CN109460653A - Verification method, verifying equipment, storage medium and the device of rule-based engine - Google Patents

Verification method, verifying equipment, storage medium and the device of rule-based engine Download PDF

Info

Publication number
CN109460653A
CN109460653A CN201811234982.5A CN201811234982A CN109460653A CN 109460653 A CN109460653 A CN 109460653A CN 201811234982 A CN201811234982 A CN 201811234982A CN 109460653 A CN109460653 A CN 109460653A
Authority
CN
China
Prior art keywords
rule
behavior
verified
preset
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811234982.5A
Other languages
Chinese (zh)
Other versions
CN109460653B (en
Inventor
黄胜蓝
陈晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Summit Network Technology Co Ltd
Original Assignee
Wuhan Summit Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Summit Network Technology Co Ltd filed Critical Wuhan Summit Network Technology Co Ltd
Priority to CN201811234982.5A priority Critical patent/CN109460653B/en
Publication of CN109460653A publication Critical patent/CN109460653A/en
Application granted granted Critical
Publication of CN109460653B publication Critical patent/CN109460653B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses the verification method of rule-based engine, verifying equipment, storage medium and devices.In the present invention when receiving the first behavior to be verified, the inquiry default proof rule corresponding with the described first behavior to be verified in preset rules engine;When the default proof rule is access times restriction rule, source network address corresponding with the described first behavior to be verified is determined;Count the first access times of the source network address within a preset period of time;When first access times are less than preset times upper limit threshold, verification result corresponding with the described first behavior to be verified is regarded as being proved to be successful.Significantly, the proof rule applied in real time can be adapted to for different behaviors to be verified in real time based on preset rules engine, to realize the differentiation of proof rule, also its safety and ease for use are just preferably balanced, it can not preferably balancing safety and the technical issues of ease for use to solve existing for verification mode.

Description

Verification method, verifying equipment, storage medium and the device of rule-based engine
Technical field
The present invention relates to the verification method of field of information security technology more particularly to rule-based engine, verifying equipment, deposit Storage media and device.
Background technique
In view of when multiple users are when logging in portal website, hacker logs in other people accounts in order to prevent for major portal website And preventing malice hits library behavior etc., can be verified in advance to the logging request that user currently issues, to judge that the login is asked Asking the normal login behavior for user is still illegal login behavior.When being identified as normally logging in behavior, just successfully step on The permission of Lu Shang portal website.
But the login behavior of different user its Safety and risk for portal website has differences, this is In view of certain user is normal users and certain user has greatly may be malicious user or hit library person.So application Onto the verification operation of the behavior of login, if peace can not be balanced well by implementing verification operation only in accordance with single proof rule Quan Xingyu ease for use.
So, it is believed that verification mode there is technical issues that can not preferably balancing safety with.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill Art.
Summary of the invention
The main purpose of the present invention is to provide the verification method of rule-based engine, verifying equipment, storage medium and dresses Set, it is intended to solve verification mode there is technical issues that can not preferably balancing safety with.
To achieve the above object, the present invention provides a kind of verification method of rule-based engine, the rule-based engine Verification method the following steps are included:
User is being received in the first behavior to be verified inputted on default interactive interface, is being looked into preset rules engine Ask default proof rule corresponding with the described first behavior to be verified;
When the default proof rule is access times restriction rule, determination is corresponding with the described first behavior to be verified Source network address;
Count the first access times of the source network address within a preset period of time;
It, will be corresponding with the described first behavior to be verified when first access times are less than preset times upper limit threshold Verification result is regarded as being proved to be successful.
Preferably, described to receive user in the first behavior to be verified inputted on default interactive interface, default Inquiry default proof rule corresponding with the described first behavior to be verified in regulation engine, comprising:
User is being received in the first behavior to be verified inputted on default interactive interface, it will be in preset rules engine Each preset trigger condition is matched with the described first behavior to be verified;
In successful match, the default proof rule of inquiry and the preset trigger condition linkage of successful match.
Preferably, described to receive user in the first behavior to be verified inputted on default interactive interface, it will preset Each preset trigger condition in regulation engine is matched with the described first behavior to be verified, comprising:
User is being received in the first behavior to be verified inputted on default interactive interface, is determining and described first is to be tested The corresponding source network address of card behavior, and inquire user tag corresponding with the source network address;
When the user tag is repeated authentication label, inquiry records the repeated authentication mark in preset rules engine The preset trigger condition of label;
The default proof rule that in successful match, the preset trigger condition of inquiry and successful match links, comprising:
When inquiring the preset trigger condition for recording the repeated authentication label, the basis in preset rules mapping relations The preset trigger condition for recording the repeated authentication label inquires corresponding access times restriction rule, the preset rules mapping It include the corresponding relationship between the preset trigger condition and default proof rule in relationship.
Preferably, described to receive user in the first behavior to be verified inputted on default interactive interface, determine with The corresponding source network address of first behavior to be verified, and inquire before user tag corresponding with the source network address, The verification method of the rule-based engine further include:
User is being received in the second behavior to be verified inputted on default interactive interface, is determining and described second is to be tested The corresponding source network address of card behavior;
Pass through the second access times of the source network address within a preset period of time;
It, will be corresponding with the source network address when second access times are more than or equal to preset times lower threshold User tag regards as repeated authentication label.
Preferably, described when the default proof rule is access times restriction rule, it determines and described first to be tested After the corresponding source network address of card behavior, the verification method of the rule-based engine includes:
Each default malice entry address recorded in the source network address and default blacklist is matched;
When it fails to match, the first access times of the statistics source network address within a preset period of time are executed Step.
Preferably, described when first access times are less than preset times upper limit threshold, will with it is described first to be tested The corresponding verification result of card behavior is regarded as being proved to be successful, comprising:
When first access times are less than preset times upper limit threshold, the described first behavior to be verified is located in advance Reason, to obtain goal behavior feature;
Legitimate verification is carried out to the goal behavior feature based on default convolutional neural networks;
In legitimate verification success, will verification result corresponding with the described first behavior to be verified regard as verifying at Function.
Preferably, described in legitimate verification success, verification result corresponding with the described first behavior to be verified is recognized It is set to after being proved to be successful, the verification method of the rule-based engine further include:
When including user agent in the goal behavior feature, performance inquiry instruction is generated, and by the performance queries Instruction is sent to user equipment, so that the user equipment acquires current browser performance information, and feeds back to the verifying and sets It is standby;
Corresponding objective browser performance information is inquired according to the user agent;
The current browser performance information is matched with the objective browser performance information;
When it fails to match, verification result corresponding with the described first behavior to be verified is revised as authentication failed.
In addition, to achieve the above object, the present invention also proposes a kind of verifying equipment, the verifying equipment include memory, Processor and the proving program for being stored in the rule-based engine that can be run on the memory and on the processor, it is described The proving program of rule-based engine is arranged for carrying out the step of verification method of rule-based engine as described above.
In addition, to achieve the above object, the present invention also proposes a kind of storage medium, it is stored with and is based on the storage medium The proving program of the proving program of regulation engine, the rule-based engine realizes base as described above when being executed by processor In the verification method of regulation engine the step of.
In addition, to achieve the above object, the present invention also proposes a kind of verifying device of rule-based engine, described based on rule Then the verifying device of engine includes:
Rule query module, for receiving user in the first behavior to be verified inputted on default interactive interface, The inquiry default proof rule corresponding with the described first behavior to be verified in preset rules engine;
Source address determining module, for when the default proof rule is access times restriction rule, it is determining with it is described The corresponding source network address of first behavior to be verified;
Access times statistical module, for counting the first access times of the source network address within a preset period of time;
Behavior authentication module will be with described for when first access times are less than preset times upper limit threshold The corresponding verification result of one behavior to be verified is regarded as being proved to be successful.
In the present invention after receiving the first behavior to be verified, corresponding preset can be inquired from preset rules engine and is tested Card rule, if the default proof rule is access times restriction rule, statistics available source network address is within a preset period of time Verification result is regarded as being proved to be successful by the first access times when the first access times are less than preset times upper limit threshold.It is bright Aobviously, it will be advised in the present invention based on preset rules engine come the verifying applied in real time for different behavior to be verified adaptations in real time Then, to realize the differentiation of proof rule, also, can preferably sentence by comparing the access times in preset time period The risk of disconnected login user, also just preferably balances its safety and ease for use, to solve existing for verification mode It can not preferably balancing safety and the technical issues of ease for use.
Detailed description of the invention
Fig. 1 is the verifying device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is that the present invention is based on the flow diagrams of the verification method first embodiment of regulation engine;
Fig. 3 is that the present invention is based on the flow diagrams of the verification method second embodiment of regulation engine;
Fig. 4 is that the present invention is based on the flow diagrams of the verification method 3rd embodiment of regulation engine;
Fig. 5 is the structural block diagram of the verifying device first embodiment the present invention is based on regulation engine.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Referring to Fig.1, Fig. 1 is the verifying device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
As shown in Figure 1, the verifying equipment may include: processor 1001, such as CPU, communication bus 1002, user interface 1003, network interface 1004, memory 1005.Wherein, communication bus 1002 is for realizing the connection communication between these components. User interface 1003 may include display screen (Display), optional user interface 1003 can also include standard wireline interface, Wireless interface, the wireline interface for user interface 1003 can be USB interface in the present invention.Network interface 1004 optionally may be used To include standard wireline interface and wireless interface (such as WI-FI interface).Memory 1005 can be high speed RAM memory, can also To be stable memory (non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be Independently of the storage device of aforementioned processor 1001.
It will be understood by those skilled in the art that structure shown in Fig. 1 does not constitute the restriction to verifying equipment, can wrap It includes than illustrating more or fewer components, perhaps combines certain components or different component layouts.
As shown in Figure 1, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium Believe the proving program of module, Subscriber Interface Module SIM and rule-based engine.
In verifying equipment shown in Fig. 1, network interface 1004 is mainly used for connecting background server, takes with the backstage Business device carries out data communication;User interface 1003 is mainly used for connecting peripheral hardware;The verifying equipment is called by processor 1001 The proving program of the rule-based engine stored in memory 1005, and execute following operation:
User is being received in the first behavior to be verified inputted on default interactive interface, is being looked into preset rules engine Ask default proof rule corresponding with the described first behavior to be verified;
When the default proof rule is access times restriction rule, determination is corresponding with the described first behavior to be verified Source network address;
Count the first access times of the source network address within a preset period of time;
It, will be corresponding with the described first behavior to be verified when first access times are less than preset times upper limit threshold Verification result is regarded as being proved to be successful.
Further, processor 1001 can call the proving program of the rule-based engine stored in memory 1005, Also execute following operation:
User is being received in the first behavior to be verified inputted on default interactive interface, it will be in preset rules engine Each preset trigger condition is matched with the described first behavior to be verified;
In successful match, the default proof rule of inquiry and the preset trigger condition linkage of successful match.
Further, processor 1001 can call the proving program of the rule-based engine stored in memory 1005, Also execute following operation:
User is being received in the first behavior to be verified inputted on default interactive interface, is determining and described first is to be tested The corresponding source network address of card behavior, and inquire user tag corresponding with the source network address;
When the user tag is repeated authentication label, inquiry records the repeated authentication mark in preset rules engine The preset trigger condition of label;
Correspondingly, following operation is also executed:
When inquiring the preset trigger condition for recording the repeated authentication label, the basis in preset rules mapping relations The preset trigger condition for recording the repeated authentication label inquires corresponding access times restriction rule, the preset rules mapping It include the corresponding relationship between the preset trigger condition and default proof rule in relationship.
Further, processor 1001 can call the proving program of the rule-based engine stored in memory 1005, Also execute following operation:
User is being received in the second behavior to be verified inputted on default interactive interface, is determining and described second is to be tested The corresponding source network address of card behavior;
Pass through the second access times of the source network address within a preset period of time;
It, will be corresponding with the source network address when second access times are more than or equal to preset times lower threshold User tag regards as repeated authentication label.
Further, processor 1001 can call the proving program of the rule-based engine stored in memory 1005, Also execute following operation:
Each default malice entry address recorded in the source network address and default blacklist is matched;
When it fails to match, the first access times of the statistics source network address within a preset period of time are executed Step.
Further, processor 1001 can call the proving program of the rule-based engine stored in memory 1005, Also execute following operation:
When first access times are less than preset times upper limit threshold, the described first behavior to be verified is located in advance Reason, to obtain goal behavior feature;
Legitimate verification is carried out to the goal behavior feature based on default convolutional neural networks;
In legitimate verification success, will verification result corresponding with the described first behavior to be verified regard as verifying at Function.
Further, processor 1001 can call the proving program of the rule-based engine stored in memory 1005, Also execute following operation:
When including user agent in the goal behavior feature, performance inquiry instruction is generated, and by the performance queries Instruction is sent to user equipment, so that the user equipment acquires current browser performance information, and feeds back to the verifying and sets It is standby;
Corresponding objective browser performance information is inquired according to the user agent;
The current browser performance information is matched with the objective browser performance information;
When it fails to match, verification result corresponding with the described first behavior to be verified is revised as authentication failed.
In the present embodiment after receiving the first behavior to be verified, it can be inquired from preset rules engine corresponding default Proof rule, if the default proof rule is access times restriction rule, statistics available source network address is within a preset period of time The first access times, when the first access times be less than preset times upper limit threshold when, verification result is regarded as being proved to be successful. It is apparent that will be tested in real time for what different behavior to be verified adaptations were applied in real time based on preset rules engine in the present embodiment Card rule, to realize the differentiation of proof rule, also, can be preferable by comparing the access times in preset time period Ground judges the risk of login user, also just preferably balances its safety and ease for use, deposits to solve verification mode Can not preferably balancing safety and the technical issues of ease for use.
Based on above-mentioned hardware configuration, propose that the present invention is based on the embodiments of the verification method of regulation engine.
It is that the present invention is based on the flow diagrams of the verification method first embodiment of regulation engine referring to Fig. 2, Fig. 2.
In the first embodiment, the rule-based engine verification method the following steps are included:
Step S10: user is being received in the first behavior to be verified inputted on default interactive interface, in preset rules Inquiry default proof rule corresponding with the described first behavior to be verified in engine.
It is understood that hitting library behavior in view of if possible can not preferably take precautions against of single proof rule is used only Or the attack of hacker, for example, possible hacker can be known just by script if identifying code is used only as proof rule Graphical verification code not in the portal website simultaneously realizes that the batch of account logs in, and so just reduces the safety of portal website; But if scrupling safety simply, and the difficulty of proof rule is improved, for example, identifying code proof rule is replaced with back The answering type proof rule of user information class is answered, this has elongated the login time that normal users log in portal website, is allowed to not have Standby good ease for use.
It should be understood that simultaneously with respect to the safety of verification operation and ease for use, the present embodiment will be arranged more simultaneously A different types of proof rule, and realize by regulation engine the allotment of proof rule, to preferably balance its safety With ease for use.Wherein, regulation engine is as the component software in a kind of insertion application program, for by the business in application program Rule is stripped out, and in actual motion, will be compared by input information with business rule of the load in regulation engine, with Activate certain business rule.
In the concrete realization, it if user A is intended to log in certain portal website B, can be inputted on the login interface of portal website B Account name and password other can also assist the verification information of verifying simultaneously, for example, identifying code etc. certainly.User A is completed After input operation on login interface, by clicking the login option on login interface, that is, the first behavior to be verified is produced, from And it delivers and completes the verification operation of behavior to be verified for first in backstage.
It is understood that first behavior to be verified, will as input information after receiving first behavior to be verified Corresponding proof rule is adapted to out by the first behavior to be verified in the case where preset rules engine comes, and activates the proof rule.
Step S20: when the default proof rule is access times restriction rule, determining and the described first row to be verified For corresponding source network address.
In the concrete realization, if the proof rule being fitted to is access times restriction rule, and access times restriction rule By by the login times of user come the success or not of decision verification result.Certainly, the proof rule being fitted to may also be it The proof rule of his type, for example, the answering type proof rule etc. of identifying code proof rule or answer user information class.
Step S30: the first access times of the source network address within a preset period of time are counted.
It is understood that by the historical log behavior of each user of real-time statistics, so, activating access times limit When system rule, by the network address of the source network address for first the determining the user A i.e. user A logging device used, and extract The historical log behavior of the user A.If preset time period is 24 hours, use can be learned according to the historical log behavior of user A Access times of the family A within 24 hours are 10 times.
Step S40:, will be with the described first row to be verified when first access times are less than preset times upper limit threshold It regards as being proved to be successful for corresponding verification result.
It should be understood that preset times upper limit threshold may be configured as 20 times, it is less than default time in view of access times 10 times Number upper limit threshold can then assert that the verification result of this verification operation is to be proved to be successful.
It certainly, will be with the described first behavior to be verified if the first access times are more than or equal to preset times upper limit threshold Corresponding verification result regards as authentication failed.
In the present embodiment after receiving the first behavior to be verified, it can be inquired from preset rules engine corresponding default Proof rule, if the default proof rule is access times restriction rule, statistics available source network address is within a preset period of time The first access times, when the first access times be less than preset times upper limit threshold when, verification result is regarded as being proved to be successful. It is apparent that will be tested in real time for what different behavior to be verified adaptations were applied in real time based on preset rules engine in the present embodiment Card rule, to realize the differentiation of proof rule, also, can be preferable by comparing the access times in preset time period Ground judges the risk of login user, also just preferably balances its safety and ease for use, deposits to solve verification mode Can not preferably balancing safety and the technical issues of ease for use.
It is to be based on the present invention is based on the flow diagram of the verification method second embodiment of regulation engine referring to Fig. 3, Fig. 3 Above-mentioned first embodiment shown in Fig. 2 proposes that the present invention is based on the second embodiments of the verification method of regulation engine.
In second embodiment, the step S10, comprising:
Step S101: user is being received in the first behavior to be verified inputted on default interactive interface, by default rule Then each preset trigger condition in engine is matched with the described first behavior to be verified.
It will include trigger condition part it is understood that for preset rules engine, in preset rules engine and test Rule section is demonstrate,proved, the proof rule of linkage is activated by triggering trigger condition.
Step S102: in successful match, the default proof rule of inquiry and the preset trigger condition linkage of successful match.
In the concrete realization, when executing the regulation engine, execution queue can be also additionally set, it can be based in execution queue The priority of trigger condition trigger condition is matched with behavior to be verified one by one, for example, if trigger condition A with should First behavior successful match to be verified then inquires the proof rule A with trigger condition A linkage, to activate and execute immediately Proof rule A.
Further, described to receive user in the first behavior to be verified inputted on default interactive interface, it will be pre- If each preset trigger condition in regulation engine is matched with the described first behavior to be verified, comprising:
User is being received in the first behavior to be verified inputted on default interactive interface, is determining and described first is to be tested The corresponding source network address of card behavior, and inquire user tag corresponding with the source network address;
When the user tag is repeated authentication label, inquiry records the repeated authentication mark in preset rules engine The preset trigger condition of label;
The default proof rule that in successful match, the preset trigger condition of inquiry and successful match links, comprising:
When inquiring the preset trigger condition for recording the repeated authentication label, the basis in preset rules mapping relations The preset trigger condition for recording the repeated authentication label inquires corresponding access times restriction rule, the preset rules mapping It include the corresponding relationship between the preset trigger condition and default proof rule in relationship.
It is understood that trigger condition include it is a variety of, for example, may be defined in trigger condition user's login time, The number etc. of number or login failed for user that user logins successfully.If having required the label of user tag in trigger condition B Information then can first inquire the user tag of user A.Wherein, user tag is for classifying to user in order to verify process Differentiation reply is carried out for user, for example, user tag includes credit customer label, malicious user label and repeated authentication Label etc., and repeated authentication label is for characterizing the situation that the user deposits multiple logon attempt in a short time.
In the concrete realization, if trigger condition B is " user tag is repeated authentication label ", and the user of user A just Label is repeated authentication label, then proof rule corresponding with trigger condition B can be inquired in preset rules mapping relations.
Further, described to receive user in the first behavior to be verified inputted on default interactive interface, it determines Source network address corresponding with the described first behavior to be verified, and inquire user tag corresponding with the source network address it Before, the verification method of the rule-based engine further include:
User is being received in the second behavior to be verified inputted on default interactive interface, is determining and described second is to be tested The corresponding source network address of card behavior;
Pass through the second access times of the source network address within a preset period of time;
It, will be corresponding with the source network address when second access times are more than or equal to preset times lower threshold User tag regards as repeated authentication label.
In the concrete realization, if there is also other behaviors to be verified before the first behavior to be verified by user A, and When behavior to be verified before verifying, it is 6 times that the second access times in preset time period are extracted from historical log behavior. Second access times are greater than preset times lower threshold 4 times, then the user tag of user A can be labeled as repeated authentication label. Wherein, source network address can be used for marking user identity.
It should be noted that the effect of preset times lower threshold is different from preset times upper limit threshold, in preset times Whether whether current user A be user or be to hit library person that malice logs in limit threshold value for identification;And the preset times upper limit Threshold value is used to determine that user A to whether there is the situation repeatedly logged in, does not assert whether user A is the user maliciously logged in, because For normal user is also likely to be present the situation of login failure.
Further, it is described the default proof rule be access times restriction rule when, determine with described first to After the corresponding source network address of verifying behavior, the verification method of the rule-based engine includes:
Each default malice entry address recorded in the source network address and default blacklist is matched;
When it fails to match, the first access times of the statistics source network address within a preset period of time are executed Step.
It is understood that source network address will acquire by access times restriction rule when implementing verification operation, In order to further improve the accuracy of verification operation, blacklist setting can be introduced, simultaneously to improve safety.
In the concrete realization, after having got source network address, can will remember in the source network address and blacklist It records a large amount of malice entry address on record to be matched, if successful match, illustrates this with initiating the user of behavior to be verified Location belongs to malice entry address, user risk with higher, can be directly by verifying corresponding with the first behavior to be verified As a result authentication failed is regarded as;If it fails to match, can continue to implement further to verify behaviour based on access times restriction rule Make.
Different proof rules can be called for different behaviors to be verified by setting user tag in the present embodiment, with Discriminatively it is applicable in the different proof rule of validation difficulty.
