CN112245930A - Risk behavior identification method and device and computer equipment - Google Patents

Risk behavior identification method and device and computer equipment Download PDF

Info

Publication number
CN112245930A
CN112245930A CN202010952612.6A CN202010952612A CN112245930A CN 112245930 A CN112245930 A CN 112245930A CN 202010952612 A CN202010952612 A CN 202010952612A CN 112245930 A CN112245930 A CN 112245930A
Authority
CN
China
Prior art keywords
user
group
value
groups
feature combinations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010952612.6A
Other languages
Chinese (zh)
Inventor
韩笑
吕静
纪卉芸
曹彩鹏
周游
刘培锴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Fuyun Network Technology Co ltd
Original Assignee
Hangzhou Fuyun Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Fuyun Network Technology Co ltd filed Critical Hangzhou Fuyun Network Technology Co ltd
Priority to CN202010952612.6A priority Critical patent/CN112245930A/en
Publication of CN112245930A publication Critical patent/CN112245930A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/70Game security or game management aspects
    • A63F13/75Enforcing rules, e.g. detecting foul play or generating lists of cheating players
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0207Discounts or incentives, e.g. coupons or rebates
    • G06Q30/0225Avoiding frauds
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F2300/00Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game
    • A63F2300/50Features of games using an electronically generated display having two or more dimensions, e.g. on a television screen, showing representations related to the game characterized by details of game servers
    • A63F2300/55Details of game data or player data management
    • A63F2300/5586Details of game data or player data management for enforcing rights or rules, e.g. to prevent foul play

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Multimedia (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • Game Theory and Decision Science (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to a risk behavior identification method, a risk behavior identification device and computer equipment, wherein the risk behavior identification method comprises the following steps: the method comprises the steps of extracting multiple groups of feature combinations with preset numerical item features in a feature set of a user, dividing users with matched features into the same user groups for each group of feature combinations to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, the feature combinations at least comprise basic user information, taking the number of members of the largest user group in the user groups to which the users belong as a first similarity value of the users, and judging whether the users are risk behavior users or not according to the first similarity value.

Description

Risk behavior identification method and device and computer equipment
Technical Field
The present application relates to the field of behavior recognition technologies, and in particular, to a risk behavior recognition method, an apparatus, and a computer device.
Background
With the network games being more and more popular, more and more 'wool' group in games and higher disguise, the group generally uses scripts to operate a large number of game accounts and obtain game currency rewards or physical rewards with lower difficulty in games, and the actions seriously damage game resources, destroy game experience of normal players and are not beneficial to the healthy development of the game industry.
In the related technology, a mode of manual identification and statistics is adopted, namely, the reward drawing of a certain game activity is found to be abnormally increased through monitoring of daily operation indexes, then abnormal account characteristics different from normal accounts are induced through drawing of account information for drawing rewards, including registration information and behavior information, the abnormal accounts are classified into 'illegal users', and are added into a blacklist, so that the game rewards cannot be drawn again, the mode depends on personal experience to the utmost extent, and the wool user identification rate is low once the personal experience is insufficient; another method adopts a machine countermeasure mode, the characteristics of the wool user are summarized in a mode of early manual identification, if the user prefers to log in a large number and receive rewards under the same IP and the same equipment, the game duration is short, then a threshold value is set according to the rules, if the log-in number of the IP under the same IP per day exceeds 500 account numbers, the IP is judged to be illegal IP, and the account number logged in by the IP cannot receive the game rewards again later, the rules in the mode are easy to be perceived by the wool user, so that the parameters of the script or the information of the user is modified, if the user pretends to be different IPs, the bypassing rules such as changing the log-in time interval and the like are changed, the effect of the original rules is poor or even fails, and the identification accuracy is low.
At present, aiming at the problem that in the related technology, the identification rate is low when the risk behavior user is identified manually or identified by a machine rule, an effective solution is not provided.
Disclosure of Invention
The embodiment of the application provides a risk behavior identification method, a risk behavior identification device and computer equipment, and aims to at least solve the problem that in the related technology, the identification rate is low when risk behavior users are identified manually or machine rules are identified.
In a first aspect, an embodiment of the present application provides a risk behavior identification method, where the method includes:
extracting a plurality of groups of feature combinations with preset numerical value item features in a feature set of a user, dividing users with matched features into the same user groups for each group of feature combinations to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, the feature combinations at least comprise basic user information, and the membership of the largest user group in the plurality of user groups to which the user belongs is taken as a first similarity value of the user;
and judging whether the user is a risk behavior user or not at least according to the first similarity value.
In some embodiments, after determining whether the user is a risk behavior user at least according to the first similarity value, the method further includes:
acquiring multiple preset groups of judgment rules, wherein the multiple groups of judgment rules have priority judgment levels;
acquiring index data corresponding to the risk behavior users and the judgment rules according to the judgment rules;
and matching the corresponding index data with a preset threshold value in the judgment rule according to the priority judgment level of each group of judgment rules, and judging the risk behavior level of the risk behavior user according to the matching result.
In some of these embodiments, the method further comprises:
acquiring a preset first value combination, wherein the first value combination comprises indexes with corresponding weights, and the first value combination at least comprises the following steps: a user recharge item index in a first unit time, a user token variation item index in the first unit time;
acquiring value data of the user according to the first value combination, and determining a first value degree of the user according to the value data and the weight corresponding to the value data;
and judging whether the user is a normal user or not at least according to the first price degree.
In some of these embodiments, the method further comprises:
acquiring a preset second value combination, wherein the second value combination comprises: the user recharging index in a second unit time and the user token variation index in the second unit time are both provided with corresponding weights;
obtaining value data of the user according to the second value combination, and determining a second value degree of the user according to the value data and the weight corresponding to the value data;
judging whether the user is a normal user or not according to at least the first price degree: and judging whether the user is a normal user or not according to the first value degree and the second value degree.
In some embodiments, extracting a plurality of groups of feature combinations with preset numerical item features in a feature set of a user, for each group of feature combinations, dividing users with feature matching into the same user group to obtain a plurality of user groups, where each user group corresponds to one group of feature combinations, the feature combinations at least include basic user information, and taking the membership of the largest user group in the plurality of user groups to which the user belongs as the first similarity value of the user includes:
extracting a plurality of groups of feature combinations with preset numerical item features in a feature set of a user; the feature set comprises a plurality of features in user basic information, a plurality of features in user game behaviors and a plurality of features in user login behaviors, and each group of feature combination comprises basic information of a fixed numerical item;
for each group of feature combinations, dividing users with matched features into the same user groups to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, and each feature combination comprises user basic information, user game behaviors and user login behaviors;
and taking the membership of the largest user group in a plurality of user groups to which the user belongs as the first similarity value of the user.
In some embodiments, extracting a plurality of groups of feature combinations with preset numerical item features in a feature set of a user, for each group of feature combinations, dividing users with feature matching into the same user group to obtain a plurality of user groups, where each user group corresponds to one group of feature combinations, the feature combinations at least include basic user information, and taking the membership of the largest user group in the plurality of user groups to which the user belongs as the first similarity value of the user includes:
extracting a plurality of groups of feature combinations with preset numerical item features in a feature set of a user; the feature set comprises a plurality of features in the basic information of the user and a plurality of features in the game behavior of the user;
for each group of feature combinations, dividing users with matched features into the same user group to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, and the feature combinations comprise user basic information and user game behaviors;
obtaining token data corresponding to each user in the same user group, and counting the editing times required for converting the token data among the users in the same user group according to the token data;
and deleting the related users with the editing times larger than the preset editing times from the user group, and taking the member number of the largest user group in the plurality of user groups to which the users belong as the first similarity value of the user.
In some of these embodiments, the method further comprises:
acquiring the number of times of activity of the user under each network protocol, wherein each network protocol is used by each user;
adding the active times of the user under each network protocol, determining the active times of the network protocol of the user, and taking the active times of the network protocol as a second similarity value, wherein the second similarity value and the first similarity value both have corresponding weights;
judging whether the user is a risk behavior user at least according to the first similarity value:
and carrying out weighted summation on the first similarity value and the second similarity value of the user, determining a similarity coefficient of the user, and judging whether the user is a risk behavior user according to the similarity coefficient.
In a second aspect, an embodiment of the present application provides an apparatus for identifying risk behaviors, where the apparatus includes: the device comprises an acquisition module, a dividing module and a judgment module;
the acquisition module is used for extracting a plurality of groups of feature combinations with preset numerical item features in the feature set of the user;
the dividing module is configured to divide the users with matched features into the same user groups for each group of feature combinations to obtain a plurality of user groups, where each user group corresponds to one group of feature combinations, and each feature combination at least includes user basic information; the dividing module is further configured to use the membership of the largest user group in a plurality of user groups to which the user belongs as a first similarity value of the user;
and the judging module is used for judging whether the user is a risk behavior user or not at least according to the first similarity value.
In a third aspect, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor, when executing the computer program, implements the risk behavior identification method according to the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the risk behavior identification method according to the first aspect.
Compared with the related art, the risk behavior identification method, the risk behavior identification device and the computer equipment provided by the application have the advantages that multiple groups of feature combinations with preset numerical item features are extracted from the feature set of the user, the user with feature matching is divided into the same user group for each group of feature combinations to obtain multiple user groups, each user group corresponds to one group of feature combinations, the feature combinations at least comprise user basic information, the member number of the largest user group in the multiple user groups to which the user belongs is taken as the first similarity value of the user, whether the user is a risk behavior user is judged at least according to the first similarity value, the problem that the identification rate is low when the risk behavior user is identified manually or machine rules in the related art is solved, the identification rate of the risk behavior user is improved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flow chart of a method of risk behavior identification according to an embodiment of the application;
FIG. 2 is a flowchart of a method for determining a risk level of a risk activity user according to an embodiment of the present application;
FIG. 3 is a flow chart of a method of screening normal users according to value degree according to an embodiment of the present application;
FIG. 4 is another flow chart of a method for screening normal users according to value degree according to an embodiment of the present application;
FIG. 5 is a flowchart of a method for obtaining a first similarity value of a user according to an embodiment of the present application;
FIG. 6 is another flowchart of a method for obtaining a first similarity value of a user according to an embodiment of the present application;
FIG. 7 is another flow diagram of a method of risk behavior identification according to an embodiment of the application;
fig. 8 is a block diagram of a risk behavior recognition apparatus according to an embodiment of the present application;
fig. 9 is a schematic diagram of an internal structure of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The risk behavior identification method provided by the application can be used for identifying the behavior of pulling wool in the online game, and a large number of game account numbers are generally manipulated by a script in the group of 'pulling wool' in the game to obtain the game coin reward or the physical reward with lower difficulty in the game; in the related technology, a network game platform adopts a manual identification and statistics mode, which has high manpower cost and high time consumption, needs to check account information and behaviors one by one, has unstable accuracy, depends extremely on personal experience, has no reproducibility, needs to check and process again when a new suspected wool behavior occurs every time, and has a low user identification rate of wool; another machine countermeasure mode has the disadvantage that rules are easily perceived by users of wool, so that parameters of scripts are modified or self information is modified, for example, the rules are camouflaged to different IP, login time intervals are changed, and the original rules are poor in effect and even invalid, and the situation that the recognition rate of users of wool is low exists, and in addition, the rule setting of the 'one-break' type is easy to mistakenly hurt normal players, and the game experience is influenced; according to the method and the device, multiple groups of feature combinations with preset numerical item features are extracted from feature sets of users, for each group of feature combinations, the users with feature matching are divided into the same user groups to obtain multiple user groups, each user group corresponds to one group of feature combinations, the feature combinations at least comprise user basic information, the membership of the largest user group in the multiple user groups to which the users belong is used as the first similarity value of the user, whether the users are risk behavior users or not is judged at least according to the first similarity value, the problem that in the related technology, the risk behavior users are identified through manual identification or machine rule identification, the identification rate is low is solved, and the identification rate of the risk behavior users is improved.
The present embodiment provides a risk behavior identification method, and fig. 1 is a flowchart of a risk behavior identification method according to an embodiment of the present application, and as shown in fig. 1, the method includes the following steps:
step S101, extracting a plurality of groups of feature combinations with preset numerical item features in a feature set of a user, dividing users with matched features into the same user groups for each group of feature combinations to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, the feature combinations at least comprise basic information of the user, and the membership of the largest user group in the plurality of user groups to which the user belongs is taken as a first similarity value of the user;
it should be noted that the basic information of the user is the basic attributes of the user stored in the database of the game platform, where the basic information of the user includes a plurality of features, such as ID assigned by the system, machine code, nickname, registration channel, registration time, authentication of real name, and recharge amount; taking the first user as an example, the first similarity value of the first user is 800 in the user groups with the number of members of 500 and the number of members of 800.
Step S102, judging whether the user is a risk behavior user or not at least according to the first similarity value;
it should be noted that the risk behavior user refers to a user who plays wool, or an abnormal user, which is different from a normal user in the game platform.
Through the steps S101 to S102, a plurality of groups of feature combinations having preset numerical item features are extracted from the feature set of the user, and for each group of feature combinations, dividing the users with matched features into the same user group, and taking the member number of the largest user group in a plurality of user groups to which the users belong as the first similarity value of the user, and then can divide the group for the user according to the user characteristic on the platform in real time, and has avoided the user of wool to pretend, confuse the problem of the recognition result on the individual index, judge whether the user is the user of the risk behavior according to the first similarity value confirmed in real time at least, compare with the mode of artificial identification or machine confrontation in the correlation technique, have solved the problem that the correlation technique identifies the abnormal user through the artificial identification or machine rule, all there is low recognition rate, have improved the recognition rate of the user of the risk behavior.
In some embodiments, fig. 2 is a flowchart of a method for determining a risk level of a risk user according to an embodiment of the present application, and as shown in fig. 2, after determining whether a user is a risk user at least according to a first similarity value, the method includes the following steps:
step S201, acquiring multiple preset groups of judgment rules, wherein the multiple groups of judgment rules have priority judgment levels;
step S202, acquiring index data corresponding to the risk behavior users and the judgment rules according to the judgment rules;
step S203, according to the priority judgment level of each group of judgment rules, matching the corresponding index data with a preset threshold value in the judgment rules, and judging the risk behavior level of the risk behavior user according to the matching result;
it should be noted that the determination rule may be a plurality of determination rules made according to the characteristics of users better distinguishing from normal users in wool, and the index data of each risk behavior user obtained according to the determination rule may be as follows: the method comprises the following steps of (1) providing an active day similarity label, nearly 30 login day high similarity times, nearly 30 login day login city number ratio, nearly 30 login day simulator day number ratio, nearly 30 login day reward-brushing number of days ratio, nearly 30 login day similarity high ratio, the number of associated accounts, whether nearly 30 days are silent and back login, nearly one year of recharging amount, nearly one year of profit condition and nearly one year of giving recharging ratio; the number of high similarity times of the last 30 login days refers to the number of times that the first similarity value of the last 30 login days of a certain user is greater than a certain threshold, the number of times that the last 30 login days of the certain user is greater than another threshold, for example, one user, from 23 # to 22 # in month 6, 7, 1 # of the user is determined as a user with high similarity, from 10 # of the user in month 7, the first similarity values of the rest days are relatively small, so that the number of high similarity times of the last 30 login days of the user is 2, and the high similarity ratio of the last 30 login days is 2/login days;
the judgment rule can be a plurality of judgment rules which are made according to the characteristics that the user in wool is better distinguished from the normal user, the priority judgment level of each group of judgment rules is in the following sequence, if the current index data meets the preset threshold value in the judgment rule of the current level, the result is output, if the current index data does not meet the preset threshold value, the judgment is continued according to the judgment rule of the next level, and the plurality of groups of judgment rules with the priority judgment levels are as follows:
1. whether the high similarity times of nearly 30 login days meet the corresponding set threshold value or not and whether the silence logout condition of nearly 30 login days meet the corresponding set threshold value or not are judged as a dangerous-level user if the high similarity times of nearly 30 login days meet the corresponding set threshold value;
2. whether the number of high similarity times of nearly 30 login days meets the corresponding set threshold, whether the high similarity ratio of nearly 30 login days meets the corresponding set threshold, whether the login city number ratio of nearly 30 login days meets the corresponding set threshold, whether the recharge amount of nearly one year meets the corresponding set threshold, and if all the recharge amount of nearly one year meets the corresponding set threshold, judging the user as a dangerous user;
3. whether the high similarity times of nearly 30 login days meet the corresponding set threshold, whether the high similarity ratio of nearly 30 login days meets the corresponding set threshold, whether the ratio of nearly 30 login days easy for rewarding days meets the corresponding set threshold, whether the recharge amount of nearly one year meets the corresponding set threshold, and if all the two are met, judging the user to be a dangerous level user;
4. whether the number of high similarity times of nearly 30 login days meets the corresponding set threshold, whether the high similarity ratio of nearly 30 login days meets the corresponding set threshold, whether the number of days of nearly 30 login days simulator meets the corresponding set threshold, whether the recharge amount of nearly one year meets the corresponding set threshold, and if all the recharge amount of nearly one year meets the corresponding set threshold, judging the user as a dangerous user;
5. whether the number of high similarity times of nearly 30 login days meets the corresponding set threshold, whether the high similarity ratio of nearly 30 login days meets the corresponding set threshold, whether the profit condition of nearly one year meets the corresponding set threshold, whether the charge ratio of nearly one year meets the corresponding set threshold, whether the charge amount of nearly one year meets the corresponding set threshold, and if all the charge amounts meet the corresponding set threshold, the user is judged to be a dangerous level user;
6. whether the profit condition in the last year meets the corresponding set threshold, whether the charge ratio presented in the last year meets the corresponding set threshold, whether the charge amount in the last year meets the corresponding set threshold, whether the number of the associated accounts meets the corresponding set threshold, and if so, judging the account as a dangerous level user;
7. the active day similarity accords with a set threshold value, and the user is judged to be a suspected dangerous-level user;
8. whether the high similarity times of nearly 30 login days meet the corresponding set threshold value or not, and if all the high similarity times meet the set threshold value, the user is judged to be a suspected dangerous-level user;
9. the users who do not accord with the judgment rule are judged as safe users;
it should be noted that the above rules are only examples, and in the specific implementation process, the adjustment and the corresponding modification of the set threshold value can be performed according to the online game of the actual environment; it should be further noted that, after the dangerous behavior user is determined in steps S101 to S102, a plurality of determination rules are formulated based on the characteristics that the dangerous behavior user or the user pulling wool is better distinguished from the normal user, and further the dangerous rating is divided for the dangerous behavior user or the user pulling wool, for example, the above-mentioned division: the game platform comprises three danger levels, namely dangerous level users, suspected dangerous level users and normal users, and the three levels divided by dangerous behavior users are convenient for the working personnel or the identification program of the game platform, and can further take different measures for the dangerous behavior users with different levels.
Through steps S201 to S202, the recent activity data of the risk behavior user is compared with the corresponding set threshold, so as to classify the risk level for the risk behavior user, which is convenient for taking different measures for different risk behavior users according to different risk levels, so as to improve the accuracy of the screened risk behavior users.
In some embodiments, fig. 3 is a flowchart of a method for screening normal users according to value degree according to an embodiment of the present application; as shown in fig. 3, the method comprises the steps of:
step S301, obtaining a preset first value combination, where the first value combination includes each index having a corresponding weight, and the first value combination at least includes: a user recharge item index in a first unit time, a user token variation item index in the first unit time;
it should be noted that the user money charge index in the first unit time of the first value combination may be a money charge amount of several months, the user token variation index in the first unit time of the first value combination may be a token variation of several months, and the first value combination includes at least one of a device model, a related account number, and a mobile phone number, in addition to the user money charge index and the user token variation index in the first unit time, which may be added to the first value combination.
Step S302, obtaining value data of a user according to the first value combination, and determining a first value degree of the user according to the value data and the weight corresponding to the value data;
after the value data of each user is acquired according to the first value combination, data cleaning is firstly carried out, such as filling missing values and setting a maximum and minimum value range, then standardization processing is carried out, and then the first value degree of each user is calculated by using a weighted average method according to the weight value of the user rechargeable item index and the weight value of the user token variable item index.
Step S303, judging whether the user is a normal user or not at least according to the first price degree;
the first value degree score may be 0 to 100 points, for example, users with the first value degree of 36 points or more are excluded, and the users may be directly determined to be safe users.
Through the steps S301 to S302, the value data of the users to the game platform is obtained, the value degree data is processed to determine the first value degree of each user to the game platform, normal users are conveniently removed from dangerous behavior users according to the first value degree, and the probability that the normal players are accidentally injured by the rule setting of the 'one-break' type in the related technology can be effectively reduced.
In some embodiments, fig. 4 is another flowchart of a method for screening normal users according to value degree according to an embodiment of the present application; as shown in fig. 4, the method further comprises the steps of:
step S401, obtaining a preset second value combination, where the second value combination includes: the user recharging index in the second unit time and the user token variation index in the second unit time both have corresponding weights;
it should be noted that the recharge index in the second unit time in the second value combination may be a recharge amount of a few days, and the token change index in the second unit time in the second value combination may be a change of the game currency of a few days, which means that the first value degree is a value generated to the game platform for a long time, and the second value degree is a value generated to the game platform in a recent time.
Step S402, acquiring value data of the user according to the second value combination, and determining a second value degree of the user according to the value data and the weight corresponding to the value data;
judging whether the user is a normal user or not according to at least the first value degree: judging whether the user is a normal user or not according to the first value degree and the second value degree;
it should be noted that after the value data of each user is obtained according to the second value combination, data cleaning is performed first, then normalization processing is performed, and then the second value degree of each user is calculated by using a weighted average method according to the weight value of the token variation index of the user and the weight value of the user recharge index, wherein the second value degree score interval is 0 to 100 points, for example, users with the first value degree of 36 points or more and the second value degree of 41 points or more are excluded, and the users can be directly determined as safe users.
Through the steps S401 to S402, the first value degree and the second value degree of the user are combined, the user with dangerous behaviors is effectively identified, meanwhile, the normal user is effectively eliminated, and the problem that the normal player is accidentally injured by the rule setting of the 'one-break' type in the related technology can be solved.
It should be noted that, the execution sequence of the normal user is screened according to the value degree, and in one case, the execution sequence is screened; after the risk behavior users are determined, normal users can be further deleted from the risk behavior users according to the first value degree and the second value degree of the risk behavior users; the other situation is that: the first value degree and the second value degree of the user can be obtained firstly, and after part of normal users are screened out according to the first value degree and the second value degree, whether the rest users are risk behavior users or not is judged at least according to the first similarity value.
In some embodiments, fig. 5 is a flowchart of a method for obtaining a first similarity value of a user according to an embodiment of the present disclosure; as shown in fig. 5, extracting a plurality of groups of feature combinations having preset numerical value item features in a feature set of a user, for each group of feature combinations, dividing users with feature matching into the same user group to obtain a plurality of user groups, where each user group corresponds to one group of feature combinations, the feature combinations at least include basic information of the user, and taking the membership of the largest user group in the plurality of user groups to which the user belongs as a first similarity value of the user includes the following steps:
step S501, extracting a plurality of groups of feature combinations with preset numerical item features in a feature set of a user; the feature set comprises a plurality of features in basic information, a plurality of features in game behaviors and a plurality of features in login behaviors, and each group of feature combination comprises basic information of a fixed numerical item;
the game behavior is game behavior data calculated according to data generated by the game platform every day, for example, the game behavior includes game duration, game times and the like; the login behavior is login information data stored in the database, for example, the login behavior includes a product number of login, a game number, a version number, a channel, a device platform, whether a simulator is used, and the like, and therefore it can be understood that the feature combination is composed of basic information, game behavior, and feature combinations in the login behavior, for example, each feature combination may be composed of three items of basic information + game behavior + login behavior.
Step S502, for each group of feature combinations, dividing the users with matched features into the same user groups to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, and the feature combinations comprise user basic information, user game behaviors and user login behaviors;
step S503 is to use the member number of the largest user group in the plurality of user groups to which the user belongs as the first similarity value of the user.
Through the above steps S501 to S503, the first similarity values of some users can be accurately determined even if there is some users who disguise on the individual item basic information based on the first similarity values under the combination of the features of the basic information, the play behavior, and the login behavior.
In some embodiments, fig. 6 is another flowchart of a method for obtaining a first similarity value of a user according to an embodiment of the present disclosure; as shown in fig. 6, extracting a plurality of groups of feature combinations having preset numerical value item features in a feature set of a user, for each group of feature combinations, dividing the feature-matched users into the same user groups to obtain a plurality of user groups, where each user group corresponds to one group of feature combinations, the feature combinations at least include basic information of the user, and taking the membership of the largest user group in the plurality of user groups to which the user belongs as a first similarity value of the user includes the following steps:
step S601, extracting a plurality of groups of feature combinations with preset numerical item features in a feature set of a user; the feature set comprises a plurality of features of basic information and a plurality of features of game behaviors;
step S602, for each group of feature combinations, dividing the users with matched features into the same user groups to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, and the feature combinations comprise user basic information and user game behaviors;
step S603, token data corresponding to each user in the same user group is obtained, and the editing times required for converting the token data among the users in the same user group are counted according to the token data;
note that, the token data corresponding to each user refers to token variation data stored in the database, and includes a game number of token variation, a type of token variation, and the like;
it should be further noted that the number of edits required to convert token data between users, that is, the levens distance of change in token data between users, which is one of the edit distances, specifically, the minimum number of edit operations required to convert one character into another between two strings, where the allowed edit operations include replacing one character with another, inserting one character, and deleting one character.
Step S604, deleting the related users with the editing times larger than the preset editing times from the user group, and taking the member number of the largest user group in the user groups to which the users belong as a first similarity value of the users;
the users in wool, i.e. users in dangerous behaviors, generally manipulate a large number of game accounts by using a script, so that the number of times of editing token data between users in wool is relatively small, and the number of times of editing between normal users is relatively large, so that the corresponding users whose number of times of editing is greater than the editing threshold are deleted from the group of users, so as to realize preliminary screening of normal users.
Through the steps S601 to S603, the first similarity value based on the feature combination of the basic information, the game behavior, and the change of the medal is obtained on the basis of removing the normal user with the introduction of the levenstein distance, so that the first similarity value of the user is more accurate.
In some embodiments, fig. 7 is another flowchart of a risk behavior identification method according to an embodiment of the present application, and as shown in fig. 7, the method further includes the following steps:
step S701, acquiring the number of times of activity of a user under each network protocol, wherein each network protocol is used by each user;
each network protocol is IP data recorded when actions such as game, login, exchange and the like stored in the database occur.
Step S702, adding the active times of the users under each network protocol, determining the active times of the network protocols of the users, and taking the active times of the network protocols as a second similarity value, wherein the second similarity value and the first similarity value have corresponding weights;
judging whether the user is a risk behavior user according to at least the first similarity value: carrying out weighted summation on the first similarity value and the second similarity value of the user, determining a similarity coefficient of the user, and judging whether the user is a risk behavior user or not according to the similarity coefficient;
for example, if a user logs in under both IP groups, then his IP similarity is 100+ 200-300, i.e. the second similarity, because all users have a large number of accounts and scripts to log in, the number of times of activation of IP for wool users is especially high, which can reach 1000 or more, and the number of times of activation of IP for normal users is one digit, ten digit, and not more than one hundred digits.
Through the steps of S701 and S702, the similarity coefficient of the user is determined based on the first similarity and the second similarity of the user, and the risk behavior user is judged according to the magnitude of the similarity coefficient, so as to improve the identification rate of the risk behavior user.
In some embodiments, the first similarity value may be obtained based on the user basic information, the user game behavior, and the user login behavior, the second similarity value may be obtained based on the user basic information, the user game behavior, and the user token data, and the third similarity value may be obtained based on the network protocol active times, wherein the first similarity value, the second similarity value, and the third similarity value correspond to weighted values, the first similarity value, the second similarity value, and the third similarity value are normalized and then weighted and summed according to the weighted values of the three, the result of weighted summation is a similarity coefficient of the user, and whether the user is a risk behavior user is determined according to the similarity coefficient, such that when determining whether the user is a risk behavior user, the first similarity value, the second similarity value, and the third similarity value of the user under different feature combinations are comprehensively considered, The second similarity value and the third similarity value are used for improving the identification rate of the dangerous behavior user.
It should be noted that the steps illustrated in the above-described flow diagrams or in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flow diagrams, in some cases, the steps illustrated or described may be performed in an order different than here.
The embodiment also provides a risk behavior identification device, which is used for implementing the above embodiments and preferred embodiments, and the description of the device is omitted. As used hereinafter, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 8 is a block diagram of a risk behavior identification apparatus according to an embodiment of the present application, and as shown in fig. 8, the apparatus includes: an acquisition module 80, a dividing module 81 and a judgment module 82;
an obtaining module 80, configured to extract multiple groups of feature combinations with preset numerical item features in a feature set of a user;
a dividing module 81, configured to divide the users with matched features into the same user groups for each group of feature combinations to obtain multiple user groups, where each user group corresponds to one group of feature combinations, and each feature combination at least includes user basic information; the dividing module is further used for taking the membership of the largest user group in a plurality of user groups to which the user belongs as a first similarity value of the user;
and the judging module 82 is configured to judge whether the user is a risk behavior user at least according to the first similarity value.
In some embodiments, the dividing module 81 and the determining module 82 are further configured to implement the steps in the risk behavior identification method provided in each of the above embodiments, and are not described herein again.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
In one embodiment, a computer device is provided, which may be a terminal. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of risk behaviour identification. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
In an embodiment, fig. 9 is a schematic internal structural diagram of a computer device according to an embodiment of the present application, and as shown in fig. 9, there is provided a computer device, which may be a server, and its internal structural diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of risk behaviour identification.
Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor executes the computer program to implement the steps in the risk behavior identification method provided by the above embodiments.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the steps in the risk behavior identification method provided by the above embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method for risk behavior identification, the method comprising:
extracting a plurality of groups of feature combinations with preset numerical value item features in a feature set of a user, dividing users with matched features into the same user groups for each group of feature combinations to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, the feature combinations at least comprise basic user information, and the membership of the largest user group in the plurality of user groups to which the user belongs is taken as a first similarity value of the user;
and judging whether the user is a risk behavior user or not at least according to the first similarity value.
2. The method according to claim 1, wherein the method further comprises determining whether the user is a risk behavior user according to at least the first similarity value, and then:
acquiring multiple preset groups of judgment rules, wherein the multiple groups of judgment rules have priority judgment levels;
acquiring index data corresponding to the risk behavior users and the judgment rules according to the judgment rules;
and matching the corresponding index data with a preset threshold value in the judgment rule according to the priority judgment level of each group of judgment rules, and judging the risk behavior level of the risk behavior user according to the matching result.
3. The risk behavior identification method of claim 1, further comprising:
acquiring a preset first value combination, wherein the first value combination comprises indexes with corresponding weights, and the first value combination at least comprises the following steps: a user recharge item index in a first unit time, a user token variation item index in the first unit time;
acquiring value data of the user according to the first value combination, and determining a first value degree of the user according to the value data and the weight corresponding to the value data;
and judging whether the user is a normal user or not at least according to the first price degree.
4. The risk behavior identification method of claim 3, further comprising:
acquiring a preset second value combination, wherein the second value combination comprises: the user recharging index in a second unit time and the user token variation index in the second unit time are both provided with corresponding weights;
obtaining value data of the user according to the second value combination, and determining a second value degree of the user according to the value data and the weight corresponding to the value data;
judging whether the user is a normal user or not according to at least the first price degree: and judging whether the user is a normal user or not according to the first value degree and the second value degree.
5. The method according to claim 1, wherein a plurality of groups of feature combinations having features of preset numerical items are extracted from a feature set of a user, for each group of feature combinations, users with matched features are classified into a same user group to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, the feature combinations at least include user basic information, and taking the membership of a largest user group in the plurality of user groups to which the user belongs as the first similarity value of the user comprises:
extracting a plurality of groups of feature combinations with preset numerical item features in a feature set of a user; the feature set comprises a plurality of features in user basic information, a plurality of features in user game behaviors and a plurality of features in user login behaviors, and each group of feature combination comprises basic information of a fixed numerical item;
for each group of feature combinations, dividing users with matched features into the same user groups to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, and each feature combination comprises user basic information, user game behaviors and user login behaviors;
and taking the membership of the largest user group in a plurality of user groups to which the user belongs as the first similarity value of the user.
6. The method according to claim 1, wherein a plurality of groups of feature combinations having features of preset numerical items are extracted from a feature set of a user, for each group of feature combinations, users with matched features are classified into a same user group to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, the feature combinations at least include user basic information, and taking the membership of a largest user group in the plurality of user groups to which the user belongs as the first similarity value of the user comprises:
extracting a plurality of groups of feature combinations with preset numerical item features in a feature set of a user; the feature set comprises a plurality of features in the basic information of the user and a plurality of features in the game behavior of the user;
for each group of feature combinations, dividing users with matched features into the same user group to obtain a plurality of user groups, wherein each user group corresponds to one group of feature combinations, and the feature combinations comprise user basic information and user game behaviors;
obtaining token data corresponding to each user in the same user group, and counting the editing times required for converting the token data among the users in the same user group according to the token data;
and deleting the related users with the editing times larger than the preset editing times from the user group, and taking the member number of the largest user group in the plurality of user groups to which the users belong as the first similarity value of the user.
7. The risk behavior identification method of claim 1, further comprising:
acquiring the number of times of activity of the user under each network protocol, wherein each network protocol is used by each user;
adding the active times of the user under each network protocol, determining the active times of the network protocol of the user, and taking the active times of the network protocol as a second similarity value, wherein the second similarity value and the first similarity value both have corresponding weights;
judging whether the user is a risk behavior user at least according to the first similarity value:
and carrying out weighted summation on the first similarity value and the second similarity value of the user, determining a similarity coefficient of the user, and judging whether the user is a risk behavior user according to the similarity coefficient.
8. An apparatus for risk-of-behavior recognition, the apparatus comprising: the device comprises an acquisition module, a dividing module and a judgment module;
the acquisition module is used for extracting a plurality of groups of feature combinations with preset numerical item features in the feature set of the user;
the dividing module is configured to divide the users with matched features into the same user groups for each group of feature combinations to obtain a plurality of user groups, where each user group corresponds to one group of feature combinations, and each feature combination at least includes user basic information; the dividing module is further configured to use the membership of the largest user group in a plurality of user groups to which the user belongs as a first similarity value of the user;
and the judging module is used for judging whether the user is a risk behavior user or not at least according to the first similarity value.
9. A computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the risk behavior identification method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a risk behaviour identification method according to any one of claims 1 to 7.
CN202010952612.6A 2020-09-11 2020-09-11 Risk behavior identification method and device and computer equipment Pending CN112245930A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010952612.6A CN112245930A (en) 2020-09-11 2020-09-11 Risk behavior identification method and device and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010952612.6A CN112245930A (en) 2020-09-11 2020-09-11 Risk behavior identification method and device and computer equipment

Publications (1)

Publication Number Publication Date
CN112245930A true CN112245930A (en) 2021-01-22

Family

ID=74232265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010952612.6A Pending CN112245930A (en) 2020-09-11 2020-09-11 Risk behavior identification method and device and computer equipment

Country Status (1)

Country Link
CN (1) CN112245930A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102163251A (en) * 2010-02-22 2011-08-24 深圳市腾讯计算机系统有限公司 Method and device for recognizing game cheating
CN106953832A (en) * 2016-01-07 2017-07-14 福建天晴数码有限公司 Handle the method and system of the suspicious account of network game
CN108295476A (en) * 2018-03-06 2018-07-20 网易(杭州)网络有限公司 The method and apparatus for determining abnormal interactive account
CN110339575A (en) * 2018-04-08 2019-10-18 腾讯科技(深圳)有限公司 It practises fraud in a kind of determining online game the method and device of user
CN111259952A (en) * 2020-01-14 2020-06-09 中国平安财产保险股份有限公司 Abnormal user identification method and device, computer equipment and storage medium
CN111298445A (en) * 2020-02-07 2020-06-19 腾讯科技(深圳)有限公司 Target account detection method and device, electronic equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102163251A (en) * 2010-02-22 2011-08-24 深圳市腾讯计算机系统有限公司 Method and device for recognizing game cheating
CN106953832A (en) * 2016-01-07 2017-07-14 福建天晴数码有限公司 Handle the method and system of the suspicious account of network game
CN108295476A (en) * 2018-03-06 2018-07-20 网易(杭州)网络有限公司 The method and apparatus for determining abnormal interactive account
CN110339575A (en) * 2018-04-08 2019-10-18 腾讯科技(深圳)有限公司 It practises fraud in a kind of determining online game the method and device of user
CN111259952A (en) * 2020-01-14 2020-06-09 中国平安财产保险股份有限公司 Abnormal user identification method and device, computer equipment and storage medium
CN111298445A (en) * 2020-02-07 2020-06-19 腾讯科技(深圳)有限公司 Target account detection method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
Lee et al. Game data mining competition on churn prediction and survival analysis using commercial game log data
CN108066987B (en) Distribution method and device of application scene level combination and server
CN110401779A (en) A kind of method, apparatus and computer readable storage medium identifying telephone number
CN109224453B (en) Game supervision method and system, computer equipment and computer-readable storage medium
CN110782333B (en) Equipment risk control method, device, equipment and medium
CN107450957B (en) Game configuration processing method and device, storage medium, processor and terminal
Vaz de Melo et al. Forecasting in the NBA and other team sports: Network effects in action
CN112274925B (en) AI model training method, calling method, server and storage medium
CN111738294B (en) AI model training method, AI model using method, computer device, and storage medium
CN107153584A (en) Method for detecting abnormality and device
CN112669187B (en) Identity recognition method and device, electronic equipment and related products
CN111957047A (en) Checkpoint configuration data adjusting method, computer equipment and storage medium
CN113694537A (en) Control method, device and equipment for game account
CN111401507A (en) Adaptive decision tree fall detection method and system
CN114225426A (en) Game account monitoring method and device, electronic equipment and storage medium
CN110585722A (en) Block chain-based game time information processing method and device and game control method and device
CN112138409B (en) Game result prediction method, device and storage medium
CN103577543B (en) The ranking fraud detection method and ranking fraud detection system of application program
CN112463394A (en) Data screening method based on big data and cloud computing and cloud server
CN112245930A (en) Risk behavior identification method and device and computer equipment
Cavadenti et al. When cyberathletes conceal their game: Clustering confusion matrices to identify avatar aliases
CN113743619A (en) Cheating user identification method and device based on associated network behaviors
Cseh et al. The swiss gambit
Liu et al. Mobile Gamer Modelling and Game Performance Preference Measurement
CN106880944B (en) Game data analysis method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination