CN109446030A - A kind of behavior monitoring method and device - Google Patents
A kind of behavior monitoring method and device Download PDFInfo
- Publication number
- CN109446030A CN109446030A CN201811339201.9A CN201811339201A CN109446030A CN 109446030 A CN109446030 A CN 109446030A CN 201811339201 A CN201811339201 A CN 201811339201A CN 109446030 A CN109446030 A CN 109446030A
- Authority
- CN
- China
- Prior art keywords
- information
- business operation
- user
- behavior
- operation behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Abstract
This application provides a kind of behavior monitoring method and devices, comprising: obtains the business operation request of user;The business operation request includes operation behavior information and the identification information of the user;Based on preset regular expression, determine whether the operation behavior information is target monitoring information;In the case where the operation behavior information is the target monitoring information, it is based on the identification information, requests corresponding business operation behavior to be monitored the business operation of the user.Whether the operation behavior that the embodiment of the present application can judge automatically user needs to monitor, and does not need bury a little in client and operation system, and then cooperates without developer, and easy to operate, practicability is higher.
Description
Technical field
This application involves net application technology fields, in particular to a kind of behavior monitoring method and device.
Background technique
In contemporary life, for convenience, more and more business can be operated based on electronic products such as computer, mobile phones.Example
As government organs high level personnel can check classified papers by the client of computer;Individual can pass through e-bank's client
Handle the business such as transfer accounts.
In order to ensure the safety during business handling, in the prior art, not only need usual in business service system
Bury a little using in client, after burying and being a little activated, the operation behavior of user is monitored.
But since an existing technology of burying is to realize in the application system for will bury point code insertion client to user's
Operation behavior is monitored, once it then needs corresponding update to bury point code, needs system development in this way, client updates
Personnel, which cooperate to update, buries point code, and complicated for operation to the more demanding of technical staff, practicability is poor.
Summary of the invention
In view of this, the embodiment of the present application is designed to provide a kind of behavior monitoring method and device, it can be automatic
Judge whether the operation behavior of user needs to monitor, does not need bury a little in the corresponding application system of client, and then be not necessarily to
Developer's cooperation, easy to operate, practicability is higher.
In a first aspect, the embodiment of the present application provides a kind of behavior monitoring method, comprising:
Obtain the business operation request of user;Business operation request include operation behavior information and with the user
Identification information;
Based on pre-defined rule, determine whether the operation behavior information is target monitoring information;
In the case where the operation behavior information is the target monitoring information, it is based on the identification information, it is right
The business operation of the user requests corresponding business operation behavior to be monitored.
With reference to first aspect, the embodiment of the present application provides the first possible embodiment of first aspect, wherein institute
It states based on the identification information, requests corresponding business operation behavior to be supervised the business operation of the user
It surveys, comprising:
According to the target monitoring information, the risk class of the business operation behavior is determined;
When the risk class is greater than the risk level threshold, ID authentication request is initiated to user;
In the case where user identity authentication passes through, the business operation request is forwarded to server.
With reference to first aspect, the embodiment of the present application provides second of possible embodiment of first aspect, wherein packet
It includes:
Identity information corresponding with the identification information is matched from data pool using the identification information;
The identity information is associated with the business operation behavior.
The possible embodiment of second with reference to first aspect, the embodiment of the present application provide the third of first aspect
Possible embodiment, wherein it is described in the case where user identity authentication passes through, forward the business operation to ask to server
It asks and includes:
It is requested based on the business operation, generates object run information;
Based on the object run information and the identity information, to server request and the object run information pair
The target information answered;
Receive the target information of the server feedback.
The third possible embodiment with reference to first aspect, the embodiment of the present application provide the 4th kind of first aspect
Possible embodiment, wherein include:
The target information is stored, and/or the target information is analyzed.
Second aspect, the embodiment of the present application also provide a kind of behavior monitoring device, comprising:
Module is obtained, the business operation for obtaining user is requested;The business operation request includes operation behavior information
And the identification information with the user;
Determining module determines whether the operation behavior information is target monitoring information for being based on pre-defined rule;
Monitoring modular, for being based on the body in the case where the operation behavior information is the target monitoring information
Part identification information requests corresponding business operation behavior to be monitored the business operation of the user.
In conjunction with second aspect, the embodiment of the present application provides the first possible embodiment of second aspect, wherein institute
It states monitoring modular to be specifically used for being based on the identification information by following manner, the business operation of the user is asked
Corresponding business operation behavior is asked to be monitored, comprising:
According to the target monitoring information, the risk class of the business operation behavior is determined;
When the risk class is greater than the risk level threshold, ID authentication request is initiated to user;
In the case where user identity authentication passes through, the business operation request is forwarded to server.
In conjunction with second aspect, the embodiment of the present application provides second of possible embodiment of second aspect, wherein institute
Stating device further includes relating module;
The relating module, for being matched from data pool and the identification information using the identification information
Corresponding identity information;The identity information is associated with the business operation behavior.
In conjunction with second of possible embodiment of second aspect, the embodiment of the present application provides the third of second aspect
Possible embodiment, wherein the monitoring modular is specifically used for through following manner the case where user identity authentication passes through
Under, the business operation request is forwarded to server:
It is requested based on the business operation, generates object run information;
Based on the object run information and the identity information, to server request and the object run information pair
The target information answered;
Receive the target information of the server feedback.
In conjunction with the third possible embodiment of second aspect, the embodiment of the present application provides the 4th kind of second aspect
Possible embodiment, wherein described device further includes storage analysis module;
The storage analysis module is specifically used for storing the target information, and/or divides the target information
Analysis.
The third aspect, the embodiment of the present application also provide a kind of electronic equipment, comprising: processor, memory and bus, it is described
Memory is stored with the executable machine readable instructions of the processor, when electronic equipment operation, the processor with it is described
By bus communication between memory, the machine readable instructions executed when being executed by the processor it is above-mentioned in a first aspect, or
Step in first aspect in any possible embodiment.
Fourth aspect, the embodiment of the present application also provide a kind of computer readable storage medium, the computer-readable storage medium
Computer program is stored in matter, which executes above-mentioned in a first aspect, or in first aspect when being run by processor
Step in any possible embodiment.
Behavior monitoring method provided by the embodiments of the present application and device are asked using the business operation that gateway obtains user
It asks;Wherein, operation behavior information and the identification information of user are carried in business operation request;Use preset canonical
Expression formula, to determine whether business operation information is target monitoring information, when business operation information is target monitoring information
It waits, according to the identification information of user, requests corresponding business operation behavior to be monitored the business operation of user, and it is existing
There is will realize in the application system for burying point code insertion client in technology to be monitored the operation behavior of user, in this way,
Once client updates, then needs corresponding update to bury point code, need system developer that update is cooperated to bury point code, it is right
Developer's is more demanding, complicated for operation, and practicability is poor to be compared, and whether the operation behavior that can judge automatically user needs
It monitors, does not need bury a little in client and operation system, and then cooperate without developer, it is easy to operate, it is practical
Property is higher.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows a kind of flow chart of behavior monitoring method provided by the embodiment of the present application;
Fig. 2 shows in behavior monitoring method provided by the embodiment of the present application, it is based on the identification information, to institute
The flow chart for the specific method that the business operation for stating user requests corresponding business operation behavior to be monitored;
Fig. 3 shows a kind of schematic diagram of behavior monitoring device provided by the embodiment of the present application;
Fig. 4 shows the schematic diagram of a kind of electronic equipment provided by the embodiment of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
Middle attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
It is some embodiments of the present application, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is real
The component for applying example can be arranged and be designed with a variety of different configurations.Therefore, below to the application's provided in the accompanying drawings
The detailed description of embodiment is not intended to limit claimed scope of the present application, but is merely representative of the selected reality of the application
Apply example.Based on embodiments herein, those skilled in the art institute obtained without making creative work
There are other embodiments, shall fall in the protection scope of this application.
Currently, in order to ensure user is using the safety in the client process on electronic product, using in client
Bury a little, when corresponding business operation behavior occurs, then can trigger to bury a little being monitored to the behavior of user, but
It is to be monitored to the behavior of user using burying a technology, refers to and refer to one section of code insertion in the application system of client, when
It when client updates, is also required to be updated then burying a little corresponding code, and updates and bury a little corresponding code, need to answer
Cooperated with the developer of system, therefore to the more demanding of technical staff, complicated for operation, practicability is poor.
It has been investigated that gateway is arranged between client and service server, using gateway to the operation behavior of user
It is monitored, and match whether the operation behavior of user is the operation behavior for needing to monitor by regular expression, does not need
Bury a little in the corresponding application system of client.
Based on the studies above, this application provides a kind of behavior monitoring method and devices, can judge automatically user's
Whether my operation behavior needs to monitor, and does not need bury a little in the corresponding application system of client, and then is not necessarily to exploit person
Member's cooperation, easy to operate, practicability is higher.
For defect present in above scheme, be inventor being obtained after practicing and carefully studying as a result,
Therefore, the discovery procedure of the above problem and the solution that hereinafter the application is proposed regarding to the issue above all should be
The contribution that inventor makes the application during the application.
Below in conjunction with attached drawing in the application, the technical solution in the application is clearly and completely described, it is clear that
Described embodiments are only a part of embodiments of the present application, instead of all the embodiments.Usually retouched in attached drawing here
The component for the application for stating and showing can be arranged and be designed with a variety of different configurations.Therefore, below to mentioning in the accompanying drawings
The detailed description of the embodiments herein of confession is not intended to limit claimed scope of the present application, but is merely representative of this
The selected embodiment of application.Based on embodiments herein, those skilled in the art are in the premise for not making creative work
Under every other embodiment obtained, shall fall in the protection scope of this application.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
For convenient for understanding the present embodiment, first to a kind of behavior monitoring method disclosed in the embodiment of the present application into
Row is discussed in detail, and the executing subject of behavior monitoring method is between client and service server provided by the embodiment of the present application
The gateway of setting.
Embodiment one
Shown in Figure 1, for the flow chart for the behavior monitoring method that the embodiment of the present application one provides, the method includes steps
Rapid S101~S103, in which:
S101: the business operation request of user is obtained;Business operation request includes operation behavior information and described
The identification information of user.
When specific implementation, when user customer is operated, corresponding business, example can be requested to operation system
Such as: logging in, bank transfer business, user requests to consult personal data etc., then business operation request is exactly user to business
The solicited message of system request business, identification information can be stored in the number that user identity is identified in user client
According to such as cookie.
When user is when client operates, gateway can get user to the corresponding industry of operation system requested service
Business operation requests.
S102: it is based on preset regular expression, determines whether the operation behavior information is target monitoring information.
When specific implementation, gateway is provided with filtering module, and regular expression is arranged in filtering module, gateway
Place also saves multiple business operation behavioral datas of monitoring in need, by regular expression, can match and believe with operation behavior
Corresponding business operation behavioral data is ceased, when being matched to business operation behavioral data corresponding with operation behavior information, then table
Show that operation behavior information is target monitoring information.
Such as: for user when carrying out transferred account service, the operation behaviors such as the frequency transferred accounts, the amount of money transferred accounts are to need to supervise
It surveys, then Monitoring Rules are then arranged using regular expression, and the operation behaviors pair such as the frequency transferred accounts, the amount of money transferred accounts
The business operation behavioral data answered, when using regular expression matching to the operation behaviors such as the frequency transferred accounts, the amount of money transferred accounts
Corresponding business operation behavioral data, then the operation behaviors such as this frequency transferred accounts, the amount of money transferred accounts need gateway to be monitored,
It that is to say target monitoring information.
S103: in the case where the operation behavior information is the target monitoring information, believed based on the identity
Breath requests corresponding business operation behavior to be monitored the business operation of the user.
When specific implementation, when determining operation behavior information is object detection information, according to identity
Information matches user identity corresponding with identification information in data pool, determines that business operation requests corresponding identity letter
Breath, determine user identity, after determining user identity, the identity information of user and business operation behavior be associated, to
The business operation behavior at family is monitored.
Specifically, shown in Figure 2, the embodiment of the present application is also provided based on the identification information, to the user
The business operation specific method of requesting corresponding business operation behavior to be monitored flow chart, the method includes steps
Rapid S201~S203, in which:
S201: according to the target monitoring information, the risk class of the business operation behavior is determined.
S202: when the risk class is greater than the risk level threshold, ID authentication request is initiated to user.
S203: in the case where user identity authentication passes through, the business operation request is forwarded to server.
When specific implementation, the risk class of business operation behavior can determine according to target monitoring information, such as:
Target monitoring information is to transfer accounts quantity, and business operation behavior is to transfer accounts 800,000, then corresponding 800,000 this business of transferring accounts
Operation behavior is that have existing for certain risk, after determining corresponding risk class, then by risk class and risk level threshold
It is compared, in the case where risk class is greater than risk level threshold, ID authentication request is initiated to user, to user identity
It is authenticated, e.g., carries out authentication using the mode of recognition of face, the authentication etc. of user is carried out using fingerprint,
After authentication passes through, business operation request is transmitted to server, finishing service operation.
Specifically, the embodiment of the present application is also provided in the case where user identity authentication passes through, to described in server forwarding
The specific method of business operation request, comprising:
It is requested based on the business operation, generates object run information;
Based on the object run information and the identity information, to server request and the object run information pair
The target information answered;
Receive the target information of the server feedback.
It when specific implementation, is requested according to business operation, generates object run information, such as: business operation request
It is to transfer accounts, number of transferring accounts is 8,000,000, then generating object run information is to transfer accounts 8,000,000.Generate object run information
Afterwards, the corresponding identity information of corresponding object run information requests target information corresponding with object run information to server, and
Receive the target information that server feedback is returned.
After the target information for receiving server feedback, target information is stored, is needing the business behaviour to user
When analysis as behavior, the target information stored is called to analyze target information, and then analyzes the industry of user
Business operation behavior.
Embodiment two
The embodiment of the present application two also provides another behavior monitoring method, comprising:
Obtain the business operation request of user;The business operation request includes operation behavior information and the user
Identification information;
Based on the identification information, using preset regular expression, determine the operation behavior information whether be
Target monitoring information;
In the case where the operation behavior information is the target monitoring information, the business operation of the user is requested
Corresponding business operation behavior is monitored.
When specific implementation, according to identification information, matched in data pool corresponding with identification information
User identity determines that business operation requests corresponding identity information, determines user identity.After determining user identity, by user
Identity information be associated with business operation behavior, and by regular expression, match industry corresponding with operation behavior information
Business operation behavior data, when being matched to business operation behavioral data corresponding with operation behavior information, then it represents that operation behavior
Information is target monitoring information, when determining operation behavior information is object detection information, to the business operation row of user
To be monitored.
Behavior monitoring method provided by the embodiments of the present application is requested using the business operation that gateway obtains user;Wherein, industry
Operation behavior information and the identification information of user are carried in business operation requests;Using preset regular expression, come
Determine whether business operation information is target monitoring information, when business operation information is target monitoring information, according to
The identification information at family requests corresponding business operation behavior to be monitored the business operation of user, and in the prior art
The application system that will bury point code insertion client in realize the operation behavior of user be monitored, once in this way, client
End updates, then needs corresponding update to bury point code, need system developer that update is cooperated to bury point code, to developer
It is more demanding, complicated for operation, practicability is poor to be compared, and whether the operation behavior that can judge automatically user needs to monitor,
It does not need bury a little in client and operation system, and then cooperates without developer, easy to operate, practicability is higher.
Based on the same inventive concept, behavior monitoring dress corresponding with behavior monitoring method is additionally provided in the embodiment of the present application
It sets, since the principle that the device in the embodiment of the present application solves the problems, such as is similar to the above-mentioned behavior monitoring method of the embodiment of the present application,
Therefore the implementation of device may refer to the implementation of method, and overlaps will not be repeated.
Embodiment three
Referring to shown in Fig. 3, for a kind of schematic diagram for behavior monitoring device that the embodiment of the present application five provides, described device packet
It includes: obtaining module 31, determining module 32, monitoring modular 33;Wherein,
Module 31 is obtained, the business operation for obtaining user is requested;The business operation request includes that operation behavior is believed
Breath and the identification information with the user;
Determining module 32 determines whether the operation behavior information is target prison for being based on preset regular expression
Measurement information;
Monitoring modular 33, for being based on described in the case where the operation behavior information is the target monitoring information
Identification information requests corresponding business operation behavior to be monitored the business operation of the user.
In a kind of possible embodiment, monitoring modular 33 is specifically used for being based on identity letter by following manner
Breath requests corresponding business operation behavior to be monitored the business operation of the user, comprising:
According to the target monitoring information, the risk class of the business operation behavior is determined;
When the risk class is greater than the risk level threshold, ID authentication request is initiated to user;
In the case where user identity authentication passes through, the business operation request is forwarded to server.
In a kind of possible embodiment, described device further includes relating module 34;
The relating module 34 is believed for being matched from data pool using the identification information with the identity
Cease corresponding identity information;The identity information is associated with the business operation behavior.
In a kind of possible embodiment, monitoring modular 33 is specifically used for passing through by following manner in user identity authentication
In the case where, the business operation request is forwarded to server:
It is requested based on the business operation, generates object run information;
Based on the object run information and the identity information, to server request and the object run information pair
The target information answered;
Receive the target information of the server feedback.
In a kind of possible embodiment, described device further includes storage analysis module 35;
The storage analysis module is specifically used for storing the target information, and/or divides the target information
Analysis.
Description about the interaction flow between the process flow and each module of each module in device is referred to
The related description in embodiment of the method is stated, I will not elaborate.
Corresponding to the behavior monitoring method in Fig. 1, the embodiment of the present application also provides a kind of electronic equipment, as shown in figure 4,
The equipment includes memory 41, processor 42, bus 43 and is stored on the memory 41 and can run on the processor 42
Computer program, wherein the step of above-mentioned processor 42 realizes above-mentioned behavior monitoring method when executing above-mentioned computer program.
Specifically, above-mentioned memory 41 and processor 42 can be general memory and processor, not do here specific
It limits, when the computer program of 42 run memory 41 of processor storage, above-mentioned behavior monitoring method is able to carry out, to solve
It will certainly be realized in the application system for burying point code insertion client in the prior art and the operation behavior of user be monitored, this
Sample then needs corresponding update to bury point code, needs system developer that update is cooperated to bury a generation once client updates
Code, complicated for operation to the more demanding of developer, the poor technical problem of practicability reaches the operation for judging automatically user
Whether behavior, which needs, monitors, and does not need bury a little in client and operation system, and then cooperates without developer, operation
Simply, effect more practical.
Corresponding to the behavior monitoring method in Fig. 1, the embodiment of the present application also provides a kind of computer readable storage medium,
It is stored with computer program on the computer readable storage medium, which executes above-mentioned behavior when being run by processor
The step of monitoring method.
Specifically, which can be general storage medium, such as mobile disk, hard disk, on the storage medium
Computer program when being run, above-mentioned behavior monitoring method is able to carry out, to solve that point code will be buried in the prior art embedding
Enter to realize in the application system of client and be monitored the operation behavior of user, once it then needs in this way, client updates
It corresponds to update and buries point code, need system developer that update is cooperated to bury point code, to the more demanding of developer, operation
Whether complexity, the poor technical problem of practicability reach and judge automatically the operation behavior of user and need to monitor, do not need in client
End and operation system bury a little, and then cooperate without developer, easy to operate, effect more practical.
The computer program product of behavior monitoring method and device provided by the embodiment of the present application, including store journey
The computer readable storage medium of sequence code, the instruction that said program code includes can be used for executing institute in previous methods embodiment
The method stated, specific implementation can be found in embodiment of the method, and details are not described herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.In the application
In provided several embodiments, it should be understood that disclosed systems, devices and methods, it can be real by another way
It is existing.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, only a kind of logic function
It can divide, there may be another division manner in actual implementation, in another example, multiple units or components can combine or can collect
At another system is arrived, or some features can be ignored or not executed.Another point, shown or discussed mutual coupling
Conjunction or direct-coupling or communication connection can be the indirect coupling or communication connection by some communication interfaces, device or unit,
It can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, the application
Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words
The form of product embodies, which is stored in a storage medium, including some instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the application
State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-Only
Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. is various to deposit
Store up the medium of program code.
Finally, it should be noted that embodiment described above, the only specific embodiment of the application, to illustrate the application
Technical solution, rather than its limitations, the protection scope of the application is not limited thereto, although with reference to the foregoing embodiments to this Shen
It please be described in detail, those skilled in the art should understand that: anyone skilled in the art
Within the technical scope of the present application, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of the embodiment of the present application technical solution, should all cover the protection in the application
Within the scope of.Therefore, the protection scope of the application shall be subject to the protection scope of the claim.
Claims (10)
1. a kind of behavior monitoring method characterized by comprising
Obtain the business operation request of user;The business operation request includes operation behavior information and the identity of the user
Identification information;
Based on preset regular expression, determine whether the operation behavior information is target monitoring information;
In the case where the operation behavior information is the target monitoring information, it is based on the identification information, to described
The business operation of user requests corresponding business operation behavior to be monitored.
2. the method according to claim 1, wherein described be based on the identification information, to the user
The business operation request corresponding business operation behavior to be monitored, comprising:
According to the target monitoring information, the risk class of the business operation behavior is determined;
When the risk class is greater than the risk level threshold, ID authentication request is initiated to user;
In the case where user identity authentication passes through, the business operation request is forwarded to server.
3. according to right want 1 described in method characterized by comprising
Identity information corresponding with the identification information is matched from data pool using the identification information;
The identity information is associated with the business operation behavior.
4. according to the method described in claim 3, it is characterized in that, described in the case where user identity authentication passes through, to clothes
The business device forwarding business operation is requested
It is requested based on the business operation, generates object run information;
Based on the object run information and the identity information, requested to server corresponding with the object run information
Target information;
Receive the target information of the server feedback.
5. according to the method described in claim 4, it is characterized by further comprising: being stored to the target information, and/or to institute
Target information is stated to be analyzed.
6. a kind of behavior monitoring device characterized by comprising
Module is obtained, the business operation for obtaining user is requested;Business operation request include operation behavior information and
With the identification information of the user;
Determining module determines whether the operation behavior information is target monitoring information for being based on preset regular expression;
Monitoring modular, for being based on the identity mark in the case where the operation behavior information is the target monitoring information
Know information, requests corresponding business operation behavior to be monitored the business operation of the user.
7. device according to claim 6, which is characterized in that the monitoring modular is specifically used for being based on by following manner
The identification information requests corresponding business operation behavior to be monitored the business operation of the user, comprising:
According to the target monitoring information, the risk class of the business operation behavior is determined;
When the risk class is greater than the risk level threshold, ID authentication request is initiated to user;
In the case where user identity authentication passes through, the business operation request is forwarded to server.
8. device according to claim 6, which is characterized in that described device further includes relating module;
The relating module, it is corresponding with the identification information for being matched from data pool using the identification information
Identity information;The identity information is associated with the business operation behavior.
9. device according to claim 8, which is characterized in that the monitoring modular be specifically used for by following manner with
In the case that family authentication passes through, the business operation request is forwarded to server:
It is requested based on the business operation, generates object run information;
Based on the object run information and the identity information, requested to server corresponding with the object run information
Target information;
Receive the target information of the server feedback.
10. device according to claim 9, which is characterized in that described device further includes storage analysis module;
The storage analysis module is specifically used for storing the target information, and/or analyzes the target information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811339201.9A CN109446030A (en) | 2018-11-12 | 2018-11-12 | A kind of behavior monitoring method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811339201.9A CN109446030A (en) | 2018-11-12 | 2018-11-12 | A kind of behavior monitoring method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109446030A true CN109446030A (en) | 2019-03-08 |
Family
ID=65551969
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811339201.9A Pending CN109446030A (en) | 2018-11-12 | 2018-11-12 | A kind of behavior monitoring method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109446030A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110443677A (en) * | 2019-07-05 | 2019-11-12 | 五八有限公司 | A kind of information processing method and device |
| CN112398792A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Login protection method, client, central control management equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110022214A1 (en) * | 2009-07-23 | 2011-01-27 | Bernhard Glomann | Method for Monitoring Operation Behaviour of a Component of an Industrial Plant |
| CN103679031A (en) * | 2013-12-12 | 2014-03-26 | 北京奇虎科技有限公司 | File virus immunizing method and device |
| CN103927253A (en) * | 2013-01-11 | 2014-07-16 | 阿里巴巴集团控股有限公司 | Multiple browser compatibility testing method and system |
| CN105306204A (en) * | 2014-07-04 | 2016-02-03 | 腾讯科技(深圳)有限公司 | Security verification method, device and system |
| CN105959180A (en) * | 2016-06-12 | 2016-09-21 | 乐视控股(北京)有限公司 | Data detection method and device |
| CN108574605A (en) * | 2017-03-07 | 2018-09-25 | 中国移动通信有限公司研究院 | A kind of acquisition method and device of user behavior data |
-
2018
- 2018-11-12 CN CN201811339201.9A patent/CN109446030A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110022214A1 (en) * | 2009-07-23 | 2011-01-27 | Bernhard Glomann | Method for Monitoring Operation Behaviour of a Component of an Industrial Plant |
| CN103927253A (en) * | 2013-01-11 | 2014-07-16 | 阿里巴巴集团控股有限公司 | Multiple browser compatibility testing method and system |
| CN103679031A (en) * | 2013-12-12 | 2014-03-26 | 北京奇虎科技有限公司 | File virus immunizing method and device |
| CN105306204A (en) * | 2014-07-04 | 2016-02-03 | 腾讯科技(深圳)有限公司 | Security verification method, device and system |
| CN105959180A (en) * | 2016-06-12 | 2016-09-21 | 乐视控股(北京)有限公司 | Data detection method and device |
| CN108574605A (en) * | 2017-03-07 | 2018-09-25 | 中国移动通信有限公司研究院 | A kind of acquisition method and device of user behavior data |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110443677A (en) * | 2019-07-05 | 2019-11-12 | 五八有限公司 | A kind of information processing method and device |
| CN112398792A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Login protection method, client, central control management equipment and storage medium |
| CN112398792B (en) * | 2019-08-15 | 2022-07-05 | 奇安信安全技术(珠海)有限公司 | Login protection method, client, central control management equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3497609B1 (en) | Detecting scripted or otherwise anomalous interactions with social media platform | |
| CN105051693B (en) | Method, equipment and system for managing computer server capacity | |
| CN107918733A (en) | The system and method for detecting the malicious element of webpage | |
| US10817813B2 (en) | Resource configuration and management system | |
| CN109478263A (en) | System and equipment for architecture assessment and strategy execution | |
| CN110383795A (en) | Serverless backup cloud management platform based on service graph | |
| CN109246027B (en) | Network maintenance method and device and terminal equipment | |
| CN109710942A (en) | Construction method and device, the electronic equipment of map | |
| CN109446030A (en) | A kind of behavior monitoring method and device | |
| CN113867782A (en) | Gray scale distribution method and device, computer equipment and storage medium | |
| GB2604787A (en) | Systems and methods for objective-based skill training | |
| CN110457118A (en) | Task processing method, device, computer equipment and storage medium | |
| CN112711640A (en) | Method and device for configuring business handling process | |
| CN110852761B (en) | Method and device for formulating anti-cheating strategy and electronic equipment | |
| CN115705255A (en) | Learning causal relationships | |
| US20230362112A1 (en) | Virtual-assistant-based resolution of user inquiries via failure-triggered document presentation | |
| CN109426551A (en) | A kind of transaction methods and system | |
| CN110059175A (en) | A kind of method and device of information on services processing | |
| Chevallier et al. | Detection of dependence patterns with delay | |
| CN110209558A (en) | Intelligent operation and maintenance method and device based on software definition storage | |
| CN110263551A (en) | A kind of test method and device | |
| CN104462484B (en) | Data processing method, data processor and system | |
| CN109214189A (en) | Method, apparatus, storage medium and the electronic equipment of recognizer loophole | |
| EP3131014B1 (en) | Multi-data analysis based proactive defect detection and resolution | |
| CN109902698A (en) | Information generating method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190308 |
|
| RJ01 | Rejection of invention patent application after publication |