CN111416817A - Mode identification method based on network verification code - Google Patents
Mode identification method based on network verification code Download PDFInfo
- Publication number
- CN111416817A CN111416817A CN202010187508.2A CN202010187508A CN111416817A CN 111416817 A CN111416817 A CN 111416817A CN 202010187508 A CN202010187508 A CN 202010187508A CN 111416817 A CN111416817 A CN 111416817A
- Authority
- CN
- China
- Prior art keywords
- abnormal
- verification
- pattern recognition
- client
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a pattern recognition method based on a network verification code, which comprises the following steps: s1: counting abnormal behavior characteristics of an abnormal client in advance, and setting matching degree scores corresponding to the abnormal behavior characteristics; s2: after a user logs in a service server through a client, the service server records service behavior information of the user and stores the service behavior information in a behavior statistical database; s3: and establishing a pattern recognition system at a network server end for storing and processing a pattern recognition object to be recognized. The method for identifying the abnormal client judges whether the client is the abnormal client or not based on the behavior of the client, so that the problem of cracking of intelligent identification software and artificial customer service can be avoided, the reliability of identification can be ensured, and the normal service of a common client cannot be influenced.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a pattern recognition method based on a network verification code.
Background
The generation of verification codes is accompanied with the development of computer technology and the continuous improvement of hacker technology, in order to prevent hackers from using an automatic registration tool to register website accounts in batch and fill water, the verification codes go through a process from pure numbers to distorted pictures and characters and symbols, and go through a process from simple to complex and difficult to distinguish, although the difficulty of identification by the automatic registration tool is improved.
Although the security of the system can be improved by setting the verification code, aiming at software in an actual production system, because automatic testing or other requirements need to be carried out, if the verification code is manually input in each test, the testing efficiency is greatly reduced, and the actual requirements cannot be met. The traditional automatic identifying method for the identifying code mainly comprises four steps of image denoising pretreatment, cutting, normalization and identification, wherein the difficulty is that the identifying code image is difficult to be effectively cut, and further subsequent identification fails.
Disclosure of Invention
Technical problem to be solved
The present invention is directed to a pattern recognition method based on a network verification code, so as to solve the problems set forth in the background art. The method for identifying the abnormal client judges whether the client is the abnormal client or not based on the behavior of the client, so that the problem of cracking of intelligent identification software and artificial customer service can be avoided, the reliability of identification can be ensured, and the normal service of a common client cannot be influenced.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme: a pattern recognition method based on network verification codes comprises the following steps:
s1: counting abnormal behavior characteristics of an abnormal client in advance, and setting matching degree scores corresponding to the abnormal behavior characteristics;
s2: after a user logs in a service server through a client, the service server records service behavior information of the user and stores the service behavior information in a behavior statistical database;
s3: establishing a pattern recognition system at a network server end for storing and processing a pattern recognition object to be recognized;
s4: decomposing and cutting the pattern recognition object into one verification code unit in sequence, establishing a pattern recognition database by taking the verification code unit as an element, storing the position relation of the verification code unit relative to the pattern recognition object in the database, distributing the verification code unit to different website netizen recognition verification codes, and feeding back the recognized information to the pattern recognition database of the network server end;
s5: when each preset monitoring period is finished, the monitoring server reads the service behavior information of the online users recorded in the period from the behavior statistical database, determines the abnormal matching degree of the behavior of each online user matched with the abnormal behavior characteristics according to the read service behavior information, the abnormal behavior characteristics and the abnormal matching degree scores corresponding to the abnormal behavior characteristics, and determines whether the client where the online user is located is an abnormal client according to the abnormal matching degree of the online user and a preset abnormal matching threshold;
s5: when the network request is overtime, the proxy IP is limited to access, and the picture verification code appears, different processing is carried out by the program, and when the webpage needing to be crawled is accessed, the content of the webpage is downloaded and stored.
Preferably, the abnormal matching degree includes: for each online user, according to the read service behavior information of the online user, counting the current individual behavior characteristics of the online user, determining the individual abnormal behavior characteristics matched with the counted individual behavior characteristics, and according to the abnormal matching degree score corresponding to each matched individual abnormal behavior characteristic, obtaining the abnormal matching degree of the online user.
Preferably, the program in S5 needs to be preprocessed, and specifically includes the following steps:
101. continuously accessing the webpage needing crawling by the crawler by using a browser until the picture verification code appears;
102. acquiring an xpath path of the picture verification code area, and counting the xpath path as a path 1;
103. after the picture verification code is successfully verified, selecting an xpath path of html elements of the webpage of the stage different from the webpages of other stages, and recording the xpath path as a path 2;
104. and continuing to use the browser to access the webpage until the IP is limited to access, and then selecting an xpath path of html elements of the webpage at the stage, which is different from other webpages, and counting as a path 3.
Preferably, a plurality of hot areas or buttons need to be created in the S5 picture, each hot area or button is assigned with a coordinate code, a keyword of each hot area or button is extracted, a verification prompt is generated according to the keyword, a user clicks or drags the hot area or button on the picture to generate coordinate code set verification information according to the requirement of the verification prompt, and the coordinate code set verification information is transmitted to a verification server system to analyze and compare, so as to complete the verification process of the verification code, wherein the verification server system comprises a picture repository, an identification module, an encryption module, a verification module and a picture synthesis module.
(III) advantageous effects
The invention provides a pattern recognition method based on a network verification code, which has the following beneficial effects:
(1) the method for identifying the abnormal client judges whether the client is the abnormal client or not based on the behavior of the client, so that the problem of cracking of intelligent identification software and artificial customer service can be avoided, the reliability of identification can be ensured, and the normal service of a common client cannot be influenced;
(2) the invention can make the website be continuously crawled by manually identifying the picture verification code when the crawled website limits the network to crawl the website content by using the picture verification code, and has wide practical range and high safety performance.
(3) The verification process using the verification code can be easily completed without inputting, is more convenient for small-screen mobile terminal users, can complete verification in a few times, and can complete verification of the verification code even by one-time finger sliding.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A pattern recognition method based on network verification codes comprises the following steps:
s1: counting abnormal behavior characteristics of an abnormal client in advance, and setting matching degree scores corresponding to the abnormal behavior characteristics;
s2: after a user logs in a service server through a client, the service server records service behavior information of the user and stores the service behavior information in a behavior statistical database;
s3: establishing a pattern recognition system at a network server end for storing and processing a pattern recognition object to be recognized;
s4: decomposing and cutting the pattern recognition object into one verification code unit in sequence, establishing a pattern recognition database by taking the verification code unit as an element, storing the position relation of the verification code unit relative to the pattern recognition object in the database, distributing the verification code unit to different website netizen recognition verification codes, and feeding back the recognized information to the pattern recognition database of the network server end;
s5: when each preset monitoring period is finished, the monitoring server reads the service behavior information of the online users recorded in the period from the behavior statistical database, determines the abnormal matching degree of the behavior of each online user matched with the abnormal behavior characteristics according to the read service behavior information, the abnormal behavior characteristics and the abnormal matching degree scores corresponding to the abnormal behavior characteristics, and determines whether the client where the online user is located is an abnormal client according to the abnormal matching degree of the online user and a preset abnormal matching threshold;
s5: when the network request is overtime, the proxy IP is limited to access, and the picture verification code appears, different processing is carried out by the program, and when the webpage needing to be crawled is accessed, the content of the webpage is downloaded and stored.
The abnormal matching degree comprises: for each online user, according to the read service behavior information of the online user, counting the current individual behavior characteristics of the online user, determining the individual abnormal behavior characteristics matched with the counted individual behavior characteristics, and according to the abnormal matching degree score corresponding to each matched individual abnormal behavior characteristic, obtaining the abnormal matching degree of the online user.
The program in the step S5 needs preprocessing, and specifically includes the following steps:
101. continuously accessing the webpage needing crawling by the crawler by using a browser until the picture verification code appears;
102. acquiring an xpath path of the picture verification code area, and counting the xpath path as a path 1;
103. after the picture verification code is successfully verified, selecting an xpath path of html elements of the webpage of the stage different from the webpages of other stages, and recording the xpath path as a path 2;
104. and continuing to use the browser to access the webpage until the IP is limited to access, and then selecting an xpath path of html elements of the webpage at the stage, which is different from other webpages, and counting as a path 3.
The S5 picture needs to create a plurality of hot areas or buttons, each hot area or button is endowed with a coordinate code, the key word of each hot area or button is extracted, a verification prompt is generated according to the key word, a user clicks or drags the hot area or button on the picture to generate coordinate code set verification information according to the requirement of the verification prompt, the coordinate code set verification information is transmitted to a verification server system to be analyzed and compared to complete the verification process of the verification code, and the verification server system comprises a picture repository, an identification module, an encryption module, a verification module and a picture synthesis module.
The implementation mode is specifically as follows: the provided identification method of the abnormal client judges whether the client is the abnormal client or not based on the behavior of the client, so that the problem of cracking of intelligent identification software and artificial customer service can be avoided, the identification reliability can be ensured, and the normal service of the common client cannot be influenced; when the crawled website uses the picture verification code to limit the network to crawl the website content, the picture verification code is manually identified, so that the webpage can be continuously crawled, and the method has the advantages of wide practical range and high safety performance; the verification process using the verification code can be completed easily without inputting, is particularly convenient for small-screen mobile terminal users, can complete verification after a few times of light, and can complete verification of the verification code by once sliding of fingers sometimes.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (4)
1. A pattern recognition method based on network verification codes is characterized by comprising the following steps:
s1: counting abnormal behavior characteristics of an abnormal client in advance, and setting matching degree scores corresponding to the abnormal behavior characteristics;
s2: after a user logs in a service server through a client, the service server records service behavior information of the user and stores the service behavior information in a behavior statistical database;
s3: establishing a pattern recognition system at a network server end for storing and processing a pattern recognition object to be recognized;
s4: decomposing and cutting the pattern recognition object into one verification code unit in sequence, establishing a pattern recognition database by taking the verification code unit as an element, storing the position relation of the verification code unit relative to the pattern recognition object in the database, distributing the verification code unit to different website netizen recognition verification codes, and feeding back the recognized information to the pattern recognition database of the network server end;
s5: when each preset monitoring period is finished, the monitoring server reads the service behavior information of the online users recorded in the period from the behavior statistical database, determines the abnormal matching degree of the behavior of each online user matched with the abnormal behavior characteristics according to the read service behavior information, the abnormal behavior characteristics and the abnormal matching degree scores corresponding to the abnormal behavior characteristics, and determines whether the client where the online user is located is an abnormal client according to the abnormal matching degree of the online user and a preset abnormal matching threshold;
s5: when the network request is overtime, the proxy IP is limited to access, and the picture verification code appears, different processing is carried out by the program, and when the webpage needing to be crawled is accessed, the content of the webpage is downloaded and stored.
2. The method for making the pattern recognition method based on the network authentication code according to claim 1, wherein: the abnormal matching degree comprises: for each online user, according to the read service behavior information of the online user, counting the current individual behavior characteristics of the online user, determining the individual abnormal behavior characteristics matched with the counted individual behavior characteristics, and according to the abnormal matching degree score corresponding to each matched individual abnormal behavior characteristic, obtaining the abnormal matching degree of the online user.
3. The pattern recognition method based on the network authentication code as claimed in claim 1, wherein: the program in the step S5 needs preprocessing, and specifically includes the following steps:
101. continuously accessing the webpage needing crawling by the crawler by using a browser until the picture verification code appears;
102. acquiring an xpath path of the picture verification code area, and counting the xpath path as a path 1;
103. after the picture verification code is successfully verified, selecting an xpath path of html elements of the webpage of the stage different from the webpages of other stages, and recording the xpath path as a path 2;
104. and continuing to use the browser to access the webpage until the IP is limited to access, and then selecting an xpath path of html elements of the webpage at the stage, which is different from other webpages, and counting as a path 3.
4. The pattern recognition method based on the network authentication code as claimed in claim 2, wherein: the S5 picture needs to create a plurality of hot areas or buttons, each hot area or button is endowed with a coordinate code, the key word of each hot area or button is extracted, a verification prompt is generated according to the key word, a user clicks or drags the hot area or button on the picture to generate coordinate code set verification information according to the requirement of the verification prompt, the coordinate code set verification information is transmitted to a verification server system to be analyzed and compared to complete the verification process of the verification code, and the verification server system comprises a picture repository, an identification module, an encryption module, a verification module and a picture synthesis module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010187508.2A CN111416817A (en) | 2020-03-17 | 2020-03-17 | Mode identification method based on network verification code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010187508.2A CN111416817A (en) | 2020-03-17 | 2020-03-17 | Mode identification method based on network verification code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111416817A true CN111416817A (en) | 2020-07-14 |
Family
ID=71493092
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010187508.2A Pending CN111416817A (en) | 2020-03-17 | 2020-03-17 | Mode identification method based on network verification code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111416817A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113643042A (en) * | 2021-08-20 | 2021-11-12 | 武汉极意网络科技有限公司 | Safety verification system based on online business safety |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724182A (en) * | 2012-05-30 | 2012-10-10 | 北京像素软件科技股份有限公司 | Recognition method of abnormal client side |
| US20130111019A1 (en) * | 2011-10-28 | 2013-05-02 | Electronic Arts Inc. | User behavior analyzer |
| CN103139204A (en) * | 2012-12-19 | 2013-06-05 | 姚爱军 | Network identifying code method and system |
| CN105844140A (en) * | 2016-03-21 | 2016-08-10 | 国家电网公司 | Website login brute force crack method and system capable of identifying verification code |
| CN106603560A (en) * | 2016-12-30 | 2017-04-26 | 北京经纬信安科技有限公司 | Mode recognition method based on network verification codes |
| CN108062468A (en) * | 2017-12-25 | 2018-05-22 | 南京烽火软件科技有限公司 | A kind of web crawlers method based on picture validation code identification |
-
2020
- 2020-03-17 CN CN202010187508.2A patent/CN111416817A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130111019A1 (en) * | 2011-10-28 | 2013-05-02 | Electronic Arts Inc. | User behavior analyzer |
| CN102724182A (en) * | 2012-05-30 | 2012-10-10 | 北京像素软件科技股份有限公司 | Recognition method of abnormal client side |
| CN103139204A (en) * | 2012-12-19 | 2013-06-05 | 姚爱军 | Network identifying code method and system |
| CN105844140A (en) * | 2016-03-21 | 2016-08-10 | 国家电网公司 | Website login brute force crack method and system capable of identifying verification code |
| CN106603560A (en) * | 2016-12-30 | 2017-04-26 | 北京经纬信安科技有限公司 | Mode recognition method based on network verification codes |
| CN108062468A (en) * | 2017-12-25 | 2018-05-22 | 南京烽火软件科技有限公司 | A kind of web crawlers method based on picture validation code identification |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113643042A (en) * | 2021-08-20 | 2021-11-12 | 武汉极意网络科技有限公司 | Safety verification system based on online business safety |
| CN113643042B (en) * | 2021-08-20 | 2024-04-05 | 武汉极意网络科技有限公司 | Security verification system based on online business security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113098870B (en) | Phishing detection method and device, electronic equipment and storage medium | |
| EP2748781B1 (en) | Multi-factor identity fingerprinting with user behavior | |
| CA2827478C (en) | System and methods for identifying compromised personally identifiable information on the internet | |
| CN101187979B (en) | Personal identification device, personal identification method, updating method for identification dictionary data, and updating program for identification dictionary data | |
| CN104426884A (en) | Method for authenticating identity and device for authenticating identity | |
| CN109190380A (en) | The method and system that batch website loophole quickly detects are realized based on web fingerprint | |
| CN107451819B (en) | Identity verification method and device based on user operation behavior characteristics | |
| WO2009055785A2 (en) | Fraud detection using honeytoken data tracking | |
| CN101971591A (en) | System and method of analyzing web addresses | |
| CA3038029A1 (en) | Identity recognition method and device | |
| CN104580230B (en) | Verification method and device are attacked in website | |
| CN109871673B (en) | Continuous identity authentication method and system based on different context environments | |
| CN111865925A (en) | Network traffic based fraud group identification method, controller and medium | |
| US10341382B2 (en) | System and method for filtering electronic messages | |
| CN110708339B (en) | Correlation analysis method based on WEB log | |
| CN107517180B (en) | Login method and device | |
| CN112149093A (en) | Identity authentication system and method based on browser fingerprint | |
| EP3550789A1 (en) | Method for protecting web applications by automatically generating application models | |
| CN111416817A (en) | Mode identification method based on network verification code | |
| CN112751804A (en) | Method, device and equipment for identifying counterfeit domain name | |
| CN111882425B (en) | Service data processing method, device and server | |
| CN113239333A (en) | Browser user identity authentication method and system based on cross-domain resource access | |
| CN112215622A (en) | Risk prevention and control method and system based on order information | |
| JP2018028759A (en) | Program and information processing apparatus | |
| CN107679865B (en) | Identity verification method and device based on touch area |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200714 |