CN108684044B

CN108684044B - User behavior detection system, method and device

Info

Publication number: CN108684044B
Application number: CN201810638963.2A
Authority: CN
Inventors: 徐艳清; 翟攀
Original assignee: Ccx Credit Technology Co ltd
Current assignee: Ccx Credit Technology Co ltd
Priority date: 2018-06-20
Filing date: 2018-06-20
Publication date: 2022-01-11
Anticipated expiration: 2038-06-20
Also published as: CN108684044A

Abstract

The embodiment of the invention provides a user behavior detection system, a method and a device, wherein the system comprises: the system comprises a client, a background server and a cloud server; the method comprises the steps that a client sends a service request containing a first equipment identification code to a background server, wherein the first equipment identification code is an identification code distributed to first equipment by a cloud server according to equipment information of the first equipment, and the first equipment is equipment where the client is located; the background server receives the service request and sends a user behavior detection request carrying the first equipment identification code to the cloud server according to the service request; the cloud server receives the user behavior detection request, obtains a risk coefficient representing that the target user behavior belongs to the fraudulent behavior, takes the risk coefficient as a target risk coefficient and sends the target risk coefficient to the background server; and the background server receives the target risk coefficient and determines whether the target user behavior is a fraudulent behavior according to the target risk coefficient. The technical scheme provided by the embodiment of the invention can ensure the benefits of the service party in the process of providing the service for the user.

Description

User behavior detection system, method and device

Technical Field

The invention relates to the technical field of internet, in particular to a user behavior detection system, a method and a device.

Background

With the development of internet technology, the way in which a service provider provides services to users through the internet is becoming more and more common. The service is provided through the network, which brings convenience to users and challenges to the operation mode of the service provider.

For example, a service provider typically initiates an activity to provide a coupon to a user for a service promotion. In this activity, the number of coupons that can be picked up by the user is generally limited by the service provider to ensure his or her own benefits while promoting the service. However, in the process of receiving the coupon by the user, in order to use the coupon to use the service promoted by the service provider for multiple times, the service provider usually receives more coupons than the limited number of the service provider by means of multiple registrations, so that the benefit of the service provider is lost in the process of providing the service to the user.

Based on this, there is a need for an effective method for detecting user behavior to ensure the benefits of the service provider in providing services to the user.

Disclosure of Invention

The embodiment of the invention aims to provide a user behavior detection system, a user behavior detection method and a user behavior detection device, so as to detect whether a user behavior is a fraudulent behavior or not and ensure the benefit of a service party in the process of providing service for a user. The specific technical scheme is as follows:

in one aspect of the present invention, a user behavior detection system is provided, where the system includes: client, background server, cloud server, wherein,

the client is configured to send a service request including a first device identification code to the background server, where the first device identification code is: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

the background server is used for receiving the service request and sending a user behavior detection request to the cloud server according to the service request, wherein the user behavior detection request carries the first equipment identification code;

the cloud server is configured to receive the user behavior detection request, obtain a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior, and use the risk coefficient as a target risk coefficient, where the target user behavior is: an act of the client requesting a service by sending the service request to the backend server; sending the target risk coefficient to the background server;

and the background server is used for receiving the target risk coefficient and determining whether the target user behavior is a fraudulent behavior according to the target risk coefficient.

Optionally, the step of obtaining a risk coefficient for characterizing that the target user behavior belongs to a fraudulent behavior includes:

searching a mapping relation containing the first equipment identification code in a pre-stored mapping relation between the equipment identification code and equipment information to serve as a first mapping relation;

acquiring equipment information used for calculating a risk coefficient in the equipment information contained in the first mapping relation, wherein the equipment information is used as first-class equipment information;

acquiring a risk value of each piece of equipment information in the first type of equipment information, wherein the risk value of each piece of equipment information represents: when the equipment information exists, the user behavior belongs to the risk coefficient of the fraudulent behavior;

and adding the acquired risk values to obtain a risk coefficient for representing that the target user behavior belongs to the fraudulent behavior.

Optionally, the device information for calculating the risk coefficient includes at least one of the following information:

information characterizing whether the device uses the agent;

information characterizing whether the device has acquired the root authority.

Optionally, after the step of receiving the target risk factor, the method further includes:

acquiring a historical service request containing the identification code of the first equipment, and determining the request times of the service request according to the historical service request;

correspondingly, the step of determining whether the target user behavior is a fraudulent behavior according to the target risk factor includes:

and determining whether the target user behavior is a fraudulent behavior according to the target risk coefficient and the request times.

Optionally, the client is further configured to detect a login request, obtain information for calculating an identifier of a device in the device information of the first device as second-type device information after completing login according to the login request, and send the second-type device information to the cloud server;

the cloud server is further configured to receive the second type of device information sent by the client, and calculate similarity between the second type of device information and information for calculating device identification codes in the device information included in each mapping relationship;

judging whether the similarity with the numerical value larger than a preset threshold exists in the calculated similarity, if so, determining the equipment identification code contained in the target mapping relation as the first equipment identification code, and feeding back the first equipment identification code to the client, wherein the target mapping relation is as follows: a mapping relationship including target device information, the target device information being: the similarity between the contained information for calculating the equipment identification code and the second type of equipment information is greater than a preset threshold value;

if not, determining the identification code of each piece of information in the second type of equipment information according to the preset corresponding relation between the equipment information and the identification code, combining the determined identification codes to obtain the first equipment identification code, feeding the first equipment identification code back to the client, and storing the first equipment identification code and the second type of equipment information into the mapping relation.

Optionally, the information for calculating the device identification code includes at least one of the following information:

system name, system version, device type, device model, country of device, language used by device, screen resolution, CPU model, local IP, public network IP, geographical location of device characterized by IP, internet service provider, user agent usergent, advertisement identifier IDFA, IDFV, virtual private network VPN, universally unique identifier UUID, latitude and longitude, network type, operator, country code, network number, random access memory RAM, read only memory ROM, device battery capacity, device manufacturer, international mobile subscriber identity IMSI, network MAC address, device manufacturer assigned device serial number, international mobile device identity IMEI, screen size, baseband version, time zone of geographical location of device, device network type, kernel of browser in device, language used by device in device, web protocol browsing, The maximum simultaneous touch point number and canvas fingerprint of the equipment.

In another aspect, the present invention further provides a user behavior detection method, which is applied to a cloud server in a user behavior detection system, where the user behavior detection system includes: the method comprises the following steps:

receiving a user behavior detection request sent by a background server, wherein the user behavior detection request carries a first device identification code, and the first device identification code is as follows: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

obtaining a risk coefficient for representing that target user behaviors belong to fraudulent behaviors as a target risk coefficient, wherein the target user behaviors are as follows: an act of the client sending a service request to the backend server requesting a service;

and sending the target risk coefficient to the background server so that the background server determines whether the target user behavior is a fraudulent behavior according to the target risk coefficient.

Optionally, the method further includes:

receiving second type equipment information sent by the client;

calculating the similarity between the second type of equipment information and information used for calculating the equipment identification code in the equipment information contained in each mapping relation;

In another aspect of the present invention, a user behavior detection method is further provided, which is applied to a background server in a user behavior detection system, where the user behavior detection system includes: the method comprises the following steps:

receiving a service request which is sent by a client and contains a first equipment identification code, wherein the first equipment identification code is as follows: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

obtaining a risk coefficient for representing that target user behaviors belong to fraudulent behaviors as a target risk coefficient, wherein the target user behaviors are as follows: an act of the client sending the service request to the backend server requesting a service;

and determining whether the target user behavior is a fraudulent behavior according to the target risk coefficient.

sending a user behavior detection request to the cloud server according to the service request so that the cloud server obtains a risk coefficient for representing that the target user behavior belongs to a fraudulent behavior as a target risk coefficient, wherein the user behavior detection request carries the first equipment identification code, and the target user behavior is as follows: an act of the client requesting a service by sending the service request to the backend server;

and receiving the target risk coefficient sent by the cloud server.

acquiring equipment information of the first equipment corresponding to the first equipment identification code;

determining equipment information used for calculating a risk coefficient and contained in the acquired equipment information as first-class equipment information;

Optionally, after the step of obtaining a risk coefficient for characterizing that the target user behavior belongs to a fraudulent behavior, the method further includes:

In another aspect of the embodiments of the present invention, a method for detecting user behavior is further provided, which is applied to a client in a user behavior detection system, where the user behavior detection system includes: the method comprises the following steps:

obtaining a first device identification code, wherein the first device identification code is: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

sending a service request containing a first equipment identification code to a background server, so that the background server obtains a risk coefficient for representing that a target user behavior belongs to a fraud behavior according to the service request, wherein the risk coefficient is used as a target risk coefficient, and determines whether the target user behavior is the fraud behavior according to the target risk coefficient, wherein the target user behavior is as follows: an act of the client sending the service request to the backend server requesting a service.

Optionally, the method further includes:

the method comprises the steps of detecting a login request, obtaining equipment information of first equipment after login is completed according to the login request, and sending the obtained equipment information of the first equipment to a cloud server, so that the cloud server determines a first equipment identification code according to the equipment information of the first equipment.

In another aspect of the embodiments of the present invention, there is also provided a user behavior detection apparatus, which is applied to a cloud server in a user behavior detection system, where the user behavior detection system includes: client, backstage server and cloud ware, the device includes:

the detection request receiving module is used for receiving a user behavior detection request sent by a background server, wherein the user behavior detection request carries a first equipment identification code, and the first equipment identification code is as follows: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

a risk coefficient obtaining module, configured to obtain a risk coefficient used for characterizing that a target user behavior belongs to a fraudulent behavior, as a target risk coefficient, where the target user behavior is: an act of the client sending a service request to the backend server requesting a service;

and the risk coefficient sending module is used for sending the target risk coefficient to the background server so that the background server determines whether the target user behavior is a fraud behavior according to the target risk coefficient.

Optionally, the risk factor obtaining module is specifically configured to,

Optionally, the apparatus further comprises:

the equipment information receiving module is used for receiving the second type of equipment information sent by the client;

the similarity calculation module is used for calculating the similarity between the second type of equipment information and the information used for calculating the equipment identification code in the equipment information contained in each mapping relation;

an identification code determining module for judging whether there is a similarity with a numerical value greater than a preset threshold in the calculated similarities,

if the judgment result is yes, determining the equipment identification code contained in the target mapping relationship as the first equipment identification code, and feeding back the first equipment identification code to the client, wherein the target mapping relationship is as follows: a mapping relationship including target device information, the target device information being: the similarity between the contained information for calculating the equipment identification code and the second type of equipment information is greater than a preset threshold value;

and under the condition that the judgment result is negative, determining the identification code of each piece of information in the second type of equipment information according to the preset corresponding relation between the equipment information and the identification code, combining the determined identification codes to obtain the first equipment identification code, feeding the first equipment identification code back to the client, and storing the first equipment identification code and the second type of equipment information into the mapping relation.

In another aspect of the present invention, a user behavior detection apparatus is further provided, which is applied to a background server in a user behavior detection system, where the user behavior detection system includes: client, backstage server and cloud ware, the device includes:

a receiving module, configured to receive a service request that includes a first device identifier sent by a client, where the first device identifier is: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

an obtaining module, configured to obtain a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior, as a target risk coefficient, where the target user behavior is: an act of the client sending the service request to the backend server requesting a service;

and the determining module is used for determining whether the target user behavior is a fraud behavior according to the target risk coefficient.

Optionally, the obtaining means is, in particular for,

and receiving the target risk coefficient sent by the cloud server.

Optionally, the obtaining means is, in particular for,

Optionally, the apparatus further comprises:

the request frequency acquisition module is used for acquiring a historical service request containing the first equipment identification code and determining the request frequency of the service request according to the historical service request;

the determination module, accordingly, is specifically configured to,

In another aspect of the present invention, a user behavior detection apparatus is further provided, which is applied to a client in a user behavior detection system, where the user behavior detection system includes: client, backstage server and cloud ware, the device includes:

an identification code obtaining module, configured to obtain a first device identification code, where the first device identification code is: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

a service request sending module, configured to send a service request including a first device identification code to a background server, so that the background server obtains, according to the service request, a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior, where the risk coefficient is used as a target risk coefficient, and determines, according to the target risk coefficient, whether the target user behavior is a fraudulent behavior, where the target user behavior is: an act of the client sending the service request to the backend server requesting a service.

Optionally, the apparatus further comprises: the login detection module is used for detecting a login request, acquiring the equipment information of the first equipment after login is completed according to the login request, and sending the acquired equipment information of the first equipment to the cloud server, so that the cloud server determines the first equipment identification code according to the equipment information of the first equipment.

In another aspect of the present invention, there is also provided a server, which is characterized in that the server includes a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface, and the memory complete communication with each other through the communication bus;

a memory for storing a computer program;

and the processor is used for realizing any one of the user behavior detection methods applied to the cloud server when executing the program stored in the memory.

a memory for storing a computer program;

and the processor is used for realizing any one of the above main user behavior detection methods applied to the background server when executing the program stored in the memory.

In another aspect of the present invention, there is also provided a terminal, which is characterized in that the terminal includes a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface, and the memory complete communication with each other through the communication bus;

a memory for storing a computer program;

and the processor is used for realizing any user behavior detection method applied to the client when executing the program stored in the memory.

In yet another aspect of the present invention, there is also provided a computer-readable storage medium, having stored therein instructions, which when run on a computer, cause the computer to execute any one of the above user behavior detection methods applied to a cloud server.

In yet another aspect of the present invention, there is also provided a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to perform any one of the above user behavior detection methods applied to a background server.

In yet another aspect of the present invention, there is also provided a computer-readable storage medium, having stored therein instructions, which when run on a computer, cause the computer to execute any one of the above-mentioned user behavior detection methods applied to a client.

In another aspect of the present invention, the present invention further provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the user behavior detection method of any one of the cloud servers.

In another aspect of the present invention, the present invention also provides a computer program product containing instructions, which when run on a computer, causes the computer to execute any of the above-mentioned user behavior detection methods for a backend server.

In another aspect of the present invention, the present invention further provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the user behavior detection method of any one of the above clients.

According to the user behavior detection system, the user behavior detection method and the user behavior detection device, the cloud server can allocate the first equipment identification code to the first equipment according to the equipment information of the first equipment where the client is located, when the client sends the service request to the background server, the service request carries the first equipment identification code, after the background server receives the service request, the cloud server can send the user behavior detection request carrying the first equipment identification code to the cloud server according to the received service request, and whether the target user behavior is the fraud behavior is determined according to the risk coefficient fed back by the cloud server and used for representing that the target user behavior belongs to the fraud behavior. Because the device identification code is the identification code which is distributed by the cloud server for the device according to the device information and can uniquely identify the device, the system provided by the embodiment of the invention can track the target user behavior through the device identification code, and determine whether the target user behavior is the fraud behavior according to the risk coefficient representing that the target user behavior belongs to the fraud behavior, thereby being capable of ensuring the benefit of a service provider in the process of providing service for the user.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic structural diagram of a user behavior detection system according to an embodiment of the present invention;

fig. 2 is a schematic view of an interaction process in the user behavior detection system according to the embodiment of the present invention;

fig. 3 is a schematic flowchart of a first user behavior detection method according to an embodiment of the present invention;

fig. 4 is a schematic flowchart of a second user behavior detection method according to an embodiment of the present invention;

fig. 5 is a schematic flow chart of a third method for behavior detection according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of a first user behavior detection apparatus according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of a second user behavior detection apparatus according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a third user behavior detection apparatus according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of a server according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of another server according to an embodiment of the present invention;

fig. 11 is a schematic structural diagram of a terminal according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, a schematic structural diagram of a user behavior detection system provided in an embodiment of the present invention is shown, where the system includes: the client 100, the backend server 200, and the cloud server 300, refer to fig. 2 which is a schematic diagram of an interaction process of the user detection system provided by the embodiment of the present invention,

specifically, after the client 100 detects a login request and completes login according to the login request, information used for calculating an identification code of a device in device information of a first device where the client 100 is located is acquired, the information is used as second-type device information and is sent to the cloud server 300, the cloud server 300 allocates the identification code for the first device according to the received second-type device information, and the identification code is used as the first device identification code and is fed back to the client 100;

the client 100 sends a service request containing a first device identification code to the background server 200, the background server 200 sends a user behavior detection request containing a first device identification code to the cloud server 300 after receiving the service request, the cloud server 300 obtains a risk coefficient for representing that a target user behavior belongs to a fraud behavior after receiving the user behavior detection request, the risk coefficient is used as a target risk coefficient and is fed back to the background server 200, and the target user behavior is as follows: an act of the client requesting a service by sending the service request to the backend server;

when determining that the target user behavior is a fraudulent behavior according to the received target risk coefficient, the background server 200 may feed back a result of prohibiting requesting a service to the client 100; when determining that the target user behavior does not belong to the fraudulent behavior according to the received target risk coefficient, the background server 200 may feed back the content requested by the service request to the client 100.

The system provided by the embodiment of the invention can track the target user behavior through the cloud server according to the equipment identification code determined by the equipment information of the equipment where the client is located, and determine whether the target user behavior is the fraudulent behavior according to the risk coefficient representing that the target user behavior belongs to the fraudulent behavior, so that the benefits of a service provider in the process of providing services for the user can be ensured.

The user behavior detection system provided by the embodiment of the present invention will be described in detail below, and specifically,

the client 100 is configured to send a service request including a first device identifier to the backend server 200, where the first device identifier is: the cloud server 300 allocates an identification code to the first device according to the device information of the first device, where the first device is: the device on which the client 100 is located;

the background server 200 is configured to receive a service request, and send a user behavior detection request to the cloud server 300 according to the service request, where the user behavior detection request carries a first device identification code;

the cloud server 300 is configured to receive a user behavior detection request, and obtain a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior as a target risk coefficient, where the target user behavior is: an act of the client 100 requesting a service by sending a service request to the backend server 200; sending the target risk coefficient to the backend server 200;

and the background server 200 is configured to receive the target risk coefficient, and determine whether the target user behavior is a fraudulent behavior according to the target risk coefficient.

The target user behavior is: the behavior of the client 100 requesting the service by sending a service request to the backend server 200, for example, the client 100 sends a request to receive a coupon to the backend server, and accordingly, the target user behavior is: an act of requesting a coupon pickup.

In one implementation, the step of obtaining a risk factor for characterizing the behavior of the target user as belonging to the fraudulent behavior includes:

step one, searching a mapping relation containing a first equipment identification code in a pre-stored mapping relation between the equipment identification code and equipment information to serve as a first mapping relation;

acquiring equipment information used for calculating a risk coefficient in the equipment information contained in the first mapping relation, wherein the equipment information is used as first type equipment information;

step three, acquiring a risk value of each piece of equipment information in the first type of equipment information, wherein the risk value of each piece of equipment information represents: when the equipment information exists, the user behavior belongs to the risk coefficient of the fraudulent behavior;

and step four, adding the acquired risk values to obtain a risk coefficient for representing that the target user behavior belongs to the fraudulent behavior.

In practical applications, the cloud server 300 may establish a mapping relationship between the device information and the device identifier code after receiving the device information sent by the client 100 and allocating the device identifier code to the device where the client 100 is located according to the received device information, where one mapping relationship includes: a device identification code of a device where the client 100 is located and device information of the device where the client 100 is located. Based on this, after receiving the user behavior detection request containing the first device identification code sent by the background server 200, the cloud server 300 may search the mapping relation containing the first device identification code in the established mapping relation, obtain the device information contained in the searched mapping relation, and then determine the risk coefficient according to the information used for calculating the risk coefficient in the obtained device information.

Specifically, the device information for calculating the risk coefficient includes at least one of the following information:

information characterizing whether the device uses the agent;

information characterizing whether the device has acquired the root authority.

The use of the agent may be understood as that the device sends an access request to a website to be accessed through a third party providing the agent service, so that the website considers the access request sent by the third party, and detects whether the third party meets the access condition, thereby enabling the device to bypass the detection of the website.

The root authority indicates that the highest authority of the system is obtained, and after the root authority is obtained, a user can modify any file in the system, such as modifying the device information of the device. In actual application, the root authority can be acquired through third-party software; for example, the Android system mobile phone can acquire the root authority through root software, and the ios system mobile phone can acquire the root authority through jail-crossing software.

Therefore, when the device uses the agent or acquires the root authority, the risk that the fraudulent behavior exists in the behavior of the user requesting the service can be represented, so that a risk value can be allocated to each device information used for calculating the risk coefficient in advance, and the risk value is the risk coefficient of the fraudulent behavior of the user when the device information exists. For example, the risk value is 10 at the maximum, and the risk value for using the agent by the device is set to 6.

Correspondingly, when the risk coefficient of the user behavior belonging to the fraudulent behavior is calculated, the risk values of each piece of equipment information used for calculating the risk coefficient in the equipment information are added to obtain the risk coefficient, and the larger the value of the obtained risk coefficient is, the higher the probability that the user behavior belongs to the fraudulent behavior is. Based on this, in one implementation, the background server 200 may set a first threshold, and when the received target risk coefficient is greater than the set first threshold, it is determined that the target user behavior belongs to a fraudulent behavior, so that it is reduced that the user obtains services many times by modifying the device information.

In order to determine whether a user behavior is a fraudulent behavior more accurately, in an implementation manner of an embodiment of the present invention, after the step of receiving the target risk coefficient, the method further includes:

acquiring a historical service request containing a first equipment identification code, and determining the request times of the service request according to the historical service request;

correspondingly, the step of determining whether the target user behavior is a fraudulent behavior according to the target risk coefficient comprises:

and determining whether the target user behavior is a fraud behavior according to the target risk coefficient and the request times.

In one implementation, the background server 200 may perform grouping recording on the received service requests according to the device identifier, and group the service requests including the same device identifier in the service requests into one group for recording, that is, group the service requests sent by the same device, based on which, after receiving the service requests, the background server 200 obtains the group of service requests that is the same as the device identifier included in the service requests, and further determines the request times of the received service requests. For example, the background server 200 receives a service request for getting a coupon, where the device identifier included in the service request is a, and acquires the recorded service requests in each group that include the device identifier a, thereby determining the number of times of requests for getting the coupon service requests in the group of service requests.

Correspondingly, the background server 200 may set a second threshold, and then determine that the target user behavior belongs to the fraudulent behavior when the risk coefficient is greater than the first threshold and the number of requests is greater than the second threshold.

In order to reduce the possibility of tampering with the device identification code, in one implementation of the embodiment of the present invention,

the client 100 is further configured to detect a login request, obtain information for calculating an identifier of the device in the device information of the first device as second-type device information after completing login according to the login request, and send the second-type device information to the cloud server 300;

the cloud server 300 is further configured to receive second-type device information sent by the client 100, and calculate similarity between the second-type device information and information for calculating the device identification code in the device information included in each mapping relationship;

judging whether the calculated similarity has a similarity with a numerical value larger than a preset threshold value, if so, determining the equipment identification code contained in the target mapping relationship as a first equipment identification code, and feeding back the first equipment identification code to the client 100, wherein the target mapping relationship is as follows: the mapping relation containing the target device information is as follows: the similarity between the contained information for calculating the equipment identification code and the second type of equipment information is greater than a preset threshold value;

if not, according to the preset corresponding relation between the equipment information and the identification code, the identification code of each piece of information in the second type of equipment information is determined, the determined identification codes are combined to obtain a first equipment identification code, the first equipment identification code is fed back to the client, and the first equipment identification code and the second type of equipment information are stored in the mapping relation.

The preset threshold value can be set according to needs, and the higher the set threshold value is, the higher the standard for judging that two devices are the same device is.

The information for the computing device identification code includes at least one of:

The system name is a name of a system used by the device, and may include: android system, ios system, Windows system.

The system version is a version of a system used by the device, for example, the Android system includes: android version 7.0, android version 8.0; the ios system comprises: ios version 11.0, ios version 10.0; the Windows system includes: windows XP version, Windows10 version.

The device types may include: a mobile terminal type, a non-mobile terminal type; wherein the device belonging to the mobile terminal type comprises: mobile phones, notebooks, tablet computers; the device belonging to the type of non-mobile terminal comprises: a desktop computer.

Idfv (identifier For identifier) belongs to one of unique identifiers in ios system, and is a character string composed of numbers and letters For identifying the uniqueness of a device.

The equipment network system mainly comprises: global System for Mobile communication (gsm), code Division Multiple access (cdma), third Generation Mobile communication technology (3rd-Generation), and fourth Generation Mobile phone Mobile communication standard 4G (the 4th Generation Mobile communication technology).

The maximum simultaneous touch point number of the equipment is the operation point number capable of simultaneously responding to man-machine interaction of an operator on the screen of the equipment.

The canvas fingerprint is characterized in that parameters such as the resolution ratio and the color digit of each device are used as an encryption key, a picture is drawn on a browser by using a canvas function, and a graphic code of the drawn picture is calculated and serves as a unique identification code of the device.

In one implementation, the cloud server 300 may calculate, by using a cosine similarity algorithm, similarities between the received second-type device information and information for calculating the device identifier included in each mapping relationship, and when there is a similarity whose value is greater than a preset threshold in the calculated similarities, it indicates that a mapping relationship including the received second-type device information exists, and based on this, the device identifier included in the mapping relationship including the received second-type device information may be used as the device identifier of the first device and sent to the client 100, without calculating the device identifier of the device where the client 100 is located according to the received second-type device information.

In one implementation manner, the expression for calculating the similarity between the received second-class device information and the information for calculating the device identification code in the device information included in each mapping relationship by using a cosine similarity algorithm is as follows:

wherein x represents information for calculating the device identification code in the device information contained in each mapping relation, y represents received information for calculating the device identification code, n represents the number of information for calculating the device identification code, and i represents the ith information for calculating the device identification code.

When there is no similarity with a value greater than the preset threshold in the calculated similarities, it indicates that there is no mapping relationship including the received second-type device information, and it is necessary to determine the device identifier of the device where the client 100 is located according to each piece of information in the second-type device information. In one implementation, an identification code may be assigned to each piece of information used for calculating the identification code of the device in the device information in advance, specifically, different identification codes may be assigned to different CPU models for the CPU model information, for example, the CPU model of the apple 7 is: a1660, the identification code allocated to the CPU model is: 1660, the CPU model of apple 7Plus is: a1661, the identification code allocated to the CPU model is: 1661. based on this, when the device identification code is determined according to the information for calculating the device identification code in the device information, each information allocation identification code for calculating the device identification code in the pre-device information may be acquired, and then the acquired identification code of each information may be combined to obtain the device identification code of the device.

Specifically, in the process of generating the device identification code, the cloud server may sequentially splice the acquired identification codes of the device information, for example, the identification code of the system name is: 1111; the identification code of the system version is: 2222, if the identification code of the CPU model is 1660, the result after sequential splicing is: 111122221660, the result of the splicing is encrypted by MD5(Message-Digest Algorithm 5), and the encrypted result is the device identification code. In one implementation manner, different identification code splicing sequences can be allocated to different systems in advance according to different systems used by the device, for example, the splicing of the identification codes of the Android system is as follows: the identification code of the system name, the identification code of the system version and the identification code of the CPU model; the splicing sequence of the ios system identification codes is as follows: the identification code of the system version + the identification code of the system name + the identification code of the CPU model.

According to the technical scheme provided by the embodiment of the invention, after the client finishes login according to the login request, the information used for the identification code of the computing equipment in the equipment information of the equipment where the client is located is sent to the cloud server, so that the identification code of the equipment is obtained, and based on the information, the probability that the identification code of the equipment is tampered can be reduced, so that the accuracy of user behavior detection is guaranteed.

Referring to fig. 3, a first user behavior detection method provided in the embodiment of the present invention is applied to a cloud server in a user behavior detection system, where the user behavior detection system includes: the method comprises the following steps:

s410, receiving a user behavior detection request sent by a background server, wherein the user behavior detection request carries a first equipment identification code, and the first equipment identification code is as follows: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

s420, obtaining a risk coefficient for representing that the target user behavior belongs to the fraud behavior as the target risk coefficient, wherein the target user behavior is as follows: a behavior that the client sends a service request to the background server to request the service;

and S430, sending the target risk coefficient to the background server so that the background server determines whether the target user behavior is a fraud behavior according to the target risk coefficient.

In an implementation manner of the embodiment of the present invention, the step of obtaining a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior includes:

In one implementation, the device information used to calculate the risk factor includes at least one of:

information characterizing whether the device uses the agent;

information characterizing whether the device has acquired the root authority.

In an implementation manner of the embodiment of the present invention, the user behavior detection method further includes:

step one, receiving second-class equipment information sent by a client;

step three, judging whether the similarity with the numerical value larger than a preset threshold exists in the calculated similarities, if so, determining the equipment identification code contained in the target mapping relation as a first equipment identification code, and feeding back the first equipment identification code to the client, wherein the target mapping relation is as follows: the mapping relation containing the target device information is as follows: the similarity between the contained information for calculating the equipment identification code and the second type of equipment information is greater than a preset threshold value;

if not, determining the identification code of each piece of information in the second type of equipment information according to the preset corresponding relationship between the equipment information and the identification code, combining the determined identification codes to obtain a first equipment identification code, feeding the first equipment identification code back to the client, and storing the first equipment identification code and the second type of equipment information in the mapping relationship.

In one implementation, the information for the computing device identification code includes at least one of:

According to the user detection method provided by the embodiment of the invention, the target user behavior can be tracked through the equipment identification code determined by the cloud server according to the equipment information of the equipment where the client is located, and whether the target user behavior is the fraudulent behavior is determined according to the risk coefficient representing that the target user behavior belongs to the fraudulent behavior, so that the benefits of a service provider in the process of providing services for the user can be ensured.

Referring to fig. 4, a second user behavior detection method provided in the embodiment of the present invention is shown, and is applied to a background server in a user behavior detection system, where the user behavior detection system includes: the method comprises the following steps:

s510, receiving a service request including a first device identifier sent by a client, where the first device identifier is: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

s520, obtaining a risk coefficient for representing that the target user behavior belongs to the fraud behavior as a target risk coefficient, wherein the target user behavior is as follows: an act of the client sending the service request to the backend server requesting a service;

s530, determining whether the target user behavior is a fraud behavior according to the target risk coefficient.

step one, sending a user behavior detection request to a cloud server according to a service request, so that the cloud server obtains a risk coefficient for representing that a target user behavior belongs to a fraudulent behavior, and using the risk coefficient as a target risk coefficient, wherein the user behavior detection request carries a first equipment identification code, and the target user behavior is as follows: a behavior in which the client requests a service by sending a service request to the background server;

and step two, receiving the target risk coefficient sent by the cloud server.

step one, acquiring equipment information of first equipment corresponding to a first equipment identification code;

information characterizing whether the device uses the agent;

information characterizing whether the device has acquired the root authority.

Specifically, the background server may obtain device information of the first device from the client according to the first device identification code; because the background server stores the mapping relation containing the first device identification code and the first device information, based on the mapping relation, the device information of the first device can be requested from the cloud server according to the first device identification code.

After the device information of the first device corresponding to the first device identification code is acquired, the device information used for calculating the risk coefficient in the acquired device information is determined, and then the risk coefficient used for representing that the target user behavior belongs to the fraudulent behavior is obtained according to the risk value which is distributed to each device information used for calculating the risk coefficient in advance.

In an implementation manner of the embodiment of the present invention, after the step of obtaining a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior, the method further includes:

According to the user behavior detection method provided by the embodiment of the invention, the target user behavior can be tracked through the equipment identification code determined by the cloud server according to the equipment information of the equipment where the client is located, and whether the target user behavior is the fraudulent behavior is determined according to the risk coefficient representing that the target user behavior belongs to the fraudulent behavior, so that the benefits of a service provider in the process of providing services for the user can be ensured.

Referring to fig. 5, a third user behavior detection method provided by the embodiment of the present invention is shown, and is applied to a client in a user behavior detection system, where the user behavior detection system includes: the method comprises the following steps:

s610, obtaining a first device identification code, wherein the first device identification code is as follows: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

s620, sending a service request containing the first equipment identification code to a background server, so that the background server obtains a risk coefficient for representing that the target user behavior belongs to the fraud behavior according to the service request, and using the risk coefficient as a target risk coefficient, and determining whether the target user behavior is the fraud behavior according to the target risk coefficient, wherein the target user behavior is as follows: an act of the client sending a service request to the backend server requesting a service.

In an implementation manner of the embodiment of the present invention, the method further includes:

Referring to fig. 6, a first user behavior detection apparatus provided in an embodiment of the present invention is shown, which is applied to a cloud server in a user behavior detection system, where the user behavior detection system includes: client, backstage server and cloud ware, the device includes:

a detection request receiving module 710, configured to receive a user behavior detection request sent by a background server, where the user behavior detection request carries a first device identification code, and the first device identification code is: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

a risk coefficient obtaining module 720, configured to obtain a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior, as the target risk coefficient, where the target user behavior is: an act of the client sending a service request to the backend server requesting a service;

a risk coefficient sending module 730, configured to send the target risk coefficient to the background server, so that the background server determines whether the target user behavior is a fraudulent behavior according to the target risk coefficient.

In one implementation of this embodiment of the present invention, the risk factor obtaining module 720 is specifically configured to,

information characterizing whether the device uses the agent;

information characterizing whether the device has acquired the root authority.

In an implementation manner of the embodiment of the present invention, the apparatus further includes:

In each scheme provided by the embodiment of the invention, the user behavior detection device can track the target user behavior through the equipment identification code determined by the cloud server according to the equipment information of the equipment where the client is located, and determine whether the target user behavior is the fraudulent behavior according to the risk coefficient representing that the target user behavior belongs to the fraudulent behavior, so that the benefits of a service provider in the process of providing services for the user can be ensured.

Referring to fig. 7, a second user behavior detection apparatus provided in an embodiment of the present invention is shown, which is applied to a background server in a user behavior detection system, where the user behavior detection system includes: client, backstage server and cloud ware, the device includes:

a receiving module 810, configured to receive a service request sent by a client and including a first device identifier code, where the first device identifier code is: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

an obtaining module 820, configured to obtain a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior as a target risk coefficient, where the target user behavior is: an act of the client sending the service request to the backend server requesting a service;

a determining module 830, configured to determine whether the target user behavior is a fraudulent behavior according to the target risk factor.

In one implementation of the present invention, obtaining module 820 is specifically configured to,

and receiving the target risk coefficient sent by the cloud server.

information characterizing whether the device uses the agent;

information characterizing whether the device has acquired the root authority.

accordingly, the determination module 830 is specifically configured to,

Referring to fig. 8, a third user behavior detection apparatus provided in the embodiment of the present invention is shown, and is applied to a client in a user behavior detection system, where the user behavior detection system includes: client, backstage server and cloud ware, the device includes:

an identification code obtaining module 910, configured to obtain a first device identification code, where the first device identification code is: the cloud server allocates an identification code to the first device according to the device information of the first device, and the first device is: the device where the client is located;

a service request sending module 920, configured to send a service request including a first device identifier to a background server, so that the background server obtains a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior according to the service request, where the risk coefficient is used as a target risk coefficient, and determines whether the target user behavior is a fraudulent behavior according to the target risk coefficient, where the target user behavior is: an act of the client sending the service request to the backend server requesting a service.

In an implementation manner of the embodiment of the present invention, the apparatus further includes: the login detection module is used for detecting a login request, acquiring the equipment information of the first equipment after login is completed according to the login request, and sending the acquired equipment information of the first equipment to the cloud server, so that the cloud server determines the first equipment identification code according to the equipment information of the first equipment.

An embodiment of the present invention further provides a server, as shown in fig. 9, including a processor 001, a communication interface 002, a memory 003, and a communication bus 004, where the processor 001, the communication interface 002, and the memory 003 complete mutual communication through the communication bus 004,

a memory 003 for storing a computer program;

the processor 001 is configured to implement the user behavior detection method applied to the cloud server in the user behavior detection system according to the embodiment of the present invention when executing the program stored in the memory 003, where the user behavior detection system includes: the system comprises a client, a background server and a cloud server.

Specifically, the user behavior detection method includes:

It should be noted that, the processor 001 executes the program stored in the memory 003 to implement other embodiments of the user behavior detection method applied to the cloud server in the user behavior detection system, which are the same as the embodiments provided in the foregoing method embodiment section and are not described again here.

In each scheme provided by the embodiment of the invention, the server can track the user behavior through the equipment identification code and determine whether the user behavior is the fraud behavior according to the risk coefficient representing that the user behavior belongs to the fraud behavior, so that the benefit of a service party in the process of providing service for the user can be ensured.

The embodiment of the present invention further provides a server, as shown in fig. 10, including a processor 011, a communication interface 012, a memory 013, and a communication bus 014, wherein the processor 011, the communication interface 012, and the memory 013 complete mutual communication through the communication bus 014,

a memory 013 for storing a computer program;

the processor 011 is configured to implement the method for detecting the user behavior applied to the backend server in the system for detecting user behavior according to the embodiment of the present invention when executing the program stored in the memory 013, where the system for detecting user behavior includes: the system comprises a client, a background server and a cloud server.

Specifically, the user behavior detection method includes:

It should be noted that, the processor 011 executes the program stored in the memory 013 to implement other embodiments of the method for detecting user behavior applied to the backend server in the system for detecting user behavior, which are the same as the embodiments provided in the foregoing method embodiments and are not described herein again.

In each scheme provided by the embodiment of the invention, the server tracks the user behavior through the equipment identification code, and determines whether the user behavior is the fraud behavior according to the risk coefficient representing that the user behavior belongs to the fraud behavior, so that the benefit of a service party in the process of providing service for the user can be ensured.

An embodiment of the present invention further provides a terminal, as shown in fig. 11, including a processor 021, a communication interface 022, a memory 023 and a communication bus 024, wherein the processor 021, the communication interface 022, and the memory 023 complete mutual communication through the communication bus 024,

a memory 023 for storing computer programs;

the processor 021 is configured to, when executing the program stored in the memory 023, implement the method for detecting the user behavior of the client applied to the system for detecting the user behavior according to the embodiment of the present invention, where the system for detecting the user behavior includes: the system comprises a client, a background server and a cloud server.

Specifically, the user behavior detection method includes:

It should be noted that, the processor 021 executes the program stored in the memory 023 to implement other embodiments of the user behavior detection method applied to the backend server in the user behavior detection system, which are the same as the embodiments provided in the foregoing method embodiments and are not described herein again.

In each scheme provided by the embodiment of the invention, the terminal can send the service request containing the equipment identification code to the background server, so that the background server tracks the user behavior through the equipment identification code, and determines whether the user behavior is the fraudulent behavior according to the risk coefficient representing that the user behavior belongs to the fraudulent behavior, thereby ensuring the benefits of the service provider in the process of providing the service to the user.

The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.

The communication interface is used for communication between the electronic equipment and other equipment.

The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.

The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.

In another embodiment of the present invention, there is also provided a computer-readable storage medium, having stored therein instructions, which when run on a computer, cause the computer to execute any one of the above user behavior detection methods applied to a cloud server in a user behavior detection system, where the user behavior detection system includes: the system comprises a client, a background server and a cloud server.

Specifically, the user behavior detection method includes:

It should be noted that other embodiments of the method for detecting user behaviors applied to the cloud server in the system for detecting user behaviors through the computer-readable storage medium are the same as the embodiments provided in the foregoing method embodiments, and are not described here again.

In each scheme provided by the embodiment of the invention, by operating the instruction stored in the computer-readable storage medium, the user behavior can be tracked through the equipment identification code, and whether the user behavior is the fraudulent behavior is determined according to the risk coefficient representing that the user behavior belongs to the fraudulent behavior, so that the benefit of a service party in the process of providing service for the user can be ensured.

In another embodiment of the present invention, there is also provided a computer-readable storage medium, having stored therein instructions, which when run on a computer, cause the computer to execute any one of the above user behavior detection methods applied to a background server in a user behavior detection system, where the user behavior detection system includes: the system comprises a client, a background server and a cloud server.

Specifically, the user behavior detection method includes:

It should be noted that other embodiments of the method for detecting user behaviors applied to the background server in the user behavior detection system implemented by the computer-readable storage medium are the same as the embodiments provided in the foregoing method embodiments, and are not described here again.

In another embodiment of the present invention, there is also provided a computer-readable storage medium, having stored therein instructions, which when run on a computer, cause the computer to execute any one of the above user behavior detection methods applied to a client in a user behavior detection system, where the user behavior detection system includes: the system comprises a client, a background server and a cloud server.

Specifically, the user behavior detection method includes:

It should be noted that other embodiments of the method for detecting user behaviors applied to a client in a user behavior detection system implemented by the computer-readable storage medium are the same as the embodiments provided in the foregoing method embodiments, and are not described here again.

In each of the solutions provided in the embodiments of the present invention, by operating the instruction stored in the computer-readable storage medium, a service request including an equipment identifier can be sent to the background server, so that the background server tracks a user behavior through the equipment identifier, and determines whether the user behavior is a fraudulent behavior according to a risk coefficient indicating that the user behavior belongs to the fraudulent behavior, thereby ensuring benefits of a service provider in a process of providing services to a user.

In another embodiment of the present invention, there is also provided a computer program product containing instructions, which when run on a computer, causes the computer to execute any one of the above user behavior detection methods applied to a cloud server in a user behavior detection system, where the user behavior detection system includes: the system comprises a client, a background server and a cloud server.

Specifically, the user behavior detection method includes:

It should be noted that other embodiments of the method for detecting user behaviors applied to a cloud server in a user behavior detection system implemented by the computer program product are the same as the embodiments provided in the foregoing method embodiment section, and are not described here again.

In each scheme provided by the embodiment of the invention, by operating the computer program product containing the instruction, the user behavior can be tracked through the equipment identification code, and whether the user behavior is the fraud behavior is determined according to the risk coefficient representing that the user behavior belongs to the fraud behavior, so that the benefit of a service party in the process of providing service for the user can be ensured.

In another embodiment of the present invention, there is also provided a computer program product containing instructions, which when run on a computer, causes the computer to execute any one of the above user behavior detection methods applied to a background server in a user behavior detection system, where the user behavior detection system includes: the system comprises a client, a background server and a cloud server.

Specifically, the user behavior detection method includes:

It should be noted that other embodiments of the method for detecting user behaviors applied to the backend server in the user behavior detection system implemented by the computer program product are the same as the embodiments provided in the foregoing method embodiment section, and are not described here again.

In another embodiment of the present invention, there is provided a computer program product containing instructions, which when run on a computer, causes the computer to execute any one of the above user behavior detection methods applied to a client in a user behavior detection system, where the user behavior detection system includes: the system comprises a client, a background server and a cloud server.

Specifically, the user behavior detection method includes:

It should be noted that other embodiments of the method for detecting user behaviors applied to a client in a user behavior detection system implemented by the computer program product are the same as the embodiments provided in the foregoing method embodiment section, and are not described here again.

In each scheme provided by the embodiment of the invention, the computer program product containing the instruction is operated, so that the service request containing the equipment identification code can be sent to the background server, the background server tracks the user behavior through the equipment identification code, and whether the user behavior is the fraudulent behavior is determined according to the risk coefficient representing that the user behavior belongs to the fraudulent behavior, and further, the benefits of a service party in the process of providing the service for the user can be ensured.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the method, apparatus, electronic device, computer-readable storage medium, and computer program product embodiments, the description is relatively simple as they are substantially similar to the system embodiments, and reference may be made to some descriptions of the system embodiments for relevant points.

The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims

1. A user behavior detection system, the system comprising: client, background server, cloud server, wherein,

the client is used for sending a service request containing a first equipment identification code to the background server, detecting a login request, obtaining information used for calculating the equipment identification code in the equipment information of the first equipment as second equipment information after completing login according to the login request, and sending the second equipment information to the cloud server; wherein the first device identification code is: the cloud server allocates an identification code for the first device according to the received second-type device information, the identification code serves as a first device identification code and is fed back to the client, and the first device is as follows: the device where the client is located;

the cloud server is used for receiving the user behavior detection request, and searching a mapping relation containing the first equipment identification code in a pre-stored mapping relation between the equipment identification code and the equipment information to serve as a first mapping relation; acquiring equipment information used for calculating a risk coefficient in the equipment information contained in the first mapping relation, wherein the equipment information is used as first-class equipment information; acquiring a risk value of each piece of equipment information in the first type of equipment information, wherein the risk value of each piece of equipment information represents: when the equipment information exists, the user behavior belongs to the risk coefficient of the fraudulent behavior; adding the obtained risk values to obtain a risk coefficient for representing that the target user behavior belongs to the fraudulent behavior as a target risk coefficient, wherein the target user behavior is as follows: an act of the client requesting a service by sending the service request to the backend server; sending the target risk coefficient to the background server;

the background server is used for receiving the target risk coefficient and determining whether the target user behavior is a fraudulent behavior according to the target risk coefficient;

2. The system of claim 1, wherein the device information for calculating a risk coefficient comprises at least one of:

information characterizing whether the device uses the agent;

information characterizing whether the device has acquired the root authority.

3. The system of claim 1 or 2, further comprising, after said receiving said target risk factor:

correspondingly, the determining whether the target user behavior is a fraudulent behavior according to the target risk coefficient includes:

4. The system of claim 1, wherein the information for computing a device identification code comprises at least one of:

5. A user behavior detection method is applied to a cloud server in a user behavior detection system, wherein the user behavior detection system comprises: the method comprises the following steps:

receiving a user behavior detection request sent by a background server and second-type device information sent by a client, wherein the second-type device information is a login detection request of the client, and information used for calculating a device identification code is obtained from device information of first devices after login is completed according to the login request, the user behavior detection request carries a first device identification code, and the first device identification code is: the cloud server allocates an identification code for the first device according to the received second-type device information, the identification code serves as a first device identification code and is fed back to the client, and the first device is as follows: the device where the client is located;

sending the target risk coefficient to the background server so that the background server determines whether the target user behavior is a fraudulent behavior according to the target risk coefficient;

the obtaining of the risk coefficient for characterizing that the target user behavior belongs to the fraudulent behavior includes:

adding the acquired risk values to obtain a risk coefficient for representing that the target user behavior belongs to the fraudulent behavior;

6. A user behavior detection method is applied to a background server in a user behavior detection system, wherein the user behavior detection system comprises: the method comprises the following steps:

receiving a service request which is sent by a client and contains a first equipment identification code, wherein the first equipment identification code is as follows: the cloud server allocates an identification code for the first device according to the received second-type device information, the identification code serves as a first device identification code and is fed back to the client, and the first device is as follows: the device where the client is located; the second type of device information is information used for calculating a device identification code in the device information of the first device obtained after the client detects a login request and completes login according to the login request, and the second type of device information is sent to the cloud server by the client;

determining whether the target user behavior is a fraudulent behavior according to the target risk coefficient;

the step of obtaining a risk coefficient for characterizing the target user behavior as fraudulent behavior includes:

sending a user behavior detection request to the cloud server according to the service request so that the cloud server receives the user behavior detection request, and searching a mapping relation containing the first equipment identification code in a pre-stored mapping relation between the equipment identification code and equipment information to serve as a first mapping relation; acquiring equipment information used for calculating a risk coefficient in the equipment information contained in the first mapping relation, wherein the equipment information is used as first-class equipment information; acquiring a risk value of each piece of equipment information in the first type of equipment information, wherein the risk value of each piece of equipment information represents: when the equipment information exists, the user behavior belongs to the risk coefficient of the fraudulent behavior; adding the acquired risk values to obtain a risk coefficient for representing that a target user behavior belongs to a fraudulent behavior as a target risk coefficient, wherein the user behavior detection request carries the first equipment identification code, and the target user behavior is as follows: an act of the client requesting a service by sending the service request to the backend server;

receiving the target risk coefficient sent by the cloud server;

the cloud server allocates an identification code for the first equipment according to the received second-type equipment information, and the identification code serves as the first equipment identification code and is fed back to the client side, and the steps are as follows:

the cloud server receives the second type of equipment information sent by the client, and calculates the similarity between the second type of equipment information and information used for calculating the equipment identification code in the equipment information contained in each mapping relation;

7. The method of claim 6, wherein after obtaining a risk factor characterizing the target user behavior as being fraudulent, further comprising:

8. A user behavior detection method is applied to a client in a user behavior detection system, wherein the user behavior detection system comprises: the method comprises the following steps:

acquiring a first equipment identification code, detecting a login request, acquiring information used for calculating the equipment identification code in equipment information of first equipment as second type equipment information after login is completed according to the login request, and sending the second type equipment information to the cloud server; wherein the first device identification code is: the cloud server allocates an identification code for the first device according to the received second-type device information, the identification code serves as a first device identification code and is fed back to the client, and the first device is as follows: the device where the client is located;

sending a service request containing a first equipment identification code to a background server, so that the background server obtains a risk coefficient for representing that a target user behavior belongs to a fraud behavior according to the service request, wherein the risk coefficient is used as a target risk coefficient, and determines whether the target user behavior is the fraud behavior according to the target risk coefficient, wherein the target user behavior is as follows: an act of the client sending the service request to the backend server requesting a service;

9. A user behavior detection device is applied to a cloud server in a user behavior detection system, wherein the user behavior detection system comprises: client, backstage server and cloud ware, the device includes:

the detection request receiving module is used for receiving a user behavior detection request sent by the background server, detecting a login request, obtaining information used for calculating an identification code of equipment in equipment information of the first equipment as second equipment information after completing login according to the login request, and sending the second equipment information to the cloud server; the user behavior detection request carries a first equipment identification code, and the first equipment identification code is as follows: the cloud server allocates an identification code for the first device according to the received second-type device information, the identification code serves as a first device identification code and is fed back to the client, and the first device is as follows: the device where the client is located;

a risk coefficient sending module, configured to send the target risk coefficient to the background server, so that the background server determines, according to the target risk coefficient, whether the target user behavior is a fraudulent behavior;

the risk factor obtaining module is, in particular for,

the device further comprises:

10. A user behavior detection device is applied to a background server in a user behavior detection system, wherein the user behavior detection system comprises: client, backstage server and cloud ware, the device includes:

a receiving module, configured to receive a service request that includes a first device identifier sent by a client, where the first device identifier is: the cloud server allocates an identification code for the first device according to the received second-type device information, the identification code serves as a first device identification code and is fed back to the client, and the first device is as follows: the device where the client is located; the second type of device information is information used for calculating a device identification code in the device information of the first device obtained after the client detects a login request and completes login according to the login request, and the second type of device information is sent to the cloud server by the client;

the obtaining module is used for sending a user behavior detection request to the cloud server according to the service request so that the cloud server receives the user behavior detection request, and searching a mapping relation containing the first equipment identification code in a pre-stored mapping relation between the equipment identification code and the equipment information to serve as a first mapping relation; acquiring equipment information used for calculating a risk coefficient in the equipment information contained in the first mapping relation, wherein the equipment information is used as first-class equipment information; acquiring a risk value of each piece of equipment information in the first type of equipment information, wherein the risk value of each piece of equipment information represents: when the equipment information exists, the user behavior belongs to the risk coefficient of the fraudulent behavior; adding the obtained risk values to obtain a risk coefficient for representing that the target user behavior belongs to the fraudulent behavior as a target risk coefficient, wherein the target user behavior is as follows: an act of the client sending the service request to the backend server requesting a service; the cloud server allocates an identification code for the first equipment according to the received second-type equipment information, and the identification code serves as the first equipment identification code and is fed back to the client side, and the steps are as follows:

if not, determining an identification code of each piece of information in the second type of equipment information according to a preset corresponding relation between the equipment information and the identification code, combining the determined identification codes to obtain a first equipment identification code, feeding the first equipment identification code back to the client, and storing the first equipment identification code and the second type of equipment information into the mapping relation;

11. A user behavior detection device is applied to a client in a user behavior detection system, wherein the user behavior detection system comprises: client, backstage server and cloud ware, the device includes:

the identification code obtaining module is used for obtaining a first equipment identification code, detecting a login request, obtaining information used for calculating the identification code of the equipment in the equipment information of the first equipment as second equipment information after completing login according to the login request, and sending the second equipment information to the cloud server; wherein the first device identification code is: the cloud server allocates an identification code for the first device according to the received second-type device information, the identification code serves as a first device identification code and is fed back to the client, and the first device is as follows: the device where the client is located;

a service request sending module, configured to send a service request including a first device identification code to a background server, so that the background server obtains, according to the service request, a risk coefficient for characterizing that a target user behavior belongs to a fraudulent behavior, where the risk coefficient is used as a target risk coefficient, and determines, according to the target risk coefficient, whether the target user behavior is a fraudulent behavior, where the target user behavior is: an act of the client sending the service request to the backend server requesting a service; the cloud server allocates an identification code for the first equipment according to the received second-type equipment information, and the identification code serves as the first equipment identification code and is fed back to the client side, and the steps are as follows:

12. A server is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing the communication among the processors and the memory through the communication bus;

a memory for storing a computer program;

a processor for implementing the method of claim 5 when executing a program stored on the memory.

13. A server is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing the communication among the processors and the memory through the communication bus;

a memory for storing a computer program;

a processor for implementing the method of claim 6 or 7 when executing a program stored on the memory.

14. A user behavior detection terminal is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for finishing mutual communication through the communication bus by the memory;

a memory for storing a computer program;

a processor for implementing the method of claim 8 when executing a program stored on the memory.