CN110489964A - Account detection method, device, server and storage medium - Google Patents
Account detection method, device, server and storage medium Download PDFInfo
- Publication number
- CN110489964A CN110489964A CN201910775566.4A CN201910775566A CN110489964A CN 110489964 A CN110489964 A CN 110489964A CN 201910775566 A CN201910775566 A CN 201910775566A CN 110489964 A CN110489964 A CN 110489964A
- Authority
- CN
- China
- Prior art keywords
- account
- log
- works
- message
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Telephonic Communication Services (AREA)
Abstract
The disclosure belongs to Internet technical field about a kind of account detection method, device, server and storage medium.By this log-on message and historical log statistical information for obtaining account to be detected, whether normal analyze login place, logging device of the account to be detected etc., this logging device is monitored, obtain the works exposure information of account to be detected at the terminal, analyze whether the mutual-action behavior after the account to be detected logs in is normal users operation, account number safety is detected from multiple dimensions, value-at-risk is greater than the account of target risk threshold value as abnormal account by the value-at-risk for determining the account.In this account detection mode, the value-at-risk of account is determined according to data such as this log-on message, historical log statistical information and works exposure informations, the safety of account can be analyzed from dimensions such as mutual-action behavior, logging devices comprehensively, improve the accuracy of account detection.
Description
Technical field
This disclosure relates to Internet technical field more particularly to account detection method, device, server and storage medium.
Background technique
With the continuous development of Internet technology, application service provider is in order to provide more personalized service, it will usually be
User provides account registration service, user can register account number on the application server, and network data is accessed by account
Deng.However, the malfeasance for account is also more and more with the extensive use of account technology, and account is used once being stolen
Family is most likely subject to the loss of interests in varying degrees, and steal-number person is also possible to will use stolen account and carries out the malice row such as swindling
To cause tremendous influence to internet security.Therefore, for application service provider, how account detection is carried out, with detection
It is the previous important research direction of mesh that account is stolen out to guarantee internet security.
Summary of the invention
The disclosure provides a kind of account detection method, device, server and storage medium, at least to solve in the related technology
Abnormal account is difficult to the problem of being timely detected out.The technical solution of the disclosure is as follows:
According to the first aspect of the embodiments of the present disclosure, a kind of account detection method is provided, comprising:
Obtain the works exposure information on the registration terminal of account to be detected and the log-on message of the account, the works
Exposure information is for being recorded in any works being exposed on the registration terminal;
Based on the log-on message, obtain the historical log statistical information of the log-on message, the historical log statistical information by
The historical log information of the account and the history account log-on message on the registration terminal count to obtain;
According to the works exposure information, the log-on message and the historical log statistical information, the value-at-risk of the account is determined;
When the value-at-risk of the account reaches target risk threshold value, which is determined as abnormal account.
In a kind of possible implementation, this is counted according to the works exposure information, the log-on message and the historical log
Information determines that the value-at-risk of the account includes:
The works exposure information, the log-on message and the historical log statistical information are respectively converted into feature vector, obtained
To multiple feature vectors;
Multiple feature vector is inputted into account detection model, passes through the weight of each classifier in the account detection model
Parameter calculates multiple feature vector, exports the value-at-risk of the account;
The account detection model is the model obtained based on the training of positive and negative sample data set, which includes
The sample data of the sample data of multiple normal accounts and multiple abnormal accounts.
In a kind of possible implementation, this method further include:
In target duration, the mutual-action behavior executed in the registration terminal is counted, obtains multiple mutual-action behavior meters
Number, a mutual-action behavior count the execution number for being used to indicate one of registration terminal mutual-action behavior;
It is counted based on multiple mutual-action behavior, multiple mutual-action behavior is counted and is converted to a vector, one in vector
Element corresponds to a mutual-action behavior and counts;
Multiple feature vector is inputted account detection model by this, passes through the power of each classifier in the account detection model
Weight parameter, calculates multiple feature vector, the value-at-risk for exporting the account includes:
One multiple feature vector of vector sum is inputted into the account detection model, by each in the account detection model
The weight parameter of a classifier calculates the multiple feature vector of vector sum, exports the value-at-risk of the account.
In a kind of possible implementation, which includes: the popular works exposure based on the registration terminal
Information, at least one of city works exposure information;
The hot topic works are used to indicate the works that exposure frequency is greater than threshold exposure, this is used to indicate works hair with city works
The works of cloth place and the login place of the account to be detected in same territorial scope.
In a kind of possible implementation, which includes: the version for the application program installed in the registration terminal
At least one of parameter, the downloading channel information of the application program, IP address.
In a kind of possible implementation, the historical log statistical information of the log-on message includes: based on the registration terminal
Multiple and different statistics granularities duration in initiate the account total amount logged in, the account total amount logined successfully, the account that logins successfully
Number enliven at least one of number of days and the login total degree of the account to be detected.
In a kind of possible implementation, this method further include:
Delete the account number of the exception account;
Detect whether the exception account binds cell-phone number;
If detecting, the exception account has bound cell-phone number, based on the cell-phone number bound, sends password and modifies page
The page link in face, the password modification page is for providing password modification function;
If detecting the unbound cell-phone number of exception account, the page of the cell-phone number binding page is sent to the registration terminal
Link, the cell-phone number binding page is for providing cell-phone number binding function.
According to the second aspect of an embodiment of the present disclosure, a kind of account detection device is provided, comprising:
First acquisition unit, the works exposure information for being configured as obtaining on the registration terminal of account to be detected and should
The log-on message of account, the works exposure information is for being recorded in any works being exposed on the registration terminal;
Second acquisition unit is configured as obtaining the historical log statistical information of the log-on message based on the log-on message,
The historical log statistical information is united by the history account log-on message on the historical log information of the account and the registration terminal
Meter obtains;
First determination unit is configured as being counted according to the works exposure information, the log-on message and the historical log and believe
Breath, determines the value-at-risk of the account;
Second determination unit is configured as when the value-at-risk of the account reaches target risk threshold value, which is determined
For abnormal account.
In a kind of possible implementation, which is configured as:
The works exposure information, the log-on message and the historical log statistical information are respectively converted into feature vector, obtained
To multiple feature vectors;
Multiple feature vector is inputted into account detection model, passes through the weight of each classifier in the account detection model
Parameter calculates multiple feature vector, exports the value-at-risk of the account;
The account detection model is the model obtained based on the training of positive and negative sample data set, which includes
The sample data of the sample data of multiple normal accounts and multiple abnormal accounts.
In a kind of possible implementation, which further includes third acquiring unit and converting unit;
The third acquiring unit, is configured as in target duration, carries out to the mutual-action behavior executed in the registration terminal
Statistics obtains multiple mutual-action behaviors and counts, and a mutual-action behavior counting is used to indicate one of registration terminal mutual-action behavior
Execution number;
The converting unit is configured as counting based on multiple mutual-action behavior, and the counting of multiple mutual-action behavior is converted to
One vector, an element corresponds to a mutual-action behavior and counts in vector;
First determination unit is configured as inputting the multiple feature vector of vector sum into account detection mould
Type carries out the multiple feature vector of a vector sum by the weight parameter of each classifier in the account detection model
It calculates, exports the value-at-risk of the account.
In a kind of possible implementation, which includes: the popular works exposure based on the registration terminal
Information, at least one of city works exposure information;
The hot topic works are used to indicate the works that exposure frequency is greater than threshold exposure, this is used to indicate works hair with city works
The works of cloth place and the login place of the account to be detected in same territorial scope.
In a kind of possible implementation, which includes: the version for the application program installed in the registration terminal
At least one of parameter, the downloading channel information of the application program, IP address.
In a kind of possible implementation, the historical log statistical information of the log-on message includes: based on the registration terminal
Multiple and different statistics granularities duration in initiate the account total amount logged in, the account total amount logined successfully, the account that logins successfully
Number enliven at least one of number of days and the login total degree of the account to be detected.
In a kind of possible implementation, the device further include:
Unit is deleted, is configured as deleting the account number of the exception account;
Detection unit is configured as detecting whether the exception account binds cell-phone number;
First jump-transfer unit has been bound if being configured as detecting that the exception account has bound cell-phone number based on this
Cell-phone number sends the page link of the password modification page, and the password modification page is for providing password modification function;
Second jump-transfer unit is sent out if being configured as detecting the unbound cell-phone number of exception account to the registration terminal
The page link of the cell-phone number binding page is sent, the cell-phone number binding page is for providing cell-phone number binding function.
According to the third aspect of an embodiment of the present disclosure, a kind of server is provided, comprising:
Processor;
For storing the memory of the processor-executable instruction;
Wherein, which is configured as executing the instruction, to realize such as any of the above-described account detection method.
According to a fourth aspect of embodiments of the present disclosure, a kind of storage medium is provided, when the instruction in the storage medium is by taking
When the processor of business device executes, enable the server to execute such as any of the above-described account detection method.
According to a fifth aspect of the embodiments of the present disclosure, a kind of computer program product, including executable instruction are provided, when this
When instruction in computer program product is executed by the processor of server, enable the server to execute such as any of the above-described
Account detection method.
The technical solution that the embodiment of the present disclosure provides is stepped on by this log-on message and history for obtaining account to be detected
Statistical information is recorded, whether normally login place, logging device of the account to be detected etc. is analyzed, this logging device is supervised
Control, obtains the works exposure information of account to be detected at the terminal, whether analyzes the business conduct after the account to be detected logs in
For normal users operation, account number safety is detected from multiple dimensions, determines the value-at-risk of the account, value-at-risk is greater than mesh
The account of risk threshold value is marked as abnormal account.In this account detection mode, united according to this log-on message, historical log
The meter data such as information and works exposure information determine the value-at-risk of account, can be from dimensions pair such as business conduct, logging devices
The safety of account is analyzed comprehensively, improves the accuracy of account detection.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The disclosure can be limited.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure
Example, and together with specification for explaining the principles of this disclosure, do not constitute the improper restriction to the disclosure.
Fig. 1 is a kind of flow chart of account detection method shown according to an exemplary embodiment;
Fig. 2 is a kind of implementation environment schematic diagram of account detection shown according to an exemplary embodiment;
Fig. 3 is a kind of specific implementation flow chart of account detection shown according to an exemplary embodiment;
Fig. 4 is a kind of flow chart that account detection model automatically updates shown according to an exemplary embodiment;
Fig. 5 is a kind of flow chart of the stolen detection of account shown according to an exemplary embodiment;
Fig. 6 is a kind of account detection device block diagram shown according to an exemplary embodiment;
Fig. 7 is a kind of block diagram of server shown according to an exemplary embodiment.
Specific embodiment
In order to make ordinary people in the field more fully understand the technical solution of the disclosure, below in conjunction with attached drawing, to this public affairs
The technical solution opened in embodiment is clearly and completely described.
It should be noted that the specification and claims of the disclosure and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to embodiment of the disclosure described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.Embodiment described in following exemplary embodiment does not represent and disclosure phase
Consistent all embodiments.On the contrary, they are only and as detailed in the attached claim, the disclosure some aspects
The example of consistent device and method.
Fig. 1 is a kind of flow chart of account detection method shown according to an exemplary embodiment, as shown in Figure 1, the account
Number detection method is for including the following steps in server.
In a step 101, stepping on for the works exposure information and the account on the registration terminal of account to be detected is obtained
Information is recorded, the works exposure information is for being recorded in any works being exposed on the registration terminal.
In a step 102, the historical log statistical information of the log-on message is obtained, the historical log statistical information is by the account
Number historical log information and the registration terminal on history account log-on message count to obtain.
In step 103, according to the works exposure information, the log-on message and the historical log statistical information, determining should
The value-at-risk of account.
At step 104, when the value-at-risk of the account reaches target risk threshold value, which is determined as abnormal account
Number.
The embodiment that the disclosure provides, by this log-on message and historical log statistics letter for obtaining account to be detected
Whether normally breath analyzes login place, logging device of the account to be detected etc., is monitored, obtains to this logging device
The works exposure information of account to be detected at the terminal, it is common whether the mutual-action behavior after analyzing account login to be detected is positive
Family operation, detects account number safety from multiple dimensions, determines the value-at-risk of the account, and value-at-risk is greater than target risk threshold
The account of value is as abnormal account.In this account detection mode, according to this log-on message, historical log statistical information with
And the data such as works exposure information determine the value-at-risk of account, it can be from dimensions such as mutual-action behavior, logging devices to the peace of account
Full property is analyzed comprehensively, improves the accuracy of account detection.
In a kind of possible implementation, this is counted according to the works exposure information, the log-on message and the historical log
Information determines that the value-at-risk of the account includes:
The works exposure information, the log-on message and the historical log statistical information are respectively converted into feature vector, obtained
To multiple feature vectors;
Multiple feature vector is inputted into account detection model, passes through the weight of each classifier in the account detection model
Parameter calculates multiple feature vector, exports the value-at-risk of the account;
The account detection model is the model obtained based on the training of positive and negative sample data set, which includes
The sample data of the sample data of multiple normal accounts and multiple abnormal accounts.
In a kind of possible implementation, this method further include:
In target duration, the mutual-action behavior executed in the registration terminal is counted, obtains multiple mutual-action behavior meters
Number, a mutual-action behavior count the execution number for being used to indicate one of registration terminal mutual-action behavior;
It is counted based on multiple mutual-action behavior, multiple mutual-action behavior is counted and is converted to a vector, one in vector
Element corresponds to a mutual-action behavior and counts;
Multiple feature vector is inputted account detection model by this, passes through the power of each classifier in the account detection model
Weight parameter, calculates multiple feature vector, the value-at-risk for exporting the account includes:
One multiple feature vector of vector sum is inputted into the account detection model, by each in the account detection model
The weight parameter of a classifier calculates the multiple feature vector of vector sum, exports the value-at-risk of the account.
In a kind of possible implementation, which includes: the popular works exposure based on the registration terminal
Information, at least one of city works exposure information;
The hot topic works are used to indicate the works that exposure frequency is greater than threshold exposure, this is used to indicate works hair with city works
The works of cloth place and the login place of the account to be detected in same territorial scope.
In a kind of possible implementation, which includes: the version for the application program installed in the registration terminal
At least one of parameter, the downloading channel information of the application program, IP address.
In a kind of possible implementation, the historical log statistical information of the log-on message includes: based on the registration terminal
Multiple and different statistics granularities duration in initiate the account total amount logged in, the account total amount logined successfully, the account that logins successfully
Number enliven at least one of number of days and the login total degree of the account to be detected.
In a kind of possible implementation, this method further include:
Delete the account number of the exception account;
Detect whether the exception account binds cell-phone number;
If detecting, the exception account has bound cell-phone number, based on the cell-phone number bound, sends password and modifies page
The page link in face, the password modification page is for providing password modification function;
If detecting the unbound cell-phone number of exception account, the page of the cell-phone number binding page is sent to the registration terminal
Link, the cell-phone number binding page is for providing cell-phone number binding function.
Above-described embodiment is only a briefly introduction and the letter of various possible implementations of embodiment of the present disclosure
It introduces.
Referring to fig. 2, which is a kind of implementation environment schematic diagram of account detection shown according to an exemplary embodiment,
It referring to fig. 2, include at least one terminal 201 and at least one server 202 in the implementation environment, which can be with
It is the terminal that user uses, user can carry out account register, at least one terminal 201 at least one terminal
Can be for laptop, smart phone etc., the embodiment of the present disclosure does not limit this, which can be with
The account logon data at least one terminal 201 is obtained, and these logon datas are handled, to realize to account
Safety detection, at least one server 202 can be cloud computing platform, PC etc., and the embodiment of the present disclosure does not do this
It limits.It can be led to by wired or wireless network between at least one terminal 201 and at least one server 202
Letter, so that server 202 obtains the logon data in terminal 201.
It is a kind of specific implementation flow chart of account detection shown according to an exemplary embodiment referring to Fig. 3, the Fig. 3,
The process specifically comprises the following steps:
In step 301, the logging state of server detection account, account obtain account to be detected and exist after logining successfully
The log-on message of works exposure information in terminal and the account.
Wherein, the works exposure information is for being recorded in any works being exposed on registration terminal, works exposure letter
Breath includes: popular works exposure information based on the terminal, at least one of city works exposure information, and popular works can be
Exposure is more than the works of threshold exposure, and it can be works with city works which can be configured by developer
Publication place and account to be detected works of the login place in same territorial scope.The log-on message may include: this
At least one of the Release parameter for the application program installed in registration terminal, the downloading channel information of the application program, IP address,
Certainly, it information, the embodiment of the present disclosure can also be not specifically limited in this embodiment including device model etc. in the log-on message.
In a kind of possible implementation, the number such as account, password that the available user of the server is inputted in terminal
According to, and account, password are detected, judge that can account log in, after account logins successfully, the server is available should
The log-on message of account.The server can also be monitored the terminal of the account, when user browses information by the terminal
When, that is, there are works in terminal exposure, the available works exposure information in the terminal of the server.The log-on message
Can serve to indicate that the account to be detected with works exposure information, this logs in used equipment, login place and crucial industry
Business behavior etc., the server can be analyzed based on safe condition of these information to account to be detected, for example, when detecting
Works exposure frequency in the terminal is more than targets threshold, or with city works exposure information and this log in place and be not inconsistent when, then
Account may be stolen.Wherein, which can be configured by developer, and the embodiment of the present disclosure does not do specific limit to this
It is fixed.
In step 302, which is based on the log-on message, obtains the historical log statistical information of the log-on message.
Wherein, the historical log statistical information is by the history account on the historical log information of the account and the registration terminal
Number log-on message counts to obtain, and the historical log statistical information of the log-on message may include: based on the multiple and different of the terminal
Count the active day of the account total amount, the account total amount logined successfully, the account logined successfully initiating to log in the duration of granularity
At least one of number or login total degree.
In a kind of possible implementation, after which gets the log-on message, extracting from the log-on message should
The IP address of terminal, and the IP address is monitored, in the duration for obtaining different statistics granularities, stepped on by the IP address
The account information of record, wherein the duration of difference statistics granularity can be configured by developer, such as the server can be with
Obtain the account number logined successfully in one minute, ten minutes, one hour and one day under the IP address, one minute, very
Login account total number in clock, one hour and one day under the IP address, the login is set in 1 day, 7 days, 14 days and 30 days
Standby enlivens number of days, the login times etc. of the account to be detected in 1 day, 7 days, 14 days, 30 days.These data may be incorporated for referring to
Show the safety of the account, for example, in general, the account number logged under an IP address in the short time will not be too
It is more, if the account number logined successfully under any IP address is excessive, it is likely that be caused by batch steal-number behavior, which can
Detected to the safety of the account based on the analysis to these historical log statistical informations.
In step 303, which divides the works exposure information, the log-on message and the historical log statistical information
Feature vector is not converted to, obtains multiple feature vectors.
For the value-at-risk for calculating the account convenient for account detection model in subsequent step, which need to be will acquire non-
Digit strings are converted to the digit strings that account detection model can identify, in a kind of possible implementation, the service
Each data can be mapped as the N-dimensional feature vector only comprising 0 and 1 number using onehot (solely heat) coding method by device,
In, N is positive integer, and the specific value of N can be arranged by developer.Specifically, with the device model parameter in log-on message
For, above-mentioned onehot coding method is illustrated, firstly, device model list is imported into the computer, the device model
It may include the mobile phone model being currently known, tablet computer model etc. in list, it is, of course, also possible in the device model list
Adding a column is unknown model, to ensure that the device model list can cover the model of whole logging devices, then, the service
The device model list can be converted into sequential N-dimensional sequence by device, at this point, the numerical value of N is equal in the device model list
The device model number for being included, each of the N-dimensional sequence can correspond to a kind of equipment, finally, the server finds this
The numerical value of the position is set to 1 by logging device corresponding position in the N-dimensional sequence, and the numerical value of remaining position of sequence is set to
0, using the sequence after assignment as feature vector, step is calculated for subsequent value-at-risk.For example, institute in the device model list
The device model number for including is 8, and it is A model mobile phone that this, which logs in used equipment, which corresponds to the N-dimensional
The 2nd of sequence, then the server by the 2nd position of the N-dimensional sequence be 1, remainder values are set to 0, obtain feature vector (0,1,
0,0,0,0,0,0).
It should be noted that the above-mentioned explanation for being converted to digit strings to nonnumeric character string is only a kind of conversion method
Exemplary introduction, the embodiment of the present disclosure to specifically use which kind of conversion method without limitation.
In step 304, which inputs account detection model for multiple feature vector, which is
Model based on the training of positive and negative sample data set.
Wherein, which may include the sample data of multiple normal accounts and the sample of multiple abnormal accounts
Notebook data.
The server need to pass through positive and negative sample data set pair before detecting using the account detection model to account
The account detection model is trained, and the account detection model is made to may learn the feature of normal account and abnormal account, and
Each weight parameter in the account detection model is adjusted.
To improve the accuracy that the account detection model exports result, each weight parameter in the account detection model can
It is automatically updated with predeterminated frequency, wherein the predeterminated frequency can be arranged by developer.In a kind of possible implementation
In, it can be by updating the positive and negative sample data set, to be adjusted to the parameters in the account detection model.Referring to figure
4, the Fig. 4 are a kind of flow charts that account detection model automatically updates shown according to an exemplary embodiment, which holds
The positive and negative sample collection procedure 401 of row, gets positive and negative sample data set, in the embodiments of the present disclosure, the server is available
The data of the normal account and abnormal account that detect in target time section are as positive and negative sample data, wherein the object time
Section can be arranged by developer, for example, can be set to one month, which concentrates the positive and negative sample data each
Data are converted to multiple digit strings, and input the account detection model, may include at least one in the account detection model
A classifier is carried out operation to input data by the classifier, and is adjusted based on operation result to each weight parameter, is passed through
It crosses after the step 402 of classifier operation and parameter optimization, the server is available to the model completed is updated, and executes mould
Type storing step 403.Above-mentioned steps 401 to step 403 is the step of model automatization training, the mistake that this model automatically updates
Journey can make the accuracy rate of model output result and recall rate reach 99%, substantially increase model performance.
In step 305, which passes through the weight parameter of each classifier in the account detection model, to multiple
Feature vector is calculated, and the value-at-risk of the account is exported.
Wherein, which can serve to indicate that the degree of safety of the account, and value-at-risk is higher, account corresponding to the value-at-risk
Number degree of safety it is lower, a possibility that account is stolen, is higher.
In the embodiment of the present disclosure, which may include multiple cascade classifiers, and classifier can be with
Corresponding to one group of weight parameter, each classifier can be weighted multiple feature vector based on weight parameter.In
In a kind of possible implementation, which can promote decision tree (Gradient Boosting with gradient
Decision Tree, GBDT) model, which may include multiple regression trees, i.e., multiple base classifiers, each base point
Class device can correspond to one group of weight parameter, which can be reflected the feature vector of input based on one group of weight parameter
It penetrates as score, a base classifier is received with after the operation result of its cascade upper level base classifier, then is based on the operation
As a result it is weighted.In the embodiments of the present disclosure, after which inputs the GBDT model for multiple feature vector, time
Whole base classifiers in the GBDT model are gone through, successively multiple feature vector is weighted by each base classifier,
Obtain the value-at-risk of the account.
It should be noted that the explanation of above-mentioned calculating account value-at-risk is only a kind of exemplary Jie of value-at-risk calculation
Continue, the embodiment of the present disclosure to specifically use which kind of value-at-risk calculation without limitation.
Above-mentioned steps 303 to step 305 is to be counted to believe according to the works exposure information, the log-on message and the historical log
Breath, determines the process of the value-at-risk of the account.
Certainly, which can also log in used terminal to this account and carry out after getting log-on message
Monitoring obtains the crucial mutual-action behavior of terminal execution, specifically, firstly, the server can step on this in target duration
The mutual-action behavior executed in record terminal is counted, and is obtained multiple mutual-action behaviors and is counted, and a mutual-action behavior counting is used to indicate
The execution number of one of registration terminal mutual-action behavior, wherein the target duration can be configured by developer, so
Afterwards, which is counted based on multiple mutual-action behavior, and multiple mutual-action behavior is counted and is converted to a vector, in vector
One element corresponds to a mutual-action behavior and counts, for example, the mutual-action behavior statistical result executed in the terminal be thumb up number 33,
Forwarding number 20, collection number 12, then the statistical result can be mapped as vector (33,20,12), finally, the server is by this
The multiple feature vector of vector sum inputs the account detection model, is joined by the weight of each classifier in the account detection model
Number, calculates the multiple feature vector of vector sum, exports the value-at-risk of the account, the specific calculating of the value-at-risk
Process similarly, is not done superfluous herein with process of the account detection model based on multiple feature vector calculation risk values in step 305
It states.
In above process, which calculates the wind of account to be detected by preparatory trained account detection model
Danger value does not need first to calculate each account the history mutual-action behavior characteristic value in each time slice and relatively determines account two-by-two again
It is number whether risky, the operation time in account detection process is shortened, account detection efficiency is improved.
Within step 306, when the value-at-risk of the account reaches target risk threshold value, which is determined as the account
Abnormal account.
In a kind of possible implementation, value-at-risk and the target risk threshold value which can will acquire are compared
Compared with when the value-at-risk is greater than the target risk threshold value, which is determined as abnormal account for account corresponding to the value-at-risk
Number.Wherein, which can be arranged by developer.
The embodiment that the disclosure provides, by obtaining this log-on message and historical log information of account to be detected,
It whether normal analyzes login place, logging device of the account to be detected etc., this logging device is monitored, is obtained to be checked
The works exposure information of account at the terminal is surveyed, analyzes whether the mutual-action behavior after the account to be detected logs in is normal users behaviour
Make, account number safety is detected from multiple dimensions, determines the value-at-risk of the account, value-at-risk is greater than target risk threshold value
Account is as abnormal account.In this account detection mode, exposed according to this log-on message, historical log information and works
The data such as optical information determine the value-at-risk of account, can carry out from dimensions such as mutual-action behavior, logging devices to the safety of account
Analysis comprehensively improves the accuracy of account detection.
In the embodiments of the present disclosure, the characteristic dimension used is more abundant, can accurate judgement account whether be stolen.Generally
Common steal-number means have password explosion, hit library, password leakage, fishing etc..In order to guarantee the quantity of steal-number, it is possible that making
The case where with script mode batch steal-number, the embodiment of the present disclosure pass through the client for obtaining current logging request parameter, currently logging in
In a period of time after holding the login behavior of behavioral parameters, the historical counts for logging in attribute, account history to count, login successfully
Mutual-action behavior these fifth types characteristic carries out account detection, covers the conventional means feature of steal-number, steps on for example, obtaining account
Client terminal start-up behavior when record, if client does not start behavior, account is likely to be to be logged in using script mode
, the login IP address of account and the historical statistical data of equipment are obtained, this two item data can serve to indicate that the account is
It is no that account is obtained if the password of the account, by frequent explosion, which may be improper login by frequent password explosion
Crucial mutual-action behavior information after login, can distinguish whether be normal users behavior operation behavior.It is detected by this account
Mode, the feature more various dimensions that the stolen detection of account uses are more abundant, and multi-angle considers that account is stolen abnormal, improving
While steal-number Detection accuracy, the recall rate of stolen account is also improved, wherein the recall rate of stolen account can achieve
99%.
Above-described embodiment mainly describe server carry out account detection process, the server get abnormal account it
Afterwards, the security intensity of the exception account can also be improved by modes such as binding cell-phone number, resetting passwords.
It is a kind of flow chart of the stolen detection of account shown according to an exemplary embodiment, the account referring to Fig. 5, the Fig. 5
The process of number stolen detection may include that account detection and account handle two parts, specifically:
In step 501, it after which judges that account logins successfully, initially enters account and is stolen testing process.
In the embodiments of the present disclosure, which immediately can detect the account after the account logins successfully,
It can also start to detect the account in object time, wherein the object time can be configured by developer, example
Such as, at the time of which can login successfully latter hour for the account.
In step 502, which extracts the log-on message of the account by feature analysis module.
Similarly, this will not be repeated here for the specific extracting mode and above-mentioned steps 301 of the log-on message.
In step 503, which counts the account information of the account from multiple dimensions by characteristic statistics module.
In a kind of possible implementation, which can be counted before the account logs in based on IP dimension is logged in
Whole accounts in one minute, ten minutes, one hour under the IP address login successfully number and total login times, based on login
Equipment dimension, statistics login the previous day, seven days, fortnight, the equipment in 30 days enliven number of days, are based on account dimension, statistics
After the previous day, seven days, fortnight, the account login times in 30 days and the account login successfully before logging in, the account
Critical behavior in one hour counts.
In step 504, for the server by characteristic quantification module, the information that will acquire is converted into digit strings.
This translates the information into the concrete mode of character string and above-mentioned steps 303 similarly, and this will not be repeated here.
In step 505, which calculates the value-at-risk of the account by value-at-risk computing module.
The value-at-risk computing module is used to judge whether any time of account logs in risky, in a kind of possible implementation
In, it may include an account detection model in the value-at-risk computing module, be based on obtaining in step 503 by the account detection model
The digit strings taken calculate the value-at-risk of the account.
This passes through the concrete mode of account model calculation risk value and above-mentioned steps 304 similarly, and this will not be repeated here.
In step 506, which is compared the value-at-risk of the account with target risk threshold value.
When the value-at-risk of the account is less than the target risk threshold value, which is determined as normal account for the account;
When the value-at-risk of the account is greater than or equal to the target risk threshold value, which is determined as exception for the account
Account executes subsequent account processing step to the account.
In step 507, which deletes the account number of the exception account.
Wherein, which can be used for one account of unique label, which detects that account exists
After any terminal logins successfully, which will generate an account number, and the account number is sent to terminal, should
Terminal need to carry the account number when to the server initiating business request, should after the server deletes the account number
Terminal also can not just execute any business conduct without the normal direction server initiating business request.
After any account is confirmed as abnormal account, which can delete the account number of the account in time,
Prevent the account from continuing to have any operation on platform, to reduce the loss caused by being stolen because of account.
In step 508, which detects whether the exception account binds cell-phone number.
In step 509, if the server detects that the exception account has bound cell-phone number, based on the hand bound
Machine number sends the page link of the password modification page, and the password modification page is for providing password modification function.
After the server detects that the exception account has bound cell-phone number, it is close that cell-phone number transmission can have been bound based on this
Code modification link is linked at terminal based on password modification and shows the password modification page, which can be to the letter on the page
Breath input operation is detected, and obtains the input information in the page in target area, this is entered information as the exception account
Number new password.
In step 510, it if the server detects the unbound cell-phone number of exception account, is sent to the registration terminal
Cell-phone number binds the page link of the page, and the cell-phone number binding page is for providing cell-phone number binding function.
It, can be to the terminal for being logged in the exception account after the server detects the unbound cell-phone number of exception account
Cell-phone number binding link is sent, based on cell-phone number binding link, shows that cell-phone number binds the page in the terminal, which can be with
Information input operation on the page is detected, obtains the phone number of user's input, which sends out the phone number
It send to server, is bound the exception account with the phone number by server.The server has determined the exception account
Bind cell-phone number after, continue to execute password modification the step of, the password modify the step of and step 508 similarly, do not do herein
It repeats.
In disclosure example, which can be handled abnormal account by stolen flow processing module, be mentioned
The security level of high account, stops loss in time.
Fig. 6 is a kind of account detection device block diagram shown according to an exemplary embodiment.Referring to Fig. 6, which includes
First acquisition unit 601, second acquisition unit 602, the first determination unit 603 and the second determination unit 604.
First acquisition unit 601, be configured as obtaining the works exposure information on the registration terminal of account to be detected with
And the log-on message of the account, the works exposure information is for being recorded in any works being exposed on the registration terminal;
Second acquisition unit 602 is configured as obtaining the historical log statistics letter of the log-on message based on the log-on message
Breath, the historical log statistical information is by the history account log-on message on the historical log information of the account and the registration terminal
Statistics obtains;
First determination unit 603 is configured as being counted according to the works exposure information, the log-on message and the historical log
Information determines the value-at-risk of the account;
Second determination unit 604 is configured as when the value-at-risk of the account reaches target risk threshold value, and the account is true
It is set to abnormal account.
In a kind of possible implementation, which is configured as:
The works exposure information, the log-on message and the historical log statistical information are respectively converted into feature vector, obtained
To multiple feature vectors;
Multiple feature vector is inputted into account detection model, passes through the weight of each classifier in the account detection model
Parameter calculates multiple feature vector, exports the value-at-risk of the account;
The account detection model is the model obtained based on the training of positive and negative sample data set, which includes
The sample data of the sample data of multiple normal accounts and multiple abnormal accounts.
In a kind of possible implementation, which further includes third acquiring unit and converting unit;
The third acquiring unit, is configured as in target duration, carries out to the mutual-action behavior executed in the registration terminal
Statistics obtains multiple mutual-action behaviors and counts, and a mutual-action behavior counting is used to indicate one of registration terminal mutual-action behavior
Execution number;
The converting unit is configured as counting based on multiple mutual-action behavior, and the counting of multiple mutual-action behavior is converted to
One vector, an element corresponds to a mutual-action behavior and counts in vector;
First determination unit is configured as inputting the multiple feature vector of vector sum into account detection mould
Type carries out the multiple feature vector of a vector sum by the weight parameter of each classifier in the account detection model
It calculates, exports the value-at-risk of the account.
In a kind of possible implementation, which includes: the popular works exposure based on the registration terminal
Information, at least one of city works exposure information;
The hot topic works are used to indicate the works that exposure frequency is greater than threshold exposure, this is used to indicate works hair with city works
The works of cloth place and the login place of the account to be detected in same territorial scope.
In a kind of possible implementation, which includes: the version for the application program installed in the registration terminal
At least one of parameter, the downloading channel information of the application program, IP address.
In a kind of possible implementation, the historical log statistical information of the log-on message includes: based on the registration terminal
Multiple and different statistics granularities duration in initiate the account total amount logged in, the account total amount logined successfully, the account that logins successfully
Number enliven at least one of number of days and the login total degree of the account to be detected.
In a kind of possible implementation, the device further include:
Unit is deleted, is configured as deleting the account number of the exception account;
Detection unit is configured as detecting whether the exception account binds cell-phone number;
First jump-transfer unit has been bound if being configured as detecting that the exception account has bound cell-phone number based on this
Cell-phone number sends the page link of the password modification page, and the password modification page is for providing password modification function;
Second jump-transfer unit is sent out if being configured as detecting the unbound cell-phone number of exception account to the registration terminal
The page link of the cell-phone number binding page is sent, the cell-phone number binding page is for providing cell-phone number binding function.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, no detailed explanation will be given here.
Fig. 7 is a kind of block diagram of server shown according to an exemplary embodiment.The server 700 can be because of configuration or property
Energy is different and generates bigger difference, may include one or more processors (central processing
Units, CPU) 701 and one or more memory 702, wherein at least one finger is stored in the memory 702
It enables, which is loaded by the processor 701 and executed is examined with the account for realizing that above-mentioned each embodiment of the method provides
Survey method.Certainly, which can also have the components such as wired or wireless network interface, keyboard and input/output interface,
To carry out input and output, which can also include other for realizing the component of functions of the equipments, and this will not be repeated here.
In the exemplary embodiment, a kind of storage medium including instruction is additionally provided, the memory for example including instruction,
Above-metioned instruction can be executed by the processor of server to complete the above method.Optionally, storage medium can be non-transitory meter
Calculation machine readable storage medium storing program for executing, for example, the non-transitory storage medium can be ROM, random access memory (RAM), CD-ROM,
Tape, floppy disk and optical data storage devices etc..
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following
Claim is pointed out.
It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.
Claims (10)
1. a kind of account detection method characterized by comprising
Obtain the log-on message of the works exposure information and the account on the registration terminal of account to be detected, the works
Exposure information is for being recorded in any works being exposed on the registration terminal;
Based on the log-on message, the historical log statistical information of the log-on message, the historical log statistical information are obtained
It counts to obtain by the history account log-on message on the historical log information of the account and the registration terminal;
According to the works exposure information, the log-on message and the historical log statistical information, the wind of the account is determined
Danger value;
When the value-at-risk of the account reaches target risk threshold value, the account is determined as abnormal account.
2. account detection method according to claim 1, which is characterized in that described according to the works exposure information, institute
Log-on message and the historical log statistical information are stated, determines that the value-at-risk of the account includes:
The works exposure information, the log-on message and the historical log statistical information are respectively converted into feature vector,
Obtain multiple feature vectors;
The multiple feature vector is inputted into account detection model, passes through the weight of each classifier in the account detection model
Parameter calculates the multiple feature vector, exports the value-at-risk of the account;
The account detection model is the model obtained based on the training of positive and negative sample data set, and the positive and negative sample data set includes
The sample data of the sample data of multiple normal accounts and multiple abnormal accounts.
3. account detection method according to claim 2, which is characterized in that described that the multiple feature vector is inputted account
Number detection model carries out the multiple feature vector by the weight parameter of each classifier in the account detection model
It calculates, before the value-at-risk for exporting the account, the method also includes:
In target duration, the mutual-action behavior executed in the registration terminal is counted, multiple mutual-action behaviors is obtained and counts,
One mutual-action behavior counts the execution number for being used to indicate one of registration terminal mutual-action behavior;
It is counted based on the multiple mutual-action behavior, the multiple mutual-action behavior is counted and is converted to a vector, one in vector
Element corresponds to a mutual-action behavior and counts;
It is described that the multiple feature vector is inputted into account detection model, pass through each classifier in the account detection model
Weight parameter calculates the multiple feature vector, and the value-at-risk for exporting the account includes:
The multiple feature vector of one vector sum is inputted into the account detection model, passes through the account detection model
In each classifier weight parameter, the multiple feature vector of one vector sum is calculated, the account is exported
Value-at-risk.
4. account detection method according to claim 1, which is characterized in that the works exposure information includes: based on institute
State the popular works exposure information of registration terminal, at least one of city works exposure information;
The hot topic works are used to indicate the works that exposure frequency is greater than threshold exposure, and the same city works are used to indicate works hair
The works of cloth place and the login place of the account to be detected in same territorial scope.
5. account detection method according to claim 1, which is characterized in that the log-on message includes: that the login is whole
At least one of the Release parameter for the application program installed in end, the downloading channel information of the application program, IP address.
6. account detection method according to claim 1, which is characterized in that the historical log of the log-on message counts letter
Breath include: multiple and different statistics granularities based on the registration terminal duration in initiate log in account total amount, login successfully
Account total amount, the account that logins successfully enliven at least one of number of days and the login total degree of the account to be detected.
7. account detection method according to claim 1, which is characterized in that described that the account is determined as abnormal account
Later, the method also includes:
Delete the account number of the abnormal account;
Detect whether the abnormal account binds cell-phone number;
If detecting, the abnormal account has bound cell-phone number, based on the cell-phone number bound, sends password and modifies page
The page link in face, the password modification page is for providing password modification function;
If detecting the unbound cell-phone number of the abnormal account, the page of the cell-phone number binding page is sent to the registration terminal
Link, the cell-phone number binding page is for providing cell-phone number binding function.
8. a kind of account detection device characterized by comprising
First acquisition unit, the works exposure information for being configured as obtaining on the registration terminal of account to be detected and the account
Number log-on message, the works exposure information is for being recorded in any works being exposed on the registration terminal;
Second acquisition unit is configured as obtaining the historical log statistical information of the log-on message based on the log-on message,
The historical log statistical information is logged in by the history account on the historical log information of the account and the registration terminal
Information Statistics obtain;
First determination unit is configured as being counted according to the works exposure information, the log-on message and the historical log
Information determines the value-at-risk of the account;
Second determination unit is configured as when the value-at-risk of the account reaches target risk threshold value, and the account is determined
For abnormal account.
9. a kind of server characterized by comprising
Processor;
For storing the memory of the processor-executable instruction;
Wherein, the processor is configured to executing described instruction, to realize the account as described in any one of claims 1 to 7
Number detection method.
10. a kind of storage medium, when the instruction in the storage medium is executed by the processor of server, so that the service
Device is able to carry out the account detection method as described in any one of claims 1 to 7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910775566.4A CN110489964A (en) | 2019-08-21 | 2019-08-21 | Account detection method, device, server and storage medium |
| CN201911109239.1A CN112417439B (en) | 2019-08-21 | 2019-11-13 | Account detection method, device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910775566.4A CN110489964A (en) | 2019-08-21 | 2019-08-21 | Account detection method, device, server and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110489964A true CN110489964A (en) | 2019-11-22 |
Family
ID=68552667
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910775566.4A Pending CN110489964A (en) | 2019-08-21 | 2019-08-21 | Account detection method, device, server and storage medium |
| CN201911109239.1A Active CN112417439B (en) | 2019-08-21 | 2019-11-13 | Account detection method, device, server and storage medium |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911109239.1A Active CN112417439B (en) | 2019-08-21 | 2019-11-13 | Account detection method, device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN110489964A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111010365A (en) * | 2019-10-12 | 2020-04-14 | 中国平安财产保险股份有限公司 | External hanging detection method and device based on login data and computer equipment |
| CN111259245A (en) * | 2020-01-16 | 2020-06-09 | 腾讯音乐娱乐科技(深圳)有限公司 | Work pushing method and device and storage medium |
| CN111311285A (en) * | 2020-02-21 | 2020-06-19 | 深圳壹账通智能科技有限公司 | Method, device, equipment and storage medium for preventing user from illegally logging in |
| CN111539737A (en) * | 2020-04-27 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Account risk detection method, device and equipment |
| CN111586028A (en) * | 2020-04-30 | 2020-08-25 | 广州市百果园信息技术有限公司 | Abnormal login evaluation method and device, server and storage medium |
| CN111708995A (en) * | 2020-06-12 | 2020-09-25 | 中国建设银行股份有限公司 | Service processing method, device and equipment |
| CN112016078A (en) * | 2020-08-26 | 2020-12-01 | 广州市百果园信息技术有限公司 | Method, device, server and storage medium for detecting forbidding of login equipment |
| CN113239331A (en) * | 2021-04-16 | 2021-08-10 | 广州趣米网络科技有限公司 | Risk account anti-intrusion identification method and system based on big data |
| CN113271315A (en) * | 2021-06-08 | 2021-08-17 | 工银科技有限公司 | Virtual private network abnormal use detection method and device and electronic equipment |
| CN113468510A (en) * | 2021-07-15 | 2021-10-01 | 中国银行股份有限公司 | Abnormal login behavior data detection method and device |
| CN114050941A (en) * | 2022-01-11 | 2022-02-15 | 中孚信息股份有限公司 | Defect account detection method and system based on kernel density estimation |
| CN114065187A (en) * | 2022-01-18 | 2022-02-18 | 中诚华隆计算机技术有限公司 | Abnormal login detection method and device, computing equipment and storage medium |
| CN114598734A (en) * | 2022-03-03 | 2022-06-07 | 中国农业银行股份有限公司 | Account processing method and device |
| CN115001802A (en) * | 2022-05-30 | 2022-09-02 | 平安科技(深圳)有限公司 | Account abnormal login detection method based on shared screen and related equipment |
| CN117527444A (en) * | 2023-12-29 | 2024-02-06 | 中智关爱通(南京)信息科技有限公司 | Method, apparatus and medium for training a model for detecting risk values of login data |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113347180B (en) * | 2021-06-01 | 2022-05-31 | 重庆贝特计算机系统工程有限公司 | Risk analysis method for network security three-synchronization process of computer application system |
| CN113392386B (en) * | 2021-06-30 | 2022-11-04 | 未鲲(上海)科技服务有限公司 | Login method and device of business system, computer equipment and storage medium |
| CN113497807A (en) * | 2021-07-09 | 2021-10-12 | 深圳竹云科技有限公司 | Method and device for detecting user login risk and computer readable storage medium |
| CN114172717A (en) * | 2021-12-03 | 2022-03-11 | 武汉极意网络科技有限公司 | Account risk evaluation method based on event tracking |
| CN114244611B (en) * | 2021-12-17 | 2023-10-13 | 中国平安财产保险股份有限公司 | Abnormal attack detection method, device, equipment and storage medium |
| CN114733207B (en) * | 2022-05-12 | 2023-08-01 | 深圳爱玩网络科技股份有限公司 | Game account monitoring analysis early warning management system based on feature analysis |
| CN114925352B (en) * | 2022-05-30 | 2024-08-23 | 平安银行股份有限公司 | Account registration risk detection method, device, equipment and storage medium |
| CN114925353B (en) * | 2022-05-30 | 2024-08-27 | 平安银行股份有限公司 | Account password resetting risk identification method, device, equipment and storage medium |
| CN114741684A (en) * | 2022-06-10 | 2022-07-12 | 深圳竹云科技股份有限公司 | Account detection method, device, server and storage medium |
| CN115186249A (en) * | 2022-09-13 | 2022-10-14 | 飞狐信息技术(天津)有限公司 | Management method and system for multi-device simultaneous login, electronic device and storage medium |
| CN116257840B (en) * | 2022-12-28 | 2023-10-20 | 南京邮电大学盐城大数据研究院有限公司 | Login information query management system and method based on big data |
| CN116451190B (en) * | 2023-06-15 | 2023-08-18 | 恺恩泰(南京)科技有限公司 | Data authority setting method based on Internet medical service system |
| CN117521042B (en) * | 2024-01-05 | 2024-05-14 | 创旗技术有限公司 | High-risk authorized user identification method based on ensemble learning |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104519032B (en) * | 2013-09-30 | 2019-02-01 | 深圳市腾讯计算机系统有限公司 | A kind of security strategy and system of internet account number |
| CN107066616B (en) * | 2017-05-09 | 2020-12-22 | 京东数字科技控股有限公司 | Account processing method and device and electronic equipment |
| CN109617924B (en) * | 2019-01-28 | 2022-04-26 | 杭州数梦工场科技有限公司 | Account use behavior detection method and device |
-
2019
- 2019-08-21 CN CN201910775566.4A patent/CN110489964A/en active Pending
- 2019-11-13 CN CN201911109239.1A patent/CN112417439B/en active Active
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111010365A (en) * | 2019-10-12 | 2020-04-14 | 中国平安财产保险股份有限公司 | External hanging detection method and device based on login data and computer equipment |
| CN111010365B (en) * | 2019-10-12 | 2022-04-15 | 中国平安财产保险股份有限公司 | External hanging detection method and device based on login data and computer equipment |
| CN111259245A (en) * | 2020-01-16 | 2020-06-09 | 腾讯音乐娱乐科技(深圳)有限公司 | Work pushing method and device and storage medium |
| CN111259245B (en) * | 2020-01-16 | 2023-05-02 | 腾讯音乐娱乐科技(深圳)有限公司 | Work pushing method, device and storage medium |
| CN111311285A (en) * | 2020-02-21 | 2020-06-19 | 深圳壹账通智能科技有限公司 | Method, device, equipment and storage medium for preventing user from illegally logging in |
| CN111539737A (en) * | 2020-04-27 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Account risk detection method, device and equipment |
| CN111586028A (en) * | 2020-04-30 | 2020-08-25 | 广州市百果园信息技术有限公司 | Abnormal login evaluation method and device, server and storage medium |
| CN111708995A (en) * | 2020-06-12 | 2020-09-25 | 中国建设银行股份有限公司 | Service processing method, device and equipment |
| CN112016078A (en) * | 2020-08-26 | 2020-12-01 | 广州市百果园信息技术有限公司 | Method, device, server and storage medium for detecting forbidding of login equipment |
| WO2022042194A1 (en) * | 2020-08-26 | 2022-03-03 | 百果园技术(新加坡)有限公司 | Block detection method and apparatus for login device, server, and storage medium |
| CN113239331B (en) * | 2021-04-16 | 2021-12-07 | 广州趣米网络科技有限公司 | Risk account anti-intrusion identification method and system based on big data |
| CN113239331A (en) * | 2021-04-16 | 2021-08-10 | 广州趣米网络科技有限公司 | Risk account anti-intrusion identification method and system based on big data |
| CN113271315A (en) * | 2021-06-08 | 2021-08-17 | 工银科技有限公司 | Virtual private network abnormal use detection method and device and electronic equipment |
| CN113468510A (en) * | 2021-07-15 | 2021-10-01 | 中国银行股份有限公司 | Abnormal login behavior data detection method and device |
| CN114050941A (en) * | 2022-01-11 | 2022-02-15 | 中孚信息股份有限公司 | Defect account detection method and system based on kernel density estimation |
| CN114065187A (en) * | 2022-01-18 | 2022-02-18 | 中诚华隆计算机技术有限公司 | Abnormal login detection method and device, computing equipment and storage medium |
| CN114598734A (en) * | 2022-03-03 | 2022-06-07 | 中国农业银行股份有限公司 | Account processing method and device |
| CN115001802A (en) * | 2022-05-30 | 2022-09-02 | 平安科技(深圳)有限公司 | Account abnormal login detection method based on shared screen and related equipment |
| CN115001802B (en) * | 2022-05-30 | 2023-05-30 | 平安科技(深圳)有限公司 | Account abnormal login detection method based on shared screen and related equipment |
| CN117527444A (en) * | 2023-12-29 | 2024-02-06 | 中智关爱通(南京)信息科技有限公司 | Method, apparatus and medium for training a model for detecting risk values of login data |
| CN117527444B (en) * | 2023-12-29 | 2024-03-26 | 中智关爱通(南京)信息科技有限公司 | Method, apparatus and medium for training a model for detecting risk values of login data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112417439B (en) | 2023-12-29 |
| CN112417439A (en) | 2021-02-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110489964A (en) | Account detection method, device, server and storage medium | |
| CN110399925B (en) | Account risk identification method, device and storage medium | |
| CN111784348B (en) | Account risk identification method and device | |
| US11410229B2 (en) | Data reconciliation based on computer analysis of data | |
| US10938927B2 (en) | Machine learning techniques for processing tag-based representations of sequential interaction events | |
| CN106992994A (en) | A kind of automatically-monitored method and system of cloud service | |
| CN110442712B (en) | Risk determination method, risk determination device, server and text examination system | |
| WO2019196534A1 (en) | Verification code-based human-computer recognition method and apparatus | |
| CN106919555A (en) | The system and method that the field of the data for being included in log stream is extracted | |
| US20170109636A1 (en) | Crowd-Based Model for Identifying Executions of a Business Process | |
| CN111181757B (en) | Information security risk prediction method and device, computing equipment and storage medium | |
| US20170109639A1 (en) | General Model for Linking Between Nonconsecutively Performed Steps in Business Processes | |
| CN105824806B (en) | A kind of quality evaluating method and device of public's account | |
| CN113221104A (en) | User abnormal behavior detection method and user behavior reconstruction model training method | |
| Korstanje | Machine Learning for Streaming Data with Python: Rapidly build practical online machine learning solutions using River and other top key frameworks | |
| Čegan et al. | Webalyt: Open web analytics platform | |
| US20170109670A1 (en) | Crowd-Based Patterns for Identifying Executions of Business Processes | |
| CN111898766A (en) | Ether house fuel limitation prediction method and device based on automatic machine learning | |
| Izrailov et al. | Identifying characteristics of software vulnerabilities by their textual description using machine learning | |
| Batiuk et al. | Ontology Model and Ontological Graph for Development of Decision Support System of Personal Socialization by Common Relevant Interests. | |
| CN111181756B (en) | Domain name security judgment method, device, equipment and medium | |
| CN114662099A (en) | AI model-based application malicious behavior detection method and device | |
| CN111784503B (en) | Operation rendering method, system and storage medium of communication credit investigation data | |
| Mora et al. | Enforcing corporate security policies via computational intelligence techniques | |
| US12126505B2 (en) | Data migration in application performance monitoring |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20191122 |