CN110519263A - Anti- brush amount method, apparatus, equipment and computer readable storage medium - Google Patents

Anti- brush amount method, apparatus, equipment and computer readable storage medium Download PDF

Info

Publication number
CN110519263A
CN110519263A CN201910791649.2A CN201910791649A CN110519263A CN 110519263 A CN110519263 A CN 110519263A CN 201910791649 A CN201910791649 A CN 201910791649A CN 110519263 A CN110519263 A CN 110519263A
Authority
CN
China
Prior art keywords
address
visitor
brush amount
access
access log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910791649.2A
Other languages
Chinese (zh)
Other versions
CN110519263B (en
Inventor
肖伟华
许龙
尹畅文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201910791649.2A priority Critical patent/CN110519263B/en
Publication of CN110519263A publication Critical patent/CN110519263A/en
Application granted granted Critical
Publication of CN110519263B publication Critical patent/CN110519263B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9536Search customisation based on social or collaborative filtering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Abstract

This application discloses anti-brush amount method, apparatus, equipment and computer readable storage mediums, are related to big data field.Specific implementation are as follows: by the way that the access log dispersion of each website to be stored in multiple data areas, when carrying out the processing of anti-brush amount, sampled from multiple data areas for storing access log and determine at least one target area;Based on visitor's IP address to the access log at least one target area access behavioural analysis handle determine brush amount IP address, improve the recognition efficiency of brush amount IP address;The guest identification of one visitor of unique identification is used for by generating, the corresponding guest identification of brush amount IP address is determined as brush amount user identifier, after determining visitor's IP address with the brush amount behavior for forging access request, further determine that the brush amount user identifier with the brush amount behavior for forging access request, so as to which the brush amount behavior for forging access request is recognized accurately, the precision of the identification of brush amount behavior is improved.

Description

Anti- brush amount method, apparatus, equipment and computer readable storage medium
Technical field
This application involves field of computer technology more particularly to big data technologies.
Background technique
Data statistics platform is when counting website behavioral data, it will usually record access source, the information such as interviewed page.By Record foundation in access source is to jump access, therefore criminal can access by forging access request using falseness Source is jumped, and access derived data is forged, and this brush amount behavior for forging access request not only produces statistical data result Raw deviation, and occur waste advertisements information in the statistical results.
The method of existing identification brush amount behavior, usually frequency, the access by initiating access request according to terminal or user Brush amount terminal and the brush amount user of access request are forged in the identifications such as the brush amount behavioural characteristic of behavior.But for web site, lead to Often be difficult to get the key identification informations such as the MAC Address of initiating terminal, hard disk serial number, can not accurately for initiating terminal into Row analysis;In addition forging access request can be pretended, and same terminal can forge multiple users and carry out brush amount behavior, make one It is more difficult to differentiate between with machine behavior, can not accurately analyze user access activity feature;Therefore, using terminal or user as point Object is analysed, the accuracy rate that access request is forged in identification is low, and since the data volume of user access logs is huge, forges access request Recognition cycle length, low efficiency.
Summary of the invention
The application provides a kind of anti-brush amount method, apparatus, equipment and computer readable storage medium, to solve existing skill The problem of accuracy rate of identification forgery access request is low in art, forges long access request recognition cycle, low efficiency.
One embodiment of the application provides a kind of anti-brush amount method, comprising:
It is sampled from multiple data areas for storing access log and determines at least one target area;Based on visitor IP Address to the access log at least one described target area access behavioural analysis processing, determine brush amount IP address;It will The corresponding guest identification of the brush amount IP address is determined as brush amount user identifier, and the guest identification is for unique identification one visit Visitor.
Optionally, it is described the corresponding guest identification of the brush amount IP address is determined as brush amount user identifier after, also wrap It includes: screening filtering processing being carried out to the brush amount IP address and the brush amount user identifier, in real time to brush amount behavior Access carry out screening filtering, malicious data brush amount behavior can be effectively prevent.
Optionally, it is sampled in multiple data areas from for storing access log and determines at least one target area Before, further includes: in response to the access request of visitor, according to the facility information and cookie information of the visitor, described in generation The guest identification of visitor;Record the access log of the visitor, the access log include at least the visitor guest identification, Visitor's IP address, site information and access behavioral data, to generate unique guest identification for different visitors, and are accessing Record access identifies in log.
Optionally, after the access log for recording the visitor, further includes: according to the website in the access log Information, by access log storage to corresponding data area, will largely access day using default hash rule to realize Multiple and different data areas is arrived in will hash storage.
Optionally, described to be accessed row based on visitor's IP address to the access log at least one described target area For analysis processing, brush amount IP address is determined, comprising: according to the access log at least one described target area, calculate each The website quantity of visitor's IP address access and average single reference duration;According to each visitor's IP address access website quantity and Average single accesses duration, calculates the integrated risk weight of each visitor's IP address;If the integrated risk of a certain visitor's IP address Weight is greater than default weight threshold, it is determined that visitor's IP address is brush amount IP address, to realize the website quantity of integrated access With two behavioural characteristics such as average single reference duration, to identify the brush amount IP address with brush amount behavior.
Optionally, the website quantity and average single reference duration according to the access of each visitor's IP address, calculates every Before the integrated risk weight of a visitor's IP address, further includes: access depth and longest according to the maximum single of visitor's IP address Single reference duration filters out risk IP address, and the risk IP address refers to that maximum single access depth is less than first threshold, Or longest single reference duration is less than visitor's IP address of second threshold;The risk IP address is executed with calculating visitor IP The step of integrated risk weight of location, to realize before the integrated risk weight for calculating visitor's IP address, filtering out in advance can There can be the risk IP address of brush amount behavior, the calculating of integrated risk weight is only carried out to risk IP address, reduce calculation amount, mention The efficiency of high brush amount IP address identification.
Optionally, the website quantity and average single reference duration according to the access of each visitor's IP address, calculates every The integrated risk weight of a visitor's IP address, comprising: visited according to the website quantity of each visitor's IP address access and average single It asks the corresponding first default weight of duration, website quantity and the corresponding second default weight of average single access duration, uses As under type calculates the integrated risk weight of each visitor's IP address: the default weight of integrated risk weight=the first × website quantity + the second default weight/average single accesses duration;Wherein the described first default weight is greater than the described second default weight, with reality Now accurately calculate the integrated risk weight of each visitor's IP address.
Optionally, described that screening filtering processing is carried out to the brush amount IP address and the brush amount user identifier, comprising: will Access log comprising the brush amount IP address and/or the brush amount user identifier filters out, to realize to brush amount behavior Brush amount IP address and the brush amount user identifier carry out screening filtering.
Optionally, described to be accessed row based on visitor's IP address to the access log at least one described target area For analysis processing, brush amount IP address is determined, comprising: the access in nearest preset duration is regularly obtained out of described target area Log;Based on visitor's IP address to the access log in the nearest preset duration access behavioural analysis processing, determine brush IP address is measured, to carry out the identification and subsequent anti-brush amount processing of brush amount IP address in real time.
Another embodiment of the application provides a kind of anti-brush amount device, comprising:
Data sampling module determines at least one mesh for sampling from multiple data areas for storing access log Mark region;Real-time screening module, for being carried out based on visitor's IP address to the access log at least one described target area Behavioural analysis processing is accessed, determines brush amount IP address;The real-time screening module is also used to: the brush amount IP address is corresponding Guest identification is determined as brush amount user identifier, and the guest identification is used for one visitor of unique identification.
Another embodiment of the application provides a kind of electronic equipment, comprising:
At least one processor;And the memory being connect at least one described processor communication;Wherein, the storage Device is stored with the instruction that can be executed by least one described processor, and described instruction is executed by least one described processor, with At least one described processor is set to be able to carry out anti-brush amount method described above.
Another embodiment of the application provides a kind of non-instantaneous computer-readable storage medium for being stored with computer instruction Matter, the computer instruction is for making the computer execute anti-brush amount method described above.
Another embodiment of the application provides a kind of anti-brush amount method, comprising:
Based on visitor's IP address to the access log at least one data area access behavioural analysis processing, determine Brush amount IP address;The corresponding guest identification of the brush amount IP address is determined as brush amount user identifier, the guest identification is used for One visitor of unique identification.
One embodiment in above-mentioned application have the following advantages that or the utility model has the advantages that
By the way that the access log dispersion of each website is stored in multiple data areas in advance, anti-brush amount processing is being carried out When, it is sampled from multiple data areas for storing access log and determines at least one target area;Based on visitor's IP address To the access log at least one described target area access behavioural analysis processing, determine brush amount IP address, improve The recognition efficiency of brush amount IP address;By pre-generating the guest identification for one visitor of unique identification, by the brush amount IP The corresponding guest identification in address is determined as brush amount user identifier, is determining the visitor IP with the brush amount behavior for forging access request Behind address, the brush amount user identifier with the brush amount behavior for forging access request can also be further determined that, so as to accurate It identifies the brush amount behavior for forging access request, improves the precision of the identification of brush amount behavior.
Other effects possessed by above-mentioned optional way are illustrated hereinafter in conjunction with specific embodiment.
Detailed description of the invention
Attached drawing does not constitute the restriction to the application for more fully understanding this programme.Wherein:
Fig. 1 is the flow chart according to the anti-brush amount method of the application first embodiment;
Fig. 2 is the flow chart according to the anti-brush amount method of the application second embodiment;
Fig. 3 is the structural schematic diagram according to the anti-brush amount device of the application 3rd embodiment;
Fig. 4 is the structural schematic diagram according to the anti-brush amount device of the application fourth embodiment;
Fig. 5 is the block diagram for the electronic equipment for the method for realizing the anti-brush amount of the embodiment of the present application.
Specific embodiment
It explains below in conjunction with exemplary embodiment of the attached drawing to the application, including the various of the embodiment of the present application Details should think them only exemplary to help understanding.Therefore, those of ordinary skill in the art should recognize It arrives, it can be with various changes and modifications are made to the embodiments described herein, without departing from the scope and spirit of the present application.Together Sample, for clarity and conciseness, descriptions of well-known functions and structures are omitted from the following description.
Term " first " involved in the application, " second " etc. are used for description purposes only, and should not be understood as instruction or dark Show relative importance or implicitly indicates the quantity of indicated technical characteristic.In the description of following embodiment, " multiple " It is meant that two or more, unless otherwise specifically defined.
The specific application scenarios of the application are as follows: data statistics platform counts each station according to the access log of each website To the amount of access of a certain project (such as advertising page etc.) in the amount of access or each website of statistics of point, and with amount of access be according to It pays according to website.But certain criminals, which can maliciously forge true access request, carries out brush amount operation, and data is caused to be united Count the amount of access data inaccuracy of platform statistics.The application provides a kind of anti-brush amount method and is applied to above-mentioned scene, to access day Will is analyzed and is handled, and identifies visitor's IP address and guest identification with brush amount behavior, thus for brush amount row For visitor's IP address and guest identification access request carry out screening filtering processing technical foundation is provided.
How the technical solution of the application and the technical solution of the application are solved with specifically embodiment below above-mentioned Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, embodiments herein is described.
The application first embodiment provides a kind of anti-brush amount method.Fig. 1 is the anti-brush according to the application first embodiment The flow chart of amount method, as shown in Figure 1, specific step is as follows for this method:
Step S101, it is sampled from multiple data areas for storing access log and determines at least one target area.
In practical applications, a network platform may have many or even a website up to a million, the visit of each website Ask that the data volume of log is very big, if data statistics platform carries out analysis identification brush amount row to the access log of all websites For, it will expend long time and computing resource.
In the present embodiment, the access log dispersion of each website is stored in multiple data areas.It is carrying out at anti-brush amount When reason, it can determine that wherein at least one data area as target area, leads to by the method for sampling from multiple data areas It crosses and the data analysis that the access log in target area carries out is determined there are visitor's IP address of brush amount behavior, can obtain in this way To calculation amount is reduced, the recognition efficiency of brush amount IP address is improved.
Wherein, it can be logically or carried out in physical space for storing the different data areas of access log Division.For example, different data areas can be different database, or it is different storage equipment.
Illustratively, when determining target area, random sampling algorithms can be used, are determined at least from multiple data areas One target area.
In general, there are problems that the website of brush amount is visited relative to there is no the data volume of the sites accessing data of brush amount problem Ask that the data volume of data can be much larger, according to the size of the data volume of each website, can go out with preliminary screening has brush amount Abnormal website, when choosing target area, can preferentially select to be stored with the data area of abnormal sites accessing data as Target area is conducive to the brush amount IP address for being found to have brush amount behavior.
It illustratively, can also be according to the data of each website stored in each data area when determining target area Amount determines in each data area and is greater than preset data amount threshold value with the presence or absence of the data volume of a certain website;Filter out that there are certain The data volume of one website is greater than the data area alternately region of preset data amount threshold value, then using alternative area whole as Target area, or at least one is chosen as target area from alternative area.
Step S102, it is accessed behavior based on visitor's IP address to the access log at least one described target area Analysis processing, determines brush amount IP address.
Wherein, access log includes at least following information: guest identification, visitor's IP address, site information and access behavior Data.Access behavioral data may include: access source type, access and carry out origin url, and the facility information of visitor, is visited at access depth Ask the information such as duration and access time.Wherein, access source type may include: direct access, search engine and external linkage Deng.The facility information of visitor may include one or more of following information: device model, equipment brand, operating system Type, operating system version number, browser type etc..Access depth can be the website that user browses in a navigation process Number of pages.Access log can also include other access behavioral datas, and the present embodiment is not specifically limited herein.
In addition, access log can also include the other information of visitor, such as regional information etc..
In the present embodiment, using to the access log at least one described target area as basic data, with visitor IP The access behavioural characteristic of different visitor's IP address is analyzed, to identify the brush amount with brush amount behavior as analysis object in address IP address.
Step S103, the corresponding guest identification of the brush amount IP address is determined as brush amount user identifier, visitor's mark Know and is used for one visitor of unique identification.
In the present embodiment, in guest access website, believed according to the facility information for the visitor that can be got and cookie Breath etc. generates the guest identification for capableing of the unique identification visitor.The guest identification combines the related letter for the equipment that visitor uses The cookie information of breath and visitor, which has the function of identifying visitor's terminal, while having the function of identity user Energy.In this way, passing through the visitor under the premise of not needing the key identification informations such as MAC Address, the hard disk serial number of acquisition equipment Mark can also distinguish different visitor devices.
When the visitor requests access to the website of the network platform for the first time, the guest identification is generated;It is accessed in subsequent request When the website or other websites, guest identification is carried in access request, can accessed in record access log Guest identification is recorded in log information.
Wherein, the corresponding guest identification of brush amount IP address refers to the visit that any one website was accessed using brush amount IP address The guest identification of visitor.
The present embodiment is being prevented by the way that the access log dispersion of each website is stored in multiple data areas in advance When the processing of brush amount, is sampled from multiple data areas for storing access log and determine at least one target area;Based on visit Objective IP address to the access log at least one described target area access behavioural analysis processing, with determining brush amount IP Location improves the recognition efficiency of brush amount IP address;By pre-generating the guest identification for one visitor of unique identification, by institute It states the corresponding guest identification of brush amount IP address and is determined as brush amount user identifier, there is the brush amount behavior for forging access request determining Visitor's IP address after, can also further determine that with forge access request brush amount behavior brush amount user identifier, thus The brush amount behavior for forging access request can be recognized accurately, improve the precision of the identification of brush amount behavior.
Fig. 2 is the flow chart according to the anti-brush amount method of the application second embodiment.In the base of the application first embodiment On plinth, in the second embodiment of the application, is sampled from multiple data areas for storing access log and determine at least one Before target area, further includes: record access log is advised according to the site information in the access log using default hash Then, the access log is stored to corresponding data area.Described that the corresponding guest identification of the brush amount IP address is true It is set to after brush amount user identifier, the brush amount IP address and the brush amount user identifier can also be carried out at screening filtering Reason.As shown in Fig. 2, specific step is as follows for this method:
Step S201, it is generated in response to the access request of visitor according to the facility information and cookie information of the visitor The guest identification of the visitor.
In the present embodiment, before carrying out anti-brush amount processing, visitor's mark for one visitor of unique identification is pre-generated Know.Specifically, generating the guest identification when the visitor requests access to the website of the network platform for the first time;It is visited in subsequent request When asking the website or other websites, guest identification is carried in access request, must accessed in record access log Guest identification is recorded in log information.
Wherein, the facility information of visitor may include one or more of following information: device model, equipment Board, OS Type, operating system version number, browser type etc..The facility information and cookie information group of visitor shares Carry out one visitor of unique identification.The guest identification combines the relevant information for the equipment that visitor uses and the cookie of visitor Information, which has the function of identifying visitor's terminal, while having the function of identity user.In this way, not needing to obtain Under the premise of taking the key identification informations such as MAC Address, the hard disk serial number of equipment, difference can also be distinguished by the guest identification Visitor device.
In the step, in response to the access request of visitor, whether determine in access request comprising guest identification;If access Do not include guest identification in request, then illustrates that this access is the first time access of the visitor, then obtaining the equipment letter of visitor Breath and cookie information, and the guest identification of the visitor is generated according to the facility information of visitor and cookie information, and subsequent When record access log, guest identification is added in access log;If including guest identification in access request, illustrate this Access is not that the first time access of the visitor adds guest identification in record access log in access log.
Illustratively, according to the facility information and cookie information of the visitor, the guest identification of the visitor is generated, it can To realize in the following way:
By the facility information of visitor and cookie information according to the default composition data sequence that puts in order, to data sequence into Row standardization generates the character string with preset length, as guest identification.
Wherein, facility information and the default of cookie information put in order in data sequence, and generate guest identification Preset length can be set with experience according to actual needs by technical staff, and the present embodiment is not specifically limited herein.
In addition, data sequence is standardized to obtain the character string of preset length, it can be using in the prior art Any one method that can be realized similar functions realizes that the present embodiment is not specifically limited herein.
Step S202, the access log of the visitor is recorded, the visitor that the access log includes at least the visitor marks Knowledge, visitor's IP address, site information and access behavioral data.
When visitor accesses website every time, it is both needed to the access log of record visitor.It, must be by visitor in record access log Identification record is in access log.
Wherein, access behavioral data may include: access source type, access and carry out origin url, and the facility information of visitor is visited Ask depth, the access information such as duration and access time.Wherein, access source type may include: direct access, search engine and External linkage etc..The facility information of visitor may include one or more of following information: device model, equipment brand, OS Type, operating system version number, browser type etc..It is clear in a navigation process that access depth can be user The number of pages for the website look at.Access log can also include other access behavioral datas, and the present embodiment is not specifically limited herein.
In addition, access log can also include the other information of visitor, such as regional information etc..
Illustratively, as a kind of possible implementation, the process of above-mentioned steps S201-S202 collector journal can be by Special data collection facility is realized, such as the collection of access log can be completed by big data platform.
Step S203, according to the site information in the access log, using default hash rule, by the access log Store corresponding data area.
In the present embodiment, the access log dispersion of each website is stored in multiple data areas.The access of same website Log is stored in the same data area, can store the access log of one or more website in a data area.
Optionally, after each record access log, can in real time according to the site information of current accessed log and Default hash rule, by current access log hash to corresponding data area.
Optionally, if the process of above-mentioned steps S201-S202 collector journal can by special data collection facility Lai It realizes, in the step, a large amount of access log, and unified root can be obtained from data collection facility by data statistics platform is unified According to the site information in each access log, using default hash rule, by each access log hash to multiple and different numbers According in region.
Wherein, presetting hash rule can be realized using any one hashing algorithm in the prior art, or can also be by Technical staff sets with experience according to actual needs, and the present embodiment is not specifically limited herein.
In the present embodiment, the different data areas for storing access log be can be logically or physical space The division of upper progress.For example, different data areas can be different database, or it is different storage equipment.
Step S204, it is sampled from multiple data areas for storing access log and determines at least one target area.
In the present embodiment, the access log dispersion of each website is stored in multiple data areas.It is carrying out at anti-brush amount When reason, it can determine that wherein at least one data area as target area, leads to by the method for sampling from multiple data areas It crosses and the data analysis that the access log in target area carries out is determined there are visitor's IP address of brush amount behavior, can obtain in this way To calculation amount is reduced, the recognition efficiency of brush amount IP address is improved.
Illustratively, when determining target area, random sampling algorithms can be used, are determined at least from multiple data areas One target area.
In general, there are problems that the website of brush amount is visited relative to there is no the data volume of the sites accessing data of brush amount problem Ask that the data volume of data can be much larger, according to the size of the data volume of each website, can go out with preliminary screening has brush amount Abnormal website, when choosing target area, can preferentially select to be stored with the data area of abnormal sites accessing data as Target area is conducive to the brush amount IP address for being found to have brush amount behavior.
It illustratively, can also be according to the data of each website stored in each data area when determining target area Amount determines in each data area and is greater than preset data amount threshold value with the presence or absence of the data volume of a certain website;Filter out that there are certain The data volume of one website is greater than the data area alternately region of preset data amount threshold value, then using alternative area whole as Target area, or at least one is chosen as target area from alternative area.
Step S205, it is accessed behavior based on visitor's IP address to the access log at least one described target area Analysis processing, determines brush amount IP address.
Optionally, in the step, the access day in nearest preset duration can be regularly obtained out of described target area Will;Based on visitor's IP address to the access log in the nearest preset duration access behavioural analysis processing, determine brush amount IP address, and subsequent step S206-S207 is executed, to identify the brush amount IP address and brush amount use with brush amount behavior in real time Family mark, and screening filtering processing is carried out for brush amount IP address and brush amount user identifier.
Wherein, nearest preset duration can be away from a modern nearest history duration, such as past 1 hour or mistake The several hours gone, nearest preset duration can be set according to actual needs by technical staff, and the present embodiment is not done herein It is specific to limit.
In the present embodiment, a kind of possible embodiment of the step are as follows:
According to the access log at least one described target area, the website quantity of each visitor's IP address access is calculated With average single reference duration;According to the website quantity of each visitor's IP address access and average single reference duration, calculate every The integrated risk weight of a visitor's IP address;If the integrated risk weight of a certain visitor's IP address is greater than default weight threshold, Determine that visitor's IP address is brush amount IP address.
Wherein, default weight threshold can be set with experience according to actual needs by technical staff, the present embodiment this Place is not specifically limited.
Further, it according to the website quantity of each visitor's IP address access and average single reference duration, calculates each The integrated risk weight of visitor's IP address, can specifically realize in the following way:
According to the website quantity of each visitor's IP address access and average single reference duration, website quantity corresponding first Default weight and the corresponding second default weight of average single access duration, using following formula, with calculating each visitor IP The integrated risk weight of location:
The default weight of the default weight of integrated risk weight=the first × website quantity+the second/average single accesses duration.
Wherein, the described first default weight is greater than the described second default weight, the first default weight and the second default weight Value can be set according to actual needs with experience by technical staff, the present embodiment is not specifically limited herein.
Further, it in the website quantity accessed according to each visitor's IP address and average single reference duration, calculates every Before the integrated risk weight of a visitor's IP address, depth and longest first can also be accessed according to the maximum single of visitor's IP address Single reference duration filters out risk IP address, and the risk IP address refers to that maximum single access depth is less than first threshold, Or longest single reference duration is less than visitor's IP address of second threshold.Then, the risk IP address is executed to calculate and is visited The step of integrated risk weight of objective IP address and subsequent step: according to the website quantity of each risk IP address access and averagely Single reference duration calculates the integrated risk weight of each risk IP address;If the integrated risk weight of a certain risk IP address Greater than default weight threshold, it is determined that the risk IP address is brush amount IP address.In this manner it is achieved that calculating visitor's IP address Integrated risk weight before, filtered out in advance there may be the risk IP address of brush amount behavior, only risk IP address carried out The calculating of integrated risk weight reduces calculation amount, improves the efficiency of brush amount IP address identification.
Wherein, first threshold and second threshold can be set with experience according to actual needs by technical staff, this reality Example is applied to be not specifically limited herein.For example, first threshold can be 2, second threshold can be 5 seconds.
In another embodiment of the step, visited in the website quantity and average single accessed according to each visitor's IP address Ask duration, it, can also be first according to the website of visitor's IP address access before the integrated risk weight for calculating each visitor's IP address Quantity and longest single reference duration, filter out risk IP address, and the risk IP address refers to that the website quantity of access is greater than The visitor's IP address of third threshold value or longest single reference duration less than the 4th threshold value.Then, the risk IP address is held Row calculates the step of integrated risk weight of visitor's IP address and subsequent step: the website number accessed according to each risk IP address Amount and average single reference duration, calculate the integrated risk weight of each risk IP address;If the synthesis of a certain risk IP address Risk rated ratio is greater than default weight threshold, it is determined that the risk IP address is brush amount IP address.In this manner it is achieved that being visited calculating It before the integrated risk weight of objective IP address, is filtered out in advance there may be the risk IP address of brush amount behavior, only to risk IP Address carries out the calculating of integrated risk weight, reduces calculation amount, improves the efficiency of brush amount IP address identification.Wherein, third threshold value It can be set according to actual needs with experience by technical staff with the 4th threshold value, the present embodiment is not specifically limited herein. For example, third threshold value can be 7, the 4th threshold value can be 5 seconds.
Further, the website quantity and longest single reference duration accessed according to visitor's IP address, filters out risk IP It, can also be further according to the maximum single of visitor's IP address for not being visitor's IP address of risk IP address after address Depth is accessed to determine whether visitor's IP address is brush amount IP address.
Specifically, determining the maximum of each visitor's IP address according to the access log at least one described target area Single reference depth;If the maximum single access depth of a certain visitor's IP address is less than default access depth threshold, it is determined that should Visitor's IP address is brush amount IP address.
Wherein, presetting access depth threshold can be set with experience according to actual needs by technical staff, this implementation Example is not specifically limited herein.
Step S206, the corresponding guest identification of the brush amount IP address is determined as brush amount user identifier, visitor's mark Know and is used for one visitor of unique identification.
Wherein, the corresponding guest identification of brush amount IP address refers to the visit that any one website was accessed using brush amount IP address The guest identification of visitor.
After determining brush amount IP address, the corresponding guest identification of brush amount IP address can be further determined that, and brush is measured The corresponding guest identification of IP address is as the brush amount user identifier with the behavior of brush amount.
Optionally, before this step, the corresponding relationship between visitor's IP address and guest identification can be pre-established.It visits The corresponding guest identification of objective IP address refers to the guest identification that the visitor of any one website was accessed using visitor's IP address, Each visitor's IP address can correspond to one or more guest identification.
Step S207, screening filtering processing is carried out to the brush amount IP address and the brush amount user identifier.
In the present embodiment, after identifying brush amount IP address and brush amount user identifier, can also to brush amount IP address and Brush amount user identifier carries out screening filtering processing.
Optionally, the access log comprising the brush amount IP address and/or the brush amount user identifier can be filtered out, When so that the amount of accessing counting, the access log no longer generated to brush amount behavior is counted, and realizes anti-brush amount.
Optionally, can also in record access log, according to the visitor's IP address and guest identification in access request, if Determine that current visitor's IP address is brush amount IP address or current guest identification is brush amount user identifier, then no longer minute book Secondary access log, or this access log is labeled as masked state, the subsequent amount of accessing will be no longer to this when counting Access log is counted.
The present embodiment is being prevented by the way that the access log dispersion of each website is stored in multiple data areas in advance When the processing of brush amount, is sampled from multiple data areas for storing access log and determine at least one target area;Based on visit Objective IP address to the access log at least one described target area access behavioural analysis processing, with determining brush amount IP Location improves the recognition efficiency of brush amount IP address;By pre-generating the guest identification for one visitor of unique identification, by institute It states the corresponding guest identification of brush amount IP address and is determined as brush amount user identifier, there is the brush amount behavior for forging access request determining Visitor's IP address after, further determine that with forge access request brush amount behavior brush amount user identifier, so as to standard It really identifies the brush amount behavior for forging access request, improves the precision of the identification of brush amount behavior;It further, can be real-time Ground carries out screening filtering processing to brush amount IP address and the brush amount user identifier, can effectively prevent malicious data brush amount row For.
The application 3rd embodiment provides a kind of anti-brush amount device.Fig. 3 is the anti-brush according to the application 3rd embodiment Measure the structural schematic diagram of device.As shown in figure 3, the anti-brush amount device 30 includes: data sampling module 301 and real-time screening module 302。
Specifically, data sampling module 301 is used to sample from multiple data areas for storing access log and determine At least one target area.
Real-time screening module 302 be used for based on visitor's IP address to the access log at least one described target area into Row access row is analysis processing, determines brush amount IP address.
The real-time screening module 302 is also used to: the corresponding guest identification of the brush amount IP address being determined as brush amount and is used Family mark, the guest identification are used for one visitor of unique identification.
Device provided by the embodiments of the present application can be specifically used for executing the implementation of method provided by above-mentioned first embodiment Example, details are not described herein again for concrete function.
The present embodiment is being prevented by the way that the access log dispersion of each website is stored in multiple data areas in advance When the processing of brush amount, is sampled from multiple data areas for storing access log and determine at least one target area;Based on visit Objective IP address to the access log at least one described target area access behavioural analysis processing, with determining brush amount IP Location improves the recognition efficiency of brush amount IP address;By pre-generating the guest identification for one visitor of unique identification, by institute It states the corresponding guest identification of brush amount IP address and is determined as brush amount user identifier, there is the brush amount behavior for forging access request determining Visitor's IP address after, further determine that with forge access request brush amount behavior brush amount user identifier, so as to standard It really identifies the brush amount behavior for forging access request, improves the precision of the identification of brush amount behavior;It further, can be real-time Ground carries out screening filtering processing to brush amount IP address and the brush amount user identifier, can effectively prevent malicious data brush amount row For.
The application fourth embodiment provides a kind of anti-brush amount device.Fig. 4 is provided according to the application fourth embodiment The structural schematic diagram of anti-brush amount device.On the basis of above-mentioned 3rd embodiment, in the present embodiment, as shown in figure 4, anti-brush amount fills Set 30 further include: screening filtering module 303.
Specifically, screening filtering module 303 is used for: being shielded to the brush amount IP address and the brush amount user identifier Filtration treatment.
Optionally, as shown in figure 4, anti-brush amount device 30 can also include: log collection module 304.
Log collection module 304 is used for:
The visitor is generated according to the facility information and cookie information of the visitor in response to the access request of visitor Guest identification;The access log of the visitor is recorded, the access log includes at least the guest identification of the visitor, visitor IP address, site information and access behavioral data.
Optionally, as shown in figure 4, anti-brush amount device 30 can also include: data memory module 305.
Data memory module 305 is used for:
The access log is stored to right using default hash rule according to the site information in the access log The data area answered.
Optionally, real-time screening module is also used to:
According to the access log at least one described target area, the website quantity of each visitor's IP address access is calculated With average single reference duration;According to the website quantity of each visitor's IP address access and average single reference duration, calculate every The integrated risk weight of a visitor's IP address;If the integrated risk weight of a certain visitor's IP address is greater than default weight threshold, Determine that visitor's IP address is brush amount IP address.
Optionally, real-time screening module is also used to:
Depth and longest single reference duration are accessed according to the maximum single of visitor's IP address, filters out risk IP address, The risk IP address refers to that maximum single access depth is less than first threshold or longest single reference duration less than the second threshold Visitor's IP address of value;The step of integrated risk weight for calculating visitor's IP address is executed to the risk IP address.
Optionally, real-time screening module is also used to:
According to the website quantity of each visitor's IP address access and average single reference duration, website quantity corresponding first Default weight and the corresponding second default weight of average single access duration, with calculating each visitor IP in the following way The integrated risk weight of location:
The default weight of the default weight of integrated risk weight=the first × website quantity+the second/average single accesses duration;Its Described in the first default weight be greater than the described second default weight.
Optionally, screening filtering module 303 is also used to:
Access log comprising the brush amount IP address and/or the brush amount user identifier is filtered out.
Optionally, real-time screening module is also used to:
The access log in nearest preset duration is regularly obtained out of described target area;Based on visitor's IP address to institute State the access log in nearest preset duration access behavioural analysis processing, determine brush amount IP address.
Device provided in this embodiment can be specifically used for executing embodiment of the method provided by above-mentioned second embodiment, tool Details are not described herein again for body function.
The present embodiment is being prevented by the way that the access log dispersion of each website is stored in multiple data areas in advance When the processing of brush amount, is sampled from multiple data areas for storing access log and determine at least one target area;Based on visit Objective IP address to the access log at least one described target area access behavioural analysis processing, with determining brush amount IP Location improves the recognition efficiency of brush amount IP address;By pre-generating the guest identification for one visitor of unique identification, by institute It states the corresponding guest identification of brush amount IP address and is determined as brush amount user identifier, there is the brush amount behavior for forging access request determining Visitor's IP address after, further determine that with forge access request brush amount behavior brush amount user identifier, so as to standard It really identifies the brush amount behavior for forging access request, improves the precision of the identification of brush amount behavior;It further, can be real-time Ground carries out screening filtering processing to brush amount IP address and the brush amount user identifier, can effectively prevent malicious data brush amount row For.
According to an embodiment of the present application, present invention also provides a kind of electronic equipment and a kind of readable storage medium storing program for executing.
As shown in figure 5, being the block diagram according to the electronic equipment of the method for the anti-brush amount of the embodiment of the present application.Electronic equipment purport Indicating various forms of digital computers, such as, laptop computer, desktop computer, workbench, personal digital assistant, Server, blade server, mainframe computer and other suitable computer.Electronic equipment also may indicate that various forms Mobile device, such as, personal digital assistant, cellular phone, smart phone, wearable device and other similar calculating dresses It sets.Component, their connection and relationship shown in this article and their function are merely exemplary, and are not intended to limit The realization of described herein and/or requirement the application.
As shown in figure 5, the electronic equipment includes: one or more processors Y01, memory Y02, and each for connecting The interface of component, including high-speed interface and low-speed interface.All parts are interconnected using different buses, and can be pacified It installs in other ways on public mainboard or as needed.Processor can to the instruction executed in electronic equipment into Row processing, including storage in memory or on memory (such as, to be coupled to interface in external input/output device Display equipment) on show GUI graphical information instruction.In other embodiments, if desired, can be by multiple processors And/or multiple bus is used together with multiple memories with multiple memories.It is also possible to multiple electronic equipments are connected, it is each Equipment provides the necessary operation in part (for example, as server array, one group of blade server or multiprocessor system System).In Fig. 5 by taking a processor Y01 as an example.
Memory Y02 is non-transitory computer-readable storage medium provided herein.Wherein, the memory is deposited The instruction that can be executed by least one processor is contained, so that at least one described processor executes anti-brush provided herein The method of amount.The non-transitory computer-readable storage medium of the application stores computer instruction, and the computer instruction is based on making The method that calculation machine executes anti-brush amount provided herein.
Memory Y02 can be used for storing non-instantaneous software program, non-as a kind of non-transitory computer-readable storage medium Instantaneous computer executable program and module, such as the corresponding program instruction/mould of method of the anti-brush amount in the embodiment of the present application Block is (for example, attached data sampling module shown in Fig. 4 301, real-time screening module 302, screening filtering module 303, log collection mould Block 304 and data memory module 305).Processor Y01 is by running the non-instantaneous software program being stored in memory Y02, referring to It enables and module is realized in above method embodiment thereby executing the various function application and data processing of server The method of anti-brush amount.
Memory Y02 may include storing program area and storage data area, wherein storing program area can store operation system Application program required for system, at least one function;Storage data area can store the use institute according to the electronic equipment of anti-brush amount The data etc. of creation.In addition, memory Y02 may include high-speed random access memory, it can also include non-transitory memory, A for example, at least disk memory, flush memory device or other non-instantaneous solid-state memories.In some embodiments, it deposits Reservoir Y02 optional includes the memory remotely located relative to processor Y01, these remote memories can pass through network connection To the electronic equipment of anti-brush amount.The example of above-mentioned network includes but is not limited to internet, intranet, local area network, moves and lead to Letter net and combinations thereof.
The electronic equipment of anti-brush amount can also include: input unit Y03 and output device Y04.Processor Y01, memory Y02, input unit Y03 and output device Y04 can be connected by bus or other modes, to be connected by bus in Fig. 5 For.
Input unit Y03 can receive the number or character information of input, and generate the use with the electronic equipment of anti-brush amount Family setting and the related key signals input of function control, such as touch screen, keypad, mouse, track pad, touch tablet, instruction The input units such as bar, one or more mouse button, trace ball, control stick.Output device Y04 may include display equipment, Auxiliary lighting apparatus (for example, LED) and haptic feedback devices (for example, vibrating motor) etc..The display equipment may include but not It is limited to, liquid crystal display (LCD), light emitting diode (LED) display and plasma scope.In some embodiments, Display equipment can be touch screen.
The various embodiments of system and technology described herein can be in digital electronic circuitry, integrated circuit system It is realized in system, dedicated ASIC (specific integrated circuit), computer hardware, firmware, software, and/or their combination.These are various Embodiment may include: to implement in one or more computer program, which can be It executes and/or explains in programmable system containing at least one programmable processor, which can be dedicated Or general purpose programmable processors, number can be received from storage system, at least one input unit and at least one output device According to and instruction, and data and instruction is transmitted to the storage system, at least one input unit and this at least one output Device.
These calculation procedures (also referred to as program, software, software application or code) include the machine of programmable processor Instruction, and can use programming language, and/or the compilation/machine language of level process and/or object-oriented to implement these Calculation procedure.As used herein, term " machine readable media " and " computer-readable medium " are referred to for referring to machine It enables and/or data is supplied to any computer program product, equipment, and/or the device of programmable processor (for example, disk, light Disk, memory, programmable logic device (PLD)), including, receive the machine readable of the machine instruction as machine-readable signal Medium.Term " machine-readable signal " is referred to for machine instruction and/or data to be supplied to any of programmable processor Signal.
In order to provide the interaction with user, system and technology described herein, the computer can be implemented on computers The display device for showing information to user is included (for example, CRT (cathode-ray tube) or LCD (liquid crystal display) monitoring Device);And keyboard and indicator device (for example, mouse or trace ball), user can by the keyboard and the indicator device come Provide input to computer.The device of other types can be also used for providing the interaction with user;For example, being supplied to user's Feedback may be any type of sensory feedback (for example, visual feedback, audio feedback or touch feedback);And it can use Any form (including vocal input, voice input or tactile input) receives input from the user.
System described herein and technology can be implemented including the computing system of background component (for example, as data Server) or the computing system (for example, application server) including middleware component or the calculating including front end component System is (for example, the subscriber computer with graphic user interface or web browser, user can pass through graphical user circle Face or the web browser to interact with the embodiment of system described herein and technology) or including this backstage portion In any combination of computing system of part, middleware component or front end component.Any form or the number of medium can be passed through Digital data communicates (for example, communication network) and is connected with each other the component of system.The example of communication network includes: local area network (LAN), wide area network (WAN) and internet.
Computer system may include client and server.Client and server is generally off-site from each other and usually logical Communication network is crossed to interact.By being run on corresponding computer and each other with the meter of client-server relation Calculation machine program generates the relationship of client and server.
It is multiple by being in advance stored in the access log dispersion of each website according to the technical solution of the embodiment of the present application In data area, when carrying out the processing of anti-brush amount, samples and determined at least from multiple data areas for storing access log One target area;It is accessed behavioural analysis based on visitor's IP address to the access log at least one described target area Processing, determines brush amount IP address, improves the recognition efficiency of brush amount IP address;Unique identification one visit is used for by pre-generating The guest identification of visitor, is determined as brush amount user identifier for the corresponding guest identification of the brush amount IP address, forges determining to have After visitor's IP address of the brush amount behavior of access request, further determine that the brush amount with the brush amount behavior for forging access request is used Family mark improves the precision of the identification of brush amount behavior so as to which the brush amount behavior for forging access request is recognized accurately; Further, screening filtering processing can be carried out to brush amount IP address and the brush amount user identifier in real time, can effectively prevented Only malicious data brush amount behavior.
It should be understood that various forms of processes illustrated above can be used, rearrangement increases or deletes step.Example Such as, each step recorded in the application of this hair can be performed in parallel or be sequentially performed the order that can also be different and execute, As long as it is desired as a result, being not limited herein to can be realized technical solution disclosed in the present application.
Above-mentioned specific embodiment does not constitute the limitation to the application protection scope.Those skilled in the art should be bright White, according to design requirement and other factors, various modifications can be carried out, combination, sub-portfolio and substitution.It is any in the application Spirit and principle within made modifications, equivalent substitutions and improvements etc., should be included within the application protection scope.

Claims (16)

1. a kind of anti-brush amount method characterized by comprising
It is sampled from multiple data areas for storing access log and determines at least one target area;
Based on visitor's IP address to the access log at least one described target area access behavioural analysis processing, determine Brush amount IP address;
The corresponding guest identification of the brush amount IP address is determined as brush amount user identifier, the guest identification is used for unique identification One visitor.
2. the method according to claim 1, wherein described that the corresponding guest identification of the brush amount IP address is true It is set to after brush amount user identifier, further includes:
Screening filtering processing is carried out to the brush amount IP address and the brush amount user identifier.
3. the method according to claim 1, wherein multiple data areas from for storing access log Middle sampling determines before at least one target area, further includes:
The visit of the visitor is generated according to the facility information and cookie information of the visitor in response to the access request of visitor Visitor's mark;
Record the access log of the visitor, the access log include at least the guest identification of the visitor, visitor's IP address, Site information and access behavioral data.
4. according to the method described in claim 3, it is characterized in that, also being wrapped after the access log for recording the visitor It includes:
The access log is stored to corresponding using default hash rule according to the site information in the access log Data area.
5. the method according to claim 1, wherein the visitor's IP address that is based on is at least one described target Access log in region access behavioural analysis processing, determine brush amount IP address, comprising:
According to the access log at least one described target area, the website quantity peace of each visitor's IP address access is calculated Equal single reference duration;
According to the website quantity of each visitor's IP address access and average single reference duration, the comprehensive of each visitor's IP address is calculated Close Risk rated ratio;
If the integrated risk weight of a certain visitor's IP address is greater than default weight threshold, it is determined that visitor's IP address is brush amount IP Address.
6. according to the method described in claim 5, it is characterized in that, the website quantity accessed according to each visitor's IP address With average single reference duration, the integrated risk weight of each visitor's IP address is calculated, comprising:
It is preset according to the website quantity of each visitor's IP address access with average single reference duration, website quantity corresponding first Weight and the corresponding second default weight of average single access duration, calculate each visitor's IP address in the following way Integrated risk weight:
The default weight of the default weight of integrated risk weight=the first × website quantity+the second/average single accesses duration;Wherein institute The first default weight is stated greater than the described second default weight.
7. method according to claim 5 or 6, which is characterized in that the website accessed according to each visitor's IP address Quantity is with average single reference duration, before the integrated risk weight for calculating each visitor's IP address, further includes:
Depth and longest single reference duration are accessed according to the maximum single of visitor's IP address, filters out risk IP address, it is described Risk IP address refers to that maximum single access depth is less than first threshold or longest single reference duration is less than second threshold Visitor's IP address;
The step of integrated risk weight for calculating visitor's IP address is executed to the risk IP address.
8. according to the method described in claim 2, it is characterized in that, described mark the brush amount IP address and the brush amount user Know and carry out screening filtering processing, comprising:
Access log comprising the brush amount IP address and/or the brush amount user identifier is filtered out.
9. the method according to claim 1, wherein the visitor's IP address that is based on is at least one described target Access log in region access behavioural analysis processing, determine brush amount IP address, comprising:
The access log in nearest preset duration is regularly obtained out of described target area;
Based on visitor's IP address to the access log in the nearest preset duration access behavioural analysis processing, determine brush amount IP address.
10. a kind of anti-brush amount device characterized by comprising
Data sampling module determines at least one target area for sampling from multiple data areas for storing access log Domain;
Real-time screening module, for being accessed based on visitor's IP address to the access log at least one described target area Behavioural analysis processing, determines brush amount IP address;
The real-time screening module is also used to: the corresponding guest identification of the brush amount IP address is determined as brush amount user identifier, The guest identification is used for one visitor of unique identification.
11. device according to claim 10, which is characterized in that described device further include: screening filtering module, the screen Filtering module is covered to be used for:
Screening filtering processing is carried out to the brush amount IP address and the brush amount user identifier.
12. device according to claim 10, which is characterized in that described device further include: log collection module, the day Will collection module is used for:
The visit of the visitor is generated according to the facility information and cookie information of the visitor in response to the access request of visitor Visitor's mark;
Record the access log of the visitor, the access log include at least the guest identification of the visitor, visitor's IP address, Site information and access behavioral data.
13. device according to claim 12, which is characterized in that described device further include: data memory module, the number It is used for according to memory module:
The access log is stored to corresponding using default hash rule according to the site information in the access log Data area.
14. a kind of electronic equipment characterized by comprising
At least one processor;And
The memory being connect at least one described processor communication;Wherein,
The memory is stored with the instruction that can be executed by least one described processor, and described instruction is by described at least one It manages device to execute, so that at least one described processor is able to carry out method of any of claims 1-9.
15. a kind of non-transitory computer-readable storage medium for being stored with computer instruction, which is characterized in that the computer refers to It enables for making the computer perform claim require method described in any one of 1-9.
16. a kind of anti-brush amount method characterized by comprising
Based on visitor's IP address to the access log at least one data area access behavioural analysis processing, determine brush amount IP address;
The corresponding guest identification of the brush amount IP address is determined as brush amount user identifier, the guest identification is used for unique identification One visitor.
CN201910791649.2A 2019-08-26 2019-08-26 Anti-swipe method, device, apparatus, and computer-readable storage medium Active CN110519263B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910791649.2A CN110519263B (en) 2019-08-26 2019-08-26 Anti-swipe method, device, apparatus, and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910791649.2A CN110519263B (en) 2019-08-26 2019-08-26 Anti-swipe method, device, apparatus, and computer-readable storage medium

Publications (2)

Publication Number Publication Date
CN110519263A true CN110519263A (en) 2019-11-29
CN110519263B CN110519263B (en) 2022-05-17

Family

ID=68627896

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910791649.2A Active CN110519263B (en) 2019-08-26 2019-08-26 Anti-swipe method, device, apparatus, and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN110519263B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995686A (en) * 2021-02-03 2021-06-18 上海哔哩哔哩科技有限公司 Data processing method, live broadcast method, authentication server and live broadcast data server
CN113117338A (en) * 2021-05-08 2021-07-16 上海益世界信息技术集团有限公司广州分公司 Game cheating user identification method and device
CN114466214A (en) * 2022-02-09 2022-05-10 上海哔哩哔哩科技有限公司 Method and device for counting people in live broadcast room
CN114650239A (en) * 2022-03-23 2022-06-21 腾讯音乐娱乐科技(深圳)有限公司 Data brushing amount identification method, storage medium and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120151581A1 (en) * 2010-12-09 2012-06-14 Electronics And Telecommunications Research Institute Method and system for information property management
CN106998262A (en) * 2016-10-10 2017-08-01 深圳汇网天下科技有限公司 A kind of System and method for for recognizing Internet user
CN107578263A (en) * 2017-07-21 2018-01-12 北京奇艺世纪科技有限公司 A kind of detection method, device and the electronic equipment of advertisement abnormal access
CN108076500A (en) * 2017-12-13 2018-05-25 北京小米移动软件有限公司 The method, apparatus and computer readable storage medium of local area network management

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120151581A1 (en) * 2010-12-09 2012-06-14 Electronics And Telecommunications Research Institute Method and system for information property management
CN106998262A (en) * 2016-10-10 2017-08-01 深圳汇网天下科技有限公司 A kind of System and method for for recognizing Internet user
CN107578263A (en) * 2017-07-21 2018-01-12 北京奇艺世纪科技有限公司 A kind of detection method, device and the electronic equipment of advertisement abnormal access
CN108076500A (en) * 2017-12-13 2018-05-25 北京小米移动软件有限公司 The method, apparatus and computer readable storage medium of local area network management

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995686A (en) * 2021-02-03 2021-06-18 上海哔哩哔哩科技有限公司 Data processing method, live broadcast method, authentication server and live broadcast data server
CN112995686B (en) * 2021-02-03 2022-04-19 上海哔哩哔哩科技有限公司 Data processing method, live broadcast method, authentication server and live broadcast data server
CN113117338A (en) * 2021-05-08 2021-07-16 上海益世界信息技术集团有限公司广州分公司 Game cheating user identification method and device
CN114466214A (en) * 2022-02-09 2022-05-10 上海哔哩哔哩科技有限公司 Method and device for counting people in live broadcast room
CN114466214B (en) * 2022-02-09 2023-05-02 上海哔哩哔哩科技有限公司 Live broadcasting room people counting method and device
CN114650239A (en) * 2022-03-23 2022-06-21 腾讯音乐娱乐科技(深圳)有限公司 Data brushing amount identification method, storage medium and electronic equipment
CN114650239B (en) * 2022-03-23 2024-02-23 腾讯音乐娱乐科技(深圳)有限公司 Data brushing amount identification method, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN110519263B (en) 2022-05-17

Similar Documents

Publication Publication Date Title
CN108363602B (en) Intelligent UI (user interface) layout method and device, terminal equipment and storage medium
CN110519263A (en) Anti- brush amount method, apparatus, equipment and computer readable storage medium
US10038736B2 (en) Real user monitoring of single-page applications
Heymann et al. Turkalytics: analytics for human computation
CN104601408B (en) Website data statistics and analysis method and system for non-open network environment
CN106227832A (en) The Internet big data technique framework application process in operational analysis in enterprise
CN106021079A (en) A Web application performance testing method based on a user frequent access sequence model
CN102831218B (en) Method and device for determining data in thermodynamic chart
CN109739725A (en) Monitoring method, device and system based on browser and storage medium
CN107578263A (en) A kind of detection method, device and the electronic equipment of advertisement abnormal access
WO2014206131A1 (en) Method and apparatus for report generation
US20170237635A1 (en) Processing and visualization of single-page application performance metrics
CN104111836A (en) Method for collecting and processing asynchronous loading data by network
CN104778185A (en) Determination method for abnormal SQL (structured query language) statement and server
CN102298617A (en) Method for obtaining target page and equipment
CN111028087A (en) Information display method, device and equipment
CN112956157A (en) System and method for tracking client device events
CN110400080A (en) Examination data monitoring method, device, computer equipment and storage medium
CN111158926B (en) Service request analysis method, device and equipment
CN109408502A (en) A kind of data standard processing method, device and its storage medium
CN110309463A (en) Land page optimization method, device, computer storage medium and the network equipment
CN103595747A (en) User-information recommending method and system
CN112835779A (en) Test case determination method and device and computer equipment
CN113835965B (en) Parameter track mark-keeping method and device
CN116302889A (en) Performance test method and device for functional module and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant