CN112583804B - Monitoring management system capable of tracking and evidence obtaining of network illegal behaviors in real time - Google Patents

Abstract

The invention discloses a monitoring management system capable of tracking and collecting evidence of network illegal activities in real time, is used for solving the problem that the prior art can not track and collect evidence of network illegal behaviors in real time, comprises a data acquisition module, a data storage module, a data extraction module, a server, a behavior judgment module, a user login module and a tracking early warning module, the user login information and the user network operation process are collected in real time through the data collection module, the collected information is stored in the storage module, the user online behavior is analyzed through the data extraction module to obtain the user online behavior type, the behavior on the user online is compared and judged through the behavior judgment module, therefore, the corresponding behavior characteristic value is obtained, the illegal crime characteristic value is further obtained through calculation of the behavior characteristic value, and finally the tracking and locking of the user with the crime are carried out through the tracking and early warning module.

Description

Monitoring management system capable of tracking and evidence obtaining of network illegal behaviors in real time

Technical Field

The invention relates to the technical field of network security, in particular to a monitoring management system capable of tracking and obtaining evidence of network illegal behaviors in real time.

Background

The popularity of networking and networking technologies has led to an increasing number of sensitive information, including personal privacy, business data, confidential documents, important instructions, etc., being stored and processed in computer systems connected to public networks; the network illegal crime is a general term for an agent to attack the system or information thereof by means of a network by using a computer technology, destroy or utilize the network to perform other crimes. The system comprises a crime implemented by an agent on a network by using programming, encryption and decoding technologies or tools of the agent, a crime implemented by the agent interactively inside and outside the network by using software instructions, network systems or product encryption and other technologies and legal provisions, and a crime implemented by the agent on the network system by means of residing at a specific position of a network service provider or other methods, but the network illegal criminal behavior is usually difficult to track and obtain evidence.

Disclosure of Invention

The invention aims to provide a monitoring management system capable of tracking and evidence-obtaining network illegal behaviors in real time, which is used for analyzing network behaviors of users and comparing and judging various network operation behaviors of the users through a behavior judgment module to obtain corresponding matching values, correspondingly classifying the users through the matching values, tracking and locking the users with highly suspected criminal behaviors, providing reference for network security management personnel and tracking and evidence-obtaining the criminal behaviors on the network in real time;

the purpose of the invention can be realized by the following technical scheme: a monitoring management system capable of tracking and evidence obtaining of network illegal behaviors in real time comprises a data acquisition module, a data storage module, a data extraction module, a server, a behavior judgment module, a user login module and a tracking and early warning module;

the data acquisition module is used for acquiring user login information and a user network operation process in real time and storing the acquired information in the storage module, and the specific acquisition steps are as follows:

the method comprises the following steps: acquiring user uploading information, and marking the user uploading information as Ai;

step two: acquiring user downloading information, and marking the user downloading information as Bi;

step three: acquiring user network transaction information, and marking the user transaction information as Ci;

step four: acquiring user access information of a user to an accessed website, and marking the user access information as Di;

step five: transmitting the obtained user uploading information Ai, user downloading information Bi, user transaction information Ci and user access information Di to a data extraction module;

the data extraction module reads the obtained customer use information and respectively analyzes the user behaviors, and the specific analysis steps are as follows:

step S1: respectively marking character information, picture information, video information and audio information in the user uploading information Ai as AiW, AiT, AiS and AiY;

step S2: respectively marking character information, picture information, video information and audio information in the user download information Bi as BiW, BiT, BiS and BiY;

step S3: respectively marking the transaction type, the transaction amount, the transaction times and the transaction time in the user transaction information Ci as CiL, CiJ, CiS and CiT;

step S4: marking the access type, the access entry, the access times and the access time in the user access information Ci as DiL, DiR, DiS and DiT respectively;

and transmitting the data obtained by analyzing the data in the steps S1 to S4 to a behavior judgment module, carrying out illegal judgment through the behavior judgment module, and obtaining an illegal criminal characteristic value Fi through the behavior judgment module.

Further, the user login module is used for submitting user information for registration through terminal equipment by a user, and sending the user information with successful registration to the information base for storage, wherein the user information comprises a name, an identification number and a mobile phone number of real-name authentication, and the terminal equipment comprises a mobile phone, a computer and a tablet computer.

Furthermore, the behavior judgment module comprises a character feature comparison unit, a picture feature comparison unit, a video feature comparison unit and an audio feature comparison unit, and is further provided with a transaction judgment unit and an access judgment unit.

Further, the behavior determination module is configured to determine whether the user network behavior belongs to an illegal behavior, and includes the following specific steps:

step P1: respectively comparing AiW, AiT, AiS and AiY in the user uploading information Ai with character feature comparison unit, picture feature comparison unit, video feature comparison unit and audio feature comparison unit in the behavior judgment module, and respectively obtaining corresponding matching values QiWA, QiTA, QiSA and QiYA,

obtaining an upload behavior characteristic value AiQ through a formula AiQ ═ δ (α × QiWA + β × QiTA + γ × QiSA + ∈ QiYA), wherein δ, α, β, γ, and ∈ are all preset proportionality coefficients;

step P2: comparing BiW, BiT, BiS and BiY in the user download information Bi with the character feature comparison unit, the picture feature comparison unit, the video feature comparison unit and the audio feature comparison unit in the behavior judgment module respectively, and obtaining corresponding matching values QiWB, QiTB, QiSB and QiYB respectively, and obtaining a download behavior feature value BiQ through a formula BiQ ═ δ (α ═ QiWB + β ═ QiTB + γ × sb + epsilon ∈ QiYB); the specific matching process is as follows:

the character feature comparison unit comprises the following comparison processes: the word information is matched with the sensitive word bank in the word characteristic comparison unit, and the matching value is higher when the number is larger by matching the same number of the word information with the sensitive words in the sensitive word bank;

the comparison process of the picture characteristic comparison unit is as follows: the image information identifies the sensitive information in the image and the video through an image identification technology based on deep learning, and the more the sensitive information in the image and the video is, the higher the corresponding matching value is;

the comparison process of the audio characteristic comparison unit is as follows: converting the language in the audio information into corresponding text information, matching the text information with a sensitive word bank box in a sensitive word bank, wherein the matching value is higher when the number is larger by matching the same number of the text information with the sensitive words in the sensitive word bank;

step P3: comparing CiL, CiJ, CiS and CiT in the user transaction information Ci with a transaction judgment unit in a behavior judgment module respectively, and obtaining corresponding risk values QiLC, QiJC, QiSC and QiTC respectively, and obtaining a transaction behavior characteristic value CiQ through a formula CiQ ═ delta (alpha × QiLC + beta × QiSC + gamma × QiSC + epsilon × QiTC);

step P4: comparing DiL, DiR, DiS and DiT in the user access information Di with the access determination unit in the behavior determination module, respectively, and obtaining corresponding risk values QiLD, QiRD, QiSD and QiTD, respectively, and obtaining a user access behavior characteristic value DiQ through a formula DiQ ═ δ (α × QiLD + β × QiRD + γ × QiSD + ε × QiTD);

step P5: and substituting AiQ, BiQ, CiQ and DiQ obtained from P1-P4 into a formula Fi lambda (AiQ + BiQ + CiQ + DiQ) to obtain an illegal crime characteristic value Fi, wherein lambda is a correction factor and takes a value of 0.0452673, and comparing the obtained Fi characteristic value with the Mi set by the system.

Further, the tracking and early warning module compares the obtained illegal crime characteristic value Fi with a system setting value Mi, and the specific comparison steps are as follows:

the first step is as follows: when the Fi is less than Mi, the tracking early warning module automatically judges that illegal criminal behaviors do not exist;

the second step is that: when the Fi is larger than or equal to Mi and is not larger than the Fi < ATi, the tracking early warning module sends early warning information to the management center, pushes the matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, marks the user as a class A user, and marks ATi as a system preset threshold value and ATi is larger than Mi;

the third step: when ATi Fi is less than or equal to BTi, the tracking early warning module sends early warning information to a management center, pushes various matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, marks the user as a class B user, and sends a warning to the user;

the fourth step: when Fi is larger than BTi, the tracking early warning module sends out early warning information to a management center, and pushes matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, and simultaneously marks the user as a C-type user, pushes all personal information of the user to the management center, and simultaneously locks an IP address of the user.

Compared with the prior art, the invention has the beneficial effects that:

1. the method comprises the steps that relevant operation contents of a user on the network are screened and classified through a data extraction module, the behavior of the user is judged through a behavior judgment module, the behavior judgment module comprises a character feature comparison unit, a picture feature comparison unit, a video feature comparison unit and an audio feature comparison unit, the behavior judgment module is further provided with a transaction judgment unit and an access judgment unit, the behavior of the user is matched through sub-units in the behavior judgment module, so that corresponding behavior feature values are obtained, all the behavior feature values are calculated through a specific formula, further corresponding illegal crime feature values are obtained, and finally, the illegal crime feature values are compared with feature values set by a system to judge whether the user has illegal crime behaviors;

2. according to the method, the tracking early warning module is arranged, after the behavior of the user is judged through the behavior judging module, various users suspected of containing illegal crime behaviors are classified by the tracking early warning module through the illegal crime characteristic values obtained by the behavior judging module, different supervision measures are executed for the users in different classifications, and the management of network management personnel on the user behaviors on the network can be facilitated.

Drawings

In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.

FIG. 1 is a schematic block diagram of a monitoring management system for tracking and evidence-taking illegal network behaviors in real time according to the present invention;

fig. 2 is a block diagram of a behavior determination module of a monitoring management system capable of tracking and collecting evidence of network illegal behaviors in real time according to the present invention.

Detailed Description

The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, a monitoring and management system capable of tracking and collecting evidence of network illegal activities in real time includes a data acquisition module, a data storage module, a data extraction module, a server, an activity determination module, a user login module, and a tracking and early warning module;

the data acquisition module is used for acquiring user login information and a user network operation process in real time and storing the acquired information in the storage module, and the specific acquisition steps are as follows:

the method comprises the following steps: acquiring user uploading information, and marking the user uploading information as Ai;

step two: acquiring user downloading information, and marking the user downloading information as Bi;

step three: acquiring user network transaction information, and marking the user transaction information as Ci;

step four: acquiring user access information of a user to an accessed website, and marking the user access information as Di;

step five: transmitting the obtained user uploading information Ai, user downloading information Bi, user transaction information Ci and user access information Di to a data extraction module;

the data extraction module reads the obtained customer use information and respectively analyzes the user behaviors, and the specific analysis steps are as follows:

step S1: respectively marking character information, picture information, video information and audio information in the user uploading information Ai as AiW, AiT, AiS and AiY;

step S2: respectively marking character information, picture information, video information and audio information in the user download information Bi as BiW, BiT, BiS and BiY;

step S3: respectively marking the transaction type, the transaction amount, the transaction times and the transaction time in the user transaction information Ci as CiL, CiJ, CiS and CiT;

step S4: marking the access type, the access entry, the access times and the access time in the user access information Ci as DiL, DiR, DiS and DiT respectively;

and transmitting the data obtained by analyzing the data in the steps S1 to S4 to a behavior judgment module, carrying out illegal judgment through the behavior judgment module, and obtaining an illegal criminal characteristic value Fi through the behavior judgment module.

The user login module is used for submitting user information for registration through terminal equipment by a user, and sending the user information which is successfully registered to the information base for storage, wherein the user information comprises a name, an identity card number and a mobile phone number authenticated by a real name, the user information and a user process operation trace are temporarily stored in the data storage module, and the terminal equipment comprises a mobile phone, a computer and a tablet computer.

The behavior judging module comprises a character feature comparing unit, a picture feature comparing unit, a video feature comparing unit and an audio feature comparing unit, the behavior judging module is also provided with a transaction judging unit and an access judging unit, a corresponding sensitive word bank is arranged in the character feature comparing unit, the uploaded or downloaded character information of a user is matched with the sensitive word bank, corresponding comparing features are arranged in the picture feature comparing unit, the video feature comparing unit and the audio feature comparing unit, and corresponding matching values are obtained by comparing whether the character information, the picture information, the video information and the audio information in the user operation contain sensitive information of illegal crimes such as violence, pornography, and crime education and the like; for the transaction behaviors of the user, calculating corresponding user transaction characteristic values for the transaction types, transaction amounts, transaction times and transaction time of the user through a transaction judgment unit, and judging whether illegal criminal behaviors such as illegal transactions or phishing exist in the values; for the access behavior of the user, the access judging unit judges whether the access is normal access or not according to the access type, the access entry, the access times and the access time of the user, for example, if the user does not enter an access page through a normally open access entry during access, the user is judged to be illegal access; the behavior judgment module is used for judging whether the user network behavior belongs to illegal behaviors, and the method specifically comprises the following steps:

step P1: respectively comparing AiW, AiT, AiS and AiY in the user uploading information Ai with character feature comparison units, picture feature comparison units, video feature comparison units and audio feature comparison units in a behavior judgment module, and respectively obtaining corresponding matching values QiWA, QiTA, QiSA and QiYA, and obtaining an uploading behavior feature value AiQ through a formula AiQ ═ δ (α × QiWA + β ═ QiTA + γ × QiSA + ε · QiYA), wherein δ, α, β, γ and ε are all preset proportionality coefficients;

step P2: comparing BiW, BiT, BiS and BiY in the user download information Bi with the character feature comparison unit, the picture feature comparison unit, the video feature comparison unit and the audio feature comparison unit in the behavior judgment module respectively, and obtaining corresponding matching values QiWB, QiTB, QiSB and QiYB respectively, and obtaining a download behavior feature value BiQ through a formula BiQ ═ δ (α ═ QiWB + β ═ QiTB + γ × sb + epsilon ∈ QiYB); the character feature comparison unit comprises the following comparison processes: the word information is matched with the sensitive word bank in the word characteristic comparison unit, and the matching value is higher when the number is larger by matching the same number of the word information with the sensitive words in the sensitive word bank; the specific matching process is as follows:

the comparison process of the picture characteristic comparison unit is as follows: the image information identifies the sensitive information in the image and the video through an image identification technology based on deep learning, and the more the sensitive information in the image and the video is, the higher the corresponding matching value is;

the comparison process of the audio characteristic comparison unit is as follows: converting the language in the audio information into corresponding text information, matching the text information with a sensitive word bank box in a sensitive word bank, wherein the matching value is higher when the number is larger by matching the same number of the text information with the sensitive words in the sensitive word bank;

step P3: comparing CiL, CiJ, CiS and CiT in the user transaction information Ci with a transaction judgment unit in a behavior judgment module respectively, and obtaining corresponding risk values QiLC, QiJC, QiSC and QiTC respectively, and obtaining a transaction behavior characteristic value CiQ through a formula CiQ ═ delta (alpha × QiLC + beta × QiSC + gamma × QiSC + epsilon × QiTC);

step P4: comparing DiL, DiR, DiS and DiT in the user access information Di with the access determination unit in the behavior determination module, respectively, and obtaining corresponding risk values QiLD, QiRD, QiSD and QiTD, respectively, and obtaining a user access behavior characteristic value DiQ through a formula DiQ ═ δ (α × QiLD + β × QiRD + γ × QiSD + ε × QiTD);

step P5: and substituting AiQ, BiQ, CiQ and DiQ obtained from P1-P4 into a formula Fi lambda (AiQ + BiQ + CiQ + DiQ) to obtain an illegal crime characteristic value Fi, wherein lambda is a correction factor and takes a value of 0.0452673, and comparing the obtained Fi characteristic value with the Mi set by the system.

Comparing the acquired illegal crime characteristic value Fi with a system set value Mi in a tracking and early warning module, wherein the specific comparison steps are as follows:

the first step is as follows: when the Fi is less than Mi, the tracking early warning module automatically judges that illegal criminal behaviors do not exist;

the second step is that: when the Fi is larger than or equal to Mi and is not larger than the Fi < ATi, the tracking early warning module sends early warning information to the management center, pushes the matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, marks the user as a class A user, and marks ATi as a system preset threshold value and ATi is larger than Mi;

the third step: when ATi Fi is less than or equal to BTi, the tracking early warning module sends early warning information to a management center, pushes various matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, marks the user as a class B user, and sends a warning to the user;

the fourth step: when Fi is larger than BTi, the tracking early warning module sends out early warning information to a management center, and pushes matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, and simultaneously marks the user as a C-type user, pushes all personal information of the user to the management center, and simultaneously locks an IP address of the user.

The working principle of the invention is as follows: the user login module registers user information, sends the user information which is successfully registered to the information base for storage, simultaneously, an IP address and an online operation trace under the user information are temporarily stored in the data storage module, the online operation behavior of a user can be acquired by the data acquisition module, the operation content of the user is preliminarily classified into uploading information, downloading information, transaction information and access information which are respectively marked as Ai, Bi, Ci and Di, then, the operation content of the user is transmitted to the data extraction module, the operation content of the user is further screened, and therefore character information, picture information, video information and audio information in the uploading information of the user are obtained and are respectively marked as AiW, AiT, AiS and AiY; respectively marking character information, picture information, video information and audio information in the user downloading information as BiW, BiT, BiS and BiY; respectively marking the transaction type, the transaction amount, the transaction times and the transaction time in the user transaction information as CiL, CiJ, CiS and CiT; respectively marking the access type, the access entrance, the access times and the access time in the user access information as DiL, DiR, DiS and DiT, then judging the data obtained in the data extraction module through a behavior judgment module, respectively substituting the data into a formula, further obtaining a user uploading behavior characteristic value AiQ, a user downloading behavior characteristic value BiQ, a user transaction behavior characteristic value CiQ and a user access behavior characteristic value DiQ, substituting the obtained values into a formula Fi lambda (AiQ + BiQ + CiQ + DiQ) to obtain an illegal criminal characteristic value Fi, finally comparing the illegal criminal characteristic value Fi with a system preset value Mi, and when the Fi < Mi, automatically judging that no illegal acts exist through a tracking early warning module; when the Fi is larger than or equal to Mi and is not larger than the Fi < ATi, the tracking early warning module sends early warning information to the management center, pushes the matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, marks the user as a class A user, and marks ATi as a system preset threshold value and ATi is larger than Mi; when ATi Fi is less than or equal to BTi, the tracking early warning module sends early warning information to a management center, pushes various matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, marks the user as a class B user, and sends a warning to the user; when Fi is larger than BTi, the tracking early warning module sends out early warning information to the management center, and pushes various matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, meanwhile, the user is marked as a C-class user, all personal information of the user is pushed to the management center, and meanwhile, an IP address of the user is locked, so that tracking and evidence obtaining of network illegal criminal behaviors are achieved.

The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (1)

1. A monitoring management system capable of tracking and obtaining evidence of network illegal behaviors in real time is characterized by comprising a data acquisition module, a data storage module, a data extraction module, a server, a behavior judgment module, a user login module and a tracking early warning module;

the data acquisition module is used for acquiring user login information and a user network operation process in real time and storing the acquired information in the storage module, and the specific acquisition steps are as follows:

the method comprises the following steps: acquiring user uploading information, and marking the user uploading information as Ai;

step two: acquiring user downloading information, and marking the user downloading information as Bi;

step three: acquiring user network transaction information, and marking the user transaction information as Ci;

step four: acquiring user access information of a user to an accessed website, and marking the user access information as Di;

step five: transmitting the obtained user uploading information Ai, user downloading information Bi, user transaction information Ci and user access information Di to a data extraction module;

the data extraction module reads the obtained customer use information and respectively extracts the information of the user behavior, and the specific analysis steps are as follows:

step S1: respectively marking character information, picture information, video information and audio information in the user uploading information Ai as AiW, AiT, AiS and AiY;

step S2: respectively marking character information, picture information, video information and audio information in the user download information Bi as BiW, BiT, BiS and BiY;

step S3: respectively marking the transaction type, the transaction amount, the transaction times and the transaction time in the user transaction information Ci as CiL, CiJ, CiS and CiT;

step S4: marking the access type, the access entry, the access times and the access time in the user access information Ci as DiL, DiR, DiS and DiT respectively;

transmitting the data analyzed and obtained in the steps S1-S4 in the data extraction module to a behavior judgment module, carrying out illegal judgment through the behavior judgment module, and obtaining an illegal criminal characteristic value Fi through the behavior judgment module; the user login module is used for submitting user information for registration through terminal equipment by a user, and sending the user information which is successfully registered to an information base for storage, wherein the user information comprises a name, an identity card number and a mobile phone number of real-name authentication, and the terminal equipment comprises a mobile phone, a computer and a tablet personal computer; the behavior judging module comprises a character characteristic comparing unit, a picture characteristic comparing unit, a video characteristic comparing unit and an audio characteristic comparing unit, and is also provided with a transaction judging unit and an access judging unit; the behavior judgment module is used for judging whether the user network behavior belongs to illegal behaviors, and specifically comprises the following steps:

step P1: respectively comparing AiW, AiT, AiS and AiY in the user uploading information Ai with character feature comparison units, picture feature comparison units, video feature comparison units and audio feature comparison units in a behavior judgment module, and respectively obtaining corresponding matching values QiWA, QiTA, QiSA and QiYA, and obtaining an uploading behavior feature value AiQ through a formula AiQ ═ δ (α × QiWA + β ═ QiTA + γ × QiSA + ε · QiYA), wherein δ, α, β, γ and ε are all preset proportionality coefficients;

step P2: comparing BiW, BiT, BiS and BiY in the user download information Bi with the character feature comparison unit, the picture feature comparison unit, the video feature comparison unit and the audio feature comparison unit in the behavior judgment module respectively, and obtaining corresponding matching values QiWB, QiTB, QiSB and QiYB respectively, and obtaining a download behavior feature value BiQ through a formula BiQ ═ δ (α ═ QiWB + β ═ QiTB + γ × sb + epsilon ∈ QiYB); the specific matching process is as follows:

the character feature comparison unit comprises the following comparison processes: the word information is matched with the sensitive word bank in the word characteristic comparison unit, and the matching value is higher when the number is larger by matching the same number of the word information with the sensitive words in the sensitive word bank;

the comparison process of the picture characteristic comparison unit is as follows: the image information identifies the sensitive information in the image and the video through an image identification technology based on deep learning, and the more the sensitive information in the image and the video is, the higher the corresponding matching value is;

the comparison process of the audio characteristic comparison unit is as follows: converting the language in the audio information into corresponding text information, matching the text information with a sensitive word bank box in a sensitive word bank, wherein the matching value is higher when the number is larger by matching the same number of the text information with the sensitive words in the sensitive word bank;

step P3: comparing CiL, CiJ, CiS and CiT in the user transaction information Ci with a transaction judgment unit in a behavior judgment module respectively, and obtaining corresponding risk values QiLC, QiJC, QiSC and QiTC respectively, and obtaining a transaction behavior characteristic value CiQ through a formula CiQ ═ delta (alpha × QiLC + beta × QiSC + gamma × QiSC + epsilon × QiTC);

step P4: comparing DiL, DiR, DiS and DiT in the user access information Di with the access determination unit in the behavior determination module, respectively, and obtaining corresponding risk values QiLD, QiRD, QiSD and QiTD, respectively, and obtaining a user access behavior characteristic value DiQ through a formula DiQ ═ δ (α × QiLD + β × QiRD + γ × QiSD + ε × QiTD);

step P5: substituting AiQ, BiQ, CiQ and DiQ obtained from P1-P4 into a formula Fi lambda (AiQ + BiQ + CiQ + DiQ) to obtain an illegal crime characteristic value Fi, wherein lambda is a correction factor and takes a value of 0.0452673, and comparing the obtained Fi characteristic value with a system set to Mi; the tracking early warning module compares the acquired illegal crime characteristic value Fi with a system set value Mi, and the specific comparison steps are as follows:

the first step is as follows: when the Fi is smaller than the Mi, the tracking early warning module automatically judges that illegal criminal behaviors do not exist;

the second step is that: when the Fi is not less than Mi and is not more than Fi less than ATi, the tracking early warning module sends early warning information to the management center, pushes various matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, marks the user as a class A user, and marks ATi as a system preset threshold value and ATi is more than Mi;

the third step: when the Fi is more than ATi and less than or equal to BTi, the tracking early warning module sends early warning information to a management center, pushes various matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, marks the user as a class B user and sends a warning to the user;

the fourth step: when Fi is larger than BTi, the tracking early warning module sends out early warning information to a management center, and pushes matching values of AiQ, BiQ, CiQ and DiQ of the user to the management center, and simultaneously marks the user as a C-type user, pushes all personal information of the user to the management center, and simultaneously locks an IP address of the user.

Images