CN110427971A - Recognition methods, device, server and the storage medium of user and IP - Google Patents
Recognition methods, device, server and the storage medium of user and IP Download PDFInfo
- Publication number
- CN110427971A CN110427971A CN201910605248.3A CN201910605248A CN110427971A CN 110427971 A CN110427971 A CN 110427971A CN 201910605248 A CN201910605248 A CN 201910605248A CN 110427971 A CN110427971 A CN 110427971A
- Authority
- CN
- China
- Prior art keywords
- target
- identification
- user
- improper
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The present invention provides the recognition methods of a kind of user and IP, device, server and storage mediums, this method comprises: receiving user's request that client is sent, user requests the client to send by fission activity;According to the preconfigured identification target of fission activity is directed to, the corresponding target identification of identification target is extracted from user's request, identification target is user or IP address;Historical behavior data corresponding with target identification are obtained, and determine Model of Target Recognition corresponding with identification target;Historical behavior data are inputted into Model of Target Recognition, obtain target identification as a result, the target identification result includes normal target, doubtful improper target or improper target.The present invention is due to no longer needing to carry out each activity anti-brush threshold test code implantation, it reduces costs, and train obtained Model of Target Recognition neural network based to be identified by mass data, it is no longer dependent on single threshold value, improves identification accuracy.
Description
Technical field
The present invention relates to Internet technical fields, more particularly to the recognition methods of a kind of user and IP, device, server
And storage medium.
Background technique
In order to attract user, some businessmans provide neck certificate, the fissions activity such as withdraw deposit, and some improper users are in order to meet
Operations Requirements acquisition activity reward carries out brush amount by program to reach Operations Requirements, corresponding activity reward is extracted, to businessman
It causes damages, and disturbs normal users.
In the prior art, the intervention of rule is generally based on to identify improper user, that is, is based on crawler behavior scene, is opened
Hair personnel carry out exploitation data setting threshold value to the single behavior of activity.It learns that user operates at the appointed time when server to reach
Threshold value determines that the user or IP operationally have malicious act.
Be implanted into due to needing to carry out each activity anti-brush threshold test code, business is invaded it is bigger, exploitation at
This is relatively high, and the selection of threshold value easily forms the effect imposed uniformity without examining individual cases, excessively high to omit some improper users, it is too low it is easy will
Normal users are identified as improper user.Therefore the prior art haves the defects that at high cost and identification accuracy is low.
Summary of the invention
In view of the above problems, it proposes the embodiment of the present invention and overcomes the above problem or at least partly in order to provide one kind
Recognition methods, device, server and the storage medium of a kind of user and IP that solve the above problems.
According to the present invention in a first aspect, providing the recognition methods of a kind of user and IP, comprising:
User's request that client is sent is received, the user requests the client to send by fission activity;
According to the preconfigured identification target of the fission activity is directed to, the identification mesh is extracted from user request
Corresponding target identification is marked, the identification target is user or IP address;
Historical behavior data corresponding with the target identification are obtained, and determine that target corresponding with the identification target is known
Other model;Wherein, the Model of Target Recognition is neural network model, by normal target, doubtful improper target and improper
The behavioral data training of target obtains;
The historical behavior data are inputted into the Model of Target Recognition, obtain target identification as a result, the target identification
It as a result include normal target, doubtful improper target or improper target.
Optionally, before user's request that the reception client is sent, further includes:
Obtain user's history user behaviors log;
According to identification target, the corresponding behavioral data of normal target, doubtful is extracted from the user's history user behaviors log
The improper corresponding behavioral data of target and the corresponding behavioral data of improper target;
By the corresponding behavioral data of the normal target, the doubtful improper corresponding behavioral data of target and improper target
Corresponding behavioral data, as training data;
Based on the training data, neural network model is trained, obtains the Model of Target Recognition.
Optionally, according to identification target, the corresponding behavior number of normal target is extracted from the user's history user behaviors log
According to, the doubtful improper corresponding behavioral data of target and the corresponding behavioral data of improper target, comprising:
According to default statistical indicator, unite to the behavioral data of identification target same in the user's history user behaviors log
Meter, obtains the corresponding value of statistical indicant of each identification target;
The identification target for determining that the value of statistical indicant is less than or equal to first threshold is normal target, determines the statistics
Index value is greater than the first threshold and is less than or equal to the identification target of second threshold for doubtful improper target, described in determination
The identification target that value of statistical indicant is greater than the second threshold is improper target, and the first threshold is less than second threshold
Value;
Extract the normal target, doubtful improper target and improper target pair respectively from the User action log
The behavioral data answered.
Optionally, the default statistical indicator includes number of operations in preset time, acquisition activity prize in preset time
The number encouraged or the total amount obtained in preset time when activity reward is cash.
Optionally, the historical behavior data are inputted into the Model of Target Recognition described, obtains target identification result
Later, further includes:
If the target identification result is normal target, user's request is responded;
If the target identification result is improper target, refuse user's request.
Optionally, the historical behavior data are inputted into the Model of Target Recognition described, obtains target identification result
Later, further includes:
If the target identification result is doubtful improper target, the client is verified, and obtain verifying
As a result;
According to the verification result, responds user's request or refuse user's request.
Optionally, before obtaining historical behavior data corresponding with the target identification, further includes:
Judge whether the target identification exists in the corresponding blacklist of the identification target;
If the target identification exists in the blacklist, refuse user's request;If the target identification exists
It is not present in the blacklist, then triggers the acquisition operation of the historical behavior data.
Second aspect according to the present invention provides the identification device of a kind of user and IP, comprising:
Request receiving module, for receiving user's request of client transmission, user's request is that the client is logical
Cross fission activity transmission;
Target identification extraction module is directed to the preconfigured identification target of the fission activity for basis, from the use
The corresponding target identification of the identification target is extracted in the request of family, the identification target is user or IP address;
Historical data obtains module, for obtaining historical behavior data corresponding with the target identification, and determining and institute
State the corresponding Model of Target Recognition of identification target;Wherein, the Model of Target Recognition be neural network model, by normal target,
The training of the behavioral data of doubtful improper target and improper target obtains;
Target identification module obtains target identification for the historical behavior data to be inputted the Model of Target Recognition
As a result, the target identification result includes normal target, doubtful improper target or improper target.
Optionally, described device further include:
User behaviors log obtains module, for obtaining user's history user behaviors log;
Behavioral data extraction module, for extracting normal mesh from the user's history user behaviors log according to identification target
Mark corresponding behavioral data, the doubtful improper corresponding behavioral data of target and the corresponding behavioral data of improper target;
Training data determining module, for the corresponding behavioral data of the normal target, doubtful improper target is corresponding
Behavioral data and the corresponding behavioral data of improper target, as training data;
Neural metwork training module is trained neural network model, obtains described for being based on the training data
Model of Target Recognition.
Optionally, the behavioral data extraction module includes:
Statistic unit presets statistical indicator for basis, to identification target same in the user's history user behaviors log
Behavioral data is counted, and the corresponding value of statistical indicant of each identification target is obtained;
Target determination unit, the identification target for determining that the value of statistical indicant is less than or equal to first threshold is normal
Target, it is doubtful non-for determining that the value of statistical indicant is greater than the first threshold and is less than or equal to the identification target of second threshold
Normal target, the identification target for determining that the value of statistical indicant is greater than the second threshold is improper target, first threshold
Value is less than the second threshold;
Data extracting unit, for extracting the normal target, doubtful improper respectively from the User action log
Target and the corresponding behavioral data of improper target.
Optionally, the default statistical indicator includes number of operations in preset time, acquisition activity prize in preset time
The number encouraged or the total amount obtained in preset time when activity reward is cash.
Optionally, described device further include:
Ask respond module responds user's request if being normal target for the target identification result;
Request refusal module refuses user's request if being improper target for the target identification result.
Optionally, described device further include:
Authentication module tests the client if being doubtful improper target for the target identification result
Card, and obtain verification result;
Verification processing module, for responding user's request or refusing user's request according to the verification result.
Optionally, described device further include:
Judgment module, for judging whether the target identification exists in the corresponding blacklist of the identification target;
Processing module refuses user's request if existing in the blacklist for the target identification;If institute
It states target identification to be not present in the blacklist, then triggers the acquisition operation of the historical behavior data.
The third aspect according to the present invention, additionally provides a kind of server, processor, memory and is stored in the storage
On device and the computer program that can run on the processor, realized such as when the computer program is executed by the processor
The recognition methods of user described in first aspect and IP.
Fourth aspect according to the present invention, additionally provides a kind of computer readable storage medium, described computer-readable to deposit
It is stored with computer program on storage media, user as described in relation to the first aspect is realized when the computer program is executed by processor
And the recognition methods of IP.
Recognition methods, device, server and the storage medium of user and IP provided by the invention, by receiving client hair
The user's request sent, user's request is that client is sent by fission activity, according to preparatory for the fission activity
The identification target of configuration extracts the corresponding target identification of identification target from user's request, obtains go through corresponding with target identification
History behavioral data, and determine Model of Target Recognition corresponding with identification target, the historical behavior data are inputted into the target
Identification model obtains target identification as a result, reducing due to no longer needing to carry out each activity anti-brush threshold test code implantation
Cost, and being identified by Model of Target Recognition neural network based that mass data training obtains, no longer according to
Lai Yu single threshold value improves identification accuracy.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.
Fig. 1 is the step flow chart of the recognition methods of a kind of user and IP provided in an embodiment of the present invention;
Fig. 2 is the step flow chart of the recognition methods of a kind of user and IP provided in an embodiment of the present invention;
Fig. 3 is the structural block diagram of the identification device of a kind of user and IP provided in an embodiment of the present invention;
Fig. 4 is a kind of structural block diagram of server provided in an embodiment of the present invention.
Specific embodiment
The exemplary embodiment that the present invention will be described in more detail below with reference to accompanying drawings.Although showing the present invention in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the present invention without should be by embodiments set forth here
It is limited.It is to be able to thoroughly understand the present invention on the contrary, providing these embodiments, and can be by the scope of the present invention
It is fully disclosed to those skilled in the art.
Fig. 1 is the step flow chart of the recognition methods of a kind of user and IP provided in an embodiment of the present invention, this method application
In for the fission improper user of activity recognition or improper IP address, can be executed by server, as shown in Figure 1, this method
May include:
Step 101, user's request that client is sent is received, user's request is that the client passes through fission activity
It sends.
Wherein, user request include: user identifier (such as Unionid or OpenId), request source (Referer),
Client identification (User-Agent), IP address, conversion link (X-Forwarded-For) and operating time.For OpenId,
Each application has an OpenId.The user that Unionid is used to distinguish the different application under same wechat open platform is unique
Property, i.e., for same user, Unionid is identical in different application under same wechat open platform.Referer is
The a part of head (header) in HTTP request can generally take when browser is sent to web server requests
Referer, so that server can determine that the request is come from which page link.Fission activity is, for example, that power-assisted is living
It moves, activity of forming a team etc..User's request e.g. power-assisted request, the request of neck certificate, withdraw deposit request or request etc. of forming a team.
Active link of fissioning can be sent to the good friend of oneself by one user, and user good friend clicks the fission activity chain
It connects, server receives user's request of client transmission, and can identify request source and forwarding chain according to user's request
Road determines that the user for belonging to same raw requests source requests according to request source and conversion link, same convenient for subsequent judgement
Whether user's request in raw requests source reaches Operations Requirements.
Step 102, according to the preconfigured identification target of the fission activity is directed to, institute is extracted from user request
The corresponding target identification of identification target is stated, the identification target is user or IP address.
Server can be pre-configured with identification target according to fission activity.If preconfigured identification target is user,
User identifier is extracted from user's request;If preconfigured identification target is IP address, extracted from user's request specific
IP address.
Step 103, historical behavior data corresponding with the target identification are obtained, and determination is corresponding with the identification target
Model of Target Recognition;Wherein, the Model of Target Recognition is neural network model, by normal target, doubtful improper target
Behavioral data training with improper target obtains.
Wherein, the neural network model is semi-supervised neural network model, and semi-supervised neural network is semi-supervised learning
The neural network of cluster is divided into three classes, i.e. normal target, doubtful improper target and improper target so that exporting result.
Model of Target Recognition is by the behavioral data of a large amount of normal target, the behavioral data of doubtful improper target and non-
The behavioral data training of normal target is completed.Model of Target Recognition includes user's identification model or IP identification model.If identifying mesh
It is designated as user, then Model of Target Recognition is user's identification model, normal target, doubtful improper target and improper target difference
For normal users, doubtful improper user and improper user.If identification target is IP address, Model of Target Recognition is IP knowledge
Other model, normal target, doubtful improper target and improper target be respectively normal IP address, doubtful improper IP address and
Improper IP address.
According to target identification, historical behavior data corresponding with the target identification are obtained in the database.If target mark
Knowing is user identifier, then obtains the corresponding historical behavior data of the user identifier, these historical behavior data may by it is multiple not
Same IP address is sent.If target identification is IP address, the corresponding historical behavior data of the IP address, these history rows are obtained
It may be the behavioral data of different user for data.Wherein, the historical behavior data of acquisition can be the behavior in preset time
Data, the behavioral data in e.g. one month or the behavioral data in two months.
Step 104, the historical behavior data are inputted into the Model of Target Recognition, obtains target identification as a result, described
Target identification result includes normal target, doubtful improper target or improper target.
The input of Model of Target Recognition is historical behavior data, is exported as target identification knot corresponding with the identification target
Fruit.When identifying that target is user, target identification result includes normal users, doubtful improper user or improper user;Identification
When target is IP address, target identification result includes normal IP address, doubtful improper IP address or improper IP address.
User and IP recognition methods provided in this embodiment is requested, the user by receiving the user that client is sent
Request is that client is sent by fission activity, according to the preconfigured identification target of the fission activity is directed to, from user
The corresponding target identification of identification target is extracted in request, obtains historical behavior data corresponding with target identification, and is determined and known
The historical behavior data are inputted the Model of Target Recognition, obtain target identification by the corresponding Model of Target Recognition of other target
As a result, reducing costs, and due to no longer needing to carry out each activity anti-brush threshold test code implantation by largely counting
It is identified according to the Model of Target Recognition neural network based that training obtains, is no longer dependent on single threshold value, improves
Identify accuracy.
Based on the above technical solution, the historical behavior data are inputted into the Model of Target Recognition described,
After obtaining target identification result, further includes:
If the target identification result is normal target, user's request is responded;
If the target identification result is improper target, refuse user's request.
Identification by Model of Target Recognition to target identification, in target identification result to timely respond to institute when normal target
User's request is stated, to guarantee the access of normal target.When target identification result is improper target, refuses the user and ask
It asks, avoids loss caused by user's brush amount.
Based on the above technical solution, the historical behavior data are inputted into the Model of Target Recognition described,
After obtaining target identification result, further includes:
If the target identification result is doubtful improper target, the client is verified, and obtain verifying
As a result;
According to the verification result, responds user's request or refuse user's request.
If the target identification result is doubtful improper target, verification information, client are returned to the client
It shows that verification information inputs corresponding verification result by user, and transmits verification result to server, server is according to verifying
As a result, determining that identification target is normal target or improper target, and when recognition result is normal target, respond the user
User's request is refused in request when recognition result is improper target.
Based on the above technical solution, before obtaining historical behavior data corresponding with the target identification, also
Include:
Judge whether the target identification exists in the corresponding blacklist of the identification target;
If the target identification exists in the blacklist, refuse user's request;If the target identification exists
It is not present in the blacklist, then triggers the acquisition operation of the historical behavior data.
For identification target, corresponding blacklist is pre-set, when receiving user's request, first determines whether that user asks
Whether the target identification asked exists in blacklist, if the target identification exists in blacklist, refuses user's request,
Subsequent identification operation need not be executed again, improve processing speed, if the target identification is not present in blacklist, obtain with
The corresponding historical behavior data of target identification, and target identification is known using Model of Target Recognition based on historical behavior data
Not, improper target is recognized accurately.
Fig. 2 is the step flow chart of the recognition methods of a kind of user and IP provided in an embodiment of the present invention, as shown in Fig. 2,
This method may include:
Step 201, user's history user behaviors log is obtained.
The each fission activity (such as neck certificate, activity of withdrawing deposit) provided for server bury a little, obtains asking for user
Information is sought, and by increased access log filter, to filter the family mark extracted in solicited message, request source, client
The information such as mark, IP address, IP address ownership place, conversion link and operating time are held, obtain user's history user behaviors log, and protect
It is stored in database.Wherein, a kind of common collecting method that point analysis is web analytics is buried.The solicited message is for example
It is power-assisted request, the request of neck certificate, withdraw deposit request and request etc. of forming a team.
When being trained to Model of Target Recognition, user's history user behaviors log is obtained from database.
Step 202, according to identification target, the corresponding behavior number of normal target is extracted from the user's history user behaviors log
According to, the doubtful improper corresponding behavioral data of target and the corresponding behavioral data of improper target.
Normal target, doubtful improper target and improper target can be and manually sieve to user's history user behaviors log
Choosing obtains, and can also be screened to obtain to user's history user behaviors log by preset rule, can also be first by pre-
The rule first set is screened, then by manual review, the result obtained from is more accurate.Further according to determining normal mesh
Mark, doubtful improper target and improper target, extract corresponding behavioral data respectively from historical behavior log.
In a specific embodiment, according to identification target, extracted from the user's history user behaviors log normal
The corresponding behavioral data of target, the doubtful improper corresponding behavioral data of target and the corresponding behavioral data of improper target, packet
It includes:
According to default statistical indicator, unite to the behavioral data of identification target same in the user's history user behaviors log
Meter, obtains the corresponding value of statistical indicant of each identification target;
The identification target for determining that the value of statistical indicant is less than or equal to first threshold is normal target, determines the statistics
Index value is greater than the first threshold and is less than or equal to the identification target of second threshold for doubtful improper target, described in determination
The identification target that value of statistical indicant is greater than the second threshold is improper target, and the first threshold is less than second threshold
Value;
Extract the normal target, doubtful improper target and improper target pair respectively from the User action log
The behavioral data answered.
Wherein, the default statistical indicator is the preset index to be counted, including the operation time in preset time
The number of acquisition activity reward or the total amount obtained in preset time when activity reward is cash in number, preset time.
According to value of statistical indicant compared with first threshold and second threshold, to determine in user's history user behaviors log just
Normal target, doubtful improper target and improper target, and it is corresponding to extract from user's history user behaviors log each target
Behavioral data.After determining normal target, doubtful improper target and improper target according to value of statistical indicant, it can also carry out
Manual review, to ensure the accuracy of determining normal target, doubtful improper target and improper target, so that it is guaranteed that subsequent
The accuracy of trained Model of Target Recognition.
Step 203, by the corresponding behavioral data of the normal target, the corresponding behavioral data of doubtful improper target and non-
The corresponding behavioral data of normal target, as training data.
Step 204, it is based on the training data, neural network model is trained, the Model of Target Recognition is obtained.
Classification of risks is carried out by semi-supervised machine clustering algorithm, establishes neural network model.Classification of risks is divided into three classes,
Respectively normal target, doubtful improper target and improper target.
Using behavioral data as the input of neural network model, using the corresponding target identification result of behavioral data as nerve
The output of network model, is trained neural network model, inputs neural network model especially by by behavioral data, obtains
Output is as a result, according to output result and known target identification as a result, to adjust the network parameter of neural network model, by big
The training data of amount is adjusted the network parameter of neural network model, so that neural network model is restrained, obtains target knowledge
Other model.
Malicious user can frequently replace IP agent pool when brush amount, around the plan for carrying out anti-brush for single IP address
Slightly.But the IP address of malicious user has an apparent feature that the IP address exactly can largely be utilized in a short time
Carry out brush amount, same IP address can multiple accounts (user identifier) carry out using.When identifying that target is IP address, target identification mould
Type is IP identification model, is modeled by operating frequency to IP address and corresponding user identifier, thus by using upper
Stating the Model of Target Recognition that training data training obtains may learn above-mentioned rule, accurately identify improper IP address.
When identifying target is user, Model of Target Recognition is user's identification model, and user's identification model is with user
Operating frequency and spatial variations number (as same user is logged in using different IP addresses) model.
Step 205, user's request that client is sent is received, user's request is that the client passes through fission activity
It sends.
Step 206, according to the preconfigured identification target of the fission activity is directed to, institute is extracted from user request
The corresponding target identification of identification target is stated, the identification target is user or IP address.
Step 207, historical behavior data corresponding with the target identification are obtained, and determination is corresponding with the identification target
Model of Target Recognition.
Step 208, the historical behavior data are inputted into the Model of Target Recognition, obtains target identification as a result, described
Target identification result includes normal target, doubtful improper target or improper target.
User and IP recognition methods provided in an embodiment of the present invention, by obtaining user's history user behaviors log, according to identification
Target extracts the corresponding behavioral data of normal target, the corresponding behavior number of doubtful improper target from user's history user behaviors log
Neural network model is trained using these data as training data according to behavioral data corresponding with improper target, is obtained
To Model of Target Recognition, pass through the corresponding behavioral data of a large amount of normal target, the corresponding behavioral data of doubtful improper target
The recognition result for the Model of Target Recognition that behavioral data training corresponding with improper target obtains is more accurate, thus further
Improve the accuracy of identification.
It should be noted that for simple description, therefore, it is stated as a series of action groups for embodiment of the method
It closes, but those skilled in the art should understand that, embodiment of that present invention are not limited by the describe sequence of actions, because according to
According to the embodiment of the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art also should
Know, the embodiments described in the specification are all preferred embodiments, and the related movement not necessarily present invention is implemented
Necessary to example.
Fig. 3 is the structural block diagram of the identification device of a kind of user and IP provided in an embodiment of the present invention, the user and IP's
Identification device can be applied to for the fission improper user of activity recognition or improper IP address, as shown in figure 3, the user and
The identification device of IP may include:
Request receiving module 301, for receiving user's request of client transmission, user's request is the client
It is sent by fission activity;
Target identification extraction module 302, for according to the preconfigured identification target of the fission activity is directed to, from described
The corresponding target identification of the identification target is extracted in user's request, the identification target is user or IP address;
Historical data obtains module 303, for obtaining corresponding with target identification historical behavior data, and determine and
The corresponding Model of Target Recognition of the identification target;Wherein, the Model of Target Recognition is neural network model, by normal mesh
The behavioral data training of mark, doubtful improper target and improper target obtains;
Target identification module 304 obtains target knowledge for the historical behavior data to be inputted the Model of Target Recognition
Not as a result, the target identification result includes normal target, doubtful improper target or improper target.
Optionally, described device further include:
User behaviors log obtains module, for obtaining user's history user behaviors log;
Behavioral data extraction module, for extracting normal mesh from the user's history user behaviors log according to identification target
Mark corresponding behavioral data, the doubtful improper corresponding behavioral data of target and the corresponding behavioral data of improper target;
Training data determining module, for the corresponding behavioral data of the normal target, doubtful improper target is corresponding
Behavioral data and the corresponding behavioral data of improper target, as training data;
Neural metwork training module is trained neural network model, obtains described for being based on the training data
Model of Target Recognition.
Optionally, the behavioral data extraction module includes:
Statistic unit presets statistical indicator for basis, to identification target same in the user's history user behaviors log
Behavioral data is counted, and the corresponding value of statistical indicant of each identification target is obtained;
Target determination unit, the identification target for determining that the value of statistical indicant is less than or equal to first threshold is normal
Target, it is doubtful non-for determining that the value of statistical indicant is greater than the first threshold and is less than or equal to the identification target of second threshold
Normal target, the identification target for determining that the value of statistical indicant is greater than the second threshold is improper target, first threshold
Value is less than the second threshold;
Data extracting unit, for extracting the normal target, doubtful improper respectively from the User action log
Target and the corresponding behavioral data of improper target.
Optionally, the default statistical indicator includes number of operations in preset time, acquisition activity prize in preset time
The number encouraged or the total amount obtained in preset time when activity reward is cash.
Optionally, described device further include:
Ask respond module responds user's request if being normal target for the target identification result;
Request refusal module refuses user's request if being improper target for the target identification result.
Optionally, described device further include:
Authentication module tests the client if being doubtful improper target for the target identification result
Card, and obtain verification result;
Verification processing module, for responding user's request or refusing user's request according to the verification result.
Optionally, described device further include:
Judgment module, for judging whether the target identification exists in the corresponding blacklist of the identification target;
Processing module refuses user's request if existing in the blacklist for the target identification;If institute
It states target identification to be not present in the blacklist, then triggers the acquisition operation of the historical behavior data.
The identification device of user and IP provided in this embodiment receive the user that client is sent by request receiving module
Request, user's request is that client is sent by fission activity, and target identification extraction module is according to for the fission
The preconfigured identification target of activity, extracts the corresponding target identification of identification target from user's request, and historical data obtains mould
Block obtains historical behavior data corresponding with target identification, and determines Model of Target Recognition corresponding with identification target, and target is known
The historical behavior data are inputted the Model of Target Recognition by other module, obtain target identification as a result, due to no longer needing pair
Each activity carries out the implantation of anti-brush threshold test code, reduces costs, and by mass data it is trained obtain based on mind
Model of Target Recognition through network is identified, is no longer dependent on single threshold value, is improved identification accuracy.
Fig. 4 is a kind of structural block diagram of server provided in an embodiment of the present invention.As shown in figure 4, the server 400 can be with
Including one or more processors 401 and the one or more memories 402 being connect with processor 401.Server 400 may be used also
To include input interface 403 and output interface 404, for being communicated with another device or system.By the CPU of processor 401
The program code of execution is storable in memory 402.
Processor 401 in server 400 calls the program code for being stored in memory 402, to execute above-described embodiment
In user and IP recognition methods.
Said elements in above-mentioned server can be connected to each other by bus, bus such as data/address bus, address bus, control
One of bus, expansion bus and local bus processed or any combination thereof.
According to one embodiment of present invention, a kind of computer readable storage medium is additionally provided, it is described computer-readable
Computer program is stored on storage medium, storage medium can be read-only memory (Read-Only Memory, ROM), or
It is read-write, such as hard disk, flash memory.The user and IP of previous embodiment are realized when the computer program is executed by processor
Recognition methods.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, apparatus or calculate
Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can
With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program
The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions
In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these
Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices
Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices
In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet
The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram
The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that
Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus
The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart
And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases
This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as
Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap
Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article
Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited
Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
Above to recognition methods, device, server and the storage medium of a kind of user provided by the present invention and IP, carry out
It is discussed in detail, used herein a specific example illustrates the principle and implementation of the invention, above embodiments
Explanation be merely used to help understand method and its core concept of the invention;At the same time, for those skilled in the art,
According to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion in this specification
Appearance should not be construed as limiting the invention.
Claims (16)
1. the recognition methods of a kind of user and IP characterized by comprising
User's request that client is sent is received, the user requests the client to send by fission activity;
According to the preconfigured identification target of the fission activity is directed to, the identification target pair is extracted from user request
The target identification answered, the identification target are user or IP address;
Historical behavior data corresponding with the target identification are obtained, and determine target identification mould corresponding with the identification target
Type;Wherein, the Model of Target Recognition is neural network model, by normal target, doubtful improper target and improper target
Behavioral data training obtain;
The historical behavior data are inputted into the Model of Target Recognition, obtain target identification as a result, the target identification result
Including normal target, doubtful improper target or improper target.
2. the method according to claim 1, wherein it is described reception client send user request before,
Further include:
Obtain user's history user behaviors log;
According to identification target, extracted from the user's history user behaviors log the corresponding behavioral data of normal target, it is doubtful it is non-just
The normal corresponding behavioral data of target and the corresponding behavioral data of improper target;
The corresponding behavioral data of the normal target, the doubtful improper corresponding behavioral data of target and improper target is corresponding
Behavioral data, as training data;
Based on the training data, neural network model is trained, obtains the Model of Target Recognition.
3. according to the method described in claim 2, it is characterized in that, according to identification target, from the user's history user behaviors log
The corresponding behavioral data of middle extraction normal target, the doubtful improper corresponding behavioral data of target and the corresponding row of improper target
For data, comprising:
According to default statistical indicator, the behavioral data of identification target same in the user's history user behaviors log is counted,
Obtain the corresponding value of statistical indicant of each identification target;
The identification target for determining that the value of statistical indicant is less than or equal to first threshold is normal target, determines the statistical indicator
It is doubtful improper target that value, which is greater than the first threshold and is less than or equal to the identification target of second threshold, determines the statistics
The identification target that index value is greater than the second threshold is improper target, and the first threshold is less than the second threshold;
It is corresponding to extract the normal target, doubtful improper target and improper target respectively from the User action log
Behavioral data.
4. according to the method described in claim 3, it is characterized in that, the default statistical indicator includes the operation in preset time
The number or the total amount obtained in preset time when activity reward is cash that acquisition activity is rewarded in number, preset time.
5. the method according to claim 1, wherein the historical behavior data are inputted the target described
Identification model, after obtaining target identification result, further includes:
If the target identification result is normal target, user's request is responded;
If the target identification result is improper target, refuse user's request.
6. the method according to claim 1, wherein the historical behavior data are inputted the target described
Identification model, after obtaining target identification result, further includes:
If the target identification result is doubtful improper target, the client is verified, and obtain verification result;
According to the verification result, responds user's request or refuse user's request.
7. the method according to claim 1, wherein obtaining historical behavior number corresponding with the target identification
According to before, further includes:
Judge whether the target identification exists in the corresponding blacklist of the identification target;
If the target identification exists in the blacklist, refuse user's request;If the target identification is described
It is not present in blacklist, then triggers the acquisition operation of the historical behavior data.
8. the identification device of a kind of user and IP characterized by comprising
Request receiving module, for receiving user's request of client transmission, user's request is the client by splitting
What change activity was sent;
Target identification extraction module, for being asked from the user according to the preconfigured identification target of the fission activity is directed to
It asks middle and extracts the corresponding target identification of the identification target, the identification target is user or IP address;
Historical data obtains module, for obtaining historical behavior data corresponding with the target identification, and the determining and knowledge
The corresponding Model of Target Recognition of other target;Wherein, the Model of Target Recognition is neural network model, by normal target, doubtful
The training of the behavioral data of improper target and improper target obtains;
Target identification module, for the historical behavior data to be inputted the Model of Target Recognition, obtain target identification as a result,
The target identification result includes normal target, doubtful improper target or improper target.
9. device according to claim 8, which is characterized in that described device further include:
User behaviors log obtains module, for obtaining user's history user behaviors log;
Behavioral data extraction module, for extracting normal target pair from the user's history user behaviors log according to identification target
Behavioral data, the doubtful improper corresponding behavioral data of target and the corresponding behavioral data of improper target answered;
Training data determining module, for by the corresponding behavioral data of the normal target, the corresponding row of doubtful improper target
For data and the corresponding behavioral data of improper target, as training data;
Neural metwork training module is trained neural network model, obtains the target for being based on the training data
Identification model.
10. device according to claim 9, which is characterized in that the behavioral data extraction module includes:
Statistic unit, for the behavior according to default statistical indicator, to identification target same in the user's history user behaviors log
Data are counted, and the corresponding value of statistical indicant of each identification target is obtained;
Target determination unit, the identification target for determining that the value of statistical indicant is less than or equal to first threshold is normal mesh
Mark, determine the value of statistical indicant be greater than the first threshold and be less than or equal to second threshold identification target be it is doubtful it is non-just
Normal target, the identification target for determining that the value of statistical indicant is greater than the second threshold is improper target, the first threshold
Less than the second threshold;
Data extracting unit, for extracting the normal target, doubtful improper target respectively from the User action log
Behavioral data corresponding with improper target.
11. device according to claim 10, which is characterized in that the default statistical indicator includes the behaviour in preset time
Make number, the number of acquisition activity reward or the total gold obtained in preset time when activity reward is cash in preset time
Volume.
12. device according to claim 8, which is characterized in that described device further include:
Ask respond module responds user's request if being normal target for the target identification result;
Request refusal module refuses user's request if being improper target for the target identification result.
13. device according to claim 8, which is characterized in that described device further include:
Authentication module verifies the client if being doubtful improper target for the target identification result, and
Obtain verification result;
Verification processing module, for responding user's request or refusing user's request according to the verification result.
14. device according to claim 8, which is characterized in that described device further include:
Judgment module, for judging whether the target identification exists in the corresponding blacklist of the identification target;
Processing module refuses user's request if existing in the blacklist for the target identification;If the mesh
Mark mark is not present in the blacklist, then triggers the acquisition operation of the historical behavior data.
15. a kind of server characterized by comprising processor, memory and be stored on the memory and can be described
The computer program run on processor realizes that claim 1-7 such as appoints when the computer program is executed by the processor
The recognition methods of user and IP described in one.
16. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes the identification such as the described in any item users of claim 1-7 and IP when the computer program is executed by processor
Method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910605248.3A CN110427971A (en) | 2019-07-05 | 2019-07-05 | Recognition methods, device, server and the storage medium of user and IP |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910605248.3A CN110427971A (en) | 2019-07-05 | 2019-07-05 | Recognition methods, device, server and the storage medium of user and IP |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110427971A true CN110427971A (en) | 2019-11-08 |
Family
ID=68410284
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910605248.3A Pending CN110427971A (en) | 2019-07-05 | 2019-07-05 | Recognition methods, device, server and the storage medium of user and IP |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110427971A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111224865A (en) * | 2020-04-23 | 2020-06-02 | 深圳市爱聊科技有限公司 | User identification method based on payment session, electronic device and storage medium |
| CN112132649A (en) * | 2020-08-28 | 2020-12-25 | 绿瘦健康产业集团有限公司 | Order verification processing method, device, medium and terminal equipment |
Citations (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102510400A (en) * | 2011-10-31 | 2012-06-20 | 百度在线网络技术(北京)有限公司 | Method, apparatus and equipment used for determining user suspectableness degree |
| CN103297435A (en) * | 2013-06-06 | 2013-09-11 | 中国科学院信息工程研究所 | Abnormal access behavior detection method and system on basis of WEB logs |
| CN103853948A (en) * | 2012-11-28 | 2014-06-11 | 阿里巴巴集团控股有限公司 | User identity recognizing and information filtering and searching method and server |
| CN104301286A (en) * | 2013-07-15 | 2015-01-21 | 中国移动通信集团黑龙江有限公司 | User login authentication method and device |
| CN106230849A (en) * | 2016-08-22 | 2016-12-14 | 中国科学院信息工程研究所 | A kind of smart machine machine learning safety monitoring system based on user behavior |
| CN106453357A (en) * | 2016-11-01 | 2017-02-22 | 北京红马传媒文化发展有限公司 | Network ticket buying abnormal behavior recognition method and system and equipment |
| CN106470204A (en) * | 2015-08-21 | 2017-03-01 | 阿里巴巴集团控股有限公司 | User identification method based on request behavior characteristicss, device, equipment and system |
| CN106656932A (en) * | 2015-11-02 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Business processing method and device |
| US20170148322A1 (en) * | 2009-08-24 | 2017-05-25 | Here Global B.V. | Providing Driving Condition Alerts Using Road Attribute Data |
| CN106789885A (en) * | 2016-11-17 | 2017-05-31 | 国家电网公司 | User's unusual checking analysis method under a kind of big data environment |
| CN106998317A (en) * | 2016-01-22 | 2017-08-01 | 高德信息技术有限公司 | Abnormal access asks recognition methods and device |
| CN107222472A (en) * | 2017-05-26 | 2017-09-29 | 电子科技大学 | A kind of user behavior method for detecting abnormality under Hadoop clusters |
| CN107276982A (en) * | 2017-05-08 | 2017-10-20 | 微梦创科网络科技(中国)有限公司 | A kind of abnormal login detecting method and device |
| CN107483500A (en) * | 2017-09-25 | 2017-12-15 | 咪咕文化科技有限公司 | A kind of Risk Identification Method based on user behavior, device and storage medium |
| CN107526666A (en) * | 2017-07-17 | 2017-12-29 | 阿里巴巴集团控股有限公司 | Alarm method, system, device and electronic equipment based on deep learning |
| CN107645482A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | A kind of risk control method and device for business operation |
| CN107886243A (en) * | 2017-11-10 | 2018-04-06 | 阿里巴巴集团控股有限公司 | Risk identification model construction and Risk Identification Method, device and equipment |
| CN107948166A (en) * | 2017-11-29 | 2018-04-20 | 广东亿迅科技有限公司 | Traffic anomaly detection method and device based on deep learning |
| CN108092975A (en) * | 2017-12-07 | 2018-05-29 | 上海携程商务有限公司 | Recognition methods, system, storage medium and the electronic equipment of abnormal login |
| CN108259482A (en) * | 2018-01-04 | 2018-07-06 | 平安科技(深圳)有限公司 | Network Abnormal data detection method, device, computer equipment and storage medium |
| CN108632097A (en) * | 2018-05-14 | 2018-10-09 | 平安科技(深圳)有限公司 | Recognition methods, terminal device and the medium of abnormal behaviour object |
| CN108711085A (en) * | 2018-05-09 | 2018-10-26 | 平安普惠企业管理有限公司 | A kind of response method and its equipment of transaction request |
| CN108769026A (en) * | 2018-05-31 | 2018-11-06 | 康键信息技术(深圳)有限公司 | User account detecting system and method |
| CN108881194A (en) * | 2018-06-07 | 2018-11-23 | 郑州信大先进技术研究院 | Enterprises user anomaly detection method and device |
| CN109194689A (en) * | 2018-10-22 | 2019-01-11 | 武汉极意网络科技有限公司 | Abnormal behaviour recognition methods, device, server and storage medium |
| CN109241994A (en) * | 2018-07-31 | 2019-01-18 | 顺丰科技有限公司 | A kind of user's anomaly detection method, device, equipment and storage medium |
| CN109299135A (en) * | 2018-11-26 | 2019-02-01 | 平安科技(深圳)有限公司 | Abnormal inquiry recognition methods, identification equipment and medium based on identification model |
| CN109409896A (en) * | 2018-10-17 | 2019-03-01 | 北京芯盾时代科技有限公司 | Identification model training method, bank's fraud recognition methods and device are cheated by bank |
| CN109509021A (en) * | 2018-10-22 | 2019-03-22 | 武汉极意网络科技有限公司 | Abnormality recognition method, device, server and the storage medium of Behavior-based control track |
| CN109544190A (en) * | 2018-11-28 | 2019-03-29 | 北京芯盾时代科技有限公司 | A kind of fraud identification model training method, fraud recognition methods and device |
| CN109547410A (en) * | 2018-10-22 | 2019-03-29 | 武汉极意网络科技有限公司 | Request recognition methods, device, server and storage medium based on GCN |
| CN109660502A (en) * | 2018-09-28 | 2019-04-19 | 平安科技(深圳)有限公司 | Detection method, device, equipment and the storage medium of abnormal behaviour |
| CN109670931A (en) * | 2018-09-25 | 2019-04-23 | 平安科技(深圳)有限公司 | Behavioral value method, apparatus, equipment and the storage medium of loan user |
| CN109685536A (en) * | 2017-10-18 | 2019-04-26 | 北京京东尚科信息技术有限公司 | Method and apparatus for output information |
| CN109918279A (en) * | 2019-01-24 | 2019-06-21 | 平安科技(深圳)有限公司 | Electronic device, method and storage medium based on daily record data identification user's abnormal operation |
-
2019
- 2019-07-05 CN CN201910605248.3A patent/CN110427971A/en active Pending
Patent Citations (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170148322A1 (en) * | 2009-08-24 | 2017-05-25 | Here Global B.V. | Providing Driving Condition Alerts Using Road Attribute Data |
| CN102510400A (en) * | 2011-10-31 | 2012-06-20 | 百度在线网络技术(北京)有限公司 | Method, apparatus and equipment used for determining user suspectableness degree |
| CN103853948A (en) * | 2012-11-28 | 2014-06-11 | 阿里巴巴集团控股有限公司 | User identity recognizing and information filtering and searching method and server |
| CN103297435A (en) * | 2013-06-06 | 2013-09-11 | 中国科学院信息工程研究所 | Abnormal access behavior detection method and system on basis of WEB logs |
| CN104301286A (en) * | 2013-07-15 | 2015-01-21 | 中国移动通信集团黑龙江有限公司 | User login authentication method and device |
| CN106470204A (en) * | 2015-08-21 | 2017-03-01 | 阿里巴巴集团控股有限公司 | User identification method based on request behavior characteristicss, device, equipment and system |
| CN106656932A (en) * | 2015-11-02 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Business processing method and device |
| CN106998317A (en) * | 2016-01-22 | 2017-08-01 | 高德信息技术有限公司 | Abnormal access asks recognition methods and device |
| CN107645482A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | A kind of risk control method and device for business operation |
| CN106230849A (en) * | 2016-08-22 | 2016-12-14 | 中国科学院信息工程研究所 | A kind of smart machine machine learning safety monitoring system based on user behavior |
| CN106453357A (en) * | 2016-11-01 | 2017-02-22 | 北京红马传媒文化发展有限公司 | Network ticket buying abnormal behavior recognition method and system and equipment |
| CN106789885A (en) * | 2016-11-17 | 2017-05-31 | 国家电网公司 | User's unusual checking analysis method under a kind of big data environment |
| CN107276982A (en) * | 2017-05-08 | 2017-10-20 | 微梦创科网络科技(中国)有限公司 | A kind of abnormal login detecting method and device |
| CN107222472A (en) * | 2017-05-26 | 2017-09-29 | 电子科技大学 | A kind of user behavior method for detecting abnormality under Hadoop clusters |
| CN107526666A (en) * | 2017-07-17 | 2017-12-29 | 阿里巴巴集团控股有限公司 | Alarm method, system, device and electronic equipment based on deep learning |
| CN107483500A (en) * | 2017-09-25 | 2017-12-15 | 咪咕文化科技有限公司 | A kind of Risk Identification Method based on user behavior, device and storage medium |
| CN109685536A (en) * | 2017-10-18 | 2019-04-26 | 北京京东尚科信息技术有限公司 | Method and apparatus for output information |
| CN107886243A (en) * | 2017-11-10 | 2018-04-06 | 阿里巴巴集团控股有限公司 | Risk identification model construction and Risk Identification Method, device and equipment |
| CN107948166A (en) * | 2017-11-29 | 2018-04-20 | 广东亿迅科技有限公司 | Traffic anomaly detection method and device based on deep learning |
| CN108092975A (en) * | 2017-12-07 | 2018-05-29 | 上海携程商务有限公司 | Recognition methods, system, storage medium and the electronic equipment of abnormal login |
| CN108259482A (en) * | 2018-01-04 | 2018-07-06 | 平安科技(深圳)有限公司 | Network Abnormal data detection method, device, computer equipment and storage medium |
| CN108711085A (en) * | 2018-05-09 | 2018-10-26 | 平安普惠企业管理有限公司 | A kind of response method and its equipment of transaction request |
| CN108632097A (en) * | 2018-05-14 | 2018-10-09 | 平安科技(深圳)有限公司 | Recognition methods, terminal device and the medium of abnormal behaviour object |
| CN108769026A (en) * | 2018-05-31 | 2018-11-06 | 康键信息技术(深圳)有限公司 | User account detecting system and method |
| CN108881194A (en) * | 2018-06-07 | 2018-11-23 | 郑州信大先进技术研究院 | Enterprises user anomaly detection method and device |
| CN109241994A (en) * | 2018-07-31 | 2019-01-18 | 顺丰科技有限公司 | A kind of user's anomaly detection method, device, equipment and storage medium |
| CN109670931A (en) * | 2018-09-25 | 2019-04-23 | 平安科技(深圳)有限公司 | Behavioral value method, apparatus, equipment and the storage medium of loan user |
| CN109660502A (en) * | 2018-09-28 | 2019-04-19 | 平安科技(深圳)有限公司 | Detection method, device, equipment and the storage medium of abnormal behaviour |
| CN109409896A (en) * | 2018-10-17 | 2019-03-01 | 北京芯盾时代科技有限公司 | Identification model training method, bank's fraud recognition methods and device are cheated by bank |
| CN109547410A (en) * | 2018-10-22 | 2019-03-29 | 武汉极意网络科技有限公司 | Request recognition methods, device, server and storage medium based on GCN |
| CN109509021A (en) * | 2018-10-22 | 2019-03-22 | 武汉极意网络科技有限公司 | Abnormality recognition method, device, server and the storage medium of Behavior-based control track |
| CN109194689A (en) * | 2018-10-22 | 2019-01-11 | 武汉极意网络科技有限公司 | Abnormal behaviour recognition methods, device, server and storage medium |
| CN109299135A (en) * | 2018-11-26 | 2019-02-01 | 平安科技(深圳)有限公司 | Abnormal inquiry recognition methods, identification equipment and medium based on identification model |
| CN109544190A (en) * | 2018-11-28 | 2019-03-29 | 北京芯盾时代科技有限公司 | A kind of fraud identification model training method, fraud recognition methods and device |
| CN109918279A (en) * | 2019-01-24 | 2019-06-21 | 平安科技(深圳)有限公司 | Electronic device, method and storage medium based on daily record data identification user's abnormal operation |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111224865A (en) * | 2020-04-23 | 2020-06-02 | 深圳市爱聊科技有限公司 | User identification method based on payment session, electronic device and storage medium |
| CN112132649A (en) * | 2020-08-28 | 2020-12-25 | 绿瘦健康产业集团有限公司 | Order verification processing method, device, medium and terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105930727B (en) | Reptile recognition methods based on Web | |
| CN109241711A (en) | User behavior recognition method and device based on prediction model | |
| CN110399925A (en) | Risk Identification Method, device and the storage medium of account | |
| CN108683666A (en) | A kind of web page identification method and device | |
| CN110177108A (en) | A kind of anomaly detection method, device and verifying system | |
| CN103530365B (en) | Obtain the method and system of the download link of resource | |
| CN108665297A (en) | Detection method, device, electronic equipment and the storage medium of abnormal access behavior | |
| CN107465766A (en) | Information-pushing method, electronic equipment and computer-readable storage medium | |
| CN108171519A (en) | The processing of business datum, account recognition methods and device, terminal | |
| CN102831218B (en) | Method and device for determining data in thermodynamic chart | |
| CN109359972B (en) | Core product pushing and core method and system | |
| CN113706149A (en) | Big data wind control processing method and system for dealing with online payment data threat | |
| CN107256428A (en) | Data processing method, data processing equipment, storage device and the network equipment | |
| CN108334758A (en) | A kind of detection method, device and the equipment of user's ultra vires act | |
| CN111681091A (en) | Financial risk prediction method and device based on time domain information and storage medium | |
| CN110912874B (en) | Method and system for effectively identifying machine access behaviors | |
| CN109729044A (en) | A kind of general internet data acquisition is counter to climb system and method | |
| CN110020512A (en) | A kind of method, apparatus, equipment and the storage medium of anti-crawler | |
| CN110008976A (en) | A kind of network behavior classification method and device | |
| CN110427971A (en) | Recognition methods, device, server and the storage medium of user and IP | |
| CN108550057A (en) | It attends a banquet request processing method, electronic device, the computer readable storage medium of answering questions | |
| CN110457601B (en) | Social account identification method and device, storage medium and electronic device | |
| CN110263155A (en) | The training method and system of data classification method, data classification model | |
| CN104731937B (en) | The processing method and processing device of user behavior data | |
| CN111404937A (en) | Method and device for detecting server vulnerability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191108 |
|
| RJ01 | Rejection of invention patent application after publication |