CN112822680B - False flow identification method, system and computer equipment for user mobile terminal - Google Patents

False flow identification method, system and computer equipment for user mobile terminal Download PDF

Info

Publication number
CN112822680B
CN112822680B CN202110018669.3A CN202110018669A CN112822680B CN 112822680 B CN112822680 B CN 112822680B CN 202110018669 A CN202110018669 A CN 202110018669A CN 112822680 B CN112822680 B CN 112822680B
Authority
CN
China
Prior art keywords
mac address
information
manufacturer
original data
code table
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110018669.3A
Other languages
Chinese (zh)
Other versions
CN112822680A (en
Inventor
王柏鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Minglue Zhaohui Technology Co Ltd
Original Assignee
Beijing Minglue Zhaohui Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Minglue Zhaohui Technology Co Ltd filed Critical Beijing Minglue Zhaohui Technology Co Ltd
Priority to CN202110018669.3A priority Critical patent/CN112822680B/en
Publication of CN112822680A publication Critical patent/CN112822680A/en
Application granted granted Critical
Publication of CN112822680B publication Critical patent/CN112822680B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0241Advertisements
    • G06Q30/0248Avoiding fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0241Advertisements
    • G06Q30/0277Online advertisement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Game Theory and Decision Science (AREA)
  • Signal Processing (AREA)
  • Economics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a false flow identification method, a system and computer equipment of a user mobile terminal, wherein the false flow identification method comprises the following steps: raw data acquisition: acquiring original data; a step of acquiring a MAC address code table: acquiring an MAC address code table; the extraction step: extracting comparison information from the original data; judging: and carrying out false flow identification on the original data according to the comparison information, the MAC address code table and the manufacturer information. The application aims at the judgment of the MAC address manufacturer, the mobile phone model and the operating system, and can increase the identification rate of false flow, thereby helping advertisers/APP operators to save related cost.

Description

False flow identification method, system and computer equipment for user mobile terminal
Technical Field
The application belongs to the field of false flow identification of a user mobile terminal, and particularly relates to a false flow identification method, a false flow identification system and computer equipment of the user mobile terminal.
Background
Brief description of the prior art scheme:
a large amount of information of MAC, machine type and operating system can be collected in data collection scenes such as advertisement monitoring/APP operation. In the prior art, analysis is directly performed according to the data rule in the original log, for example: and accessing the same advertisement or clicking the same advertisement for a plurality of times in the advertisement monitoring data aiming at the same user, and judging whether the user is false traffic or not.
The disadvantage of this solution is:
because the overall volume of the recovered log data is large, and the current rule cannot completely judge all false traffic.
The prior art solution cannot accurately determine whether the device is a real device (e.g., a virtual machine).
Disclosure of Invention
The embodiment of the application provides a false flow identification method, a false flow identification system and computer equipment for a user mobile terminal, which are used for at least solving the problem of subjective factor influence in the related technology.
The application provides a false flow identification method of a user mobile terminal, which comprises the following steps:
raw data acquisition: acquiring original data;
a step of acquiring a MAC address code table: acquiring an MAC address code table;
the extraction step: extracting comparison information from the original data;
judging: and carrying out false flow identification on the original data according to the comparison information, the MAC address code table and the manufacturer information.
The false flow identification method comprises the following steps of: and acquiring the original data comprising the MAC address, the model information and the operating system information in the advertisement monitoring and/or APP operation data collection scene.
The false traffic identification method, wherein the comparison information is at least one of a MAC address, model information and operating system information.
The false traffic identification method, wherein the step of acquiring the MAC address code table comprises the following steps: and acquiring the MAC address code table issued by the registration management mechanism of the IEEE.
The false flow identification method, wherein the judging step comprises the following steps:
the production manufacturer obtains the steps: acquiring a manufacturer according to the MAC address code table and the MAC address, and acquiring manufacturer information according to the manufacturer;
and (3) identification: and judging according to the comparison information, the MAC address code table and the manufacturer information to obtain a judging result of the original data.
The application also comprises a false flow identification system of the user mobile terminal, which comprises:
the system comprises an original data acquisition module, a data processing module and a data processing module, wherein the original data acquisition module acquires original data;
the MAC address code table acquisition module acquires an MAC address code table;
the extraction module is used for extracting comparison information from the original data;
and the judging module judges the original data according to the comparison information, the MAC address code table and the manufacturer information to identify false flow.
According to the false flow identification system, the original data acquisition module acquires the original data comprising the MAC address, the model information and the operating system information in the advertisement monitoring and/or APP operation data collection scene.
In the false traffic identification system, the MAC address code table acquiring module acquires the MAC address code table issued by the registration management authority of IEEE.
The false flow rate identification system is characterized in that the judging module comprises:
the manufacturer acquisition unit acquires the manufacturer according to the MAC address code table and the MAC address, and acquires the manufacturer information according to the manufacturer.
And the identification unit is used for judging according to the comparison information, the MAC address code table and the manufacturer information to obtain a judgment result of the original data.
The application also includes a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the false traffic identification method for the user mobile terminal as described above when executing the computer program.
The application has the beneficial effects that:
according to the scheme, the identification rate of false traffic can be increased by judging the MAC address manufacturer, the mobile phone model and the operating system, so that the advertiser/APP operator is helped to save related cost.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application.
In the drawings:
FIG. 1 is a flow chart of a false traffic identification method for a user mobile terminal;
FIG. 2 is a substep flow chart of step S4 of FIG. 1;
FIG. 3 is a schematic diagram of the false traffic identification system of the user mobile terminal of the present application;
fig. 4 is a frame diagram of a computer device according to an embodiment of the application.
Detailed Description
The present application will be described and illustrated with reference to the accompanying drawings and examples in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. All other embodiments, which can be made by a person of ordinary skill in the art based on the embodiments provided by the present application without making any inventive effort, are intended to fall within the scope of the present application.
It is apparent that the drawings in the following description are only some examples or embodiments of the present application, and it is possible for those of ordinary skill in the art to apply the present application to other similar situations according to these drawings without inventive effort. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the described embodiments of the application can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. The terms "a," "an," "the," and similar referents in the context of the application are not to be construed as limiting the quantity, but rather as singular or plural. The terms "comprising," "including," "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "connected," "coupled," and the like in connection with the present application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as used herein means two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., "a and/or B" may mean: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship. The terms "first," "second," "third," and the like, as used herein, are merely distinguishing between similar objects and not representing a particular ordering of objects.
The present application will be described in detail below with reference to the embodiments shown in the drawings, but it should be understood that the embodiments are not limited to the present application, and functional, method, or structural equivalents and alternatives according to the embodiments are within the scope of protection of the present application by those skilled in the art.
Before explaining the various embodiments of the application in detail, the core inventive concepts of the application are summarized and described in detail by the following examples.
Referring to fig. 1, fig. 1 is a flowchart of a false traffic identification method of a mobile terminal of a user. As shown in fig. 1, the data quality evaluation method according to the present application includes:
raw data acquisition step S1: acquiring original data;
the MAC address code table obtaining step S2: acquiring an MAC address code table;
extraction step S3: extracting comparison information from the original data;
judging step S4: and carrying out false flow identification on the original data according to the comparison information, the MAC address code table and the manufacturer information. The data comprise recommended main body data, material data and behavior data.
Further, the raw data obtaining step includes: and acquiring the original data comprising the MAC address, the model information and the operating system information in the advertisement monitoring and/or APP operation data collection scene.
Further, the comparison information is at least one of a MAC address, model information, and operating system information:
still further, the MAC address code table obtaining step includes: and acquiring the MAC address code table issued by the registration management mechanism of the IEEE.
Referring to fig. 2, fig. 2 is a partial flow chart of step S4 in fig. 1. As shown in fig. 2, the determining step S4 includes:
manufacturer acquisition step S41: acquiring a manufacturer according to the MAC address code table and the MAC address, and acquiring manufacturer information according to the manufacturer;
identification step S42: and judging according to the comparison information, the MAC address code table and the manufacturer information to obtain a judging result of the original data.
The following specific examples illustrate the false traffic identification method of the user mobile terminal according to the present application.
Embodiment one:
the false traffic identification method of the present application is described in detail below with reference to fig. 1-2 in one embodiment. The key points of the application are as follows:
1) Extracting an original MAC address from the original data, and judging the manufacturer of the network card according to an MAC address code table issued by an IEEE registration management mechanism;
2) Comparing the information of the manufacturer with the machine type of the equipment in the original data, and if the machine type does not use the hardware of the manufacturer, considering the data as false flow;
3) And comparing the operating system carried by the mobile phone and applied by the manufacturer of the network card with the operating system information in the original data, and if the operating system information is inconsistent with the operating system information, considering the data as false flow.
Detailed description of the preferred embodiments
Scene:
the current advertisement monitoring data/APP data are filled with a large amount of false traffic, and the false traffic can lead an advertiser/APP operator to pay high advertisement cost/operation cost additionally so as not to achieve the target effect.
The scheme is as follows:
extracting an original MAC address from the original data, judging the manufacturer of the network card according to an MAC address code table issued by an IEEE registration management mechanism, and if the manufacturer can not be judged through the code table, judging the MAC as a fake invalid MAC address, then judging the flow as a fake flow;
comparing the information of the manufacturer with the machine type of the equipment in the original data, and if the machine type does not use the hardware of the manufacturer, considering the data as false flow; for example: the MAC address judges that the manufacturer is Apple, inc. through a code table, the manufacturer can know that the network card is applied to an Apple mobile phone, the model returned in data is a mobile phone P30, and the two models want to conflict, so that the flow is false flow.
Meanwhile, according to the operating system carried by the mobile phone and applied by the manufacturer of the network card, comparing with the operating system information in the original data, and if the operating system information is inconsistent, considering the data as false flow; for example: the MAC address judges that the manufacturer is Apple, inc. through a code table, the manufacturer can know that the network card is applied to an Apple mobile phone, the operating system is an IOS, and the operating system returned in data is android, and the Apple mobile phone and the operating system are in conflict, so that the flow is false.
The existence of false flow makes the advertisement effect, brand safety and other aspects difficult to realize the initial purpose of delivering the advertiser, the delivering effect cannot be scientifically evaluated, the economic loss of the advertiser is directly caused, and the digital advertisement industry suffers from unprecedented trust crisis.
The specific hazard is mainly expressed in that:
(1) the delivery effect cannot be evaluated scientifically, resulting in economic loss for the advertiser.
The existence of false flow makes the advertisement effect, brand safety and other aspects difficult to realize the initial purpose of delivering the advertiser, can cause the increase of the acquisition cost, and directly causes the economic loss of the advertiser.
In addition, due to the fact that the advertisement delivery process has too many intermediate merchants, sub-channels, secondary channels and other complex agent paths, the delivery links are opaque, gray areas for cheating are more and more, and the delivery effect is opaque, so that advertisers cannot scientifically evaluate the input and output.
(2) Resulting in inefficient flow and brand safety.
From the result, the false traffic promotes data such as traffic, downloading, activation and the like, and the virtually increased exposure times are practically worthless for advertisers, cannot promote the number of clients and business opportunities, cannot promote real user retention and real user activity. In addition, some ineffective impressions, such as on pages where the brand is placed negative news, can affect the brand reputation of the enterprise.
(3) The digital advertising industry suffers from unprecedented trust crisis.
Because of poor competition and short-term benefit driving, plus confusion and confusion of advertisers on the marketing effect of digital advertisements, reputation crisis of the advertisers on the data advertisements is caused.
False traffic has undoubtedly become one of the problems of digital marketing headaches in various industries.
1. First, many black technologies are involved in mobile cheating, including the following:
a simulator: blueStacks, andyWin the number of the individual pieces of the plastic,
GenyMotion
spoofer, continuously modifying IP, IMEI, MAC, etc. of the machine
Proxy gateway, modified ISP, IP, UA, device type, etc
Apple: without simulators, simulating mainly by hardware and software
Exciting Traffic (real Traffic), but rate of conversion is poor
2. How to distinguish cheating, the method comprises the following steps:
1. anomaly checking
At the mobile terminal, whether the traffic is the use track of a normal mobile phone can be judged by tracking the history behavior of a certain user identifier, various internet surfing behaviors, advertisement request behaviors and browsing behaviors, especially the use condition of cross media.
2. Automated inspection of APP's advertisement cheating
Through automatically operating APP, analyze APP's advertisement condition: too many advertisements, too small an advertisement size, overlapping advertisements, and so forth.
3. Auditing
Auditing is a traditional anti-fraud method, and is also effective, and is also helpful directly in investigating some brush-volume problems.
Some click occurs on some media (publisher) clicks
The advertising platform/advertiser sends some audit request to the media, confirms the validity of the click previously received (time point, basic information), and then compares.
4. Pseudo-advertisement verification
The advertising platform sends small scale advertisements, such as information cues, which are not intended by the user for Click.
If the click-through rates of these dummy advertisements are still high, as are the other advertisement click-through rates, this indicates that these traffic rates are problematic.
5. Authentication of device ID
On mobile devices, discrimination of device IDs can greatly aid in identifying false traffic. There are two things to confirm, first, the ID is a valid ID and second, the advertisement request is indeed from the device where the ID is located.
The data screened by the thermal cloud data through the funnel model is displayed in a simple and understandable chart form, so that the throwing effect is more intuitively checked for an advertiser. The module is also internally provided with an adjustable cheating rule threshold value, and a client can dynamically adjust screening conditions according to different popularization Apps, popularization regions or channels and other factors, so that the client is helped to rapidly and flexibly screen cheating flow.
The main functional modules that release are:
1. associated cheating analysis (Fraud Click Through Analysis): the activation generated by the cheating clicking is intercepted, the cheating clicking is checked by the conventional anti-cheating rule and the advanced protection rule, and the summarized dimension mainly comprises three types of channel brushing amount, app brushing amount and large clicking.
2. False installation analysis (Fake Install Analysis): by three-dimensional analysis of the multidimensional user behavior data, non-real users are identified, and cheating behaviors such as Android simulators and true machine brushing amounts of equipment factories are included.
3. Click hijack analysis (Click Hijacking Analysis): and detecting whether a spy App or a plug-in sends click robbery reasons before a target popularization App is activated.
4. Android package hijack analysis (Android Install Hijacking Analysis): and (3) analyzing the relevance of the activation package name and channel click, and identifying the hijacking condition of the application market or the cheating channel in the Android package monitoring scene.
5. Attribution type analysis (Attribution Matched Type Analysis): the precise match (attributed by the unique identifier of the device) is distinguished from the fuzzy match (attributed by the IP address, the device name, the device operating system, the device fingerprint information data such as the version number, etc.).
Mtti trend insight (MTTI Trend Insight): click-to-activate mean time distribution insight. The time difference for each set of clicks and activations is shown, and the delayed activation profile at the sub-channel and activity level is observed through the graph.
7. Zombie user analysis (Zombie Users Analysis): a user is identified that does not have any subsequent events after activation.
Embodiment two:
referring to fig. 3, fig. 3 is a schematic diagram of a data quality evaluation system according to the present application. The application also includes a false traffic identification system for a mobile terminal of a user as shown in fig. 3, wherein the false traffic identification system includes:
the system comprises an original data acquisition module, a data processing module and a data processing module, wherein the original data acquisition module acquires original data;
the MAC address code table acquisition module acquires an MAC address code table;
the extraction module is used for extracting comparison information from the original data;
and the judging module judges the original data according to the comparison information, the MAC address code table and the manufacturer information to identify false flow.
The original data acquisition module acquires the original data comprising the MAC address, the machine type information and the operating system information in the advertisement monitoring and/or APP operation data collection scene.
The MAC address code table acquisition module acquires the MAC address code table issued by the registration management mechanism of the IEEE.
Wherein, the judging module includes:
the manufacturer acquisition unit acquires a manufacturer according to the MAC address code table and the MAC address, and acquires the manufacturer information according to the manufacturer;
and the identification unit is used for judging according to the comparison information, the MAC address code table and the manufacturer information to obtain a judgment result of the original data.
Embodiment III:
referring to FIG. 4, this embodiment discloses a specific implementation of a computer device. The computer device may include a processor 81 and a memory 82 storing computer program instructions.
In particular, the processor 81 may comprise a Central Processing Unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, abbreviated as ASIC), or may be configured as one or more integrated circuits that implement embodiments of the present application.
Memory 82 may include, among other things, mass storage for data or instructions. By way of example, and not limitation, memory 82 may comprise a Hard Disk Drive (HDD), floppy Disk Drive, solid state Drive (Solid State Drive, SSD), flash memory, optical Disk, magneto-optical Disk, tape, or universal serial bus (Universal Serial Bus, USB) Drive, or a combination of two or more of the foregoing. The memory 82 may include removable or non-removable (or fixed) media, where appropriate. The memory 82 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 82 is a Non-Volatile (Non-Volatile) memory. In a particular embodiment, the Memory 82 includes Read-Only Memory (ROM) and random access Memory (Random Access Memory, RAM). Where appropriate, the ROM may be a mask-programmed ROM, a programmable ROM (Programmable Read-Only Memory, abbreviated PROM), an erasable PROM (Erasable Programmable Read-Only Memory, abbreviated EPROM), an electrically erasable PROM (Electrically Erasable Programmable Read-Only Memory, abbreviated EEPROM), an electrically rewritable ROM (Electrically Alterable Read-Only Memory, abbreviated EAROM), or a FLASH Memory (FLASH), or a combination of two or more of these. The RAM may be Static Random-Access Memory (SRAM) or dynamic Random-Access Memory (Dynamic Random Access Memory DRAM), where the DRAM may be a fast page mode dynamic Random-Access Memory (Fast Page Mode Dynamic Random Access Memory FPMDRAM), extended data output dynamic Random-Access Memory (Extended Date Out Dynamic Random Access Memory EDODRAM), synchronous dynamic Random-Access Memory (Synchronous Dynamic Random-Access Memory SDRAM), or the like, as appropriate.
Memory 82 may be used to store or cache various data files that need to be processed and/or communicated, as well as possible computer program instructions for execution by processor 81.
The processor 81 reads and executes the computer program instructions stored in the memory 82 to implement any of the false traffic identification methods of the user mobile terminal in the above embodiments.
In some of these embodiments, the computer device may also include a communication interface 83 and a bus 80. As shown in fig. 4, the processor 81, the memory 82, and the communication interface 83 are connected to each other through the bus 80 and perform communication with each other.
The communication interface 83 is used to enable communication between modules, devices, units and/or units in embodiments of the application. Communication port 83 may also enable communication with other components such as: and the external equipment, the image/data acquisition equipment, the database, the external storage, the image/data processing workstation and the like are used for data communication.
Bus 80 includes hardware, software, or both, coupling components of the computer device to each other. Bus 80 includes, but is not limited to, at least one of: data Bus (Data Bus), address Bus (Address Bus), control Bus (Control Bus), expansion Bus (Expansion Bus), local Bus (Local Bus). By way of example, and not limitation, bus 80 may include a graphics acceleration interface (Accelerated Graphics Port), abbreviated AGP, or other graphics Bus, an enhanced industry standard architecture (Extended Industry Standard Architecture, abbreviated EISA) Bus, a Front Side Bus (FSB), a HyperTransport (HT) interconnect, an industry standard architecture (Industry Standard Architecture, ISA) Bus, a wireless bandwidth (InfiniBand) interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a micro channel architecture (Micro Channel Architecture, abbreviated MCa) Bus, a peripheral component interconnect (Peripheral Component Interconnect, abbreviated PCI) Bus, a PCI-Express (PCI-X) Bus, a serial advanced technology attachment (Serial Advanced Technology Attachment, abbreviated SATA) Bus, a video electronics standards association local (Video Electronics Standards Association Local Bus, abbreviated VLB) Bus, or other suitable Bus, or a combination of two or more of the foregoing. Bus 80 may include one or more buses, where appropriate. Although embodiments of the application have been described and illustrated with respect to a particular bus, the application contemplates any suitable bus or interconnect.
The computer device may be based on a false traffic identification method for the user's mobile terminal, thereby implementing the method described in connection with fig. 1-2.
In addition, in combination with the false traffic identification method in the above embodiment, the embodiment of the present application may be implemented by providing a computer readable storage medium. The computer readable storage medium has stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement a false traffic identification method for a user mobile terminal in the above embodiments.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
In summary, the present application provides a false traffic identification method for a user mobile terminal, which can increase the identification rate of false traffic and improve the cost of advertiser/APP operators due to the judgment of MAC address manufacturers, handset models and operating systems.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims (7)

1. A method for identifying false traffic at a mobile terminal of a user, comprising:
raw data acquisition: acquiring original data;
a step of acquiring a MAC address code table: acquiring an MAC address code table;
the extraction step: extracting comparison information from the original data, wherein the comparison information comprises at least one of a MAC address, model information and operating system information;
judging: according to the comparison information, the MAC address code table and manufacturer information, false flow identification is carried out on the original data;
wherein, the judging step comprises the following steps:
the production manufacturer obtains the steps: acquiring a manufacturer according to the MAC address code table and the MAC address, and acquiring manufacturer information according to the manufacturer, wherein if the manufacturer of the network card cannot judge through the MAC address code table, the MAC address is considered to be a fake invalid MAC address, and the original data is judged to be false flow;
and (3) identification: judging according to the comparison information and the manufacturer information to obtain a judgment result of the original data, wherein the manufacturer information is compared with the model information, and if the model does not use the hardware of the manufacturer, the original data can be considered as false flow; and comparing the manufacturer information with the data, and if the manufacturer information is inconsistent with the data, considering the original data as false flow.
2. The false traffic identification method according to claim 1, wherein said raw data acquisition step includes: and acquiring the original data comprising the MAC address, the model information and the operating system information in the advertisement monitoring and/or APP operation data collection scene.
3. The false traffic identification method according to claim 1, wherein the MAC address code table obtaining step includes: and acquiring the MAC address code table issued by the registration management mechanism of the IEEE.
4. A false traffic identification system for a user mobile terminal, comprising:
the system comprises an original data acquisition module, a data processing module and a data processing module, wherein the original data acquisition module acquires original data;
the MAC address code table acquisition module acquires an MAC address code table;
the extraction module is used for extracting comparison information from the original data, wherein the comparison information comprises at least one of MAC address, model information and operating system information;
the judging module judges the original data according to the comparison information, the MAC address code table and the manufacturer information to identify false flow;
wherein, the judging module includes:
the manufacturer acquisition unit acquires a manufacturer according to the MAC address code table and the MAC address, and acquires the manufacturer information according to the manufacturer, wherein if the manufacturer cannot be judged by the MAC address code table, the MAC address is considered to be a fake invalid MAC address, and the original data is judged to be false flow;
the identification unit is used for judging and obtaining a judging result of the original data according to the comparison information and the manufacturer information, wherein the manufacturer information is compared with the model information, and if the model is not used by the manufacturer, the original data can be considered as false flow; and comparing the manufacturer information with the operating system information, and if the manufacturer information is inconsistent with the operating system information, considering the original data as false flow.
5. The false traffic identification system of claim 4, wherein the raw data acquisition module acquires raw data including MAC address, model information, and operating system information in a data collection scenario of advertisement monitoring and/or APP operation.
6. The false traffic identification system of claim 4, wherein said MAC address code table acquisition module acquires said MAC address code table issued by a registration authority of IEEE.
7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements a false traffic identification method of a user mobile terminal according to any of claims 1 to 3 when executing the computer program.
CN202110018669.3A 2021-01-07 2021-01-07 False flow identification method, system and computer equipment for user mobile terminal Active CN112822680B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110018669.3A CN112822680B (en) 2021-01-07 2021-01-07 False flow identification method, system and computer equipment for user mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110018669.3A CN112822680B (en) 2021-01-07 2021-01-07 False flow identification method, system and computer equipment for user mobile terminal

Publications (2)

Publication Number Publication Date
CN112822680A CN112822680A (en) 2021-05-18
CN112822680B true CN112822680B (en) 2023-09-22

Family

ID=75868482

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110018669.3A Active CN112822680B (en) 2021-01-07 2021-01-07 False flow identification method, system and computer equipment for user mobile terminal

Country Status (1)

Country Link
CN (1) CN112822680B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107707509A (en) * 2016-08-08 2018-02-16 阿里巴巴集团控股有限公司 Identify and assist in identifying the method, apparatus and system of false flow
CN108009844A (en) * 2017-11-20 2018-05-08 北京智钥科技有限公司 Determine the method, apparatus and Cloud Server of advertisement cheating
CN111953654A (en) * 2020-07-08 2020-11-17 北京明略昭辉科技有限公司 False flow identification method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170053318A1 (en) * 2015-08-21 2017-02-23 Fluent, Llc Method, system, apparatus and program for serving targeted advertisements and delivering qualified customer records by using real-time demographic, meta and declared data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107707509A (en) * 2016-08-08 2018-02-16 阿里巴巴集团控股有限公司 Identify and assist in identifying the method, apparatus and system of false flow
CN108009844A (en) * 2017-11-20 2018-05-08 北京智钥科技有限公司 Determine the method, apparatus and Cloud Server of advertisement cheating
CN111953654A (en) * 2020-07-08 2020-11-17 北京明略昭辉科技有限公司 False flow identification method and device

Also Published As

Publication number Publication date
CN112822680A (en) 2021-05-18

Similar Documents

Publication Publication Date Title
CN108009844B (en) Method and device for determining advertisement cheating behaviors and cloud server
CN106953832B (en) Method and system for processing online game suspicious account
CN108804908B (en) Equipment fingerprint generation method and device and computing equipment
CN108304426B (en) Identification obtaining method and device
CN110298662B (en) Automatic detection method and device for transaction repeated submission
CN112733045B (en) User behavior analysis method and device and electronic equipment
CN112511459B (en) Traffic identification method and device, electronic equipment and storage medium
CN111353138A (en) Abnormal user identification method and device, electronic equipment and storage medium
CN106998336B (en) Method and device for detecting user in channel
CN112069425A (en) Log management method and device, electronic equipment and readable storage medium
CN111064719B (en) Method and device for detecting abnormal downloading behavior of file
CN112511535A (en) Equipment detection method, device, equipment and storage medium
CN109144831B (en) Method and device for acquiring APP identification rule
CN114157568B (en) Browser secure access method, device, equipment and storage medium
CN110971690A (en) Push message processing method, device and equipment of IOS client
CN112822680B (en) False flow identification method, system and computer equipment for user mobile terminal
CN110943989B (en) Equipment identification method and device, electronic equipment and readable storage medium
CN112507041A (en) Equipment model identification method and device, electronic equipment and storage medium
CN106682516A (en) Detection method, detection device and server of application programs
CN113765850A (en) Internet of things anomaly detection method and device, computing equipment and computer storage medium
CN112488562B (en) Service realization method and device
CN111143644B (en) Identification method and device of Internet of things equipment
CN111385342B (en) Internet of things industry identification method and device, electronic equipment and storage medium
CN113032787A (en) System vulnerability detection method and device
CN112560961A (en) Target identification method and device based on graph clustering, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant