CN108965207B - Machine behavior identification method and device - Google Patents
Machine behavior identification method and device Download PDFInfo
- Publication number
- CN108965207B CN108965207B CN201710356229.2A CN201710356229A CN108965207B CN 108965207 B CN108965207 B CN 108965207B CN 201710356229 A CN201710356229 A CN 201710356229A CN 108965207 B CN108965207 B CN 108965207B
- Authority
- CN
- China
- Prior art keywords
- time period
- data
- request data
- field
- machine behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
Abstract
The disclosure provides a machine behavior identification method and device. The machine behavior identification method comprises the following steps: acquiring at least one piece of request data in a first time period and storing the request data in a first data area; calculating a probability of occurrence of a field value of at least one field of the requested data in the first data region within a second time period, the second time period being longer than the first time period; and comparing the occurrence probability with a preset value, and judging whether the request data corresponds to a machine behavior according to a comparison result. The machine behavior identification method can improve the identification accuracy of the machine behavior of black-product malicious first-purchase in electronic commerce.
Description
Technical Field
The disclosure relates to the technical field of network information security, in particular to a machine behavior identification method and device for distinguishing malicious robbery behaviors in electronic commerce.
Background
With the development of electronic commerce, network black products grow gradually. According to the statistics of each large e-business, 60% of the network traffic during the festival promotion comes from network automation attacks rather than normal access traffic. According to the latest data released by the information center of the Chinese Internet, the income of the black products reaches the level of billions in recent two years, and the low-price shopping and promotion activities of the E-commerce industry are more the black product molecules < 35274c > and the objects of DNA.
The mode with the most serious harm to the network black products is to use a machine to carry out the robbery, and the form of the method is that a large number of requests are sent out by using browser plug-ins, robbery scripts, software and the like so as to improve the probability of successful robbery. This behavior severely impacts the fairness of the preemption activities. If machine robbery behavior is not identified and intercepted, the benefits and the profit are made by the e-commerce aiming at the benefits and the robbery activities held by the high-quality users by the black-end, the benefits of the users are damaged, and the reputation of the e-commerce is damaged.
Aiming at the machine robbery behavior in the robbery activity, each large E-commerce transaction platform at present has a transaction risk control system, and aiming at different machine robbery modes, a targeted identification interception scheme is designed. The common emergency purchase wind control scheme comprises the following modes: aiming at the same account, sending out a plurality of requests for identification interception at one time; aiming at a plurality of accounts, transmitting a plurality of requested identification intercepts at one time; and aiming at a plurality of accounts, different IPs send different requests for identification interception. However, the black products gradually change from an unordered, rough and to a 'ganged, specialized, fragmented and crowd-sourced' situation, and the existing wind control scheme cannot meet the new challenges because the machine behavior of the black products is omitted or the user behavior is accidentally injured. Therefore, a more efficient machine behavior recognition method is needed.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
An object of the present disclosure is to provide a machine behavior recognition method and apparatus for discriminating malicious preemption behaviors in electronic commerce, which overcome one or more problems due to limitations and disadvantages of the related art, at least to some extent.
According to a first aspect of the embodiments of the present disclosure, there is provided a machine behavior identification method, including:
acquiring at least one piece of request data in a first time period and storing the request data in a first data area;
calculating a probability of occurrence of a field value of at least one field of the requested data in the first data region within a second time period, the second time period being longer than the first time period; and
and comparing the occurrence probability with a preset value, and judging whether the request data corresponds to a machine behavior according to a comparison result.
In an exemplary embodiment of the disclosure, the calculating an occurrence probability of a field value of at least one field of the request data in the first data region within a second time period includes:
acquiring all request data in the second time period and storing the request data in a second data area; and
calculating the occurrence probability of the field value of at least one field of the request data in the first data area in the second data area.
In an exemplary embodiment of the present disclosure, the second period of time includes the first period of time, and an end time of the second period of time is an end time of the first period of time.
In an exemplary embodiment of the present disclosure, the field includes an IP address, a user name, and/or a user behavior carried in the request data.
According to an aspect of the present disclosure, there is provided a machine behavior recognition apparatus including:
the request receiving module is used for acquiring at least one piece of request data in a first time period and storing the request data in a first data area;
a field calculation module, configured to calculate an occurrence probability of a field value of at least one field of the requested data in the first data region within a second time period, where the second time period is longer than the first time period;
and the machine behavior judging module is used for comparing the occurrence probability with a preset value and judging whether the request data corresponds to the machine behavior according to a comparison result.
In an exemplary embodiment of the present disclosure, further comprising:
the request cache module is used for acquiring all request data in the second time period and storing the request data in a second data area;
the field calculation module is further used for calculating the occurrence probability of the field value of at least one field of the request data in the first data area in the second data area.
In an exemplary embodiment of the present disclosure, the second period of time includes the first period of time, and an end time of the second period of time is an end time of the first period of time.
In an exemplary embodiment of the disclosure, the field includes an IP address, a user name and/or a user behavior carried by the request data.
According to an aspect of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of the above.
According to an aspect of the present disclosure, there is provided an electronic device including:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform any of the method steps described above via execution of the executable instructions.
According to the machine behavior identification method, the request data are subjected to data regionalization identification, the request data with abnormal probability of the field value are intercepted, and the resolution ratio of the machine behavior and the human behavior is improved. The method is easy to expand, can cope with the continuously iterative black production technology by defining more detection fields, and can also finish the balance between the promotion quantity and the risk robbery quantity by defining different threshold values for the occurrence probability of each field according to the actual promotion requirement.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
Fig. 1 schematically illustrates a flow chart of a machine behavior recognition method in an exemplary embodiment of the present disclosure.
Fig. 2 schematically illustrates a block diagram of a machine behavior recognition apparatus in an exemplary embodiment of the present disclosure.
Fig. 3 schematically illustrates an operation principle of the machine behavior recognition apparatus according to an exemplary embodiment of the present disclosure.
Fig. 4 schematically illustrates a block diagram of another machine behavior recognition apparatus in an exemplary embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and the like. In other instances, well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the present disclosure.
Further, the drawings are merely schematic illustrations of the present disclosure, in which the same reference numerals denote the same or similar parts, and thus, a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The following detailed description of exemplary embodiments of the disclosure refers to the accompanying drawings.
Fig. 1 schematically illustrates a flow chart of a machine behavior recognition method in an exemplary embodiment of the present disclosure. Referring to fig. 1, a machine behavior recognition method 100 includes:
step S102, at least one piece of request data in a first time period is obtained and stored in a first data area.
Step S104, calculating an occurrence probability of a field value of at least one field of the requested data in the first data region within a second time period, where the second time period is longer than the first time period.
And S106, comparing the occurrence probability with a preset value, and judging whether the request data corresponds to a machine behavior according to a comparison result.
In step S102, all request data within a certain time period may be obtained from the real-time request data stream received from the e-commerce website, and stored in the first data area, and then machine behavior recognition may be performed on the request data in the entire data area. In an actual shopping scenario, since identification of the request data needs to be made within a short time (on the order of 100 ms), the time window, i.e., the first time period, may be on the order of 10ms, so that identification of the request data is completed within 100ms after the request data is received. In some embodiments, the length of the first time period may be adjusted according to a response speed required on the actual line, and a person skilled in the art may set the length according to the actual situation.
In step S104, the calculating an occurrence probability of a field value of at least one field of the requested data in the first data region within a second time period includes:
acquiring all request data in a second time period and storing the request data in a second data area; the probability of occurrence of a field value of at least one field of the requested data in the first data region in the second data region is calculated.
In one embodiment, the second time period comprises the first time period and the end time of the second time period is the end time of the first time period. By calculating the field value corresponding to a certain field of the request data in a larger sample range of the request data, the occurrence probability of the field value can be calculated more accurately, so that the field value has more statistical significance. For example, for request data in a 5s period that has been acquired, the probability of occurrence of a field value of a certain field of each piece of request data in a 10ms period after 5s in fields corresponding to all pieces of request data of 5.01s may be calculated. In the statistical process, the sample range is all the requested data in 5.01s, and the statistical object is the field value of at least one field of each piece of requested data in 10 ms. The request data can be identified more accurately by caching the cached data in a time window before the current time and combining the request data acquired in real time and cached in the time window.
Since there may be a case that the user repeatedly clicks the emergency purchase in an actual emergency purchase link, in order to avoid data aggregation caused by such human factors, in some embodiments, the length of the second time period may be designed to be 5s to 7 s. Because the request data sent by the user in the time period is far less than the request data sent by the machine, the recognition rate of the machine behavior can be improved, and the user behavior is prevented from being judged as the machine behavior by mistake.
In an exemplary embodiment of the present disclosure, the field includes an IP address, a user name, and/or a user behavior carried in the request data.
Because the request data comprises a plurality of fields, the fields to be counted can be set according to actual conditions. The statistical field can be freely selected by those skilled in the art, and the present disclosure is not particularly limited thereto.
The statistical field can be set by itself, so that the method is easy to expand. In the struggle between wind control and black products, the black products break the strategy of the wind control continuously, the method can deal with the black product technology which is iterated continuously by changing the statistical field, and the recognition accuracy of black product machine behaviors is improved.
In step S106, the preset value of the occurrence probability of the field value of each field may be set as needed.
In a short-time highly concurrent robbery activity, the probability of occurrence of each field value of the requested data should ideally satisfy a uniform distribution. Therefore, when a certain field value in the short-time request data stream has high aggregability, the probability of machine robbery is high.
Taking the following single IP as an example, let n be the requested data amount of the current data area, 1/m be the probability that two segments Y before the IP address appear, and m be the number of two segments before the IP address. The occurrence times X of the first two segments of the IP obey a plurality of distributions X-B (n, p),
from the central limit theorem of independent homographs, when N is large, the binomial distribution B (N, p) approximates to the normal distribution N (np, np (1-p)).
Therefore, the probability that the occurrence frequency of a certain field value of the two previous segments of the IP exceeds a certain threshold value is very small. Of the reasons for such small probability events, the probability of machine behavior is high.
Taking the IP field in the request data as an example, when the probability of occurrence of a certain IP value in all the request data within a 5s time period is greater than 80%, it may be determined that the request data having the IP value corresponds to a machine behavior, so that the request data having the IP value in the current statistics may be intercepted.
Because the network robbery behavior has certain randomness, when the machine behavior is judged to occur, only the request data needs to be intercepted, and the interception is not needed to be carried out on the user corresponding to the request data. By intercepting the request data rather than the user, the behavior of mistakenly intercepting the user can be more accurately avoided.
In some embodiments, if the probability of occurrence of the field value of one field in a piece of requested data does not exceed a predetermined value, the probability of occurrence of the field value of the other fields in the piece of requested data may be calculated. Until all the fields to be counted are calculated, the user can judge that the fields do not correspond to the machine behaviors, and therefore the next piece of request data is calculated.
After the identification of the request data in the first data area is completed, the data in the first data area may be stored in the second data area, and the data stored in the earliest first time period in the second data area may be deleted, and the time range of the request data stored in the second data area is maintained as the second time period.
In some embodiments, the second data region comprises the first data region, and the data storage action need only occur once.
According to the machine behavior identification method, the request data are subjected to data regionalization identification, the request data with abnormal probability of the field value are intercepted, and the resolution ratio of the machine behavior and the human behavior is improved. The method is easy to expand, can cope with the continuously iterative black production technology by defining more detection fields, and can also finish the balance between the promotion quantity and the risk robbery quantity by defining different threshold values for the occurrence probability of each field according to the actual promotion requirement.
Corresponding to the method embodiment, the present disclosure also provides a machine behavior recognition apparatus, which may be used to execute the method embodiment.
Fig. 2 schematically illustrates a block diagram of a machine behavior recognition apparatus in an exemplary embodiment of the present disclosure. Referring to fig. 2, a machine behavior recognition apparatus 200 may include:
a request receiving module 202, configured to obtain at least one piece of request data in a first time period, and store the at least one piece of request data in a first data area;
a field calculating module 204, configured to calculate an occurrence probability of a field value of at least one field of the requested data in the first data region within a second time period, where the second time period is longer than the first time period;
and the machine behavior judging module 206 is configured to compare the occurrence probability with a preset value, and judge whether the request data corresponds to a machine behavior according to a comparison result.
In an exemplary embodiment of the present disclosure, further comprising:
the request cache module is used for acquiring all request data in the second time period and storing the request data in a second data area;
the field calculation module is further used for calculating the occurrence probability of the field value of at least one field of the request data in the first data area in the second data area.
In an exemplary embodiment of the present disclosure, the second period of time includes the first period of time, and an end time of the second period of time is an end time of the first period of time.
In an exemplary embodiment of the disclosure, the field includes an IP address, a user name and/or a user behavior carried by the request data.
Since the functions of the apparatus 200 have been described in detail in the corresponding method embodiments, the disclosure is not repeated herein.
Fig. 3 schematically illustrates an operation principle of the machine behavior recognition apparatus according to an exemplary embodiment of the present disclosure.
Referring to fig. 3, the request receiving module 202 obtains the request data in the first time period in the request stream, the request caching module 208 stores the request data in the second time period, the field calculating module 204 calculates the occurrence probability of each field value of each field of each piece of request data in the request receiving module 202, and the sample range is all the request data in the request caching module 208 and the request receiving module 202. The machine behavior determining module 206 compares the occurrence probability of each field value with a preset value corresponding to the field, and if the occurrence probability is greater than the preset value, determines that the requested data to which the field value belongs corresponds to the machine behavior.
According to an aspect of the present disclosure, there is provided a machine behavior recognition apparatus including:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of the above based on instructions stored in the memory.
The specific manner in which the processor of the apparatus performs operations in this embodiment has been described in detail in the embodiment related to the machine behavior recognition method, and will not be described in detail here.
Fig. 4 is a block diagram illustrating an apparatus 400 according to an example embodiment. The apparatus 400 may be a mobile terminal such as a smart phone or a tablet computer.
Referring to fig. 4, the apparatus 400 may include one or more of the following components: processing component 402, memory 404, power component 406, multimedia component 408, audio component 410, sensor component 414, and communication component 416.
The processing component 402 generally controls overall operation of the apparatus 400, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations, among others. The processing component 402 may include one or more processors 418 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 402 can include one or more modules that facilitate interaction between the processing component 402 and other components. For example, the processing component 402 can include a multimedia module to facilitate interaction between the multimedia component 408 and the processing component 402.
The memory 404 is configured to store various types of data to support operations at the apparatus 400. Examples of such data include instructions for any application or method operating on the apparatus 400. The memory 404 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks. Also stored in memory 404 are one or more modules configured to be executed by the one or more processors 418 to perform all or a portion of the steps of any of the methods described above.
The multimedia component 408 includes a screen that provides an output interface between the device 400 and the user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
The audio component 410 is configured to output and/or input audio signals. For example, audio component 410 includes a Microphone (MIC) configured to receive external audio signals when apparatus 400 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 404 or transmitted via the communication component 416. In some embodiments, audio component 410 also includes a speaker for outputting audio signals.
The sensor component 414 includes one or more sensors for providing various aspects of status assessment for the apparatus 400. For example, the sensor assembly 414 may detect the open/closed status of the device 400, the relative positioning of the components, the sensor assembly 414 may also detect a change in position of the device 400 or a component of the device 400, and a change in temperature of the device 400. In some embodiments, the sensor assembly 414 may also include a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 416 is configured to facilitate wired or wireless communication between the apparatus 400 and other devices. The apparatus 400 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 416 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 416 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 400 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment of the disclosure, there is also provided a computer-readable storage medium having a program stored thereon, the program, when executed by a processor, implementing the machine behavior recognition method as described in any one of the above. The computer-readable storage medium may be, for example, transitory and non-transitory computer-readable storage media including instructions.
According to an aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform any of the method steps described above via execution of the executable instructions.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (8)
1. A method for machine behavior recognition, comprising:
acquiring at least one piece of request data in a first time period and storing the request data in a first data area;
calculating the occurrence probability of the field value of at least one field of the request data in the first data area within a second time period, wherein the second time period comprises the first time period, and the end time of the second time period is the end time of the first time period; and
and comparing the occurrence probability with a preset value, and judging whether the request data corresponds to a machine behavior according to a comparison result.
2. The machine behavior recognition method of claim 1, wherein the calculating a probability of occurrence of a field value of the at least one field of requested data in the first data region within a second time period comprises:
acquiring all request data in the second time period and storing the request data in a second data area; and
calculating the occurrence probability of the field value of at least one field of the request data in the first data area in the second data area.
3. The machine behavior recognition method of claim 1, wherein the field comprises an IP address, a username, and/or a user behavior carried in the request data.
4. A machine behavior recognition apparatus, comprising:
the request receiving module is used for acquiring at least one piece of request data in a first time period and storing the request data in a first data area;
a field calculation module, configured to calculate an occurrence probability of a field value of at least one field of the requested data in the first data area within a second time period, where the second time period includes the first time period, and an end time of the second time period is an end time of the first time period;
and the machine behavior judging module is used for comparing the occurrence probability with a preset value and judging whether the request data corresponds to the machine behavior according to a comparison result.
5. The machine behavior recognition device according to claim 4, further comprising:
the request cache module is used for acquiring all request data in the second time period and storing the request data in a second data area;
the field calculation module is further used for calculating the occurrence probability of the field value of at least one field of the request data in the first data area in the second data area.
6. The machine behavior recognition device of claim 4, wherein the field comprises an IP address, a username, and/or a user behavior carried by the request data.
7. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 3.
8. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the method steps of any of claims 1-3 via execution of the executable instructions.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710356229.2A CN108965207B (en) | 2017-05-19 | 2017-05-19 | Machine behavior identification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710356229.2A CN108965207B (en) | 2017-05-19 | 2017-05-19 | Machine behavior identification method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108965207A CN108965207A (en) | 2018-12-07 |
CN108965207B true CN108965207B (en) | 2021-02-26 |
Family
ID=64462056
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710356229.2A Active CN108965207B (en) | 2017-05-19 | 2017-05-19 | Machine behavior identification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108965207B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110046647A (en) * | 2019-03-08 | 2019-07-23 | 同盾控股有限公司 | A kind of identifying code machine Activity recognition method and device |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102473085A (en) * | 2009-07-27 | 2012-05-23 | 弗里塞恩公司 | Method and system for data logging and analysis |
CN103365969A (en) * | 2013-06-24 | 2013-10-23 | 北京奇虎科技有限公司 | Abnormal data detecting and processing method and system |
CN104184730A (en) * | 2014-08-20 | 2014-12-03 | 小米科技有限责任公司 | Access processing method, device and electronic equipment |
CN105096132A (en) * | 2014-05-22 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Method for controlling transaction qualification, method for obtaining transaction qualification, and device for controlling transaction qualification |
CN105956911A (en) * | 2016-05-23 | 2016-09-21 | 北京小米移动软件有限公司 | Purchase request processing method and device |
CN106101080A (en) * | 2016-05-31 | 2016-11-09 | 乐视控股(北京)有限公司 | Page access control method and device |
CN106302350A (en) * | 2015-06-01 | 2017-01-04 | 阿里巴巴集团控股有限公司 | URL monitoring method, device and equipment |
CN106302450A (en) * | 2016-08-15 | 2017-01-04 | 广州华多网络科技有限公司 | A kind of based on the malice detection method of address and device in DDOS attack |
CN106327230A (en) * | 2015-06-30 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Abnormal user detection method and device |
CN106339615A (en) * | 2016-08-29 | 2017-01-18 | 北京红马传媒文化发展有限公司 | Abnormal registration behavior recognition method, system and equipment |
CN106375345A (en) * | 2016-10-28 | 2017-02-01 | 中国科学院信息工程研究所 | Malware domain name detection method and system based on periodic detection |
US9602536B1 (en) * | 2014-12-04 | 2017-03-21 | Amazon Technologies, Inc. | Virtualized network honeypots |
CN106534062A (en) * | 2016-09-23 | 2017-03-22 | 南京途牛科技有限公司 | Crawler prevention method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9942265B2 (en) * | 2014-01-06 | 2018-04-10 | International Business Machines Corporation | Preventing application-level denial-of-service in a multi-tenant system |
-
2017
- 2017-05-19 CN CN201710356229.2A patent/CN108965207B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102473085A (en) * | 2009-07-27 | 2012-05-23 | 弗里塞恩公司 | Method and system for data logging and analysis |
CN103365969A (en) * | 2013-06-24 | 2013-10-23 | 北京奇虎科技有限公司 | Abnormal data detecting and processing method and system |
CN105096132A (en) * | 2014-05-22 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Method for controlling transaction qualification, method for obtaining transaction qualification, and device for controlling transaction qualification |
CN104184730A (en) * | 2014-08-20 | 2014-12-03 | 小米科技有限责任公司 | Access processing method, device and electronic equipment |
US9602536B1 (en) * | 2014-12-04 | 2017-03-21 | Amazon Technologies, Inc. | Virtualized network honeypots |
CN106302350A (en) * | 2015-06-01 | 2017-01-04 | 阿里巴巴集团控股有限公司 | URL monitoring method, device and equipment |
CN106327230A (en) * | 2015-06-30 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Abnormal user detection method and device |
CN105956911A (en) * | 2016-05-23 | 2016-09-21 | 北京小米移动软件有限公司 | Purchase request processing method and device |
CN106101080A (en) * | 2016-05-31 | 2016-11-09 | 乐视控股(北京)有限公司 | Page access control method and device |
CN106302450A (en) * | 2016-08-15 | 2017-01-04 | 广州华多网络科技有限公司 | A kind of based on the malice detection method of address and device in DDOS attack |
CN106339615A (en) * | 2016-08-29 | 2017-01-18 | 北京红马传媒文化发展有限公司 | Abnormal registration behavior recognition method, system and equipment |
CN106534062A (en) * | 2016-09-23 | 2017-03-22 | 南京途牛科技有限公司 | Crawler prevention method |
CN106375345A (en) * | 2016-10-28 | 2017-02-01 | 中国科学院信息工程研究所 | Malware domain name detection method and system based on periodic detection |
Also Published As
Publication number | Publication date |
---|---|
CN108965207A (en) | 2018-12-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106033419B (en) | Method, device and system for pushing messages in real time | |
WO2020048240A1 (en) | Service recommendation method and apparatus, and electronic device and readable storage medium | |
US20160241589A1 (en) | Method and apparatus for identifying malicious website | |
CN110447215B (en) | Dynamic warning method and terminal for malicious behavior of application software | |
CN107506646B (en) | Malicious application detection method and device and computer readable storage medium | |
US8984151B1 (en) | Content developer abuse detection | |
CN105657479B (en) | Video processing method and device | |
US20150278504A1 (en) | User authentication based on established network activity | |
CN103914520B (en) | Data query method, terminal device and server | |
CN105592005B (en) | Security verification method, device and system | |
CN104410601A (en) | Access control method, access control system and wearable equipment | |
US20150067787A1 (en) | Mechanism for facilitating dynamic adjustments to computing device characteristics in response to changes in user viewing patterns | |
CN106464502B (en) | Method and system for authentication of a communication device | |
CN107743096B (en) | Network optimization method, device, terminal and storage medium | |
CN107820684B (en) | Channel detection method, information sending method, device and communication equipment | |
US20210006643A1 (en) | Information display method, terminal, and server | |
WO2021077828A1 (en) | Near field communication authentication initiating method and related apparatus | |
CN107920018B (en) | Method, server and system for realizing delayed push of data | |
CN107623612B (en) | Flow display method and device, computer equipment and computer readable storage medium | |
CN108965207B (en) | Machine behavior identification method and device | |
CN105530232B (en) | Account login method and device | |
CN107682832B (en) | Data processing method and device, computer equipment and computer readable storage medium | |
CN108427618A (en) | Interim card state determines method, apparatus and computer readable storage medium | |
CN104348655B (en) | The safe and healthy degree determination method of system and device | |
CN111353796B (en) | Quality judgment method and device for flow channel |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |