CN110677390A - Abnormal account identification method and device, electronic equipment and storage medium - Google Patents

Abnormal account identification method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN110677390A
CN110677390A CN201910854854.9A CN201910854854A CN110677390A CN 110677390 A CN110677390 A CN 110677390A CN 201910854854 A CN201910854854 A CN 201910854854A CN 110677390 A CN110677390 A CN 110677390A
Authority
CN
China
Prior art keywords
login
account
gesture
candidate
time period
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910854854.9A
Other languages
Chinese (zh)
Other versions
CN110677390B (en
Inventor
朱国胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Property and Casualty Insurance Company of China Ltd
Original Assignee
Ping An Property and Casualty Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Property and Casualty Insurance Company of China Ltd filed Critical Ping An Property and Casualty Insurance Company of China Ltd
Priority to CN201910854854.9A priority Critical patent/CN110677390B/en
Publication of CN110677390A publication Critical patent/CN110677390A/en
Application granted granted Critical
Publication of CN110677390B publication Critical patent/CN110677390B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Abstract

The embodiment of the invention discloses a method, a device, electronic equipment and a storage medium for identifying an abnormal account, which relate to the field of data analysis, and the method comprises the following steps: sending a verification request to the determined candidate account, wherein the verification request comprises a gesture name; receiving the biological characteristic information of each candidate login account and photographing according to the gesture of the gesture name; comparing the received biological characteristic information with the biological characteristic information registered when the candidate login account is registered; if the comparison is consistent, recognizing a gesture from the gesture photo, determining whether the recognized gesture corresponds to the gesture name, if the received biological characteristic information is inconsistent with the biological characteristic information registered when the candidate login account is registered, or the recognized gesture does not correspond to the gesture name, determining that the candidate login account is an abnormal account. According to the technical scheme of the embodiment of the invention, the accuracy of abnormal account identification is improved.

Description

Abnormal account identification method and device, electronic equipment and storage medium
Technical Field
The invention relates to the field of data analysis, in particular to a method and a device for identifying an abnormal account, electronic equipment and a storage medium.
Background
With the continuous development of internet technology, a large number of people who seek benefits by attacking various websites, APP servers and the like exist on the internet, the people often frequently perform multi-account operation in a very short time under the limited equipment condition through a group control platform so as to dominate a large amount of activity rewards during the period of various websites and APPs releasing various reward activities, and further real users of various websites and APPs are difficult to obtain rewards of related activities, and traditional verification modes such as verification codes and voiceprints are easily attacked by the people by adopting technical means.
Therefore, how to identify the account number held by the person is an urgent problem to be solved, so as to reduce the loss caused by the person.
Disclosure of Invention
The embodiment of the invention aims to provide a method and a device for identifying an abnormal account, a computer readable medium and electronic equipment, so that the problem of low accuracy rate of identification of the abnormal account in the prior art can be solved at least to a certain extent.
According to a first aspect of the present invention, there is provided a method for identifying an abnormal account, including: acquiring a user login record in a first preset time period, wherein the login record comprises a login account and a login equipment identifier aiming at one-time login behaviors; determining the number of login accounts of login equipment corresponding to the login equipment identification in the preset time period aiming at each login equipment identification based on the user login record in the preset time period; if the number of login accounts of the login device corresponding to the login device identifier in the preset time period is larger than the threshold value of the number of preset login accounts aiming at one login device identifier, taking the login account of the login device corresponding to the login device identifier in the preset time period as a candidate login account; sending a verification request to each candidate login account, wherein the verification request comprises a gesture name; receiving the biological characteristic information of each candidate login account and photographing according to the gesture of the gesture name; comparing the received biological characteristic information with the biological characteristic information registered when the candidate login account is registered; if the comparison is consistent, recognizing a gesture from the gesture photo, and determining whether the recognized gesture corresponds to the gesture name; and if the received biological characteristic information is inconsistent with the biological characteristic information registered during the registration of the candidate login account, or the recognized gesture is not corresponding to the gesture name, determining that the candidate login account is an abnormal account.
In an embodiment, based on the user login record in the first predetermined time period, for each login device identifier, determining the number of login accounts for logging in the login device corresponding to the login device identifier in the first predetermined time period includes: aiming at each login equipment identifier, obtaining a user login record with the login equipment identifier from the user login records in the preset time period; and determining the number of login equipment identifications contained in the acquired user login record.
In an embodiment, before the sending an authentication request to each candidate login account, the authentication request includes a gesture name, the method further includes: randomly extracting a gesture from a preset gesture set; and randomly extracting a name corresponding to a gesture from a preset gesture set to serve as the gesture name included in the verification request.
In an embodiment, after the sending a verification request to each candidate login account, the verification request includes a gesture name, the method further includes: and if the biological characteristic information sent by the candidate login account and the gesture photo according to the gesture name are not received in a second preset time period after the verification request is sent to the candidate login account, determining that the candidate login account is an abnormal account.
In an embodiment, if the received biometric information is inconsistent with the biometric information registered during registration of the candidate login account, or the recognized gesture does not correspond to the gesture name, determining that the candidate login account is an abnormal account further includes: and freezing the abnormal account and the login equipment corresponding to the abnormal account.
In an embodiment, after the abnormal account and the login device corresponding to the abnormal account are frozen, the method further includes: and if the thawing complaint request sent by the abnormal account is not received within a third preset time period, the abnormal account is logged out.
According to a second aspect of the present invention, there is provided an abnormal account number recognition apparatus, including: a first obtaining module: the system comprises a login server and a login server, wherein the login server is used for acquiring a user login record in a first preset time period, and the login record comprises a login account and a login equipment identifier aiming at one-time login behaviors; a first determination module: the login account number of the login equipment corresponding to the login equipment identification in the preset time period is determined for each login equipment identification based on the user login record in the preset time period; a second determination module: if the number of login accounts for logging in the login equipment corresponding to the login equipment identifier in the preset time period is larger than the threshold value of the number of preset login accounts, the login account for logging in the login equipment corresponding to the login equipment identifier in the preset time period is used as a candidate login account; a sending module: the system comprises a server and a server, wherein the server is used for sending a verification request to each candidate login account, and the verification request comprises a gesture name; a receiving module: the gesture photographing device is used for receiving the biological characteristic information of each candidate login account and photographing according to the gesture name; a comparison module: the system is used for comparing the received biological characteristic information with the biological characteristic information registered when the candidate login account is registered; a third determination module: if the comparison is consistent, recognizing a gesture from the gesture photo, and determining whether the recognized gesture corresponds to the gesture name; a fourth determination module: and if the received biological characteristic information is inconsistent with the registered biological characteristic information during the registration of the candidate login account, or the recognized gesture is not corresponding to the gesture name, determining that the candidate login account is an abnormal account.
According to a third aspect of the present invention, there is provided an electronic device for abnormal account identification, including: a memory configured to store executable instructions; a processor configured to execute executable instructions stored in the memory to perform the above described method.
According to a fourth aspect of the present invention there is provided a computer readable storage medium storing computer program instructions which, when executed by a computer, cause the computer to perform the method described above.
In some embodiments of the present invention, if the number of login accounts on the same login device is greater than a predetermined threshold, determining the login account on the same login device as a candidate login account, and sending an identity authentication request to the candidate login account, where the authentication request includes obtaining biometric information and gesture authentication information of a user corresponding to the candidate login account, and if the biometric information or gesture of the user sent by the candidate login account is inconsistent with the biometric information pre-stored in the database and the gesture in the sent authentication request, determining the candidate login account as an abnormal account. Therefore, the embodiment of the invention also adds random gesture verification while verifying the biological characteristic information; and the accuracy of identifying the abnormal account is improved.
Additional features and advantages of the invention will be set forth in the detailed description which follows, or may be learned by practice of the invention.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
Fig. 1 is a system architecture diagram illustrating a usage environment of an abnormal account identification method according to an exemplary embodiment of the present invention.
Fig. 2 is a flowchart illustrating an abnormal account identification method according to an exemplary embodiment of the present invention.
Fig. 3 is a detailed flowchart illustrating that, for each login device identifier, the login account number of the login device corresponding to the login device identifier is determined within the first predetermined time period based on the login record of the user within the first predetermined time period according to an example embodiment of the present invention.
FIG. 4 shows a flow diagram before sending an authentication request to each candidate login account, the authentication request including a gesture name, according to an example embodiment of the present invention.
FIG. 5 is a block diagram illustrating an abnormal account number recognition apparatus according to an exemplary embodiment of the present invention
Fig. 6 is a diagram of an electronic device for abnormal account identification according to an example embodiment of the present invention.
FIG. 7 illustrates a computer-readable storage medium diagram of abnormal account identification, according to an example embodiment of the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the invention.
Furthermore, the drawings are merely schematic illustrations of the invention and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
Fig. 1 is a structural diagram showing a usage environment of an abnormal account identification method according to an exemplary embodiment of the present invention: the use environment includes a login account 100, a login device 110, a server 120, and a database 130.
It should be understood that the number of login accounts, login devices, servers, and databases in fig. 1 is merely illustrative. There may be any number of login accounts, login devices, servers, and databases, as desired for an implementation. For example, the server 120 may be a server cluster composed of a plurality of servers, and the like.
In an embodiment, the server 120 obtains a user login record of the login account 100 logging in the server 120 through the login device 110 within a first preset time period from the server 140, the server 120 determines, for each login device 110, the number of login accounts 100 logging in the server 120 through the login device 110 within the first preset time period based on the user login record within the first preset time period, if the number of login accounts 100 logging in the server 120 through the login device 110 within the first preset time period is greater than a preset threshold, the login accounts 100 that pass through the login device 110 within the first preset time period are determined as candidate login accounts, the server sends an authentication request to the candidate login accounts, the authentication request includes a gesture name, the server 120 receives user biometric information sent by the candidate login accounts and takes a picture with the gesture, the server compares the user biometric information with biometric information corresponding to the candidate login account pre-stored in the database 140, if the user biometric information is consistent with the biometric information corresponding to the candidate login account, the gesture sent by the candidate login account is identified, whether the gesture sent by the candidate login account is consistent with a gesture name included in a pre-sent verification request is determined, if the received biometric information is inconsistent with the biometric information corresponding to the candidate login account in the pre-stored database, or the gesture sent by the candidate login account is inconsistent with the gesture name included in the pre-sent verification request, the server 120 determines the candidate login account as an abnormal account.
It should be noted that the data processing method provided by the embodiment of the present invention is generally executed by the server 120, and accordingly, the data processing apparatus is generally disposed in the server 120. However, in other embodiments of the present invention, the terminal may also have a similar function as the server, so as to execute the data processing scheme provided by the embodiments of the present invention.
Fig. 2 is a flowchart illustrating an abnormal account identification method according to an exemplary embodiment of the present invention, which may include the following steps:
step S200: acquiring a user login record in a first preset time period, wherein the login record comprises a login account and a login equipment identifier aiming at one-time login behaviors;
step S210: determining the number of login accounts of login equipment corresponding to the login equipment identification in the first preset time period aiming at each login equipment identification based on the user login record in the first preset time period;
step S220: if the number of login accounts of the login device corresponding to the login device identifier in the first preset time period is larger than a preset login account number threshold value aiming at one login device identifier, taking the login account of the login device corresponding to the login device identifier in the first preset time period as a candidate login account;
step S230: sending a verification request to each candidate login account, wherein the verification request comprises a gesture name;
step S240: receiving the biological characteristic information of each candidate login account and photographing according to the gesture of the gesture name;
step S250: comparing the received biological characteristic information with the biological characteristic information registered when the candidate login account is registered;
step S260: if the comparison is consistent, recognizing a gesture from the gesture photo, and determining whether the recognized gesture corresponds to the gesture name;
step S270: and if the received biological characteristic information is inconsistent with the biological characteristic information registered during the registration of the candidate login account, or the recognized gesture is not corresponding to the gesture name, determining that the candidate login account is an abnormal account.
Hereinafter, each step of the above-described abnormal account identification in the present exemplary embodiment will be explained and explained in detail with reference to the drawings.
In step S200: and acquiring a user login record in a first preset time period, wherein the login record comprises a login account and a login equipment identifier aiming at one-time login behavior.
In an embodiment of the present invention, the login device may be a mobile terminal or a PC terminal, and when the login device is a mobile phone, the corresponding login device identification can be the international mobile equipment identity code of the mobile phone, when the login device is a PC terminal, the corresponding login device identification may be the CPU serial number or the hard disk ID of the PC terminal, if the PC terminal has an independent display card, the PC terminal may also be an ID of the independent display card in the PC terminal, or an identifier formed by combining or generated by a certain rule based on one or more of a CPU serial number, a hard disk ID, an ID of the independent display card, and the like of the PC terminal, such as using a self-made specific algorithm (e.g. GUID or a certain number of random numbers) to generate a unique ID as the device identifier of the PC terminal, or the new ID formed by simply arranging the CPU serial number and the ID of the independent display card in sequence is used as the equipment identification of the PC terminal.
In an embodiment of the present invention, the predetermined time period is a preset statistical time period, for example, 1 day. Each time a user logs in, the system platform generates a login record comprising a login account number, a login equipment identifier, login starting time, login duration and the like, and the system platform automatically records and stores the login record in a database of the system platform.
In an embodiment of the invention, after the bonus event is ended and before the bonus event is received, a user login record during the holding period of the bonus event is obtained, wherein the login record comprises a user login account and a CPU serial number of a login device aiming at sequential login behaviors.
Continuing with FIG. 2, in step S210: and determining the login account number of the login equipment corresponding to the login equipment identification in the first preset time period aiming at each login equipment identification based on the user login record in the first preset time period.
In an embodiment of the present invention, as shown in fig. 3, step S210 may include:
step S2101: for each login equipment identifier, acquiring a user login account with the login equipment identifier from the user login record in the first preset time period;
step S2101: and determining the number of user login accounts with the same login equipment identifier in the acquired user login record.
In an embodiment of the present invention, the obtained login device identifier set corresponding to the login account in the predetermined time period is {11 }123,12234,45123,56123,7845211, 12, 45, 56, and 78 are login accounts, subscript numbers 123, 234, and 452 of the login accounts are login account identifiers, and it is determined that the number of login accounts with the same login equipment identifier in a login equipment identifier set corresponding to the login account within a predetermined time period is 11, 45, and 452, where the login account corresponding to the login equipment identifier 123 is 11, 45, and 56, the login account corresponding to the login equipment identifier 234 is 12, the login account corresponding to the login equipment identifier 452 is 78, the number of login accounts corresponding to the login equipment identifier 123 is 3, the number of login accounts corresponding to the login equipment identifier 234 is 1, and the number of login accounts corresponding to the login equipment identifier 452 is 1.
Continuing with FIG. 2, in step S220: and if the number of login accounts of the login device corresponding to the login device identifier in the first preset time period is larger than a preset login account number threshold value aiming at one login device identifier, taking the login account of the login device corresponding to the login device identifier in the first preset time period as a candidate login account.
In an embodiment of the present invention, the threshold is predetermined, and may be determined according to experience of an operator of the system platform, or according to a strict market research conclusion, or may be obtained by determining, based on a quotient between a total number of registered accounts in the system and numbers of different biometric information under the same type of biometric information in the database, that is, if a user needs to provide face information of the user when registering an account of the system, and one user may have multiple accounts registered at the same time, but the used face information is of the same person, multiple accounts corresponding to the same face information are associated accounts, and the associated accounts are basically used on the same login device to log in the system platform. When a user a registers 3 accounts, a user b registers 1 account, a user c registers 10 accounts, and a user d registers 6 accounts, the determined threshold is 5, and the number of accounts held by the user c and the user d exceeds the threshold 5, the 10 accounts corresponding to the user c and the 6 accounts corresponding to the user d are determined as candidate login accounts.
In an embodiment of the present invention, the threshold may also be obtained by determining, based on a quotient between a total number of registered accounts in the system and a number of identifiers of the login devices recorded in the database, where, for example, the number of identifiers of the login devices recorded in the database is 4, where 1 login account corresponds to the login device 1, 5 login accounts corresponds to the login device 2, 64 login accounts corresponds to the login device 3, 30 login accounts corresponds to the login device 4, and the total number of login accounts is 100, then the threshold determined based on the total number of login accounts 100 and the total number of login devices 4 is 25, where the number of login accounts corresponding to the login device 3 and the login device 4 is greater than the threshold 25, and then 94 accounts that log in the platform through the login device 3 and the login device 4 are determined as candidate login accounts.
Continuing with FIG. 2, in step S230, an authentication request is sent to each candidate login account, the authentication request including a gesture name.
In an embodiment of the present invention, the gesture refers to a specific action and body position of a person when the person uses an arm, and the gesture name refers to a uniform name formed by the person for a common gesture in life. If the gesture name included in the authentication request sent to the candidate login account is "thumb up", the user knows that he should take a gesture picture of holding the thumb.
In an embodiment of the present invention, as shown in fig. 4, before step S230, the method may further include:
step S228: randomly extracting a gesture from a preset gesture set;
step S229: and randomly extracting a name corresponding to a gesture from a preset gesture set to serve as the gesture name included in the verification request.
In an embodiment of the invention, if an "OK gesture", "a gesture of raising the thumb", "a V-shaped gesture", "a gesture of raising the middle finger", "a gesture of clenching the fist" exist in the preset gesture set, a gesture corresponding to the "gesture of raising the thumb" is randomly extracted from the preset gesture set as the "gesture of raising the thumb", and a gesture name corresponding to the "gesture of raising the thumb" is put into the verification request and sent to the candidate account.
In an embodiment of the present invention, the gestures in the preset gesture set are not constant, a preset update period is set, the updated gestures are periodically updated into the preset gesture set, and the total number of the gestures in the gesture set is not constant, for example, if there are 90 gestures in the preset gesture set, when the gestures are updated, 20 new gestures are updated into the original preset gesture set, and 20 gestures are randomly extracted from the original gesture set to move out of the original gesture set, so as to maintain the total number of the gestures 90 constant.
Through the mode of randomly extracting the gestures and the mode of regularly updating the gestures, malicious technicians such as a technical wool party can be reduced, mass copying is carried out through a preset fixed gesture model so as to pass verification, in addition, the difficulty of related malicious technicians for breaking verification is increased, and therefore the harm of the technical wool party to a system platform is reduced.
Continuing with FIG. 2, in step S240, biometric information of each candidate login account and a gesture photo by the gesture name are received.
In an embodiment of the present invention, the biometric information may be a fingerprint of the user, or an iris, a face, a palm print of the user, and the like, for example, after the user receives the authentication request, the content of the authentication request is "please input the fingerprint and take a gesture picture of holding up a thumb", the user enters the fingerprint information of the user through the fingerprint authentication device configured on the login device, and takes the gesture picture of holding up the thumb required in the authentication request through the image pickup device configured on the login device, and the server receives the fingerprint information of the user and the gesture picture of holding up the thumb acquired by the login device.
In an embodiment of the present invention, after step S230, the method may further include: and if the biological characteristic information sent by the candidate login account and the gesture photo according to the gesture name are not received in a second preset time period after the verification request is sent to the candidate login account, determining that the candidate login account is an abnormal account.
In an embodiment of the invention, after the technical wool party receives the verification request, because gesture names contained in the verification requests received by the multiple account numbers are different, the technical wool party cannot copy in a large scale and passes the verification through a fixed gesture model, if all the account numbers pass the verification, a long time is needed, and by setting the verification time, the number of the account numbers controlled by the technical wool party passing the verification can be reduced, so that the damage of the technical wool party to a system platform is reduced, and more abnormal account numbers are identified.
As shown in fig. 2, in step S250, the received biometric information is compared with the biometric information registered when the candidate login account is registered.
In an embodiment of the present invention, if a fingerprint sent by a candidate account is received, a feature vector corresponding to the fingerprint is extracted and compared with a feature vector corresponding to a fingerprint entered by the candidate account during registration, which is stored in a database.
Continuing to refer to fig. 2, in step S260, if the comparison is consistent, a gesture is recognized from the gesture photographing, and it is determined whether the recognized gesture corresponds to the gesture name.
In an embodiment of the present invention, if a feature vector corresponding to a fingerprint entered by the candidate account at the time of registration stored in the database is the same as or has an error within a preset threshold range with respect to a feature vector corresponding to a verification fingerprint sent by the candidate account, it is determined that the comparison is consistent, and then a gesture name corresponding to a gesture in gesture photographing is identified, and the identified gesture name is compared with a gesture name included in a verification request sent to the candidate account, where if the identified gesture name corresponding to the gesture photographing is a "thumb raising gesture", and the gesture name included in the verification request sent to the candidate account is a "thumb raising gesture", it is determined that the identified gesture name corresponding to the gesture photographing is consistent with the gesture name included in the verification request sent to the candidate account.
Continuing to refer to fig. 2, in step S270, if the received biometric information is inconsistent with the biometric information registered during registration of the candidate login account, or the recognized gesture does not correspond to the gesture name, it is determined that the candidate login account is an abnormal account.
In an embodiment of the present invention, if the biometric information sent by the candidate account is not consistent with any verification of the gesture photographing, it is determined that the candidate account is an abnormal account, and if the fingerprint sent by the candidate account is not consistent with the fingerprint corresponding to the account stored in the database after verification, it is determined that the candidate account is an abnormal account;
in another embodiment of the present invention, if the fingerprint sent by the candidate account is verified to be consistent with the fingerprint corresponding to the account stored in the database, and the gesture name corresponding to the gesture identified in the gesture photo sent by the candidate account is inconsistent with the gesture name included in the verification request sent to the candidate account, the candidate account is also determined to be an abnormal account.
In another embodiment of the invention, in order to prevent a technical-class woollen party from extracting gestures corresponding to all gesture names in a preset gesture set through a large number of tests and pre-establishing corresponding gesture models to cope with random gesture verification in the technical scheme of the invention, when the biometric information verification and the gesture verification of a candidate account are successful, the time corresponding to the successful verification of the corresponding biometric information and the successful verification of the gesture is recorded, and when the number of successful verification of the candidate login account corresponding to the same login equipment identifier in the preset threshold time exceeds the preset threshold number, the candidate login account corresponding to the login equipment identifier is determined as an abnormal account. Through the technical scheme, the behavior of bedding wool can be further inhibited through the technical means of large-batch quick verification of the technical wool party, and the damage of the technical wool party to a system platform is reduced.
In an embodiment of the present invention, after step S270, the method further includes: and freezing the abnormal account and the login equipment corresponding to the abnormal account.
If the candidate login account is an abnormal account, freezing the abnormal account for a predetermined time to prevent related malicious persons from continuously operating the abnormal account to damage a system platform, wherein the freezing time can be determined according to experience in advance or can be determined according to the following method, and is determined based on the product of the number of the abnormal accounts corresponding to the same login equipment identifier and a preset number of days, if the number of the abnormal accounts corresponding to one login equipment is 50 and the preset number of days is 100 days, freezing each account in the 50 abnormal accounts corresponding to the login equipment for 5000 days.
In an embodiment of the present invention, after freezing the abnormal account and the login device corresponding to the abnormal account, the method may further include: and if the thawing complaint request sent by the abnormal account is not received within a third preset time period, the abnormal account is logged out.
If the account is frozen by mistake, if the frozen account is the account held by the real user, the frozen account is defrosted within a certain time, so that the defrosted account is defrosted, and the frozen account is cleared by setting a preset unfreezing period, if the unfreezing complaint is not received during the preset unfreezing period, the junk information stored in a system platform database can be reduced, the processing efficiency of a system platform is improved, and more accounts can be released for the real user to obtain and use.
The invention also provides a device for identifying the abnormal account. Referring to fig. 5, the apparatus 300 for abnormal account identification includes: a first obtaining module 310, a first determining module 320, a second determining module 330, a sending module 340, a receiving module 350, a comparing module 360, a third determining module 370, and a fourth determining module 380, wherein:
the first obtaining module 310: the system comprises a login server and a login server, wherein the login server is used for acquiring a user login record in a first preset time period, and the login record comprises a login account and a login equipment identifier aiming at one-time login behaviors;
the first determination module 320: the login account number of the login equipment corresponding to the login equipment identification in the first preset time period is determined for each login equipment identification based on the user login record in the first preset time period;
the second determination module 330: if the number of login accounts for logging in the login device corresponding to the login device identifier in the first preset time period is larger than a preset login account number threshold value, taking the login account for logging in the login device corresponding to the login device identifier in the first preset time period as a candidate login account;
the sending module 340: the system comprises a server and a server, wherein the server is used for sending a verification request to each candidate login account, and the verification request comprises a gesture name;
the receiving module 350: the gesture photographing device is used for receiving the biological characteristic information of each candidate login account and photographing according to the gesture name;
the comparison module 360: the system is used for comparing the received biological characteristic information with the biological characteristic information registered when the candidate login account is registered;
the third determination module 370: if the comparison is consistent, recognizing a gesture from the gesture photo, and determining whether the recognized gesture corresponds to the gesture name;
the fourth determination module 380: and if the received biological characteristic information is inconsistent with the registered biological characteristic information during the registration of the candidate login account, or the recognized gesture is not corresponding to the gesture name, determining that the candidate login account is an abnormal account.
In an embodiment, the first determining module 320 may be further configured to: for each login equipment identifier, acquiring a user login account with the login equipment identifier from the user login record in the first preset time period; and determining the number of user login accounts with the same login equipment identifier in the acquired user login record.
In an embodiment, the abnormal account number identification apparatus further includes: the fifth determining module is used for randomly extracting a gesture from the preset gesture set; and randomly extracting a name corresponding to a gesture from a preset gesture set to serve as the gesture name included in the verification request.
In an embodiment, the abnormal account number identification apparatus further includes: and the sixth determining module is used for determining that the candidate login account is an abnormal account if the biological characteristic information sent by the candidate login account and the gesture photo according to the gesture name are not received within a second preset time period after the verification request is sent to the candidate login account.
In an embodiment, the abnormal account number identification apparatus further includes: and the freezing module is used for freezing the abnormal account and the login equipment corresponding to the abnormal account.
In an embodiment, the abnormal account number identification apparatus further includes: and the unfreezing declaration module is used for logging off the abnormal account if the unfreezing declaration request sent by the abnormal account is not received within a third preset time period.
The specific details of each module in the above abnormal account identification apparatus have been described in detail in the corresponding method, and therefore are not described herein again.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the invention. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present invention are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in the particular order shown or that all of the depicted steps must be performed to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, a mobile terminal, or a network device, etc.) execute the method according to the embodiment of the present invention.
In an exemplary embodiment of the present invention, there is also provided an electronic device capable of implementing the above method.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 400 according to this embodiment of the invention is described below with reference to fig. 6. The electronic device 400 shown in fig. 6 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, electronic device 400 is embodied in the form of a general purpose computing device. The components of electronic device 400 may include, but are not limited to: the at least one processing unit 410, the at least one memory unit 420, and a bus 430 that couples various system components including the memory unit 420 and the processing unit 410.
Wherein the storage unit stores program code that is executable by the processing unit 410 to cause the processing unit 410 to perform steps according to various exemplary embodiments of the present invention as described in the above section "exemplary methods" of the present specification. For example, the processing unit 410 may perform step S200 as shown in fig. 2: acquiring a user login record in a first preset time period, wherein the login record comprises a login account and a login equipment identifier aiming at one-time login behaviors; step S210: determining the number of login accounts of login equipment corresponding to the login equipment identification in the first preset time period aiming at each login equipment identification based on the user login record in the first preset time period; step S220: if the number of login accounts of the login device corresponding to the login device identifier in the first preset time period is larger than a preset login account number threshold value aiming at one login device identifier, taking the login account of the login device corresponding to the login device identifier in the first preset time period as a candidate login account; step S230: sending a verification request to each candidate login account, wherein the verification request comprises a gesture name; step S240: receiving the biological characteristic information of each candidate login account and photographing according to the gesture of the gesture name; step S250: comparing the received biological characteristic information with the biological characteristic information registered when the candidate login account is registered; step S260: if the comparison is consistent, recognizing a gesture from the gesture photo, and determining whether the recognized gesture corresponds to the gesture name; step S270: and if the received biological characteristic information is inconsistent with the biological characteristic information registered during the registration of the candidate login account, or the recognized gesture is not corresponding to the gesture name, determining that the candidate login account is an abnormal account.
The storage unit 420 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)4201 and/or a cache memory unit 4202, and may further include a read only memory unit (ROM) 4203.
The storage unit 420 may also include a program/utility 4204 having a set (at least one) of program modules 4205, such program modules 4205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 430 may be any bus representing one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 400 may also communicate with one or more external devices 500 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 400, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 400 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 450. Also, the electronic device 400 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 460. As shown, the network adapter 460 communicates with the other modules of the electronic device 400 over the bus 430. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with electronic device 400, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, a terminal device, or a network device, etc.) execute the method according to the embodiment of the present invention.
In an exemplary embodiment of the present invention, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
Referring to fig. 7, a program product 600 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

Claims (9)

1. A method for abnormal account identification is characterized by comprising the following steps:
acquiring a user login record in a first preset time period, wherein the login record comprises a login account and a login equipment identifier aiming at one-time login behaviors;
determining the number of login accounts of login equipment corresponding to the login equipment identification in the first preset time period aiming at each login equipment identification based on the user login record in the first preset time period;
if the number of login accounts of the login device corresponding to the login device identifier in the first preset time period is larger than a preset login account number threshold value aiming at one login device identifier, taking the login account of the login device corresponding to the login device identifier in the first preset time period as a candidate login account;
sending a verification request to each candidate login account, wherein the verification request comprises a gesture name;
receiving the biological characteristic information of each candidate login account and photographing according to the gesture of the gesture name;
comparing the received biological characteristic information with the biological characteristic information registered when the candidate login account is registered;
if the comparison is consistent, recognizing a gesture from the gesture photo, and determining whether the recognized gesture corresponds to the gesture name;
and if the received biological characteristic information is inconsistent with the biological characteristic information registered during the registration of the candidate login account, or the recognized gesture is not corresponding to the gesture name, determining that the candidate login account is an abnormal account.
2. The method according to claim 1, wherein the determining, for each login device identifier, the number of login accounts for logging in the login device corresponding to the login device identifier within the first predetermined time period based on the login record of the user within the first predetermined time period comprises:
for each login equipment identifier, acquiring a user login account with the login equipment identifier from the user login record in the first preset time period;
and determining the number of user login accounts with the same login equipment identifier in the acquired user login record.
3. The method of claim 1, wherein prior to said sending a validation request to each candidate login account, the validation request including a gesture name, further comprising:
randomly extracting a gesture from a preset gesture set;
and randomly extracting a name corresponding to a gesture from a preset gesture set to serve as the gesture name included in the verification request.
4. The method of claim 1, wherein after said sending a verification request to each candidate login account, the verification request including a gesture name, further comprising:
and if the biological characteristic information sent by the candidate login account and the gesture photo according to the gesture name are not received in a second preset time period after the verification request is sent to the candidate login account, determining that the candidate login account is an abnormal account.
5. The method of claim 1, wherein after determining that the candidate login account is an abnormal account if the received biometric information is not consistent with the biometric information registered during registration of the candidate login account or the recognized gesture does not correspond to the gesture name, the method further comprises:
and freezing the abnormal account and the login equipment corresponding to the abnormal account.
6. The method of claim 5, wherein after freezing the abnormal account and the login device corresponding to the abnormal account, the method further comprises:
and if the thawing complaint request sent by the abnormal account is not received within a third preset time period, the abnormal account is logged out.
7. An abnormal account number recognition device, comprising:
a first obtaining module: the system comprises a login server and a login server, wherein the login server is used for acquiring a user login record in a first preset time period, and the login record comprises a login account and a login equipment identifier aiming at one-time login behaviors;
a first determination module: the login account number of the login equipment corresponding to the login equipment identification in the first preset time period is determined for each login equipment identification based on the user login record in the first preset time period;
a second determination module: if the number of login accounts for logging in the login device corresponding to the login device identifier in the first preset time period is larger than a preset login account number threshold value, taking the login account for logging in the login device corresponding to the login device identifier in the first preset time period as a candidate login account;
a sending module: the system comprises a server and a server, wherein the server is used for sending a verification request to each candidate login account, and the verification request comprises a gesture name;
a receiving module: the gesture photographing device is used for receiving the biological characteristic information of each candidate login account and photographing according to the gesture name;
a comparison module: the system is used for comparing the received biological characteristic information with the biological characteristic information registered when the candidate login account is registered;
a third determination module: if the comparison is consistent, recognizing a gesture from the gesture photo, and determining whether the recognized gesture corresponds to the gesture name;
a fourth determination module: and if the received biological characteristic information is inconsistent with the registered biological characteristic information during the registration of the candidate login account, or the recognized gesture is not corresponding to the gesture name, determining that the candidate login account is an abnormal account.
8. An electronic device for abnormal account identification, comprising:
a memory configured to store executable instructions;
a processor configured to execute executable instructions stored in the memory to implement the method of any of claims 1-6.
9. A computer-readable storage medium, characterized in that it stores computer program instructions which, when executed by a computer, cause the computer to perform the method according to any one of claims 1-6.
CN201910854854.9A 2019-09-10 2019-09-10 Abnormal account identification method and device, electronic equipment and storage medium Active CN110677390B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910854854.9A CN110677390B (en) 2019-09-10 2019-09-10 Abnormal account identification method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910854854.9A CN110677390B (en) 2019-09-10 2019-09-10 Abnormal account identification method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110677390A true CN110677390A (en) 2020-01-10
CN110677390B CN110677390B (en) 2023-03-24

Family

ID=69077596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910854854.9A Active CN110677390B (en) 2019-09-10 2019-09-10 Abnormal account identification method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110677390B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114095191A (en) * 2020-08-03 2022-02-25 拉扎斯网络科技(上海)有限公司 Data processing method and device, electronic equipment and computer readable storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968612A (en) * 2012-07-27 2013-03-13 中国工商银行股份有限公司 Bank identity identification method and system
US9355236B1 (en) * 2014-04-03 2016-05-31 Fuji Xerox Co., Ltd. System and method for biometric user authentication using 3D in-air hand gestures
CN106846564A (en) * 2016-12-29 2017-06-13 湖南拓视觉信息技术有限公司 A kind of intelligent access control system and control method
CN108108649A (en) * 2016-11-24 2018-06-01 腾讯科技(深圳)有限公司 Auth method and device
CN108596653A (en) * 2018-04-04 2018-09-28 顺丰科技有限公司 A kind of discount coupon is abnormal to use detecting system, method, equipment and storage medium
CN109450920A (en) * 2018-11-29 2019-03-08 北京奇艺世纪科技有限公司 A kind of exception account detection method and device
CN109558951A (en) * 2018-11-23 2019-04-02 北京知道创宇信息技术有限公司 A kind of fraud account detection method, device and its storage medium
CN109949069A (en) * 2019-01-28 2019-06-28 平安科技(深圳)有限公司 Suspicious user screening technique, device, computer equipment and storage medium
CN110064203A (en) * 2019-04-03 2019-07-30 福建天晴数码有限公司 The method for detecting abnormality and computer readable storage medium of game reward

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968612A (en) * 2012-07-27 2013-03-13 中国工商银行股份有限公司 Bank identity identification method and system
US9355236B1 (en) * 2014-04-03 2016-05-31 Fuji Xerox Co., Ltd. System and method for biometric user authentication using 3D in-air hand gestures
CN108108649A (en) * 2016-11-24 2018-06-01 腾讯科技(深圳)有限公司 Auth method and device
CN106846564A (en) * 2016-12-29 2017-06-13 湖南拓视觉信息技术有限公司 A kind of intelligent access control system and control method
CN108596653A (en) * 2018-04-04 2018-09-28 顺丰科技有限公司 A kind of discount coupon is abnormal to use detecting system, method, equipment and storage medium
CN109558951A (en) * 2018-11-23 2019-04-02 北京知道创宇信息技术有限公司 A kind of fraud account detection method, device and its storage medium
CN109450920A (en) * 2018-11-29 2019-03-08 北京奇艺世纪科技有限公司 A kind of exception account detection method and device
CN109949069A (en) * 2019-01-28 2019-06-28 平安科技(深圳)有限公司 Suspicious user screening technique, device, computer equipment and storage medium
CN110064203A (en) * 2019-04-03 2019-07-30 福建天晴数码有限公司 The method for detecting abnormality and computer readable storage medium of game reward

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114095191A (en) * 2020-08-03 2022-02-25 拉扎斯网络科技(上海)有限公司 Data processing method and device, electronic equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN110677390B (en) 2023-03-24

Similar Documents

Publication Publication Date Title
US11687653B2 (en) Methods and apparatus for identifying and removing malicious applications
US10591324B2 (en) Electronic device and hardware diagnosis result-based process execution method thereof
US9280365B2 (en) Systems and methods for managing configuration data at disconnected remote devices
US20190073483A1 (en) Identifying sensitive data writes to data stores
CN108418787B (en) Method for acquiring enterprise resource planning data, terminal device and medium
CN104364794A (en) Location-based access control for portable electronic device
US20110071811A1 (en) Using event correlation and simulation in authorization decisions
CN110691085A (en) Login method, login device, password management system and computer readable medium
CN109508522A (en) A kind of data clearing method, device, storage medium and terminal
CN112839028B (en) Account logout processing method, related device, server and medium
CN110677390B (en) Abnormal account identification method and device, electronic equipment and storage medium
US20120079573A1 (en) Information processing device, password diagnosing method and computer-readable medium
CN117150461A (en) Platform access method and device, electronic equipment and storage medium
CN110968860A (en) Security verification method for application account, computer equipment and computer-readable storage medium
CN115964701A (en) Application security detection method and device, storage medium and electronic equipment
CN110704614A (en) Information processing method and device for predicting user group type in application
CN111786991B (en) Block chain-based platform authentication login method and related device
CN109104759B (en) Interaction method of electronic equipment, electronic equipment and computer readable medium
CN109977669B (en) Virus identification method and device and computer equipment
CN110197071B (en) Boot sector data processing method and device, computer storage medium and electronic equipment
CN111026612A (en) Application program operation monitoring method and device, storage medium and electronic equipment
CN111784352A (en) Authentication risk identification method and device and electronic equipment
CN214670638U (en) Barn gun
JP2018163677A5 (en)
CN113409051B (en) Risk identification method and device for target service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant