CN111107057A - Abnormal user account detection method, device, equipment and storage medium - Google Patents
Abnormal user account detection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN111107057A CN111107057A CN201911187052.3A CN201911187052A CN111107057A CN 111107057 A CN111107057 A CN 111107057A CN 201911187052 A CN201911187052 A CN 201911187052A CN 111107057 A CN111107057 A CN 111107057A
- Authority
- CN
- China
- Prior art keywords
- user account
- user
- abnormal
- account
- name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a method, a device, equipment and a storage medium for detecting an abnormal user account. The abnormal user account detection method comprises the following steps: receiving an abnormal personnel directory, wherein the abnormal personnel directory comprises: identity information of each abnormal person; respectively determining whether a real-name user corresponding to each stored user account and/or a corresponding related real-name user belong to abnormal persons in the abnormal person name list according to the identity information of each abnormal person; and when the real-name user corresponding to the user account and/or the corresponding related real-name user belong to abnormal people in the abnormal people name list, determining the user account as an abnormal user account. The method can effectively improve the security of the user account.
Description
Technical Field
The invention relates to the internet application technology, in particular to a method, a device, equipment and a storage medium for detecting an abnormal user account.
Background
In the current internet application or mobile application, management of account risk control usually adopts blacklist, reporting and other modes, and the security is low. And after the user account is frozen, the process of applying for unfreezing is very frequent, and the unfreezing process can be usually processed only in a offline mode, so that the processing efficiency is very low.
Particularly, for the industries needing to be monitored safely, such as insurance, finance and the like, a set of safe, complete and efficient abnormal account detection and processing strategy is further needed.
The above information disclosed in this background section is only for enhancement of understanding of the background of the invention and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the invention provides a method, an apparatus, a device and a storage medium for detecting an abnormal user account.
Additional features and advantages of the invention will be set forth in the detailed description which follows, or may be learned by practice of the invention.
According to an aspect of the present invention, a method for detecting an abnormal user account is provided, including: receiving an abnormal personnel directory, wherein the abnormal personnel directory comprises: identity information of each abnormal person; respectively determining whether a real-name user corresponding to each stored user account and/or a corresponding related real-name user belong to abnormal persons in the abnormal person name list according to the identity information of each abnormal person; and when the real-name user corresponding to the user account and/or the corresponding related real-name user belong to abnormal people in the abnormal people name list, determining the user account as an abnormal user account.
According to an embodiment of the present invention, the abnormal person includes: some or all of people with bad records, people who have died in the legal sense, wanted people.
According to an embodiment of the present invention, the related real-name users include: and part or all of the applicant, the insured, the insurance beneficiary and the payee are arranged in the user account.
According to an embodiment of the invention, the method further comprises: and when the abnormal login of the user account is detected, locking the user account within preset time.
According to an embodiment of the present invention, the preset time for locking the user account is determined according to an account level of the user account.
According to an embodiment of the present invention, the abnormal login of the user account includes: and when the number of times that the login information of the user account is not matched with the stored login information of the user account within a preset first time threshold value exceeds a preset first time threshold value, the user account logs in abnormally.
According to an embodiment of the present invention, the abnormal login of the user account includes: and when the fact that the number of times that the user account continuously logs in different user equipment within a preset second time threshold exceeds a preset second time threshold is detected, the user account logs in abnormally.
According to an embodiment of the present invention, the abnormal login of the user account includes: and when detecting that the number of times that the telephone number bound with the user account is frequently changed within a preset third time threshold exceeds a preset third time threshold, the user account logs in abnormally.
According to an embodiment of the present invention, the abnormal login of the user account includes: and when the number of times of the login position change of the user account within the preset fourth time threshold exceeds the preset fourth time threshold, the user account logs in abnormally.
According to an embodiment of the invention, the method further comprises: receiving login information of a user account sent by a client; inquiring whether the user account is determined to be an abnormal user account according to any one method; when the user account is determined to be the abnormal user account, freezing the user account, and sending freezing information of the user account to the client; detecting the account level of the user account when a thawing complaint request of the user account sent by the client is received; sending the account number grade of the user account number to the client so that the client can display different thawing complaint user interfaces; receiving thawing complaint information of the user account, which is input by a user based on the thawing complaint user interface; sending the account grade of the user account and the thawing complaint information to an account management platform, and sending a processing result of the thawing complaint request of the user account returned by the account management platform to the client; wherein the account rating comprises: the user account number is not authenticated by real name, the user account number is authenticated by real name, and the user account number of the purchased product.
According to an embodiment of the present invention, when the user account is the user account without real name authentication, the thawing complaint information includes: basic user information; when the user account is the real-name authenticated user account, the thawing complaint information includes: the basic user information and the strong authentication user information; when the user account is a user account of a purchased product, the thawing complaint information includes: the basic user information, the strong authentication user information and the purchased insurance policy material information; the processing result comprises audit information of the agent bound by the user account; wherein the basic user information includes: the telephone number bound with the user account, the real-name information of the user using the user account and the freezing reason description; the strong authentication user information includes: the real-name authentication method comprises the steps of authenticating partial or all of a picture of a user hand-held identity card, face recognition authentication and a relationship certification.
According to another aspect of the present invention, there is provided an abnormal user account detection apparatus, including: the directory receiving module is used for receiving an abnormal personnel directory, and the abnormal personnel directory comprises: identity information of each abnormal person; the personnel determining module is used for respectively determining whether the stored real-name users corresponding to the user accounts and/or the corresponding related real-name users belong to abnormal personnel in the abnormal personnel name list according to the identity information of the abnormal personnel; and the account number determining module is used for determining the user account number as an abnormal user account number when the real-name user corresponding to the user account number and/or the corresponding related real-name user belong to abnormal personnel in the abnormal personnel name list.
According to still another aspect of the present invention, there is provided a computer apparatus comprising: a memory, a processor and executable instructions stored in the memory and executable in the processor, the processor implementing any of the methods described above when executing the executable instructions.
According to yet another aspect of the present invention, there is provided a computer-readable storage medium having stored thereon computer-executable instructions which, when executed by a processor, implement any of the methods described above.
According to the abnormal user account detection method provided by the embodiment of the invention, the real-name user and/or the related real-name user of the user account are/is judged according to the abnormal personnel name list acquired from the third-party system, so that the safety of the user account can be effectively improved. In addition, according to some embodiments, the method further provides a security control strategy for performing user account early warning or locking in a short time according to the user account level, so that the security of the user account is further improved.
Further, according to the abnormal user account detection method provided by the embodiment of the invention, when the abnormal user account is determined to log in, the abnormal user account is temporarily frozen, and a set of complete online unfreezing complaint mechanism is provided, so that the abnormal user account is efficiently and safely processed.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings.
Fig. 1 is a schematic diagram illustrating an application scenario of an abnormal user account detection method according to an example.
Fig. 2 is a flowchart illustrating a method for detecting an abnormal user account according to an exemplary embodiment.
Fig. 3 is a flowchart illustrating another abnormal user account detection method according to an exemplary embodiment.
Fig. 4 is a block diagram illustrating an abnormal user account detection apparatus according to an exemplary embodiment.
Fig. 5 is a block diagram illustrating another abnormal user account detection apparatus according to an exemplary embodiment.
Fig. 6 is a schematic structural diagram of an electronic device according to an exemplary embodiment.
FIG. 7 is a schematic diagram illustrating a computer-readable storage medium in accordance with an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The drawings are merely schematic illustrations of the invention and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known structures, methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the invention.
In addition, in the description of the present invention, "and/or" describes an association relationship of associated objects, and indicates that three relationships may exist, for example, a and/or B, and may indicate that three cases, i.e., a exists alone, B exists alone, and a and B exist simultaneously. The symbol "/" generally indicates that the former and latter associated objects are in an "or" relationship. The terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature.
Fig. 1 is a schematic diagram illustrating an application scenario of an abnormal user account detection method according to an example. As shown in fig. 1, the application scenario involves: the system comprises a client 1, a server 2, a third-party system 3 and an account management platform 4.
The client 1 may be a client such as a browser, or may be an application developed based on a terminal device or a PC, which is not limited in the present invention.
The server 2 is configured to receive various service requests sent by the user based on the client 1, and send service processing results to the client 1 for display to the user through the client 1. The server 2 may be a single server or may be a distributed server cluster.
The third party system 3 may for example comprise: a system of the police department, which is mainly used to provide the server 2 with identity information of abnormal persons such as wanted person lists. Alternatively, the third-party system 3 may further include: a company/group system which is mainly used to provide a list of people such as people who have bad records and people who have died in legal meaning to the server 2.
The account management platform 4 is used for providing an account management platform for an account administrator, so that abnormal user account processing is completed in cooperation with a server.
Fig. 2 is a flowchart illustrating a method for detecting an abnormal user account according to an exemplary embodiment. The abnormal user account detection method shown in fig. 2 may be applied to the server 2 shown in fig. 1.
Referring to fig. 2, the abnormal user account detection method 10 includes:
in step S102, an abnormal person directory is received.
The abnormal personnel directory comprises: the identity information of each abnormal person, such as name, identification card number, birth date, identification card photo, etc.
For example, the abnormal person directory may be received from the third-party system 3 shown in fig. 1. The third-party system 3 may, for example, periodically send the list of abnormal persons to the server 2, or may send the list of abnormal persons to the server 2 when the list of abnormal persons stored therein is updated.
In some embodiments, as described above, the exception personnel may include, for example: some or all of people with bad records, people who have died in the legal sense, wanted people.
In step S104, it is determined whether the real-name user corresponding to each stored user account and/or the corresponding related real-name user belong to an abnormal person in the abnormal person directory, respectively, according to the identity information of each abnormal person.
After receiving the abnormal person directory, the server 2 compares the abnormal person directory with the real-name users corresponding to the user accounts and/or the corresponding related real-name users stored in the abnormal person directory to determine whether the real-name users and/or the related real-name users belong to abnormal persons in the abnormal person directory.
In some embodiments, taking the application of the method to insurance industry as an example, the related real-name users include: and part or all of the applicant, the insured, the insurance beneficiary and the payee are set in the user account.
In step S106, when the real-name user corresponding to the user account and/or the corresponding related real-name user belong to an abnormal person in the abnormal person directory, it is determined that the user account is an abnormal user account.
When the server 2 judges that the real-name user corresponding to the user account and/or the corresponding related real-name user belong to the abnormal person in the abnormal person directory, the user account is determined to be the abnormal user account. And the server 2 may also store the abnormal user account.
In some embodiments, the abnormal user account detection method 10 may further include: in step S108, when it is detected that the user account is abnormally logged in, the user account is locked for a short time.
The abnormal login of the user account comprises the following steps: when the number of times that the login information of the user account is not matched with the stored login information of the user account within a preset time threshold exceeds a preset first time threshold, the user account logs in abnormally; the login information of the user account not matching the stored login information of the user account may include, for example: the password corresponding to the input user account is not matched, the fingerprint information corresponding to the input user account is not matched, the face information corresponding to the input user account is not matched, the verification code information corresponding to the input user account is not matched, and the like.
For example, the verification code is sent for each function every day for no more than 10 times, and the account is locked for 24 hours if the number of times exceeds the set number; the face recognition information has each function every day, the failure times cannot exceed 10 times, and the account is locked for 24 hours if the failure times exceed the 10 times; the failure times of password input cannot exceed 10 times per day, and if the failure times exceed 10 times, the account number is locked for 24 hours, and the like.
And/or when the number of times that the user account is continuously logged on different user equipment is detected to exceed a preset second time threshold value, the user account logs in abnormally.
In addition, according to different account grades of the user account, early warning can be performed or the user account can be locked in a short time through the client 1. For example, for an account of a user without real-name authentication, warning is prompted for more than 3 times/day, and the account is locked for 24 hours for more than 10 times/day; prompting and early warning for the account number of the real-name authenticated user for more than 3 times/day, locking the account number for 24 hours for more than 10 times/day, and swiping face for authentication after unlocking; for the user account number which has purchased the product, the user is prompted for early warning for more than 3 times per day, and if the user accounts are temporarily frozen for more than 10 times per day, the user is required to actively apply for complaint processing.
And/or when the number of times that the telephone number bound with the user account is frequently changed is detected to exceed a preset third time threshold value, the user account logs in abnormally.
In addition, according to different account grades of the user account, early warning can be performed or the user account can be locked in a short time through the client 1. For example, for an account number of a user without real-name authentication, warning is prompted when the number of the account numbers exceeds 3/day, and the account number is locked for 24 hours when the number of the account numbers exceeds 10/day; for real-name authenticated user accounts, warning is prompted when the number of the accounts exceeds 3/day, the accounts are locked for 24 hours when the number of the accounts exceeds 10/day, and face brushing authentication is needed after unlocking; for the user account number of the purchased product, the user is prompted for early warning for more than 3 accounts per day, and the account number is temporarily frozen for more than 10 accounts per day, so that the user actively applies for complaint processing.
And/or when the number of times of the login position change of the user account within the preset fourth time threshold exceeds the preset fourth time threshold, the user account logs in abnormally.
In addition, according to different account grades of the user account, early warning can be performed or the user account can be locked in a short time through the client 1. For example, for an account number of a user without real-name authentication, warning is prompted for over 2 countries/day, and the account number is locked for 24 hours over 8 countries/day; for real-name authenticated user accounts, prompting and early warning is carried out in more than 2 countries/day, the accounts are locked for 24 hours in more than 8 countries/day, and face brushing authentication is needed after unlocking; for the user account number of the purchased product, the warning is prompted in more than 2 countries/day, and the account number is temporarily frozen in more than 8 countries/day, so that the user actively applies for complaint processing.
It should be noted that the setting of the threshold values is only an example and is not a limitation of the present invention. When in application, each threshold value can be set according to actual requirements.
According to the abnormal user account detection method provided by the embodiment of the invention, the real-name user and/or the related real-name user of the user account are/is judged according to the abnormal personnel name list acquired from the third-party system, so that the safety of the user account can be effectively improved. In addition, according to some embodiments, the method further provides a security control strategy for performing user account early warning or locking in a short time according to the user account level, so that the security of the user account is further improved.
It should be clearly understood that the present disclosure describes how to make and use particular examples, but the principles of the present disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a flowchart illustrating another abnormal user account detection method according to an exemplary embodiment. The abnormal user account detection method 20 shown in fig. 3 may be applied to the server 2 shown in fig. 1. Unlike the abnormal user detection method 10 shown in fig. 2, the abnormal user account detection method 20 further includes:
in step S202, login information of the user account sent by the client is received.
The server 2 shown in fig. 1 receives login information of a user account, such as a user name and a password, sent by the client 1.
In step S204, it is queried whether the user account has been determined to be an abnormal user account according to the method 10 described above.
For example, the server 2 inquires whether the user account is an abnormal user account among the stored abnormal user accounts.
In step S206, when the user account has been determined to be an abnormal user account, the user account is frozen, and the frozen information of the user account is sent to the client.
When the server 2 inquires that the user account is determined to be an abnormal user account, the user account is frozen, and the frozen information of the user account is sent to the client 1.
In addition, when the real-name authentication of the user account is legally dead or the user actively applies for account freezing, a permanent freezing mechanism for the user account is provided. And after the user account is permanently frozen, the user is not allowed to carry out thawing complaints on the user account.
In step S208, when a request for a complaint of thawing of the user account sent by the client is received, the account level of the user account is detected.
For example, when the client 1 receives the freeze information of the user account sent by the server 2, an indication that the user account is frozen is displayed to the user through the user interface. And if the user needs to perform online complaint, the thawing complaint request can be sent to the server 2 online through the client 1.
When the server 2 receives a thawing complaint request of a user account sent by a client, the account level of the user account is detected.
In some embodiments, the account rating may include: some or all of the user account which is not real-name authenticated, the user account which is real-name authenticated and the user account which has purchased the product.
In step S210, the account level of the user account is sent to the client, so that the client displays different thawing complaint user interfaces.
Based on different account grades, the client 1 displays different thawing complaint user interfaces to the user, so that the user provides different thawing complaint information according to different account grades.
In step S212, thawing complaint information of the user account input by the user based on the thawing complaint user interface is received.
After the user provides the corresponding thawing complaint information through the client 1, the client 1 sends the thawing complaint information to the server 2.
In some embodiments, when the user account is an unauthenticated user account, the unfreezing complaint information includes: basic user information. When the user account is a real-name authenticated user account, the thawing complaint information comprises: basic user information and strong authentication user information. When the user account is a user account of a purchased product, the thawing complaint information includes: basic user information, strong authentication user information and purchased policy material information. Wherein the basic user information includes: and the telephone number bound with the user account, the real-name information of the user using the user account and the freezing reason description. The strong authentication user information includes: the real-name authentication method comprises the steps of authenticating partial or all of a picture of a user hand-held identity card, face recognition authentication and a relationship certification.
In step S214, the account level and the thawing complaint information of the user account are sent to the account management platform, and the processing result of the thawing complaint request for the user account returned by the account management platform is sent to the client.
When receiving the corresponding thawing complaint information, the server 2 sends the account level and the thawing complaint information of the user account to the account management platform 4, so that an account administrator can process the thawing complaint request of the user on line through the account management platform 4.
And when the account administrator processes the thawing complaint request on line, returning a processing result to the client 1 through the server 2. And if the processing result is that the information is not passed, the client 1 displays corresponding information to the user so as to redirect the user to perform online thawing complaints.
In some embodiments, when the user account is a user account of a purchased product, the processing result includes audit information of an agent to which the user account is bound. That is, when the user account is a user account that has purchased a product, the account management platform 4 needs to be used to perform an audit by an agent bound to the user account, and after the agent passes the audit, the account manager further checks whether the user account meets an unfreezing condition, that is, whether unfreezing complaint information provided by the user meets the requirement of providing related information for the account level.
According to the abnormal user account detection method provided by the embodiment of the invention, when the abnormal user account is determined to log in, the abnormal user account is temporarily frozen, and a set of complete online thawing complaint mechanism is provided so as to efficiently and safely process the abnormal user account.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. The computer program, when executed by the CPU, performs the functions defined by the method provided by the present invention. The program of (a) may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
The following are embodiments of the apparatus of the present invention that may be used to perform embodiments of the method of the present invention. For details which are not disclosed in the embodiments of the apparatus of the present invention, reference is made to the embodiments of the method of the present invention.
Fig. 4 is a block diagram illustrating an abnormal user account detection apparatus according to an exemplary embodiment.
Referring to fig. 4, the abnormal user account detection apparatus 30 includes: a directory receiving module 302, a person determining module 304, and an account determining module 306.
The directory receiving module 302 is configured to receive a directory of abnormal people.
The abnormal person directory comprises: identity information of each abnormal person.
In some embodiments, the anomalous people include: some or all of people with bad records, people who have died in the legal sense, wanted people.
The person determining module 304 is configured to determine, according to the identity information of each abnormal person, whether a real-name user corresponding to each stored user account and/or a corresponding related real-name user belongs to an abnormal person in the abnormal person directory.
In some embodiments, the related real-name users include: and part or all of the applicant, the insured, the insurance beneficiary and the payee are arranged in the user account.
The account determining module 306 is configured to determine that the user account is an abnormal user account when the real-name user corresponding to the user account and/or the corresponding related real-name user belong to an abnormal person in the abnormal person directory.
In some embodiments, the abnormal user account detection apparatus 30 further includes: and the account locking module is used for locking the user account within preset time when the abnormal login of the user account is detected. Wherein, the abnormal login of the user account comprises the following steps: when the number of times that the stored login information of the user account is unmatched with the login information of the user account within a preset first time threshold value is detected to exceed a preset first time threshold value, the user account logs in abnormally; and/or when the number of times that the user account continuously logs in on different user equipment within a preset second time threshold exceeds a preset second time threshold is detected, the user account logs in abnormally; and/or when the number of times that the telephone number bound with the user account is frequently changed within a preset third time threshold exceeds a preset third time threshold is detected, the user account logs in abnormally; and/or when the number of times of the login position change of the user account within the preset fourth time threshold exceeds the preset fourth time threshold, the user account logs in abnormally.
According to the abnormal user account detection device provided by the embodiment of the invention, the real-name user and/or the related real-name user of the user account are/is judged according to the abnormal personnel name list acquired from the third-party system, so that the safety of the user account can be effectively improved. In addition, according to some embodiments, the method further provides a security control strategy for performing user account early warning or locking in a short time according to the user account level, so that the security of the user account is further improved.
Fig. 5 is a block diagram illustrating another abnormal user account detection apparatus according to an exemplary embodiment.
Referring to fig. 5, unlike the abnormal user account detection apparatus 30 shown in fig. 4, the abnormal user account processing apparatus 40 further includes: the system comprises an information receiving module 402, an account inquiring module 404, an account freezing module 406, a grade detecting module 408, a grade sending module 410, a complaint receiving module 412 and a result sending module 414.
The information receiving module 402 is configured to receive login information of a user account sent by a client.
The account query module 404 is configured to query whether the user account is determined to be an abnormal user account according to the method of any one of claims 1 to 4.
The account freezing module 406 is configured to freeze the user account and send freezing information of the user account to the client when the user account is determined to be the abnormal user account.
The level detection module 408 is configured to detect an account level of the user account when receiving a request for a complaint of thawing of the user account sent by the client.
Wherein the account rating comprises: the user account number is not authenticated by real name, the user account number is authenticated by real name, and the user account number of the purchased product.
The level sending module 410 is configured to send the account level of the user account to the client, so that the client displays different thawing complaint user interfaces.
The complaint receiving module 412 is configured to receive thawing complaint information of the user account input by the user based on the thawing complaint user interface.
The result sending module 414 is configured to send the account level of the user account and the thawing complaint information to an account management platform, and send a processing result of the thawing complaint request of the user account, which is returned by the account management platform, to the client.
In some embodiments, when the user account is the unauthenticated user account, the unfreezing complaint information includes: basic user information; when the user account is the real-name authenticated user account, the thawing complaint information includes: the basic user information and the strong authentication user information; when the user account is a user account of a purchased product, the thawing complaint information includes: the basic user information, the strong authentication user information and the purchased insurance policy material information; the processing result comprises audit information of the agent bound by the user account; wherein the basic user information includes: the telephone number bound with the user account, the real-name information of the user using the user account and the freezing reason description; the strong authentication user information includes: the real-name authentication method comprises the steps of authenticating partial or all of a picture of a user hand-held identity card, face recognition authentication and a relationship certification.
According to the abnormal user account detection device provided by the embodiment of the invention, when the abnormal user account is determined to log in, the abnormal user account is temporarily frozen, and a set of complete online thawing complaint mechanism is provided so as to efficiently and safely process the abnormal user account.
It is noted that the block diagrams shown in the above figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
Fig. 6 is a schematic structural diagram of an electronic device according to an exemplary embodiment. It should be noted that the electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 6, the electronic device 800 is in the form of a general purpose computer device. The components of the electronic device 800 include: at least one Central Processing Unit (CPU)801, which may perform various appropriate actions and processes according to program code stored in a Read Only Memory (ROM)802 or loaded from at least one storage unit 808 into a Random Access Memory (RAM) 803.
In particular, according to an embodiment of the present invention, the program code may be executed by the central processing unit 801, such that the central processing unit 801 performs the steps according to various exemplary embodiments of the present invention described in the above-mentioned method embodiment section of the present specification. For example, the central processing unit 801 may perform the steps as shown in fig. 2 or fig. 3.
In the RAM 803, various programs and data necessary for the operation of the electronic apparatus 800 are also stored. The CPU 801, ROM802, and RAM 803 are connected to each other via a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.
The following components are connected to the I/O interface 805: an input unit 806 including a keyboard, a mouse, and the like; an output unit 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage unit 808 including a hard disk and the like; and a communication unit 809 including a network interface card such as a LAN card, a modem, or the like. The communication unit 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage unit 808 as necessary.
FIG. 7 is a schematic diagram illustrating a computer-readable storage medium in accordance with an example embodiment.
Referring to fig. 7, a program product 900 configured to implement the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable medium carries one or more programs which, when executed by a device, cause the computer readable medium to carry out the functions shown in fig. 2 or fig. 3.
Exemplary embodiments of the present invention are specifically illustrated and described above. It is to be understood that the invention is not limited to the precise construction, arrangements, or instrumentalities described herein; on the contrary, the invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A method for detecting an abnormal user account is characterized by comprising the following steps:
receiving an abnormal personnel directory, wherein the abnormal personnel directory comprises: identity information of each abnormal person;
respectively determining whether a real-name user corresponding to each stored user account and/or a corresponding related real-name user belong to abnormal persons in the abnormal person name list according to the identity information of each abnormal person; and
and when the real-name user corresponding to the user account and/or the corresponding related real-name user belong to the abnormal person in the abnormal person name list, determining that the user account is the abnormal user account.
2. The method of claim 1, further comprising: and when the abnormal login of the user account is detected, locking the user account within preset time.
3. The method of claim 2, wherein the preset time for locking the user account is determined according to an account rating of the user account.
4. The method of claim 2, wherein the user account being logged in abnormally comprises: and when the number of times that the login information of the user account is not matched with the stored login information of the user account within a preset first time threshold value exceeds a preset first time threshold value, the user account logs in abnormally.
5. The method of claim 2, wherein the user account being logged in abnormally comprises: and when the fact that the number of times that the user account continuously logs in different user equipment within a preset second time threshold exceeds a preset second time threshold is detected, the user account logs in abnormally.
6. The method of any one of claims 1-5, further comprising:
receiving login information of a user account sent by a client;
querying whether the user account is determined to be the abnormal user account;
when the user account is determined to be the abnormal user account, freezing the user account, and sending freezing information of the user account to the client;
detecting the account level of the user account when a thawing complaint request of the user account sent by the client is received;
sending the account number grade of the user account number to the client so that the client can display different thawing complaint user interfaces;
receiving thawing complaint information of the user account, which is input by a user based on the thawing complaint user interface;
sending the account grade of the user account and the thawing complaint information to an account management platform, and sending a processing result of the thawing complaint request of the user account returned by the account management platform to the client;
wherein the account rating comprises: the user account number is not authenticated by real name, the user account number is authenticated by real name, and the user account number of the purchased product.
7. The method of claim 6, wherein when the user account is the unauthenticated user account, the unfreezing complaint information comprises: basic user information;
when the user account is the real-name authenticated user account, the thawing complaint information includes: the basic user information and the strong authentication user information;
when the user account is a user account of a purchased product, the thawing complaint information includes: the basic user information, the strong authentication user information and the purchased insurance policy material information; the processing result comprises audit information of the agent bound by the user account;
wherein the basic user information includes: the telephone number bound with the user account, the real-name information of the user using the user account and the freezing reason description;
the strong authentication user information includes: the real-name authentication method comprises the steps of authenticating partial or all of a picture of a user hand-held identity card, face recognition authentication and a relationship certification.
8. An abnormal user account detection device, comprising:
the directory receiving module is used for receiving an abnormal personnel directory, and the abnormal personnel directory comprises: identity information of each abnormal person;
the personnel determining module is used for respectively determining whether the stored real-name users corresponding to the user accounts and/or the corresponding related real-name users belong to abnormal personnel in the abnormal personnel name list according to the identity information of the abnormal personnel; and
and the account determining module is used for determining the user account as an abnormal user account when the real-name user corresponding to the user account and/or the corresponding related real-name user belong to the abnormal person in the abnormal person name list.
9. A computer device, comprising: memory, processor and executable instructions stored in the memory and executable in the processor, characterized in that the processor implements the method according to any of claims 1-7 when executing the executable instructions.
10. A computer-readable storage medium having stored thereon computer-executable instructions, which when executed by a processor, implement the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911187052.3A CN111107057B (en) | 2019-11-28 | 2019-11-28 | Abnormal user account detection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911187052.3A CN111107057B (en) | 2019-11-28 | 2019-11-28 | Abnormal user account detection method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111107057A true CN111107057A (en) | 2020-05-05 |
| CN111107057B CN111107057B (en) | 2022-06-14 |
Family
ID=70421071
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911187052.3A Active CN111107057B (en) | 2019-11-28 | 2019-11-28 | Abnormal user account detection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111107057B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111985703A (en) * | 2020-08-12 | 2020-11-24 | 支付宝(杭州)信息技术有限公司 | User identity state prediction method, device and equipment |
| CN112232809A (en) * | 2020-09-24 | 2021-01-15 | 支付宝(杭州)信息技术有限公司 | Data management method, device and equipment for frozen account and storage medium |
| WO2021237386A1 (en) * | 2020-05-23 | 2021-12-02 | 游戏橘子数位科技股份有限公司 | Method for detecting account state |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101790159A (en) * | 2009-01-24 | 2010-07-28 | 丁聚岗 | Method for binding and protecting network account by using telephone |
| WO2013054983A1 (en) * | 2011-10-13 | 2013-04-18 | Neople, Inc. | Apparatus and method for detecting abnormal account |
| CN103139155A (en) * | 2011-11-28 | 2013-06-05 | 阿里巴巴集团控股有限公司 | Processing method, equipment and system of reporting information |
| CN104156799A (en) * | 2014-07-11 | 2014-11-19 | 广东建邦计算机软件有限公司 | Floating population information management method and system |
| CN104852886A (en) * | 2014-02-14 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Protection method and device for user account |
| US20160094529A1 (en) * | 2014-09-29 | 2016-03-31 | Dropbox, Inc. | Identifying Related User Accounts Based on Authentication Data |
| CN105635044A (en) * | 2014-10-28 | 2016-06-01 | 腾讯科技(深圳)有限公司 | Information synchronization method and device |
| CN108010137A (en) * | 2017-12-07 | 2018-05-08 | 广州地铁设计研究院有限公司 | A kind of urban track traffic system of real name carrier ticket-checking system and method |
| CN108062629A (en) * | 2017-12-26 | 2018-05-22 | 平安科技(深圳)有限公司 | Processing method, terminal device and the medium of transaction event |
| CN108494796A (en) * | 2018-04-11 | 2018-09-04 | 广州虎牙信息科技有限公司 | Method for managing black list, device, equipment and storage medium |
| US20180260266A1 (en) * | 2015-11-10 | 2018-09-13 | Alibaba Group Holding Limited | Identifying potential solutions for abnormal events based on historical data |
| CN108540431A (en) * | 2017-03-03 | 2018-09-14 | 阿里巴巴集团控股有限公司 | The recognition methods of account type, device and system |
| CN109660513A (en) * | 2018-11-13 | 2019-04-19 | 微梦创科网络科技(中国)有限公司 | A kind of method and device based on Storm cluster identification problem account |
| CN109936525A (en) * | 2017-12-15 | 2019-06-25 | 阿里巴巴集团控股有限公司 | A kind of abnormal account preventing control method, device and equipment based on graph structure model |
| CN110120912A (en) * | 2019-05-10 | 2019-08-13 | 腾讯科技(深圳)有限公司 | Rich-media content processing method, device, readable storage medium storing program for executing and computer equipment |
| CN110378132A (en) * | 2019-06-20 | 2019-10-25 | 深圳市掌握时代互联网应用科技有限公司 | A kind of user's real information encryption system of hunting for treasure based on logistic chaotic maps |
-
2019
- 2019-11-28 CN CN201911187052.3A patent/CN111107057B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101790159A (en) * | 2009-01-24 | 2010-07-28 | 丁聚岗 | Method for binding and protecting network account by using telephone |
| WO2013054983A1 (en) * | 2011-10-13 | 2013-04-18 | Neople, Inc. | Apparatus and method for detecting abnormal account |
| CN103139155A (en) * | 2011-11-28 | 2013-06-05 | 阿里巴巴集团控股有限公司 | Processing method, equipment and system of reporting information |
| CN104852886A (en) * | 2014-02-14 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Protection method and device for user account |
| CN104156799A (en) * | 2014-07-11 | 2014-11-19 | 广东建邦计算机软件有限公司 | Floating population information management method and system |
| US20160094529A1 (en) * | 2014-09-29 | 2016-03-31 | Dropbox, Inc. | Identifying Related User Accounts Based on Authentication Data |
| CN105635044A (en) * | 2014-10-28 | 2016-06-01 | 腾讯科技(深圳)有限公司 | Information synchronization method and device |
| US20180260266A1 (en) * | 2015-11-10 | 2018-09-13 | Alibaba Group Holding Limited | Identifying potential solutions for abnormal events based on historical data |
| CN108540431A (en) * | 2017-03-03 | 2018-09-14 | 阿里巴巴集团控股有限公司 | The recognition methods of account type, device and system |
| CN108010137A (en) * | 2017-12-07 | 2018-05-08 | 广州地铁设计研究院有限公司 | A kind of urban track traffic system of real name carrier ticket-checking system and method |
| CN109936525A (en) * | 2017-12-15 | 2019-06-25 | 阿里巴巴集团控股有限公司 | A kind of abnormal account preventing control method, device and equipment based on graph structure model |
| CN108062629A (en) * | 2017-12-26 | 2018-05-22 | 平安科技(深圳)有限公司 | Processing method, terminal device and the medium of transaction event |
| CN108494796A (en) * | 2018-04-11 | 2018-09-04 | 广州虎牙信息科技有限公司 | Method for managing black list, device, equipment and storage medium |
| CN109660513A (en) * | 2018-11-13 | 2019-04-19 | 微梦创科网络科技(中国)有限公司 | A kind of method and device based on Storm cluster identification problem account |
| CN110120912A (en) * | 2019-05-10 | 2019-08-13 | 腾讯科技(深圳)有限公司 | Rich-media content processing method, device, readable storage medium storing program for executing and computer equipment |
| CN110378132A (en) * | 2019-06-20 | 2019-10-25 | 深圳市掌握时代互联网应用科技有限公司 | A kind of user's real information encryption system of hunting for treasure based on logistic chaotic maps |
Non-Patent Citations (3)
| Title |
|---|
| SHIZHEN ZHANG ET AL: "Application of System Calls in Abnormal User Behavioral Detection in Social Networks", 《SPRINGER》 * |
| 王峥: "基于特征加权贝叶斯神经网络的微博异常账号检测", 《计算机与数字工程》 * |
| 谢亚龙: "账户监管评估系统的设计和应用", 《金融科技时代》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021237386A1 (en) * | 2020-05-23 | 2021-12-02 | 游戏橘子数位科技股份有限公司 | Method for detecting account state |
| CN111985703A (en) * | 2020-08-12 | 2020-11-24 | 支付宝(杭州)信息技术有限公司 | User identity state prediction method, device and equipment |
| CN111985703B (en) * | 2020-08-12 | 2022-07-29 | 支付宝(杭州)信息技术有限公司 | User identity state prediction method, device and equipment |
| CN112232809A (en) * | 2020-09-24 | 2021-01-15 | 支付宝(杭州)信息技术有限公司 | Data management method, device and equipment for frozen account and storage medium |
| CN112232809B (en) * | 2020-09-24 | 2022-09-16 | 支付宝(杭州)信息技术有限公司 | Data management method, device and equipment for frozen account and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111107057B (en) | 2022-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11017100B2 (en) | Identity fraud risk engine platform | |
| CN111107057B (en) | Abnormal user account detection method, device, equipment and storage medium | |
| US10778839B1 (en) | Detecting and preventing phishing phone calls through verified attribute analysis | |
| US9282114B1 (en) | Generation of alerts in an event management system based upon risk | |
| US9426655B2 (en) | Legal authentication message confirmation system and method | |
| US10503896B2 (en) | Detecting data breaches | |
| US20230245246A1 (en) | Security and identity verification system and architecture | |
| KR100745044B1 (en) | Apparatus and method for protecting access of phishing site | |
| WO2015062530A1 (en) | User account information management method, user account management server, sales terminal and system | |
| US8601574B2 (en) | Anti-phishing methods based on an aggregate characteristic of computer system logins | |
| CN111756745B (en) | Alarm method, alarm device, terminal equipment and computer readable storage medium | |
| CN112437428A (en) | Verification method and server | |
| US20220129586A1 (en) | Methods and systems for processing agency-initiated privacy requests | |
| TWI743854B (en) | Violation presumption system, violation presumption method and program products | |
| EP1986151A1 (en) | A data processing system, method and computer program product for providing a service to a service requester | |
| CN114862212A (en) | Internet asset management method and device, electronic equipment and storage medium | |
| CN113989059A (en) | Customer information checking method, system, computer device and storage medium | |
| CN112069222A (en) | Enterprise policy query system based on big data | |
| CN110943982A (en) | Document data encryption method and device, electronic equipment and storage medium | |
| JP7059741B2 (en) | Fraud detection device, fraud detection method and fraud detection program | |
| US8977564B2 (en) | Billing account reject solution | |
| CN116582369B (en) | Willingness authentication method for online subscription | |
| CN115002074B (en) | Information acquisition method, device, equipment and storage medium | |
| CN111970225B (en) | Monitoring method and system of terminal equipment, computer equipment and storage medium | |
| CN117874791A (en) | Risk assessment method and device for information query and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |