CN109460653B - Rule engine based verification method, verification device, storage medium and apparatus - Google Patents

Rule engine based verification method, verification device, storage medium and apparatus Download PDF

Info

Publication number
CN109460653B
CN109460653B CN201811234982.5A CN201811234982A CN109460653B CN 109460653 B CN109460653 B CN 109460653B CN 201811234982 A CN201811234982 A CN 201811234982A CN 109460653 B CN109460653 B CN 109460653B
Authority
CN
China
Prior art keywords
preset
verification
behavior
verified
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811234982.5A
Other languages
Chinese (zh)
Other versions
CN109460653A (en
Inventor
黄胜蓝
陈晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Jiyi Network Technology Co ltd
Original Assignee
Wuhan Jiyi Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Jiyi Network Technology Co ltd filed Critical Wuhan Jiyi Network Technology Co ltd
Priority to CN201811234982.5A priority Critical patent/CN109460653B/en
Publication of CN109460653A publication Critical patent/CN109460653A/en
Application granted granted Critical
Publication of CN109460653B publication Critical patent/CN109460653B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a verification method, verification equipment, a storage medium and a device based on a rule engine. When a first behavior to be verified is received, inquiring a preset verification rule corresponding to the first behavior to be verified in a preset rule engine; when the preset verification rule is an access frequency limiting rule, determining a source network address corresponding to the first behavior to be verified; counting a first access frequency of the source network address in a preset time period; and when the first access times are smaller than a preset upper time threshold, determining that the verification result corresponding to the first behavior to be verified is successful. Obviously, the verification rules applied in real time can be adapted for different behaviors to be verified in real time based on the preset rule engine, so that differentiation of the verification rules is realized, the safety and the usability of the verification rules are well balanced, and the technical problem that the safety and the usability cannot be well balanced in a verification mode is solved.

Description

Rule engine based verification method, verification device, storage medium and apparatus
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, an apparatus, a storage medium, and an apparatus for rule engine based authentication.
Background
When a plurality of users log in the portal website, in order to prevent hackers from logging in other accounts and prevent malicious database collision behaviors and the like, the portal website can pre-verify the login request sent by the user currently so as to judge whether the login request is a normal login behavior or an illegal login behavior of the user. And when the normal login behavior is identified, the user can successfully log in the authority of the portal website.
However, the login behavior of different users differs in security and risk for the web portal, considering that some users are normal users and some users are highly likely to be malicious users or library crashers. Therefore, when the method is applied to the verification operation of the login behavior, the security and the usability cannot be well balanced if the verification operation is performed according to a single verification rule.
Therefore, it can be considered that the verification method has a technical problem that the security and the usability cannot be well balanced.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a verification method, verification equipment, a storage medium and a device based on a rule engine, and aims to solve the technical problem that the security and the usability cannot be well balanced in a verification mode.
In order to achieve the above object, the present invention provides a verification method based on a rule engine, which comprises the following steps:
when a first behavior to be verified input by a user on a preset interactive interface is received, inquiring a preset verification rule corresponding to the first behavior to be verified in a preset rule engine;
when the preset verification rule is an access frequency limiting rule, determining a source network address corresponding to the first behavior to be verified;
counting a first access frequency of the source network address in a preset time period;
and when the first access times are smaller than a preset upper time threshold, determining that the verification result corresponding to the first behavior to be verified is successful.
Preferably, when a first behavior to be verified input by a user on a preset interactive interface is received, querying a preset verification rule corresponding to the first behavior to be verified in a preset rule engine, includes:
when a first behavior to be verified input by a user on a preset interactive interface is received, matching each preset trigger condition in a preset rule engine with the first behavior to be verified;
and when the matching is successful, inquiring a preset verification rule linked with the successfully matched preset trigger condition.
Preferably, when a first behavior to be verified input by a user on a preset interactive interface is received, matching each preset trigger condition in a preset rule engine with the first behavior to be verified includes:
when a first behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the first behavior to be verified, and inquiring a user label corresponding to the source network address;
when the user tag is a repeated verification tag, inquiring and recording a preset trigger condition of the repeated verification tag in a preset rule engine;
when the matching is successful, inquiring a preset verification rule linked with a preset trigger condition which is successfully matched, wherein the preset verification rule comprises the following steps:
when the preset trigger condition for recording the repeated verification label is inquired, inquiring a corresponding access time limiting rule in a preset rule mapping relation according to the preset trigger condition for recording the repeated verification label, wherein the preset rule mapping relation comprises the corresponding relation between the preset trigger condition and the preset verification rule.
Preferably, before the determining a source network address corresponding to a first behavior to be verified and querying a user tag corresponding to the source network address when the first behavior to be verified input by a user on a preset interactive interface is received, the rule engine-based verification method further includes:
when a second behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the second behavior to be verified;
second access times within a preset time period through the source network address;
and when the second access times are larger than or equal to a preset times lower limit threshold, the user label corresponding to the source network address is regarded as a repeated verification label.
Preferably, after determining the source network address corresponding to the first behavior to be verified when the preset verification rule is an access time limit rule, the rule engine-based verification method includes:
matching the source network address with each preset malicious login address recorded in a preset blacklist;
and when the matching fails, the step of counting the first access times of the source network address in a preset time period is executed.
Preferably, when the first access frequency is smaller than a preset upper threshold, determining that the verification result corresponding to the first behavior to be verified is successful, includes:
when the first access times are smaller than a preset time upper limit threshold, preprocessing the first behavior to be verified to obtain target behavior characteristics;
carrying out validity verification on the target behavior characteristics based on a preset convolutional neural network;
and when the validity verification is successful, determining a verification result corresponding to the first behavior to be verified as successful verification.
Preferably, after the verification result corresponding to the first behavior to be verified is determined to be successful when the validity verification is successful, the rule engine-based verification method further includes:
when the target behavior characteristics comprise a user agent, generating a performance query instruction, and sending the performance query instruction to user equipment so that the user equipment collects performance information of a current browser and feeds the performance information back to the verification equipment;
inquiring corresponding target browser performance information according to the user agent;
matching the current browser performance information with the target browser performance information;
and when the matching fails, modifying the verification result corresponding to the first behavior to be verified into verification failure.
Furthermore, to achieve the above object, the present invention also proposes a validation device comprising a memory, a processor and a rule engine based validation program stored on the memory and executable on the processor, the rule engine based validation program being configured to implement the steps of the rule engine based validation method as described above.
Furthermore, to achieve the above object, the present invention further provides a storage medium having a rule engine based authentication program stored thereon, which when executed by a processor implements the steps of the rule engine based authentication method as described above.
In addition, in order to achieve the above object, the present invention further provides a verification apparatus based on a rule engine, including:
the rule query module is used for querying a preset verification rule corresponding to a first behavior to be verified in a preset rule engine when the first behavior to be verified input by a user on a preset interactive interface is received;
a source address determining module, configured to determine a source network address corresponding to the first behavior to be verified when the preset verification rule is an access time limit rule;
the access times counting module is used for counting the first access times of the source network address in a preset time period;
and the behavior verification module is used for determining a verification result corresponding to the first behavior to be verified as successful verification when the first access frequency is smaller than a preset frequency upper limit threshold.
After receiving the first behavior to be verified, the method can inquire the corresponding preset verification rule from the preset rule engine, if the preset verification rule is the access time limit rule, the method can count the first access time of the source network address in a preset time period, and when the first access time is smaller than the preset time upper limit threshold, the verification result is determined as verification success. Obviously, the verification rules applied in real time are adapted for different behaviors to be verified in real time based on the preset rule engine, so that differentiation of the verification rules is realized, the risk of the login user can be better judged by comparing the access times in the preset time period, the security and the usability of the login user are better balanced, and the technical problem that the security and the usability cannot be better balanced in a verification mode is solved.
Drawings
FIG. 1 is a schematic diagram of a verification device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a rule engine based verification method according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of a rule engine based verification method according to the present invention;
FIG. 4 is a flowchart illustrating a third embodiment of a rule engine based verification method according to the present invention;
FIG. 5 is a block diagram of a first embodiment of a rule engine based verification apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a verification device of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the authentication apparatus may include: a processor 1001, such as a CPU, a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), and the optional user interface 1003 may further include a standard wired interface and a wireless interface, and the wired interface for the user interface 1003 may be a USB interface in the present invention. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in FIG. 1 does not constitute a limitation of the verification device, and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a rule engine-based authentication program.
In the authentication apparatus shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting peripheral equipment; the authentication device calls a rules engine based authentication program stored in the memory 1005 by the processor 1001 and performs the following operations:
when a first behavior to be verified input by a user on a preset interactive interface is received, inquiring a preset verification rule corresponding to the first behavior to be verified in a preset rule engine;
when the preset verification rule is an access frequency limiting rule, determining a source network address corresponding to the first behavior to be verified;
counting a first access frequency of the source network address in a preset time period;
and when the first access times are smaller than a preset upper time threshold, determining that the verification result corresponding to the first behavior to be verified is successful.
Further, the processor 1001 may call the rules engine based validation program stored in the memory 1005, and also perform the following operations:
when a first behavior to be verified input by a user on a preset interactive interface is received, matching each preset trigger condition in a preset rule engine with the first behavior to be verified;
and when the matching is successful, inquiring a preset verification rule linked with the successfully matched preset trigger condition.
Further, the processor 1001 may call the rules engine based validation program stored in the memory 1005, and also perform the following operations:
when a first behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the first behavior to be verified, and inquiring a user label corresponding to the source network address;
when the user tag is a repeated verification tag, inquiring and recording a preset trigger condition of the repeated verification tag in a preset rule engine;
accordingly, the following operations are also performed:
when the preset trigger condition for recording the repeated verification label is inquired, inquiring a corresponding access time limiting rule in a preset rule mapping relation according to the preset trigger condition for recording the repeated verification label, wherein the preset rule mapping relation comprises the corresponding relation between the preset trigger condition and the preset verification rule.
Further, the processor 1001 may call the rules engine based validation program stored in the memory 1005, and also perform the following operations:
when a second behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the second behavior to be verified;
second access times within a preset time period through the source network address;
and when the second access times are larger than or equal to a preset times lower limit threshold, the user label corresponding to the source network address is regarded as a repeated verification label.
Further, the processor 1001 may call the rules engine based validation program stored in the memory 1005, and also perform the following operations:
matching the source network address with each preset malicious login address recorded in a preset blacklist;
and when the matching fails, the step of counting the first access times of the source network address in a preset time period is executed.
Further, the processor 1001 may call the rules engine based validation program stored in the memory 1005, and also perform the following operations:
when the first access times are smaller than a preset time upper limit threshold, preprocessing the first behavior to be verified to obtain target behavior characteristics;
carrying out validity verification on the target behavior characteristics based on a preset convolutional neural network;
and when the validity verification is successful, determining a verification result corresponding to the first behavior to be verified as successful verification.
Further, the processor 1001 may call the rules engine based validation program stored in the memory 1005, and also perform the following operations:
when the target behavior characteristics comprise a user agent, generating a performance query instruction, and sending the performance query instruction to user equipment so that the user equipment collects performance information of a current browser and feeds the performance information back to the verification equipment;
inquiring corresponding target browser performance information according to the user agent;
matching the current browser performance information with the target browser performance information;
and when the matching fails, modifying the verification result corresponding to the first behavior to be verified into verification failure.
In this embodiment, after receiving the first behavior to be verified, the corresponding preset verification rule may be queried from the preset rule engine, if the preset verification rule is the access time limit rule, the first access time of the source network address in the preset time period may be counted, and when the first access time is smaller than the preset time upper limit threshold, the verification result is determined as successful verification. Obviously, in the embodiment, the verification rules applied in real time are adapted for different behaviors to be verified in real time based on the preset rule engine, so that differentiation of the verification rules is realized, the risk of the login user can be better judged by comparing the access times within the preset time period, the security and the usability of the login user are better balanced, and the technical problem that the security and the usability cannot be better balanced in the verification mode is solved.
Based on the hardware structure, the embodiment of the verification method based on the rule engine is provided.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of the verification method based on the rule engine according to the present invention.
In a first embodiment, the rules engine based verification method comprises the steps of:
step S10: when a first behavior to be verified input by a user on a preset interactive interface is received, a preset verification rule corresponding to the first behavior to be verified is inquired in a preset rule engine.
It can be understood that, considering that if only a single verification rule is used, it may not be possible to better prevent a library collision behavior or an attack behavior of a hacker, for example, if only a verification code is used as the verification rule, the hacker may just be able to identify a graphical verification code on the web portal through a script and implement batch login of accounts, so that security of the web portal is reduced; however, if the security is considered to be avoided, the difficulty of verifying the rule is increased, for example, replacing the verification code verification rule with an answer-type verification rule for answering the user information category lengthens the login time of the normal user to login the portal website, so that the portal website cannot be easily used.
It should be understood that, considering both the security and the usability of the verification operation, the present embodiment will set a plurality of different types of verification rules at the same time, and the rule engine implements the deployment of the verification rules, so as to better balance the security and the usability. The rule engine is used as a software component embedded in the application program and is used for stripping the business rules in the application program, and when the rule engine is actually operated, the input information is compared with the business rules loaded in the rule engine so as to activate certain business rules.
In a specific implementation, if the user a wants to log in a certain portal B, an account name and a password may be input on a login interface of the portal B, and certainly, other verification information for assisting verification, such as a verification code, may also be simultaneously input. After completing the input operation on the login interface, the user A can generate the first behavior to be verified by clicking the login option on the login interface, and then the first behavior to be verified is submitted to a background to complete the verification operation on the first behavior to be verified.
It is understood that, after receiving the first behavior to be verified, the first behavior to be verified serves as input information, a corresponding verification rule is adapted through the first behavior to be verified under the preset rule engine, and the verification rule is activated.
Step S20: and when the preset verification rule is an access frequency limiting rule, determining a source network address corresponding to the first behavior to be verified.
In a specific implementation, if the adapted authentication rule is an access time limit rule, the access time limit rule will determine whether the authentication result is successful or not according to the login time of the user. Of course, the adapted validation rules may also be other types of validation rules, such as validation code validation rules or answer-based validation rules that answer user information classes.
Step S30: and counting the first access times of the source network address in a preset time period.
It can be understood that the historical login behaviors of each user are counted in real time, so when the access number limiting rule is activated, the source network address of the user a, that is, the network address of the login device used by the user a, is determined first, and the historical login behaviors of the user a are extracted. If the preset time period is 24 hours, the access times of the user A within 24 hours can be learned to be 10 times according to the historical login behavior of the user A.
Step S40: and when the first access times are smaller than a preset upper time threshold, determining that the verification result corresponding to the first behavior to be verified is successful.
It should be understood that the preset upper threshold of times may be set to 20 times, and the verification result of the verification operation may be considered to be successful in view of that the access times 10 times are less than the preset upper threshold of times.
Of course, if the first access frequency is greater than or equal to the preset upper frequency threshold, the verification result corresponding to the first behavior to be verified is determined as verification failure.
In this embodiment, after receiving the first behavior to be verified, the corresponding preset verification rule may be queried from the preset rule engine, if the preset verification rule is the access time limit rule, the first access time of the source network address in the preset time period may be counted, and when the first access time is smaller than the preset time upper limit threshold, the verification result is determined as successful verification. Obviously, in the embodiment, the verification rules applied in real time are adapted for different behaviors to be verified in real time based on the preset rule engine, so that differentiation of the verification rules is realized, the risk of the login user can be better judged by comparing the access times within the preset time period, the security and the usability of the login user are better balanced, and the technical problem that the security and the usability cannot be better balanced in the verification mode is solved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a second embodiment of the rule engine-based verification method according to the present invention, and the second embodiment of the rule engine-based verification method according to the present invention is provided based on the first embodiment shown in fig. 2.
In the second embodiment, the step S10 includes:
step S101: when a first behavior to be verified input by a user on a preset interactive interface is received, matching each preset trigger condition in a preset rule engine with the first behavior to be verified.
It will be appreciated that, in the case of the preset rules engine, the preset rules engine will include a trigger condition portion and a validation rule portion, and the trigger condition is triggered to activate the linked validation rules.
Step S102: and when the matching is successful, inquiring a preset verification rule linked with the successfully matched preset trigger condition.
In a specific implementation, when the rule engine is executed, an execution queue may be additionally set, and the trigger condition and the behavior to be verified may be matched one by one based on the priority of the trigger condition in the execution queue, for example, if the trigger condition a and the first behavior to be verified are successfully matched, the verification rule a linked with the trigger condition a is immediately queried, so as to activate and execute the verification rule a.
Further, when a first behavior to be verified input by a user on a preset interactive interface is received, matching each preset trigger condition in a preset rule engine with the first behavior to be verified includes:
when a first behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the first behavior to be verified, and inquiring a user label corresponding to the source network address;
when the user tag is a repeated verification tag, inquiring and recording a preset trigger condition of the repeated verification tag in a preset rule engine;
when the matching is successful, inquiring a preset verification rule linked with a preset trigger condition which is successfully matched, wherein the preset verification rule comprises the following steps:
when the preset trigger condition for recording the repeated verification label is inquired, inquiring a corresponding access time limiting rule in a preset rule mapping relation according to the preset trigger condition for recording the repeated verification label, wherein the preset rule mapping relation comprises the corresponding relation between the preset trigger condition and the preset verification rule.
It is understood that the trigger condition includes a plurality of conditions, for example, the trigger condition may specify a user login time, a number of times that the user login is successful, or a number of times that the user login is failed. If the trigger condition B requires the tag information of the user tag, the user tag of the user a may be queried first. The user tags are used for classifying the users so that the authentication process can perform differentiated handling on the users, for example, the user tags include a credit user tag, a malicious user tag, a repeated authentication tag and the like, and the repeated authentication tag is used for representing that the user has a situation of attempting to log in for multiple times in a short time.
In a specific implementation, if the trigger condition B is "the user tag is a repeated verification tag", and the user tag of the user a is just the repeated verification tag, the verification rule corresponding to the trigger condition B may be queried in the preset rule mapping relationship.
Further, before determining a source network address corresponding to a first behavior to be verified and querying a user tag corresponding to the source network address when the first behavior to be verified input by a user on a preset interactive interface is received, the rule engine-based verification method further includes:
when a second behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the second behavior to be verified;
second access times within a preset time period through the source network address;
and when the second access times are larger than or equal to a preset times lower limit threshold, the user label corresponding to the source network address is regarded as a repeated verification label.
In a specific implementation, if the user a has other behaviors to be verified before the first behavior to be verified, and when the behaviors to be verified before verification are performed, the second access times within the preset time period are extracted from the historical login behaviors and are 6 times. If the second access time is greater than the preset time lower limit threshold value by 4 times, the user tag of the user a may be marked as a repeated authentication tag. Wherein the source network address may be used to tag the user identity.
It should be noted that the function of the preset time lower limit threshold is different from the preset time upper limit threshold, and the preset time upper limit threshold is used for identifying whether the current user a is a malicious logged-in user or a library-collider; the preset upper threshold of times is used to determine whether the user a has a situation of multiple logins, and whether the user a is a malicious user is not determined, because a normal user may also have a situation of login failure.
Further, after determining the source network address corresponding to the first behavior to be verified when the preset verification rule is an access time limit rule, the rule engine-based verification method includes:
matching the source network address with each preset malicious login address recorded in a preset blacklist;
and when the matching fails, the step of counting the first access times of the source network address in a preset time period is executed.
It can be understood that, when the verification operation is implemented by the access time limit rule, the source network address is acquired, and in order to further improve the accuracy of the verification operation, a blacklist setting may be introduced at the same time to improve the security.
In the specific implementation, after a source network address is obtained, the source network address can be matched with a large number of malicious login addresses recorded in a blacklist, if the matching is successful, the address of a user initiating a behavior to be verified belongs to the malicious login addresses, the user has high risk, and a verification result corresponding to a first behavior to be verified can be directly determined as verification failure; if the matching fails, further verification operations may continue to be performed based on the access time limit rule.
In this embodiment, different verification rules can be invoked for different behaviors to be verified by setting a user tag, so as to apply the verification rules with different verification difficulties distinctively.
Referring to fig. 4, fig. 4 is a schematic flowchart of a third embodiment of the verification method based on the rule engine according to the present invention, and the third embodiment of the verification method based on the rule engine according to the present invention is provided based on the first embodiment shown in fig. 2.
In the third embodiment, the step S40 includes:
step S401: and when the first access times are smaller than a preset upper time threshold, preprocessing the first behavior to be verified to obtain target behavior characteristics.
It can be understood that after the determination of the verification result is completed based on the access number limiting rule, a convolutional neural network may be further introduced to perform a further determination operation on the first behavior to be verified.
In a specific implementation, a plurality of different types of irregular behavior features are recorded in the first behavior to be verified, for example, the target behavior feature includes a User identifier representing the identity of a User, a page identifier, a User Agent (UA), and a device identifier of a device used for login, obviously, there is no direct data association between these different types of behavior features, and in order to integrate these behavior features to verify the first behavior to be verified in an integrated manner, a convolutional neural network may be introduced.
Step S402: and carrying out validity verification on the target behavior characteristics based on a preset convolutional neural network.
It is understood that the irregular target behavior features can be input into a preset convolutional neural network, and the preset convolutional neural network trains the target behavior features without relevance based on an Adaptive moment estimation (Adam) optimizer to judge whether the target behavior features are positive samples or negative samples. The positive sample is a behavior characteristic value of which the verification result is regarded as successful in verification, and the negative sample is a behavior characteristic value of which the verification result is regarded as failed in verification.
Step S403: and when the validity verification is successful, determining a verification result corresponding to the first behavior to be verified as successful verification.
It should be understood that, when the target behavior feature is determined to be a positive sample, the verification result corresponding to the first behavior to be verified is considered as verification success.
Further, after the verification result corresponding to the first behavior to be verified is determined to be successful when the validity verification is successful, the rule engine-based verification method further includes:
when the target behavior characteristics comprise a user agent, generating a performance query instruction, and sending the performance query instruction to user equipment so that the user equipment collects performance information of a current browser and feeds the performance information back to the verification equipment;
inquiring corresponding target browser performance information according to the user agent;
matching the current browser performance information with the target browser performance information;
and when the matching fails, modifying the verification result corresponding to the first behavior to be verified into verification failure.
It can be understood that, in order to prevent malicious users from tampering data of behavior characteristics to simulate normal users, so as to achieve the purpose of disguising as a positive sample, the disguising behavior of the malicious users can be prevented by comparing browser performance information. In addition, the execution subject of the embodiment is the verification device, and the verification device may be an electronic device such as a server; the user equipment is an electronic device that sends the first behavior to be verified to the verification device, and the user equipment may be a smart phone or a personal computer used by the user.
In the specific implementation, unique browser identifiers of browsers developed by different companies are recorded in the user agent, the browser type of the browser initiating the behavior to be verified can be directly identified through the user agent, and the running performances of different browsers are different. Therefore, if the first behavior to be verified includes the user agent a, the user equipment side initiating the first behavior to be verified may first query the browser capability information of the browser in use. For example, the browser capability information includes page opening speed, compatibility information, and the like.
It should be understood that after the actual browser performance information is obtained, the pre-counted target browser performance information corresponding to the user agent a is queried, and the target browser performance information is used for recording the history range of the performance information of the browser corresponding to the user agent a. If the actual browser performance information is compared with the target browser performance information, but the actual browser performance information is not the same as the target browser performance information, or the actual browser performance information does not fall within the history range of the target browser performance information record, it may be considered that the user equipment initiating the first behavior to be verified may be disguised as a browser type, for example, a user agent of the browser M is set up without actually using the browser M developed by M corporation, so as to serve as a disguise as a normal user, because the browser which is most frequently used by a normal user is the browser M. Therefore, the authentication may be considered to have failed.
In the embodiment, the convolutional neural network is additionally introduced to perform auxiliary verification on the first behavior to be verified, so that the human-computer distinguishing can be better performed, and the robustness is better.
In addition, an embodiment of the present invention further provides a storage medium, where a rule engine based verification program is stored on the storage medium, and when executed by a processor, the rule engine based verification program implements the following operations:
when a first behavior to be verified input by a user on a preset interactive interface is received, inquiring a preset verification rule corresponding to the first behavior to be verified in a preset rule engine;
when the preset verification rule is an access frequency limiting rule, determining a source network address corresponding to the first behavior to be verified;
counting a first access frequency of the source network address in a preset time period;
and when the first access times are smaller than a preset upper time threshold, determining that the verification result corresponding to the first behavior to be verified is successful.
Further, the rule engine based validation program when executed by the processor further performs the following operations:
when a first behavior to be verified input by a user on a preset interactive interface is received, matching each preset trigger condition in a preset rule engine with the first behavior to be verified;
and when the matching is successful, inquiring a preset verification rule linked with the successfully matched preset trigger condition.
Further, the rule engine based validation program when executed by the processor further performs the following operations:
when a first behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the first behavior to be verified, and inquiring a user label corresponding to the source network address;
when the user tag is a repeated verification tag, inquiring and recording a preset trigger condition of the repeated verification tag in a preset rule engine;
accordingly, the following operations are also implemented:
when the preset trigger condition for recording the repeated verification label is inquired, inquiring a corresponding access time limiting rule in a preset rule mapping relation according to the preset trigger condition for recording the repeated verification label, wherein the preset rule mapping relation comprises the corresponding relation between the preset trigger condition and the preset verification rule.
Further, the rule engine based validation program when executed by the processor further performs the following operations:
when a second behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the second behavior to be verified;
second access times within a preset time period through the source network address;
and when the second access times are larger than or equal to a preset times lower limit threshold, the user label corresponding to the source network address is regarded as a repeated verification label.
Further, the rule engine based validation program when executed by the processor further performs the following operations:
matching the source network address with each preset malicious login address recorded in a preset blacklist;
and when the matching fails, the step of counting the first access times of the source network address in a preset time period is executed.
Further, the rule engine based validation program when executed by the processor further performs the following operations:
when the first access times are smaller than a preset time upper limit threshold, preprocessing the first behavior to be verified to obtain target behavior characteristics;
carrying out validity verification on the target behavior characteristics based on a preset convolutional neural network;
and when the validity verification is successful, determining a verification result corresponding to the first behavior to be verified as successful verification.
Further, the rule engine based validation program when executed by the processor further performs the following operations:
when the target behavior characteristics comprise a user agent, generating a performance query instruction, and sending the performance query instruction to user equipment so that the user equipment collects performance information of a current browser and feeds the performance information back to the verification equipment;
inquiring corresponding target browser performance information according to the user agent;
matching the current browser performance information with the target browser performance information;
and when the matching fails, modifying the verification result corresponding to the first behavior to be verified into verification failure.
In this embodiment, after receiving the first behavior to be verified, the corresponding preset verification rule may be queried from the preset rule engine, if the preset verification rule is the access time limit rule, the first access time of the source network address in the preset time period may be counted, and when the first access time is smaller than the preset time upper limit threshold, the verification result is determined as successful verification. Obviously, in the embodiment, the verification rules applied in real time are adapted for different behaviors to be verified in real time based on the preset rule engine, so that differentiation of the verification rules is realized, the risk of the login user can be better judged by comparing the access times within the preset time period, the security and the usability of the login user are better balanced, and the technical problem that the security and the usability cannot be better balanced in the verification mode is solved.
In addition, referring to fig. 5, an embodiment of the present invention further provides a verification apparatus based on a rule engine, where the verification apparatus based on a rule engine includes:
the rule query module 10 is configured to, when a first behavior to be verified input by a user on a preset interactive interface is received, query a preset verification rule corresponding to the first behavior to be verified in a preset rule engine.
It can be understood that, considering that if only a single verification rule is used, it may not be possible to better prevent a library collision behavior or an attack behavior of a hacker, for example, if only a verification code is used as the verification rule, the hacker may just be able to identify a graphical verification code on the web portal through a script and implement batch login of accounts, so that security of the web portal is reduced; however, if the security is considered to be avoided, the difficulty of verifying the rule is increased, for example, replacing the verification code verification rule with an answer-type verification rule for answering the user information category lengthens the login time of the normal user to login the portal website, so that the portal website cannot be easily used.
It should be understood that, considering both the security and the usability of the verification operation, the present embodiment will set a plurality of different types of verification rules at the same time, and the rule engine implements the deployment of the verification rules, so as to better balance the security and the usability. The rule engine is used as a software component embedded in the application program and is used for stripping the business rules in the application program, and when the rule engine is actually operated, the input information is compared with the business rules loaded in the rule engine so as to activate certain business rules.
In a specific implementation, if the user a wants to log in a certain portal B, an account name and a password may be input on a login interface of the portal B, and certainly, other verification information for assisting verification, such as a verification code, may also be simultaneously input. After completing the input operation on the login interface, the user A can generate the first behavior to be verified by clicking the login option on the login interface, and then the first behavior to be verified is submitted to a background to complete the verification operation on the first behavior to be verified.
It is understood that, after receiving the first behavior to be verified, the first behavior to be verified serves as input information, a corresponding verification rule is adapted through the first behavior to be verified under the preset rule engine, and the verification rule is activated.
A source address determining module 20, configured to determine a source network address corresponding to the first behavior to be verified when the preset verification rule is an access time limit rule.
In a specific implementation, if the adapted authentication rule is an access time limit rule, the access time limit rule will determine whether the authentication result is successful or not according to the login time of the user. Of course, the adapted validation rules may also be other types of validation rules, such as validation code validation rules or answer-based validation rules that answer user information classes.
And the access frequency counting module 30 is configured to count a first access frequency of the source network address in a preset time period.
It can be understood that the historical login behaviors of each user are counted in real time, so when the access number limiting rule is activated, the source network address of the user a, that is, the network address of the login device used by the user a, is determined first, and the historical login behaviors of the user a are extracted. If the preset time period is 24 hours, the access times of the user A within 24 hours can be learned to be 10 times according to the historical login behavior of the user A.
And the behavior verification module 40 is configured to determine that the verification result corresponding to the first behavior to be verified is successful when the first access frequency is smaller than a preset upper frequency threshold.
It should be understood that the preset upper threshold of times may be set to 20 times, and the verification result of the verification operation may be considered to be successful in view of that the access times 10 times are less than the preset upper threshold of times.
Of course, if the first access frequency is greater than or equal to the preset upper frequency threshold, the verification result corresponding to the first behavior to be verified is determined as verification failure.
In this embodiment, after receiving the first behavior to be verified, the corresponding preset verification rule may be queried from the preset rule engine, if the preset verification rule is the access time limit rule, the first access time of the source network address in the preset time period may be counted, and when the first access time is smaller than the preset time upper limit threshold, the verification result is determined as successful verification. Obviously, in the embodiment, the verification rules applied in real time are adapted for different behaviors to be verified in real time based on the preset rule engine, so that differentiation of the verification rules is realized, the risk of the login user can be better judged by comparing the access times within the preset time period, the security and the usability of the login user are better balanced, and the technical problem that the security and the usability cannot be better balanced in the verification mode is solved.
Other embodiments or specific implementation manners of the verification apparatus based on the rule engine according to the present invention may refer to the above method embodiments, and are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order, but rather the words first, second, third, etc. are to be interpreted as names.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (9)

1. A verification method based on a rule engine is characterized by comprising the following steps:
when a first behavior to be verified input by a user on a preset interactive interface is received, inquiring a preset verification rule corresponding to the first behavior to be verified in a preset rule engine;
when the preset verification rule is an access frequency limiting rule, determining a source network address corresponding to the first behavior to be verified;
counting a first access frequency of the source network address in a preset time period;
when the first access times are smaller than a preset upper time threshold, determining that the verification result corresponding to the first behavior to be verified is successful;
the step of querying a preset verification rule corresponding to the first behavior to be verified in a preset rule engine comprises:
setting an execution queue, and matching each trigger condition with the first behavior to be verified based on the priority of the trigger condition in the execution queue;
determining a trigger condition successfully matched with the first behavior to be verified according to a matching result, and inquiring a preset verification rule linked with the trigger condition;
when a first behavior to be verified input by a user on a preset interactive interface is received, the step of querying a preset verification rule corresponding to the first behavior to be verified in a preset rule engine comprises the following steps:
when a second behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the second behavior to be verified;
second access times within a preset time period through the source network address;
when the second access times are larger than or equal to a preset times lower limit threshold, the user tag corresponding to the source network address is regarded as a repeated verification tag, so that differentiated confirmation of normal users is realized;
the step of identifying the user tag corresponding to the source network address as a repeated verification tag to realize differentiated identification of normal users comprises:
and identifying the user label corresponding to the source network address as a repeated authentication label, and identifying the user with the user label as the repeated authentication label as a normal user with multiple login failures in normal users.
2. The method for verification based on the rule engine as claimed in claim 1, wherein when receiving a first behavior to be verified input by a user on a preset interactive interface, querying a preset verification rule corresponding to the first behavior to be verified in a preset rule engine comprises:
when a first behavior to be verified input by a user on a preset interactive interface is received, matching each preset trigger condition in a preset rule engine with the first behavior to be verified;
and when the matching is successful, inquiring a preset verification rule linked with the successfully matched preset trigger condition.
3. The method for verification based on the rule engine as claimed in claim 2, wherein the matching of each preset trigger condition in a preset rule engine with the first behavior to be verified when receiving the first behavior to be verified inputted by the user on the preset interactive interface comprises:
when a first behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the first behavior to be verified, and inquiring a user label corresponding to the source network address;
when the user tag is a repeated verification tag, inquiring and recording a preset trigger condition of the repeated verification tag in a preset rule engine;
when the matching is successful, inquiring a preset verification rule linked with a preset trigger condition which is successfully matched, wherein the preset verification rule comprises the following steps:
when the preset trigger condition for recording the repeated verification label is inquired, inquiring a corresponding access time limiting rule in a preset rule mapping relation according to the preset trigger condition for recording the repeated verification label, wherein the preset rule mapping relation comprises the corresponding relation between the preset trigger condition and the preset verification rule.
4. The rules engine based authentication method of any of claims 1 to 3, wherein after determining the source network address corresponding to the first behavior to be authenticated when the preset authentication rule is an access number limiting rule, the rules engine based authentication method comprises:
matching the source network address with each preset malicious login address recorded in a preset blacklist;
and when the matching fails, the step of counting the first access times of the source network address in a preset time period is executed.
5. The rules engine-based verification method of any of claims 1 to 3, wherein the determining that the verification result corresponding to the first behavior to be verified is verification success when the first access number is smaller than a preset upper threshold number comprises:
when the first access times are smaller than a preset time upper limit threshold, preprocessing the first behavior to be verified to obtain target behavior characteristics;
carrying out validity verification on the target behavior characteristics based on a preset convolutional neural network;
and when the validity verification is successful, determining a verification result corresponding to the first behavior to be verified as successful verification.
6. The rules engine based authentication method of claim 5, wherein after the authentication result corresponding to the first behavior to be authenticated is determined to be successful when the validity authentication is successful, the rules engine based authentication method further comprises:
when the target behavior characteristics comprise a user agent, generating a performance query instruction, and sending the performance query instruction to user equipment so that the user equipment collects performance information of a current browser and feeds the performance information back to verification equipment;
inquiring corresponding target browser performance information according to the user agent;
matching the current browser performance information with the target browser performance information;
and when the matching fails, modifying the verification result corresponding to the first behavior to be verified into verification failure.
7. An authentication apparatus, characterized in that the authentication apparatus comprises: memory, a processor and a rules engine based validation program stored on the memory and executable on the processor, the rules engine based validation program when executed by the processor implementing the steps of the rules engine based validation method of any of claims 1 to 6.
8. A storage medium having stored thereon a rules engine based authentication program which when executed by a processor implements the steps of the rules engine based authentication method of any of claims 1 to 6.
9. A rules engine based authentication apparatus, the rules engine based authentication apparatus comprising:
the rule query module is used for querying a preset verification rule corresponding to a first behavior to be verified in a preset rule engine when the first behavior to be verified input by a user on a preset interactive interface is received;
a source address determining module, configured to determine a source network address corresponding to the first behavior to be verified when the preset verification rule is an access time limit rule;
the access times counting module is used for counting the first access times of the source network address in a preset time period;
the behavior verification module is used for determining that the verification result corresponding to the first behavior to be verified is successful when the first access frequency is smaller than a preset frequency upper limit threshold;
the rule query module is further configured to set an execution queue, and match each trigger condition with the first behavior to be verified based on the priority of the trigger condition in the execution queue;
determining a trigger condition successfully matched with the first behavior to be verified according to a matching result, and inquiring a verification rule linked with the trigger condition;
the rule query module is further configured to, when a first behavior to be verified input by a user on a preset interactive interface is received, query a preset verification rule corresponding to the first behavior to be verified in a preset rule engine, where the step includes: when a second behavior to be verified input by a user on a preset interactive interface is received, determining a source network address corresponding to the second behavior to be verified; second access times within a preset time period through the source network address; when the second access times are larger than or equal to a preset times lower limit threshold, the user tag corresponding to the source network address is regarded as a repeated verification tag, so that differentiated confirmation of normal users is realized;
the rule query module is further configured to regard the user tag corresponding to the source network address as a repeated authentication tag, and identify the user whose user tag is the repeated authentication tag as a normal user who has failed to log in multiple times among normal users.
CN201811234982.5A 2018-10-22 2018-10-22 Rule engine based verification method, verification device, storage medium and apparatus Active CN109460653B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811234982.5A CN109460653B (en) 2018-10-22 2018-10-22 Rule engine based verification method, verification device, storage medium and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811234982.5A CN109460653B (en) 2018-10-22 2018-10-22 Rule engine based verification method, verification device, storage medium and apparatus

Publications (2)

Publication Number Publication Date
CN109460653A CN109460653A (en) 2019-03-12
CN109460653B true CN109460653B (en) 2021-06-25

Family

ID=65608157

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811234982.5A Active CN109460653B (en) 2018-10-22 2018-10-22 Rule engine based verification method, verification device, storage medium and apparatus

Country Status (1)

Country Link
CN (1) CN109460653B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188159B (en) * 2019-05-27 2023-05-12 深圳前海微众银行股份有限公司 Credit data access method, device, equipment and computer readable storage medium
CN113407983A (en) * 2020-03-16 2021-09-17 北京国双科技有限公司 Security policy issuing method and device
CN112395574B (en) * 2020-12-04 2024-02-23 航天信息股份有限公司 Safe login management method
CN113377818A (en) * 2021-06-29 2021-09-10 平安普惠企业管理有限公司 Flow verification method and device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789855A (en) * 2015-11-25 2017-05-31 北京奇虎科技有限公司 The method and device of user login validation
CN107592309A (en) * 2017-09-14 2018-01-16 携程旅游信息技术(上海)有限公司 Security incident detection and processing method, system, equipment and storage medium
CN107612895A (en) * 2017-09-05 2018-01-19 网宿科技股份有限公司 A kind of internet anti-attack method and certificate server
CN108092975A (en) * 2017-12-07 2018-05-29 上海携程商务有限公司 Recognition methods, system, storage medium and the electronic equipment of abnormal login
CN108650226A (en) * 2018-03-30 2018-10-12 平安科技(深圳)有限公司 A kind of login validation method, device, terminal device and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322436B (en) * 2017-12-28 2022-05-31 瑞庭网络技术(上海)有限公司 Network request verification method and device, computer equipment and readable storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789855A (en) * 2015-11-25 2017-05-31 北京奇虎科技有限公司 The method and device of user login validation
CN107612895A (en) * 2017-09-05 2018-01-19 网宿科技股份有限公司 A kind of internet anti-attack method and certificate server
CN107592309A (en) * 2017-09-14 2018-01-16 携程旅游信息技术(上海)有限公司 Security incident detection and processing method, system, equipment and storage medium
CN108092975A (en) * 2017-12-07 2018-05-29 上海携程商务有限公司 Recognition methods, system, storage medium and the electronic equipment of abnormal login
CN108650226A (en) * 2018-03-30 2018-10-12 平安科技(深圳)有限公司 A kind of login validation method, device, terminal device and storage medium

Also Published As

Publication number Publication date
CN109460653A (en) 2019-03-12

Similar Documents

Publication Publication Date Title
CN109460653B (en) Rule engine based verification method, verification device, storage medium and apparatus
CN109687991B (en) User behavior identification method, device, equipment and storage medium
CN108377241B (en) Monitoring method, device and equipment based on access frequency and computer storage medium
US11380141B2 (en) Vehicle diagnosis method, user equipment, and server
CN107911340B (en) Login verification method, device and equipment of application program and storage medium
CN108600162B (en) User authentication method and device, computing equipment and computer storage medium
CN110502442B (en) Dynamic parameter checking method, device, equipment and storage medium
CN109547426B (en) Service response method and server
WO2020181809A1 (en) Data processing method and system based on interface checking, and computer device
CN111311251A (en) Binding processing method, device and equipment
CN109727027B (en) Account identification method, device, equipment and storage medium
CN109194689B (en) Abnormal behavior recognition method, device, server and storage medium
CN106550031A (en) The method and device of data backup
CN110071924B (en) Big data analysis method and system based on terminal
CN111190603A (en) Private data detection method and device and computer readable storage medium
CN110750765B (en) Service system, front-end page control method thereof, computer device, and storage medium
CN114826946A (en) Unauthorized access interface detection method, device, equipment and storage medium
CN107808082B (en) Electronic device, data access verification method, and computer-readable storage medium
CN112966249A (en) Multi-user account switching method and device, computer equipment and medium
CN113239333A (en) Browser user identity authentication method and system based on cross-domain resource access
CN108965335B (en) Method for preventing malicious access to login interface, electronic device and computer medium
CN111949363A (en) Service access management method, computer equipment, storage medium and system
CN112528286B (en) Terminal equipment safety detection method, associated equipment and computer program product
CN115600201A (en) User account information safety processing method for power grid system software
CN114090931A (en) Information interception method, equipment, storage medium and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant