CN110399925A - Risk Identification Method, device and the storage medium of account - Google Patents
Risk Identification Method, device and the storage medium of account Download PDFInfo
- Publication number
- CN110399925A CN110399925A CN201910683779.4A CN201910683779A CN110399925A CN 110399925 A CN110399925 A CN 110399925A CN 201910683779 A CN201910683779 A CN 201910683779A CN 110399925 A CN110399925 A CN 110399925A
- Authority
- CN
- China
- Prior art keywords
- dimension
- account
- information
- risk identification
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Artificial Intelligence (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
This application discloses a kind of Risk Identification Method of account, device and storage mediums, in the method, obtain the account information of target account to be detected, account information includes at least the characteristic information of behavior dimension and content dimension;By the characteristic information of at least one dimension, risk identification model is sequentially input, obtains corresponding recognition result, wherein risk identification model is for predicting whether the characteristic information of each dimension in account information is exception information;According to the recognition result of each dimension, the risk identification result of target account is determined.To in time, efficiently judge target account with the presence or absence of risk, the risk generation that user is swindled or misled is reduced, the identification of the information based on risk identification model and different dimensions improves accuracy of identification and coverage rate so that identification process is not easy to be cracked.
Description
Technical field
This application involves technical field more particularly to a kind of Risk Identification Methods of account, device and storage medium.
Background technique
With the high speed development of internet, the Internet services such as social activity, shopping, game be deep into life, work
Various aspects.User needs to log on to corresponding business platform by registered account, to experience corresponding internet clothes
Business.If the account of user is stolen, user is not other than being available corresponding business function, it is also possible to have property loss or
It undertakes steal-number person and is engaged in the risk not being distributed as using stolen account.
It is currently lower to the safety coefficient of the Risk Identification Method of account, it is easily cracked by criminal, and cannot cover
All account identification ranges have that accuracy of identification reduces and coverage rate is not high.
Summary of the invention
In view of this, this application provides a kind of Risk Identification Method of account, device and electronic equipment, so that identification
Process is not easy to be cracked, and improves accuracy of identification and coverage rate.
To achieve the above object, on the one hand, this application provides a kind of Risk Identification Methods of account, comprising:
The account information of target account to be detected is obtained, the account information includes at least the characteristic information of behavior dimension
With the characteristic information of content dimension;
By the characteristic information of at least one dimension, risk identification model is sequentially input, obtains corresponding recognition result,
In, the risk identification model is for predicting whether the characteristic information of each dimension in the account information is exception information;
According to the recognition result of each dimension, the risk identification result of the target account is determined.
In one possible implementation, the recognition result includes the recognition result and the second dimension of the first dimension
Recognition result, wherein the recognition result according to each dimension, determine the risk identification of the target account as a result,
Include:
The recognition result of first dimension and the recognition result of the second dimension are subjected to fusion treatment, obtain the target account
Risk identification result.
In another possible implementation, the recognition result according to each dimension determines the target
The risk identification result of account, further includes:
If the recognition result of first dimension meets default Risk Results condition, according to the identification of second dimension
As a result the recognition result of first dimension is verified, obtains the risk identification result of the target account.
In another possible implementation, this method further include:
Obtain the account information of sample account;
Feature extraction is carried out to the account information of the sample account, obtains the characteristic information of at least one dimension, wherein
The dimension includes at least behavior dimension and content dimension;
According to the characteristic information of each dimension, the portrait information of the dimension is determined, the portrait information can be according to right
The variation of the characteristic information for the dimension answered carries out real-time update;
The portrait information of each dimension is learnt, risk identification model is obtained.
In another possible implementation, the method also includes:
Risk identification according to the target account is as a result, determine the risk attributes of the target account;
Account Preservation tactics corresponding with the risk attributes are executed to the target account.
Another aspect, present invention also provides a kind of risk identification devices of account, comprising:
Information acquisition unit, for obtaining the account information of target account to be detected, the account information is included at least
The characteristic information of behavior dimension and the characteristic information of content dimension;
Recognition unit, for sequentially inputting the characteristic information of at least one dimension risk identification model, accordingly being known
Other result, wherein the risk identification model is for predicting whether the characteristic information of each dimension in the account information is different
Normal information;
As a result determination unit determines that the risk of the target account is known for the recognition result according to each dimension
Other result.
It is executable to be stored with computer present invention also provides a kind of storage medium for another aspect in the storage medium
Instruction when the computer executable instructions are loaded and executed by processor, realizes the risk of as above described in any item accounts
Recognition methods.
As it can be seen that the characteristic information of at least one dimension of target account is obtained when carrying out risk identification to target account,
Risk identification model is sequentially input, corresponding recognition result is obtained, is based ultimately upon the recognition result of each dimension, to determine target account
Number risk identification result.It is identified using the characteristic information for including at least behavior dimension and content dimension, it being capable of reconciliation
Number information is more accurately divided, and more types of account can be covered, compared to the prior art in only according to fixed dimension
The information of degree is identified that recognition accuracy is higher, and the various dimensions based on risk identification model quickly identify, can
Coverage rate is higher to be identified to a variety of malice account types.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only embodiments herein, for ability
For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to the attached drawing of offer other
Attached drawing.
Fig. 1 shows a kind of a kind of structure composed schematic diagram of risk recognition system of account of the application;
Fig. 2 shows a kind of process of Risk Identification Method one embodiment of account of the application interaction schematic diagrames;
Fig. 3 shows an a kind of schematic diagram of the Risk Identification Method of the characteristic information of various dimensions;
Fig. 4 shows an embodiment schematic diagram of the method in the embodiment of the present application to the processing of dimension recognition result;
Fig. 5 shows a kind of exemplary diagram for establishing risk identification model of the embodiment of the present application;
Fig. 6 shows an exemplary diagram of the attribute tags of behavior dimension in the embodiment of the present application;
Fig. 7 shows a kind of schematic diagram of the processing system of a kind of pair of risk account of the embodiment of the present application;
Fig. 8 shows the signal for carrying out Risk Identification Method in the embodiment of the present application to the account of instant messaging application
Figure;
Fig. 9 shows a kind of composition schematic diagram of risk identification device one embodiment of account of the application;
Figure 10 shows a kind of composed structure schematic diagram of terminal of the embodiment of the present application.
Specific embodiment
The scheme of the application can user carry out in the information interactive process of other users or user carry out it is mutual
During networking payment, risk identification can be carried out for the account to user more in time, accurately, to guarantee to account
The coverage rate of accuracy of identification and risk identification.
Wherein, account refers to that characterization user is carrying out message reference, information exchange and information branch in the embodiment of the present application
It pays and waits in application, the unique identification information of above-mentioned application is logged in, for example, the account of the social application platform of user, video tour
The account etc. of client, what the form of expression of account can be user oneself setting includes the character string of number and/or letter,
It is also possible to the character string that corresponding application platform distributes to user.Such as, account of user's first on video platform are as follows:
TA123467, still, the embodiment of the present invention are not the form of expression information progress account risk identification according to account, but according to
Risk identification is carried out to target account according to the account information of account characterization, it may finally be according to risk identification result to target account
It performs corresponding processing.In the embodiment of the present application, account information may include: that user corresponding with account or account are corresponding
The relevant data information of use environment.The Risk Identification Method of the account of the application in order to facilitate understanding, below for this Shen
The system that the Risk Identification Method of account please is applicable in is introduced.Referring to Fig. 1, it illustrates a kind of wind of account of the application
A kind of dangerous structure composed schematic diagram of identifying system.
As shown in Figure 1, the risk recognition system of account provided by the embodiments of the present application includes: terminal 10 and server 20.
Communication connection is realized by network 30 between terminal 10 and server 20.
Wherein, terminal 10 can be the mobile terminals such as mobile phone, tablet computer, or with information input function
The fixed terminals such as people's computer.
In the embodiment of the present application, terminal 10 can get use by its setting or connection MIM message input module
When family inputs target account, the account information of the target account is acquired, and collected account information is transmitted by network 30
To server 20.
The account information that terminal 10 acquires includes at least the characteristic information of behavior dimension and the characteristic information of content dimension,
In, the characteristic information of behavior dimension is primarily referred to as the information divided to the operation behavior of user, such as may include user couple
The operation information etc. of operation information, access that account is logged in.The characteristic information of content dimension refers to that user passes through the account
Carry out the information that data interaction generates content.It in addition to this can also include the information such as network environment dimension, account relating dimension.