It is to be based on the present invention is based on the flow diagram of the verification method 3rd embodiment of regulation engine referring to Fig. 4, Fig. 4 Above-mentioned first embodiment shown in Fig. 2 proposes that the present invention is based on the 3rd embodiments of the verification method of regulation engine.
In 3rd embodiment, the step S40, comprising:
Step S401: when first access times are less than preset times upper limit threshold, to the described first row to be verified To be pre-processed, to obtain goal behavior feature.
It is understood that can also be introduced after completing for the judgement of verification result based on access times restriction rule Convolutional neural networks carry out further decision to the first behavior to be verified.
In the concrete realization, a variety of different types and irregular behavioural characteristic are had recorded in the first behavior to be verified, than Such as, goal behavior feature include characterize the user identifier of user identity, page iden-tity, user agent (User Agent, UA) with And log in the device identification of the equipment used, it will be apparent that, do not have direct data between these different types of behavioural characteristics Relevance verifies the first behavior to be verified to integrate these behavioural characteristics, can introduce convolutional neural networks with carrying out globality.
Step S402: legitimate verification is carried out to the goal behavior feature based on default convolutional neural networks.
It is understood that irregular goal behavior feature can be inputted in default convolutional neural networks, and default volume Product neural network will be come based on adaptive moments estimation (Adaptive moment estimation, Adam) optimizer to onrelevant The goal behavior feature of property is trained, to judge goal behavior feature as positive sample or for negative sample.Wherein, positive sample refers to Verification result regards as the behavioural characteristic numerical value being proved to be successful, and negative sample refers to that verification result regards as the behavior spy of authentication failed Levy numerical value.
Step S403:, will verification result identification corresponding with the described first behavior to be verified in legitimate verification success To be proved to be successful.
It should be understood that when judging goal behavior feature for positive sample, then test the first behavior to be verified is corresponding Card result is regarded as being proved to be successful.
Further, described in legitimate verification success, it will verification result corresponding with the described first behavior to be verified It regards as after being proved to be successful, the verification method of the rule-based engine further include:
When including user agent in the goal behavior feature, performance inquiry instruction is generated, and by the performance queries Instruction is sent to user equipment, so that the user equipment acquires current browser performance information, and feeds back to the verifying and sets It is standby;
Corresponding objective browser performance information is inquired according to the user agent;
The current browser performance information is matched with the objective browser performance information;
When it fails to match, verification result corresponding with the described first behavior to be verified is revised as authentication failed.
It is understood that the data of malicious user tampering feature simulate normal users in order to prevent, to reach To the purpose for the positive sample that disguises oneself as, the camouflage behavior of preventing malice user can be carried out by comparing browser performance information.In addition, The executing subject of the present embodiment is verifying equipment, and verifying equipment can be the electronic equipments such as server;And user equipment is to verifying Equipment sends the electronic equipment of the first behavior to be verified, and user equipment can be the smart phone or PC that user uses Deng.
In the concrete realization, the uniqueness browser mark of the browser of different company's exploitation is had recorded in user agent, The browser type that can go out to initiate the browser of the behavior to be verified by user agent's Direct Recognition, moreover, different browsers Runnability it is different.So if containing user agent A in the first behavior to be verified, can arriving first initiation, this is first to be tested The browser performance information for the browser that the user equipment side inquiry of card behavior uses.For example, browser performance information includes page Face opening speed and compatibility information etc..
It should be understood that after getting actual browser performance information, then inquire corresponding with user agent A pre- The objective browser performance information first counted, objective browser performance information is for recording browser corresponding with user agent A Performance information historical range.If actual browser performance information is compared with objective browser performance information, but It is that actual browser performance information and objective browser performance information be not identical, alternatively, actual browser performance information is not It falls into the historical range of objective browser performance information record, then it is believed that initiating the user equipment of first behavior to be verified The camouflage of browser type can be can be carried out, for example, the browser M not developed using M company really but being provided browser M's User agent, to play the role of the normal users that disguise oneself as, because the most-often used browser of possible normal users is just being that this is clear Look at device M.So authentication failed can be regarded as.
Convolutional neural networks will be additionally introduced in the present embodiment, and auxiliary verifying is carried out to the first behavior to be verified, it can not only Preferably carry out man-machine differentiation, it may have preferable robustness.
In addition, the embodiment of the present invention also proposes a kind of storage medium, rule-based engine is stored on the storage medium Proving program, following operation is realized when the proving program of the rule-based engine is executed by processor:
User is being received in the first behavior to be verified inputted on default interactive interface, is being looked into preset rules engine Ask default proof rule corresponding with the described first behavior to be verified;
When the default proof rule is access times restriction rule, determination is corresponding with the described first behavior to be verified Source network address;
Count the first access times of the source network address within a preset period of time;
It, will be corresponding with the described first behavior to be verified when first access times are less than preset times upper limit threshold Verification result is regarded as being proved to be successful.
Further, following operation is also realized when the proving program of the rule-based engine is executed by processor:
User is being received in the first behavior to be verified inputted on default interactive interface, it will be in preset rules engine Each preset trigger condition is matched with the described first behavior to be verified;
In successful match, the default proof rule of inquiry and the preset trigger condition linkage of successful match.
Further, following operation is also realized when the proving program of the rule-based engine is executed by processor:
User is being received in the first behavior to be verified inputted on default interactive interface, is determining and described first is to be tested The corresponding source network address of card behavior, and inquire user tag corresponding with the source network address;
When the user tag is repeated authentication label, inquiry records the repeated authentication mark in preset rules engine The preset trigger condition of label;
Correspondingly, following operation is also realized:
When inquiring the preset trigger condition for recording the repeated authentication label, the basis in preset rules mapping relations The preset trigger condition for recording the repeated authentication label inquires corresponding access times restriction rule, the preset rules mapping It include the corresponding relationship between the preset trigger condition and default proof rule in relationship.
Further, following operation is also realized when the proving program of the rule-based engine is executed by processor:
User is being received in the second behavior to be verified inputted on default interactive interface, is determining and described second is to be tested The corresponding source network address of card behavior;
Pass through the second access times of the source network address within a preset period of time;
It, will be corresponding with the source network address when second access times are more than or equal to preset times lower threshold User tag regards as repeated authentication label.
Further, following operation is also realized when the proving program of the rule-based engine is executed by processor:
Each default malice entry address recorded in the source network address and default blacklist is matched;
When it fails to match, the first access times of the statistics source network address within a preset period of time are executed Step.
Further, following operation is also realized when the proving program of the rule-based engine is executed by processor:
When first access times are less than preset times upper limit threshold, the described first behavior to be verified is located in advance Reason, to obtain goal behavior feature;
Legitimate verification is carried out to the goal behavior feature based on default convolutional neural networks;
In legitimate verification success, will verification result corresponding with the described first behavior to be verified regard as verifying at Function.
Further, following operation is also realized when the proving program of the rule-based engine is executed by processor:
When including user agent in the goal behavior feature, performance inquiry instruction is generated, and by the performance queries Instruction is sent to user equipment, so that the user equipment acquires current browser performance information, and feeds back to the verifying and sets It is standby;
Corresponding objective browser performance information is inquired according to the user agent;
The current browser performance information is matched with the objective browser performance information;
When it fails to match, verification result corresponding with the described first behavior to be verified is revised as authentication failed.
In the present embodiment after receiving the first behavior to be verified, it can be inquired from preset rules engine corresponding default Proof rule, if the default proof rule is access times restriction rule, statistics available source network address is within a preset period of time The first access times, when the first access times be less than preset times upper limit threshold when, verification result is regarded as being proved to be successful. It is apparent that will be tested in real time for what different behavior to be verified adaptations were applied in real time based on preset rules engine in the present embodiment Card rule, to realize the differentiation of proof rule, also, can be preferable by comparing the access times in preset time period Ground judges the risk of login user, also just preferably balances its safety and ease for use, deposits to solve verification mode Can not preferably balancing safety and the technical issues of ease for use.
In addition, the embodiment of the present invention also proposes a kind of verifying device of rule-based engine, described based on rule referring to Fig. 5 Then the verifying device of engine includes:
Rule query module 10, in the first behavior to be verified for receiving user and being inputted on default interactive interface When, the inquiry default proof rule corresponding with the described first behavior to be verified in preset rules engine.
It is understood that hitting library behavior in view of if possible can not preferably take precautions against of single proof rule is used only Or the attack of hacker, for example, possible hacker can be known just by script if identifying code is used only as proof rule Graphical verification code not in the portal website simultaneously realizes that the batch of account logs in, and so just reduces the safety of portal website; But if scrupling safety simply, and the difficulty of proof rule is improved, for example, identifying code proof rule is replaced with back The answering type proof rule of user information class is answered, this has elongated the login time that normal users log in portal website, is allowed to not have Standby good ease for use.
It should be understood that simultaneously with respect to the safety of verification operation and ease for use, the present embodiment will be arranged more simultaneously A different types of proof rule, and realize by regulation engine the allotment of proof rule, to preferably balance its safety With ease for use.Wherein, regulation engine is as the component software in a kind of insertion application program, for by the business in application program Rule is stripped out, and in actual motion, will be compared by input information with business rule of the load in regulation engine, with Activate certain business rule.
In the concrete realization, it if user A is intended to log in certain portal website B, can be inputted on the login interface of portal website B Account name and password other can also assist the verification information of verifying simultaneously, for example, identifying code etc. certainly.User A is completed After input operation on login interface, by clicking the login option on login interface, that is, the first behavior to be verified is produced, from And it delivers and completes the verification operation of behavior to be verified for first in backstage.
It is understood that first behavior to be verified, will as input information after receiving first behavior to be verified Corresponding proof rule is adapted to out by the first behavior to be verified in the case where preset rules engine comes, and activates the proof rule.
Source address determining module 20 is used for when the default proof rule is access times restriction rule, determining and institute State the corresponding source network address of the first behavior to be verified.
In the concrete realization, if the proof rule being fitted to is access times restriction rule, and access times restriction rule By by the login times of user come the success or not of decision verification result.Certainly, the proof rule being fitted to may also be it The proof rule of his type, for example, the answering type proof rule etc. of identifying code proof rule or answer user information class.
Access times statistical module 30, for counting the first access time of the source network address within a preset period of time Number.
It is understood that by the historical log behavior of each user of real-time statistics, so, activating access times limit When system rule, by the network address of the source network address for first the determining the user A i.e. user A logging device used, and extract The historical log behavior of the user A.If preset time period is 24 hours, use can be learned according to the historical log behavior of user A Access times of the family A within 24 hours are 10 times.
Behavior authentication module 40, for first access times be less than preset times upper limit threshold when, will with it is described The corresponding verification result of first behavior to be verified is regarded as being proved to be successful.
It should be understood that preset times upper limit threshold may be configured as 20 times, it is less than default time in view of access times 10 times Number upper limit threshold can then assert that the verification result of this verification operation is to be proved to be successful.
It certainly, will be with the described first behavior to be verified if the first access times are more than or equal to preset times upper limit threshold Corresponding verification result regards as authentication failed.
In the present embodiment after receiving the first behavior to be verified, it can be inquired from preset rules engine corresponding default Proof rule, if the default proof rule is access times restriction rule, statistics available source network address is within a preset period of time The first access times, when the first access times be less than preset times upper limit threshold when, verification result is regarded as being proved to be successful. It is apparent that will be tested in real time for what different behavior to be verified adaptations were applied in real time based on preset rules engine in the present embodiment Card rule, to realize the differentiation of proof rule, also, can be preferable by comparing the access times in preset time period Ground judges the risk of login user, also just preferably balances its safety and ease for use, deposits to solve verification mode Can not preferably balancing safety and the technical issues of ease for use.
The other embodiments or specific implementation of the verifying device of rule-based engine of the present invention can refer to above-mentioned Each method embodiment, details are not described herein again.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.If listing equipment for drying Unit claim in, several in these devices, which can be, to be embodied by the same item of hardware.Word first, Second and the use of third etc. do not indicate any sequence, can be title by these word explanations.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in a storage medium In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, computer, clothes Business device, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of verification method of rule-based engine, which is characterized in that the verification method of the rule-based engine include with Lower step:
User is being received in the first behavior to be verified inputted on default interactive interface, in preset rules engine inquiry with The corresponding default proof rule of first behavior to be verified;
When the default proof rule is access times restriction rule, source net corresponding with the described first behavior to be verified is determined Network address;
Count the first access times of the source network address within a preset period of time;
It, will verifying corresponding with the described first behavior to be verified when first access times are less than preset times upper limit threshold As a result it regards as being proved to be successful.
2. the verification method of rule-based engine as described in claim 1, which is characterized in that described to receive user pre- If when the first behavior to be verified inputted on interactive interface, inquiry and the described first behavior pair to be verified in preset rules engine The default proof rule answered, comprising:
User is being received in the first behavior to be verified inputted on default interactive interface, it will be each pre- in preset rules engine If trigger condition is matched with the described first behavior to be verified;
In successful match, the default proof rule of inquiry and the preset trigger condition linkage of successful match.
3. the verification method of rule-based engine as claimed in claim 2, which is characterized in that described to receive user pre- If when the first behavior to be verified inputted on interactive interface, by each preset trigger condition and described first in preset rules engine Behavior to be verified is matched, comprising:
User is being received in the first behavior to be verified inputted on default interactive interface, determining and the described first row to be verified For corresponding source network address, and inquire user tag corresponding with the source network address;
When the user tag is repeated authentication label, inquiry records the repeated authentication label in preset rules engine Preset trigger condition;
The default proof rule that in successful match, the preset trigger condition of inquiry and successful match links, comprising:
When inquiring the preset trigger condition for recording the repeated authentication label, according to record in preset rules mapping relations The preset trigger condition of the repeated authentication label inquires corresponding access times restriction rule, the preset rules mapping relations In include corresponding relationship between the preset trigger condition and default proof rule.
4. the verification method of rule-based engine as claimed in claim 3, which is characterized in that described to receive user pre- If when the first behavior to be verified inputted on interactive interface, determining source network address corresponding with the described first behavior to be verified, And it inquires before user tag corresponding with the source network address, the verification method of the rule-based engine further include:
User is being received in the second behavior to be verified inputted on default interactive interface, determining and the described second row to be verified For corresponding source network address;
Pass through the second access times of the source network address within a preset period of time;
It, will user corresponding with the source network address when second access times are more than or equal to preset times lower threshold Label regards as repeated authentication label.
5. the verification method of rule-based engine according to any one of claims 1 to 4, which is characterized in that described in institute When to state default proof rule be access times restriction rule, determine source network address corresponding with the described first behavior to be verified it Afterwards, the verification method of the rule-based engine includes:
Each default malice entry address recorded in the source network address and default blacklist is matched;
When it fails to match, the step of the first access times of the statistics source network address within a preset period of time is executed Suddenly.
6. the verification method of rule-based engine according to any one of claims 1 to 4, which is characterized in that described in institute It, will verification result identification corresponding with the described first behavior to be verified when stating the first access times less than preset times upper limit threshold To be proved to be successful, comprising:
When first access times are less than preset times upper limit threshold, the described first behavior to be verified is pre-processed, To obtain goal behavior feature;
Legitimate verification is carried out to the goal behavior feature based on default convolutional neural networks;
In legitimate verification success, verification result corresponding with the described first behavior to be verified is regarded as being proved to be successful.
7. the verification method of rule-based engine as claimed in claim 6, which is characterized in that described in legitimate verification success When, verification result corresponding with the described first behavior to be verified is regarded as after being proved to be successful, the rule-based engine Verification method further include:
When including user agent in the goal behavior feature, performance inquiry instruction is generated, and the performance queries are instructed It is sent to user equipment, so that the user equipment acquires current browser performance information, and feeds back to the verifying equipment;
Corresponding objective browser performance information is inquired according to the user agent;
The current browser performance information is matched with the objective browser performance information;
When it fails to match, verification result corresponding with the described first behavior to be verified is revised as authentication failed.
8. a kind of verifying equipment, which is characterized in that the verifying equipment includes: memory, processor and is stored in the storage The proving program of rule-based engine, the proving program quilt of the rule-based engine can be run on device and on the processor The step of verification method of the rule-based engine as described in any one of claims 1 to 7 is realized when the processor executes.
9. a kind of storage medium, which is characterized in that the proving program of rule-based engine is stored on the storage medium, it is described It is realized when the proving program of rule-based engine is executed by processor rule-based as described in any one of claims 1 to 7 The step of verification method of engine.
10. a kind of verifying device of rule-based engine, which is characterized in that the verifying device of the rule-based engine includes:
Rule query module, for receiving user in the first behavior to be verified inputted on default interactive interface, pre- If inquiry default proof rule corresponding with the described first behavior to be verified in regulation engine;
Source address determining module, for determining and described first when the default proof rule is access times restriction rule The corresponding source network address of behavior to be verified;
Access times statistical module, for counting the first access times of the source network address within a preset period of time;
Behavior authentication module, for first access times be less than preset times upper limit threshold when, will with described first to The corresponding verification result of verifying behavior is regarded as being proved to be successful.
CN201811234982.5A 2018-10-22 2018-10-22 Rule engine based verification method, verification device, storage medium and apparatus Active CN109460653B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811234982.5A CN109460653B (en) 2018-10-22 2018-10-22 Rule engine based verification method, verification device, storage medium and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811234982.5A CN109460653B (en) 2018-10-22 2018-10-22 Rule engine based verification method, verification device, storage medium and apparatus

Publications (2)

Publication Number Publication Date
CN109460653A true CN109460653A (en) 2019-03-12
CN109460653B CN109460653B (en) 2021-06-25

Family

ID=65608157

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811234982.5A Active CN109460653B (en) 2018-10-22 2018-10-22 Rule engine based verification method, verification device, storage medium and apparatus

Country Status (1)

Country Link
CN (1) CN109460653B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188159A (en) * 2019-05-27 2019-08-30 深圳前海微众银行股份有限公司 Collage-credit data cut-in method, device, equipment and computer readable storage medium
CN112395574A (en) * 2020-12-04 2021-02-23 航天信息股份有限公司 Safety login management method
CN113377818A (en) * 2021-06-29 2021-09-10 平安普惠企业管理有限公司 Flow verification method and device, computer equipment and storage medium
CN113407983A (en) * 2020-03-16 2021-09-17 北京国双科技有限公司 Security policy issuing method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789855A (en) * 2015-11-25 2017-05-31 北京奇虎科技有限公司 The method and device of user login validation
CN107592309A (en) * 2017-09-14 2018-01-16 携程旅游信息技术(上海)有限公司 Security incident detection and processing method, system, equipment and storage medium
CN107612895A (en) * 2017-09-05 2018-01-19 网宿科技股份有限公司 A kind of internet anti-attack method and certificate server
CN108092975A (en) * 2017-12-07 2018-05-29 上海携程商务有限公司 Recognition methods, system, storage medium and the electronic equipment of abnormal login
CN108322436A (en) * 2017-12-28 2018-07-24 瑞庭网络技术(上海)有限公司 Verification method, device, computer equipment and the readable storage medium storing program for executing of network request
CN108650226A (en) * 2018-03-30 2018-10-12 平安科技(深圳)有限公司 A kind of login validation method, device, terminal device and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789855A (en) * 2015-11-25 2017-05-31 北京奇虎科技有限公司 The method and device of user login validation
CN107612895A (en) * 2017-09-05 2018-01-19 网宿科技股份有限公司 A kind of internet anti-attack method and certificate server
CN107592309A (en) * 2017-09-14 2018-01-16 携程旅游信息技术(上海)有限公司 Security incident detection and processing method, system, equipment and storage medium
CN108092975A (en) * 2017-12-07 2018-05-29 上海携程商务有限公司 Recognition methods, system, storage medium and the electronic equipment of abnormal login
CN108322436A (en) * 2017-12-28 2018-07-24 瑞庭网络技术(上海)有限公司 Verification method, device, computer equipment and the readable storage medium storing program for executing of network request
CN108650226A (en) * 2018-03-30 2018-10-12 平安科技(深圳)有限公司 A kind of login validation method, device, terminal device and storage medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188159A (en) * 2019-05-27 2019-08-30 深圳前海微众银行股份有限公司 Collage-credit data cut-in method, device, equipment and computer readable storage medium
CN113407983A (en) * 2020-03-16 2021-09-17 北京国双科技有限公司 Security policy issuing method and device
CN112395574A (en) * 2020-12-04 2021-02-23 航天信息股份有限公司 Safety login management method
CN112395574B (en) * 2020-12-04 2024-02-23 航天信息股份有限公司 Safe login management method
CN113377818A (en) * 2021-06-29 2021-09-10 平安普惠企业管理有限公司 Flow verification method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN109460653B (en) 2021-06-25

Similar Documents

Publication Publication Date Title
CN105930727B (en) Reptile recognition methods based on Web
CN109460653A (en) Verification method, verifying equipment, storage medium and the device of rule-based engine
Biggio et al. Adversarial biometric recognition: A review on biometric system security from the adversarial machine-learning perspective
WO2021036014A1 (en) Federated learning credit management method, apparatus and device, and readable storage medium
CN106797371A (en) For the method and system of user authentication
CN104426884A (en) Method for authenticating identity and device for authenticating identity
US20210234877A1 (en) Proactively protecting service endpoints based on deep learning of user location and access patterns
CN102484640A (en) Threat detection in a data processing system
CN107872433A (en) A kind of auth method and its equipment
CN109660556A (en) User log-in method, device, equipment and storage medium based on information security
CN104361281B (en) A kind of solution of Android platform phishing attack
CN107911340A (en) Login validation method, device, equipment and the storage medium of application program
CN109784031A (en) A kind of account authentication process method and device
CN106453206A (en) Identity verification method and identity verification device
CN106470204A (en) User identification method based on request behavior characteristicss, device, equipment and system
CN106453205A (en) Identity verification method and identity verification device
CN107864112A (en) Log in safe verification method and device
CN107918911A (en) System and method for performing safe web bank transaction
CN116545650B (en) Network dynamic defense method
CN106878335A (en) A kind of method and system for login authentication
CN111797418A (en) Control method and device of online service, service terminal, server and storage medium
CN109977641A (en) A kind of authentication processing method and system of Behavior-based control analysis
CN114091042A (en) Risk early warning method
CN106027532A (en) Voiceprint-based subscriber identity authentication method, terminal and server
CN107872428A (en) The login method and device of application program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant