CN111353138A - Abnormal user identification method and device, electronic equipment and storage medium - Google Patents

Abnormal user identification method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111353138A
CN111353138A CN201811584490.9A CN201811584490A CN111353138A CN 111353138 A CN111353138 A CN 111353138A CN 201811584490 A CN201811584490 A CN 201811584490A CN 111353138 A CN111353138 A CN 111353138A
Authority
CN
China
Prior art keywords
information
terminal
user
attribute information
fingerprint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811584490.9A
Other languages
Chinese (zh)
Inventor
钱湖海
鲁银冰
徐悦
韩凯
许鑫伶
高瑞令
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Hangzhou Information Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201811584490.9A priority Critical patent/CN111353138A/en
Publication of CN111353138A publication Critical patent/CN111353138A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a method and a device for identifying an abnormal user, electronic equipment and a storage medium, wherein the method for identifying the abnormal user comprises the following steps: the method comprises the steps that a server receives a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in; acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information; judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored by the mobile terminal; if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user, thereby greatly improving the efficiency and accuracy of identifying the abnormal user.

Description

Abnormal user identification method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of network information security, and in particular, to a method and an apparatus for identifying an abnormal user, an electronic device, and a storage medium.
Background
At present, various risks exist in internet services, for example, abnormal users often take actions of order brushing, alive brushing, small numbers, cat pool brushing, library collision, number stealing, interface attack and the like, and the basic security of the whole service is damaged. For example, three quarters before 2017, the electric company and enterprise suffered an average of 241 million times of wool attacks per day; the total number of wool weeding exceeds the sum of the past three years, the loss caused is in the billion level, about 110 ten thousand of wool in pulling group is in the internet to 'make wind and make wave', the abnormal user behavior like the event of wool pulling in the business of electric power company brings great loss to the internet business. Therefore, early anticipation and prevention of the abnormal user are required.
However, with the upgrade of the anti-adversarial means of the black-products team, i.e. the abnormal user group, and the automation and industrialization of the used tools, the identification of the abnormal users in the prior art has some drawbacks. The method for identifying users with abnormal behaviors, which is disclosed by the prior art, comprises the steps of acquiring training signaling data and testing signaling data from signaling data of a full-scale ticket according to a black and white number library, establishing an algorithm model according to a training information table generated based on the training signaling data, testing the algorithm model by using the testing signaling data, and confirming an optimal algorithm model through corresponding evaluation operation, so that the method for identifying the abnormal users is too complex and depends heavily on the black and white name list library; the method comprises the steps of obtaining network attribute characteristics of a data interaction network and non-network attribute characteristics of the data interaction network by constructing the data interaction network, obtaining a classification prediction model according to the network attribute characteristics and the non-network attribute characteristics of the data interaction network, and identifying a user to be identified by adopting the classification prediction model, so that the method needs to obtain the network attribute characteristics and the non-network attribute characteristics of the data interaction network, thereby causing higher cost, and secondly, needs to store a large amount of account interaction data, thereby causing difficult data storage, huge calculation amount and lack of reliable related information of historical behaviors; in the method, whether the login account is stolen or not is detected through the login account with the same IP address and the abnormal operation of the corresponding login account, the attribute of the IP address is easy to be distorted, and an abnormal user can bypass the detection of the IP address of the login account by using the login account of the proxy.
From the above, it is known that the means for identifying the abnormal user in the prior art is too complicated, inefficient and not high in accuracy.
Disclosure of Invention
The embodiment of the invention provides a method and a device for identifying an abnormal user, electronic equipment and a storage medium, which are used for solving the problems of too complex means for identifying the abnormal user, low efficiency and low accuracy in the prior art.
The embodiment of the invention provides a method for identifying an abnormal user, which comprises the following steps:
the method comprises the steps that a server receives a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in;
acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information;
judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored by the mobile terminal;
if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user.
Further, before the user to be logged in is determined to be an abnormal user, the method further includes:
sending information to be verified to the terminal, and receiving verification information sent by the terminal;
judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information;
if not, carrying out subsequent operation.
Further, if the verification information is consistent with the target verification information corresponding to the to-be-verified information, the method further includes:
and determining the user to be logged in as a normal user, and storing the corresponding relation between the first account information and the first fingerprint information in the fingerprint database.
Further, before generating the first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, the method further includes:
if the system installed on the terminal is an android system, judging whether at least one piece of target attribute information of the terminal is acquired, and if so, performing subsequent steps;
if the system installed in the terminal is an IOS system, judging whether all application advertisement identifier IDFA character strings in the obtained target attribute information are zero, if not, performing the subsequent steps, if so, judging whether the application provider identifier IDFV in the target attribute information is effective, and if so, performing the subsequent steps.
Further, if the system installed on the terminal is an android system, the target attribute information includes at least one of the following: ANDROID _ ID, international mobile equipment identification code IMEI, international mobile subscriber identification code IMSI, SERIAL NUMBER ICCID of SIM card, hardware address MAC of the terminal, machine SERIAL NUMBER SERIAL _ NUMBER of the terminal, identification information CPU _ ID of CPU in the terminal, identification information MEID of mobile equipment and electronic SERIAL NUMBER ESN;
and if the system installed in the terminal is an IOS system, the target attribute information comprises the IDFA and the IDFV.
The embodiment of the invention provides a device for identifying abnormal users, which comprises:
the terminal comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving a login request sent by the terminal, and the login request comprises first account information of a user to be logged in;
the generating module is used for acquiring target attribute information of the terminal and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information;
the judging module is used for judging whether the corresponding relation between the first account information and the first fingerprint information exists in a fingerprint database of the corresponding relation between the account information and the fingerprint information stored in the device;
and the determining module is used for determining the user to be logged in as a normal user when the corresponding relation between the first account information and the first fingerprint information exists in the corresponding relation fingerprint database of the account information and the fingerprint information stored in the device, and otherwise, determining the user to be logged in as an abnormal user.
The embodiment of the invention provides electronic equipment, which comprises a memory and a processor;
the processor is used for reading the program in the memory and executing the following processes: receiving a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in; acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information; judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored in the memory; if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user.
Further, the processor is further configured to send information to be verified to the terminal, and receive verification information sent by the terminal; judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information; if not, determining the user to be logged in as an abnormal user;
the processor is further configured to determine the user to be logged in as a normal user if the verification information is consistent with target verification information corresponding to the information to be verified, and store a corresponding relationship between the first account information and the first fingerprint information in the fingerprint database;
the processor is further configured to determine whether to acquire at least one piece of target attribute information of the terminal if the system installed in the terminal is an android system, and if so, generate first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm; if the system installed in the terminal is an IOS system, judging whether all the application advertisement identifier IDFA character strings in the obtained target attribute information are zero, if not, generating first fingerprint information of the terminal according to the obtained target attribute information and a preset algorithm, if so, judging whether the application provider identifier IDFV in the target attribute information is effective, and if so, generating the first fingerprint information of the terminal according to the obtained target attribute information and the preset algorithm.
The embodiment of the invention provides electronic equipment, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory finish mutual communication through the communication bus;
the memory has stored therein a computer program which, when executed by the processor, causes the processor to perform the steps of any of the methods described above.
An embodiment of the present invention provides a computer-readable storage medium, which stores a computer program executable by an electronic device, and when the program runs on the electronic device, the program causes the electronic device to execute the steps of any one of the above methods.
The embodiment of the invention provides a method and a device for identifying an abnormal user, electronic equipment and a storage medium, wherein the method for identifying the abnormal user comprises the following steps: the method comprises the steps that a server receives a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in; acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information; judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored by the mobile terminal; if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user.
In the embodiment of the invention, the server acquires the target attribute information of the terminal, generates the first fingerprint information of the terminal, and determines whether the terminal is an abnormal user according to whether the corresponding relation between the first account information and the first fingerprint information exists in the fingerprint database of the corresponding relation between the account information and the fingerprint information stored in the server, because the fingerprint information is generated according to the attribute information of the terminal, the user who has modified the attribute information of the terminal can be determined as the abnormal user, and therefore, the efficiency and the accuracy of identifying the abnormal user are improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for identifying an abnormal user according to embodiment 1 of the present invention;
fig. 2 is a flowchart of a method for identifying an abnormal user according to embodiment 2 of the present invention;
fig. 3 is a flowchart of a method for extracting available fields by a server according to embodiment 3 of the present invention;
fig. 4 is a flowchart of a method for creating a fingerprint database according to embodiment 3 of the present invention;
fig. 5 is a flowchart of a method for identifying an abnormal user according to embodiment 3 of the present invention;
fig. 6 is a schematic diagram of an abnormal user identification according to embodiment 3 of the present invention;
fig. 7 is a schematic structural diagram of an apparatus for identifying an abnormal user according to embodiment 4 of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to embodiment 5 of the present invention;
fig. 9 is a schematic structural diagram of an electronic device according to embodiment 6 of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the attached drawings, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
fig. 1 is a flowchart of a method for identifying an abnormal user according to an embodiment of the present invention, where the method includes:
s101: the method comprises the steps that a server receives a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in.
The abnormal user identification method provided by the embodiment of the invention is applied to the server, and particularly when the server receives a login request sent by a user through a terminal, the account of the user who logs in can be identified based on the information of the terminal, so that whether the user is an abnormal user or not is determined.
Specifically, the terminal sends a login request to the server, where the login request may include first account information of the user to be logged in.
S102: acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information.
In the embodiment of the present invention, a user to be logged in is authenticated with confidence to identify an abnormal user, and in fact, the method of authentication with confidence is mainly performed according to a correspondence between account information and fingerprint information stored by a server in a fingerprint library, because the login request includes first account information of the user to be logged in, after receiving the login request, the server needs to collect target attribute information related to the terminal to determine the first fingerprint information of the terminal, where the target attribute information includes at least one of hardware attribute information and software attribute information, such as a device number of the terminal, or version information of a system installed on the terminal.
After the server acquires the target attribute information of the terminal, a preset Algorithm is used to generate a device fingerprint corresponding to the terminal, that is, first fingerprint information, specifically, the Algorithm may be set according to an actual situation, and is not limited herein, for example, the Algorithm may be a Message Digest Algorithm (MD) series, a Secure Hash Algorithm (SHA), or the like.
S103: and judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored by the mobile terminal.
The embodiment of the invention adopts the idea of combining the device fingerprint with the credible authentication to realize the identification of the abnormal user. Because the login credible authentication is based on the big data thought, a corresponding credible equipment fingerprint big database is established for the user, thereby facilitating the subsequent use. In order to realize the identification of the abnormal user, the server collects account information of the user and target attribute information of the login terminal in advance, generates fingerprint information aiming at the account information according to the acquired target attribute information and a preset algorithm, and stores the determined corresponding relation between the account information of the user and the fingerprint information in a fingerprint database.
When an abnormal user is identified, the corresponding relationship between the received first account information and the generated first fingerprint information is matched with the account information and the fingerprint information of each user in the fingerprint database one by one, and whether the corresponding relationship between the first account information and the first fingerprint information exists in the fingerprint database is judged.
S104: if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user.
Because a large amount of credible and normal corresponding relations between the user account information and the fingerprint information are stored in the fingerprint library, if the corresponding relations between the first account information and the first fingerprint information exist in the fingerprint library, the account information of the user to be logged in is credible and is a normal user, otherwise, the account information of the user to be logged in is extremely possibly incredible and can be determined as an abnormal user.
In the embodiment of the invention, the server acquires the target attribute information of the terminal, generates the first fingerprint information of the terminal, and determines whether the terminal is an abnormal user according to whether the corresponding relation between the first account information and the first fingerprint information exists in the fingerprint database of the corresponding relation between the account information and the fingerprint information stored in the server, because the fingerprint information is generated according to the attribute information of the terminal, the user who has modified the attribute information of the terminal can be determined as the abnormal user, and therefore, the efficiency and the accuracy of identifying the abnormal user are improved.
Example 2:
on the basis of the above embodiment, in order to further improve the accuracy of identifying the abnormal user, before the user to be logged in is determined to be the abnormal user, the method further includes:
sending information to be verified to the terminal, and receiving verification information sent by the terminal;
judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information;
if not, carrying out subsequent operation.
Because the corresponding relationship between the account information of the user and the fingerprint information stored in the fingerprint database is determined by collecting the information of the terminal in advance, if the collected information of the terminal is not sufficient, or an error occurs during the information collection of the terminal, or because the terminal is normally changed, the corresponding relationship between the first account information and the first fingerprint information may not exist in the fingerprint database, but the determination of the user to be logged in as an abnormal user may not be accurate enough. Therefore, in order to further improve the accuracy of identifying the abnormal user, it is necessary to verify the user to be logged in order to avoid the occurrence of the situation that the normal user is mistaken as the abnormal user as much as possible.
Specifically, the server may send information to be authenticated to a terminal used by a user to be logged in, so that the user inputs corresponding authentication information on the terminal according to the authentication information, and the terminal sends the authentication information to the server, so that the server may determine whether the authentication information is consistent with target authentication information corresponding to the information to be authenticated, and if not, the user to be logged in is an abnormal user. The information to be verified sent by the specific server may be a short message to be verified, or may be other information to be verified, such as mailbox information to be verified.
If the verification information is consistent with the target verification information corresponding to the information to be verified, the method further comprises the following steps:
and determining the user to be logged in as a normal user, and storing the corresponding relation between the first account information and the first fingerprint information in the fingerprint database.
If the verification information is consistent with the target verification information corresponding to the to-be-verified information, the to-be-logged user passes verification, and can be confirmed as a normal user, otherwise, the to-be-logged user is confirmed as an abnormal user. Therefore, in the embodiment of the present invention, the user may be authenticated by using the authentication information, and after the authentication is passed, the corresponding relationship between the first account information and the first fingerprint information is stored, so that there may be a case where the same account information corresponds to a plurality of fingerprint information in the fingerprint database.
Because the fingerprint information in the fingerprint database is the unique identifier of the terminal, the server can accurately position and identify the terminal of the user to be logged in according to the fingerprint information. When the terminal of the user to be logged in is normally changed, the fingerprint library may not store the corresponding relationship between the first account information and the first fingerprint information, and in order to avoid a misjudgment, the server may judge whether the user is an abnormal user by using an information verification method for the user, thereby preventing abnormal login by illegally tampering the device information. In addition, the fingerprint database stores the credible information of the user, and the credible information comprises the credible account information and the corresponding relation of the fingerprint information.
Based on the foregoing embodiment, fig. 2 is a flowchart of a method for identifying an abnormal user according to an embodiment of the present invention, where the specific method includes:
s201: the terminal sends a login request to the server, wherein the login request comprises first account information of a user to be logged in.
S202: and after receiving the login request, the server generates first fingerprint information corresponding to the terminal.
S203: the server judges whether the corresponding relation between the first account information and the first fingerprint information is credible.
S204: if yes, the server determines the user to be logged in as a normal user.
S205: if not, judging whether the short message verification information is consistent with target verification information corresponding to the short message to-be-verified information according to the short message to-be-verified information sent to the terminal, wherein the short message verification information is sent by the terminal.
S206: if not, determining the user to be logged in as an abnormal user.
S207: if so, determining that the user to be logged in is a normal user, and storing the corresponding relation between the first account information and the first fingerprint information in the fingerprint database.
In the embodiment of the invention, the information to be verified is sent to the terminal, and the verification information sent by the terminal is received; judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information; if not, subsequent operation is carried out, so that the accuracy of the abnormal user identification can be further improved.
Example 3:
on the basis of the foregoing embodiments, in order to more accurately generate fingerprint information corresponding to a terminal so as to facilitate subsequent operations, before generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, the method further includes:
if the system installed on the terminal is an android system, judging whether at least one piece of target attribute information of the terminal is acquired, and if so, performing subsequent steps;
if the system installed in the terminal is an IOS system, judging whether all application advertisement Identifier (IDFA) character strings in the obtained target attribute information are zero, if not, performing the subsequent steps, if so, judging whether an application provider Identifier (IDFV) in the target attribute information is valid, and if so, performing the subsequent steps.
Since collecting the required target attribute information from the terminal is the basis for generating the fingerprint information corresponding to the terminal, it is necessary to collect the available fields of the data information related to the terminal before generating the fingerprint information corresponding to the terminal. As shown in fig. 3, the server sends a data acquisition request to the terminal, and after receiving the request, the terminal may acquire data information through a Software Development Kit (SDK) carried by the terminal.
After the terminal collects the data information of itself, the data information is sent to the server, the server receives the data information and stores the data information, and identifies the data information according to the preset target attribute information to obtain the field corresponding to the target attribute information, and the specific process can be as follows: identifying the service data in the data information, analyzing the data format of the service data, and analyzing and extracting available fields, specifically obtaining fields related to the target attribute information.
Because the operating systems installed in the terminals in the current market are mainly an Android system and an IOS system, the terminals are also divided into Android devices and IOS devices. Because the operating systems installed on the terminals are different, the collected target attribute information is also different for the terminals installed with different operating systems.
Since the data information stored by the server has too much attribute information related to the terminal, there may be not less than 60 different types of attribute information. In order to generate fingerprint information corresponding to a terminal more accurately so as to facilitate subsequent operations, several pieces of target attribute information are preferred in the embodiment of the present invention.
If the system installed on the terminal is an Android system, namely the terminal is an Android device, the target attribute information comprises at least one of the following: identification information of the ANDROID system (ANDROID _ ID), International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), SERIAL NUMBER of SIM card (ICCID), hardware address of the terminal (MAC), machine SERIAL NUMBER of the terminal (SERIAL _ NUMBER), Identification information of CPU in the terminal (CPU _ ID), Mobile Equipment Identification information (MEID), Electronic SERIAL NUMBER (ESN);
if the system installed in the terminal is an IOS system, i.e. the terminal is an IOS device, the target attribute information includes IDFA and IDFV.
The meaning of each target attribute information is shown in table 1 below, where ANDROID _ ID is target attribute information unique to the ANDROID device, IDFA, IDFV, and OPEN _ UDID are target attribute information unique to the IOS device, and the remaining target attribute information is included in both the ANDROID device and the IOS device.
If the terminal carries two SIM cards, the target attribute information may include two international mobile subscriber identities, i.e. IMSI _1 and IMSI _ 2.
Preferably, for an Android device or an IOS device, fingerprint information corresponding to the device may be generated according to all target attribute information corresponding to the device and a preset algorithm. However, in the actual operation process, the terminal often cannot acquire all target attribute information, especially the IOS device, and generally only can acquire two kinds of target attribute information, i.e., the IDFA and the IFDV.
Figure BDA0001918748570000121
Figure BDA0001918748570000131
TABLE 1
Since the terminal information acquired by the server does not necessarily include the target attribute information, it is necessary to further determine the operating system installed in the terminal before generating the fingerprint information corresponding to the terminal for the terminal in which a different operating system is installed.
Specifically, if the system installed on the terminal is an android system, the server may determine whether to acquire at least one piece of target attribute information of the terminal, and if so, perform the subsequent steps; if the system installed in the terminal is an apple mobile device operating system, whether all IDFA character strings in the obtained target attribute information are zero is judged, if not, the subsequent steps are carried out, if yes, whether IDFV in the target attribute information is effective is judged, and if yes, the subsequent steps are carried out.
On the basis of the foregoing embodiment, fig. 4 is a flowchart of a method for establishing a fingerprint database according to an embodiment of the present invention, where the specific method includes:
the server acquires target attribute information of the terminal. Specifically, the process of obtaining the target attribute information of the terminal has been described in the above embodiments, and is not described herein again.
In order to further improve the security, in the embodiment of the present invention, based on the installation system of the terminal, the generation algorithms of the fingerprint information adopted by different installation systems are different, and therefore, the server first determines the operating system installed in the terminal, and then generates, for the terminal in which different operating systems are installed, the fingerprint information corresponding to the terminal according to at least one target attribute information corresponding to the terminal and a preset algorithm.
If the terminal is an IOS device, it may be determined whether all the IDFA strings in the field are zero, if not, the fingerprint information corresponding to the terminal is obtained by using the SHA512 algorithm, and the program code corresponding to the process is CMCC _ HYID-SHA512 (IDFA). If yes, judging whether the IDFV in the field is valid, if so, obtaining fingerprint information corresponding to the terminal by adopting an SHA512 algorithm, wherein a program code corresponding to the process is CMCC _ HYID-SHA512(IDFV), and if not, generating no fingerprint information, and the program code corresponding to the process is CMCC _ HYID- 'NULL'.
If the terminal is an Android device, judging whether the field is a non-empty field, and if the program code corresponding to the empty field is NULL, NULL or NULL, namely judging whether at least one piece of target attribute information of the terminal is acquired, and if so, judging whether the number of the non-NULL fields in the field is greater than 0; if yes, extracting a non-null field in the field, and obtaining fingerprint information corresponding to the terminal by adopting a SHA512 algorithm, wherein a program code corresponding to the process is CMCC _ HYID-SHA512(IMEI + ANHYDROID _ ID + ICCID + …), and the non-null field in the program code can be a field corresponding to at least one target attribute information; if not, fingerprint information is not generated, and the program code corresponding to the process is CMCC _ HYID- 'NULL'.
And collecting all the generated fingerprint information corresponding to the terminal together, and establishing a fingerprint library corresponding to the terminal.
Figure BDA0001918748570000141
TABLE 2
Besides using the SHA512 algorithm, other algorithms can be used to generate fingerprint information of the terminal. The MD5 algorithm in the message digest algorithm, and the SHA1, SHA256, SHA512 algorithms in the series of secure hash algorithms, respectively, generate samples of fingerprint information and their corresponding generation times are now compared. As can be seen from the contents shown in Table 2, since 1.5093601460094389e-08 is smaller than 1.509360146009466e-08, the time taken for the SHA512 algorithm to generate fingerprint information is shorter than the time taken for the MD5 algorithm and the SHA1 algorithm to generate fingerprint information. Because the field lengths in the fingerprint information samples generated by the MD5 algorithm, the SHA1 algorithm, the SHA256 algorithm and the SHA512 are one longer than another, and the field length in the fingerprint information sample generated by the SHA512 algorithm is the longest and carries the most data, the information amount carried in the fingerprint information generated by the SHA512 algorithm is large, the information is not easy to be tampered, and the time of the generated fingerprint information is the shortest. Therefore, the SHA512 algorithm is preferred by the embodiment of the present invention to generate fingerprint information. Therefore, through a specific high-reliability anti-cracking algorithm, a unique identifier, namely fingerprint information, is aggregated for each terminal, namely the fingerprint information is equivalent to the identity card for identifying the terminal, so that the fingerprint information can be used as the unique identifier of user account information in a fingerprint library, the unique account information can be effectively identified, and the judgment error of the abnormal user caused by forging the account information by the user is prevented.
On the basis of the above embodiments, since the above abnormal user identification method is mainly based on the idea of device fingerprint and trusted authentication, a module that generates fingerprint information corresponding to a terminal in a server can be understood as a device fingerprint module, and a module that determines whether a user is abnormal can be understood as a trusted authentication module.
On the basis of the foregoing embodiments, fig. 5 is a flowchart of a method for identifying an abnormal user according to an embodiment of the present invention, where the specific method includes:
s501: after receiving a login request sent by a terminal, a server receives the login request, wherein the login request comprises account information of a user to be logged in.
S502: the server identifies and positions the terminal according to the fingerprint information of the terminal generated by the equipment fingerprint module carried by the server.
An equipment fingerprint module in the server generates fingerprint information of the terminal according to the acquired target attribute information of the terminal and a preset algorithm; specifically, the method for generating the fingerprint information is the same as the method for generating the first fingerprint information, and is not described herein again. Then, if the fingerprint information is stored in the fingerprint database of the server, the server can identify and locate the terminal according to the fingerprint information.
S503: and the trusted authentication module judges whether the user to be logged in is an abnormal user.
In order to prevent the illegal tampering of the device information from abnormal login, a trusted authentication module in the server may first determine whether a corresponding relationship between the fingerprint information and the account information is stored in a fingerprint library of a corresponding relationship between the account information and the fingerprint information, and if so, determine a user to be logged in corresponding to the terminal as a normal user; otherwise, the user to be logged in is determined whether the user is an abnormal user by using a verification information method, specifically, the specific process of the determination is similar to the method for identifying the abnormal user in the above embodiment, and details are not repeated here.
On the basis of the foregoing embodiments, fig. 6 is a schematic diagram of an abnormal user identification provided in an embodiment of the present invention, and as shown in fig. 6, a server acquires target attribute information of a terminal, specifically, a user to be logged in moves a slider below a display screen of the terminal to a set position, which triggers the terminal to send a login request to the server, and the server receives the login request and acquires the target attribute information of the terminal; generating an equipment fingerprint corresponding to the terminal according to the target attribute information of the terminal contained in the acquired information and a preset algorithm, namely fingerprint information corresponding to the terminal; and then judging whether the user to be logged in is an abnormal user or not according to the account information stored by the server and the fingerprint database corresponding to the fingerprint information.
Before generating the first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, if a system installed on the terminal is an android system, judging whether at least one piece of target attribute information of the terminal is acquired, and if so, performing subsequent steps; if the system installed in the terminal is an apple mobile device operating system, judging whether all IDFA character strings in the obtained target attribute information are zero, if not, performing the subsequent steps, if so, judging whether IDFV in the target attribute information is effective, and if so, performing the subsequent steps; therefore, the fingerprint information corresponding to the terminal can be generated more accurately, so that the subsequent operation is facilitated.
Example 4:
on the basis of the foregoing embodiments, fig. 7 is a schematic structural diagram of an abnormal user identification apparatus according to an embodiment of the present invention, and as shown in fig. 7, the apparatus includes:
the system comprises a receiving module 701, a login module and a processing module, wherein the receiving module 701 is used for receiving a login request sent by a terminal, and the login request comprises first account information of a user to be logged in;
a generating module 702, configured to obtain target attribute information of the terminal, and generate first fingerprint information of the terminal according to the obtained target attribute information and a preset algorithm, where the target attribute information includes hardware attribute information and/or software attribute information;
a determining module 703, configured to determine whether a corresponding relationship between the first account information and the first fingerprint information exists in a fingerprint database of a corresponding relationship between the account information and the fingerprint information stored in the apparatus;
a determining module 704, configured to determine the user to be logged in as a normal user when the corresponding relationship between the first account information and the first fingerprint information exists in the fingerprint library of the corresponding relationship between the account information and the fingerprint information stored in the apparatus, and otherwise, determine the user to be logged in as an abnormal user.
Further, the determining module 704 is further configured to send information to be verified to the terminal and receive verification information sent by the terminal before determining the user to be logged in as an abnormal user; judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information; if not, carrying out subsequent operation.
Further, the determining module 704 is further configured to determine the user to be logged in as a normal user if the verification information is consistent with the target verification information corresponding to the information to be verified, and store the corresponding relationship between the first account information and the first fingerprint information in the fingerprint library.
Further, the determining module 704 is further configured to, before generating the first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, determine whether to acquire at least one piece of target attribute information of the terminal if a system installed in the terminal is an android system, and if so, perform subsequent steps; and if the system installed in the terminal is an IOS system, judging whether the application advertisement identifier character strings in the acquired target attribute information are all zero, if not, performing the subsequent steps, if so, judging whether the application provider identifiers in the target attribute information are effective, and if so, performing the subsequent steps.
The receiving module 701 in the embodiment of the present invention is configured to receive a login request sent by a terminal, where the login request includes first account information of a user to be logged in; a generating module 702, configured to obtain target attribute information of the terminal, and generate first fingerprint information of the terminal according to the obtained target attribute information and a preset algorithm; a determining module 703, configured to determine whether a corresponding relationship between the first account information and the first fingerprint information exists in a fingerprint database of a corresponding relationship between the account information and the fingerprint information stored in the apparatus; the determining module 704 is configured to determine the user to be logged in as a normal user when the corresponding relationship between the first account information and the first fingerprint information exists in the fingerprint database of the corresponding relationship between the account information and the fingerprint information stored in the apparatus, and otherwise, determine the user to be logged in as an abnormal user, so that the efficiency and accuracy of identifying the abnormal user are greatly improved.
Example 5:
on the basis of the above embodiments, an embodiment of the present invention provides an electronic device, as shown in fig. 8, including: a processor 801 and a memory 802;
the processor 801 is configured to read the program in the memory 802, and execute the following processes: receiving a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in; acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information; judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored in the memory; if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user.
Based on the same inventive concept, the embodiment of the present invention provides an electronic device, and because the principle of solving the problem of the electronic device is similar to the abnormal user identification method, the implementation of the electronic device may refer to the implementation of the method, and repeated details are not repeated.
In FIG. 8, the bus architecture may include any number of interconnected buses and bridges, with one or more processors represented by processor 801 and various circuits of memory represented by memory 802 being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The processor 801 is responsible for managing the bus architecture and general processing, and the memory 802 may store data used by the processor 801 in performing operations.
Alternatively, the processor 801 may be a CPU (central processing unit), an ASIC (Application specific integrated Circuit), an FPGA (Field Programmable Gate Array), or a CPLD (Complex Programmable Logic Device).
The processor 801 is further configured to send information to be verified to the terminal, and receive verification information sent by the terminal; judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information; if not, determining the user to be logged in as an abnormal user;
the processor 801 is further configured to determine the user to be logged in as a normal user if the verification information is consistent with target verification information corresponding to the information to be verified, and store a corresponding relationship between the first account information and the first fingerprint information in the fingerprint library;
the processor 801 is further configured to, if the system installed in the terminal is an android system, determine whether to acquire target attribute information of at least one terminal, and if so, generate first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm; if the system installed in the terminal is an IOS system, judging whether application advertisement Identifier (IDFA) character strings in the obtained target attribute information are all zero, if not, generating first fingerprint information of the terminal according to the obtained target attribute information and a preset algorithm, if so, judging whether application provider Identification (IDFV) in the target attribute information is valid, and if so, generating the first fingerprint information of the terminal according to the obtained target attribute information and the preset algorithm.
Example 6:
on the basis of the foregoing embodiments, an electronic device according to an embodiment of the present invention is provided, as shown in fig. 9, and includes a processor 901, a communication interface 902, a memory 903, and a communication bus 904, where the processor 901, the communication interface 902, and the memory 903 complete communication with each other through the communication bus 904;
the memory 903 has stored therein a computer program which, when executed by the processor 901, causes the processor 901 to perform the steps of:
receiving a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in;
acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information;
judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored in the memory;
if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface 902 is used for communication between the electronic apparatus and other apparatuses.
The Memory 903 may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The processor 901 may be a general-purpose processor, including a central processing unit, a Network Processor (NP), and the like; but may also be a Digital instruction processor (DSP), an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like.
The processor 901 is further configured to send information to be verified to the terminal, and receive verification information sent by the terminal; judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information; if not, determining the user to be logged in as an abnormal user;
the processor 901 is further configured to determine the user to be logged in as a normal user if the verification information is consistent with target verification information corresponding to the information to be verified, and store a corresponding relationship between the first account information and the first fingerprint information in the fingerprint library;
the processor 901 is further configured to determine whether to acquire target attribute information of at least one terminal if the system installed in the terminal is an android system, and if so, generate first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm; if the system installed in the terminal is an IOS system, judging whether application advertisement Identifier (IDFA) character strings in the obtained target attribute information are all zero, if not, generating first fingerprint information of the terminal according to the obtained target attribute information and a preset algorithm, if so, judging whether application provider Identification (IDFV) in the target attribute information is valid, and if so, generating the first fingerprint information of the terminal according to the obtained target attribute information and the preset algorithm.
Further, if the system installed on the terminal is an android system, the target attribute information includes at least one of the following: ANDROID _ ID, international mobile equipment identification code (IMEI), International Mobile Subscriber Identity (IMSI), SERIAL NUMBER of SIM card (ICCID), hardware address (MAC) of the terminal, machine SERIAL NUMBER (SERIAL _ NUMBER) of the terminal, identification information (CPU _ ID) of CPU in the terminal, mobile equipment identification information (MEID), and Electronic SERIAL NUMBER (ESN);
and if the system installed in the terminal is an IOS system, the target attribute information comprises the IDFA and the IDFV.
Example 7:
on the basis of the foregoing embodiments, an embodiment of the present invention further provides a computer-readable storage medium storing a computer program executable by an electronic device, where the computer program, when executed on the electronic device, causes the electronic device to perform the following steps:
receiving a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in;
acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information;
judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored by the mobile terminal;
if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user.
Further, before the user to be logged in is determined to be an abnormal user, the method further includes:
sending information to be verified to the terminal, and receiving verification information sent by the terminal;
judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information;
if not, carrying out subsequent operation.
Further, if the verification information is consistent with the target verification information corresponding to the to-be-verified information, the method further includes:
and determining the user to be logged in as a normal user, and storing the corresponding relation between the first account information and the first fingerprint information in the fingerprint database.
Further, before generating the first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, the method further includes:
if the system installed on the terminal is an android system, judging whether at least one piece of target attribute information of the terminal is acquired, and if so, performing subsequent steps;
if the system installed in the terminal is an IOS system, judging whether all application advertisement Identifier (IDFA) character strings in the obtained target attribute information are zero, if not, performing the subsequent steps, if so, judging whether an application provider Identification (IDFV) in the target attribute information is valid, and if so, performing the subsequent steps.
Further, if the system installed on the terminal is an android system, the target attribute information includes at least one of the following: ANDROID _ ID, international mobile equipment identification code (IMEI), International Mobile Subscriber Identity (IMSI), SERIAL NUMBER of SIM card (ICCID), hardware address (MAC) of the terminal, machine SERIAL NUMBER (SERIAL _ NUMBER) of the terminal, identification information (CPU _ ID) of CPU in the terminal, mobile equipment identification information (MEID), and Electronic SERIAL NUMBER (ESN);
and if the system installed in the terminal is an IOS system, the target attribute information comprises the IDFA and the IDFV.
The computer readable storage medium may be any available medium or data storage device that can be accessed by a processor in an electronic device, including but not limited to magnetic memory such as floppy disks, hard disks, magnetic tape, magneto-optical disks (MO), etc., optical memory such as CDs, DVDs, BDs, HVDs, etc., and semiconductor memory such as ROMs, EPROMs, EEPROMs, nonvolatile memories (NANDFLASH), Solid State Disks (SSDs), etc.
For the system/apparatus embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for relevant points.
It is to be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or operation from another entity or operation without necessarily requiring or implying any actual such relationship or order between such entities or operations.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely application embodiment, or an embodiment combining application and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.

Claims (10)

1. A method of anomalous user identification, characterized in that said method comprises:
the method comprises the steps that a server receives a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in;
acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information;
judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored by the mobile terminal;
if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user.
2. The method of claim 1, wherein before determining the user to be logged in as an anomalous user, the method further comprises:
sending information to be verified to the terminal, and receiving verification information sent by the terminal;
judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information;
if not, carrying out subsequent operation.
3. The method of claim 2, wherein if the verification information is consistent with target verification information corresponding to the to-be-verified information, the method further comprises:
and determining the user to be logged in as a normal user, and storing the corresponding relation between the first account information and the first fingerprint information in the fingerprint database.
4. The method of claim 1, wherein before generating the first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, the method further comprises:
if the system installed on the terminal is an android system, judging whether at least one piece of target attribute information of the terminal is acquired, and if so, performing subsequent steps;
if the system installed in the terminal is an IOS system, judging whether all application advertisement identifier IDFA character strings in the obtained target attribute information are zero, if not, performing the subsequent steps, if so, judging whether the application provider identifier IDFV in the target attribute information is effective, and if so, performing the subsequent steps.
5. The method of claim 4, wherein if the terminal-mounted system is an android system, the target attribute information includes at least one of: ANDROID _ ID, international mobile equipment identification code IMEI, international mobile subscriber identification code IMSI, SERIAL NUMBER ICCID of SIM card, hardware address MAC of the terminal, machine SERIAL NUMBER SERIAL _ NUMBER of the terminal, identification information CPU _ ID of CPU in the terminal, identification information MEID of mobile equipment and electronic SERIAL NUMBER ESN;
and if the system installed in the terminal is an IOS system, the target attribute information comprises the IDFA and the IDFV.
6. An apparatus for anomalous user identification, said apparatus comprising:
the terminal comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving a login request sent by the terminal, and the login request comprises first account information of a user to be logged in;
the generating module is used for acquiring target attribute information of the terminal and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information;
the judging module is used for judging whether the corresponding relation between the first account information and the first fingerprint information exists in a fingerprint database of the corresponding relation between the account information and the fingerprint information stored in the device;
and the determining module is used for determining the user to be logged in as a normal user when the corresponding relation between the first account information and the first fingerprint information exists in the corresponding relation fingerprint database of the account information and the fingerprint information stored in the device, and otherwise, determining the user to be logged in as an abnormal user.
7. An electronic device, comprising a memory and a processor;
the processor is used for reading the program in the memory and executing the following processes: receiving a login request sent by a terminal, wherein the login request comprises first account information of a user to be logged in; acquiring target attribute information of the terminal, and generating first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm, wherein the target attribute information comprises hardware attribute information and/or software attribute information; judging whether the corresponding relation between the first account information and the first fingerprint information exists in a corresponding relation fingerprint database of the account information and the fingerprint information stored in the memory; if so, determining the user to be logged in as a normal user, otherwise, determining the user to be logged in as an abnormal user.
8. The electronic device of claim 7, wherein the processor is further configured to send information to be verified to the terminal, receive verification information sent by the terminal; judging whether the verification information is consistent with target verification information corresponding to the to-be-verified information; if not, determining the user to be logged in as an abnormal user;
the processor is further configured to determine the user to be logged in as a normal user if the verification information is consistent with target verification information corresponding to the information to be verified, and store a corresponding relationship between the first account information and the first fingerprint information in the fingerprint database;
the processor is further configured to determine whether to acquire at least one piece of target attribute information of the terminal if the system installed in the terminal is an android system, and if so, generate first fingerprint information of the terminal according to the acquired target attribute information and a preset algorithm; if the system installed in the terminal is an IOS system, judging whether all the application advertisement identifier IDFA character strings in the obtained target attribute information are zero, if not, generating first fingerprint information of the terminal according to the obtained target attribute information and a preset algorithm, if so, judging whether the application provider identifier IDFV in the target attribute information is effective, and if so, generating the first fingerprint information of the terminal according to the obtained target attribute information and the preset algorithm.
9. An electronic device, characterized in that the electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory has stored therein a computer program which, when executed by the processor, causes the processor to carry out the steps of the method of any one of claims 1-5.
10. A computer-readable storage medium, characterized in that it stores a computer program executable by an electronic device, which program, when run on the electronic device, causes the electronic device to carry out the steps of the method according to any one of claims 1-5.
CN201811584490.9A 2018-12-24 2018-12-24 Abnormal user identification method and device, electronic equipment and storage medium Pending CN111353138A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811584490.9A CN111353138A (en) 2018-12-24 2018-12-24 Abnormal user identification method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811584490.9A CN111353138A (en) 2018-12-24 2018-12-24 Abnormal user identification method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111353138A true CN111353138A (en) 2020-06-30

Family

ID=71193903

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811584490.9A Pending CN111353138A (en) 2018-12-24 2018-12-24 Abnormal user identification method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111353138A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615966A (en) * 2020-12-14 2021-04-06 南方电网海南数字电网研究院有限公司 Cat pool terminal identification method
CN112800403A (en) * 2021-01-05 2021-05-14 北京小米松果电子有限公司 Method, apparatus and medium for generating prediction model and predicting fingerprint recognition abnormality
CN114006738A (en) * 2021-10-25 2022-02-01 上海交通大学 APP instance fingerprint and device fingerprint based hand-trip login verification method and system
CN117910023A (en) * 2024-03-19 2024-04-19 天津市职业大学 Computer information security processing method and system based on big data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130167203A1 (en) * 2011-12-08 2013-06-27 Netauthority, Inc. Method and system for authorizing remote access to customer account information
CN104468464A (en) * 2013-09-12 2015-03-25 深圳市腾讯计算机系统有限公司 Authentication method, device and system
CN106060034A (en) * 2016-05-27 2016-10-26 深圳市永兴元科技有限公司 Account login method and device
CN106529963A (en) * 2016-11-26 2017-03-22 杭州邦盛金融信息技术有限公司 System and method for security authentication of mobile devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130167203A1 (en) * 2011-12-08 2013-06-27 Netauthority, Inc. Method and system for authorizing remote access to customer account information
CN104468464A (en) * 2013-09-12 2015-03-25 深圳市腾讯计算机系统有限公司 Authentication method, device and system
CN106060034A (en) * 2016-05-27 2016-10-26 深圳市永兴元科技有限公司 Account login method and device
CN106529963A (en) * 2016-11-26 2017-03-22 杭州邦盛金融信息技术有限公司 System and method for security authentication of mobile devices

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112615966A (en) * 2020-12-14 2021-04-06 南方电网海南数字电网研究院有限公司 Cat pool terminal identification method
CN112800403A (en) * 2021-01-05 2021-05-14 北京小米松果电子有限公司 Method, apparatus and medium for generating prediction model and predicting fingerprint recognition abnormality
CN112800403B (en) * 2021-01-05 2024-05-03 北京小米松果电子有限公司 Method, device and medium for generating prediction model and predicting fingerprint identification abnormality
CN114006738A (en) * 2021-10-25 2022-02-01 上海交通大学 APP instance fingerprint and device fingerprint based hand-trip login verification method and system
CN117910023A (en) * 2024-03-19 2024-04-19 天津市职业大学 Computer information security processing method and system based on big data
CN117910023B (en) * 2024-03-19 2024-05-14 天津市职业大学 Computer information security processing method and system based on big data

Similar Documents

Publication Publication Date Title
CN112417439B (en) Account detection method, device, server and storage medium
CN108989150B (en) Login abnormity detection method and device
CN111353138A (en) Abnormal user identification method and device, electronic equipment and storage medium
JP6609047B2 (en) Method and device for application information risk management
US11429698B2 (en) Method and apparatus for identity authentication, server and computer readable medium
CN109800560B (en) Equipment identification method and device
CN109842858B (en) Service abnormal order detection method and device
CN106465076B (en) Method and terminal for controlling short message reading
CN113489713A (en) Network attack detection method, device, equipment and storage medium
CN109815702B (en) Software behavior safety detection method, device and equipment
CN112685774B (en) Payment data processing method based on big data and block chain finance and cloud server
CN114785567B (en) Flow identification method, device, equipment and medium
CN114826946B (en) Unauthorized access interface detection method, device, equipment and storage medium
CN111224782B (en) Data verification method based on digital signature, intelligent device and storage medium
CN111767537A (en) Tamper verification method of application program based on IOS (operating system) and related equipment
CN104640105A (en) Method and system for mobile phone virus analyzing and threat associating
CN111371581A (en) Method, device, equipment and medium for detecting business abnormity of Internet of things card
CN112187783B (en) Authentication method and device, electronic equipment and storage medium
CN112613893A (en) Method, system, equipment and medium for identifying malicious user registration
CN112699369A (en) Method and device for detecting abnormal login through stack backtracking
CN114006738B (en) APP instance fingerprint and device fingerprint based hand-trip login verification method and system
CN110213341B (en) Method and device for detecting downloading of application program
CN107846391B (en) Login authentication method, device and system for application
CN116760646B (en) Login processing method, login processing device, server and readable storage medium
CN112449062B (en) Malicious fee deduction identification method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200630

RJ01 Rejection of invention patent application after publication