Terminal is to own by recording user in real time by what the account was operated when carrying out the acquisition of account information
Operation information, and at the same time extracting the essential information of the account, such as logging device, login time, login IP information.It will acquisition
Information summarized according to the time cycle after generate the account information of the account and be sent to server, or will acquire in real time
Information adds time tag as account information and is sent to server, has server to carry out the remittance of all acquisition information under the account
Always.
Correspondingly, server 20 can each dimension in the account information that sends of identification terminal 10 characteristic information, can be with
The risk identification model stored by invoking server, identifies the characteristic information of dimension each in account information, thus
The recognition result of each dimension can be fast and accurately obtained, then the recognition result according to each dimension, determine target account
Risk identification as a result, risk identification result is then returned to terminal by network 30, so that terminal can export risk
Recognition result, to reach the current account of warning terminal user there are risk or after being handled according to risk identification result
Result information.
It is by terminal 10 by collected target it should be noted that in the risk recognition system of account shown in fig. 1
The account information of account is sent to server 20.Alternatively possible implementation in the embodiment of the present application can be terminal
Target account is sent to server, the account information of the target account is obtained by server.Target account is carried out in server
Account information obtain during, can be server based on current target account and acquire user corresponding with target account
All information that terminal generates, then extract the account information therein for meeting identification demand, are also possible to server and generate phase
The information collection of dimension is answered to instruct, the account information for acquiring each dimension respectively by terminal is transferred to server.
Optionally, application can have been run in terminal, which communicates to connect for establishing with server, and terminal is by answering
Information exchange is carried out with the server.
In the case where alternatively possible, in order to guarantee that order of accuarcy and the identification of the account information obtained require, at end
When account information is transferred to server by end, server can be classified and be filtered to account information, that is, extract portion therein
Account information is divided to carry out risk identification, it should be noted that partial account number information has included at least the characteristic information of behavior dimension
With the characteristic information of content dimension, and can satisfy risk identification model information input requirement.It is corresponding, if terminal acquisition
The information input that account information is unsatisfactory for risk identification model, which requires, or dimension of its acquisition is less does not have statistical analysis and wants
When asking, information collection instruction is can be generated in server, and is transmitted to terminal, so that the account information that terminal carries out again is adopted
Collection, until the account information got meets the information input requirement of risk identification model, it can carry out risk identification processing.
It is understood that if terminal can only collect the account information of some single dimension, or partial account number letter can only be collected
When breath, server can also export the risk identification of the target account as a result, can still export commenting for the risk identification result simultaneously
Valence information, for example, the risk identification of current goal account, which is based on log-on message dimension, is identified that the target account is not belonging to wind
Dangerous account, but can not rule out the forgery risk of log-on message.
The risk identification model stored on the server can identify the characteristic information of each dimension, export
Recognition result is also corresponding each dimension as a result, such can be in order to which statistical staff can be based on the identification of each dimension
As a result for statistical analysis, repair the dimension account log in loophole, compared to the prior art in can only unite to account
One identification, recognition result is in the representativeness for having more different dimensions, convenient for the risk test and risk debugging of system.Wherein,
Risk identification model is that the account information based on sample account generates, and markers is marked in the account information to sample account
Remembered each dimension information and corresponding risk label, then can generate the portrait information of each dimension, to portrait information
Risk identification model is generated after being learnt, it should be noted that portrait information includes all spies of the corresponding user of the account
Sign, having the feature of burst-normal also to have, there are also the attributive character of user there are the feature of risk, such that the risk generated
Identification model is more accurate in identification process, can also judge that burst-normal or exception are prominent during risk identification
Become.
The risk identification of the target account of server final output the result is that the recognition result based on above-mentioned each dimension into
It is obtained after row processing, is a comprehensive recognition result to target account, certain server also can store or export respectively
Perhaps risk index value is convenient for safeguarding or the use of tester for the risk identification result of a dimension.
Corresponding to when being served by some or platform carries out corresponding safety test, it also can use the application and mention
The method of confession carries out risk identification to the information of single dimension, to obtain the test result of the dimension, convenient for carrying out to the dimension
Maintenance and reparation.It describes in detail below to the interactive process between terminal and server.Fig. 2 is referred to, it illustrates this
Apply for a kind of process interaction schematic diagram of Risk Identification Method one embodiment of account, the method for the present embodiment may include:
S201, terminal obtain the account information of target account to be detected.
Wherein, the account information includes at least the characteristic information of behavior dimension and the characteristic information of content dimension.Herein
Dimension be according to the classification setting for carrying out the determining account information of analysis to history account information, in order to preferably cover
All accounts are covered, and are able to ascend the accuracy of account risk identification, have included at least behavior dimension in the embodiment of the present application
Degree and two dimensions of content dimension.This is because behavior dimension can preferably embody what user was operated by target account
Characteristic information can define the dimension for belonging to the individual operation of the account.For example, the account of sensitive information would generally will be accessed
It is determined as risk account, but the account of auditor may be accessed largely there are the website of sensitive information, webpage etc.,
To realize the content auditing to each website, if may think that according to the cognition in the prior art to the identification of risk account
The account of the auditor regards as risk account, to control its normal navigation process, can make the experience effect of user
It is poor.And in the embodiment of the present application since the characteristic information that can be realized the user behavior dimension acquires, and this feature is believed
Breath can meet its operational requirements, so that subsequent risk identification process is more accurate.
The characteristic information of content dimension is able to reflect information of the user of the target account when carrying out data interaction, acquisition
The risk identification when information of the dimension can carry out IP address or logging device camouflage for black production account.In addition to this, may be used also
To include account environment dimension, associated account number dimension etc..
Target account to be detected is the account for needing to carry out risk identification, can be and applies (e.g., video for some
APP the user account) logged in real time, be also possible to during the account specified during the test or security maintenance with
The account that machine is chosen.
In the case where a kind of possible, after terminal operating application, if a terminal detects that user carries out account login,
And the function items of the risk of account for identification of automatic running are provided in the application, then terminal gets current login account
Corresponding account information, to carry out risk identification to current account.
In the case where another is possible, the risk for starting account in some time range is set in the application of terminal
When identification function, when the account for having user to carry out the application within this time range logs in, then terminal can acquire the period
The corresponding account information of account.The situation can be applied to the risk identification scene to account that user is independently arranged, for example, needle
Internet application is communicated to enterprises, user generally can carry out account login the working time on weekdays, and be in
Line application state, in order to guarantee the safety of account, user, which can be set, carries out real-time monitoring to account risk on one's own time
And identification can obtain corresponding account information then when terminal detects that user carries out account login on one's own time to send out
It send to server and carries out risk identification.
Account information is sent to server by S202, terminal.
Such as, account information is sent to service based on the communication connection being applied between server in the terminal by terminal
Device.
Optionally, the request of the risk identification comprising account also can be generated in terminal, so that server responds the risk identification
Request, and risk identification is carried out to the character for including in target image.
Since account information is the characteristic information for including at least one dimension, terminal can be by the characteristic information of each dimension
Be packaged and generate account information, then account information is sent to server, at this point, will include dimension mark in account information,
Account information is parsed by dimension convenient for server.Each dimensional information can also be sent to service by dimension by terminal
Device.Wherein, optimum way be will collected all dimensional informations be sent to server so that subsequent server carry out wind
Danger identification is more accurate.Be also possible to server according to current application characteristic generate dimensional information acquisition instructions, terminal according to
The characteristic information of target dimension corresponding with the instruction is sent to server by the acquisition instructions.This mode can be to avoid information
Acquisition time is too long or the waste of redundant information.
In another possible implementation, terminal can collect all account informations of target account, but its
Collected account information is transmitted directly to server by the dimension that can not specify the account information, by server according to setting
Fixed dimension mark, carries out dimension division to the account information received, obtains the characteristic information of several dimensions.
S203, server calls risk identification model.
Wherein, risk identification model can be to be stored in advance on server, belong to have be able to carry out account risk
The neural network model of identification.I.e. the risk identification model be used for predict each dimension in account information characteristic information whether be
Exception information.
Such as, a model library can be set, may include multiple models in the model library, these multiple models can be
The model in different application field, such as risk identification model, user's identification model, account number classification model etc., or be applicable in
In the risk identification model of different application scene, such server can be called based on the account risk identification demand of different application
Corresponding risk identification model in the model library.
It illustrating, it is assumed that application is internet payment application, when carrying out risk identification to the target account of the application,
It needs to call the risk identification model that can carry out payment related information risk identification, i.e. the risk identification model at least can be with
It is identified for the information of payment dimension.
S204, for the characteristic information of each dimension in account information, the characteristic information of dimension is input to by server
Risk identification model exports the recognition result of dimension.
In one possible implementation, the account information that terminal is sent is the feature letter classified according to dimension
Breath, then the characteristic information of each dimension can be input to risk identification model by server, which can be multithreading information
Input, the i.e. characteristic information of the corresponding dimension of a thread, is also possible to be inputted in the form of message queue, i.e., each
The characteristic information of dimension forms the message queue.Corresponding, risk identification model is the risk identification model an of various dimensions, can
The identification of exception information is carried out with the characteristic information to each dimension.
Wherein, which, which can be, carries out analysis modeling, i.e. the risk identification model category for multiple dimensions
In Fusion Model, the risk identification of each dimension has been merged.For example, account information can be divided into environment dimension, behavior dimension
And content dimension, wherein environment dimension can characterize the network environment relevant information of end user logs, for example, entry address,
Log in the information such as IP, logging device;Behavior dimension can characterize the information of terminal login user, such as the account social activity number of user
According to, Message Opcode data, log in pipelined data etc.;Content dimension can characterize the target account login user of terminal and currently step on
The interaction data between the other users or other function of application is recorded, such as message content, comment content and the branch between user
Pay content etc..Then the risk identification model can environment dimension, the account of behavior dimension and content dimension to target account
Information carries out risk identification, obtains the recognition result of each dimension.The recognition result of the dimension can characterize reconciliation under the dimension
It number analyses whether the information there are risk, also may include the risk factor value for indicating risk height.
S205, server determine the risk identification result of target account according to the recognition result of each dimension.
Risk identification result is sent to terminal by S206, server.
After the recognition result for obtaining each dimension, server can be according to risk decision condition, to each dimension
Recognition result is analyzed and processed, and has obtained the risk identification result of the risk assessment to target account.Specifically, can be to each
The recognition result of a dimension is weighted, and obtains the risk identification result of target account entirety.It can also be compared point
Analysis, i.e., when there are three the recognition results of dimension, if the recognition result of two of them dimension indicates that target account is deposited under the dimension
In risk, then determine that the risk identification result of the target account belongs to risk account for target account.Then server is by risk
Recognition result returns to terminal, so that terminal knows that current account is risk account, can execute subsequent server transmission
The control instruction that account is protected.
Referring to Fig. 3, it illustrates an a kind of schematic diagrames of the Risk Identification Method of the characteristic information of various dimensions of the application.In
It include account information 301, risk identification model 302, dimension recognition result 303 and risk identification result 304. in Fig. 3
Including the characteristic information of the first dimension, the characteristic information ... and N-dimensional degree of the second dimension in account information 301
Characteristic information, account information is input in risk identification model 302, corresponding dimension recognition result 303 include first dimension
The recognition result of the recognition result of degree, the recognition result ... of the second dimension and N-dimensional degree, risk identification result 304 is to dimension
The recognition result of each dimension carries out the recognition result of the synthesis of analysis acquisition in degree recognition result 303, and by the risk identification
As a result it exports to terminal and/or is recorded in the risk identification database of server.
For example, target account is the account of instant messaging application, the account information of acquisition is target user's first at this
The information of instant messaging application, which includes the characteristic information of three dimensions, logs in the characteristic information of environment dimension are as follows:
Place-city A is logged in, logs in IP-IP character B, the characteristic information of behavior dimension is that login time is 23:00, content dimension
Characteristic information: sending messages to classmate's second, and message content is " classmate to be met photo upload into Dropbox, Dropbox address
It is ... ", above-mentioned dimensional information is input in risk identification model, risk equipment model is obtained based on the judgement to above- mentioned information
To identified below as a result, the recognition result of each dimension is to log in environment dimension for non-exception information, behavior dimension is abnormal letter
Breath, content dimension is exception information, then there are risks for the target account of final output.
Recognition result to server in the embodiment of the present application according to each dimension below determines that the risk of target account is known
The step of other result, describes in detail.Referring to fig. 4, it illustrates the sides handled in the embodiment of the present application dimension recognition result
One embodiment schematic diagram of method.The recognition result of the dimension described in Fig. 4 includes the recognition result and the second dimension of the first dimension
Recognition result, present three kinds of possible real-time modes and the recognition result of dimension handled, to obtain target account
Risk identification result mode.
First way is fusion treatment mode, i.e., by the recognition result of the first dimension and the recognition result of the second dimension into
Row fusion treatment obtains the risk identification result of target account.For example, the first dimension of setting and the corresponding dimension power of the second dimension
The recognition result of weight values, recognition result and the second dimension to the first dimension is weighted processing, obtains the target account
Risk identification result.
Wherein, the weighted value of the first dimension and the second dimension is the account information represented according to the first dimension and the second dimension
There may be the coefficient of risk estimate it is existing, for example, the first dimension represents time dimension, when the account to the first dimension logs in
When time is identified, the recognition result i.e. account login time for obtaining the dimension is exception information, if its weighted value is 5,
The corresponding risk factor of recognition result for exporting the first dimension is 5;If the second dimension represents equipment dimension, when to the second dimension
Account logging device carry out identification be obtain the dimension recognition result i.e. account logging device be normal information, if its weight
Value is 4, is 0 in the corresponding risk factor of recognition result for exporting the second dimension;The then risk identification result pair of the target account
The risk factor answered can be 5+0=5, if setting 3 for the normal risk factor of account, calculated risk in this case
Coefficient is greater than the normal risk factor of account, then there are risks for the target account.
The second way is verification processing, if the recognition result of the first dimension meets default Risk Results condition, according to
The recognition result of second dimension verifies the recognition result of the first dimension, obtains the risk identification result of target account.Example
Such as, the recognition result of the first dimension indicates the account information of the dimension there are exception information, then it meets default Risk Results
Condition is then verified according to the recognition result of the second dimension, if the recognition result of the second dimension also complies with default Risk Results
Condition, then export the target account be risk account.Wherein, the condition for presetting Risk Results can be the feature of each dimension
There are the corresponding migration indexes of the risk identification result of exception information or the dimension to be higher than preset first threshold value in information.
The third mode is gradually judgment mode, i.e., judges whether to lower dimension according to the recognition result of the first dimension
Characteristic information identification.For example, the recognition result if the first dimension indicates the characteristic information of the dimension there are if exception information
Export the recognition result that the target account belongs to risk account;If the recognition result of the first dimension indicates the characteristic information of the dimension
There is no exception informations, then verify to the characteristic information of the second dimension, if the characteristic information of the second dimension has abnormal letter
Breath, then export the recognition result that the target account belongs to risk account.
Due to being identified by characteristic information of the risk identification model to each dimension in the embodiment of the present application,
It is then corresponding, Fig. 5 is referred to, it illustrates a kind of exemplary diagrams for establishing risk identification model of the embodiment of the present application, comprising:
S501, the account information for obtaining sample account;
S502, feature extraction is carried out to the account information of sample account, obtains the characteristic information of at least one dimension;
S503, according to the characteristic information of each dimension, determine the portrait information of the dimension;
S504, the portrait information of each dimension is learnt, obtains risk identification model.
Wherein, the account information of sample account is the sample data of the account based on various applications, the account of the sample account
Number information includes the login pipelined data of the user of application, account Social behaviors data, Message Opcode content-data, and is clicked
Etc. operation datas.Since collected data volume is larger and data class is more, need to carry out feature extraction to account information,
It realizes the classification to account information, obtains the characteristic information of at least one dimension, which can be corresponding data category
Information, and when carrying out feature extraction to account information, at least to extract the characteristic information and content dimension of behavior dimension
Characteristic information.Then, the characteristic information according to each dimension, analysis obtain the portrait information of the user under the dimension, and
Information of drawing a portrait can carry out real-time update according to the variation of the characteristic information of corresponding dimension.Usually portrait information is believed according to feature
It ceases the set of the user tag generated or meets the set of tags of risk range, can reflect the attribute of user under the dimension.
Portrait information in the embodiment of the present application is not fixed, but is able to carry out real-time update.With the progress of behavior dimension
Illustrate, user carries out data access by some account, the operation that user carries out data access can be acquired, for example, browsing web sites
Classification, the classification of browsing time etc., if user, when place A is browsed, matched time tag is a, then to generation
Portrait information includes the browsing time label a of user, if carry out risk identification to the user account, when the browsing time of user
The time that the time tag defines is not met, then will be considered that there are risks for the account.But user's account in the embodiment of the present application
Number corresponding time tag is not constant always, but when the characteristic information of the dimension changes, and change and meet
Specific rule is that this Partial Feature information changes, the information of remaining dimension does not change or is only associated with
Variation, and variation continues for some time, then will be updated corresponding label and portrait information, then corresponds to risk model and known
When other, understand and be identified according to the information after variation, in this way when user goes on business or locating time zone changes, will not incite somebody to action
The account of user is identified as risk account.
Finally the portrait information of each dimension is learnt, such as can be by default machine learning algorithm to each dimension
The portrait information of degree is learnt, and risk identification model is obtained.Wherein, the default machine learning algorithm may include
Xgboost algorithm, linear regression algorithm, Lasso regression algorithm, Ridge regression algorithm, random forests algorithm, support vector machines
And at least one of iteration decision tree, the model of foundation can also be trained by above-mentioned machine learning method, rationally
Evaluation model as a result, fully assess important index, so that model performance is optimal as far as possible.
It in the embodiment of the present application further include according to behavior dimension if the dimension includes behavior dimension and content dimension
Characteristic information determines the process of the portrait information of behavior dimension, specifically includes:
According to the characteristic information of the behavior dimension of account, the attribute tags of the behavior dimension of the account are generated;
Based on the attribute tags of the behavior dimension, the portrait information of the behavior dimension of the account is determined.
Wherein, the characteristic information of the behavior dimension includes at least following any one: logging device information, the account of account
Number common login time information, the network attribute information of the access information of account or account.
It should be noted that the characteristic information of behavior dimension is the corresponding user of the account in long-term and recent times section
Interior behavioral data, wherein the logging device information of account indicates the common logging device of the accounting number users, such as computer, end
The equipment identification informations such as end;The common login time information of account refers to the usual login time of the user of the account, such as works
Day or some special time period;The access information of account can indicate network address, the related application that the accounting number users often access
Or other account informations often interacted;The network attribute information of account can indicate the network environment that the account logs in, such as
IP address, network connection mode etc..
According to the analysis of the characteristic information to above-mentioned behavior dimension, the category of the behavior dimension of the corresponding user of the account is determined
Property label, wherein the attribute tags can indicate that attribute of the corresponding user of the account under the characteristic information of current dimension is poly-
Class.Referring to Fig. 6, it illustrates an exemplary diagrams of the attribute tags of behavior dimension in the embodiment of the present application.It is corresponding in Fig. 6
Using for instant chat application, the attribute tags of the behavior dimension of the corresponding user of the account include 4, wherein 601 table of label
The label for showing logging device information is mobile device;Label 602 indicates the label of login time, is 21:00-23:00;
Label 603 indicates the label of the access information of account, is family group;Label 604 is the label for identifying the login IP of account,
Are as follows: 192:101:***.Obtaining the accounting number users in the portrait information of behavior dimension according to above-mentioned label is that the user passes through shifting
Dynamic equipment is 192:101:*** using IP address, often in 21:00-23:00 and family group or family group associated member into
Row chat.
It should be noted that when label is arranged, same type of information labels can there are two, for example, some is used
Family is often gone on business, and logging in the corresponding label of IP can be set to the IP of the IP and work unit with place of often going on business, this
The characteristics of sample can be more in line with the user when the user to the dimension draws a portrait information generation, if in subsequent identification process
There are abrupt informations can know burst-normal in fact or abnormal sudden change in characteristic information.
It is also possible to what basis obtained after the attribute tags of the dimension are handled in the portrait information of some dimension,
In, simplest mode is the information of portrait all labels of the information matches dimension;It is also possible to be generated according to existing label
Then existing label and correlation tag are determined as information of drawing a portrait by correlation tag, if the label of some dimension includes time tag,
Can determine the character of use label of the account by the common login time in time tag, belong to work account or
Therefore private account further includes letter relevant to character of use label in addition to above-mentioned label in the portrait information ultimately generated
Breath;Portrait information is also possible to the information after deleting certain labels, and this mode is commonly available to analyze some condition
Under account characteristic.
It in the embodiment of the present application further include the portrait information that content dimension is determined according to the characteristic information of content dimension
Process specifically includes:
According to the characteristic information of the content dimension of account, the attribute tags of the content dimension of the account are generated;
According to the attribute tags of the content dimension, the portrait information of the content dimension of the account is determined;
Wherein, the content dimension characterization account carries out the dimension that content information is generated when data interaction, for example, target account
Content of communciation number between user and other accounting number users, the account content letter that target account is paid or inputted when being transferred accounts
Breath etc..Then the attribute tags of the content dimension reflect the cluster result to content information, the portrait letter of corresponding content dimension
The content for the content information that the user that breath reflects the account usually sends.For example, user logs in chat application by the account
When, the data interaction of related work content is often carried out with other accounts, then the account is positioned as work account, then will occur one
A little message requests for having network linking address, determine the anomalous content label of the account.
It should be noted that all relevant informations when generating the portrait information of each dimension, in addition to counting the dimension
Outside, thinner cluster can also be carried out according to information of the time to the dimension, for example, being divided into 48 times 24 hours one day
Section counts the login times in each section, and it is all and 10 times two recent that the statistical information of login times can be divided into history
A dimension goes calculating user often to use period label.It can more accurately reflect the practical habit and operation of user in this way.Example
Such as, the login time of user's history counts to obtain as 16:00-20:00, close if user is since certain cause specifics are such as outgoing
10 login times may concentrate on 23:00-24:00, then when determining the common time tag of user, it should based on this two
A dimension accounts for.
It additionally provides in the embodiment of the present application and knowledge method for distinguishing is carried out to the characteristic information of different dimensions, specifically, if
Dimension includes behavior dimension, and the characteristic information by the dimension is input to risk identification model, exports the knowledge of the dimension
Other result, comprising:
The characteristic information of the behavior dimension of target account is input to the risk identification model, in the risk identification mould
In type, the abrupt information of the characteristic information of the behavior dimension is detected;
If the abrupt information meets behaviorist risk identification condition, the risk identification result of the behavior dimension is exported;
If the abrupt information no enough row is risk identification condition, the knowledge of the burst-normal of the behavior dimension is exported
Other result.
When the dimension includes content dimension, the characteristic information by the dimension is input to risk identification model,
Export the recognition result of the dimension, comprising:
The characteristic information of the content dimension of target account is input to the risk identification model, in the risk identification mould
In type, detect whether comprising Risk Content in the characteristic information of the content dimension, if it is, exporting the content dimension
Risk identification result;
Alternatively, detecting in the characteristic information of the content dimension, whether packet risk interacts account information, if it is, output
The risk identification result of the content dimension.
Risk identification model can be identified according to the characteristic information of the behavior dimension of input, that is, judge the feature letter of input
The behavior portrait information whether breath meets the accounting number users proves that the characteristic information of behavior dimension is not present if met
Exception information;If do not met, need to extract corresponding abrupt information, which indicates to mismatch with portrait information
Information.It should be noted that being not to detect that abrupt information is determined as the dimension to improve the accuracy of judgement
There are exception informations for characteristic information.This is because abrupt information is probably derived from the information of user's normal operating, it is also possible to come
The information of user's abnormal operation needs further to be judged according to risk identification condition, which can be root
E.g. judge whether the abrupt information can be associated with according to the condition that the formation condition and influence content of abrupt information are determined
Information mutates, and only when abrupt information meets risk identification condition, can just export the risk identification result of the dimension.
When dimension includes content dimension, the characteristic information of the content dimension of target account is input to the risk identification
Whether model detects in the risk identification model comprising Risk Content in the characteristic information of the content dimension, if
It is the risk identification result for then exporting the content dimension;
Alternatively, detecting in the characteristic information of the content dimension, whether packet risk interacts account information, if it is, output
The risk identification result of the content dimension.
Since not necessarily each account is there are the content interaction data between actual account, for example, the account is using being
E-payment application, user seldom passes through the account and the user of other accounts carries out the communication such as chat, but it can input and turn
The information such as account account, the account information that this can be transferred accounts is as the characteristic information of content dimension, i.e., according to the difference of application scenarios,
The characteristic information of its content dimension is different.When characteristic information of the risk identification model to content dimension identifies, mainly
The pass contact details of Risk Content are detected.
Referring to Fig. 7, it illustrates a kind of schematic diagrames of the processing system of a kind of pair of risk account of the embodiment of the present application.Scheming
In 7, comprising: identification server 701, O&M server 702 and terminal 703, wherein identification server 701 can be by target account
There are the O&M servers 702 that the risk identification result of risk is sent to the corresponding application of the account, are determined by the O&M server
The risk attributes of target account export corresponding account Preservation tactics, wherein account Preservation tactics are to different risk classifications
Carry out the strategy of steal-number and strike.O&M server 702 corresponding with account Preservation tactics will execute instruction and be sent to terminal
703, it enables the terminal to execute corresponding instruction, reaches the protection to current account.
For example, risk attributes indicate the mode that different steal-number types or account are in, e.g., what risk attributes indicated is account
Number mode being in logs in account and abnormal number occurs, can directly carry out login limitation, not allow it to login successfully.In
In the case where having logged on successfully and generating steal-number message, title processing directly is carried out to steal-number, and by short-term or
Social platform tool notification account is abnormal, i.e. the stolen prompt of account.It can also be by being shielded, at the control of message screening to social
Reason realizes the protection to account.
Below by taking the account of instant messaging application as an example, the Risk Identification Method of the account of the application is illustrated.Ginseng
See Fig. 8, it illustrates the schematic diagram for carrying out Risk Identification Method in the embodiment of the present application to the account of instant messaging application, tools
Body includes:
User's first is by the terminal device logs instant messaging application, then terminal can believe the account of collected user's first
Breath is sent to server, wherein account information includes the information of three dimensions:
801, environment dimensional information;
802, behavior dimensional information;
803, content dimension information.
Wherein, environment dimensional information includes: terminal serial number, logs in IP/IPC sequence number, internetwork connection mode-wireless network
Network connection;Behavior dimensional information includes: the target account of login time, interaction;Content dimension information includes handing over target account
Mutual content, such as " following link * * please be access, get offers content ".
Then, server by utilizing risk identification model carries out risk identification to the information of above-mentioned each dimension, ties up to environment
Degree is identified that, mainly to logging device sequence number, login IP sequence number, internetwork connection mode carries out analysis detection.Behavior dimension
Degree be substantially carried out login commonly and the users such as common time, common protocol, common interaction account are accustomed to carrying out analysis detection,
The anomaly classification function of can use risk model realizes the output of the abnormal probability under the dimension.Content dimension mainly detects
The relevant operation behavior of message is abnormal and relevant interaction account habit extremely, there are also the cluster degree of message itself and
Content exception etc., final to realize risk identification model to the anomaly analysis of above-mentioned each dimension, output risk identification result is i.e. interior
Hold exception and aggregate score.
If identifying, the account is risk account, and user's first of the account may not be the real user of the account,
Can then title processing be carried out to current account, and the real user second of the account will be sent to the relevant information that title is handled
In terminal, i.e., server exports two parts content, comprising:
804, control instruction is sent to the terminal of user's first, so that the current account that user's first logs in is offline;
805, title prompt information is sent to the terminal of user's second, so that user's second knows that its account is in title shape
State.
It should be noted that the Risk Identification Method of account provided by the present application can also cope with black production simulation or forge
The login behavioral data of user carries out risk identification, and can obtain the purpose that black production carries out account forgery, can be effective
It distinguishes normal account, support number abnormal account and a stolen account.
For example, the account information to account carries out risk identification, that is, it is mainly different to abnormal behavior, content exception and account
Normal three dimensions are identified, wherein abnormal behavior may include logging in region exception, login time section exception, logging in scene
And protocol anomaly, operating time and protocol anomaly;Content may include the IP of message, region exception extremely, and the terminal of message is come
Source is abnormal, and interaction person is abnormal abnormal with the sending time section of message in message;Account may include: that login liveness is different extremely
Often, message liveness is abnormal, social attribute is abnormal etc..
For example, the usually low message content in the low family of content abnormality degree or Content aggregation degree can be not associated
The information for indicating User Status such as delivers mood and has a talk about " Beijing, I comes ";Content abnormality degree is high, the high content of concentration class, and one
As include guidance content to network linking, such as " party photo has been uploaded to * * *, clicks * * * and gets reward red packet ";Content is different
Often, the low content of concentration class generally comprises the guidance information to same account, and e.g., " recent film asks plus sige code 124**;With drift
Bright beauty's chat, asks plus sige code 124** "
It can be seen that normal account number its abnormal behaviour score it is low and content exception/concentration class is all relatively low;And support number account
Number its abnormality score it is lower, content exception/concentration class is high, and abnormal point of aggregation is low, supports number in behavior traditionally again without bright
Aobvious mutation always mainly is malice account number, can carry out often to brush and log in brush actively.And steal-number is logging in and is operating row
For there are also content levels higher exception.
The application can set out from the final malice form of expression of the account after being stolen, i.e., final income point, create
Property bonding behavior and content-data, extract the validity feature of various dimensions, carry out the stolen comprehensive distinguishing of account.It can effectively mention
Stolen identification coverage rate is risen, and carries out the stolen abnormal evidences collection of various dimensions in subordinate act and content, is thrown in user feedback
Interpretation is realized when telling;Malice fishing link and text image after being stolen etc. can also be analyzed, to fishing and rubbish text
And content provides sample data.
It should be noted that when monitoring that the exception information in content can store these information to the sample of anomalous content
In this library, real-time update is being carried out to risk identification model, it is corresponding, when the behavioural information of user is normally changed,
It needs to be updated the portrait information of respective dimensions, to guarantee the real-time accuracy of risk identification result.
Another aspect, present invention also provides a kind of risk identification devices of account, and such as referring to Fig. 9, it illustrates this Shens
Please a kind of composition schematic diagram of risk identification device one embodiment of account, the device of the present embodiment can be applied to service
Device, the apparatus may include:
Information acquisition unit 901, for obtaining the account information of target account to be detected, the account information is at least wrapped
Include the characteristic information of behavior dimension and the characteristic information of content dimension;
Recognition unit 902, for sequentially inputting the characteristic information of at least one dimension risk identification model, obtaining phase
The recognition result answered, wherein the risk identification model is used to predict that the characteristic information of each dimension in the account information to be
No is exception information;
As a result determination unit 903 determine the risk of the target account for the recognition result according to each dimension
Recognition result.
It is a kind of may in the case where, the recognition result in recognition unit 1002 include the first dimension recognition result and
The recognition result of second dimension, the result determination unit, comprising:
Fusion treatment subelement, for carrying out the recognition result of the first dimension and the recognition result of the second dimension at fusion
Reason, obtains the risk identification result of the target account.
Optionally, fusion treatment subelement can be specifically used for:
According to first dimension and the corresponding dimension weighted value of second dimension, to the identification knot of first dimension
The recognition result of fruit and second dimension is weighted processing, obtains the risk identification result of the target account.
Optionally, the result determination unit, further includes:
Subelement is verified, if the recognition result for first dimension meets default Risk Results condition, according to institute
The recognition result for stating the second dimension verifies the recognition result of first dimension, and the risk for obtaining the target account is known
Other result.Optionally, which can also include: model creating unit, and the model creating unit includes:
Sample information obtains subelement, for obtaining the account information of sample account;
Feature extraction subelement carries out feature extraction for the account information to the sample account, obtains at least one
The characteristic information of dimension, wherein the dimension includes at least behavior dimension and content dimension;
It draws a portrait and determines that subelement determines the portrait information of the dimension for the characteristic information according to each dimension, it is described
Information of drawing a portrait can carry out real-time update according to the variation of the characteristic information of the corresponding dimension;
Information learning subelement learns for the portrait information to each dimension, obtains risk identification model.Again
In a kind of possible implementation, the portrait determines subelement, can be used for:
According to the characteristic information of the behavior dimension of account, the attribute tags of the behavior dimension of the account are generated,
In, the characteristic information of the behavior dimension includes at least following any one: the logging device information of account, the common of account are stepped on
Record the network attribute information of temporal information, the access information of account or account;
Based on the attribute tags of the behavior dimension, the portrait information of the behavior dimension of the account is determined;
Or
According to the characteristic information of the content dimension of account, the attribute tags of the content dimension of the account are generated,
In, the content dimension characterization account carries out the dimension that content information is generated when data interaction;
According to the attribute tags of the content dimension, the portrait information of the content dimension of the account is determined;
Optionally, the recognition unit is specifically used for: the characteristic information of the behavior dimension of target account being input to described
Risk identification model detects the abrupt information of the characteristic information of the behavior dimension in the risk identification model;
If the abrupt information meets behaviorist risk identification condition, the risk identification result of the behavior dimension is exported;
If the abrupt information no enough row is risk identification condition, the knowledge of the burst-normal of the behavior dimension is exported
Other result;
Or
The characteristic information of the content dimension of target account is input to the risk identification model, in the risk identification mould
In type, detect whether comprising Risk Content in the characteristic information of the content dimension, if it is, exporting the content dimension
Risk identification result;
Alternatively, detecting in the characteristic information of the content dimension, whether packet risk interacts account information, if it is, output
The risk identification result of the content dimension.
Optionally, the device further include:
Risk attributes determination unit, for the risk identification according to the target account as a result, determining the target account
Risk attributes;
Strategy execution unit, for executing account Preservation tactics corresponding with the risk attributes to the target account.
On the other hand, present invention also provides a kind of terminals, and such as referring to Figure 10, it illustrates one kind of the terminal of the application
Composed structure schematic diagram, the terminal 1000 of the present embodiment may include: processor 1001 and memory 1002.
Optionally, which can also include that communication interface 1003, input unit 1004 and display 1005 and communication are total
Line 1006.
Processor 1001, communication interface 1003, input unit 1004, display 1005, passes through communication at memory 1002
Bus 1006 completes mutual communication.
In the embodiment of the present application, the processor 1001 can be central processing unit (Central Processing
Unit, CPU), application-specific integrated circuit, digital signal processor, ready-made programmable gate array or other programmable logic
Device etc..
The processor can call the program stored in memory 1002.Specifically, processor can execute following account
Risk Identification Method embodiment in operation performed by application server side.
For storing one or more than one program in memory 1002, program may include program code, the journey
Sequence code includes computer operation instruction, in the embodiment of the present application, is at least stored in the memory for realizing following function
The program of energy:
The account information of target account to be detected is obtained, the account information includes at least the characteristic information of behavior dimension
With the characteristic information of content dimension;
By the characteristic information of at least one dimension, risk identification model is sequentially input, obtains corresponding recognition result,
In, the risk identification model is for predicting whether the characteristic information of each dimension in the account information is exception information;
According to the recognition result of each dimension, the risk identification result of the target account is determined.
In one possible implementation, which may include storing program area and storage data area, wherein
Storing program area can application program needed for storage program area and at least one function (such as information output function etc.)
Deng;Storage data area can store the data created in the use process according to computer, for example, risk identification model and account
Data etc..
In addition, memory 1002 may include high-speed random access memory, it can also include nonvolatile memory, example
Such as at least one disk memory or other volatile solid-state parts.
The communication interface 1003 can be the interface of communication module, such as the interface of gsm module.
The application can also include display 1004 and input unit 1005 etc..
Certainly, the structure of terminal shown in Fig. 10 does not constitute the restriction to terminal in the embodiment of the present application, is actually answering
It may include than more or fewer components shown in Fig. 10, or the certain components of combination with middle terminal.
On the other hand, the embodiment of the present application also provides a kind of storage medium, computer is stored in the storage medium
Executable instruction when the computer executable instructions are loaded and executed by processor, is realized in as above any one embodiment
Service the Risk Identification Method of account performed by end side.
It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment weight
Point explanation is the difference from other embodiments, and the same or similar parts between the embodiments can be referred to each other.
For device class embodiment, since it is basically similar to the method embodiment, so being described relatively simple, related place ginseng
See the part explanation of embodiment of the method.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that
A little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article or
The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged
Except there is also other identical elements in the process, method, article or equipment for including element.
The foregoing description of the disclosed embodiments can be realized those skilled in the art or using the present invention.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can
Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited
It is formed on the embodiments shown herein, and is to fit to consistent with the principles and novel features disclosed in this article widest
Range.
The above is only the preferred embodiment of the present invention, it is noted that those skilled in the art are come
It says, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications also should be regarded as
Protection scope of the present invention.
Claims (10)
1. a kind of Risk Identification Method of account characterized by comprising
Obtain the account information of target account to be detected, the account information includes at least the characteristic information of behavior dimension and interior
Hold the characteristic information of dimension;
By the characteristic information of at least one dimension, risk identification model is sequentially input, obtains corresponding recognition result, wherein institute
Risk identification model is stated for predicting whether the characteristic information of each dimension in the account information is exception information;
According to the recognition result of each dimension, the risk identification result of the target account is determined.
2. the method according to claim 1, wherein the recognition result include the first dimension recognition result and
The recognition result of second dimension, wherein the recognition result according to each dimension determines the risk of the target account
Recognition result, comprising:
The recognition result of first dimension and the recognition result of the second dimension are subjected to fusion treatment, obtain the wind of the target account
Dangerous recognition result.
3. according to the method described in claim 2, it is characterized in that, the recognition result according to each dimension, determines
The risk identification result of the target account, further includes:
If the recognition result of first dimension meets default Risk Results condition, according to the recognition result of second dimension
The recognition result of first dimension is verified, the risk identification result of the target account is obtained.
4. according to the method described in claim 2, it is characterized in that, described by the recognition result of the first dimension and the second dimension
Recognition result carries out fusion treatment, obtains the risk identification result of the target account, comprising:
According to first dimension and the corresponding dimension weighted value of second dimension, recognition result to first dimension and
The recognition result of second dimension is weighted processing, obtains the risk identification result of the target account.
5. the method according to claim 1, wherein this method further include:
Obtain the account information of sample account;
Feature extraction is carried out to the account information of the sample account, obtains the characteristic information of at least one dimension, wherein described
Dimension includes at least behavior dimension and content dimension;
According to the characteristic information of each dimension, the portrait information of the dimension is determined, the portrait information can be according to corresponding
The variation of the characteristic information of the dimension carries out real-time update;
The portrait information of each dimension is learnt, risk identification model is obtained.
6. described according to described every according to the method described in claim 5, it is characterized in that, the dimension includes behavior dimension
The characteristic information of a dimension determines the portrait information of the dimension, comprising:
According to the characteristic information of the behavior dimension of account, the attribute tags of the behavior dimension of the account are generated, wherein institute
The characteristic information for stating behavior dimension includes at least following any one: the logging device information of account, account common login when
Between information, the access information of account or account network attribute information;
Based on the attribute tags of the behavior dimension, the portrait information of the behavior dimension of the account is determined;
When the dimension includes content dimension, the characteristic information according to each dimension determines the picture of the dimension
As information, comprising:
According to the characteristic information of the content dimension of account, the attribute tags of the content dimension of the account are generated, wherein institute
It states content dimension characterization account and carries out the dimension for generating content information when data interaction;
According to the attribute tags of the content dimension, the portrait information of the content dimension of the account is determined.
7. described by the dimension the method according to claim 1, wherein the dimension includes behavior dimension
Characteristic information be input to risk identification model, export the recognition result of the dimension, comprising:
The characteristic information of the behavior dimension of target account is input to the risk identification model, in the risk identification model
In, detect the abrupt information of the characteristic information of the behavior dimension;
If the abrupt information meets behaviorist risk identification condition, the risk identification result of the behavior dimension is exported;
If the abrupt information no enough row is risk identification condition, the identification knot of the burst-normal of the behavior dimension is exported
Fruit;
When the dimension includes content dimension, the characteristic information by the dimension is input to risk identification model, output
The recognition result of the dimension, comprising:
The characteristic information of the content dimension of target account is input to the risk identification model, in the risk identification model
In, it detects whether comprising Risk Content in the characteristic information of the content dimension, if it is, exporting the wind of the content dimension
Dangerous recognition result;
Alternatively, detecting in the characteristic information of the content dimension, whether packet risk interacts account information, if it is, described in output
The risk identification result of content dimension.
