more than the facility information of predetermined threshold value;
If not, according to preset correspondence between facility information and identification code, the second class facility information is determined
In each information identification code, merge determined by each identification code obtain the first equipment mark code, by the first equipment mark code
Client is fed back to, and will be in first identifier code and the storage to the mapping relations of the second class facility information.
In a kind of realization method, the information for computing device identification code includes at least one of following information:
Language that systematic name, system version, device type, unit type, the country residing for equipment, equipment use, screen
Geographical location, Internet Service Provider, user residing for the equipment that curtain resolution ratio, CPU models, local IP, public network IP, IP are characterized
Act on behalf of UserAgent, ad identifier IDFA, IDFV, Virtual Private Network VPN, Universally Unique Identifier UUID, longitude and latitude,
Network type, operator, country code, network number, random access memory ram, read-only memory mirror image ROM, device battery capacity,
Equipment manufacturers, international mobile subscriber identity IMSI, network/MAC address, the equipment sequence that equipment manufacturers are equipment distribution
Number, the time zone in geographical location residing for international mobile equipment identification number IMEI, screen size, baseband version, equipment, device network system
Browser uses in the kernel of browser, equipment in formula, equipment language, web protocol, equipment are maximum while touching points, sail
Cloth fingerprint.
User's detection method provided in an embodiment of the present invention can by Cloud Server setting according to equipment where client
The equipment mark code that standby information determines is tracked target user's behavior, and belongs to fraud row according to characterization target user's behavior
For risk factor determine whether target user's behavior is fraud, and then can ensure service side providing a user service
Interests in the process.
Referring to Fig. 4, second of user behavior detection method provided in an embodiment of the present invention is shown, be applied to user behavior
Background server in detecting system, wherein user behavior detecting system includes:Client, background server and Cloud Server,
This method includes:
S510 receives the service request for including the first equipment mark code that client is sent, wherein the first equipment mark
Knowing code is:The identification code that the Cloud Server is distributed according to the facility information of the first equipment for first equipment, described first
Equipment is:Equipment where the client;
S520 is obtained and is belonged to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient,
Wherein, target user's behavior is:The client sends the service request to the background server and asks to service
Behavior;
S530 determines whether target user's behavior is fraud according to the target risk coefficient.
In a kind of realization method of the embodiment of the present invention, the risk for belonging to fraud for characterizing target user's behavior is obtained
The step of coefficient, including:
Step 1 sends user behavior detection request to Cloud Server according to service request, is used so that Cloud Server obtains
Belong to the risk factor of fraud in characterization target user's behavior, as target risk coefficient, wherein user behavior detection is asked
The first equipment mark code of middle carrying, target user's behavior is asked to be:Client is asked by sending service request to background server
Ask the behavior of service;
Step 2 receives the target risk coefficient that Cloud Server is sent.
In a kind of realization method of the embodiment of the present invention, the risk for belonging to fraud for characterizing target user's behavior is obtained
The step of coefficient, including:
Step 1 obtains the facility information of the first equipment corresponding with the first equipment mark code;
Step 2 determines the facility information for calculation risk coefficient for including in acquired facility information, as the
A kind of facility information;
Step 3 obtains the value-at-risk of each facility information in first kind facility information, wherein the wind of each facility information
Danger value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk for belonging to fraud for characterizing target user's behavior by step 4
Coefficient.
In a kind of realization method, the facility information for calculation risk coefficient includes at least one of following information:
Equipment is characterized whether using the information acted on behalf of;
Whether characterization equipment has obtained the information of root authority.
Specifically, background server can be believed according to the equipment that the first equipment mark code obtains the first equipment from client
Breath;Due to being stored with the mapping relations comprising the first equipment mark code and the first equipment facility information in background server, it is based on
This, can also ask the facility information of the first equipment according to the first equipment mark code to Cloud Server.
After the facility information for obtaining the first equipment corresponding with the first equipment mark code, determine in acquired facility information
For the facility information of calculation risk coefficient, then, according in advance for each for the distribution of the facility information of calculation risk coefficient
Value-at-risk, obtain the risk factor for belonging to fraud for characterizing target user's behavior.
In a kind of realization method of the embodiment of the present invention, the risk for belonging to fraud for characterizing target user's behavior is obtained
After the step of coefficient, further include:
The historical service request for including the first equipment mark code is obtained, asking for service request is determined according to historical service request
Seek number;
Correspondingly, determine that the step of whether target user's behavior is fraud includes according to risk factor:
According to risk factor and request number of times, determine whether target user's behavior is fraud.
User behavior detection method provided in an embodiment of the present invention can be by Cloud Server according to equipment where client
Facility information determine equipment mark code, target user's behavior is tracked, and according to characterization target user's behavior belong to
The risk factor of fraud determines whether target user's behavior is fraud, and then can ensure that service side carries to user
For the interests in service process.
With reference to Fig. 5, the third user behavior detection method provided in an embodiment of the present invention is shown, be applied to user behavior
Client in detecting system, wherein user behavior detecting system includes:Client, background server and Cloud Server, the party
Method includes:
S610 obtains the first equipment mark code, wherein the first equipment mark code is:Cloud Server is according to the first equipment
Facility information is the identification code of the first equipment distribution, and the first equipment is:Equipment where client;
S620 sends to background server and includes the service request of the first equipment mark code so that background server according to
Service request, which is obtained, belongs to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient, and root
Determine whether target user's behavior is fraud according to target risk coefficient, wherein target user's behavior is:Client is to from the background
Server sends service request and asks the behavior serviced.
In a kind of realization method of the embodiment of the present invention, this method further includes:
Logging request is detected, and is completed after logging according to the logging request, the facility information of first equipment is obtained,
And the facility information of the first acquired equipment is sent to Cloud Server, so that the Cloud Server is according to first equipment
Facility information determine first equipment mark code.
User behavior detection method provided in an embodiment of the present invention can be by Cloud Server according to equipment where client
Facility information determine equipment mark code, target user's behavior is tracked, and according to characterization target user's behavior belong to
The risk factor of fraud determines whether target user's behavior is fraud, and then can ensure that service side carries to user
For the interests in service process.
With reference to Fig. 6, the first user behavior detection device provided in an embodiment of the present invention is shown, be applied to user behavior
Cloud Server in detecting system, wherein the user behavior detecting system includes:Client, background server and cloud service
Device, described device include:
Request receiving module 710 is detected, the user behavior for receiving background server transmission detects request, wherein institute
It states in user behavior detection request and carries the first equipment mark code, first equipment mark code is:The Cloud Server according to
The facility information of first equipment is the identification code of first equipment distribution, and first equipment is:Where the client
Equipment;
Risk factor obtains module 720, for obtaining the wind for belonging to fraud for characterizing target user's behavior
Dangerous coefficient, as target risk coefficient, wherein target user's behavior is:The client is sent out to the background server
It send the service request and asks the behavior serviced;
Risk factor sending module 730, for sending the target risk coefficient to the background server, so that described
Background server determines whether target user's behavior is fraud according to the target risk coefficient.
In a kind of realization method of the embodiment of the present invention, risk factor obtains module 720, is specifically used for,
In the mapping relations of pre-stored equipment mark code and facility information, it includes first device identification to search
The mapping relations of code, as the first mapping relations;
The facility information that calculation risk coefficient is used in the facility information that first mapping relations include is obtained, as the
A kind of facility information;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the risk of each facility information
Value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk system for belonging to fraud for characterizing target user's behavior
Number.
In a kind of realization method, the facility information for calculation risk coefficient includes at least one of following information:
Equipment is characterized whether using the information acted on behalf of;
Whether characterization equipment has obtained the information of root authority.
In a kind of realization method of the embodiment of the present invention, described device further includes:
Facility information receiving module, the second class facility information sent for receiving the client;
Similarity calculation module, the equipment for including with each mapping relations respectively for calculating the second class facility information
For the similarity between the information of computing device identification code in information;
Identification code determining module is more than the phase of predetermined threshold value in the similarity for judging to be calculated with the presence or absence of numerical value
Like degree,
In the case where the judgment result is yes, the equipment mark code for including in target mapping relations is determined as described by execution
First equipment mark code, and first equipment mark code is fed back into the client, wherein the target mapping relations
For:Include the mapping relations of target device information, the target device information is:Including the letter for computing device identification code
Similarity between breath and the second class facility information is more than the facility information of predetermined threshold value;
In the case where judging result is no, execute according to preset corresponding pass between facility information and identification code
System, determines the identification code of each information in the second class facility information, merge determined by each identification code obtain described the
First equipment mark code is fed back to the client by one equipment mark code, and by the first identifier code and the second class
In facility information storage to the mapping relations.
In a kind of realization method, the information for computing device identification code includes at least one of following information:
Language that systematic name, system version, device type, unit type, the country residing for equipment, equipment use, screen
Geographical location, Internet Service Provider, user residing for the equipment that curtain resolution ratio, CPU models, local IP, public network IP, IP are characterized
Act on behalf of UserAgent, ad identifier IDFA, IDFV, Virtual Private Network VPN, Universally Unique Identifier UUID, longitude and latitude,
Network type, operator, country code, network number, random access memory ram, read-only memory mirror image ROM, device battery capacity,
Equipment manufacturers, international mobile subscriber identity IMSI, network/MAC address, the equipment sequence that equipment manufacturers are equipment distribution
Number, the time zone in geographical location residing for international mobile equipment identification number IMEI, screen size, baseband version, equipment, device network system
Browser uses in the kernel of browser, equipment in formula, equipment language, web protocol, equipment are maximum while touching points, sail
Cloth fingerprint.
In each scheme provided in an embodiment of the present invention, user behavior detection device can be by Cloud Server according to client
The equipment mark code that the facility information of equipment where end determines, is tracked target user's behavior, and is used according to characterization target
The risk factor that family behavior belongs to fraud determines whether target user's behavior is fraud, and then can ensure service side
Interests in providing a user service process.
With reference to Fig. 7, second of user behavior detection device provided in an embodiment of the present invention is shown, be applied to user behavior
Background server in detecting system, wherein the user behavior detecting system includes:Client, background server and cloud clothes
Business device, described device include:
Receiving module 810, the service request for including the first equipment mark code for receiving client transmission, wherein institute
Stating the first equipment mark code is:The Cloud Server is according to the mark that the facility information of the first equipment is first equipment distribution
Code, first equipment are:Equipment where the client;
Module 820 is obtained, for obtaining the risk factor for belonging to fraud for characterizing target user's behavior, as mesh
Mark risk factor, wherein target user's behavior is:The client sends the service request to the background server
And ask the behavior of service;
Determining module 830, for determining whether target user's behavior is fraud row according to the target risk coefficient
For.
In a kind of realization method of the embodiment of the present invention, module 820 is obtained, is specifically used for,
User behavior detection request is sent to the Cloud Server according to the service request, so that the Cloud Server obtains
The risk factor for belonging to fraud in characterization target user's behavior is taken, as target risk coefficient, wherein the use
First equipment mark code is carried in the behavioral value request of family, target user's behavior is:The client is by institute
Background server is stated to send the service request and ask the behavior serviced;
Receive the target risk coefficient that the Cloud Server is sent.
In a kind of realization method of the embodiment of the present invention, module 820 is obtained, is specifically used for,
Obtain the facility information of the first equipment corresponding with first equipment mark code;
The facility information for calculation risk coefficient for including in acquired facility information is determined, as first kind equipment
Information;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the risk of each facility information
Value indicates:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk system for belonging to fraud for characterizing target user's behavior
Number.
In a kind of realization method, the facility information for calculation risk coefficient includes at least one of following information:
Equipment is characterized whether using the information acted on behalf of;
Whether characterization equipment has obtained the information of root authority.
In a kind of realization method of the embodiment of the present invention, described device further includes:
Request number of times acquisition module, for obtaining the historical service request for including first equipment mark code, according to institute
State the request number of times that historical service request determines the service request;
Correspondingly, determining module 830 are specifically used for,
According to the risk factor and the request number of times, determine whether target user's behavior is fraud.
In each scheme provided in an embodiment of the present invention, user behavior detection device can be by Cloud Server according to client
The equipment mark code that the facility information of equipment where end determines, is tracked target user's behavior, and is used according to characterization target
The risk factor that family behavior belongs to fraud determines whether target user's behavior is fraud, and then can ensure service side
Interests in providing a user service process.
With reference to Fig. 8, the third user behavior detection device provided in an embodiment of the present invention is shown, be applied to user behavior
Client in detecting system, wherein the user behavior detecting system includes:Client, background server and Cloud Server,
Described device includes:
Identification code obtains module 910, for obtaining the first equipment mark code, wherein first equipment mark code is:Institute
Cloud Server is stated according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment is:Institute
State the equipment where client;
Service request sending module 920, for sending the service request for including the first equipment mark code to background server,
So that the background server obtains the risk for belonging to fraud for characterizing target user's behavior according to the service request
Coefficient determines whether target user's behavior is fraud row as target risk coefficient, and according to the target risk coefficient
It is for, wherein target user's behavior:The client sends the service request to the background server and asks to take
The behavior of business.
In a kind of realization method of the embodiment of the present invention, described device further includes:Login module is detected, is asked for detecting to log in
It asks, and is completed after logging according to the logging request, obtain the facility information of first equipment, and acquired first is set
Standby facility information is sent to Cloud Server, so that the Cloud Server is according to described in the determination of the facility information of first equipment
First equipment mark code.
In each scheme provided in an embodiment of the present invention, user behavior detection device can be by Cloud Server according to client
The equipment mark code that the facility information of equipment where end determines, is tracked target user's behavior, and is used according to characterization target
The risk factor that family behavior belongs to fraud determines whether target user's behavior is fraud, and then can ensure service side
Interests in providing a user service process.
The embodiment of the present invention additionally provides a kind of server, as shown in figure 9, including processor 001, communication interface 002, depositing
Reservoir 003 and communication bus 004, wherein processor 001, communication interface 002, memory 003 are completed by communication bus 004
Mutual communication,
Memory 003, for storing computer program;
Processor 001 when for executing the program stored on memory 003, realizes answering described in the embodiment of the present invention
User behavior detection method for Cloud Server in user behavior detecting system, wherein user behavior detecting system includes:Visitor
Family end, background server and Cloud Server.
Specifically, above-mentioned user behavior detection method, including:
Receive the user behavior detection request that background server is sent, wherein carried in the user behavior detection request
First equipment mark code, first equipment mark code are:The Cloud Server is described according to the facility information of the first equipment
The identification code of first equipment distribution, first equipment are:Equipment where the client;
It obtains and belongs to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient,
Wherein, target user's behavior is:The client sends the service request to the background server and asks to service
Behavior;
The target risk coefficient is sent to the background server, so that the background server is according to the target wind
Dangerous coefficient determines whether target user's behavior is fraud.
It should be noted that above-mentioned processor 001, which executes the program stored on memory 003 and realizes, is applied to user's row
For the other embodiment of the user behavior detection method of Cloud Server in detecting system, provided with preceding method embodiment part
Embodiment is identical, and which is not described herein again.
In each scheme provided in an embodiment of the present invention, server can chase after user behavior by equipment mark code
Track, and the risk factor of fraud is belonged to according to characterization user behavior and determines whether user behavior is fraud, Jin Erneng
Enough ensure interests of the service side in providing a user service process.
The embodiment of the present invention additionally provides a kind of server, as shown in Figure 10, including processor 011, communication interface 012,
Memory 013 and communication bus 014, wherein processor 011, communication interface 012, memory 013 are complete by communication bus 014
At mutual communication,
Memory 013, for storing computer program;
Processor 011 when for executing the program stored on memory 013, realizes answering described in the embodiment of the present invention
User behavior detection method for background server in user behavior detecting system, wherein user behavior detecting system includes:
Client, background server and Cloud Server.
Specifically, above-mentioned user behavior detection method, including:
Receive the service request for including the first equipment mark code that client is sent, wherein first equipment mark code
For:The Cloud Server is according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment
For:Equipment where the client;
The risk factor for belonging to fraud for characterizing target user's behavior is obtained, as target risk coefficient, wherein
Target user's behavior is:The client sends the service request to the background server and asks the row serviced
For;
Determine whether target user's behavior is fraud according to the target risk coefficient.
It should be noted that above-mentioned processor 011, which executes the program stored on memory 013 and realizes, is applied to user's row
For the other embodiment of the user behavior detection method of background server in detecting system, provided with preceding method embodiment part
Embodiment it is identical, which is not described herein again.
In each scheme provided in an embodiment of the present invention, server is tracked user behavior by equipment mark code,
And the risk factor for belonging to fraud according to characterization user behavior determines whether user behavior is fraud, and then can protect
Demonstrate,prove interests of the service side in providing a user service process.
The embodiment of the present invention additionally provides a kind of terminal, as shown in figure 11, including processor 021, communication interface 022, deposits
Reservoir 023 and communication bus 024, wherein processor 021, communication interface 022, memory 023 are completed by communication bus 024
Mutual communication,
Memory 023, for storing computer program;
Processor 021 when for executing the program stored on memory 023, realizes answering described in the embodiment of the present invention
User behavior detection method for client in user behavior detecting system, wherein user behavior detecting system includes:Client
End, background server and Cloud Server.
Specifically, above-mentioned user behavior detection method, including:
Obtain the first equipment mark code, wherein first equipment mark code is:The Cloud Server is according to the first equipment
Facility information be first equipment distribution identification code, first equipment is:Equipment where the client;
The service request for including the first equipment mark code is sent to background server, so that the background server is according to institute
It states service request and obtains the risk factor for belonging to fraud for characterizing target user's behavior, as target risk coefficient, and
Determine whether target user's behavior is fraud according to the target risk coefficient, wherein target user's behavior
For:The client sends the service request to the background server and asks the behavior serviced.
It should be noted that above-mentioned processor 021, which executes the program stored on memory 023 and realizes, is applied to user's row
For the other embodiment of the user behavior detection method of background server in detecting system, provided with preceding method embodiment part
Embodiment it is identical, which is not described herein again.
In each scheme provided in an embodiment of the present invention, terminal can be sent to background server comprising equipment mark code
Service request, so that background server is tracked user behavior by equipment mark code, and according to characterization user behavior category
It determines whether user behavior is fraud in the risk factor of fraud, and then can ensure that service side is providing a user
Interests in service process.
The communication bus that above-mentioned electronic equipment is mentioned can be Peripheral Component Interconnect standard (Peripheral Component
Interconnect, PCI) bus or expanding the industrial standard structure (Extended Industry Standard
Architecture, EISA) bus etc..The communication bus can be divided into address bus, data/address bus, controlling bus etc..For just
It is only indicated with a thick line in expression, figure, it is not intended that an only bus or a type of bus.
Communication interface is for the communication between above-mentioned electronic equipment and other equipment.
Memory may include random access memory (Random Access Memory, RAM), can also include non-easy
The property lost memory (Non-Volatile Memory, NVM), for example, at least a magnetic disk storage.Optionally, memory may be used also
To be at least one storage device for being located remotely from aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
CPU), network processing unit (Network Processor, NP) etc.;It can also be digital signal processor (Digital Signal
Processing, DSP), it is application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing
It is field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete
Door or transistor logic, discrete hardware components.
In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can
It reads to be stored with instruction in storage medium, when run on a computer so that computer executes any of the above-described applied to user
The user behavior detection method of Cloud Server in behavioral value system, wherein user behavior detecting system includes:Client, after
Platform server and Cloud Server.
Specifically, above-mentioned user behavior detection method, including:
Receive the user behavior detection request that background server is sent, wherein carried in the user behavior detection request
First equipment mark code, first equipment mark code are:The Cloud Server is described according to the facility information of the first equipment
The identification code of first equipment distribution, first equipment are:Equipment where the client;
It obtains and belongs to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient,
Wherein, target user's behavior is:The client sends the service request to the background server and asks to service
Behavior;
The target risk coefficient is sent to the background server, so that the background server is according to the target wind
Dangerous coefficient determines whether target user's behavior is fraud.
It is applied to user behavior detecting system medium cloud it should be noted that being realized by above computer readable storage medium storing program for executing
The other embodiment of the user behavior detection method of server, it is identical as the embodiment that preceding method embodiment part provides, this
In repeat no more.
In each scheme provided in an embodiment of the present invention, by running the finger stored in above computer readable storage medium storing program for executing
It enables, user behavior can be tracked by equipment mark code, and belong to the risk of fraud according to characterization user behavior
Coefficient determines whether user behavior is fraud, and then can ensure profit of the service side in providing a user service process
Benefit.
In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can
It reads to be stored with instruction in storage medium, when run on a computer so that computer executes any of the above-described applied to user
The user behavior detection method of background server in behavioral value system, wherein user behavior detecting system includes:Client,
Background server and Cloud Server.
Specifically, above-mentioned user behavior detection method, including:
Receive the service request for including the first equipment mark code that client is sent, wherein first equipment mark code
For:The Cloud Server is according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment
For:Equipment where the client;
The risk factor for belonging to fraud for characterizing target user's behavior is obtained, as target risk coefficient, wherein
Target user's behavior is:The client sends the service request to the background server and asks the row serviced
For;
Determine whether target user's behavior is fraud according to the target risk coefficient.
It should be noted that after being applied in user behavior detecting system by the realization of above computer readable storage medium storing program for executing
The other embodiment of the user behavior detection method of platform server, it is identical as the embodiment that preceding method embodiment part provides,
Which is not described herein again.
In each scheme provided in an embodiment of the present invention, by running the finger stored in above computer readable storage medium storing program for executing
It enables, user behavior can be tracked by equipment mark code, and belong to the risk of fraud according to characterization user behavior
Coefficient determines whether user behavior is fraud, and then can ensure profit of the service side in providing a user service process
Benefit.
In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can
It reads to be stored with instruction in storage medium, when run on a computer so that computer executes any of the above-described applied to user
The user behavior detection method of client in behavioral value system, wherein user behavior detecting system includes:Client, backstage
Server and Cloud Server.
Specifically, above-mentioned user behavior detection method, including:
Obtain the first equipment mark code, wherein first equipment mark code is:The Cloud Server is according to the first equipment
Facility information be first equipment distribution identification code, first equipment is:Equipment where the client;
The service request for including the first equipment mark code is sent to background server, so that the background server is according to institute
It states service request and obtains the risk factor for belonging to fraud for characterizing target user's behavior, as target risk coefficient, and
Determine whether target user's behavior is fraud according to the target risk coefficient, wherein target user's behavior
For:The client sends the service request to the background server and asks the behavior serviced.
It is applied to visitor in user behavior detecting system it should be noted that being realized by above computer readable storage medium storing program for executing
The other embodiment of the user behavior detection method at family end, it is identical as the embodiment that preceding method embodiment part provides, here
It repeats no more.
In each scheme provided in an embodiment of the present invention, by running the finger stored in above computer readable storage medium storing program for executing
It enables, the service request for including equipment mark code can be sent to background server, so that background server passes through equipment mark code
User behavior is tracked, and according to characterization user behavior belong to fraud risk factor determine user behavior whether be
Fraud, and then can ensure interests of the service side in providing a user service process.
In another embodiment provided by the invention, a kind of computer program product including instruction is additionally provided, when it
When running on computers so that computer executes any of the above-described user applied to Cloud Server in user behavior detecting system
Behavioral value method, wherein user behavior detecting system includes:Client, background server and Cloud Server.
Specifically, above-mentioned user behavior detection method, including:
Receive the user behavior detection request that background server is sent, wherein carried in the user behavior detection request
First equipment mark code, first equipment mark code are:The Cloud Server is described according to the facility information of the first equipment
The identification code of first equipment distribution, first equipment are:Equipment where the client;
It obtains and belongs to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient,
Wherein, target user's behavior is:The client sends the service request to the background server and asks to service
Behavior;
The target risk coefficient is sent to the background server, so that the background server is according to the target wind
Dangerous coefficient determines whether target user's behavior is fraud.
It is applied to cloud service in user behavior detecting system it should be noted that being realized by above computer program product
The other embodiment of the user behavior detection method of device, it is identical as the embodiment that preceding method embodiment portion provides, here no longer
It repeats.
It, can by running the above-mentioned computer program product for including instruction in each scheme provided in an embodiment of the present invention
To be tracked to user behavior by equipment mark code, and according to characterization user behavior belong to fraud risk factor it is true
Determine whether user behavior is fraud, and then can ensure interests of the service side in providing a user service process.
In another embodiment provided by the invention, a kind of computer program product including instruction is additionally provided, when it
When running on computers so that computer executes any of the above-described use applied to background server in user behavior detecting system
Family behavioral value method, wherein user behavior detecting system includes:Client, background server and Cloud Server.
Specifically, above-mentioned user behavior detection method, including:
Receive the service request for including the first equipment mark code that client is sent, wherein first equipment mark code
For:The Cloud Server is according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment
For:Equipment where the client;
The risk factor for belonging to fraud for characterizing target user's behavior is obtained, as target risk coefficient, wherein
Target user's behavior is:The client sends the service request to the background server and asks the row serviced
For;
Determine whether target user's behavior is fraud according to the target risk coefficient.
It is applied to take from the background in user behavior detecting system it should be noted that realizing by above computer program product
The other embodiment of the user behavior detection method of business device, it is identical as the embodiment that preceding method embodiment portion provides, here not
It repeats again.
It, can by running the above-mentioned computer program product for including instruction in each scheme provided in an embodiment of the present invention
To be tracked to user behavior by equipment mark code, and according to characterization user behavior belong to fraud risk factor it is true
Determine whether user behavior is fraud, and then can ensure interests of the service side in providing a user service process.
In another embodiment provided by the invention, a kind of computer program product including instruction is additionally provided, when it
When running on computers so that computer executes any of the above-described user's row applied to client in user behavior detecting system
For detection method, wherein user behavior detecting system includes:Client, background server and Cloud Server.
Specifically, above-mentioned user behavior detection method, including:
Obtain the first equipment mark code, wherein first equipment mark code is:The Cloud Server is according to the first equipment
Facility information be first equipment distribution identification code, first equipment is:Equipment where the client;
The service request for including the first equipment mark code is sent to background server, so that the background server is according to institute
It states service request and obtains the risk factor for belonging to fraud for characterizing target user's behavior, as target risk coefficient, and
Determine whether target user's behavior is fraud according to the target risk coefficient, wherein target user's behavior
For:The client sends the service request to the background server and asks the behavior serviced.
It is applied to client in user behavior detecting system it should be noted that being realized by above computer program product
User behavior detection method other embodiment, it is identical as the embodiment that preceding method embodiment portion provides, it is no longer superfluous here
It states.
It, can by running the above-mentioned computer program product for including instruction in each scheme provided in an embodiment of the present invention
Include the service request of equipment mark code to be sent to background server so that background server by equipment mark code to user
Behavior is tracked, and according to characterization user behavior belong to fraud risk factor determine user behavior whether be fraud row
For, and then can ensure interests of the service side in providing a user service process.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, identical similar portion between each embodiment
Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for method,
For device, electronic equipment, computer readable storage medium, computer program product embodiments, it is since it is substantially similar to
Embodiment of uniting illustrates in place of related referring to the part of system embodiment so description is fairly simple.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention
It is interior.
Claims (21)
1. a kind of user behavior detecting system, which is characterized in that the system comprises:Client, background server, cloud service
Device, wherein
The client, for sending the service request for including the first equipment mark code to the background server, wherein described
First equipment mark code is:The Cloud Server is according to the mark that the facility information of the first equipment is first equipment distribution
Code, first equipment are:Equipment where the client;
The background server is sent for receiving the service request, and according to the service request to the Cloud Server
User behavior detection request, wherein carry first equipment mark code in the user behavior detection request;
The Cloud Server for receiving the user behavior detection request, and obtains and belongs to for characterizing target user's behavior
The risk factor of fraud, as target risk coefficient, wherein target user's behavior is:The client pass through to
The background server sends the service request and asks the behavior serviced;The target wind is sent to the background server
Dangerous coefficient;
The background server determines the mesh for receiving the target risk coefficient, and according to the target risk coefficient
Mark whether user behavior is fraud.
2. the system as claimed in claim 1, which is characterized in that it is described obtain to belong to for characterizing target user's behavior take advantage of
The step of risk factor of swindleness behavior, including:
In the mapping relations of pre-stored equipment mark code and facility information, search comprising first equipment mark code
Mapping relations, as the first mapping relations;
The facility information that calculation risk coefficient is used in the facility information that first mapping relations include is obtained, as the first kind
Facility information;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the value-at-risk table of each facility information
Show:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk factor for belonging to fraud for characterizing target user's behavior.
3. system as claimed in claim 2, which is characterized in that the facility information for calculation risk coefficient includes following
At least one of information:
Equipment is characterized whether using the information acted on behalf of;
Whether characterization equipment has obtained the information of root authority.
4. system as claimed in any one of claims 1-3, which is characterized in that the reception risk factor the step of
Later, further include:
The historical service request for including first equipment mark code is obtained, the service is determined according to the historical service request
The request number of times of request;
Correspondingly, described to determine that the step of whether target user's behavior is fraud includes according to the risk factor:
According to the risk factor and the request number of times, determine whether target user's behavior is fraud.
5. system as claimed in claim 2, which is characterized in that
The client is additionally operable to detection logging request, and is completed after logging according to the logging request, obtains the first equipment
The information of computing device identification code is used in facility information, as the second class facility information, and by the second class facility information
It is sent to the Cloud Server;
The Cloud Server is additionally operable to receive the second class facility information that the client is sent, and calculates described second
For the phase between the information of computing device identification code in the facility information that class facility information includes respectively with each mapping relations
Like degree;
The similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value is judged, if so, target is mapped
The equipment mark code for including in relationship is determined as first equipment mark code, and first equipment mark code is fed back to institute
State client, wherein the target mapping relations are:Include the mapping relations of target device information, the target device information
For:Including being more than predetermined threshold value for the similarity between the information and the second class facility information of computing device identification code
Facility information;
If not, according to preset correspondence between facility information and identification code, the second class facility information is determined
In each information identification code, merge determined by each identification code obtain first equipment mark code, described first is set
Standby identification code feeds back to the client, and the first identifier code and the second class facility information are stored to the mapping
In relationship.
6. system as claimed in claim 5, which is characterized in that the information for computing device identification code includes following letter
At least one of breath:
Language that systematic name, system version, device type, unit type, the country residing for equipment, equipment use, screen point
Geographical location, Internet Service Provider, user agent residing for the equipment that resolution, CPU models, local IP, public network IP, IP are characterized
UserAgent, ad identifier IDFA, IDFV, Virtual Private Network VPN, Universally Unique Identifier UUID, longitude and latitude, network
Type, operator, country code, network number, random access memory ram, read-only memory mirror image ROM, device battery capacity, equipment
Manufacturer, international mobile subscriber identity IMSI, network/MAC address, equipment manufacturers are the equipment Serial Number of equipment distribution, state
Border mobile device identification code IMEI, screen size, baseband version, geographical location residing for equipment time zone, device network standard, set
Browser uses in the kernel of standby middle browser, equipment language, web protocol, equipment is maximum while touching points, canvas refers to
Line.
7. a kind of user behavior detection method, which is characterized in that the Cloud Server being applied in user behavior detecting system,
In, the user behavior detecting system includes:Client, background server and Cloud Server, the method includes:
Receive the user behavior detection request that background server is sent, wherein carry first in the user behavior detection request
Equipment mark code, first equipment mark code are:The Cloud Server is described first according to the facility information of the first equipment
The identification code of equipment distribution, first equipment are:Equipment where the client;
The risk factor for belonging to fraud for characterizing target user's behavior is obtained, as target risk coefficient, wherein
Target user's behavior is:The client sends the service request to the background server and asks the row serviced
For;
The target risk coefficient is sent to the background server, so that the background server is according to the target risk system
Number determines whether target user's behavior is fraud.
8. the method for claim 7, which is characterized in that it is described obtain to belong to for characterizing target user's behavior take advantage of
The step of risk factor of swindleness behavior, including:
In the mapping relations of pre-stored equipment mark code and facility information, search comprising first equipment mark code
Mapping relations, as the first mapping relations;
The facility information that calculation risk coefficient is used in the facility information that first mapping relations include is obtained, as the first kind
Facility information;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the value-at-risk table of each facility information
Show:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk factor for belonging to fraud for characterizing target user's behavior.
9. method as claimed in claim 8, which is characterized in that the method further includes:
Receive the second class facility information that the client is sent;
It calculates in the facility information that the second class facility information includes respectively with each mapping relations and is identified for computing device
Similarity between the information of code;
The similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value is judged, if so, target is mapped
The equipment mark code for including in relationship is determined as first equipment mark code, and first equipment mark code is fed back to institute
State client, wherein the target mapping relations are:Include the mapping relations of target device information, the target device information
For:Including being more than predetermined threshold value for the similarity between the information and the second class facility information of computing device identification code
Facility information;
If not, according to preset correspondence between facility information and identification code, the second class facility information is determined
In each information identification code, merge determined by each identification code obtain first equipment mark code, described first is set
Standby identification code feeds back to the client, and the first identifier code and the second class facility information are stored to the mapping
In relationship.
10. a kind of user behavior detection method, which is characterized in that the background server being applied in user behavior detecting system,
Wherein, the user behavior detecting system includes:Client, background server and Cloud Server, the method includes:
Receive the service request for including the first equipment mark code that client is sent, wherein first equipment mark code is:Institute
Cloud Server is stated according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment is:Institute
State the equipment where client;
The risk factor for belonging to fraud for characterizing target user's behavior is obtained, as target risk coefficient, wherein described
Target user's behavior is:The client sends the service request to the background server and asks the behavior serviced;
Determine whether target user's behavior is fraud according to the target risk coefficient.
11. method as claimed in claim 10, which is characterized in that the acquisition belongs to fraud for characterizing target user's behavior
The step of risk factor of behavior, including:
User behavior detection request is sent to the Cloud Server according to the service request, is used so that the Cloud Server obtains
Belong to the risk factor of fraud in characterization target user's behavior, as target risk coefficient, wherein user's row
First equipment mark code is carried in being asked for detection, target user's behavior is:The client passes through to after described
Platform server sends the service request and asks the behavior serviced;
Receive the target risk coefficient that the Cloud Server is sent.
12. method as claimed in claim 10, which is characterized in that the acquisition belongs to fraud for characterizing target user's behavior
The step of risk factor of behavior, including:
Obtain the facility information of the first equipment corresponding with first equipment mark code;
It determines the facility information for calculation risk coefficient for including in acquired facility information, believes as first kind equipment
Breath;
Obtain the value-at-risk of each facility information in the first kind facility information, wherein the value-at-risk table of each facility information
Show:There are when the facility information, user behavior belongs to the risk factor of fraud;
Acquired value-at-risk is added to obtain the risk factor for belonging to fraud for characterizing target user's behavior.
13. method as claimed in claim 10, which is characterized in that the acquisition belongs to fraud for characterizing target user's behavior
After the step of risk factor of behavior, further include:
The historical service request for including first equipment mark code is obtained, the service is determined according to the historical service request
The request number of times of request;
Correspondingly, described to determine that the step of whether target user's behavior is fraud includes according to the risk factor:
According to the risk factor and the request number of times, determine whether target user's behavior is fraud.
14. a kind of user behavior detection method, which is characterized in that the client being applied in user behavior detecting system, wherein
The user behavior detecting system includes:Client, background server and Cloud Server, the method includes:
Obtain the first equipment mark code, wherein first equipment mark code is:The Cloud Server is set according to the first equipment
Standby information is the identification code of first equipment distribution, and first equipment is:Equipment where the client;
The service request for including the first equipment mark code is sent to background server, so that the background server is according to the clothes
Business request obtains the risk factor for belonging to fraud for characterizing target user's behavior, as target risk coefficient, and according to
The target risk coefficient determines whether target user's behavior is fraud, wherein target user's behavior is:Institute
Client is stated to send the service request to the background server and ask the behavior serviced.
15. method as claimed in claim 14, which is characterized in that the method further includes:
Logging request is detected, and is completed after logging according to the logging request, obtains the facility information of first equipment, and will
The facility information of the first acquired equipment is sent to Cloud Server, so that the Cloud Server setting according to first equipment
Standby information determines first equipment mark code.
16. a kind of user behavior detection device, which is characterized in that the Cloud Server being applied in user behavior detecting system,
In, the user behavior detecting system includes:Client, background server and Cloud Server, described device include:
Request receiving module is detected, the user behavior for receiving background server transmission detects request, wherein user's row
The first equipment mark code is carried in being asked for detection, first equipment mark code is:The Cloud Server is according to the first equipment
Facility information be first equipment distribution identification code, first equipment is:Equipment where the client;
Risk factor obtains module, for obtaining the risk factor for belonging to fraud for characterizing target user's behavior,
As target risk coefficient, wherein target user's behavior is:The client sends the clothes to the background server
The behavior of service is asked and is asked in business;
Risk factor sending module, for sending the target risk coefficient to the background server, so that the backstage takes
Business device determines whether target user's behavior is fraud according to the target risk coefficient.
17. a kind of user behavior detection device, which is characterized in that the background server being applied in user behavior detecting system,
Wherein, the user behavior detecting system includes:Client, background server and Cloud Server, described device include:
Receiving module, the service request for including the first equipment mark code for receiving client transmission, wherein described first sets
It is for identification code:The Cloud Server is described according to the identification code that the facility information of the first equipment is first equipment distribution
First equipment is:Equipment where the client;
Module is obtained, for obtaining the risk factor for belonging to fraud for characterizing target user's behavior, as target risk
Coefficient, wherein target user's behavior is:The client sends the service request to the background server and asks
The behavior of service;
Determining module, for determining whether target user's behavior is fraud according to the target risk coefficient.
18. a kind of user behavior detection device, which is characterized in that the client being applied in user behavior detecting system, wherein
The user behavior detecting system includes:Client, background server and Cloud Server, described device include:
Identification code obtains module, for obtaining the first equipment mark code, wherein first equipment mark code is:The cloud clothes
Device be engaged according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment is:The client
Equipment where holding;
Service request sending module, for sending the service request for including the first equipment mark code to background server, so that institute
It states background server and obtains the risk factor for belonging to fraud for characterizing target user's behavior according to the service request, make
For target risk coefficient, and determine whether target user's behavior is fraud according to the target risk coefficient, wherein
Target user's behavior is:The client sends the service request to the background server and asks the row serviced
For.
19. a kind of server, which is characterized in that the server includes processor, communication interface, memory and communication bus,
Wherein, processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any method and steps of claim 7-9.
20. a kind of server, which is characterized in that the server includes processor, communication interface, memory and communication bus,
Wherein, processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any method steps of claim 10-13
Suddenly.
21. a kind of terminal, which is characterized in that including processor, communication interface, memory and communication bus, wherein processor,
Communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes the method and step described in claims 14 or 15.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810638963.2A CN108684044B (en) | 2018-06-20 | 2018-06-20 | User behavior detection system, method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810638963.2A CN108684044B (en) | 2018-06-20 | 2018-06-20 | User behavior detection system, method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108684044A true CN108684044A (en) | 2018-10-19 |
CN108684044B CN108684044B (en) | 2022-01-11 |
Family
ID=63811640
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810638963.2A Active CN108684044B (en) | 2018-06-20 | 2018-06-20 | User behavior detection system, method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108684044B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109842627A (en) * | 2019-02-20 | 2019-06-04 | 北京奇艺世纪科技有限公司 | A kind of method and device of determining service request frequency |
CN110503549A (en) * | 2019-08-30 | 2019-11-26 | 中国工商银行股份有限公司 | Data processing method, device, system, electronic equipment and medium |
CN110941863A (en) * | 2019-11-13 | 2020-03-31 | 中信百信银行股份有限公司 | Equipment fingerprint generation method and device and terminal |
CN111737721A (en) * | 2020-08-13 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Terminal device ID generation method and device and electronic device |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101142570A (en) * | 2004-06-14 | 2008-03-12 | 约维申有限公司 | Network security and fraud detection system and method |
CN103023918A (en) * | 2012-12-26 | 2013-04-03 | 百度在线网络技术(北京)有限公司 | Method, system and device for uniformly providing login for multiple network services |
CN105678544A (en) * | 2015-12-31 | 2016-06-15 | 深圳前海微众银行股份有限公司 | Risk monitoring method of remote account opening and server |
CN106096996A (en) * | 2016-05-31 | 2016-11-09 | 北京奇虎科技有限公司 | The detection method of mobile terminal cheating and related device |
CN106713288A (en) * | 2016-12-08 | 2017-05-24 | 同盾科技有限公司 | Fraud risk identification and prevention method and system |
CN106776623A (en) * | 2015-11-23 | 2017-05-31 | 阿里巴巴集团控股有限公司 | A kind of user behavior analysis method and apparatus |
CN107294905A (en) * | 2016-03-30 | 2017-10-24 | 苏宁云商集团股份有限公司 | A kind of method and device for recognizing user |
-
2018
- 2018-06-20 CN CN201810638963.2A patent/CN108684044B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101142570A (en) * | 2004-06-14 | 2008-03-12 | 约维申有限公司 | Network security and fraud detection system and method |
CN103023918A (en) * | 2012-12-26 | 2013-04-03 | 百度在线网络技术(北京)有限公司 | Method, system and device for uniformly providing login for multiple network services |
CN106776623A (en) * | 2015-11-23 | 2017-05-31 | 阿里巴巴集团控股有限公司 | A kind of user behavior analysis method and apparatus |
CN105678544A (en) * | 2015-12-31 | 2016-06-15 | 深圳前海微众银行股份有限公司 | Risk monitoring method of remote account opening and server |
CN107294905A (en) * | 2016-03-30 | 2017-10-24 | 苏宁云商集团股份有限公司 | A kind of method and device for recognizing user |
CN106096996A (en) * | 2016-05-31 | 2016-11-09 | 北京奇虎科技有限公司 | The detection method of mobile terminal cheating and related device |
CN106713288A (en) * | 2016-12-08 | 2017-05-24 | 同盾科技有限公司 | Fraud risk identification and prevention method and system |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109842627A (en) * | 2019-02-20 | 2019-06-04 | 北京奇艺世纪科技有限公司 | A kind of method and device of determining service request frequency |
CN109842627B (en) * | 2019-02-20 | 2021-07-20 | 北京奇艺世纪科技有限公司 | Method and device for determining service request frequency |
CN110503549A (en) * | 2019-08-30 | 2019-11-26 | 中国工商银行股份有限公司 | Data processing method, device, system, electronic equipment and medium |
CN110503549B (en) * | 2019-08-30 | 2022-05-13 | 中国工商银行股份有限公司 | Data processing method, device, system, electronic equipment and medium |
CN110941863A (en) * | 2019-11-13 | 2020-03-31 | 中信百信银行股份有限公司 | Equipment fingerprint generation method and device and terminal |
CN111737721A (en) * | 2020-08-13 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Terminal device ID generation method and device and electronic device |
Also Published As
Publication number | Publication date |
---|---|
CN108684044B (en) | 2022-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11887176B2 (en) | Method for registering customized device, server, and terminal | |
CN108684044A (en) | A kind of user behavior detecting system, method and device | |
US7809667B1 (en) | Rule-based network resource compliance | |
CN107015996A (en) | A kind of resource access method, apparatus and system | |
CN106411878B (en) | Method, device and system for making access control strategy | |
US11017076B2 (en) | Enhancing security using anomaly detection | |
CN110855772B (en) | Cross-device data storage method, system, device, server and medium | |
CN107533618A (en) | Protect data from unwarranted access | |
CN103139761B (en) | The method and communication terminal of a kind of information real-time show | |
CN105357204A (en) | Method and apparatus for generating terminal identifying information | |
CN106790727A (en) | Information push method and device | |
WO2018164920A1 (en) | Quick response (qr) code for secure provisioning of a user device to perform a secure operation | |
TW201140335A (en) | Fine-grained location determination of networked computers | |
CN103581881B (en) | Comprehensive number-obtaining device as well as system and method for obtaining cell phone number of user on network side | |
CN110933152B (en) | Preheating method, device and system and electronic equipment | |
CN110209956B (en) | Method, medium, apparatus and computing device for providing reading service | |
CN111353136A (en) | Method and device for processing operation request | |
US20210141824A1 (en) | Geolocation restricted content registration and publication | |
KR101710824B1 (en) | Method and system for third-party service platform login | |
CN111767481B (en) | Access processing method, device, equipment and storage medium | |
CN106445479A (en) | Information pushing method and apparatus | |
CN112765519A (en) | Public number configuration method and device, electronic equipment and storage medium | |
CN111597564A (en) | Data access and permission configuration method, device, terminal and storage medium | |
CN110532324A (en) | Notice information methods of exhibiting, device, equipment and storage medium based on block chain | |
CN107493302A (en) | A kind of user information acquiring method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |