CN111147944A - On-demand infringement risk discovery method based on big data log analysis - Google Patents

On-demand infringement risk discovery method based on big data log analysis Download PDF

Info

Publication number
CN111147944A
CN111147944A CN201911361813.2A CN201911361813A CN111147944A CN 111147944 A CN111147944 A CN 111147944A CN 201911361813 A CN201911361813 A CN 201911361813A CN 111147944 A CN111147944 A CN 111147944A
Authority
CN
China
Prior art keywords
abnormal
video
watching
user
log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911361813.2A
Other languages
Chinese (zh)
Other versions
CN111147944B (en
Inventor
洪行健
黄海亮
梁瑛玮
李长杰
冷冬
丁一
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yifang Information Technology Co ltd
Original Assignee
Guangzhou Easefun Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Easefun Information Technology Co ltd filed Critical Guangzhou Easefun Information Technology Co ltd
Priority to CN201911361813.2A priority Critical patent/CN111147944B/en
Publication of CN111147944A publication Critical patent/CN111147944A/en
Application granted granted Critical
Publication of CN111147944B publication Critical patent/CN111147944B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/472End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
    • H04N21/47202End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • H04N21/44204Monitoring of content usage, e.g. the number of times a movie has been viewed, copied or the amount which has been watched
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • H04N21/44213Monitoring of end-user related data
    • H04N21/44222Analytics of user selections, e.g. selection of programs or purchase activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • H04N21/44236Monitoring of piracy processes or activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/466Learning process for intelligent management, e.g. learning user preferences for recommending movies
    • H04N21/4662Learning process for intelligent management, e.g. learning user preferences for recommending movies characterized by learning algorithms
    • H04N21/4665Learning process for intelligent management, e.g. learning user preferences for recommending movies characterized by learning algorithms involving classification methods, e.g. Decision trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/845Structuring of content, e.g. decomposing content into time segments
    • H04N21/8456Structuring of content, e.g. decomposing content into time segments by decomposing the content in the time domain, e.g. in time segments

Abstract

A big data log analysis-based on-demand infringement risk discovery method is characterized by comprising the following steps: a. collecting video watching service related logs; b. analyzing the video watching log; c. respectively counting accumulated abnormal feature tables aiming at each video; d. counting the characteristic range of the number of videos watched in a unit time of a single user; e. extracting abnormal threshold values of the indexes to serve as abnormal judgment rules; f. judging whether screen recording suspicion exists or not through an abnormal threshold; g. judging whether the cracking suspicion exists or not through an abnormal threshold; h. the suspect user is locked. Compared with the prior art, the method has the advantages of effectively discovering screen recording and cracking behaviors in the on-demand service.

Description

On-demand infringement risk discovery method based on big data log analysis
The technical field is as follows: the invention relates to the field of computers, in particular to a technique for preventing piracy on demand.
Background
In on-demand services, there are two common types of infringement: screen recording and cracking. There is currently no effective way to discover such that measures can be taken to effectively prevent such infringement.
Disclosure of Invention
The invention aims to provide a method for discovering the piracy risk of the on-demand based on the analysis of a big data log, which can effectively discover screen recording and cracking behaviors in on-demand services.
The invention is realized by the following steps:
the method comprises the following steps:
a. collecting logs related to a video watching service, completely collecting logs of an encrypted video watching process, playing a key file of a service to obtain a voucher token created log, playing an address request log, decrypting a request log of the key file, a request log of a video slice file and a log of a playing event;
b. analyzing the video watching logs, completely analyzing the parameters attached to the logs to obtain a structured result, and storing the structured result in a distributed storage;
c. respectively counting accumulated watching time, dragging times, double-speed switching, pause times, watching completion degrees, a slicing file request speed index and a referrer and user-agent abnormal feature table aiming at each video;
d. counting the characteristic range of the number of videos watched in a unit time of a single user;
e. extracting abnormal threshold values of the indexes to serve as abnormal judgment rules;
f. judging whether screen recording suspicion exists or not through an abnormal threshold value according to indexes such as the viewing duration, dragging times, double-speed switching, pause times, completion degree and the like of inquiring single viewing behaviors;
g. judging whether a cracking suspicion exists or not through an abnormal threshold value according to the refer and user-agent string detection of inquiring the single watching behavior and the access rate of the video slice file;
h. and obtaining the user ID when the token is issued according to the suspected play tracking ID association, thereby locking the suspected user.
The principle on which the technology of the invention is based is as follows:
in the on-demand service, a user finishes watching a video and relates to a series of service flows, so that ordered log events throughout the whole process are generated, and log data are analyzed by means of a log acquisition and convergence platform.
The video viewing behavior of most viewers has certain statistical characteristics (browsing speed, pause, fast forward, browsed content, amount, request object, etc.), so the behavior with such statistical characteristics can be regarded as normal legal behavior.
Two types of infringement are common to normal viewers: screen recording and cracking.
1) In order to achieve the purpose of recording the screen, a screen recorder must ensure that the video is played at a normal speed from beginning to end, and when a normal general audience who requests the video watches the video for a certain time, a certain amount of pause, window switching, fast forward and other actions are generated because complete attention cannot be ensured or other requirements such as drinking water and going to a toilet are met. By utilizing the difference of the statistical characteristics of the screen recording person and the general audience, the possible watching behaviors with screen recording can be distinguished by counting the corresponding video attributes and the behavior characteristics of the audience.
2) The cracker decrypts the encrypted video slice file after obtaining the played key through normal service authentication, so as to obtain the complete video content. The behavior of a cracker may have the following characteristics compared to a normal audience:
1. the time interval for acquiring the video slice file resource after acquiring the decryption key is different from the normal behavior;
2. the speed of requesting video slice file resources is different from the way of loading file by file in normal playing;
3. a large amount of video contents are requested in the same time period and exceed the normal watching amount range of a normal user within a certain time period;
4. a downloading tool is used for requesting to download the video slice file resource instead of a normal player, and the user-agent and the referrer of the http request header of the downloading tool are different from those of a normal audience;
5. forged play events are used or no play events are present.
In this way, by collecting the video viewing service-related log, the on-demand and viewing behavior characteristics of the jukebox are obtained, and these characteristics include: the method comprises the steps of judging whether a screen recording suspicion exists or not through an abnormal threshold according to indexes such as viewing duration, dragging times, double speed switching, pause times, viewing completion times, slicing file request speed and the like and abnormal feature tables of a refer and a user-agent; and judging whether the cracking suspicion exists or not through an abnormal threshold value according to the refer and user-agent string detection of inquiring the single watching behavior and the access rate of the video slice file.
Here, the anomaly threshold may be obtained by:
1. based on clustering, outliers exist after clustering is completed, and the outliers can be judged to be abnormal;
2. based on isolated forest isolation forest.
Typically, the data of anomalies (i.e., anomaly thresholds) is only a small fraction of the total test data sample, and common classification algorithms such as: SVM, logistic regression, etc. are not suitable. The isolated forest algorithm is just very suitable for the scenes, firstly, the data have certain continuity, secondly, the abnormal data have obvious outlier characteristics, and finally, the generation of the abnormal data is a small probability event.
Compared with the prior art, the invention effectively promotes the discovery and tracing of the play behavior with infringement risk by monitoring and analyzing the watching behavior log of the audience, and discovers the infringement behavior according to the discovery, thereby having the advantage of effectively discovering the screen recording and cracking behaviors in the on-demand service.
Detailed Description
The present invention will now be described in further detail with reference to examples:
the method comprises the following steps:
a. collecting logs related to a video watching service, completely collecting logs of an encrypted video watching process, playing a key file of a service to obtain a voucher token created log, playing an address request log, decrypting a request log of the key file, a request log of a video slice file and a log of a playing event;
b. analyzing the video watching logs, completely analyzing the parameters attached to the logs to obtain a structured result, and storing the structured result in a distributed storage;
c. respectively counting accumulated watching time, dragging times, double-speed switching, pause times, watching completion degrees, a slicing file request speed index and a referrer and user-agent abnormal feature table aiming at each video;
d. counting the characteristic range of the number of videos watched in a unit time of a single user;
e. extracting abnormal threshold values of the indexes to serve as abnormal judgment rules;
f. judging whether screen recording suspicion exists or not through an abnormal threshold value according to indexes such as the viewing duration, dragging times, double-speed switching, pause times, completion degree and the like of inquiring single viewing behaviors;
g. judging whether a cracking suspicion exists or not through an abnormal threshold value according to the refer and user-agent string detection of inquiring the single watching behavior and the access rate of the video slice file;
h. and obtaining the user ID when the token is issued according to the suspected play tracking ID association, thereby locking the suspected user.
Here, the anomaly threshold may be obtained by:
a. based on clustering, outliers exist after clustering is completed, and the outliers can be judged to be abnormal;
b. based on isolated forest isolation forest.

Claims (2)

1. A big data log analysis-based on-demand infringement risk discovery method is characterized by comprising the following steps:
a. collecting logs related to a video watching service, completely collecting logs of an encrypted video watching process, playing a key file of a service to obtain a voucher token created log, playing an address request log, decrypting a request log of the key file, a request log of a video slice file and a log of a playing event;
b. analyzing the video watching logs, completely analyzing the parameters attached to the logs to obtain a structured result, and storing the structured result in a distributed storage;
c. respectively counting accumulated watching time, dragging times, double-speed switching, pause times, watching completion degrees, a slicing file request speed index and a referrer and user-agent abnormal feature table aiming at each video;
d. counting the characteristic range of the number of videos watched in a unit time of a single user;
e. extracting abnormal threshold values of the indexes to serve as abnormal judgment rules;
f. judging whether screen recording suspicion exists or not through an abnormal threshold value according to indexes such as the viewing duration, dragging times, double-speed switching, pause times, completion degree and the like of inquiring single viewing behaviors;
g. judging whether a cracking suspicion exists or not through an abnormal threshold value according to the refer and user-agent string detection of inquiring the single watching behavior and the access rate of the video slice file;
h. and obtaining the user ID when the token is issued according to the suspected play tracking ID association, thereby locking the suspected user.
2. The big data log analysis-based on-demand infringement risk discovery method as claimed in claim 1, wherein: the anomaly threshold may be obtained by:
a. based on clustering, outliers exist after clustering is completed, and the outliers can be judged to be abnormal;
b. based on isolated forest isolation forest.
CN201911361813.2A 2019-12-26 2019-12-26 On-demand infringement risk discovery method based on big data log analysis Active CN111147944B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911361813.2A CN111147944B (en) 2019-12-26 2019-12-26 On-demand infringement risk discovery method based on big data log analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911361813.2A CN111147944B (en) 2019-12-26 2019-12-26 On-demand infringement risk discovery method based on big data log analysis

Publications (2)

Publication Number Publication Date
CN111147944A true CN111147944A (en) 2020-05-12
CN111147944B CN111147944B (en) 2021-11-09

Family

ID=70520364

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911361813.2A Active CN111147944B (en) 2019-12-26 2019-12-26 On-demand infringement risk discovery method based on big data log analysis

Country Status (1)

Country Link
CN (1) CN111147944B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114173138A (en) * 2021-10-22 2022-03-11 武汉斗鱼网络科技有限公司 Method, device, medium and equipment for processing abnormal video up master

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130219518A1 (en) * 2011-04-11 2013-08-22 Namakkal S. Sambamurthy Methods and Systems for Generating History Data of System Use and Replay Mode for Identifying Security Events Showing Data and User Bindings
CN103281594A (en) * 2012-01-12 2013-09-04 特克特朗尼克公司 Monitoring over-the-top adaptive video streaming in a network
CN103297435A (en) * 2013-06-06 2013-09-11 中国科学院信息工程研究所 Abnormal access behavior detection method and system on basis of WEB logs
US20150149134A1 (en) * 2013-11-27 2015-05-28 Falkonry Inc. Learning Expected Operational Behavior Of Machines From Generic Definitions And Past Behavior
CN106599295A (en) * 2016-12-27 2017-04-26 四川中电启明星信息技术有限公司 Multi-track visual analyzing evidence-collecting method for user behaviors and system
CN107302547A (en) * 2017-08-21 2017-10-27 深信服科技股份有限公司 A kind of web service exceptions detection method and device
CN107465647A (en) * 2016-06-06 2017-12-12 北京优朋普乐科技有限公司 A kind of compensation deals method and apparatus after stolen chain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130219518A1 (en) * 2011-04-11 2013-08-22 Namakkal S. Sambamurthy Methods and Systems for Generating History Data of System Use and Replay Mode for Identifying Security Events Showing Data and User Bindings
CN103281594A (en) * 2012-01-12 2013-09-04 特克特朗尼克公司 Monitoring over-the-top adaptive video streaming in a network
CN103297435A (en) * 2013-06-06 2013-09-11 中国科学院信息工程研究所 Abnormal access behavior detection method and system on basis of WEB logs
US20150149134A1 (en) * 2013-11-27 2015-05-28 Falkonry Inc. Learning Expected Operational Behavior Of Machines From Generic Definitions And Past Behavior
CN107465647A (en) * 2016-06-06 2017-12-12 北京优朋普乐科技有限公司 A kind of compensation deals method and apparatus after stolen chain
CN106599295A (en) * 2016-12-27 2017-04-26 四川中电启明星信息技术有限公司 Multi-track visual analyzing evidence-collecting method for user behaviors and system
CN107302547A (en) * 2017-08-21 2017-10-27 深信服科技股份有限公司 A kind of web service exceptions detection method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周茜: "网络游戏直播版权保护问题研究", 《中国优秀硕士学位论文全文数据库 社会科学Ⅰ辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114173138A (en) * 2021-10-22 2022-03-11 武汉斗鱼网络科技有限公司 Method, device, medium and equipment for processing abnormal video up master
CN114173138B (en) * 2021-10-22 2023-08-22 广州新特珑电子有限公司 Method, device, medium and equipment for processing abnormal video up master

Also Published As

Publication number Publication date
CN111147944B (en) 2021-11-09

Similar Documents

Publication Publication Date Title
US11770581B2 (en) Systems and methods for recording relevant portions of a media asset
Reed et al. Identifying https-protected netflix videos in real-time
US8601503B2 (en) Detecting distribution of multimedia content
Pires et al. YouTube live and Twitch: a tour of user-generated live streaming systems
US20180247305A1 (en) Systems and methods to identify target video content
CN107734362B (en) Video source determination method and device and computer readable storage medium
KR100961461B1 (en) Multiple step identification of recordings
US20130067109A1 (en) Monitoring Over-the-Top Adaptive Video Streaming
US20150249852A1 (en) Systems and methods for crowd-sourced media access control
WO2013184875A2 (en) Systems and methods for compiling media information based on privacy and reliability metrics
US20170264960A1 (en) Content management in a network environment
CN1577600A (en) Network system, server, data recording and playing device, method for the same, and program
CN106209781A (en) A kind of based on the access recognition methods of statistical exceptional interface
Ali-Eldin et al. Analysis and characterization of a video-on-demand service workload
CN108769749B (en) Method for determining data embezzlement, client and server
CN111147944B (en) On-demand infringement risk discovery method based on big data log analysis
Xu et al. Catch-up TV recommendations: show old favourites and find new ones
US20070204118A1 (en) System and method of managing the memory content of a device
Chen et al. A lifetime model of online video popularity
EP4084485A1 (en) Methods, systems, and devices for detecting over-the-top piracy
KR101400062B1 (en) System of security management for iptv set top box
US20230007932A1 (en) System and Method for Mitigating Risk of Frauds Related to Streaming Content Consumption
CN110381375B (en) Method for determining data embezzlement, client and server
Hoof Live sports, piracy and uncertainty: understanding illegal streaming aggregation platforms
Servizi et al. A user experience model for privacy and context aware over-the-top (ott) tv recommendations

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Room 402, No. 66, North Street, University Town Center, Panyu District, Guangzhou City, Guangdong Province, 510006

Patentee after: Yifang Information Technology Co.,Ltd.

Address before: 510000 room 605, science museum, Guangdong University of technology, Panyu District, Guangzhou City, Guangdong Province

Patentee before: GUANGZHOU EASEFUN INFORMATION TECHNOLOGY Co.,Ltd.

CP03 Change of name, title or address