CN111147944A - On-demand infringement risk discovery method based on big data log analysis - Google Patents
On-demand infringement risk discovery method based on big data log analysis Download PDFInfo
- Publication number
- CN111147944A CN111147944A CN201911361813.2A CN201911361813A CN111147944A CN 111147944 A CN111147944 A CN 111147944A CN 201911361813 A CN201911361813 A CN 201911361813A CN 111147944 A CN111147944 A CN 111147944A
- Authority
- CN
- China
- Prior art keywords
- abnormal
- video
- watching
- user
- log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/47—End-user applications
- H04N21/472—End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
- H04N21/47202—End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
- H04N21/44204—Monitoring of content usage, e.g. the number of times a movie has been viewed, copied or the amount which has been watched
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
- H04N21/44213—Monitoring of end-user related data
- H04N21/44222—Analytics of user selections, e.g. selection of programs or purchase activity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
- H04N21/44236—Monitoring of piracy processes or activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/466—Learning process for intelligent management, e.g. learning user preferences for recommending movies
- H04N21/4662—Learning process for intelligent management, e.g. learning user preferences for recommending movies characterized by learning algorithms
- H04N21/4665—Learning process for intelligent management, e.g. learning user preferences for recommending movies characterized by learning algorithms involving classification methods, e.g. Decision trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/845—Structuring of content, e.g. decomposing content into time segments
- H04N21/8456—Structuring of content, e.g. decomposing content into time segments by decomposing the content in the time domain, e.g. in time segments
Abstract
A big data log analysis-based on-demand infringement risk discovery method is characterized by comprising the following steps: a. collecting video watching service related logs; b. analyzing the video watching log; c. respectively counting accumulated abnormal feature tables aiming at each video; d. counting the characteristic range of the number of videos watched in a unit time of a single user; e. extracting abnormal threshold values of the indexes to serve as abnormal judgment rules; f. judging whether screen recording suspicion exists or not through an abnormal threshold; g. judging whether the cracking suspicion exists or not through an abnormal threshold; h. the suspect user is locked. Compared with the prior art, the method has the advantages of effectively discovering screen recording and cracking behaviors in the on-demand service.
Description
The technical field is as follows: the invention relates to the field of computers, in particular to a technique for preventing piracy on demand.
Background
In on-demand services, there are two common types of infringement: screen recording and cracking. There is currently no effective way to discover such that measures can be taken to effectively prevent such infringement.
Disclosure of Invention
The invention aims to provide a method for discovering the piracy risk of the on-demand based on the analysis of a big data log, which can effectively discover screen recording and cracking behaviors in on-demand services.
The invention is realized by the following steps:
the method comprises the following steps:
a. collecting logs related to a video watching service, completely collecting logs of an encrypted video watching process, playing a key file of a service to obtain a voucher token created log, playing an address request log, decrypting a request log of the key file, a request log of a video slice file and a log of a playing event;
b. analyzing the video watching logs, completely analyzing the parameters attached to the logs to obtain a structured result, and storing the structured result in a distributed storage;
c. respectively counting accumulated watching time, dragging times, double-speed switching, pause times, watching completion degrees, a slicing file request speed index and a referrer and user-agent abnormal feature table aiming at each video;
d. counting the characteristic range of the number of videos watched in a unit time of a single user;
e. extracting abnormal threshold values of the indexes to serve as abnormal judgment rules;
f. judging whether screen recording suspicion exists or not through an abnormal threshold value according to indexes such as the viewing duration, dragging times, double-speed switching, pause times, completion degree and the like of inquiring single viewing behaviors;
g. judging whether a cracking suspicion exists or not through an abnormal threshold value according to the refer and user-agent string detection of inquiring the single watching behavior and the access rate of the video slice file;
h. and obtaining the user ID when the token is issued according to the suspected play tracking ID association, thereby locking the suspected user.
The principle on which the technology of the invention is based is as follows:
in the on-demand service, a user finishes watching a video and relates to a series of service flows, so that ordered log events throughout the whole process are generated, and log data are analyzed by means of a log acquisition and convergence platform.
The video viewing behavior of most viewers has certain statistical characteristics (browsing speed, pause, fast forward, browsed content, amount, request object, etc.), so the behavior with such statistical characteristics can be regarded as normal legal behavior.
Two types of infringement are common to normal viewers: screen recording and cracking.
1) In order to achieve the purpose of recording the screen, a screen recorder must ensure that the video is played at a normal speed from beginning to end, and when a normal general audience who requests the video watches the video for a certain time, a certain amount of pause, window switching, fast forward and other actions are generated because complete attention cannot be ensured or other requirements such as drinking water and going to a toilet are met. By utilizing the difference of the statistical characteristics of the screen recording person and the general audience, the possible watching behaviors with screen recording can be distinguished by counting the corresponding video attributes and the behavior characteristics of the audience.
2) The cracker decrypts the encrypted video slice file after obtaining the played key through normal service authentication, so as to obtain the complete video content. The behavior of a cracker may have the following characteristics compared to a normal audience:
1. the time interval for acquiring the video slice file resource after acquiring the decryption key is different from the normal behavior;
2. the speed of requesting video slice file resources is different from the way of loading file by file in normal playing;
3. a large amount of video contents are requested in the same time period and exceed the normal watching amount range of a normal user within a certain time period;
4. a downloading tool is used for requesting to download the video slice file resource instead of a normal player, and the user-agent and the referrer of the http request header of the downloading tool are different from those of a normal audience;
5. forged play events are used or no play events are present.
In this way, by collecting the video viewing service-related log, the on-demand and viewing behavior characteristics of the jukebox are obtained, and these characteristics include: the method comprises the steps of judging whether a screen recording suspicion exists or not through an abnormal threshold according to indexes such as viewing duration, dragging times, double speed switching, pause times, viewing completion times, slicing file request speed and the like and abnormal feature tables of a refer and a user-agent; and judging whether the cracking suspicion exists or not through an abnormal threshold value according to the refer and user-agent string detection of inquiring the single watching behavior and the access rate of the video slice file.
Here, the anomaly threshold may be obtained by:
1. based on clustering, outliers exist after clustering is completed, and the outliers can be judged to be abnormal;
2. based on isolated forest isolation forest.
Typically, the data of anomalies (i.e., anomaly thresholds) is only a small fraction of the total test data sample, and common classification algorithms such as: SVM, logistic regression, etc. are not suitable. The isolated forest algorithm is just very suitable for the scenes, firstly, the data have certain continuity, secondly, the abnormal data have obvious outlier characteristics, and finally, the generation of the abnormal data is a small probability event.
Compared with the prior art, the invention effectively promotes the discovery and tracing of the play behavior with infringement risk by monitoring and analyzing the watching behavior log of the audience, and discovers the infringement behavior according to the discovery, thereby having the advantage of effectively discovering the screen recording and cracking behaviors in the on-demand service.
Detailed Description
The present invention will now be described in further detail with reference to examples:
the method comprises the following steps:
a. collecting logs related to a video watching service, completely collecting logs of an encrypted video watching process, playing a key file of a service to obtain a voucher token created log, playing an address request log, decrypting a request log of the key file, a request log of a video slice file and a log of a playing event;
b. analyzing the video watching logs, completely analyzing the parameters attached to the logs to obtain a structured result, and storing the structured result in a distributed storage;
c. respectively counting accumulated watching time, dragging times, double-speed switching, pause times, watching completion degrees, a slicing file request speed index and a referrer and user-agent abnormal feature table aiming at each video;
d. counting the characteristic range of the number of videos watched in a unit time of a single user;
e. extracting abnormal threshold values of the indexes to serve as abnormal judgment rules;
f. judging whether screen recording suspicion exists or not through an abnormal threshold value according to indexes such as the viewing duration, dragging times, double-speed switching, pause times, completion degree and the like of inquiring single viewing behaviors;
g. judging whether a cracking suspicion exists or not through an abnormal threshold value according to the refer and user-agent string detection of inquiring the single watching behavior and the access rate of the video slice file;
h. and obtaining the user ID when the token is issued according to the suspected play tracking ID association, thereby locking the suspected user.
Here, the anomaly threshold may be obtained by:
a. based on clustering, outliers exist after clustering is completed, and the outliers can be judged to be abnormal;
b. based on isolated forest isolation forest.
Claims (2)
1. A big data log analysis-based on-demand infringement risk discovery method is characterized by comprising the following steps:
a. collecting logs related to a video watching service, completely collecting logs of an encrypted video watching process, playing a key file of a service to obtain a voucher token created log, playing an address request log, decrypting a request log of the key file, a request log of a video slice file and a log of a playing event;
b. analyzing the video watching logs, completely analyzing the parameters attached to the logs to obtain a structured result, and storing the structured result in a distributed storage;
c. respectively counting accumulated watching time, dragging times, double-speed switching, pause times, watching completion degrees, a slicing file request speed index and a referrer and user-agent abnormal feature table aiming at each video;
d. counting the characteristic range of the number of videos watched in a unit time of a single user;
e. extracting abnormal threshold values of the indexes to serve as abnormal judgment rules;
f. judging whether screen recording suspicion exists or not through an abnormal threshold value according to indexes such as the viewing duration, dragging times, double-speed switching, pause times, completion degree and the like of inquiring single viewing behaviors;
g. judging whether a cracking suspicion exists or not through an abnormal threshold value according to the refer and user-agent string detection of inquiring the single watching behavior and the access rate of the video slice file;
h. and obtaining the user ID when the token is issued according to the suspected play tracking ID association, thereby locking the suspected user.
2. The big data log analysis-based on-demand infringement risk discovery method as claimed in claim 1, wherein: the anomaly threshold may be obtained by:
a. based on clustering, outliers exist after clustering is completed, and the outliers can be judged to be abnormal;
b. based on isolated forest isolation forest.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911361813.2A CN111147944B (en) | 2019-12-26 | 2019-12-26 | On-demand infringement risk discovery method based on big data log analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911361813.2A CN111147944B (en) | 2019-12-26 | 2019-12-26 | On-demand infringement risk discovery method based on big data log analysis |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111147944A true CN111147944A (en) | 2020-05-12 |
CN111147944B CN111147944B (en) | 2021-11-09 |
Family
ID=70520364
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911361813.2A Active CN111147944B (en) | 2019-12-26 | 2019-12-26 | On-demand infringement risk discovery method based on big data log analysis |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111147944B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114173138A (en) * | 2021-10-22 | 2022-03-11 | 武汉斗鱼网络科技有限公司 | Method, device, medium and equipment for processing abnormal video up master |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130219518A1 (en) * | 2011-04-11 | 2013-08-22 | Namakkal S. Sambamurthy | Methods and Systems for Generating History Data of System Use and Replay Mode for Identifying Security Events Showing Data and User Bindings |
CN103281594A (en) * | 2012-01-12 | 2013-09-04 | 特克特朗尼克公司 | Monitoring over-the-top adaptive video streaming in a network |
CN103297435A (en) * | 2013-06-06 | 2013-09-11 | 中国科学院信息工程研究所 | Abnormal access behavior detection method and system on basis of WEB logs |
US20150149134A1 (en) * | 2013-11-27 | 2015-05-28 | Falkonry Inc. | Learning Expected Operational Behavior Of Machines From Generic Definitions And Past Behavior |
CN106599295A (en) * | 2016-12-27 | 2017-04-26 | 四川中电启明星信息技术有限公司 | Multi-track visual analyzing evidence-collecting method for user behaviors and system |
CN107302547A (en) * | 2017-08-21 | 2017-10-27 | 深信服科技股份有限公司 | A kind of web service exceptions detection method and device |
CN107465647A (en) * | 2016-06-06 | 2017-12-12 | 北京优朋普乐科技有限公司 | A kind of compensation deals method and apparatus after stolen chain |
-
2019
- 2019-12-26 CN CN201911361813.2A patent/CN111147944B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130219518A1 (en) * | 2011-04-11 | 2013-08-22 | Namakkal S. Sambamurthy | Methods and Systems for Generating History Data of System Use and Replay Mode for Identifying Security Events Showing Data and User Bindings |
CN103281594A (en) * | 2012-01-12 | 2013-09-04 | 特克特朗尼克公司 | Monitoring over-the-top adaptive video streaming in a network |
CN103297435A (en) * | 2013-06-06 | 2013-09-11 | 中国科学院信息工程研究所 | Abnormal access behavior detection method and system on basis of WEB logs |
US20150149134A1 (en) * | 2013-11-27 | 2015-05-28 | Falkonry Inc. | Learning Expected Operational Behavior Of Machines From Generic Definitions And Past Behavior |
CN107465647A (en) * | 2016-06-06 | 2017-12-12 | 北京优朋普乐科技有限公司 | A kind of compensation deals method and apparatus after stolen chain |
CN106599295A (en) * | 2016-12-27 | 2017-04-26 | 四川中电启明星信息技术有限公司 | Multi-track visual analyzing evidence-collecting method for user behaviors and system |
CN107302547A (en) * | 2017-08-21 | 2017-10-27 | 深信服科技股份有限公司 | A kind of web service exceptions detection method and device |
Non-Patent Citations (1)
Title |
---|
周茜: "网络游戏直播版权保护问题研究", 《中国优秀硕士学位论文全文数据库 社会科学Ⅰ辑》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114173138A (en) * | 2021-10-22 | 2022-03-11 | 武汉斗鱼网络科技有限公司 | Method, device, medium and equipment for processing abnormal video up master |
CN114173138B (en) * | 2021-10-22 | 2023-08-22 | 广州新特珑电子有限公司 | Method, device, medium and equipment for processing abnormal video up master |
Also Published As
Publication number | Publication date |
---|---|
CN111147944B (en) | 2021-11-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11770581B2 (en) | Systems and methods for recording relevant portions of a media asset | |
Reed et al. | Identifying https-protected netflix videos in real-time | |
US8601503B2 (en) | Detecting distribution of multimedia content | |
Pires et al. | YouTube live and Twitch: a tour of user-generated live streaming systems | |
US20180247305A1 (en) | Systems and methods to identify target video content | |
CN107734362B (en) | Video source determination method and device and computer readable storage medium | |
KR100961461B1 (en) | Multiple step identification of recordings | |
US20130067109A1 (en) | Monitoring Over-the-Top Adaptive Video Streaming | |
US20150249852A1 (en) | Systems and methods for crowd-sourced media access control | |
WO2013184875A2 (en) | Systems and methods for compiling media information based on privacy and reliability metrics | |
US20170264960A1 (en) | Content management in a network environment | |
CN1577600A (en) | Network system, server, data recording and playing device, method for the same, and program | |
CN106209781A (en) | A kind of based on the access recognition methods of statistical exceptional interface | |
Ali-Eldin et al. | Analysis and characterization of a video-on-demand service workload | |
CN108769749B (en) | Method for determining data embezzlement, client and server | |
CN111147944B (en) | On-demand infringement risk discovery method based on big data log analysis | |
Xu et al. | Catch-up TV recommendations: show old favourites and find new ones | |
US20070204118A1 (en) | System and method of managing the memory content of a device | |
Chen et al. | A lifetime model of online video popularity | |
EP4084485A1 (en) | Methods, systems, and devices for detecting over-the-top piracy | |
KR101400062B1 (en) | System of security management for iptv set top box | |
US20230007932A1 (en) | System and Method for Mitigating Risk of Frauds Related to Streaming Content Consumption | |
CN110381375B (en) | Method for determining data embezzlement, client and server | |
Hoof | Live sports, piracy and uncertainty: understanding illegal streaming aggregation platforms | |
Servizi et al. | A user experience model for privacy and context aware over-the-top (ott) tv recommendations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address |
Address after: Room 402, No. 66, North Street, University Town Center, Panyu District, Guangzhou City, Guangdong Province, 510006 Patentee after: Yifang Information Technology Co.,Ltd. Address before: 510000 room 605, science museum, Guangdong University of technology, Panyu District, Guangzhou City, Guangdong Province Patentee before: GUANGZHOU EASEFUN INFORMATION TECHNOLOGY Co.,Ltd. |
|
CP03 | Change of name, title or address |