CN108684044A

CN108684044A - A kind of user behavior detecting system, method and device

Info

Publication number: CN108684044A
Application number: CN201810638963.2A
Authority: CN
Inventors: 徐艳清; 翟攀
Original assignee: China Integrity Information Co Ltd
Current assignee: China Integrity Information Co Ltd
Priority date: 2018-06-20
Filing date: 2018-06-20
Publication date: 2018-10-19
Anticipated expiration: 2038-06-20
Also published as: CN108684044B

Abstract

An embodiment of the present invention provides a kind of user behavior detecting system, method and device, which includes：Client, background server, Cloud Server；Client sends the service request for including the first equipment mark code to background server, and the first equipment mark code is Cloud Server according to the identification code that the facility information of the first equipment is the distribution of the first equipment, equipment of first equipment where client；Background server receives service request, and sends the user behavior detection request for carrying the first equipment mark code to Cloud Server according to service request；The detection request of cloud server user behavior, and the risk factor that characterization target user's behavior belongs to fraud is obtained, as target risk coefficient and it is sent to background server；Background server receives target risk coefficient, and determines whether target user's behavior is fraud according to target risk coefficient.It can ensure interests of the service side in providing a user service process using technical solution provided in an embodiment of the present invention.

Description

A kind of user behavior detecting system, method and device

Technical field

The present invention relates to Internet technical fields, more particularly to a kind of user behavior detecting system, method and device.

Background technology

With the development of Internet technology, service side is more and more common in such a way that internet provides a user service. By way of network offering services, while being brought convenience to user, also challenge is brought to the operation way of service side.

For example, service side is in order to carry out service popularization, it will usually release the activity for providing a user discount coupon.In this work In dynamic, service side ensures the income of itself while extension service, it will usually limit the discount coupon number that user can get Amount.However during user gets discount coupon, some users in order to use discount coupon be used for multiple times service side popularization Service, it will usually quantity limited more than service side discount coupon is got using the repeatedly modes such as registration, so that service side Interests incur loss in providing a user service process.

Based on this, there is an urgent need for a kind of effective methods to detect user behavior to ensure that service side is providing a user clothes Interests during business.

Invention content

The embodiment of the present invention is designed to provide a kind of user behavior detecting system, method and device, to realize detection Whether user behavior is fraud, to ensure interests of the service side in providing a user service process.Specific technical solution It is as follows：

The one side that the present invention is implemented, provides a kind of user behavior detecting system, which includes：Client, backstage Server, Cloud Server, wherein

The client, for sending the service request for including the first equipment mark code to the background server, wherein First equipment mark code is：The Cloud Server is according to the mark that the facility information of the first equipment is first equipment distribution Know code, first equipment is：Equipment where the client；

The background server, for receiving the service request, and according to the service request to the Cloud Server Send user behavior detection request, wherein carry first equipment mark code in the user behavior detection request；

The Cloud Server for receiving the user behavior detection request, and is obtained for characterizing target user's behavior The risk factor for belonging to fraud, as target risk coefficient, wherein target user's behavior is：The client is logical It crosses to the background server and sends the service request and ask the behavior serviced；The mesh is sent to the background server Mark risk factor；

The background server determines institute for receiving the target risk coefficient, and according to the target risk coefficient State whether target user's behavior is fraud.

It is optionally, described to obtain for characterizing the step of target user's behavior belongs to the risk factor of fraud, Including：

In the mapping relations of pre-stored equipment mark code and facility information, it includes first device identification to search The mapping relations of code, as the first mapping relations；

The facility information that calculation risk coefficient is used in the facility information that first mapping relations include is obtained, as the A kind of facility information；

Obtain the value-at-risk of each facility information in the first kind facility information, wherein the risk of each facility information Value indicates：There are when the facility information, user behavior belongs to the risk factor of fraud；

Acquired value-at-risk is added to obtain the risk system for belonging to fraud for characterizing target user's behavior Number.

Optionally, the facility information for calculation risk coefficient includes at least one of following information：

Equipment is characterized whether using the information acted on behalf of；

Whether characterization equipment has obtained the information of root authority.

Optionally, after the reception risk factor the step of, further include：

The historical service request for including first equipment mark code is obtained, according to historical service request determination The request number of times of service request；

Correspondingly, described to determine that the step of whether target user's behavior is fraud is wrapped according to the risk factor It includes：

According to the risk factor and the request number of times, determine whether target user's behavior is fraud.

Optionally, the client is additionally operable to detection logging request, and is completed after logging according to the logging request, obtains The information that computing device identification code is used in the facility information of the first equipment is taken, as the second class facility information, and by described the Two class facility informations are sent to the Cloud Server；

The Cloud Server is additionally operable to receive the second class facility information that the client is sent, and described in calculating For between the information of computing device identification code in the facility information that second class facility information includes respectively with each mapping relations Similarity；

The similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value is judged, if so, by target The equipment mark code for including in mapping relations is determined as first equipment mark code, and first equipment mark code is fed back To the client, wherein the target mapping relations are：Include the mapping relations of target device information, the target device Information is：Including being more than for the similarity between the information and the second class facility information of computing device identification code default The facility information of threshold value；

If not, according to preset correspondence between facility information and identification code, the second class equipment is determined The identification code of each information in information, merge determined by each identification code obtain first equipment mark code, by described the One equipment mark code feeds back to the client, and the first identifier code and the second class facility information are stored to described In mapping relations.

Optionally, the information for computing device identification code includes at least one of following information：

Language that systematic name, system version, device type, unit type, the country residing for equipment, equipment use, screen Geographical location, Internet Service Provider, user residing for the equipment that curtain resolution ratio, CPU models, local IP, public network IP, IP are characterized Act on behalf of UserAgent, ad identifier IDFA, IDFV, Virtual Private Network VPN, Universally Unique Identifier UUID, longitude and latitude, Network type, operator, country code, network number, random access memory ram, read-only memory mirror image ROM, device battery capacity, Equipment manufacturers, international mobile subscriber identity IMSI, network/MAC address, the equipment sequence that equipment manufacturers are equipment distribution Number, the time zone in geographical location residing for international mobile equipment identification number IMEI, screen size, baseband version, equipment, device network system Browser uses in the kernel of browser, equipment in formula, equipment language, web protocol, equipment are maximum while touching points, sail Cloth fingerprint.

The another aspect that the present invention is implemented additionally provides a kind of user behavior detection method, is applied to user behavior detection system Cloud Server in system, wherein the user behavior detecting system includes：Client, background server and Cloud Server, it is described Method includes：

Receive the user behavior detection request that background server is sent, wherein carried in the user behavior detection request First equipment mark code, first equipment mark code are：The Cloud Server is described according to the facility information of the first equipment The identification code of first equipment distribution, first equipment are：Equipment where the client；

It obtains and belongs to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient, Wherein, target user's behavior is：The client sends the service request to the background server and asks to service Behavior；

The target risk coefficient is sent to the background server, so that the background server is according to the target wind Dangerous coefficient determines whether target user's behavior is fraud.

Optionally, the method further includes：

Receive the second class facility information that the client is sent；

It calculates and is used for computing device in the facility information that the second class facility information includes respectively with each mapping relations Similarity between the information of identification code；

The another aspect that the present invention is implemented additionally provides a kind of user behavior detection method, is applied to user behavior and detects Background server in system, wherein the user behavior detecting system includes：Client, background server and Cloud Server, The method includes：

Receive the service request for including the first equipment mark code that client is sent, wherein first equipment mark code For：The Cloud Server is according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment For：Equipment where the client；

The risk factor for belonging to fraud for characterizing target user's behavior is obtained, as target risk coefficient, wherein Target user's behavior is：The client sends the service request to the background server and asks the row serviced For；

Determine whether target user's behavior is fraud according to the target risk coefficient.

Optionally, described to obtain for characterizing the step of target user's behavior belongs to the risk factor of fraud, including：

User behavior detection request is sent to the Cloud Server according to the service request, so that the Cloud Server obtains The risk factor for belonging to fraud in characterization target user's behavior is taken, as target risk coefficient, wherein the use First equipment mark code is carried in the behavioral value request of family, target user's behavior is：The client is by institute Background server is stated to send the service request and ask the behavior serviced；

Receive the target risk coefficient that the Cloud Server is sent.

Obtain the facility information of the first equipment corresponding with first equipment mark code；

The facility information for calculation risk coefficient for including in acquired facility information is determined, as first kind equipment Information；

Optionally, after the acquisition is for characterizing the step of target user's behavior belongs to the risk factor of fraud, Further include：

The another aspect of the embodiment of the present invention additionally provides a kind of user behavior detection method, is applied to user behavior and detects Client in system, wherein the user behavior detecting system includes：Client, background server and Cloud Server, it is described Method includes：

Obtain the first equipment mark code, wherein first equipment mark code is：The Cloud Server is according to the first equipment Facility information be first equipment distribution identification code, first equipment is：Equipment where the client；

The service request for including the first equipment mark code is sent to background server, so that the background server is according to institute It states service request and obtains the risk factor for belonging to fraud for characterizing target user's behavior, as target risk coefficient, and Determine whether target user's behavior is fraud according to the target risk coefficient, wherein target user's behavior For：The client sends the service request to the background server and asks the behavior serviced.

Optionally, the method further includes：

Logging request is detected, and is completed after logging according to the logging request, the facility information of first equipment is obtained, And the facility information of the first acquired equipment is sent to Cloud Server, so that the Cloud Server is according to first equipment Facility information determine first equipment mark code.

The another aspect of the embodiment of the present invention additionally provides a kind of user behavior detection device, is applied to user behavior and examines Cloud Server in examining system, wherein the user behavior detecting system includes：Client, background server and Cloud Server, Described device includes：

Request receiving module is detected, the user behavior for receiving background server transmission detects request, wherein the use The first equipment mark code is carried in the behavioral value request of family, first equipment mark code is：The Cloud Server is according to first The facility information of equipment is the identification code of first equipment distribution, and first equipment is：Equipment where the client；

Risk factor obtains module, for obtaining the risk system for belonging to fraud for characterizing target user's behavior Number, as target risk coefficient, wherein target user's behavior is：The client sends institute to the background server It states service request and asks the behavior serviced；

Risk factor sending module, for sending the target risk coefficient to the background server, so that after described Platform server determines whether target user's behavior is fraud according to the target risk coefficient.

Optionally, risk factor obtains module, is specifically used for,

Optionally, described device further includes：

Facility information receiving module, the second class facility information sent for receiving the client；

Similarity calculation module, the equipment for including with each mapping relations respectively for calculating the second class facility information For the similarity between the information of computing device identification code in information；

Identification code determining module is more than the phase of predetermined threshold value in the similarity for judging to be calculated with the presence or absence of numerical value Like degree,

In the case where the judgment result is yes, the equipment mark code for including in target mapping relations is determined as described by execution First equipment mark code, and first equipment mark code is fed back into the client, wherein the target mapping relations For：Include the mapping relations of target device information, the target device information is：Including the letter for computing device identification code Similarity between breath and the second class facility information is more than the facility information of predetermined threshold value；

In the case where judging result is no, execute according to preset corresponding pass between facility information and identification code System, determines the identification code of each information in the second class facility information, merge determined by each identification code obtain described the First equipment mark code is fed back to the client by one equipment mark code, and by the first identifier code and the second class In facility information storage to the mapping relations.

The another aspect that the present invention is implemented additionally provides a kind of user behavior detection device, is applied to user behavior and detects Background server in system, wherein the user behavior detecting system includes：Client, background server and Cloud Server, Described device includes：

Receiving module, the service request for including the first equipment mark code for receiving client transmission, wherein described the One equipment mark code is：The Cloud Server is the identification code of first equipment distribution according to the facility information of the first equipment, First equipment is：Equipment where the client；

Module is obtained, for obtaining the risk factor for belonging to fraud for characterizing target user's behavior, as target Risk factor, wherein target user's behavior is：The client send the service request to the background server and Ask the behavior of service；

Determining module, for determining whether target user's behavior is fraud according to the target risk coefficient.

Optionally, module is obtained, is specifically used for,

Receive the target risk coefficient that the Cloud Server is sent.

Optionally, module is obtained, is specifically used for,

Optionally, described device further includes：

Request number of times acquisition module, for obtaining the historical service request for including first equipment mark code, according to institute State the request number of times that historical service request determines the service request；

Correspondingly, determining module is specifically used for,

The another aspect that the present invention is implemented additionally provides a kind of user behavior detection device, is applied to user behavior and detects Client in system, wherein the user behavior detecting system includes：Client, background server and Cloud Server, it is described Device includes：

Identification code obtains module, for obtaining the first equipment mark code, wherein first equipment mark code is：It is described Cloud Server is the identification code of first equipment distribution according to the facility information of the first equipment, and first equipment is：It is described Equipment where client；

Service request sending module, for sending the service request for including the first equipment mark code to background server, with The background server is set to obtain the risk system for belonging to fraud for characterizing target user's behavior according to the service request Number, determines whether target user's behavior is fraud as target risk coefficient, and according to the target risk coefficient, Wherein, target user's behavior is：The client sends the service request to the background server and asks to service Behavior.

Optionally, described device further includes：Login module is detected, is asked for detecting logging request, and according to the login After asking completion to log in, the facility information of first equipment is obtained, and the facility information of the first acquired equipment is sent to Cloud Server, so that the Cloud Server determines first equipment mark code according to the facility information of first equipment.

The another aspect that the present invention is implemented, additionally provides a kind of server, which is characterized in that is connect including processor, communication Mouth, memory and communication bus, wherein processor, communication interface, memory complete mutual communication by communication bus；

Memory, for storing computer program；

Processor when for executing the program stored on memory, realizes any of the above-described use applied to Cloud Server Family behavioral value method.

Memory, for storing computer program；

Processor when for executing the program stored on memory, is realized any of the above-described applied to background server Primary user's behavioral value method.

The another aspect that the present invention is implemented, additionally provides a kind of terminal, which is characterized in that including processor, communication interface, Memory and communication bus, wherein processor, communication interface, memory complete mutual communication by communication bus；

Memory, for storing computer program；

Processor when for executing the program stored on memory, realizes any of the above-described user applied to client Behavioral value method.

At the another aspect that the present invention is implemented, a kind of computer readable storage medium is additionally provided, it is described computer-readable Instruction is stored in storage medium, when run on a computer so that computer executes any of the above-described applied to cloud service The user behavior detection method of device.

At the another aspect that the present invention is implemented, a kind of computer readable storage medium is additionally provided, it is described computer-readable Instruction is stored in storage medium, when run on a computer so that computer executes any of the above-described backstage that is applied to and takes The user behavior detection method of business device.

At the another aspect that the present invention is implemented, a kind of computer readable storage medium is additionally provided, it is described computer-readable Instruction is stored in storage medium, when run on a computer so that computer executes any of the above-described applied to client User behavior detection method.

At the another aspect that the present invention is implemented, the embodiment of the present invention additionally provides a kind of computer program production comprising instruction Product, when run on a computer so that computer executes the user behavior detection method of any of the above-described Cloud Server.

At the another aspect that the present invention is implemented, the embodiment of the present invention additionally provides a kind of computer program production comprising instruction Product, when run on a computer so that computer executes the user behavior detection method of any of the above-described background server.

At the another aspect that the present invention is implemented, the embodiment of the present invention additionally provides a kind of computer program production comprising instruction Product, when run on a computer so that computer executes the user behavior detection method of any of the above-described client.

User behavior detecting system provided in an embodiment of the present invention, method and device, Cloud Server can be according to client The facility information of the first equipment of place is that the first equipment distributes the first equipment mark code, is taken when client is sent to background server When business request, the first equipment mark code is carried in service request, background server upon receipt of a service request, can be according to connecing The service request received sends the user behavior detection request for carrying the first equipment mark code to Cloud Server, and according to cloud service Device feedback is used to characterize the risk factor that target user's behavior belongs to fraud, determines whether target user's behavior is fraud Behavior.Due to equipment mark code be Cloud Server according to the facility information of equipment be equipment distribution being capable of the unique mark equipment Identification code, be based on this, system provided in an embodiment of the present invention can chase after target user's behavior by equipment mark code Track, and the risk factor of fraud is belonged to according to characterization target user's behavior, determine whether target user's behavior is fraud row For, and then can ensure interests of the service side in providing a user service process.

Description of the drawings

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.

Fig. 1 is the structural schematic diagram of user behavior detecting system provided in an embodiment of the present invention；

Fig. 2 is interactive process schematic diagram in user behavior detecting system provided in an embodiment of the present invention；

Fig. 3 is the flow diagram of the first user behavior detection method provided in an embodiment of the present invention；

Fig. 4 is the flow diagram of second of user behavior detection method provided in an embodiment of the present invention；

Fig. 5 be it is provided in an embodiment of the present invention the third be used for behavioral value method flow diagram；

Fig. 6 is the structural schematic diagram of the first user behavior detection device provided in an embodiment of the present invention；

Fig. 7 is the structural schematic diagram of second of user behavior detection device provided in an embodiment of the present invention；

Fig. 8 is the structural schematic diagram of the third user behavior detection device provided in an embodiment of the present invention；

Fig. 9 is a kind of structural schematic diagram of server provided in an embodiment of the present invention；

Figure 10 is the structural schematic diagram of another server provided in an embodiment of the present invention；

Figure 11 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention.

Specific implementation mode

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.

Referring to Fig.1, it is a kind of structural schematic diagram of user behavior detecting system provided in an embodiment of the present invention, the system packet It includes：Client 100, background server 200, Cloud Server 300 are user's detection system provided in an embodiment of the present invention with reference to Fig. 2 System interactive process schematic diagram,

Specifically, client 100 detects logging request, and completed after logging according to logging request, obtains itself place The first equipment facility information in be used for computing device identification code information, as the second class facility information and be sent to cloud clothes Business device 300, Cloud Server 300 are the first equipment assigned identification codes according to the second class facility information received, are set as first Standby identification code simultaneously feeds back to client 100；

Client 100 sends the service request for setting identification code comprising first, background server 200 to background server 200 After receiving service request, sends the user behavior comprising the first equipment mark code to Cloud Server 300 and detect request, cloud service After device 300 receives user behavior detection request, the risk factor for belonging to fraud for characterizing target user's behavior is obtained, As target risk coefficient and background server 200 is fed back to, target user's behavior is：The client is by the backstage Server sends the service request and asks the behavior serviced；

It, can when background server 200 determines that target user's behavior is fraud according to the target risk coefficient received To feed back the result of inhibition request service to client 100；Background server 200 is determined according to the target risk coefficient received When target user's behavior is not belonging to fraud, requested content can be asked to 100 back services of client.

System provided in an embodiment of the present invention can be true according to the facility information of equipment where client by Cloud Server Fixed equipment mark code is tracked target user's behavior, and belongs to the risk of fraud according to characterization target user's behavior Coefficient determines whether target user's behavior is fraud, and then can ensure service side in providing a user service process Interests.

User behavior detecting system provided in an embodiment of the present invention will be described in detail below, specifically,

Client 100, for sending the service request for including the first equipment mark code to background server 200, wherein the One equipment mark code is：According to the identification code that the facility information of the first equipment is the distribution of the first equipment, first sets Cloud Server 300 It is standby to be：Equipment where client 100；

Background server 200 sends user's row for receiving service request, and according to service request to Cloud Server 300 It is asked for detection, wherein carry the first equipment mark code in user behavior detection request；

Cloud Server 300 for receiving user behavior detection request, and is obtained to belong to for characterizing target user's behavior and be taken advantage of The risk factor of swindleness behavior, as target risk coefficient, wherein target user's behavior is：Client 100 is by background service Device 200 sends service request and asks the behavior serviced；Target risk coefficient is sent to background server 200；

Background server 200 determines target user's behavior for receiving target risk coefficient, and according to target risk coefficient Whether it is fraud.

Target user's behavior is：Client 100 asks the row of service by sending service request to background server 200 For for example, what client 100 sent to background server is the request for getting discount coupon, correspondingly, target user's behavior is then For：The behavior of discount coupon is got in request.

In a kind of realization method, obtain for characterizing the step of target user's behavior belongs to the risk factor of fraud, Including：

Step 1, in the mapping relations of pre-stored equipment mark code and facility information, it includes the first equipment to search The mapping relations of identification code, as the first mapping relations；

Step 2 obtains the facility information for being used for calculation risk coefficient in the facility information that the first mapping relations include, makees For first kind facility information；

Step 3 obtains the value-at-risk of each facility information in first kind facility information, wherein the wind of each facility information Danger value indicates：There are when the facility information, user behavior belongs to the risk factor of fraud；

Acquired value-at-risk is added to obtain the risk for belonging to fraud for characterizing target user's behavior by step 4 Coefficient.

In practical application, Cloud Server 300 can be in the facility information for receiving the transmission of client 100, and according to reception After the facility information arrived is the equipment distributing equipment identification code where client 100, establish facility information and equipment mark code it Between mapping relations, a mapping relations include：100 institute of equipment mark code and client of equipment where client 100 Equipment facility information.Based on this, Cloud Server 300 upon receipt platform server 200 send include the first equipment After the user behavior detection request of identification code, the mapping for including the first equipment mark code can be searched in the mapping relations of foundation Relationship, obtains the facility information for including in the mapping relations found, so according in acquired facility information for calculating The information of risk factor determines risk factor.

Specifically, the facility information for calculation risk coefficient includes at least one of following information：

Equipment is characterized whether using the information acted on behalf of；

Can be understood as equipment using agency needs the website accessed to send visit by providing the third direction of agency service Ask request so that website is considered the access request that third party sends, and detection third party is gone whether to meet access consideration, to So that equipment itself bypasses the detection of website.

Root authority expression obtains the highest permission of system, and user can be to any file in system after obtaining root authority It modifies, for example modifies to the facility information of equipment.In practical application, root power can be obtained by third party software Limit；For example, the mobile phone of android system can obtain root authority by root softwares, the mobile phone of ios systems can be by more Prison software obtains root authority.

It can be seen that when equipment is using agency or has obtained root authority, it can indicate that user asks the behavior of service to be deposited Can be that each facility information for calculation risk coefficient distributes a value-at-risk, wind in advance therefore in the risk of fraud Danger value is there are when the facility information, and user belongs to the risk factor of fraud.For example, value-at-risk is up to 10, setting Equipment is 6 using the value-at-risk of agency.

Correspondingly, when calculating user behavior and belonging to the risk factor of fraud, by facility information each based on The value-at-risk for calculating the facility information of risk factor is added to obtain risk factor, and the value of obtained risk factor is bigger, then shows The probability that user behavior belongs to fraud is higher.Based on this, in a kind of realization method, background server 200 can set One threshold value, when the target risk coefficient received is more than the first threshold of setting, it is determined that target user's behavior belongs to fraud Behavior repeatedly obtains service to reduce user by way of changing facility information.

In order to more accurately determine whether user behavior is fraud, a kind of realization method of the embodiment of the present invention In, after the step of receiving the risk factor, further include：

The historical service request for including the first equipment mark code is obtained, asking for service request is determined according to historical service request Seek number；

Correspondingly, determine that the step of whether target user's behavior is fraud includes according to risk factor：

According to risk factor and request number of times, determine whether target user's behavior is fraud.

In a kind of realization method, background server 200 can carry out the service request received according to equipment mark code Service request comprising same equipment mark code in service request is divided into one group and recorded, that is, will led to by grouped record It crosses the service request that same equipment is sent and is classified as one group, be based on this, background server 200 upon receipt of a service request, obtains That group service request identical with the equipment mark code for including in the service request, and then determine the service request received Request number of times.For example, background server 200 receives the service request for getting discount coupon, the equipment for including in the service request Identification code is A, that group service request for including equipment mark code A in recorded each group is obtained, so that it is determined that the group service The request number of times of the service request of discount coupon is got in request.

Correspondingly, background server 200 can set a second threshold, so when risk factor be more than first threshold and When request number of times is more than second threshold, determine that target user's behavior belongs to fraud, technical side provided in an embodiment of the present invention Case can consider risk factor and request number of times so that testing result is more acurrate.

In order to reduce the probability that equipment mark code is tampered, in a kind of realization method of the embodiment of the present invention,

Client 100 is additionally operable to detection logging request, and is completed after logging according to logging request, obtains the first equipment It is used for the information of computing device identification code in facility information, is sent as the second class facility information, and by the second class facility information To Cloud Server 300；

Cloud Server 300 is additionally operable to receive the second class facility information that client 100 is sent, and calculates the second class equipment For the similarity between the information of computing device identification code in the facility information that information includes respectively with each mapping relations；

The similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value is judged, if so, by target The equipment mark code for including in mapping relations is determined as the first equipment mark code, and the first equipment mark code is fed back to client 100, wherein target mapping relations are：Include the mapping relations of target device information, target device information is：Including being used for Similarity between the information of computing device identification code and the second class facility information is more than the facility information of predetermined threshold value；

If not, according to preset correspondence between facility information and identification code, the second class facility information is determined In each information identification code, merge determined by each identification code obtain the first equipment mark code, by the first equipment mark code The client is fed back to, and will be in first identifier code and the storage to mapping relations of the second class facility information.

Predetermined threshold value can be set as needed, and the threshold value set is higher to judge two equipment as the same equipment Standard is higher.

Information for computing device identification code includes at least one of following information：

Systematic name is used the title of system by equipment, may include：Android system, ios systems, Windows systems System.

System version is used the version of system by equipment, for example, android system includes：Android7.0 versions, Android8.0 versions；Ios systems include：Ios11.0 versions, ios10.0 versions；Windows systems include：Windows XP Version, Windows10 versions.

Device type may include：Mobile terminal style, immobile terminal type；Wherein, belong to mobile terminal style Equipment includes：Mobile phone, notebook, tablet computer；The equipment for belonging to immobile terminal type includes：Desktop computer.

One kind that IDFV (identifier For Vendor) belongs to unique identifier in ios systems is by number and word Mother's composition, for identifying the character string of equipment uniqueness.

Device network standard includes mainly：Global system for mobile communications GSM (Global System for Mobile Communication), CDMA CDMA (Code Division Multiple Access), 3rd generation mobile communication technology 3G (3rd-Generation), fourth generation mobile phone mobile communication standard 4G (the 4th Generation mobile communication technology)。

The maximum points that touch simultaneously of equipment are the behaviour that can be responded operator simultaneously and carry out human-computer interaction on device screen It counts.

Canvas fingerprint refers to being used as " encryption key " by parameters such as resolution ratio, the color digits of each equipment, is led to It crosses and utilizes canvas draw pictures on a web browser, and the graphic code of picture that calculating and plotting goes out, it is unique as equipment Identification code.

In a kind of realization method, Cloud Server 300 can calculate the second class received using cosine similarity algorithm Facility information respectively in the facility information that each mapping relations include be used for computing device identification code information between it is similar Degree, when there are when the similarity that numerical value is more than predetermined threshold value, then show to exist comprising receiving in the similarity being calculated The mapping relations of second class facility information are based on this, can will be in the mapping relations comprising the second class facility information received Equipment mark code as the first equipment equipment mark code and be sent to client 100, without further according to received Two class facility informations calculate the equipment mark code of 100 place equipment of client.

In a kind of realization method, using cosine similarity algorithm come calculate the second class facility information received respectively with often It is for the expression formula of similarity between the information of computing device identification code in the facility information that one mapping relations include：

Wherein, x indicates that the information that computing device identification code is used in the facility information that each mapping relations include, y indicate The information for computing device identification code received, n indicate that the quantity of the information for computing device identification code, i indicate i-th A information for computing device identification code.

When similarity of the numerical value more than predetermined threshold value is not present in the similarity calculated, then show that there is no comprising reception The mapping relations of the second class facility information arrived then need, according to each information in the second class facility information, to determine client The equipment mark code of 100 place equipment.Can be that computing device identification code is used in facility information in advance in a kind of realization method Each information assigned identification codes, specifically, be directed to CPU type informations, can be different CPU models distribute different marks Code, for example, the CPU models of apple 7：A1660, the then identification code distributed for the CPU models are：1660, apple 7Plus's CPU models：A1661, the then identification code distributed for the CPU models are：1661.Based on this, it is used for according in facility information When the information of computing device identification code determines equipment mark code, it can obtain and be used for computing device identification code in advance facility information Each information assigned identification codes, the identification code of acquired each information is then merged into the device identification for obtaining the equipment Code.

Specifically, during generating equipment mark code, Cloud Server can be by the identification code of the facility information got Sequential concatenation successively, for example, the identification code of systematic name is：1111；The identification code of system version is：The mark of 2222, CPU models It is 1660 to know code, then the result successively after sequential concatenation is：111122221660, the result for then obtaining splicing passes through MD5 (Message-Digest Algorithm 5) is encrypted, and is equipment mark code by encrypting acquired results.A kind of realization method In, different identification code splicing sequences can be distributed for different system in advance according to the difference of the used system of equipment, for example, Android system identification code is spliced into：The identification code of the identification code+CPU models of identification code+system version of systematic name； Ios systematic identification codes splicing sequence be：The identification code of the identification code+CPU models of identification code+systematic name of system version.

In technical solution provided in an embodiment of the present invention, client all can after completing to log according to logging request every time Information for computing device identification code in the facility information of equipment where itself is sent to Cloud Server, to obtain equipment Identification code is based on this, can reduce the probability that equipment mark code is tampered, to ensure the accuracy detected to user behavior.

It is the first user behavior detection method provided in an embodiment of the present invention referring to Fig. 3, is applied to user behavior and detects Cloud Server in system, wherein user behavior detecting system includes：Client, background server and Cloud Server, this method Including：

S410 receives the user behavior detection request that background server is sent, wherein carried in user behavior detection request First equipment mark code, the first equipment mark code are：Cloud Server is distributed according to the facility information of the first equipment for the first equipment Identification code, the first equipment is：Equipment where client；

S420 is obtained and is belonged to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient, Wherein, target user's behavior is：Client sends service request to background server and asks the behavior serviced；

S430 sends target risk coefficient to background server, so that background server is determined according to target risk coefficient Whether target user's behavior is fraud.

In a kind of realization method of the embodiment of the present invention, obtains and belong to fraud for characterizing target user's behavior The step of risk factor, including：

In a kind of realization method, the facility information for calculation risk coefficient includes at least one of following information：

Equipment is characterized whether using the information acted on behalf of；

In a kind of realization method of the embodiment of the present invention, user behavior detection method further includes：

Step 1 receives the second class facility information that client is sent；

Step 2 is calculated in the facility information that the second class facility information includes respectively with each mapping relations and is set for calculating Similarity between the information of standby identification code；

Step 3 judges the similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value, if so, The equipment mark code for including in target mapping relations is determined as the first equipment mark code, and the first equipment mark code is fed back to Client, wherein target mapping relations are：Include the mapping relations of target device information, target device information is：Including using Similarity between the information and the second class facility information of computing device identification code is more than the facility information of predetermined threshold value；

If not, according to preset correspondence between facility information and identification code, the second class facility information is determined In each information identification code, merge determined by each identification code obtain the first equipment mark code, by the first equipment mark code Client is fed back to, and will be in first identifier code and the storage to the mapping relations of the second class facility information.

In a kind of realization method, the information for computing device identification code includes at least one of following information：

User's detection method provided in an embodiment of the present invention can by Cloud Server setting according to equipment where client The equipment mark code that standby information determines is tracked target user's behavior, and belongs to fraud row according to characterization target user's behavior For risk factor determine whether target user's behavior is fraud, and then can ensure service side providing a user service Interests in the process.

Referring to Fig. 4, second of user behavior detection method provided in an embodiment of the present invention is shown, be applied to user behavior Background server in detecting system, wherein user behavior detecting system includes：Client, background server and Cloud Server, This method includes：

S510 receives the service request for including the first equipment mark code that client is sent, wherein the first equipment mark Knowing code is：The identification code that the Cloud Server is distributed according to the facility information of the first equipment for first equipment, described first Equipment is：Equipment where the client；

S520 is obtained and is belonged to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient, Wherein, target user's behavior is：The client sends the service request to the background server and asks to service Behavior；

S530 determines whether target user's behavior is fraud according to the target risk coefficient.

In a kind of realization method of the embodiment of the present invention, the risk for belonging to fraud for characterizing target user's behavior is obtained The step of coefficient, including：

Step 1 sends user behavior detection request to Cloud Server according to service request, is used so that Cloud Server obtains Belong to the risk factor of fraud in characterization target user's behavior, as target risk coefficient, wherein user behavior detection is asked The first equipment mark code of middle carrying, target user's behavior is asked to be：Client is asked by sending service request to background server Ask the behavior of service；

Step 2 receives the target risk coefficient that Cloud Server is sent.

Step 1 obtains the facility information of the first equipment corresponding with the first equipment mark code；

Step 2 determines the facility information for calculation risk coefficient for including in acquired facility information, as the A kind of facility information；

Equipment is characterized whether using the information acted on behalf of；

Specifically, background server can be believed according to the equipment that the first equipment mark code obtains the first equipment from client Breath；Due to being stored with the mapping relations comprising the first equipment mark code and the first equipment facility information in background server, it is based on This, can also ask the facility information of the first equipment according to the first equipment mark code to Cloud Server.

After the facility information for obtaining the first equipment corresponding with the first equipment mark code, determine in acquired facility information For the facility information of calculation risk coefficient, then, according in advance for each for the distribution of the facility information of calculation risk coefficient Value-at-risk, obtain the risk factor for belonging to fraud for characterizing target user's behavior.

In a kind of realization method of the embodiment of the present invention, the risk for belonging to fraud for characterizing target user's behavior is obtained After the step of coefficient, further include：

User behavior detection method provided in an embodiment of the present invention can be by Cloud Server according to equipment where client Facility information determine equipment mark code, target user's behavior is tracked, and according to characterization target user's behavior belong to The risk factor of fraud determines whether target user's behavior is fraud, and then can ensure that service side carries to user For the interests in service process.

With reference to Fig. 5, the third user behavior detection method provided in an embodiment of the present invention is shown, be applied to user behavior Client in detecting system, wherein user behavior detecting system includes：Client, background server and Cloud Server, the party Method includes：

S610 obtains the first equipment mark code, wherein the first equipment mark code is：Cloud Server is according to the first equipment Facility information is the identification code of the first equipment distribution, and the first equipment is：Equipment where client；

S620 sends to background server and includes the service request of the first equipment mark code so that background server according to Service request, which is obtained, belongs to the risk factor of fraud for characterizing target user's behavior, as target risk coefficient, and root Determine whether target user's behavior is fraud according to target risk coefficient, wherein target user's behavior is：Client is to from the background Server sends service request and asks the behavior serviced.

In a kind of realization method of the embodiment of the present invention, this method further includes：

With reference to Fig. 6, the first user behavior detection device provided in an embodiment of the present invention is shown, be applied to user behavior Cloud Server in detecting system, wherein the user behavior detecting system includes：Client, background server and cloud service Device, described device include：

Request receiving module 710 is detected, the user behavior for receiving background server transmission detects request, wherein institute It states in user behavior detection request and carries the first equipment mark code, first equipment mark code is：The Cloud Server according to The facility information of first equipment is the identification code of first equipment distribution, and first equipment is：Where the client Equipment；

Risk factor obtains module 720, for obtaining the wind for belonging to fraud for characterizing target user's behavior Dangerous coefficient, as target risk coefficient, wherein target user's behavior is：The client is sent out to the background server It send the service request and asks the behavior serviced；

Risk factor sending module 730, for sending the target risk coefficient to the background server, so that described Background server determines whether target user's behavior is fraud according to the target risk coefficient.

In a kind of realization method of the embodiment of the present invention, risk factor obtains module 720, is specifically used for,

Equipment is characterized whether using the information acted on behalf of；

In a kind of realization method of the embodiment of the present invention, described device further includes：

In each scheme provided in an embodiment of the present invention, user behavior detection device can be by Cloud Server according to client The equipment mark code that the facility information of equipment where end determines, is tracked target user's behavior, and is used according to characterization target The risk factor that family behavior belongs to fraud determines whether target user's behavior is fraud, and then can ensure service side Interests in providing a user service process.

With reference to Fig. 7, second of user behavior detection device provided in an embodiment of the present invention is shown, be applied to user behavior Background server in detecting system, wherein the user behavior detecting system includes：Client, background server and cloud clothes Business device, described device include：

Receiving module 810, the service request for including the first equipment mark code for receiving client transmission, wherein institute Stating the first equipment mark code is：The Cloud Server is according to the mark that the facility information of the first equipment is first equipment distribution Code, first equipment are：Equipment where the client；

Module 820 is obtained, for obtaining the risk factor for belonging to fraud for characterizing target user's behavior, as mesh Mark risk factor, wherein target user's behavior is：The client sends the service request to the background server And ask the behavior of service；

Determining module 830, for determining whether target user's behavior is fraud row according to the target risk coefficient For.

In a kind of realization method of the embodiment of the present invention, module 820 is obtained, is specifically used for,

Receive the target risk coefficient that the Cloud Server is sent.

Equipment is characterized whether using the information acted on behalf of；

Correspondingly, determining module 830 are specifically used for,

With reference to Fig. 8, the third user behavior detection device provided in an embodiment of the present invention is shown, be applied to user behavior Client in detecting system, wherein the user behavior detecting system includes：Client, background server and Cloud Server, Described device includes：

Identification code obtains module 910, for obtaining the first equipment mark code, wherein first equipment mark code is：Institute Cloud Server is stated according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment is：Institute State the equipment where client；

Service request sending module 920, for sending the service request for including the first equipment mark code to background server, So that the background server obtains the risk for belonging to fraud for characterizing target user's behavior according to the service request Coefficient determines whether target user's behavior is fraud row as target risk coefficient, and according to the target risk coefficient It is for, wherein target user's behavior：The client sends the service request to the background server and asks to take The behavior of business.

In a kind of realization method of the embodiment of the present invention, described device further includes：Login module is detected, is asked for detecting to log in It asks, and is completed after logging according to the logging request, obtain the facility information of first equipment, and acquired first is set Standby facility information is sent to Cloud Server, so that the Cloud Server is according to described in the determination of the facility information of first equipment First equipment mark code.

The embodiment of the present invention additionally provides a kind of server, as shown in figure 9, including processor 001, communication interface 002, depositing Reservoir 003 and communication bus 004, wherein processor 001, communication interface 002, memory 003 are completed by communication bus 004 Mutual communication,

Memory 003, for storing computer program；

Processor 001 when for executing the program stored on memory 003, realizes answering described in the embodiment of the present invention User behavior detection method for Cloud Server in user behavior detecting system, wherein user behavior detecting system includes：Visitor Family end, background server and Cloud Server.

Specifically, above-mentioned user behavior detection method, including：

It should be noted that above-mentioned processor 001, which executes the program stored on memory 003 and realizes, is applied to user's row For the other embodiment of the user behavior detection method of Cloud Server in detecting system, provided with preceding method embodiment part Embodiment is identical, and which is not described herein again.

In each scheme provided in an embodiment of the present invention, server can chase after user behavior by equipment mark code Track, and the risk factor of fraud is belonged to according to characterization user behavior and determines whether user behavior is fraud, Jin Erneng Enough ensure interests of the service side in providing a user service process.

The embodiment of the present invention additionally provides a kind of server, as shown in Figure 10, including processor 011, communication interface 012, Memory 013 and communication bus 014, wherein processor 011, communication interface 012, memory 013 are complete by communication bus 014 At mutual communication,

Memory 013, for storing computer program；

Processor 011 when for executing the program stored on memory 013, realizes answering described in the embodiment of the present invention User behavior detection method for background server in user behavior detecting system, wherein user behavior detecting system includes： Client, background server and Cloud Server.

Specifically, above-mentioned user behavior detection method, including：

It should be noted that above-mentioned processor 011, which executes the program stored on memory 013 and realizes, is applied to user's row For the other embodiment of the user behavior detection method of background server in detecting system, provided with preceding method embodiment part Embodiment it is identical, which is not described herein again.

In each scheme provided in an embodiment of the present invention, server is tracked user behavior by equipment mark code, And the risk factor for belonging to fraud according to characterization user behavior determines whether user behavior is fraud, and then can protect Demonstrate,prove interests of the service side in providing a user service process.

The embodiment of the present invention additionally provides a kind of terminal, as shown in figure 11, including processor 021, communication interface 022, deposits Reservoir 023 and communication bus 024, wherein processor 021, communication interface 022, memory 023 are completed by communication bus 024 Mutual communication,

Memory 023, for storing computer program；

Processor 021 when for executing the program stored on memory 023, realizes answering described in the embodiment of the present invention User behavior detection method for client in user behavior detecting system, wherein user behavior detecting system includes：Client End, background server and Cloud Server.

Specifically, above-mentioned user behavior detection method, including：

It should be noted that above-mentioned processor 021, which executes the program stored on memory 023 and realizes, is applied to user's row For the other embodiment of the user behavior detection method of background server in detecting system, provided with preceding method embodiment part Embodiment it is identical, which is not described herein again.

In each scheme provided in an embodiment of the present invention, terminal can be sent to background server comprising equipment mark code Service request, so that background server is tracked user behavior by equipment mark code, and according to characterization user behavior category It determines whether user behavior is fraud in the risk factor of fraud, and then can ensure that service side is providing a user Interests in service process.

The communication bus that above-mentioned electronic equipment is mentioned can be Peripheral Component Interconnect standard (Peripheral Component Interconnect, PCI) bus or expanding the industrial standard structure (Extended Industry Standard Architecture, EISA) bus etc..The communication bus can be divided into address bus, data/address bus, controlling bus etc..For just It is only indicated with a thick line in expression, figure, it is not intended that an only bus or a type of bus.

Communication interface is for the communication between above-mentioned electronic equipment and other equipment.

Memory may include random access memory (Random Access Memory, RAM), can also include non-easy The property lost memory (Non-Volatile Memory, NVM), for example, at least a magnetic disk storage.Optionally, memory may be used also To be at least one storage device for being located remotely from aforementioned processor.

Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit, CPU), network processing unit (Network Processor, NP) etc.；It can also be digital signal processor (Digital Signal Processing, DSP), it is application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing It is field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete Door or transistor logic, discrete hardware components.

In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can It reads to be stored with instruction in storage medium, when run on a computer so that computer executes any of the above-described applied to user The user behavior detection method of Cloud Server in behavioral value system, wherein user behavior detecting system includes：Client, after Platform server and Cloud Server.

Specifically, above-mentioned user behavior detection method, including：

It is applied to user behavior detecting system medium cloud it should be noted that being realized by above computer readable storage medium storing program for executing The other embodiment of the user behavior detection method of server, it is identical as the embodiment that preceding method embodiment part provides, this In repeat no more.

In each scheme provided in an embodiment of the present invention, by running the finger stored in above computer readable storage medium storing program for executing It enables, user behavior can be tracked by equipment mark code, and belong to the risk of fraud according to characterization user behavior Coefficient determines whether user behavior is fraud, and then can ensure profit of the service side in providing a user service process Benefit.

In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can It reads to be stored with instruction in storage medium, when run on a computer so that computer executes any of the above-described applied to user The user behavior detection method of background server in behavioral value system, wherein user behavior detecting system includes：Client, Background server and Cloud Server.

Specifically, above-mentioned user behavior detection method, including：

It should be noted that after being applied in user behavior detecting system by the realization of above computer readable storage medium storing program for executing The other embodiment of the user behavior detection method of platform server, it is identical as the embodiment that preceding method embodiment part provides, Which is not described herein again.

In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can It reads to be stored with instruction in storage medium, when run on a computer so that computer executes any of the above-described applied to user The user behavior detection method of client in behavioral value system, wherein user behavior detecting system includes：Client, backstage Server and Cloud Server.

Specifically, above-mentioned user behavior detection method, including：

It is applied to visitor in user behavior detecting system it should be noted that being realized by above computer readable storage medium storing program for executing The other embodiment of the user behavior detection method at family end, it is identical as the embodiment that preceding method embodiment part provides, here It repeats no more.

In each scheme provided in an embodiment of the present invention, by running the finger stored in above computer readable storage medium storing program for executing It enables, the service request for including equipment mark code can be sent to background server, so that background server passes through equipment mark code User behavior is tracked, and according to characterization user behavior belong to fraud risk factor determine user behavior whether be Fraud, and then can ensure interests of the service side in providing a user service process.

In another embodiment provided by the invention, a kind of computer program product including instruction is additionally provided, when it When running on computers so that computer executes any of the above-described user applied to Cloud Server in user behavior detecting system Behavioral value method, wherein user behavior detecting system includes：Client, background server and Cloud Server.

Specifically, above-mentioned user behavior detection method, including：

It is applied to cloud service in user behavior detecting system it should be noted that being realized by above computer program product The other embodiment of the user behavior detection method of device, it is identical as the embodiment that preceding method embodiment portion provides, here no longer It repeats.

It, can by running the above-mentioned computer program product for including instruction in each scheme provided in an embodiment of the present invention To be tracked to user behavior by equipment mark code, and according to characterization user behavior belong to fraud risk factor it is true Determine whether user behavior is fraud, and then can ensure interests of the service side in providing a user service process.

In another embodiment provided by the invention, a kind of computer program product including instruction is additionally provided, when it When running on computers so that computer executes any of the above-described use applied to background server in user behavior detecting system Family behavioral value method, wherein user behavior detecting system includes：Client, background server and Cloud Server.

Specifically, above-mentioned user behavior detection method, including：

It is applied to take from the background in user behavior detecting system it should be noted that realizing by above computer program product The other embodiment of the user behavior detection method of business device, it is identical as the embodiment that preceding method embodiment portion provides, here not It repeats again.

In another embodiment provided by the invention, a kind of computer program product including instruction is additionally provided, when it When running on computers so that computer executes any of the above-described user's row applied to client in user behavior detecting system For detection method, wherein user behavior detecting system includes：Client, background server and Cloud Server.

Specifically, above-mentioned user behavior detection method, including：

It is applied to client in user behavior detecting system it should be noted that being realized by above computer program product User behavior detection method other embodiment, it is identical as the embodiment that preceding method embodiment portion provides, it is no longer superfluous here It states.

It, can by running the above-mentioned computer program product for including instruction in each scheme provided in an embodiment of the present invention Include the service request of equipment mark code to be sent to background server so that background server by equipment mark code to user Behavior is tracked, and according to characterization user behavior belong to fraud risk factor determine user behavior whether be fraud row For, and then can ensure interests of the service side in providing a user service process.

It should be noted that herein, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.

Each embodiment in this specification is all made of relevant mode and describes, identical similar portion between each embodiment Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for method, For device, electronic equipment, computer readable storage medium, computer program product embodiments, it is since it is substantially similar to Embodiment of uniting illustrates in place of related referring to the part of system embodiment so description is fairly simple.

The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention It is interior.

Claims

1. a kind of user behavior detecting system, which is characterized in that the system comprises：Client, background server, cloud service Device, wherein

The client, for sending the service request for including the first equipment mark code to the background server, wherein described First equipment mark code is：The Cloud Server is according to the mark that the facility information of the first equipment is first equipment distribution Code, first equipment are：Equipment where the client；

The background server is sent for receiving the service request, and according to the service request to the Cloud Server User behavior detection request, wherein carry first equipment mark code in the user behavior detection request；

The Cloud Server for receiving the user behavior detection request, and obtains and belongs to for characterizing target user's behavior The risk factor of fraud, as target risk coefficient, wherein target user's behavior is：The client pass through to The background server sends the service request and asks the behavior serviced；The target wind is sent to the background server Dangerous coefficient；

The background server determines the mesh for receiving the target risk coefficient, and according to the target risk coefficient Mark whether user behavior is fraud.

2. the system as claimed in claim 1, which is characterized in that it is described obtain to belong to for characterizing target user's behavior take advantage of The step of risk factor of swindleness behavior, including：

In the mapping relations of pre-stored equipment mark code and facility information, search comprising first equipment mark code Mapping relations, as the first mapping relations；

The facility information that calculation risk coefficient is used in the facility information that first mapping relations include is obtained, as the first kind Facility information；

Obtain the value-at-risk of each facility information in the first kind facility information, wherein the value-at-risk table of each facility information Show：There are when the facility information, user behavior belongs to the risk factor of fraud；

Acquired value-at-risk is added to obtain the risk factor for belonging to fraud for characterizing target user's behavior.

3. system as claimed in claim 2, which is characterized in that the facility information for calculation risk coefficient includes following At least one of information：

Equipment is characterized whether using the information acted on behalf of；

4. system as claimed in any one of claims 1-3, which is characterized in that the reception risk factor the step of Later, further include：

The historical service request for including first equipment mark code is obtained, the service is determined according to the historical service request The request number of times of request；

Correspondingly, described to determine that the step of whether target user's behavior is fraud includes according to the risk factor：

5. system as claimed in claim 2, which is characterized in that

The client is additionally operable to detection logging request, and is completed after logging according to the logging request, obtains the first equipment The information of computing device identification code is used in facility information, as the second class facility information, and by the second class facility information It is sent to the Cloud Server；

The Cloud Server is additionally operable to receive the second class facility information that the client is sent, and calculates described second For the phase between the information of computing device identification code in the facility information that class facility information includes respectively with each mapping relations Like degree；

The similarity for being more than predetermined threshold value in the similarity being calculated with the presence or absence of numerical value is judged, if so, target is mapped The equipment mark code for including in relationship is determined as first equipment mark code, and first equipment mark code is fed back to institute State client, wherein the target mapping relations are：Include the mapping relations of target device information, the target device information For：Including being more than predetermined threshold value for the similarity between the information and the second class facility information of computing device identification code Facility information；

If not, according to preset correspondence between facility information and identification code, the second class facility information is determined In each information identification code, merge determined by each identification code obtain first equipment mark code, described first is set Standby identification code feeds back to the client, and the first identifier code and the second class facility information are stored to the mapping In relationship.

6. system as claimed in claim 5, which is characterized in that the information for computing device identification code includes following letter At least one of breath：

Language that systematic name, system version, device type, unit type, the country residing for equipment, equipment use, screen point Geographical location, Internet Service Provider, user agent residing for the equipment that resolution, CPU models, local IP, public network IP, IP are characterized UserAgent, ad identifier IDFA, IDFV, Virtual Private Network VPN, Universally Unique Identifier UUID, longitude and latitude, network Type, operator, country code, network number, random access memory ram, read-only memory mirror image ROM, device battery capacity, equipment Manufacturer, international mobile subscriber identity IMSI, network/MAC address, equipment manufacturers are the equipment Serial Number of equipment distribution, state Border mobile device identification code IMEI, screen size, baseband version, geographical location residing for equipment time zone, device network standard, set Browser uses in the kernel of standby middle browser, equipment language, web protocol, equipment is maximum while touching points, canvas refers to Line.

7. a kind of user behavior detection method, which is characterized in that the Cloud Server being applied in user behavior detecting system, In, the user behavior detecting system includes：Client, background server and Cloud Server, the method includes：

Receive the user behavior detection request that background server is sent, wherein carry first in the user behavior detection request Equipment mark code, first equipment mark code are：The Cloud Server is described first according to the facility information of the first equipment The identification code of equipment distribution, first equipment are：Equipment where the client；

The target risk coefficient is sent to the background server, so that the background server is according to the target risk system Number determines whether target user's behavior is fraud.

8. the method for claim 7, which is characterized in that it is described obtain to belong to for characterizing target user's behavior take advantage of The step of risk factor of swindleness behavior, including：

9. method as claimed in claim 8, which is characterized in that the method further includes：

Receive the second class facility information that the client is sent；

It calculates in the facility information that the second class facility information includes respectively with each mapping relations and is identified for computing device Similarity between the information of code；

10. a kind of user behavior detection method, which is characterized in that the background server being applied in user behavior detecting system, Wherein, the user behavior detecting system includes：Client, background server and Cloud Server, the method includes：

Receive the service request for including the first equipment mark code that client is sent, wherein first equipment mark code is：Institute Cloud Server is stated according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment is：Institute State the equipment where client；

The risk factor for belonging to fraud for characterizing target user's behavior is obtained, as target risk coefficient, wherein described Target user's behavior is：The client sends the service request to the background server and asks the behavior serviced；

11. method as claimed in claim 10, which is characterized in that the acquisition belongs to fraud for characterizing target user's behavior The step of risk factor of behavior, including：

User behavior detection request is sent to the Cloud Server according to the service request, is used so that the Cloud Server obtains Belong to the risk factor of fraud in characterization target user's behavior, as target risk coefficient, wherein user's row First equipment mark code is carried in being asked for detection, target user's behavior is：The client passes through to after described Platform server sends the service request and asks the behavior serviced；

Receive the target risk coefficient that the Cloud Server is sent.

12. method as claimed in claim 10, which is characterized in that the acquisition belongs to fraud for characterizing target user's behavior The step of risk factor of behavior, including：

It determines the facility information for calculation risk coefficient for including in acquired facility information, believes as first kind equipment Breath；

13. method as claimed in claim 10, which is characterized in that the acquisition belongs to fraud for characterizing target user's behavior After the step of risk factor of behavior, further include：

14. a kind of user behavior detection method, which is characterized in that the client being applied in user behavior detecting system, wherein The user behavior detecting system includes：Client, background server and Cloud Server, the method includes：

Obtain the first equipment mark code, wherein first equipment mark code is：The Cloud Server is set according to the first equipment Standby information is the identification code of first equipment distribution, and first equipment is：Equipment where the client；

The service request for including the first equipment mark code is sent to background server, so that the background server is according to the clothes Business request obtains the risk factor for belonging to fraud for characterizing target user's behavior, as target risk coefficient, and according to The target risk coefficient determines whether target user's behavior is fraud, wherein target user's behavior is：Institute Client is stated to send the service request to the background server and ask the behavior serviced.

15. method as claimed in claim 14, which is characterized in that the method further includes：

Logging request is detected, and is completed after logging according to the logging request, obtains the facility information of first equipment, and will The facility information of the first acquired equipment is sent to Cloud Server, so that the Cloud Server setting according to first equipment Standby information determines first equipment mark code.

16. a kind of user behavior detection device, which is characterized in that the Cloud Server being applied in user behavior detecting system, In, the user behavior detecting system includes：Client, background server and Cloud Server, described device include：

Request receiving module is detected, the user behavior for receiving background server transmission detects request, wherein user's row The first equipment mark code is carried in being asked for detection, first equipment mark code is：The Cloud Server is according to the first equipment Facility information be first equipment distribution identification code, first equipment is：Equipment where the client；

Risk factor obtains module, for obtaining the risk factor for belonging to fraud for characterizing target user's behavior, As target risk coefficient, wherein target user's behavior is：The client sends the clothes to the background server The behavior of service is asked and is asked in business；

Risk factor sending module, for sending the target risk coefficient to the background server, so that the backstage takes Business device determines whether target user's behavior is fraud according to the target risk coefficient.

17. a kind of user behavior detection device, which is characterized in that the background server being applied in user behavior detecting system, Wherein, the user behavior detecting system includes：Client, background server and Cloud Server, described device include：

Receiving module, the service request for including the first equipment mark code for receiving client transmission, wherein described first sets It is for identification code：The Cloud Server is described according to the identification code that the facility information of the first equipment is first equipment distribution First equipment is：Equipment where the client；

Module is obtained, for obtaining the risk factor for belonging to fraud for characterizing target user's behavior, as target risk Coefficient, wherein target user's behavior is：The client sends the service request to the background server and asks The behavior of service；

18. a kind of user behavior detection device, which is characterized in that the client being applied in user behavior detecting system, wherein The user behavior detecting system includes：Client, background server and Cloud Server, described device include：

Identification code obtains module, for obtaining the first equipment mark code, wherein first equipment mark code is：The cloud clothes Device be engaged according to the identification code that the facility information of the first equipment is first equipment distribution, first equipment is：The client Equipment where holding；

Service request sending module, for sending the service request for including the first equipment mark code to background server, so that institute It states background server and obtains the risk factor for belonging to fraud for characterizing target user's behavior according to the service request, make For target risk coefficient, and determine whether target user's behavior is fraud according to the target risk coefficient, wherein Target user's behavior is：The client sends the service request to the background server and asks the row serviced For.

19. a kind of server, which is characterized in that the server includes processor, communication interface, memory and communication bus, Wherein, processor, communication interface, memory complete mutual communication by communication bus；

Memory, for storing computer program；

Processor when for executing the program stored on memory, realizes any method and steps of claim 7-9.

20. a kind of server, which is characterized in that the server includes processor, communication interface, memory and communication bus, Wherein, processor, communication interface, memory complete mutual communication by communication bus；

Memory, for storing computer program；

Processor when for executing the program stored on memory, realizes any method steps of claim 10-13 Suddenly.

21. a kind of terminal, which is characterized in that including processor, communication interface, memory and communication bus, wherein processor, Communication interface, memory complete mutual communication by communication bus；

Memory, for storing computer program；

Processor when for executing the program stored on memory, realizes the method and step described in claims 14 or 15.