8. the method according to claim 1, wherein this method further include:
Risk identification according to the target account is as a result, determine the risk attributes of the target account;
Account Preservation tactics corresponding with the risk attributes are executed to the target account.
9. a kind of risk identification device of account characterized by comprising
Information acquisition unit, for obtaining the account information of target account to be detected, the account information includes at least behavior
The characteristic information of dimension and the characteristic information of content dimension;
Recognition unit obtains accordingly identifying knot for sequentially inputting risk identification model for the characteristic information of at least one dimension
Fruit, wherein the risk identification model is for predicting whether the characteristic information of each dimension in the account information is abnormal letter
Breath;
As a result determination unit determines the risk identification knot of the target account for the recognition result according to each dimension
Fruit.
10. a kind of storage medium, which is characterized in that be stored with computer executable instructions, the calculating in the storage medium
When machine executable instruction is loaded and executed by processor, realize that the risk of the described in any item accounts of claim 1 to 8 as above is known
Other method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910683779.4A CN110399925B (en) | 2019-07-26 | 2019-07-26 | Account risk identification method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910683779.4A CN110399925B (en) | 2019-07-26 | 2019-07-26 | Account risk identification method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110399925A true CN110399925A (en) | 2019-11-01 |
| CN110399925B CN110399925B (en) | 2023-09-19 |
Family
ID=68326197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910683779.4A Active CN110399925B (en) | 2019-07-26 | 2019-07-26 | Account risk identification method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110399925B (en) |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110855723A (en) * | 2020-01-16 | 2020-02-28 | 武汉斗鱼鱼乐网络科技有限公司 | Method, system, medium and equipment for identifying target interaction account |
| CN111311136A (en) * | 2020-05-14 | 2020-06-19 | 深圳索信达数据技术有限公司 | Wind control decision method, computer equipment and storage medium |
| CN111400357A (en) * | 2020-02-21 | 2020-07-10 | 中国建设银行股份有限公司 | Method and device for identifying abnormal login |
| CN111506486A (en) * | 2020-04-17 | 2020-08-07 | 支付宝(杭州)信息技术有限公司 | Data processing method and system |
| CN111708995A (en) * | 2020-06-12 | 2020-09-25 | 中国建设银行股份有限公司 | Service processing method, device and equipment |
| CN111861701A (en) * | 2020-07-09 | 2020-10-30 | 深圳市富之富信息技术有限公司 | Wind control model optimization method and device, computer equipment and storage medium |
| CN111882432A (en) * | 2020-08-07 | 2020-11-03 | 中国工商银行股份有限公司 | Method, device, computing equipment and medium for processing service request |
| CN111985703A (en) * | 2020-08-12 | 2020-11-24 | 支付宝(杭州)信息技术有限公司 | User identity state prediction method, device and equipment |
| CN112118551A (en) * | 2020-10-16 | 2020-12-22 | 同盾控股有限公司 | Equipment risk identification method and related equipment |
| CN112232827A (en) * | 2020-10-29 | 2021-01-15 | 支付宝(杭州)信息技术有限公司 | Fraud identification method and device and electronic equipment |
| CN112487210A (en) * | 2020-12-14 | 2021-03-12 | 每日互动股份有限公司 | Abnormal device identification method, electronic device, and medium |
| CN112581259A (en) * | 2020-12-16 | 2021-03-30 | 同盾控股有限公司 | Account risk identification method and device, storage medium and electronic equipment |
| CN112905987A (en) * | 2019-11-19 | 2021-06-04 | 北京达佳互联信息技术有限公司 | Account identification method, account identification device, server and storage medium |
| CN113468519A (en) * | 2020-03-30 | 2021-10-01 | 中国移动通信集团浙江有限公司 | Plug-in operation identification method, device and equipment |
| CN113516480A (en) * | 2021-08-19 | 2021-10-19 | 支付宝(杭州)信息技术有限公司 | Payment risk identification method, device and equipment |
| CN113591068A (en) * | 2021-08-03 | 2021-11-02 | 北京奇艺世纪科技有限公司 | Online login equipment management method and device and electronic equipment |
| CN113630495A (en) * | 2020-05-07 | 2021-11-09 | 中国电信股份有限公司 | Training method and device for fraud-related order prediction model and order prediction method and device |
| CN113626494A (en) * | 2021-07-28 | 2021-11-09 | 上海齐网网络科技有限公司 | Method and system for multidimensional dimension analysis of data based on self-adaptive control |
| CN113762585A (en) * | 2021-05-17 | 2021-12-07 | 腾讯科技(深圳)有限公司 | Data processing method, account type identification method and device |
| CN113763057A (en) * | 2020-05-28 | 2021-12-07 | 北京金山云网络技术有限公司 | User identity portrait data processing method and device |
| CN114938285A (en) * | 2022-03-24 | 2022-08-23 | 阿里云计算有限公司 | Data security identification method and storage medium |
| CN113723522B (en) * | 2021-08-31 | 2023-06-16 | 平安科技(深圳)有限公司 | Abnormal user identification method and device, electronic equipment and storage medium |
| CN116542259A (en) * | 2023-07-06 | 2023-08-04 | 大白熊大数据科技(常熟)有限公司 | Fraud analysis method, server and medium for online service dialogue big data |
| CN117035782A (en) * | 2023-07-28 | 2023-11-10 | 广州盈风网络科技有限公司 | Recharging risk control method, device, equipment and storage medium |
| WO2024031881A1 (en) * | 2022-08-12 | 2024-02-15 | 中国银联股份有限公司 | Operation behavior recognition method and apparatus |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105208009A (en) * | 2015-08-27 | 2015-12-30 | 腾讯科技(深圳)有限公司 | Safety detection method and apparatus of account number |
| US20160364727A1 (en) * | 2015-06-11 | 2016-12-15 | Early Warning Services, Llc | System and method for identifying compromised accounts |
| CN106295349A (en) * | 2015-05-29 | 2017-01-04 | 阿里巴巴集团控股有限公司 | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen |
| US20170012976A1 (en) * | 2015-07-08 | 2017-01-12 | Alibaba Group Holding Limited | Authentication method, apparatus, and system |
| CN108108866A (en) * | 2016-11-24 | 2018-06-01 | 阿里巴巴集团控股有限公司 | A kind of method and device of risk control |
| CN108366009A (en) * | 2017-01-26 | 2018-08-03 | 阿里巴巴集团控股有限公司 | Method for pushing, device and the server of reminder message |
| CN108492104A (en) * | 2018-02-12 | 2018-09-04 | 阿里巴巴集团控股有限公司 | A kind of resource transfer monitoring method and device |
| CN109151518A (en) * | 2018-08-06 | 2019-01-04 | 武汉斗鱼网络科技有限公司 | A kind of recognition methods, device and the electronic equipment of stolen account |
| CN109302434A (en) * | 2017-06-15 | 2019-02-01 | 腾讯科技(深圳)有限公司 | Prompt information method for pushing and device, service platform and storage medium |
| CN109741065A (en) * | 2019-01-28 | 2019-05-10 | 广州虎牙信息科技有限公司 | A kind of payment risk recognition methods, device, equipment and storage medium |
-
2019
- 2019-07-26 CN CN201910683779.4A patent/CN110399925B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295349A (en) * | 2015-05-29 | 2017-01-04 | 阿里巴巴集团控股有限公司 | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen |
| US20160364727A1 (en) * | 2015-06-11 | 2016-12-15 | Early Warning Services, Llc | System and method for identifying compromised accounts |
| US20170012976A1 (en) * | 2015-07-08 | 2017-01-12 | Alibaba Group Holding Limited | Authentication method, apparatus, and system |
| CN105208009A (en) * | 2015-08-27 | 2015-12-30 | 腾讯科技(深圳)有限公司 | Safety detection method and apparatus of account number |
| CN108108866A (en) * | 2016-11-24 | 2018-06-01 | 阿里巴巴集团控股有限公司 | A kind of method and device of risk control |
| CN108366009A (en) * | 2017-01-26 | 2018-08-03 | 阿里巴巴集团控股有限公司 | Method for pushing, device and the server of reminder message |
| CN109302434A (en) * | 2017-06-15 | 2019-02-01 | 腾讯科技(深圳)有限公司 | Prompt information method for pushing and device, service platform and storage medium |
| CN108492104A (en) * | 2018-02-12 | 2018-09-04 | 阿里巴巴集团控股有限公司 | A kind of resource transfer monitoring method and device |
| CN109151518A (en) * | 2018-08-06 | 2019-01-04 | 武汉斗鱼网络科技有限公司 | A kind of recognition methods, device and the electronic equipment of stolen account |
| CN109741065A (en) * | 2019-01-28 | 2019-05-10 | 广州虎牙信息科技有限公司 | A kind of payment risk recognition methods, device, equipment and storage medium |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112905987B (en) * | 2019-11-19 | 2024-02-27 | 北京达佳互联信息技术有限公司 | Account identification method, device, server and storage medium |
| CN112905987A (en) * | 2019-11-19 | 2021-06-04 | 北京达佳互联信息技术有限公司 | Account identification method, account identification device, server and storage medium |
| CN110855723A (en) * | 2020-01-16 | 2020-02-28 | 武汉斗鱼鱼乐网络科技有限公司 | Method, system, medium and equipment for identifying target interaction account |
| CN111400357A (en) * | 2020-02-21 | 2020-07-10 | 中国建设银行股份有限公司 | Method and device for identifying abnormal login |
| CN113468519A (en) * | 2020-03-30 | 2021-10-01 | 中国移动通信集团浙江有限公司 | Plug-in operation identification method, device and equipment |
| CN111506486B (en) * | 2020-04-17 | 2022-04-19 | 支付宝(杭州)信息技术有限公司 | Data processing method and system |
| CN111506486A (en) * | 2020-04-17 | 2020-08-07 | 支付宝(杭州)信息技术有限公司 | Data processing method and system |
| CN113630495A (en) * | 2020-05-07 | 2021-11-09 | 中国电信股份有限公司 | Training method and device for fraud-related order prediction model and order prediction method and device |
| CN113630495B (en) * | 2020-05-07 | 2022-08-02 | 中国电信股份有限公司 | Training method and device for fraud-related order prediction model and order prediction method and device |
| CN111311136A (en) * | 2020-05-14 | 2020-06-19 | 深圳索信达数据技术有限公司 | Wind control decision method, computer equipment and storage medium |
| CN113763057B (en) * | 2020-05-28 | 2024-05-14 | 北京金山云网络技术有限公司 | User identity portrait data processing method and device |
| CN113763057A (en) * | 2020-05-28 | 2021-12-07 | 北京金山云网络技术有限公司 | User identity portrait data processing method and device |
| CN111708995A (en) * | 2020-06-12 | 2020-09-25 | 中国建设银行股份有限公司 | Service processing method, device and equipment |
| CN111861701A (en) * | 2020-07-09 | 2020-10-30 | 深圳市富之富信息技术有限公司 | Wind control model optimization method and device, computer equipment and storage medium |
| CN111882432A (en) * | 2020-08-07 | 2020-11-03 | 中国工商银行股份有限公司 | Method, device, computing equipment and medium for processing service request |
| CN111985703A (en) * | 2020-08-12 | 2020-11-24 | 支付宝(杭州)信息技术有限公司 | User identity state prediction method, device and equipment |
| CN111985703B (en) * | 2020-08-12 | 2022-07-29 | 支付宝(杭州)信息技术有限公司 | User identity state prediction method, device and equipment |
| CN112118551A (en) * | 2020-10-16 | 2020-12-22 | 同盾控股有限公司 | Equipment risk identification method and related equipment |
| CN112232827A (en) * | 2020-10-29 | 2021-01-15 | 支付宝(杭州)信息技术有限公司 | Fraud identification method and device and electronic equipment |
| CN112487210A (en) * | 2020-12-14 | 2021-03-12 | 每日互动股份有限公司 | Abnormal device identification method, electronic device, and medium |
| CN112581259A (en) * | 2020-12-16 | 2021-03-30 | 同盾控股有限公司 | Account risk identification method and device, storage medium and electronic equipment |
| CN112581259B (en) * | 2020-12-16 | 2023-09-19 | 同盾控股有限公司 | Account risk identification method and device, storage medium and electronic equipment |
| CN113762585A (en) * | 2021-05-17 | 2021-12-07 | 腾讯科技(深圳)有限公司 | Data processing method, account type identification method and device |
| CN113626494A (en) * | 2021-07-28 | 2021-11-09 | 上海齐网网络科技有限公司 | Method and system for multidimensional dimension analysis of data based on self-adaptive control |
| CN113626494B (en) * | 2021-07-28 | 2024-03-29 | 上海齐网网络科技有限公司 | Data multidimensional dimension analysis method and system based on self-adaptive control |
| CN113591068A (en) * | 2021-08-03 | 2021-11-02 | 北京奇艺世纪科技有限公司 | Online login equipment management method and device and electronic equipment |
| CN113516480A (en) * | 2021-08-19 | 2021-10-19 | 支付宝(杭州)信息技术有限公司 | Payment risk identification method, device and equipment |
| CN113516480B (en) * | 2021-08-19 | 2024-04-26 | 支付宝(杭州)信息技术有限公司 | Payment risk identification method, device and equipment |
| CN113723522B (en) * | 2021-08-31 | 2023-06-16 | 平安科技(深圳)有限公司 | Abnormal user identification method and device, electronic equipment and storage medium |
| CN114938285A (en) * | 2022-03-24 | 2022-08-23 | 阿里云计算有限公司 | Data security identification method and storage medium |
| WO2024031881A1 (en) * | 2022-08-12 | 2024-02-15 | 中国银联股份有限公司 | Operation behavior recognition method and apparatus |
| CN116542259B (en) * | 2023-07-06 | 2023-09-05 | 大白熊大数据科技(常熟)有限公司 | Fraud analysis method, server and medium for online service dialogue big data |
| CN116542259A (en) * | 2023-07-06 | 2023-08-04 | 大白熊大数据科技(常熟)有限公司 | Fraud analysis method, server and medium for online service dialogue big data |
| CN117035782A (en) * | 2023-07-28 | 2023-11-10 | 广州盈风网络科技有限公司 | Recharging risk control method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110399925B (en) | 2023-09-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110399925A (en) | Risk Identification Method, device and the storage medium of account | |
| Akhtar et al. | Detecting fake news and disinformation using artificial intelligence and machine learning to avoid supply chain disruptions | |
| Mena | Machine learning forensics for law enforcement, security, and intelligence | |
| US8255273B2 (en) | Evaluating online marketing efficiency | |
| CN108170580A (en) | A kind of rule-based log alarming method, apparatus and system | |
| CN110442712B (en) | Risk determination method, risk determination device, server and text examination system | |
| CN107835231A (en) | The processing method and terminal device of feedback information | |
| US20200012990A1 (en) | Systems and methods of network-based intelligent cyber-security | |
| US20170109639A1 (en) | General Model for Linking Between Nonconsecutively Performed Steps in Business Processes | |
| CN106599295A (en) | Multi-track visual analyzing evidence-collecting method for user behaviors and system | |
| CN111160783B (en) | Digital asset value evaluation method and system and electronic equipment | |
| CN102870110B (en) | Document registration system | |
| CN107409134A (en) | Method card analysis | |
| CN109657119A (en) | A kind of web crawlers detection method based on access log IP analysis | |
| CN115168453A (en) | Interest analysis method and system for e-commerce data push | |
| CN110457601B (en) | Social account identification method and device, storage medium and electronic device | |
| CN112437034B (en) | False terminal detection method and device, storage medium and electronic device | |
| CN112347457A (en) | Abnormal account detection method and device, computer equipment and storage medium | |
| US8854372B2 (en) | Consolidation and visualization of a set of raw data corresponding to a communication between a person of interest and a correspondent across a plurality of mediums of communication | |
| Chauhan et al. | Anomalous behavior detection in social networking | |
| US20200067985A1 (en) | Systems and methods of interactive and intelligent cyber-security | |
| US20240121274A1 (en) | Methods and systems for processing cyber incidents in cyber incident management systems using dynamic processing hierarchies | |
| CN116991675A (en) | Abnormal access monitoring method and device, computer equipment and storage medium | |
| Zytniewski et al. | Software agents supporting the security of IT systems handling personal information | |
| AT&T | () |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |