CN111080303B - Risk identification method and device of terminal equipment and equipment - Google Patents

Risk identification method and device of terminal equipment and equipment Download PDF

Info

Publication number
CN111080303B
CN111080303B CN201911242890.6A CN201911242890A CN111080303B CN 111080303 B CN111080303 B CN 111080303B CN 201911242890 A CN201911242890 A CN 201911242890A CN 111080303 B CN111080303 B CN 111080303B
Authority
CN
China
Prior art keywords
equipment
attribute value
change rate
value
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911242890.6A
Other languages
Chinese (zh)
Other versions
CN111080303A (en
Inventor
傅颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN201911242890.6A priority Critical patent/CN111080303B/en
Publication of CN111080303A publication Critical patent/CN111080303A/en
Application granted granted Critical
Publication of CN111080303B publication Critical patent/CN111080303B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The application provides a risk identification method, device and equipment of terminal equipment. The method comprises the following steps: acquiring transaction data initiated by a user through terminal equipment; wherein the transaction data comprises a plurality of device attribute values; the device attribute value is an attribute value corresponding to a preset attribute category included in the terminal device. Calculating the change rate of the number of the devices corresponding to the attribute values of the devices; the device number change rate corresponding to the device attribute value is a change rate of the number of terminal devices including the device attribute value in a unit time period corresponding to the occurrence time of the transaction data, and the change rate corresponds to the historical average number of the terminal devices including the device attribute value in the unit time period. Calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.

Description

Risk identification method and device of terminal equipment and equipment
Technical Field
The present application relates to the field of computer applications, and in particular, to a risk identification method, apparatus, and device for a terminal device.
Background
Currently, many platforms attract users by developing marketing campaigns. The platform may issue marketing funds to the user after the user engages in a marketing campaign developed by the platform.
Because of profitability, many "wool parties" or "black houses" acquire a high amount of marketing funds ("wool") by participating in the platform-developed marketing campaign multiple times at a relatively low cost.
Disclosure of Invention
The application provides a risk identification method of terminal equipment, which is applied to a server side and comprises the following steps:
acquiring transaction data initiated by a user through terminal equipment; wherein the transaction data comprises a plurality of device attribute values; the device attribute value is an attribute value corresponding to a preset attribute category included in the terminal device;
calculating the change rate of the number of the devices corresponding to the attribute values of the devices; the device number change rate corresponding to the device attribute value is a change rate of the number of terminal devices including the device attribute value in a unit time period corresponding to the occurrence time of the transaction data and a historical average number of terminal devices including the device attribute value in the unit time period;
calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.
The application provides a risk identification device of terminal equipment, is applied to the server side, and above-mentioned device includes:
the acquisition module acquires transaction data initiated by the terminal equipment; wherein the transaction data comprises a plurality of device attribute values; the device attribute value is an attribute value corresponding to a preset attribute category included in the terminal device;
the calculation module is used for calculating the equipment quantity change rate corresponding to each equipment attribute value; the device number change rate corresponding to the device attribute value is a change rate of the number of terminal devices including the device attribute value in a unit time period corresponding to the occurrence time of the transaction data and a historical average number of terminal devices including the device attribute value in the unit time period;
a determining module, configured to calculate a risk score of the terminal device based on the device number change rate corresponding to each device attribute value, and determine whether the risk score is greater than a threshold; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.
The application provides a risk identification equipment of terminal equipment, and above-mentioned diverging device includes: a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the following method when executing the program:
acquiring transaction data initiated by a user through terminal equipment; wherein the transaction data comprises a plurality of device attribute values; the device attribute value is an attribute value corresponding to a preset attribute category included in the terminal device;
calculating the change rate of the number of the devices corresponding to the attribute values of the devices; the device number change rate corresponding to the device attribute value is a change rate of the number of terminal devices including the device attribute value in a unit time period corresponding to the occurrence time of the transaction data and a historical average number of terminal devices including the device attribute value in the unit time period;
calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.
It will be understood by those skilled in the art that since most of the device attribute values of the device cannot be tampered with when the device identification of the device is tampered with, when the marketing campaign encounters "wool over" in the manner described above, the number of devices including the device attribute values that cannot be tampered with increases compared to the number of devices including the device attribute values in a normal marketing campaign. It can be seen that the rate of change of the number of devices corresponding to the device attribute value included in the device may reflect to some extent whether the device is a risk device identified by a tampered device.
According to the scheme, the equipment quantity change rate corresponding to each equipment attribute value of the equipment is calculated; then, calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; if so, determining that the terminal device is the risk device tampered with the device identifier, so that whether the terminal device is the risk device tampered with the device identifier can be effectively identified.
Drawings
FIG. 1 is a schematic illustration of a marketing campaign scenario presented herein;
fig. 2 is a schematic flowchart of a risk identification method for a terminal device according to the present application;
FIG. 3 is a flow chart of a method of constructing a risk scoring model according to the present application;
FIG. 4 is a graph illustrating an expected distribution trend of WOE values;
fig. 5 is a structural diagram of a risk identification device of a terminal device shown in the present application;
fig. 6 is a structural diagram of a risk identification device of a terminal device according to the present application.
Detailed Description
In the related art, in order to increase the cost of "wool party" or "black products" to perform "pulling wool" and prevent the behavior of "pulling wool" in a large batch, many platforms follow the principle that one terminal device can only successfully participate in one marketing campaign when the marketing campaign is developed.
In order to follow the above principle, accurate identification of the terminal device is required in practical applications. At present, the related art generally identifies the terminal device by identifying the device identifier.
The device identifier refers to a device feature or a unique identifier that can be used to identify the device. In practical applications, the device identification usually includes some inherent device identification that is harder to tamper with. Such as the hardware ID of the device, the MAC address of the network card, etc.
The following describes how to ensure that a terminal device can only successfully participate in a marketing campaign.
Referring to fig. 1, fig. 1 is a schematic view of a marketing campaign scene shown in the present application. As shown in fig. 1, a user may participate in a marketing campaign being conducted by the platform through a terminal device. It should be noted that the networking structure shown in fig. 1 is only an exemplary structure and does not limit the present application.
The terminal equipment can run a client program related to the marketing activity and provide hardware support for interaction between the client and the background server.
The client can be used for initiating a marketing activity participation request to the background server. When the user needs to participate in the marketing campaign, the client may send information such as related information (for example, account password information) of the user and the device identifier of the terminal device to the background server, so that the background server performs information verification. And after the background server side passes the information verification, the platform can return marketing funds to the client side through the background server side.
The background server can be used for verifying information from a client (user). And when the verification information passes, issuing marketing funds to the user passing the verification information.
Specifically, the background server may maintain an equipment identifier library, which is used to record the equipment identifiers of the terminals participating in the marketing campaign. At this time, when there is a new marketing activity participation request, the background server may obtain the device identifier of the terminal device that sent the participation request, and match the device identifier with the device identifiers in the device identifier library one by one.
If the equipment identifier is not hit in any equipment identifier library, the terminal is indicated to participate in the marketing campaign for the first time, the principle that one terminal can only participate in the marketing campaign for one time successfully is met, and marketing funds can be issued to the terminal;
if the equipment identification hits any one of the equipment identification libraries, the terminal is indicated to have participated in the marketing activity, and no marketing fund or low amount is issued, thereby ensuring that the marketing fund is normally issued and is not 'pulled wool'.
For example, a certain international wallet (platform) is being launched to register a marketing campaign with certified incentives in order to attract registered users. After the user passes the registration authentication at the platform through a terminal, the platform can award a marketing fund to the user. It is assumed that the device identifiers of a plurality of terminal devices participating in the marketing campaign are already maintained in the device identifier library maintained by the background server.
When the user 2 initiates a request for participating in the marketing activity to the background server through the terminal 2 (mobile phone terminal), the background server may obtain the device identifier of the terminal 2 and match the device identifier with the device identifiers in the device identifier library maintained by the background server one by one. .
If the equipment identifier is not hit in any equipment identifier library, the terminal is indicated to participate in the marketing campaign for the first time, the principle that one terminal can only participate in the marketing campaign for one time successfully is met, and marketing funds can be issued to the terminal;
if the equipment identification hits any one of the equipment identification libraries, the terminal is indicated to have participated in the marketing activity, and no marketing fund or low amount is issued, thereby ensuring that the marketing fund is normally issued and is not 'pulled wool'.
However, since the device identifier is used as the only basis for determining whether the devices are the same device, once the woollen party or the black product masters the method for tampering the device identifier, the wind control strategy loses value. If the device identifier is combined with the weak environments such as network IP and ROUTERMAC to serve as the judgment basis of the identification terminal, misjudgment may be caused, and the marketing activity is greatly influenced.
Based on the above, the application provides a risk identification method for the terminal device, which can be applied to a background server. According to the method, the risk scoring is carried out on the equipment to be tested based on the contribution degree of the change rate corresponding to each equipment attribute value to the evaluation risk equipment (the equipment with the tampered equipment identifier), so that whether the equipment to be tested is the risk equipment or not is determined.
It should be noted that the device attribute value used in the present application indicates an attribute value corresponding to an attribute class included in the terminal device (hereinafter, referred to as "device"). For example, if one device attribute value of the device a is 128G, the attribute value corresponding to the attribute category indicating the hard disk capacity of the device a may be 128G. For another example, if a device attribute value of the device a is android4.0, it may indicate that the attribute value corresponding to the attribute category of the operating system of the device a is android 4.0.
Specifically, please refer to fig. 2, where fig. 2 is a schematic flowchart of a risk identification method for a terminal device according to the present application.
As shown in fig. 2, S201, acquiring transaction data initiated by a user through a terminal device; wherein the transaction data comprises a plurality of device attribute values; the device attribute value is a device attribute value corresponding to a preset attribute category included in the terminal device;
s202, calculating the equipment quantity change rate corresponding to each equipment attribute value; the device number change rate corresponding to the device attribute value is a change rate of the number of the terminal devices including the device attribute value in a unit time period corresponding to the occurrence time of the transaction data, and the change rate corresponds to the historical average number of the terminal devices including the device attribute value in the unit time period;
s203, calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.
It will be understood by those skilled in the art that since most of the device attribute values of the device cannot be tampered with when the device identification of the device is tampered with, when the marketing campaign encounters "wool over" in the manner described above, the number of devices including the device attribute values that cannot be tampered with increases compared to the number of devices including the device attribute values in a normal marketing campaign. It can be seen that the rate of change of the number of devices corresponding to the device attribute value included in the device may reflect to some extent whether the device is a risk device identified by a tampered device.
According to the scheme, the equipment quantity change rate corresponding to each equipment attribute value of the equipment is calculated; then, calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; if so, determining that the terminal device is the risk device tampered with the device identifier, so that whether the terminal device is the risk device tampered with the device identifier can be effectively identified.
To quantify the degree of contribution of the rate of change corresponding to the device attribute value to the risk assessment device, in one embodiment, a WOE (Weight of Evidence) value corresponding to the rate of change corresponding to the device attribute value is used.
In the foregoing situation, the background server may pre-maintain a correspondence between the change rate of the number of devices corresponding to the device attribute value and the WOE value.
When the step S203 is executed, in order to calculate the risk score of the terminal device based on the device number change rate corresponding to each device attribute value, a correspondence between the device number change rate corresponding to the device attribute value and a WOE value may be first queried based on the device number change rate corresponding to each device attribute value, so as to determine a WOE value corresponding to the device number change rate corresponding to each device attribute value; and then, carrying out weighted calculation on the WOE values corresponding to the equipment quantity change rates corresponding to the equipment attribute values to obtain the risk score of the terminal equipment.
In an embodiment, the correspondence between the change rate of the device number corresponding to the device attribute value and the WOE value, which is maintained in advance in the background server, may be a correspondence between a device number change rate packet and a WOE value.
In the above situation, when querying the WOE value corresponding to the change rate of the number of devices corresponding to the device attribute value, the change rate group of the number of devices to which the change rate of the number of devices belongs may be determined first, and then the WOE value corresponding to the change rate group of the number of devices may be determined as the WOE value corresponding to the change rate of the number of devices.
The corresponding relation between the equipment quantity change rate group and the WOE value can be calculated based on historical transaction data labeled with a risk judgment result label in a preset time period; and the risk judgment result label indicates whether the terminal equipment initiating the historical transaction data is the risk equipment with the tampered equipment identifier.
In an embodiment, in order to maintain the correspondence between the device number change rate packet and the WOE value, the backend server may perform the following operations:
acquiring historical transaction data of a marked risk judgment result label in a preset time period;
then, based on the historical transaction data, calculating the equipment quantity change rate corresponding to each equipment attribute value;
next, the following A, B, C steps may be repeated to obtain the correspondence of the device number change rate packet to the WOE value:
A. sorting the equipment quantity change rates corresponding to the equipment attribute values belonging to the same attribute category according to a preset sequence, and dividing the equipment quantity change rates into a plurality of groups;
B. calculating the WOE value corresponding to each packet;
C. and obtaining the corresponding relation between the equipment quantity change rate group under the attribute type and the WOE value, and storing the corresponding relation in the background server.
Here, it should be noted that, the specific process for performing the step B may refer to the related art, and is not described in detail herein.
In order to make the evaluation result of the risk device more accurate, in an embodiment, when calculating the risk score of the device, the risk score may be calculated based on a change rate corresponding to a device attribute value corresponding to an effective attribute class (preset attribute class); the determination process of the effective attribute category is as follows:
sorting the equipment quantity change rates corresponding to the equipment attribute values belonging to the same attribute category according to a preset sequence;
determining whether the distribution trend of the WOE values corresponding to the equipment quantity change rates corresponding to the sorted equipment attribute values accords with an expected distribution trend (determining whether the distribution trend of the WOE values corresponding to the sorted equipment quantity change rate groups accords with the expected distribution trend); wherein, the expected distribution trend is a distribution trend of WOE values maintained in the background server in advance;
if yes, determining the attribute type as a valid attribute type.
In an embodiment, when the correspondence between the device number change rate and the WOE value corresponding to the device attribute value, which is maintained in the background server in advance, is a correspondence between a device number change rate packet and a WOE value, the determination process of the valid attribute category may be as follows:
sorting the equipment quantity change rate groups under the same attribute category according to a preset sequence;
determining whether the distribution trend of the WOE values corresponding to the sorted equipment quantity change rate groups conforms to an expected distribution trend; wherein, the expected distribution trend is a distribution trend of WOE values maintained in the background server in advance;
if yes, determining the attribute type as a valid attribute type.
The present application will be described with reference to specific examples.
To be able to assess whether a device is a risk device, in one embodiment a risk scoring model may be constructed first. Referring to fig. 3, fig. 3 is a flowchart of a method for constructing a risk scoring model according to the present application.
As shown in fig. 3, S301, acquiring historical transaction data of a preset time period; wherein the historical transaction data includes a plurality of device attribute values.
The device attribute value indicates an attribute value corresponding to a device attribute included in the device. For example, one device attribute value of device a is a hard disk capacity 128G. The device attribute value may indicate that the device attribute value corresponding to the attribute category of the hard disk capacity of the device a is 128G. For another example, one device attribute value of device a is android 4.0. The device attribute value may indicate that the device attribute value corresponding to the attribute category of the operating system of the device a is android 4.0.
The device attribute categories may be as shown in table 1. It should be noted that the device attribute categories shown in table 1 are only illustrative and do not limit the present application.
Device attributes
Hardware information-network card address (mac address) (hotspot-removing)
Hardware information-Android device ID-Google Service ID
Hardware information-hard disk capacity
Hardware information-physical memory size
Hardware information-device language
Hardware information-Screen resolution
Hardware information-bluetooth Address
Hardware information-SIM card serial number
Hardware information-CPU frequency
Hardware information-number of CPU cores
Hardware information-main board
Software information-system version number
Software information-device formal name
Software information-specific type of equipment (Brand type)
Software information-device version number
Unique application identifier of software information-collected data, namely app name
App version information of software information-acquired data
Software information-boot time
Software information-boot duration
TABLE 1
After obtaining historical transaction data in a preset time period, S302 may be executed to calculate a historical average device number N1 corresponding to each device attribute value in the historical transaction data record; the historical average number of devices N1 corresponding to the device attribute value indicates the historical average number of terminal devices including the device attribute value in the devices participating in the marketing transaction activity in the unit period. It should be noted that the unit period may be a unit period for maintenance. For example, the above-mentioned unit period may be 1 hour or 1 day.
In this step, a device attribute value (e.g., device attribute value a) may be obtained from the historical transaction data; then, screening out transaction data comprising the equipment attribute value (for example, the equipment attribute value A) from the historical transaction data;
after screening out the transaction data including the device attribute value (e.g., device attribute value a), the number of screened-out transaction data M1 may be counted. It should be noted that M1 is the number of distinting devices, that is, when counting M1, the transaction data including the same device id is counted only once.
After obtaining the M1, the historical average device number N1 corresponding to the device attribute value (e.g., the device attribute value a) may be calculated based on the formula N1 — M1/N; where N indicates the number of the unit periods included in the preset period (N is the preset period/the unit period, and N is a positive integer).
After obtaining the historical average device number N1 corresponding to each device attribute value, S303 may be executed to obtain historical transaction data for another preset time period; the historical transaction data comprises a plurality of equipment attribute values, and the historical transaction data is labeled with a risk judgment result label. It should be noted that, on the one hand, the another preset time period may be a time period after the preset time period in S301; on the other hand, the risk assessment result tag may be a tag that marks the historical transaction data by means of post-assessment.
After obtaining historical transaction data of another preset time period, S304 may be executed to calculate an actual device number N2 corresponding to each device attribute value of the historical transaction data record; the actual device number N2 corresponding to the device attribute value indicates the number of terminal devices that contain the device attribute value in a unit time period corresponding to the occurrence time of the transaction data including the device attribute value.
In this step, the historical transaction data may be sorted according to a time sequence, and then each transaction data may be operated as follows one by one according to the sorting sequence:
first obtaining a device attribute value (e.g., device attribute value B) from the transaction data;
then, screening out transaction data including the equipment attribute value (for example, the equipment attribute value B) from the transactions generated in unit time corresponding to the transaction data generation time;
next, after the transaction data satisfying the above condition is screened, the number M2 of the screened transaction data may be counted. It should be noted that M2 is the number of distinting devices, that is, when counting M2, the transaction data including the same device id is counted only once.
Finally, M2 is determined as the actual number of devices N2 for the device attribute value (e.g., device attribute value B).
After obtaining the actual device number N2 corresponding to each device attribute value, S305 may be executed to calculate a device number change rate P corresponding to each device attribute value; wherein the rate of change P of the number of devices corresponding to the device attribute value is a rate of change of the number of terminal devices including the device attribute value in a unit time period corresponding to the occurrence time of the transaction data, corresponding to the historical average number of terminal devices including the device attribute value in the unit time period;
in one embodiment, P may be calculated based on the formula (N2-N1)/N1; wherein, P indicates the equipment quantity change rate corresponding to the equipment attribute value; n2 indicates the number of terminal devices that contain the device attribute value in a unit period corresponding to the time of occurrence of the transaction data that includes the device attribute value; n1 indicates the history average number of terminal devices containing the device attribute value in the unit period.
After the device number change rate P corresponding to each device attribute value is obtained, S306 may be executed to calculate a corresponding relationship between the device number change rate packet and the WOE value, and store the corresponding relationship in the background server.
Specifically, the following A, B, C steps may be repeated to obtain the correspondence between the device number change rate packet and the WOE value:
A. sorting the equipment quantity change rates corresponding to the equipment attribute values belonging to the same attribute category according to a preset sequence, and dividing the equipment quantity change rates into a plurality of groups;
B. calculating the WOE value corresponding to each packet;
C. and obtaining the corresponding relation between the equipment quantity change rate group under the attribute type and the WOE value, and storing the corresponding relation in the background server.
Here, it should be noted that, the specific process for performing the step B may refer to the related art, and is not described in detail herein.
After obtaining the correspondence between the device number change rate packet and the WOE value, S307 may be executed to determine an effective attribute type from the attribute types.
Specifically, the following steps may be performed for the correspondence of the device number change rate packet and the WOE value:
sorting the equipment quantity change rate groups under the same attribute category according to a preset sequence;
determining whether the distribution trend of the WOE values corresponding to the sorted equipment quantity change rate groups conforms to an expected distribution trend; wherein, the expected distribution trend is a distribution trend of WOE values maintained in the background server in advance;
if yes, determining the attribute type as a valid attribute type.
After determining the valid attribute categories, S308 may be performed to build a risk scoring model.
Specifically, in order to construct the above risk scoring model, the following steps may be performed:
s3081, obtaining a device quantity change rate corresponding to the device attribute value under the valid attribute category included in the historical transaction data (the data obtained in S303); in one embodiment, the above-mentioned rate of change in the number of devices may be obtained based on the calculation result after S305 is performed.
After obtaining the change rate of the device quantity corresponding to the device attribute value under the effective attribute category included in the historical transaction data, S3082 may be executed, the correspondence between the device quantity change rate packet and the WOE value is queried based on the change rate of the device quantity corresponding to each device attribute value, and the WOE value corresponding to the device quantity change rate corresponding to each device attribute value is determined;
after determining the WOE values corresponding to the device number change rates corresponding to the device attribute values, S3083 may be performed, and the WOE values are weighted and summed to calculate a WOE summation result; in one embodiment, the weighting factor may be 1.
After the steps of S3081-S3083 are performed on the historical transaction data, each summation result can be mapped to a fraction interval of 0-100 in a standardized manner based on the WOE summation result corresponding to the historical transaction data; in the process of performing the normalized mapping of the summation result, the following principle can be followed, and if the summation result is less than 0, the summation result can be mapped into a fraction interval of 0-50; if the summation result is greater than 0, the summation result may be mapped to a fractional interval of 51-100. Here, it should be noted that the above process of normalizing the mapping of the summation result may refer to the related art, and is not limited herein.
To this end, a risk scoring model shown in the present application is constructed.
In one embodiment, in order to ensure the reliability of the risk scoring model, after the risk scoring model is constructed, the historical transaction data of other time periods may be taken to perform the OOT verification on the model.
In one embodiment, the risk scoring model may be modified based on the OOT verification result. For example, the weighting coefficients in S3083 are corrected based on the OOT verification result.
After the risk scoring model is built, whether equipment participating in the marketing activity is risk equipment or not can be predicted by using the risk scoring model; wherein, the risk device is a device with a tampered device identifier.
Specifically, S201, transaction data initiated by a user through a terminal device is acquired; wherein the transaction data comprises a plurality of device attribute values; the device attribute value is a device attribute value corresponding to each preset attribute category included in the terminal device (in this embodiment, the preset attribute category may be the valid attribute category determined in the step S307);
s202, calculating the equipment quantity change rate corresponding to each equipment attribute value; the device number change rate corresponding to the device attribute value is a change rate of the number of terminal devices including the device attribute value in a unit time period corresponding to the occurrence time of the transaction data and a historical average number of terminal devices including the device attribute value in the unit time period;
s203, calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.
In an embodiment, when S203 is executed, the device quantity change rate packet to which each device quantity change rate belongs may be determined based on the device quantity change rate corresponding to each device attribute value, and then, based on the device quantity change rate packet, the correspondence between the device quantity change rate packet stored in S306 and the WOE value may be queried to determine the WOE value corresponding to the device quantity change rate corresponding to each device attribute value; then, performing weighted calculation (for example, with a weighting coefficient of 1) on the WOE value corresponding to the change rate of the number of devices corresponding to each device attribute value to obtain a calculation result, inputting the calculation result into the risk score model, and determining a risk score corresponding to the calculation result; finally, determining whether the risk score is greater than a threshold value; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.
It will be understood by those skilled in the art that since most of the device attribute values of the device cannot be tampered with when the device identification of the device is tampered with, when the marketing campaign encounters "wool over" in the manner described above, the number of devices including the device attribute values that cannot be tampered with increases compared to the number of devices including the device attribute values in a normal marketing campaign. It can be seen that the rate of change of the number of devices corresponding to the device attribute value included in the device may reflect to some extent whether the device is a risk device identified by a tampered device.
According to the scheme, the equipment quantity change rate corresponding to each equipment attribute value of the equipment is calculated; then, calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; if so, determining that the terminal device is the risk device tampered with the device identifier, so that whether the terminal device is the risk device tampered with the device identifier can be effectively identified.
The present application is described below with reference to the application scenario shown in fig. 1.
Assume that the platform shown in fig. 1 is a international wallet platform, and that the platform launches registered rewards and load cashback activities in 2018, 8-12 months. The user can participate in the marketing campaign being developed by the platform through the terminal device.
Fig. 1 shows that the background server records transaction data of the terminal devices participating in the marketing campaign during the time period; wherein the transaction data comprises a plurality of device attribute values; the device attribute value is a device attribute value corresponding to an attribute type included in the terminal device. It is assumed that the attribute categories corresponding to the device attribute values recorded in the transaction data may be as shown in table 1.
The background server can evaluate the risk of the equipment participating in the marketing activity.
Specifically, a risk assessment model may be first constructed in the background server based on historical transaction data of 8 months and 9 months.
The background server may execute S301 to obtain historical transaction data of 8 months (hereinafter referred to as "data of 8 months"); wherein the historical transaction data includes a plurality of device attribute values.
Then, S302 may be executed to calculate a historical average device number N1 corresponding to each device attribute value of the 8-month data record; the historical average device number N1 corresponding to the device attribute value indicates the historical average number of terminal devices including the device attribute value in the devices participating in the marketing transaction activity every day (unit duration) in 8 months.
In this step, the 8-month data may be sorted according to the occurrence time sequence; then, according to the above sorting sequence, each transaction data is operated as follows:
according to the sequence of the device attributes shown in table 1, the device attribute values corresponding to the device attributes in the transaction data are obtained, and the historical average device number N1 corresponding to each device attribute value is calculated. The step of calculating N1 may refer to the embodiment shown in S302, and will not be described here.
After obtaining the historical average device number N1 corresponding to the device attribute value corresponding to each device attribute shown in table 1, the background server may continue to execute S303 to obtain historical transaction data of month 9 (hereinafter referred to as "month 9 data"); wherein the historical transaction data includes a plurality of device attribute values.
In this embodiment, after the 9-month data is acquired, the marking operation may be performed on the 9-month data using a post-determination method. In actual operation, if the initiating device of a piece of transaction data is determined as a risk device afterwards, the transaction data is marked as a label 1; if the initiating device of a piece of transaction data is determined to be a non-risk device afterwards, the piece of transaction data is marked as a label 0.
After marking the 9-month data, S304 may be executed to calculate an actual device number N2 corresponding to each device attribute value of the 9-month data record; the actual device number N2 corresponding to the device attribute value indicates the current date of occurrence of the transaction data including the device attribute value, and the number of terminal devices including the device attribute value.
In this step, the 9-month data may be sorted according to the occurrence time sequence; then, according to the above sorting sequence, each transaction data is operated as follows:
according to the sequence of the device attributes shown in table 1, the device attribute values corresponding to the device attributes in the transaction data are obtained, and the actual device number N2 corresponding to each device attribute value is calculated. The step of calculating N2 may refer to the embodiment shown in S304, and will not be described here.
After obtaining the actual device number N2 corresponding to the device attribute value, S305 may be executed to query the historical average device number N1 corresponding to the device attribute value, and substitute the above NI and N2 into the formula P ═ N2-N1)/N1, to calculate the device number change rate P corresponding to the device attribute value. For example, assume that the device attribute value is 100 for the historical average device number N1 corresponding to the hard disk capacity 128G, and 130 for the actual device number N2; the rate of change P of the number of devices corresponding to the device attribute value is 0.3.
After the device quantity change rate P corresponding to each device attribute value of each transaction data is calculated, S306 may be executed.
Specifically, the following A, B, C steps may be repeated to obtain the correspondence between the device number change rate packet and the WOE value:
A. sorting the equipment quantity change rates corresponding to the equipment attribute values belonging to the same attribute category according to a preset sequence, and dividing the equipment quantity change rates into a plurality of groups;
B. calculating the WOE value corresponding to each packet;
C. and obtaining the corresponding relation between the equipment quantity change rate group under the attribute type and the WOE value, and storing the corresponding relation in the background server.
Here, it should be noted that, the specific process for performing the step B may refer to the related art, and is not described in detail herein.
After obtaining the correspondence between the device number change rate packet and the WOE value, S307 may be executed to determine an effective attribute type from the attribute types.
Specifically, the following steps may be performed for the correspondence of the device number change rate packet and the WOE value:
sorting the equipment quantity change rate groups under the same attribute category according to a preset sequence;
determining whether the distribution trend of the WOE values corresponding to the sorted equipment quantity change rate groups accords with an expected distribution trend; wherein, the expected distribution trend is a distribution trend of WOE values maintained in the background server in advance;
if yes, determining the attribute type as a valid attribute type.
For example, referring to fig. 4, fig. 4 shows an expected distribution trend of WOE values. As shown in fig. 4, the abscissa indicates the device number change rate grouping under the device attribute category; the ordinate indicates the WOE value corresponding to each equipment number change rate packet; wherein, the expected distribution trend satisfies the trend that the horizontal coordinate is from left to right, the WOE value is firstly from high to low, and then from low to high.
In the above situation, when S307 is executed, if the device number change rates corresponding to the device attribute values of a certain attribute category are grouped in order from low to high;
determining whether the distribution trend of the WOE values corresponding to the sorted equipment attribute values meets the expected distribution trend shown in fig. 4; if so, the attribute category is determined to be a valid attribute category.
After determining the valid attribute category, S308 may be executed to build a risk scoring model (the specific construction process is not described here).
And the background server maintains the risk scoring model and the corresponding relation between the equipment quantity change rate group and the WOE value.
Suppose that currently (1 month in 2019) user 2 initiates a transaction for registering reward activity to the background server via terminal 2. At this time, after the background server receives the transaction request, attribute values of each device of the terminal 2 may be obtained; then, the background server may calculate, for a device attribute value corresponding to a preset device attribute (in this embodiment, the preset attribute type may be the valid attribute type determined in S307), a device number change rate corresponding to each device attribute value (a specific step is not described here).
After calculating the change rate of the number of devices corresponding to the device attribute value corresponding to the preset attribute category included in the terminal 2, determining the change rate grouping of the number of devices to which the change rate of the number of devices belongs based on the change rate of the number of devices; then, based on the device number change rate packet, querying a correspondence between the device number change rate packet stored in S306 and a WOE value to determine a WOE value corresponding to the device number change rate corresponding to each device attribute value; then, carrying out weighted calculation on the WOE values corresponding to the equipment quantity change rates corresponding to the equipment attribute values to obtain a calculation result, inputting the calculation result into the risk score model, and determining a risk score corresponding to the calculation result; finally, determining whether the risk score is greater than a threshold value; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.
For example, assuming that the threshold is 75, and the risk score corresponding to the terminal 2 is calculated as 80 through the above steps, it may be determined that the terminal 2 is a risk device with a tampered device identifier. Therefore, the risk equipment can be effectively identified through the technical scheme recorded in the application.
In one embodiment, after the risk device is identified, the background server may not respond to the transaction request initiated by the risk device, or reduce the issued reward funds, thereby improving the marketing effect.
Corresponding to the above method embodiment, the present application further provides a risk identification apparatus for a terminal device, which is applied to a server. Referring to fig. 5, fig. 5 is a structural diagram of a risk identification apparatus of a terminal device shown in the present application, where the apparatus includes:
an obtaining module 510 for obtaining transaction data initiated by a terminal device; wherein the transaction data comprises a plurality of device attribute values; the device attribute value is an attribute value corresponding to a preset attribute category included in the terminal device;
a calculating module 520, for calculating the change rate of the number of devices corresponding to the attribute values of the devices; the device number change rate corresponding to the device attribute value is a change rate of the number of terminal devices including the device attribute value in a unit time period corresponding to the occurrence time of the transaction data and a historical average number of terminal devices including the device attribute value in the unit time period;
a determining module 530, configured to calculate a risk score of the terminal device based on the device quantity change rate corresponding to each device attribute value, and determine whether the risk score is greater than a threshold; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.
In an illustrated embodiment, the rate of change of the number of devices corresponding to the device attribute value is calculated based on the formula P ═ N2-N1)/N1; wherein, P indicates the equipment quantity change rate corresponding to the equipment attribute value; n2 indicates the number of terminal devices that contain the device attribute value in a unit period corresponding to the occurrence time of the transaction data that includes the device attribute value; n1 indicates the history average number of terminal devices containing the device attribute value in the unit period.
In an illustrated embodiment, the server pre-maintains a correspondence between a change rate of the number of devices corresponding to the device attribute value and the WOE value;
the determining module 530 further includes:
based on the change rate of the number of devices corresponding to each device attribute value, inquiring the corresponding relation between the change rate of the number of devices corresponding to each device attribute value and the WOE value so as to determine the WOE value corresponding to the change rate of the number of devices corresponding to each device attribute value;
and carrying out weighted calculation on the WOE values corresponding to the equipment quantity change rates corresponding to the equipment attribute values to obtain the risk score of the terminal equipment.
In an embodiment, the apparatus further includes:
the storage module is used for acquiring historical transaction data of the marked risk judgment result label in a preset time period; wherein, the risk judgment result label indicates whether the terminal device initiating the historical transaction data is tampered with the device identifier;
calculating a WOE value corresponding to the equipment quantity change rate corresponding to each equipment attribute value based on the equipment quantity change rate corresponding to each equipment attribute value included in the historical transaction data;
and storing the corresponding relation between the change rate of the number of the devices corresponding to the device attribute values and the WOE value.
In an embodiment, the apparatus further includes:
the preset attribute type determining module is used for sequencing the equipment quantity change rates corresponding to the equipment attribute values belonging to the same attribute type according to a preset sequence;
determining whether the distribution trend of the WOE values corresponding to the equipment quantity change rates corresponding to the sorted equipment attribute values accords with an expected distribution trend; wherein, the expected distribution trend is a distribution trend of WOE values maintained in the server in advance;
if yes, determining the attribute type to be a preset attribute type.
The application shows that the embodiment of the risk identification device can be applied to the risk identification equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a device in a logical sense, the device is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for operation through the processor of the risk identification device where the device is located. In terms of hardware, as shown in fig. 6, the risk identification device shown in this application is a hardware structure diagram of a risk identification device where the risk identification device is located, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 6, the risk identification device where the risk identification device is located in the embodiment may also include other hardware according to the actual function of the risk identification device, which is not described in detail herein.
Please refer to fig. 6, which illustrates a risk identification device of a terminal device, where the device includes: a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the following method when executing the program:
acquiring transaction data initiated by a user through terminal equipment; wherein the transaction data comprises a plurality of device attribute values; the device attribute value is an attribute value corresponding to a preset attribute category included in the terminal device;
calculating the change rate of the number of the devices corresponding to the attribute values of the devices; the device number change rate corresponding to the device attribute value is a change rate of the number of terminal devices including the device attribute value in a unit time period corresponding to the occurrence time of the transaction data and a historical average number of terminal devices including the device attribute value in the unit time period;
calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; and if so, determining that the terminal equipment is the risk equipment with the tampered equipment identification.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements that have been described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
The above description is only exemplary of the present application and should not be taken as limiting the present application, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present application should be included in the scope of the present application.

Claims (9)

1. A risk identification method of a terminal device is applied to a server side, and the method comprises the following steps:
acquiring transaction data initiated by a user through terminal equipment; wherein the transaction data comprises a number of device attribute values; the device attribute value is an attribute value corresponding to a preset attribute category included by the terminal device;
calculating the change rate of the number of the devices corresponding to the attribute values of the devices; the device number change rate corresponding to the device attribute value is a change rate of the number of the terminal devices containing the device attribute value in a unit time period corresponding to the occurrence time of the transaction data and a historical average number of the terminal devices containing the device attribute value in the unit time period;
calculating the risk score of the terminal equipment based on the equipment quantity change rate corresponding to each equipment attribute value, and determining whether the risk score is greater than a threshold value; if so, determining that the terminal equipment is the risk equipment which is tampered with the equipment identifier;
the server maintains the corresponding relation between the equipment quantity change rate corresponding to the equipment attribute value and the evidence weight WOE value in advance; the calculating the risk score of the terminal device based on the device number change rate corresponding to each device attribute value includes:
based on the equipment quantity change rate corresponding to each equipment attribute value, inquiring the corresponding relation between the equipment quantity change rate corresponding to the equipment attribute value and the WOE value so as to determine the WOE value corresponding to the equipment quantity change rate corresponding to each equipment attribute value;
and carrying out weighted calculation on the WOE value corresponding to the equipment quantity change rate corresponding to each equipment attribute value to obtain the risk score of the terminal equipment.
2. The method according to claim 1, wherein the rate of change of the number of devices corresponding to the device attribute value is calculated based on a formula P ═ (N2-N1)/N1; wherein, P indicates the equipment quantity change rate corresponding to the equipment attribute value; n2 indicates the number of terminal devices that contain the device attribute value within a unit period corresponding to the occurrence time of the transaction data that includes the device attribute value; n1 indicates the historical average number of terminal devices containing the device attribute value within the unit period.
3. The method of claim 1, further comprising:
acquiring historical transaction data of a marked risk judgment result label in a preset time period; wherein the risk judgment result label indicates whether the terminal device initiating the historical transaction data is tampered with a device identifier;
calculating a WOE value corresponding to the equipment quantity change rate corresponding to each equipment attribute value based on the equipment quantity change rate corresponding to each equipment attribute value included in the historical transaction data;
and storing the corresponding relation between the change rate of the number of the devices corresponding to the device attribute values and the WOE value.
4. The method of claim 3, further comprising:
sorting the equipment quantity change rates corresponding to the equipment attribute values belonging to the same attribute category according to a preset sequence;
determining whether the distribution trend of the WOE values corresponding to the equipment quantity change rates corresponding to the sorted equipment attribute values accords with an expected distribution trend; wherein the expected distribution trend is a distribution trend of WOE values maintained in the server in advance;
if so, determining the attribute type to be a preset attribute type.
5. A risk identification device of a terminal device is applied to a server side, and the device comprises:
the acquisition module is used for acquiring transaction data initiated by a user through terminal equipment; wherein the transaction data comprises a number of device attribute values; the device attribute value is an attribute value corresponding to a preset attribute category included by the terminal device;
the calculation module is used for calculating the equipment quantity change rate corresponding to each equipment attribute value; the device number change rate corresponding to the device attribute value is a change rate of the number of the terminal devices containing the device attribute value in a unit time period corresponding to the occurrence time of the transaction data and a historical average number of the terminal devices containing the device attribute value in the unit time period;
a determining module, configured to calculate a risk score of the terminal device based on the device number change rate corresponding to each device attribute value, and determine whether the risk score is greater than a threshold; if so, determining that the terminal equipment is the risk equipment which is tampered with the equipment identifier;
the server maintains the corresponding relation between the equipment quantity change rate corresponding to the equipment attribute value and the evidence weight WOE value in advance; the determining module is specifically configured to:
based on the equipment quantity change rate corresponding to each equipment attribute value, inquiring the corresponding relation between the equipment quantity change rate corresponding to each equipment attribute value and the WOE value so as to determine the WOE value corresponding to the equipment quantity change rate corresponding to each equipment attribute value;
and carrying out weighted calculation on the WOE values corresponding to the equipment quantity change rates corresponding to the equipment attribute values to obtain the risk score of the terminal equipment.
6. The apparatus according to claim 5, wherein the rate of change of the number of devices corresponding to the device attribute value is calculated based on the formula P ═ (N2-N1)/N1; wherein, P indicates the equipment quantity change rate corresponding to the equipment attribute value; n2 indicates the number of terminal devices that contain the device attribute value within a unit period corresponding to the occurrence time of the transaction data that includes the device attribute value; n1 indicates the historical average number of terminal devices containing the device attribute value within the unit period.
7. The apparatus of claim 5, further comprising a storage module configured to:
acquiring historical transaction data of a marked risk judgment result label in a preset time period; wherein the risk judgment result label indicates whether the terminal device initiating the historical transaction data is tampered with a device identifier;
calculating a WOE value corresponding to the equipment quantity change rate corresponding to each equipment attribute value based on the equipment quantity change rate corresponding to each equipment attribute value included in the historical transaction data;
and storing the corresponding relation between the change rate of the number of the devices corresponding to the device attribute values and the WOE value.
8. The apparatus of claim 7, further comprising a preset attribute class determination module configured to:
sorting the equipment quantity change rates corresponding to the equipment attribute values belonging to the same attribute category according to a preset sequence;
determining whether the distribution trend of the WOE values corresponding to the equipment quantity change rates corresponding to the sorted equipment attribute values accords with an expected distribution trend; wherein the expected distribution trend is a distribution trend of WOE values maintained in the server in advance;
if so, determining the attribute type to be a preset attribute type.
9. A risk identification device, characterized in that the risk identification device comprises: memory, processor and computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the method according to any of claims 1-4.
CN201911242890.6A 2019-12-06 2019-12-06 Risk identification method and device of terminal equipment and equipment Active CN111080303B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911242890.6A CN111080303B (en) 2019-12-06 2019-12-06 Risk identification method and device of terminal equipment and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911242890.6A CN111080303B (en) 2019-12-06 2019-12-06 Risk identification method and device of terminal equipment and equipment

Publications (2)

Publication Number Publication Date
CN111080303A CN111080303A (en) 2020-04-28
CN111080303B true CN111080303B (en) 2022-05-31

Family

ID=70313096

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911242890.6A Active CN111080303B (en) 2019-12-06 2019-12-06 Risk identification method and device of terminal equipment and equipment

Country Status (1)

Country Link
CN (1) CN111080303B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103038795A (en) * 2009-12-24 2013-04-10 旅行者保险公司 Risk assessment and control, insurance premium determinations, and other applications using busyness
CN106612259A (en) * 2015-10-26 2017-05-03 阿里巴巴集团控股有限公司 Identity recognition method and device, service information processing method and device and biological feature information processing method and device
CN106815727A (en) * 2015-12-02 2017-06-09 阿里巴巴集团控股有限公司 A kind of Information Risk appraisal procedure and device
JP2017173940A (en) * 2016-03-22 2017-09-28 株式会社日立製作所 Security coping server and system
CN107220867A (en) * 2017-04-20 2017-09-29 北京小度信息科技有限公司 object control method and device
CN107563757A (en) * 2016-07-01 2018-01-09 阿里巴巴集团控股有限公司 The method and device of data risk control
CN107644340A (en) * 2016-07-22 2018-01-30 阿里巴巴集团控股有限公司 Risk Identification Method, client device and risk recognition system
CN110287440A (en) * 2019-06-27 2019-09-27 北京金山安全软件有限公司 Search engine optimization method and device, computer equipment and computer-readable storage medium
CN110493004A (en) * 2019-07-25 2019-11-22 东软集团股份有限公司 Digital certificate configuration method and device, digital certificate sign and issue method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9391985B2 (en) * 2005-04-26 2016-07-12 Guy Hefetz Environment-based two-factor authentication without geo-location

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103038795A (en) * 2009-12-24 2013-04-10 旅行者保险公司 Risk assessment and control, insurance premium determinations, and other applications using busyness
CN106612259A (en) * 2015-10-26 2017-05-03 阿里巴巴集团控股有限公司 Identity recognition method and device, service information processing method and device and biological feature information processing method and device
CN106815727A (en) * 2015-12-02 2017-06-09 阿里巴巴集团控股有限公司 A kind of Information Risk appraisal procedure and device
JP2017173940A (en) * 2016-03-22 2017-09-28 株式会社日立製作所 Security coping server and system
CN107563757A (en) * 2016-07-01 2018-01-09 阿里巴巴集团控股有限公司 The method and device of data risk control
CN107644340A (en) * 2016-07-22 2018-01-30 阿里巴巴集团控股有限公司 Risk Identification Method, client device and risk recognition system
CN107220867A (en) * 2017-04-20 2017-09-29 北京小度信息科技有限公司 object control method and device
CN110287440A (en) * 2019-06-27 2019-09-27 北京金山安全软件有限公司 Search engine optimization method and device, computer equipment and computer-readable storage medium
CN110493004A (en) * 2019-07-25 2019-11-22 东软集团股份有限公司 Digital certificate configuration method and device, digital certificate sign and issue method and device

Also Published As

Publication number Publication date
CN111080303A (en) 2020-04-28

Similar Documents

Publication Publication Date Title
WO2017202336A1 (en) Method and device for preventing fraudulent behavior with respect to advertisement, and storage medium
JP5735492B2 (en) Measuring the effectiveness of online advertising campaigns
US20080133321A1 (en) System and method for measuring awareness of online advertising using captchas
US20080133347A1 (en) System and method for providing semantic captchas for online advertising
US20080133348A1 (en) System and method for delivering online advertisements using captchas
WO2017031840A1 (en) Method and apparatus for allocating resource to user
CN109977403B (en) Malicious comment information identification method and device
US20160210656A1 (en) System for marketing touchpoint attribution bias correction
CN107657487A (en) A kind of advertisement placement method and device based on verification
US11165668B2 (en) Quality assessment and decision recommendation for continuous deployment of cloud infrastructure components
CN112529575B (en) Risk early warning method, equipment, storage medium and device
CN109102324B (en) Model training method, and red packet material laying prediction method and device based on model
CN109034867B (en) Click traffic detection method and device and storage medium
CN111178983A (en) User gender prediction method, device, equipment and storage medium
CN110191119A (en) A kind of determination method and device for the APP generating abnormal flow
US10726429B2 (en) Method and system for creating a control group for campaign measurements
CN112907293A (en) Reward information providing method and device, electronic equipment and storage medium
CN111080303B (en) Risk identification method and device of terminal equipment and equipment
CN110413926B (en) Questionnaire survey method and device
KR102024213B1 (en) Method for managing game using proficiency in game and apparatus thereof
CN110070383B (en) Abnormal user identification method and device based on big data analysis
CN112200577B (en) Block chain payment processing method combined with cloud computing analysis and big data service center
CN115311022A (en) Advertisement traffic identification method and device and computer readable storage medium
JP2023144423A (en) Bug detection rate threshold value update system, bug detection rate threshold value update method, and bug detection rate threshold value update program
CN111445284B (en) Determination method and device of orientation label, computing equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant