CN111786938B - Method, system and electronic equipment for preventing malicious resource acquisition - Google Patents

Method, system and electronic equipment for preventing malicious resource acquisition Download PDF

Info

Publication number
CN111786938B
CN111786938B CN202010149745.XA CN202010149745A CN111786938B CN 111786938 B CN111786938 B CN 111786938B CN 202010149745 A CN202010149745 A CN 202010149745A CN 111786938 B CN111786938 B CN 111786938B
Authority
CN
China
Prior art keywords
user
click
link
target jump
behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010149745.XA
Other languages
Chinese (zh)
Other versions
CN111786938A (en
Inventor
欧媛媛
王金川
李山林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN202010149745.XA priority Critical patent/CN111786938B/en
Publication of CN111786938A publication Critical patent/CN111786938A/en
Application granted granted Critical
Publication of CN111786938B publication Critical patent/CN111786938B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9558Details of hyperlinks; Management of linked annotations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • G06F16/972Access to data in other repository systems, e.g. legacy data or dynamic Web page generation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The disclosure discloses a method, a system and electronic equipment for preventing malicious resource acquisition, and relates to the field of information processing. The method comprises the following steps: responding to a link of a user behavior system clicked by a user, configuring a click identification for the click behavior of the user, and acquiring a target jump address; generating a target jump link according to the target jump address so as to jump to a target jump page; comparing the user parameter of the link based on the user behavior system with the user parameter of the link based on the target jump link, and determining an identification result, wherein the identification result comprises whether the click behavior of the user is a real click behavior; and jumping to a resource acquisition page from the target jump page, responding to a resource acquisition request sent by a user, and judging whether the user is allowed to acquire the resource or not according to service parameters, wherein the service parameters comprise an identification result and a click mark. The present disclosure can prevent resources from being maliciously acquired.

Description

Method, system and electronic equipment for preventing malicious resource acquisition
Technical Field
The present disclosure relates to the field of information processing, and in particular, to a method, a system, and an electronic device for preventing malicious resource acquisition.
Background
In the present case, the user can access the active page address, and then obtain resources, such as red envelope, coupon, file, etc., according to the page information after entering the page. However, with the rapid development of the internet, the programming capability is no longer a high threshold, and the cost of directly swiping resources by a program simulation user is very low. In the related technology, only the number of resources acquired by a user every day can be limited, and whether the user acquisition behavior is the user real behavior or the program malicious acquisition behavior cannot be distinguished, so that the resource is easily acquired maliciously.
Disclosure of Invention
The disclosure provides a method, a system and an electronic device for preventing malicious resource acquisition.
According to an aspect of the present disclosure, a method for preventing malicious resource acquisition is provided, including: responding to a link of a user behavior system clicked by a user, configuring a click identification for the click behavior of the user, and acquiring a target jump address; generating a target jump link according to the target jump address so as to jump to a target jump page; comparing the user parameter of the link based on the user behavior system with the user parameter of the link based on the target jump link, and determining an identification result, wherein the identification result comprises whether the click behavior of the user is a real click behavior; and jumping to a resource acquisition page from the target jump page, responding to a resource acquisition request sent by a user, and judging whether the user is allowed to acquire the resource or not according to service parameters, wherein the service parameters comprise an identification result and a click mark.
In some embodiments, generating the target jump link based on the target jump address comprises: and splicing the click time corresponding to the link of the user behavior system clicked by the user with the target jump address to generate a target jump link.
In some embodiments, the linked user parameters based on the user behavior system include: clicking one or more items of click time corresponding to a link of the user behavior system by a user, Referer of a target jump page and first user address information of the link of the user behavior system clicked by the user; and the user parameters based on the target jump link comprise: and one or more items of time carried by the target jump link, host of the target jump link, jump time for jumping to the target jump page and second user address information for jumping to the target jump page.
In some embodiments, determining the recognition result comprises: determining that the click behavior of the user is an unreal click behavior if at least one of the following conditions is met: clicking time corresponding to the link of the user behavior system by the user is inconsistent with time carried by the target jump link; the domain name of the refer of the target jump page is inconsistent with the domain name of the host of the target jump link; the first user address information and the second user address information are inconsistent; and the click time corresponding to the link of the user behavior system clicked by the user and the difference value between the jump time for jumping to the target jump page is larger than a first threshold value.
In some embodiments, determining whether to allow the user to acquire the resource according to the service parameter includes: if the identification result in the service parameter is that the clicking behavior of the user is the unreal clicking behavior, the user is not allowed to acquire the resource; and if the identification result in the service parameters is that the click behavior of the user is the real click behavior, allowing the resource acquisition logic to be executed.
In some embodiments, the resource acquisition logic comprises: judging whether the click mark meets the counting requirement or not; and if the click mark meets the counting requirement, allowing the user to acquire the resource, otherwise, not allowing the user to acquire the resource.
In some embodiments, the service parameter further includes a click time corresponding to a user clicking a link of the user behavior system, and the resource obtaining logic further includes: acquiring corresponding request time when a user sends a resource acquisition request; and if the time difference value between the click time and the request time in the service parameters is greater than a second threshold value, not allowing the user to acquire the resources.
In some embodiments, the click time, the click identification and the first user address information are stored in a cookie after being encrypted; encrypting the service parameters and storing the encrypted service parameters in a cookie; and splicing the encrypted click time with the target jump address.
In some embodiments, it is determined whether the user has acquired the resource based on the click identity based on at least one of the Redis distributed expired lock and the Zookeeper distributed expired lock mechanism, and if so, the user is not allowed to acquire the resource based on the click identity again.
According to another aspect of the present disclosure, there is also provided a system for preventing malicious resource acquisition, including: the click response unit is configured to respond to the click of the user on the link of the user behavior system by the user, configure a click identifier for the click behavior of the user and acquire a target jump address; a link generating unit configured to generate a target jump link according to the target jump address so as to jump to a target jump page; the parameter comparison unit is configured to compare the user parameter based on the link of the user behavior system with the user parameter based on the target jump link, and determine an identification result, wherein the identification result comprises whether the click behavior of the user is a real click behavior; and the resource acquisition unit is configured to jump to the resource acquisition page from the target jump page, respond to the resource acquisition request sent by the user, and judge whether the user is allowed to acquire the resource according to the service parameters, wherein the service parameters comprise the identification result and the click identifier.
According to another aspect of the present disclosure, there is also provided an electronic device for preventing malicious resource acquisition, including: a memory; and a processor coupled to the memory, the processor configured to perform the method of preventing malicious fetching of resources as described above based on instructions stored in the memory.
According to another aspect of the present disclosure, a computer-readable storage medium is also proposed, on which computer program instructions are stored, which when executed by a processor implement the above-mentioned method for preventing malicious resource acquisition.
In the embodiment of the disclosure, before the user acquires the resource, the user passes through the user behavior system, the user behavior system supports internal skipping, and whether the click behavior of the user is a real click behavior can be identified by comparing user parameters in multiple links, so as to determine whether the user is allowed to acquire the resource on the resource acquisition page, thereby preventing the resource from being acquired maliciously.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a flow chart illustrating some embodiments of a method for preventing malicious resource acquisition according to the present disclosure.
Fig. 2 is a flowchart illustrating another embodiment of a method for preventing malicious resource access according to the present disclosure.
Fig. 3 is a flowchart illustrating another embodiment of a method for preventing malicious resource access according to the present disclosure.
Fig. 4 is a schematic structural diagram of some embodiments of the system for preventing malicious resource acquisition according to the present disclosure.
Fig. 5 is a schematic structural diagram of some embodiments of the electronic device for preventing malicious resource acquisition according to the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
Fig. 1 is a flow chart illustrating some embodiments of a method for preventing malicious resource acquisition according to the present disclosure.
In step 110, in response to the user clicking the link of the user behavior system, a click identifier is configured for the click behavior of the user, and a target jump address is obtained.
When a user accesses a link of a user behavior system, the server configures a unique click identifier for each access behavior. In some embodiments, the server may also obtain current click time, user address information, and the like.
The target jump address is generated based on the address of the link of the user behavior system, and is also a request address for accessing the user behavior system, such as an HTTP secondary jump request address. And when the user clicks the link of the user behavior system, the server forms the HTTP secondary skip request address by splicing the character strings.
In step 120, a target jump link is generated according to the target jump address so as to jump to the target jump page.
In some embodiments, the click time corresponding to the link of the user behavior system clicked by the user is spliced with the target jump address to generate the target jump link. The splicing refers to the serial operation of character strings, namely, the host, the address, the parameter and the acquired click time required by the HTTP are connected in series to form the URL required by a complete HTTP request.
In step 130, comparing the user parameter of the link based on the user behavior system with the user parameter of the target jump link to determine a recognition result, wherein the recognition result includes whether the click behavior of the user is a real click behavior.
In some embodiments, the linked user parameters based on the user behavior system include: the method comprises the steps of clicking time corresponding to a link of a user behavior system by a user, referring of a target jump page, first user address information of the link of the user behavior system clicked by the user, and the like.
In some embodiments, the user parameters based on the target jump link include: the time carried by the target jump link, the host of the target jump link, the jump time for jumping to the target jump page, the second user address information for jumping to the target jump page and the like.
Host and Referer are part of the HTTP request header. Host describes the destination to which the request will be sent, including the domain name and port number, and refer is used to tell the server which page the current request came from, including: protocol + domain name + query parameter.
If the hacker needs to simulate the mode of two continuous jumps through program simulation, and the hacker does not know the specific strategy for forming the target jump link, the simulated user parameters of the two jumps are not consistent, so that in the embodiment, through the two jumps and comparing the user parameters, whether the click behavior of the user is the real click behavior can be judged.
In step 140, jump from the target jump page to the resource acquisition page, respond to the resource acquisition request sent by the user, and determine whether to allow the user to acquire the resource according to the service parameters, wherein the service parameters include the identification result and the click identifier. The resource is information such as red packet, coupon, file, hospital registration, material, data, etc.
For example, the user jumps to a coupon obtaining page, clicks a coupon button, if the behavior of the user clicking the user behavior system is an unreal behavior, the server does not allow the user to receive the coupon, and if the behavior is an unreal behavior, the server further judges whether the user is allowed to receive the coupon according to the click identifier.
In the embodiment, before the user acquires the resource, the user passes through the user behavior system, the user behavior system supports internal skipping, and whether the click behavior of the user is a real click behavior can be identified by comparing user parameters in multiple links, so that whether the user is allowed to acquire the resource on the resource acquisition page is determined, and the condition of maliciously acquiring the resource is prevented.
Fig. 2 is a flowchart illustrating another embodiment of a method for preventing malicious resource access according to the present disclosure.
In step 210, in response to the user clicking the link of the user behavior system, a click identifier is configured for the click behavior of the user, the current click time and the first user address information are obtained, and the target jump link is spliced. The first user address information is, for example, a real IP address of the user, and the target jump link is, for example, an HTTP secondary jump request address.
In some embodiments, the click time, click identification, and first user address information may be stored, for example in a cookie. For another example, the click time, the click identifier and the first user address information are encrypted and stored in the cookie, so that the security of parameter storage is improved. The Encryption algorithm is, for example, AES (Advanced Encryption Standard) Encryption.
In some embodiments, the click time, the click identifier and the first user address information are spliced into the anti-cheating parameter, encrypted by the AES and stored in the cookie.
In step 220, the click time and the target jump link are spliced to generate a target jump link so as to jump to the target jump page.
In some embodiments, the click time is encrypted and then spliced with the HTTP secondary skip request address, and the encryption algorithm is AES, for example.
In step 230, the parameters are compared to determine the recognition result.
In some embodiments, the click behavior of the user is determined to be non-true click behavior if at least one of the following conditions is met: clicking time corresponding to the link of the user behavior system by the user is inconsistent with time carried by the target jump link; the domain name in the refer of the target jump page is inconsistent with the domain name in the host of the target jump link; the first user address information is inconsistent with the second user address information jumped to the target jump page; and the click time corresponding to the link of the user behavior system clicked by the user and the difference value between the jump time for jumping to the target jump page is larger than a first threshold value.
For example, the anti-cheating parameters are fetched from the cookie, decrypted using the AES encryption algorithm, and the parameters carried by the target jumped link are decrypted. And judging whether the click time in the anti-cheating parameter is consistent with the time carried by the target jump link, if not, indicating that the click behavior of the user is a non-real click behavior. For example, by simulating that a user draws resources, a link clicking behavior needs to be simulated twice, and time information in the link clicking behavior is inconsistent, so that the link clicking behavior can be judged to be an unreal link clicking behavior. If the clicking behavior of the user is the real clicking behavior, the target jump link is formed by splicing the clicking time and the target jump address, so that the clicking time in the anti-cheating parameter is consistent with the time carried by the target jump link.
If a hacker respectively requests the primary skip link and the secondary skip link by simulating a user through different machines or agents, the IP address of the primary skip link is different from that of the secondary skip link, and the clicking behavior can also be determined to be an unreal clicking behavior.
If the domain name in the refer of the target jump page is not consistent with the domain name in the host of the target jump link, the hacker is shown as a simulated click behavior, and the behavior is an unreal click behavior.
Since the two jumps are made inside the user behavior system, the time of the two jumps should be less than a threshold, e.g. less than 15 seconds. If the time difference between the click time in the anti-cheating parameter and the jump time for jumping to the target jump page is greater than a first threshold, the behavior is proved to be a non-real click behavior after two simulated click behaviors.
If the user clicks the click time corresponding to the link of the user behavior system, the click time is consistent with the time carried by the target jump link; the domain name in the refer of the target jump page is consistent with the domain name in the host of the target jump link; the first user address information is consistent with the second user address information jumped to the target jump page; and the click time corresponding to the link of the user behavior system clicked by the user is less than or equal to a first threshold value, and the time difference between the click time and the jump time for jumping to the target jump page indicates that the click behavior of the user is the real click behavior.
In some embodiments, the user click time, the recognition result, and the click identity may be stored as service parameters after being encrypted, for example, in a cookie.
In step 240, jump is made from the target jump page to the resource acquisition page. For example, jump to the resource acquisition page with HTTP request 302.
In step 250, in response to the resource obtaining request sent by the user, it is determined whether the recognition result is that the click behavior of the user is a non-real click behavior, if so, step 260 is executed, otherwise, step 270 is executed.
At step 260, the user is not allowed to acquire the resource.
At step 270, the resource acquisition logic is allowed to execute.
In some embodiments, the resource acquisition logic comprises: judging whether the click mark meets the counting requirement or not; and if the click mark meets the counting requirement, allowing the user to acquire the resource, otherwise, not allowing the user to acquire the resource.
In some embodiments, whether a user has acquired a resource based on a click identifier is determined based on a Redis distributed expired lock or a Zookeeper distributed expired lock mechanism, and if so, the user is not allowed to acquire the resource based on the click identifier again.
For example, the number of resources acquired by a user every day and the number of successful acquisition are limited by using a Hash structure in Redis, wherein the Redis distributed overdue lock limits that each unique click identifier can only acquire a resource successfully once, and only one resource needs to be acquired before another resource can be acquired. Redis counting is carried out by the click identification, so that the newly generated click identification must be carried by the resource acquired each time, the user behavior system needs to be clicked when the resource is acquired each time, and the possibility that the resource is acquired in a centralized manner is limited.
For another example, the distributed overdue lock mechanism implemented by using the Zookeeper can prevent the master-slave switching lock from being lost except for implementing the Redis function, namely, the lock data is not lost, the locking process can be detected and activated, the lock is automatically released when the process does not exist, the overdue time is not long, the situations of invalid waiting of a user and the like are avoided, and the user experience is optimized.
In further embodiments of the present disclosure, the resource acquisition logic further comprises: acquiring corresponding request time when a user sends a resource acquisition request; and if the time difference value between the click time and the request time in the service parameters is greater than a second threshold value, the user is not allowed to acquire the resources. Because the time for clicking the user behavior system and the time for clicking the resource acquisition page do not differ too much when the user acquires the resource, the time difference between the clicking time and the request time is set, so that the condition that the user can successfully acquire the resource only by continuous behaviors of clicking and acquiring can be limited, and the process for acquiring the resource by the user is standardized.
In the embodiment, whether the user behavior is a real behavior can be judged in real time by using a two-jump mechanism through a user behavior system, so that malicious behavior acquisition can be prevented, and in addition, the distributed lock mechanism of the activity service is optimized through Redis or Zookeeper, so that the purpose of preventing the user from acquiring resources simultaneously is achieved, and the user experience is optimized.
The following describes the present disclosure with an example of a user getting a coupon, as shown in fig. 3:
in step 310, the user accesses the link of the user behavior system, and after receiving the request, the server sets a click identifier for the user click behavior, and obtains click time and the user real IP address.
In step 320, the click mark, the click time and the user's real IP address are concatenated into an anti-cheating mark parameter, encrypted by AES, and placed in a cookie.
In step 330, the click time is encrypted by AES and then spliced with the HTTP secondary skip request address to form a secondary skip link.
In step 340, after the page is automatically jumped to the secondary jump page, the server receives the request, takes out the anti-cheating mark parameters from the cookie, decrypts the anti-cheating mark parameters by using the AES encryption algorithm, and makes the following judgments: judging whether the click time in the anti-cheating mark parameter is consistent with the time obtained after decryption of the parameter carried by the secondary skip link; whether the real IP address of the user in the anti-cheating mark parameter is consistent with the current request acquisition amount IP address or not is judged; whether the user request Referer is consistent with the current request host or not is judged; whether the time in the anti-cheating flag parameter and the current request time are less than 15 seconds. If the click is not satisfied, judging that the user click is in a cheating state, and considering that the user click behavior is not the user real click, otherwise, considering that the user click behavior is the user real click.
In step 350, after the judgment is finished, the click mark, the judgment result and the click time are spliced into service parameters, the service parameters are encrypted and then are put into a cookie, and then the coupon page is jumped to by the HTTP request 302.
In step 360, the user clicks on the coupon page, and the server determines whether to execute subsequent coupon logic according to the service parameter in the cookie. And (4) performing real-time anti-cheating judgment on the user behavior system, and determining whether to allow the receiving logic to be executed according to the judgment result. If the coupon logic can be executed, the server utilizes a Redis distributed overdue lock or a Zookeeper distributed lock mechanism, counts by using the click identifiers, and limits that each unique click identifier can only be successfully received once, so that a user must carry newly generated service parameters for receiving each time, the user behavior system needs to be taken for receiving each time, and the possibility that the coupons are intensively brushed is also comprehensively limited. In addition, the time difference between the click time and the current time in the service parameters can be limited, so that the user is limited to successfully get the click and the get only through continuous behaviors, and the purpose of standardizing the user get process is achieved.
Fig. 4 is a schematic structural diagram of some embodiments of the system for preventing malicious resource acquisition according to the present disclosure. The system comprises a click response unit 410, a link generation unit 420, a parameter comparison unit 430 and a resource acquisition unit 440.
The click response unit 410 is configured to respond to the user clicking the link of the user behavior system, configure a click identifier for the click behavior of the user, and obtain a target jump address.
When a user accesses a link of a user behavior system, the server configures a unique click identifier for each access behavior. In some embodiments, the server may also obtain a current click time, first user address information, and the like. The first user address information is, for example, the real IP address of the user. The target jump address is generated based on the address of the link of the user behavior system, and is also a request address for accessing the user behavior system, such as an HTTP secondary jump request address.
In some embodiments, the click time, click identification, and first user address information may be stored, for example in a cookie. For another example, the click time, the click identifier and the first user address information are encrypted and stored in the cookie, so that the security of parameter storage is improved.
The link generating unit 420 is configured to generate a target jump link according to the target jump address so as to jump to the target jump page.
In some embodiments, the click time corresponding to the link of the user behavior system clicked by the user is spliced with the target jump address to generate the target jump link. For example, the click time is encrypted and then spliced with the address of the HTTP secondary jump request.
The parameter comparison unit 430 is configured to compare the user parameter of the link based on the user behavior system with the user parameter of the link based on the target jump link, and determine a recognition result, where the recognition result includes whether the click behavior of the user is a real click behavior.
In some embodiments, the linked user parameters based on the user behavior system include: the method comprises the steps of clicking time corresponding to a link of a user behavior system by a user, referring of a target jump page, first user address information of the link of the user behavior system clicked by the user, and the like.
In some embodiments, the user parameters based on the target jump link include: the time carried by the target jump link, the host of the target jump link, the jump time for jumping to the target jump page, the second user address information for jumping to the target jump page and the like.
In some embodiments, the click behavior of the user is determined to be non-true click behavior if at least one of the following conditions is met: clicking time corresponding to the link of the user behavior system by the user is inconsistent with time carried by the target jump link; the domain name in the refer of the target jump page is inconsistent with the domain name in the host of the target jump link; the first user address information is inconsistent with the second user address information jumped to the target jump page; and the click time corresponding to the link of the user behavior system clicked by the user and the difference value between the jump time for jumping to the target jump page is larger than a first threshold value.
In some embodiments, the user click time, the recognition result, and the click identity may be stored as service parameters after being encrypted, for example, in a cookie.
The resource obtaining unit 440 is configured to jump from the target jump page to the resource obtaining page, and in response to the user sending the resource obtaining request, determine whether to allow the user to obtain the resource according to the service parameters, where the service parameters include the recognition result and the click identifier. The resource is information such as red packet, coupon, file, hospital registration, material, data, etc.
In some embodiments, if the identification result in the service parameter is that the click behavior of the user is a non-real click behavior, the user is not allowed to acquire the resource; and if the identification result in the service parameters is that the click behavior of the user is the real click behavior, allowing the resource acquisition logic to be executed.
In some embodiments, the resource acquisition logic comprises: judging whether the click mark meets the counting requirement or not; and if the click mark meets the counting requirement, allowing the user to acquire the resource, otherwise, not allowing the user to acquire the resource.
In some embodiments, whether a user has acquired a resource based on a click identifier is determined based on a Redis distributed expired lock or a Zookeeper distributed expired lock mechanism, and if so, the user is not allowed to acquire the resource based on the click identifier again. I.e. to prevent the user from acquiring multiple resources simultaneously.
In further embodiments of the present disclosure, the resource acquisition logic further comprises: acquiring corresponding request time when a user sends a resource acquisition request; and if the time difference value between the click time and the request time in the service parameters is greater than a second threshold value, the user is not allowed to acquire the resources. Because the time for clicking the user behavior system and the time for clicking the resource acquisition page do not differ too much when the user acquires the resource, the time difference between the clicking time and the request time is set, so that the condition that the user can successfully acquire the resource only by continuous behaviors of clicking and acquiring can be limited, and the process for acquiring the resource by the user is standardized.
In the embodiment, before the user acquires the resource, the user passes through the user behavior system, the user behavior system supports internal skipping, and whether the click behavior of the user is a real click behavior can be identified by comparing user parameters in multiple links, so that whether the user is allowed to acquire the resource on the resource acquisition page is determined, and the condition of maliciously acquiring the resource is prevented.
Fig. 5 is a schematic structural diagram of some embodiments of the electronic device for preventing malicious resource acquisition according to the present disclosure. The electronic device 500 includes: a memory 510 and a processor 520. Wherein: the memory 510 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used to store instructions in the embodiments corresponding to fig. 1-3. Processor 520 is coupled to memory 510 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 520 is configured to execute instructions stored in memory.
In some embodiments, processor 520 is coupled to memory 510 by a BUS BUS 530. The system 500 may also be coupled to an external storage system 550 via a storage interface 540 for facilitating retrieval of external data, and may also be coupled to a network or another computer system (not shown) via a network interface 560. And will not be described in detail herein.
In the embodiment, the data instructions are stored in the memory, and then the instructions are processed by the processor, so that the robot can quickly respond to a new task, and the overall working efficiency is improved.
In other embodiments, a computer-readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the embodiments corresponding to fig. 1-3. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (11)

1. A method of preventing malicious acquisition of a resource, comprising:
responding to a link of a user behavior system clicked by a user, configuring a click identification for the click behavior of the user, and acquiring a target jump address;
generating a target jump link according to the target jump address so as to jump to the target jump page, wherein the generating of the target jump link according to the target jump address comprises: the click time corresponding to the link of the user behavior system clicked by the user is spliced with the target jump address to generate the target jump link;
comparing the user parameter of the link based on the user behavior system with the user parameter of the target jump link to determine an identification result, wherein the identification result comprises whether the click behavior of the user is a real click behavior; and
and jumping to a resource acquisition page from the target jumping page, responding to a resource acquisition request sent by the user, and judging whether the user is allowed to acquire the resource according to service parameters, wherein the service parameters comprise the identification result and the click identification.
2. The method for preventing malicious acquisition of resources according to claim 1,
the linked user parameters based on the user behavior system include: one or more items of click time corresponding to the user clicking the link of the user behavior system, refer of the target jump page and first user address information of the link of the user clicking the user behavior system; and
the user parameters based on the target jump link comprise: and one or more items of time carried by the target jump link, host of the target jump link, jump time for jumping to the target jump page and second user address information for jumping to the target jump page.
3. The method for preventing malicious acquisition of resources according to claim 2, wherein determining the recognition result comprises:
determining that the click behavior of the user is an unreal click behavior if at least one of the following conditions is met:
the click time corresponding to the link of the user behavior system clicked by the user is inconsistent with the time carried by the target jump link;
the domain name in the refer of the target jump page is inconsistent with the domain name in the host of the target jump link;
the first user address information and the second user address information are inconsistent; and
and the time difference between the click time corresponding to the link of the user behavior system clicked by the user and the jump time for jumping to the target jump page is larger than a first threshold value.
4. The method for preventing malicious resource acquisition according to any one of claims 1 to 3, wherein determining whether to allow the user to acquire the resource according to the service parameter includes:
if the identification result in the service parameter is that the click behavior of the user is a non-real click behavior, the user is not allowed to acquire the resource; and
and if the identification result in the service parameters is that the click behavior of the user is the real click behavior, allowing the resource acquisition logic to be executed.
5. The method of preventing malicious acquisition of resources according to claim 4, wherein the resource acquisition logic comprises:
judging whether the click mark meets the counting requirement or not; and
and if the click identification meets the counting requirement, allowing the user to acquire the resource, otherwise, not allowing the user to acquire the resource.
6. The method for preventing malicious resource acquisition according to claim 5, wherein the service parameter further includes a click time corresponding to a click of a link of a user behavior system by the user, and the resource acquisition logic further includes:
acquiring corresponding request time when the user sends a resource acquisition request; and
and if the time difference between the click time in the service parameter and the request time is greater than a second threshold, not allowing the user to acquire the resource.
7. The method for preventing malicious acquisition of resources according to claim 2,
encrypting the click time, the click identification and the first user address information and storing the encrypted information in a cookie;
encrypting the service parameters and storing the encrypted service parameters in a cookie; and
and after encrypting the click time, splicing the encrypted click time with the target jump address.
8. The method for preventing malicious acquisition of resources according to claim 6,
and judging whether the user acquires the resource based on the click identifier or not based on at least one of a Redis distributed overdue lock mechanism and a Zookeeper distributed overdue lock mechanism, and if so, not allowing the user to acquire the resource based on the click identifier again.
9. A system for preventing malicious acquisition of a resource, comprising:
the click response unit is configured to respond to a user clicking a link of a user behavior system, configure a click identifier for the user's click behavior, and acquire a target jump address;
a link generating unit configured to generate a target jump link according to the target jump address so as to jump to the target jump page, wherein the generating of the target jump link according to the target jump address includes: the click time corresponding to the link of the user behavior system clicked by the user is spliced with the target jump address to generate the target jump link;
a parameter comparison unit configured to compare a user parameter based on a link of the user behavior system with a user parameter based on the target jump link, and determine an identification result, where the identification result includes whether the click behavior of the user is a real click behavior; and
and the resource acquisition unit is configured to jump to a resource acquisition page from the target jump page, respond to the resource acquisition request sent by the user, and judge whether the user is allowed to acquire the resource according to service parameters, wherein the service parameters comprise the identification result and the click identification.
10. An electronic device that prevents malicious acquisition of resources, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of preventing malicious fetching of resources of any of claims 1-8 based on instructions stored in the memory.
11. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method of preventing malicious fetching of resources of any of claims 1 to 8.
CN202010149745.XA 2020-03-06 2020-03-06 Method, system and electronic equipment for preventing malicious resource acquisition Active CN111786938B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010149745.XA CN111786938B (en) 2020-03-06 2020-03-06 Method, system and electronic equipment for preventing malicious resource acquisition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010149745.XA CN111786938B (en) 2020-03-06 2020-03-06 Method, system and electronic equipment for preventing malicious resource acquisition

Publications (2)

Publication Number Publication Date
CN111786938A CN111786938A (en) 2020-10-16
CN111786938B true CN111786938B (en) 2021-10-15

Family

ID=72753138

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010149745.XA Active CN111786938B (en) 2020-03-06 2020-03-06 Method, system and electronic equipment for preventing malicious resource acquisition

Country Status (1)

Country Link
CN (1) CN111786938B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113904827B (en) * 2021-09-29 2024-03-19 恒安嘉新(北京)科技股份公司 Identification method and device for counterfeit website, computer equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101673279A (en) * 2009-03-19 2010-03-17 黄斌 Information release method and system for Internet search engine
CN107844324A (en) * 2017-10-23 2018-03-27 北京京东尚科信息技术有限公司 Customer terminal webpage redirects treating method and apparatus
CN109801136A (en) * 2019-01-17 2019-05-24 广州麒龙网络科技有限公司 Method of ordering, system, terminal, server and the medium for preventing malice from placing an order
CN110599233A (en) * 2019-07-30 2019-12-20 苏宁云计算有限公司 Advertisement anti-cheating method and device based on click verification

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150032533A1 (en) * 2012-07-18 2015-01-29 Simon Raab System and method for click fraud protection
CN106919579B (en) * 2015-12-24 2020-11-06 腾讯科技(深圳)有限公司 Information processing method, device and equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101673279A (en) * 2009-03-19 2010-03-17 黄斌 Information release method and system for Internet search engine
CN107844324A (en) * 2017-10-23 2018-03-27 北京京东尚科信息技术有限公司 Customer terminal webpage redirects treating method and apparatus
CN109801136A (en) * 2019-01-17 2019-05-24 广州麒龙网络科技有限公司 Method of ordering, system, terminal, server and the medium for preventing malice from placing an order
CN110599233A (en) * 2019-07-30 2019-12-20 苏宁云计算有限公司 Advertisement anti-cheating method and device based on click verification

Also Published As

Publication number Publication date
CN111786938A (en) 2020-10-16

Similar Documents

Publication Publication Date Title
CN113574838A (en) System and method for filtering internet traffic through client fingerprints
EP3178011B1 (en) Method and system for facilitating terminal identifiers
CN108243188B (en) Interface access, interface call and interface verification processing method and device
EP1556993A2 (en) Automatically generated cryptographic functions for renewable tamper resistant security systems
CN111177729B (en) Program bug test method and related device
CN109657434B (en) Application access method and device
CN112134893A (en) Internet of things safety protection method and device, electronic equipment and storage medium
JP2019519849A (en) Method and device for preventing attacks on servers
CN109376021A (en) The response method and server that interface calls
CN110958239A (en) Method and device for verifying access request, storage medium and electronic device
CN104239125B (en) Object processing method, distributed file system and client device
CN111786938B (en) Method, system and electronic equipment for preventing malicious resource acquisition
CN107888623A (en) The live anti-abduction method and device of software audio and video data streams
CN110536118A (en) A kind of data capture method, device and computer storage medium
CN107026828A (en) A kind of anti-stealing link method cached based on internet and internet caching
CN113194015A (en) Internet of things intelligent household equipment safety control method and system
CN113098852A (en) Log processing method and device
CN105141642B (en) A kind of method and device preventing illegal user's behavior
CN110046496B (en) Software development method, system, block chain link point equipment and storage medium
CN109842554B (en) Routing method, device, equipment and storage medium of equipment service
EP3718284A1 (en) Extending encrypted traffic analytics with traffic flow data
WO2007074992A1 (en) Method for detecting malicious code changes from hacking of program loaded and executed on memory through network
CN109218009B (en) Method, client and server for improving equipment ID security
CN109905408A (en) Network safety protection method, system, readable storage medium storing program for executing and terminal device
CN106685901A (en) Method for processing cross-domain data, first server and second server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant