CN113449309B - Terminal security state identification method, device, equipment and medium - Google Patents

Terminal security state identification method, device, equipment and medium Download PDF

Info

Publication number
CN113449309B
CN113449309B CN202110720738.5A CN202110720738A CN113449309B CN 113449309 B CN113449309 B CN 113449309B CN 202110720738 A CN202110720738 A CN 202110720738A CN 113449309 B CN113449309 B CN 113449309B
Authority
CN
China
Prior art keywords
group control
state data
subsets
control state
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110720738.5A
Other languages
Chinese (zh)
Other versions
CN113449309A (en
Inventor
骆昕艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202110720738.5A priority Critical patent/CN113449309B/en
Publication of CN113449309A publication Critical patent/CN113449309A/en
Application granted granted Critical
Publication of CN113449309B publication Critical patent/CN113449309B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Alarm Systems (AREA)

Abstract

The invention relates to the technical field of safety monitoring, and discloses a terminal safety state identification method, which comprises the following steps: acquiring a using state data subset acquired by a user terminal and a plurality of group control state data subsets acquired by a group control terminal; acquiring a lower limit value and an upper limit value of a box diagram constructed by dynamic time warping distances among the group control state data subsets; judging whether the target dynamic time warping distance between the using state data subset and the group control state data subset is smaller than a lower limit value or larger than an upper limit value; calculating the number of target dynamic time warping distances smaller than the lower limit value and larger than the upper limit value; and determining whether the user terminal is in a safe state according to the number. The present invention also relates to blockchain techniques in which a usage state data set may be stored in a blockchain node. The invention also provides a terminal security state identification device, equipment and a computer readable storage medium. The invention can improve the accuracy of identifying the safety state of the terminal.

Description

Terminal security state identification method, device, equipment and medium
Technical Field
The present invention relates to the field of security monitoring technologies, and in particular, to a method and apparatus for identifying a security state of a terminal, an electronic device, and a computer readable storage medium.
Background
In order to prevent the security risk caused by batch operation of the terminals by the group control software, some technical methods have been known in the prior art to identify whether the terminals are in a secure state. For example, the judgment is performed by a habitual event such as an operation of a user accessing the app and a transaction behavior, or by an environmental attribute such as a user location, wifi, a network, or by a verification means such as a password, a fingerprint, a face, or the like.
However, these identification means have several drawbacks in the prior art. First, these punctiform and loose information are easily simulated and counterfeited, which can lead to certain erroneous decisions. For example, the app page access path is limited by product design, path nodes passing from A to B are limited and are easy to enumerate, and the misjudgment rate of the terminal security state is increased. For another example, single point information such as a position, an environment and the like is easy to forge by simulation program software, so that a wind control tool is difficult to identify. And thirdly, authentication means such as passwords, fingerprints, faces and the like are required to be matched and input by a user, so that the user experience is poor. In addition, verification is usually requested only in important events such as login and transaction, the operation behavior after verification is passed cannot be continuously identified, and the identification sustainability is low, so that the identification misjudgment rate is reduced. In summary, in the prior art, the accuracy of identifying the security state of the terminal is not high.
Disclosure of Invention
The invention provides a terminal safety state identification method, a terminal safety state identification device, electronic equipment and a computer readable storage medium, and aims to improve accuracy of identifying the terminal safety state of a terminal.
In order to achieve the above object, the present invention provides a terminal security state identification method, including:
acquiring a use state data set acquired by a sensor of a user terminal, wherein the use state data set comprises a plurality of use state data subsets with different time sequences;
acquiring a plurality of group control state data subsets acquired by a sensor of a group control terminal;
calculating target dynamic time warping distances between a plurality of using state data subsets and a plurality of group control state data subsets respectively;
acquiring a lower limit value and an upper limit value of a box diagram constructed by dynamic time warping distances among the plurality of group control state data subsets;
judging whether the target dynamic time warping distances are smaller than the lower limit value or larger than the upper limit value;
calculating a first number of target dynamic time warping distances smaller than the lower limit value and a second number of target dynamic time warping distances larger than the upper limit value according to the judging result;
If the sum of the first quantity and the second quantity is larger than a preset quantity, determining that the user terminal is in a safe state;
and if the first number and the second number are smaller than the preset number, determining that the user terminal is in an unsafe state.
Optionally, the obtaining a lower limit value and an upper limit value of a box graph constructed by dynamic time warping distances among the plurality of group control state data subsets includes:
extracting a preset number of group control state data subsets from a plurality of group control state data subsets, and storing the preset number of group control state data subsets in the same data structure in a grouping way;
calculating dynamic time warping distances among a plurality of group control state data subsets stored in the same positions in different groups of data structures;
generating a box diagram according to the calculated dynamic time warping distances, and calculating an upper limit value and a lower limit value of the box diagram.
Optionally, the extracting a preset number of subsets of group control state data from the plurality of subsets of group control state data includes:
judging whether repeated data exist in a plurality of group control state data subsets or not;
and if the repeated data exists in the group control state data subsets, extracting a preset number of group control state data subsets containing the repeated data from a plurality of group control state data subsets.
Optionally, before extracting a preset number of group control state data subsets from the plurality of group control state data subsets, the method further includes:
identifying whether null data is present in a plurality of said subsets of group control state data;
and if the group control state data subset has null data, deleting the group control state data subset with null data.
Optionally, the extracting a preset number of subsets of group control state data including repeated data from a plurality of subsets of group control state data includes:
a preset number of subsets of group control state data comprising repeated data is extracted from a plurality of said subsets of group control state data in a downsampled manner.
Optionally, before the acquiring the usage state data set acquired by the sensor of the user terminal, the method further includes:
monitoring whether the use position of the user terminal is out of a preset range, and executing the operation of acquiring the use state data set acquired by the sensor of the user terminal when the use position of the user terminal is out of the preset range; or alternatively
And monitoring whether the connection network of the user terminal is a non-preset network, and executing the operation of acquiring the use state data set acquired by the sensor of the user terminal when the connection network of the user terminal is the non-preset network.
Optionally, the sensor is an acceleration sensor.
In order to solve the above problems, the present invention also provides a terminal security status identifying device, the device comprising:
the user terminal data acquisition module is used for acquiring a use state data set acquired by a sensor of the user terminal, wherein the use state data set comprises a plurality of use state data subsets with different time sequences;
the group control terminal data acquisition module is used for acquiring a plurality of group control state data subsets acquired by a sensor of the group control terminal;
a first calculation module, configured to calculate target dynamic time warping distances between a plurality of the usage state data subsets and a plurality of the group control state data subsets, respectively;
the box diagram characteristic value acquisition module is used for acquiring a lower limit value and an upper limit value of a box diagram constructed by dynamic time warping distances among the plurality of group control state data subsets;
the judging module is used for judging whether the plurality of target dynamic time warping distances are smaller than the lower limit value or larger than the upper limit value;
the second calculation module is used for calculating a first quantity of target dynamic time warping distances smaller than the lower limit value and a second quantity of target dynamic time warping distances larger than the upper limit value according to the judgment result;
A first determining module, configured to determine that the user terminal is in a security state if the sum of the first number and the second number is greater than a preset number;
and the second determining module is used for determining that the user terminal is in a non-safety state if the first number and the second number are smaller than the preset number.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the terminal security state identification method as described above.
In order to solve the above-mentioned problems, the present invention also provides a computer-readable storage medium including a storage data area storing created data and a storage program area storing a computer program; wherein the computer program, when executed by a processor, implements the terminal security state identification method as described above.
In the embodiment of the invention, the target dynamic time regular distance between a plurality of using state data subsets and a plurality of group control state data subsets pre-acquired by the sensor of the group control terminal is calculated, so that the similarity of the using state data subsets acquired by the sensor of the user terminal and the group control state data acquired by the group control terminal on the time sequence can be determined; judging whether the dynamic time warping distances of the targets are smaller than the lower limit value or larger than the upper limit value of a box diagram constructed by the dynamic time warping distances among the group control state data subsets; calculating a first number of target dynamic time warping distances smaller than the lower limit value and a second number of target dynamic time warping distances larger than the upper limit value according to the judging result, and determining the number of dissimilar use state data subsets and group control state data in time sequence; because the number of dissimilarities is large, the possibility that the user terminal is a group control terminal is low, and the possibility that the user terminal is a group control terminal is high, the user terminal can be determined whether to be a group control terminal or not and further whether to be in a safety state or not directly according to whether the sum of the first number and the second number is larger than the preset number.
In this embodiment, the state data of a plurality of time sequences collected by the sensor is judged, so that the diversity and complexity of the data are increased, the data for identification are difficult to simulate and forge, the real safety state of the user terminal can be identified through the data which are difficult to simulate and forge, the identification accuracy is high, meanwhile, the data collected by the sensor of the user terminal in this embodiment are judged, user interaction is not needed, and the data can be collected in real time, so that the data collection has high sustainability, and the problem of reduced identification accuracy caused by low sustainability of identification is avoided. In summary, the embodiment of the invention can realize the purpose of improving the accuracy of identifying the terminal safety state of the terminal.
Drawings
Fig. 1 is a flow chart of a method for identifying a security state of a terminal according to an embodiment of the present invention;
FIG. 2 is an exemplary diagram of storing a plurality of group control state data subset packets in the same data structure;
fig. 3 is a schematic block diagram of a terminal security status recognition device according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an internal structure of an electronic device for implementing a terminal security status recognition method according to an embodiment of the present invention;
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The embodiment of the application provides a terminal security state identification method. The execution body of the terminal security state identification method includes, but is not limited to, at least one of a server, a terminal and the like capable of being configured to execute the method provided by the embodiment of the application. In other words, the terminal security state identification method may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Referring to fig. 1, a flow chart of a terminal security status recognition method according to an embodiment of the present application is shown. In this embodiment, the method for identifying the security state of the terminal includes:
s110, acquiring a use state data set acquired by a sensor of the user terminal, wherein the use state data set comprises a plurality of use state data subsets with different time sequences.
In this embodiment, the user terminal is a terminal used by a user, and specifically, the user terminal is a portable terminal in which software is installed and run. For example, the user terminal is an electronic device such as a mobile phone, a tablet, a smart watch, etc.
In this embodiment, the data in the state data subset is used as a series of chronologically arranged state data acquired in each time period.
For example, when the user terminal performs one or more operations, in three periods A, B, C, the data collected by the sensors built in the user terminal are (a 1, a2, a3, a4, a 5), (b 1, b2, b3, b4, b 5), (c 1, c2, c3, c4, c 5), wherein each data (e.g., a1 to a 5) is data collected by the built-in sensors at different times, there are 3 subsets of usage status data, and the usage status data sets are { (a 1, a2, a3, a4, a 5), (b 1, b2, b3, b4, b 5), (c 1, c2, c3, c4, c 5) }.
In this embodiment, the sensor may be a gyroscope, magnetometer, etc. of the terminal.
Preferably, the sensor is an acceleration sensor.
When the usage state data set contains data acquired by the acceleration sensor, each usage state data contained in the usage state data set is data in 3 dimension directions, namely each data contains data in x, y and z directions.
For example, a subset of the time series of usage data collected by the acceleration sensor is: "-0.22337:3.09621:9.09048, -0.22337:3.09621:9.09048, -0.22337:3.09621:9.09048, -0.22337:3.09621:9.09048".
When the sensor is an acceleration sensor, a1 is [ a1 ] x ,a1 y ,a1 z ]Then the usage status dataset is { ([ a 1) x ,a1 y ,a1 z ],…,[a5 x ,a5 y ,a5 z ]),([b1 x ,b1 y ,b1 z ],…,[b5 x ,b5 y ,b5 z ]),([c1 x ,c1 y ,c1 z ],…,[c5 x ,c5 y ,c5 z ])}。
In this embodiment, when the sensor is an acceleration sensor, data of different dimensions may be acquired at the same time, so that complexity of data features and complexity of time may be improved.
Optionally, the plurality of different time sequences are a plurality of different time sequences collected in a preset time after the target application software in the user terminal is started, and the usage state data set includes a usage state data subset of a plurality of different time sequences collected in a preset time after the target application software is started.
Alternatively, the target application software may be application software with a high security level.
Specifically, the security level of the application software may be preset or determined according to the type of the application software.
For example, the target application software is an online banking application software, or the target application software is an online payment application software, or the target application software is a chat application software.
In other alternative embodiments, the plurality of different time sequences are a plurality of different time sequences of a plurality of different time periods after the target application software in the user terminal is started.
In this embodiment, the acquired usage state data set includes a plurality of data of different time sequences of a plurality of different time periods after the target application software is started, so the acquired data is more comprehensive.
Preferably, before the acquiring the usage state data set acquired by the sensor of the user terminal, the method further includes:
monitoring whether the use position of the user terminal is out of a preset range, and executing the operation of acquiring the use state data set acquired by the sensor of the user terminal when the use position of the user terminal is out of the preset range; or alternatively
And monitoring whether the connection network of the user terminal is a non-preset network, and executing the operation of acquiring the use state data set acquired by the sensor of the user terminal when the connection network of the user terminal is the non-preset network.
In this embodiment, the preset range may be a preset user common range, for example, a preset range is a place where the user uses his home, his school, his office, etc. Specifically, the use position of the user terminal can be obtained through the GPS, and whether the use position of the user terminal is out of a preset range or not is further judged.
In this embodiment, the preset network is a preset user common network, for example, a wifi network to which a user terminal is commonly connected.
In this embodiment, data is collected when the ue is in a possibly dangerous state, so that the consumption of computing resources is reduced under the condition of improving the security of the ue.
S120, acquiring a plurality of group control state data subsets acquired by the sensors of the group control terminal.
In this embodiment, the group control terminal is the same type of terminal as the user terminal, and the group control terminal installs and runs group control software, for example, the user terminal is a smart phone, and the group control terminal is a smart phone that installs and runs group control software; or the user terminal is an intelligent watch, and the group control terminal is an intelligent watch for installing and running group control software. And, the number of group control terminals may be one or at least two.
In this embodiment, the type of sensor of the group control terminal is also the same as the type of sensor of the user terminal, for example, the sensor of the user terminal is an acceleration sensor, and the sensor of the group control terminal is also an acceleration sensor.
In this embodiment, the data in the group control status data subset is similar to the data in the usage status data subset described above, and will not be described herein.
In this embodiment, the plurality of subsets of group control state data may also be data collected during one or more time periods after a certain application software in the group control terminal (such as an application software that is the same as or similar to a target application software in the user terminal) is started.
S130, calculating target dynamic time warping distances between a plurality of using state data subsets and a plurality of group control state data subsets respectively.
In this embodiment, the dynamic time warping distance is obtained by a dynamic time warping algorithm, which is an algorithm for calculating the distance between time sequences.
User_Dist dtw =D(User sequence ,Baseline_Pool sequence )
Wherein User sequence For a certain subset of usage status data acquired by the sensor of the user terminal, baseline_pool sequence And a certain group control state data subset collected for the group control terminal.
In this embodiment, the similarity between the usage status data collected by the user terminal and the group control status data collected by the group control terminal may be embodied by calculating the dynamic time warping distance.
S140, obtaining a lower limit value and an upper limit value of a box diagram constructed by dynamic time warping distances among the plurality of group control state data subsets.
In this embodiment, the box plot, also called box plot, is a statistical plot of a shape such as a box.
Preferably, the obtaining a lower limit value and an upper limit value of a box graph constructed by dynamic time warping distances among the plurality of group control state data subsets includes:
extracting a preset number of group control state data subsets from a plurality of group control state data subsets, and storing the preset number of group control state data subsets in the same data structure in a grouping way;
calculating dynamic time warping distances among a plurality of group control state data subsets stored in the same positions in different groups of data structures;
generating a box diagram according to the calculated dynamic time warping distances, and calculating an upper limit value and a lower limit value of the box diagram.
In this embodiment, the preset number is preset, for example, the preset number may be one half of the number of the group control state data subsets.
In this embodiment, a preset number of subsets of group control state data may be extracted from the plurality of subsets of group control state data by means of random sampling.
Preferably, the extracting a preset number of subsets of group control state data from a plurality of subsets of group control state data includes:
judging whether repeated data exist in a plurality of group control state data subsets or not;
And if the repeated data exists in the group control state data subsets, extracting a preset number of group control state data subsets containing the repeated data from a plurality of group control state data subsets.
In this embodiment, when there is duplicate data, the feature of duplicate data is not performed, but the feature of duplicate data is improved, so that the diversity of the data features is improved.
Preferably, the extracting a preset number of subsets of group control state data including repeated data from a plurality of subsets of group control state data includes:
a preset number of subsets of group control state data comprising repeated data is extracted from a plurality of said subsets of group control state data in a downsampled manner.
In this embodiment, the downsampling is to collect data in a manner of reducing the sampling frequency, so that the data sampling points can be reduced, and the operation time can be reduced.
Preferably, before the extracting a preset number of subsets of group control state data from the plurality of subsets of group control state data, the method further includes:
identifying whether null data is present in a plurality of said subsets of group control state data;
and if the group control state data subset has null data, deleting the group control state data subset with null data.
In this embodiment, the preprocessing of empty data inspection is performed on the subset of group control state data, and the unavailable data is deleted, so as to improve the availability of the extracted data.
In this embodiment, the data structure may be a data structure in the form of data, matrix, or the like.
Referring to fig. 2, fig. 2 is an exemplary diagram of storing a plurality of group control state data subset packets in the same data structure.
As shown in fig. 2, a plurality of subsets of group control state data extracted from the group control state data set are grouped and stored in j arrays shown in fig. 2, j is equal to 5,i and k is equal to or greater than 10 and is equal to or less than 20, that is, the plurality of subsets of group control state data extracted are respectively stored in five arrays (groups 1 to group 5), the five arrays form a reference Pool (base Pool), in each group, each node is the group control state data collected by the sensor, for example, each node is the data containing [ x, y, z ] collected by the acceleration sensor, and each time sequence of group control state data is in each group.
In this embodiment, the dynamic time warping distance between the group control state data subset stored in each position in each data structure and the group control state data subset stored in the same position in other data structures may be calculated, that is, calculated:
Dist dtw =D(Group J _Row k ,Group J′ _Row k ) And there is a Group J andGroup J′ ∈Group_j, J' > J), where J represents the group and k represents the line number.
Referring to FIG. 2, group_j is the Group in FIG. 2, i.e., group J And Grooup J′ Belonging to any Group in FIG. 2, e.g. computing a Group 1 First Row (row_1) and Group 2 A dynamic time warping distance of the first Row (row_1); drop and loop 2 First Row (row_1) and Group 3 A dynamic time warping distance of the first Row (row_1); drop and loop 1 First Row (row_2) and Group 2 And so on, to obtain a plurality of dynamic time warping distances.
Specifically, the calculation can be performed by a dynamic time warping algorithm formula:
where n denotes a time series of length n, m denotes a time series of length m, and D (n, m) denotes a normalized path distance, i.e., a dynamic time warping distance, between the time series of length n.
In this embodiment, the similarity between two time sequences collected by the group control terminal may be reflected by calculating the dynamic time warping distance.
In this embodiment, the obtained multiple dynamic time warping distances may form a List list_Dist dtw . For List_Dist dtw List ascending order, determining a box diagram and an upper limit value and a lower limit value of the box diagram through a box diagram method.
Specifically, the calculation steps of the upper limit value and the lower limit value of the box diagram are as follows:
(1) Calculating an upper quartile (Q3) and a lower quartile (Q1);
(2) Calculating a difference between the upper quartile and the lower quartile, i.e., a quartile difference iqr=q3-Q1;
(3) The upper limit value of the box diagram obtained by the calculation is as follows: q3+1.5×iqr;
(4) The lower limit value of the box diagram obtained by the calculation is as follows: q1-1.5 iqr.
S150, judging whether the target dynamic time warping distances are smaller than the lower limit value or larger than the upper limit value.
In this embodiment, it is determined whether the target dynamic time warping distance is smaller than the lower limit value of the box diagram or larger than the upper limit value of the box diagram, that is, whether the target dynamic time warping distance is within the range of the box diagram.
S160, calculating a first quantity of target dynamic time warping distances smaller than the lower limit value and a second quantity of target dynamic time warping distances larger than the upper limit value according to the judging result.
In this embodiment, when the target dynamic time warping distance is not within the upper and lower limits of the box diagram, it may be noted as 1, and when the target dynamic time warping distance is within the upper and lower limits of the box diagram, it may be noted as 0, and the first number and the second number may be determined according to the numbers of 1 and 0.
Namely:
wherein list_Dist dtw_lowerlimit List_dist as the lower limit of the box diagram dtw_upperlimit The upper limit value of the box diagram.
S170, if the sum of the first quantity and the second quantity is larger than a preset quantity, determining that the user terminal is in a safe state.
And S180, if the first number and the second number are smaller than the preset number, determining that the user terminal is in an unsafe state.
In this embodiment, the preset number may be preset.
Further, in this embodiment, the preset number may be determined according to the number of the target dynamic time warping distances. For example, when the number of the target dynamic regular distances is 50 and the preset number is 40, if the number of the target dynamic regular distances is not more than 40 in the upper and lower limit ranges of the box diagram, determining that the user terminal is in a safe state; when the target dynamic time regular distances in the upper limit range and the lower limit range of the box diagram are not more than 40, the fact that most of the target dynamic time regular distances are in the box diagram range is indicated, at the moment, the use states of the user terminal and the group control terminal are very similar, and the user terminal is determined to be in an unsafe state.
In this embodiment, the target dynamic time warping distance may measure the similarity between the time sequence in the user terminal and the time sequence of the group control terminal, when the target dynamic time warping distance is between the upper limit and the lower limit of the box diagram, it indicates that the time sequence data of the user terminal when running is similar to the time sequence data of the group control terminal, when the similar time sequence data is more, it indicates that the user terminal has group control software in a large probability, and when the user terminal is not in a state of user operation, the user terminal has security risk at this time.
Further, in this embodiment, after the determining that the ue is in the unsafe state, the method further includes:
starting the security software of the user terminal; or alternatively
Sending a message reminder to a user of the user terminal; or alternatively
And prohibiting the user terminal from running the application software of the target type.
In this embodiment, when the user terminal is in an unsafe state, corresponding operations are adopted to perform safety protection, which is beneficial to improving the safety of the user terminal.
In the embodiment, the time sequence data of the sensor is converted into the characteristic variable by using a dynamic time warping algorithm, so that the processing of two time sequences with different lengths is more flexible than that of the traditional method, and the robustness is improved; in addition, interaction with a user is not needed in the embodiment, the user can almost acquire the information at any time under the condition that the user does not feel, the user experience is better, the sustainable detection time is long, and the problem of inaccurate identification caused by short detection time is avoided.
In the embodiment of the invention, the target dynamic time regular distance between a plurality of using state data subsets and a plurality of group control state data subsets pre-acquired by the sensor of the group control terminal is calculated, so that the similarity of the using state data subsets acquired by the sensor of the user terminal and the group control state data acquired by the group control terminal on the time sequence can be determined; judging whether the dynamic time warping distances of the targets are smaller than the lower limit value or larger than the upper limit value of a box diagram constructed by the dynamic time warping distances among the group control state data subsets; calculating a first number of target dynamic time warping distances smaller than the lower limit value and a second number of target dynamic time warping distances larger than the upper limit value according to the judging result, and determining the number of dissimilar use state data subsets and group control state data in time sequence; because the number of dissimilarities is large, the possibility that the user terminal is a group control terminal is low, and the possibility that the user terminal is a group control terminal is high, the user terminal can be determined whether to be a group control terminal or not and further whether to be in a safety state or not directly according to whether the sum of the first number and the second number is larger than the preset number.
In this embodiment, the state data of a plurality of time sequences collected by the sensor is judged, so that the diversity and complexity of the data are increased, the data for identification are difficult to simulate and forge, the real safety state of the user terminal can be identified through the data which are difficult to simulate and forge, the identification accuracy is high, meanwhile, the data collected by the sensor of the user terminal in this embodiment are judged, user interaction is not needed, and the data can be collected in real time, so that the data collection has high sustainability, and the problem of reduced identification accuracy caused by low sustainability of identification is avoided. In summary, the embodiment of the invention can realize the purpose of improving the accuracy of identifying the terminal safety state of the terminal.
Fig. 3 is a schematic block diagram of a terminal security status recognition device according to the present invention.
The terminal security state recognition device 300 of the present invention may be installed in an electronic apparatus. Depending on the implemented functions, the terminal security state identifying device may include a user terminal data acquiring module 301, a group control terminal data acquiring module 302, a first calculating module 303, a box diagram feature value acquiring module 304, a judging module 305, a second calculating module 306, a first determining module 307, and a second determining module 308. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the user terminal data acquisition module 301 is configured to acquire a usage status data set acquired by a sensor of the user terminal, where the usage status data set includes a plurality of usage status data subsets with different time sequences.
In this embodiment, the user terminal is a terminal used by a user, and specifically, the user terminal is a portable terminal in which software is installed and run. For example, the user terminal is an electronic device such as a mobile phone, a tablet, a smart watch, etc.
In this embodiment, the data in the state data subset is used as a series of chronologically arranged state data acquired in each time period.
For example, when the user terminal performs one or more operations, in three periods A, B, C, the data collected by the sensors built in the user terminal are (a 1, a2, a3, a4, a 5), (b 1, b2, b3, b4, b 5), (c 1, c2, c3, c4, c 5), wherein each data (e.g., a1 to a 5) is data collected by the built-in sensors at different times, there are 3 subsets of usage status data, and the usage status data sets are { (a 1, a2, a3, a4, a 5), (b 1, b2, b3, b4, b 5), (c 1, c2, c3, c4, c 5) }.
In this embodiment, the sensor may be a gyroscope, magnetometer, etc. of the terminal.
Preferably, the sensor is an acceleration sensor.
When the usage state data set contains data acquired by the acceleration sensor, each usage state data contained in the usage state data set is data in 3 dimension directions, namely each data contains data in x, y and z directions.
For example, a subset of the time series of usage data collected by the acceleration sensor is: "-0.22337:3.09621:9.09048, -0.22337:3.09621:9.09048, -0.22337:3.09621:9.09048, -0.22337:3.09621:9.09048".
When the sensor is an acceleration sensor, a1 is [ a1 ] x ,a1 y ,a1 z ]Then the usage status dataset is { ([ a 1) x ,a1 y ,a1 z ],…,[a5 x ,a5 y ,a5 z ]),([b1 x ,b1 y ,b1 z ],…,[b5 x ,b5 y ,b5 z ]),([c1 x ,c1 y ,c1 z ],…,[c5 x ,c5 y ,c5 z ])}。
In this embodiment, when the sensor is an acceleration sensor, data of different dimensions may be acquired at the same time, so that complexity of data features and complexity of time may be improved.
Optionally, the plurality of different time sequences are a plurality of different time sequences collected in a preset time after the target application software in the user terminal is started, and the usage state data set includes a usage state data subset of a plurality of different time sequences collected in a preset time after the target application software is started.
Alternatively, the target application software may be application software with a high security level.
Specifically, the security level of the application software may be preset or determined according to the type of the application software.
For example, the target application software is an online banking application software, or the target application software is an online payment application software, or the target application software is a chat application software.
In other alternative embodiments, the plurality of different time sequences are a plurality of different time sequences of a plurality of different time periods after the target application software in the user terminal is started.
In this embodiment, the acquired usage state data set includes a plurality of data of different time sequences of a plurality of different time periods after the target application software is started, so the acquired data is more comprehensive.
Preferably, the terminal security state identification device further includes a trigger module, where the trigger module is configured to:
before acquiring a use state data set acquired by a sensor of a user terminal, monitoring whether the use position of the user terminal is out of a preset range, and triggering a data acquisition module to acquire the use state data set acquired by the sensor of the user terminal when the use position of the user terminal is out of the preset range; or alternatively
And monitoring whether the connection network of the user terminal is a non-preset network, and triggering a data acquisition module to acquire a use state data set acquired by a sensor of the user terminal when the connection network of the user terminal is the non-preset network.
In this embodiment, the preset range may be a preset user common range, for example, a preset range is a place where the user uses his home, his school, his office, etc. Specifically, the use position of the user terminal can be obtained through the GPS, and whether the use position of the user terminal is out of a preset range or not is further judged.
In this embodiment, the preset network is a preset user common network, for example, a wifi network to which a user terminal is commonly connected.
In this embodiment, data is collected when the ue is in a possibly dangerous state, so that the consumption of computing resources is reduced under the condition of improving the security of the ue.
A group control terminal data acquisition module 302, configured to acquire a plurality of group control state data subsets acquired by sensors of a group control terminal.
In this embodiment, the group control terminal is the same type of terminal as the user terminal, and the group control terminal installs and runs group control software, for example, the user terminal is a smart phone, and the group control terminal is a smart phone that installs and runs group control software; or the user terminal is an intelligent watch, and the group control terminal is an intelligent watch for installing and running group control software. And, the number of group control terminals may be one or at least two.
In this embodiment, the type of sensor of the group control terminal is also the same as the type of sensor of the user terminal, for example, the sensor of the user terminal is an acceleration sensor, and the sensor of the group control terminal is also an acceleration sensor.
In this embodiment, the data in the group control status data subset is similar to the data in the usage status data subset described above, and will not be described herein.
In this embodiment, the plurality of subsets of group control state data may also be data collected during one or more time periods after a certain application software in the group control terminal (such as an application software that is the same as or similar to a target application software in the user terminal) is started.
A first calculation module 303 is configured to calculate target dynamic time warping distances between a plurality of the usage state data subsets and a plurality of the group control state data subsets, respectively.
In this embodiment, the dynamic time warping distance is obtained by a dynamic time warping algorithm, which is an algorithm for calculating the distance between time sequences.
User_DiSt dtw =D(User sequence ,Baseline_Pool sequence )
Wherein User sequence For a certain subset of usage status data acquired by the sensor of the user terminal, baseline_pool sequence And a certain group control state data subset collected for the group control terminal.
In this embodiment, the similarity between the usage status data collected by the user terminal and the group control status data collected by the group control terminal may be embodied by calculating the dynamic time warping distance.
And a box diagram feature value obtaining module 304, configured to obtain a lower limit value and an upper limit value of a box diagram constructed by dynamic time warping distances among the plurality of group control state data subsets.
In this embodiment, the box plot, also called box plot, is a statistical plot of a shape such as a box.
Preferably, the box map feature value obtaining module 304 includes:
the extraction unit is used for extracting a preset number of group control state data subsets from a plurality of group control state data subsets, and storing the preset number of group control state data subsets in the same data structure in a grouping way;
a first calculation unit for calculating a dynamic time warping distance between a plurality of group control state data subsets stored at the same position in different group data structures;
and the second calculation unit is used for generating a box diagram according to the calculated dynamic time warping distances and calculating an upper limit value and a lower limit value of the box diagram.
In this embodiment, the preset number is preset, for example, the preset number may be one half of the number of the group control state data subsets.
In this embodiment, a preset number of subsets of group control state data may be extracted from the plurality of subsets of group control state data by means of random sampling.
Preferably, the extracting unit is specifically configured to:
judging whether repeated data exist in a plurality of group control state data subsets or not;
and if the repeated data exists in the group control state data subsets, extracting a preset number of group control state data subsets containing the repeated data from a plurality of group control state data subsets.
In this embodiment, when there is duplicate data, the feature of duplicate data is not performed, but the feature of duplicate data is improved, so that the diversity of the data features is improved.
Preferably, the extracting a preset number of subsets of group control state data including repeated data from a plurality of subsets of group control state data includes:
a preset number of subsets of group control state data comprising repeated data is extracted from a plurality of said subsets of group control state data in a downsampled manner.
In this embodiment, the downsampling is to collect data in a manner of reducing the sampling frequency, so that the data sampling points can be reduced, and the operation time can be reduced.
Preferably, the extracting unit is further configured to:
identifying whether null data exists in a plurality of group control state data subsets before extracting a preset number of group control state data subsets from the plurality of group control state data subsets;
And if the group control state data subset has null data, deleting the group control state data subset with null data.
In this embodiment, the preprocessing of empty data inspection is performed on the subset of group control state data, and the unavailable data is deleted, so as to improve the availability of the extracted data.
In this embodiment, the data structure may be a data structure in the form of data, matrix, or the like.
Referring to fig. 2, fig. 2 is an exemplary diagram of storing a plurality of group control state data subset packets in the same data structure.
As shown in fig. 2, a plurality of subsets of group control state data extracted from the group control state data set are grouped and stored in j arrays shown in fig. 2, j is equal to 5,i and k is equal to or greater than 10 and is equal to or less than 20, that is, the plurality of subsets of group control state data extracted are respectively stored in five arrays (groups 1 to group 5), the five arrays form a reference Pool (base Pool), in each group, each node is the group control state data collected by the sensor, for example, each node is the data containing [ x, y, z ] collected by the acceleration sensor, and each time sequence of group control state data is in each group.
In this embodiment, the dynamic time warping distance between the group control state data subset stored in each position in each data structure and the group control state data subset stored in the same position in other data structures may be calculated, that is, calculated:
Dist dtw =D(Group J _Row k ,Group J′ _Row k ) And there is a Group J andGroup J′ E group_j, J' > J), where J represents the Group and k represents the line number.
Referring to FIG. 2, group_j is the Group in FIG. 2, i.e., group J And Group J′ Belonging to any Group in FIG. 2, e.g. computing a Group 1 First Row (row_1) and Group 2 A dynamic time warping distance of the first Row (row_1); drop and loop 2 First Row (row_1) and Group 3 A dynamic time warping distance of the first Row (row_1); drop and loop 1 First Row (row_2) and Group 2 And so on, to obtain a plurality of dynamic time warping distances.
Specifically, the calculation can be performed by a dynamic time warping algorithm formula:
where n denotes a time series of length n, m denotes a time series of length m, and D (n, m) denotes a normalized path distance, i.e., a dynamic time warping distance, between the time series of length n.
In this embodiment, the similarity between two time sequences collected by the group control terminal may be reflected by calculating the dynamic time warping distance.
In this embodiment, the obtained multiple dynamic time warping distances may form a List list_Dist dtw . For List_Dist dtw List ascending order, determining a box diagram and an upper limit value of the box diagram by a box diagram method And a lower limit value.
Specifically, the upper limit value and the lower limit value of the box map are calculated as follows:
(1) Calculating an upper quartile (Q3) and a lower quartile (Q1);
(2) Calculating a difference between the upper quartile and the lower quartile, i.e., a quartile difference iqr=q3-Q1;
(3) The upper limit value of the box diagram obtained by the calculation is as follows: q3+1.5×iqr;
(4) The lower limit value of the box diagram obtained by the calculation is as follows: q1-1.5 iqr.
A determining module 305, configured to determine whether a plurality of target dynamic time warping distances are smaller than the lower limit value or larger than the upper limit value.
In this embodiment, it is determined whether the target dynamic time warping distance is smaller than the lower limit value of the box diagram or larger than the upper limit value of the box diagram, that is, whether the target dynamic time warping distance is within the range of the box diagram.
The second calculating module 306 is configured to calculate a first number of target dynamic time warping distances smaller than the lower limit value and a second number of target dynamic time warping distances larger than the upper limit value according to the determination result.
In this embodiment, when the target dynamic time warping distance is not within the upper and lower limits of the box diagram, it may be noted as 1, and when the target dynamic time warping distance is within the upper and lower limits of the box diagram, it may be noted as 0, and the first number and the second number may be determined according to the numbers of 1 and 0.
Namely:
wherein list_Dist dtw_lowerlimit List_dist as the lower limit of the box diagram dtw_upperlimit The upper limit value of the box diagram.
A first determining module 307, configured to determine that the user terminal is in a secure state if the sum of the first number and the second number is greater than a preset number.
A second determining module 308, configured to determine that the ue is in an unsafe state if the first number and the second number are smaller than the preset number.
In this embodiment, the preset number may be preset.
Further, in this embodiment, the preset number may be determined according to the number of the target dynamic time warping distances. For example, when the number of the target dynamic regular distances is 50 and the preset number is 40, if the number of the target dynamic regular distances is not more than 40 in the upper and lower limit ranges of the box diagram, determining that the user terminal is in a safe state; when the target dynamic time regular distances in the upper limit range and the lower limit range of the box diagram are not more than 40, the fact that most of the target dynamic time regular distances are in the box diagram range is indicated, at the moment, the use states of the user terminal and the group control terminal are very similar, and the user terminal is determined to be in an unsafe state.
In this embodiment, the target dynamic time warping distance may measure the similarity between the time sequence in the user terminal and the time sequence of the group control terminal, when the target dynamic time warping distance is between the upper limit and the lower limit of the box diagram, it indicates that the time sequence data of the user terminal when running is similar to the time sequence data of the group control terminal, when the similar time sequence data is more, it indicates that the user terminal has group control software in a large probability, and when the user terminal is not in a state of user operation, the user terminal has security risk at this time.
Further, in this embodiment, the terminal security state identifying device further includes a protection module, where the protection module is configured to:
after determining that the user terminal is in an unsafe state, starting safety software of the user terminal; or alternatively
After determining that the user terminal is in a non-safety state, sending a message reminder to a user of the user terminal; or alternatively
And after the user terminal is determined to be in the unsafe state, prohibiting the user terminal from running the target type application software.
In this embodiment, when the user terminal is in an unsafe state, corresponding operations are adopted to perform safety protection, which is beneficial to improving the safety of the user terminal.
In the embodiment, the time sequence data of the sensor is converted into the characteristic variable by using a dynamic time warping algorithm, so that the processing of two time sequences with different lengths is more flexible than that of the traditional method, and the robustness is improved; in addition, interaction with a user is not needed in the embodiment, the user can almost acquire the information at any time under the condition that the user does not feel, the user experience is better, the sustainable detection time is long, and the problem of inaccurate identification caused by short detection time is avoided.
In the embodiment of the invention, the target dynamic time regular distance between a plurality of using state data subsets and a plurality of group control state data subsets pre-acquired by the sensor of the group control terminal is calculated, so that the similarity of the using state data subsets acquired by the sensor of the user terminal and the group control state data acquired by the group control terminal on the time sequence can be determined; judging whether the dynamic time warping distances of the targets are smaller than the lower limit value or larger than the upper limit value of a box diagram constructed by the dynamic time warping distances among the group control state data subsets; calculating a first number of target dynamic time warping distances smaller than the lower limit value and a second number of target dynamic time warping distances larger than the upper limit value according to the judging result, and determining the number of dissimilar use state data subsets and group control state data in time sequence; because the number of dissimilarities is large, the possibility that the user terminal is a group control terminal is low, and the possibility that the user terminal is a group control terminal is high, the user terminal can be determined whether to be a group control terminal or not and further whether to be in a safety state or not directly according to whether the sum of the first number and the second number is larger than the preset number.
In this embodiment, the state data of a plurality of time sequences collected by the sensor is judged, so that the diversity and complexity of the data are increased, the data for identification are difficult to simulate and forge, the real safety state of the user terminal can be identified through the data which are difficult to simulate and forge, the identification accuracy is high, meanwhile, the data collected by the sensor of the user terminal in this embodiment are judged, user interaction is not needed, and the data can be collected in real time, so that the data collection has high sustainability, and the problem of reduced identification accuracy caused by low sustainability of identification is avoided. In summary, the embodiment of the invention can realize the purpose of improving the accuracy of identifying the terminal safety state of the terminal.
Fig. 4 is a schematic structural diagram of an electronic device for implementing a terminal security status recognition method according to an embodiment of the present invention.
The electronic device may comprise a processor 10, a memory 11, a communication interface 12 and a bus 13, and may further comprise a computer program, such as a terminal security state identification program, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, including flash memory, a mobile hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device, such as a mobile hard disk of the electronic device. The memory 11 may in other embodiments also be an external storage device of the electronic device, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device. The memory 11 may be used not only for storing application software installed in an electronic device and various types of data, such as codes of a terminal security state recognition program, but also for temporarily storing data that has been output or is to be output.
The processor 10 may be comprised of integrated circuits in some embodiments, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, combinations of various control chips, and the like. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, and executes various functions of the electronic device and processes data by running or executing programs or modules (e.g., a terminal security state recognition program, etc.) stored in the memory 11, and calling data stored in the memory 11.
The communication interface 12 is used for communication between the electronic device and other devices, including network interfaces and user interfaces. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), or alternatively a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.
The bus 13 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus 13 may be classified into an address bus, a data bus, a control bus, and the like. The bus 13 is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
Fig. 4 shows only an electronic device with components, and it will be understood by those skilled in the art that the structure shown in fig. 4 is not limiting of the electronic device and may include fewer or more components than shown, or may combine certain components, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power source (such as a battery) for supplying power to the respective components, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device may further include various sensors, bluetooth modules, wi-Fi modules, etc., which are not described herein.
Further, the electronic device may also include a network interface, optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices.
Optionally, the electronic device may further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The terminal security state identification program stored in the memory 11 in the electronic device is a combination of instructions that, when executed in the processor 10, may implement:
acquiring a use state data set acquired by a sensor of a user terminal, wherein the use state data set comprises a plurality of use state data subsets with different time sequences;
acquiring a plurality of group control state data subsets acquired by a sensor of a group control terminal;
Calculating target dynamic time warping distances between a plurality of using state data subsets and a plurality of group control state data subsets respectively;
acquiring a lower limit value and an upper limit value of a box diagram constructed by dynamic time warping distances among the plurality of group control state data subsets;
judging whether the target dynamic time warping distances are smaller than the lower limit value or larger than the upper limit value;
calculating a first number of target dynamic time warping distances smaller than the lower limit value and a second number of target dynamic time warping distances larger than the upper limit value according to the judging result;
if the sum of the first quantity and the second quantity is larger than a preset quantity, determining that the user terminal is in a safe state;
and if the first number and the second number are smaller than the preset number, determining that the user terminal is in an unsafe state.
Specifically, the specific implementation method of the above instructions by the processor 10 may refer to the description of the relevant steps in the corresponding embodiment of fig. 1, which is not repeated herein.
Further, the electronic device integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
The present invention also provides a computer readable storage medium storing a computer program which, when executed by a processor of an electronic device, can implement:
acquiring a use state data set acquired by a sensor of a user terminal, wherein the use state data set comprises a plurality of use state data subsets with different time sequences;
acquiring a plurality of group control state data subsets acquired by a sensor of a group control terminal;
calculating target dynamic time warping distances between a plurality of using state data subsets and a plurality of group control state data subsets respectively;
acquiring a lower limit value and an upper limit value of a box diagram constructed by dynamic time warping distances among the plurality of group control state data subsets;
judging whether the target dynamic time warping distances are smaller than the lower limit value or larger than the upper limit value;
calculating a first number of target dynamic time warping distances smaller than the lower limit value and a second number of target dynamic time warping distances larger than the upper limit value according to the judging result;
if the sum of the first quantity and the second quantity is larger than a preset quantity, determining that the user terminal is in a safe state;
And if the first number and the second number are smaller than the preset number, determining that the user terminal is in an unsafe state.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.

Claims (10)

1. A method for identifying a security state of a terminal, the method comprising:
acquiring a use state data set acquired by a sensor of a user terminal, wherein the use state data set comprises a plurality of use state data subsets with different time sequences;
acquiring a plurality of group control state data subsets acquired by a sensor of a group control terminal;
calculating target dynamic time warping distances between a plurality of using state data subsets and a plurality of group control state data subsets respectively;
Acquiring a lower limit value and an upper limit value of a box diagram constructed by dynamic time warping distances among the plurality of group control state data subsets;
judging whether the target dynamic time warping distances are smaller than the lower limit value or larger than the upper limit value;
calculating a first number of target dynamic time warping distances smaller than the lower limit value and a second number of target dynamic time warping distances larger than the upper limit value according to the judging result;
if the sum of the first quantity and the second quantity is larger than a preset quantity, determining that the user terminal is in a safe state;
and if the first number and the second number are smaller than the preset number, determining that the user terminal is in an unsafe state.
2. The terminal security state identification method of claim 1, wherein the obtaining a lower limit value and an upper limit value of a box graph constructed by dynamic time warping distances between the plurality of group control state data subsets comprises:
extracting a preset number of group control state data subsets from a plurality of group control state data subsets, and storing the preset number of group control state data subsets in the same data structure in a grouping way;
Calculating dynamic time warping distances among a plurality of group control state data subsets stored in the same positions in different groups of data structures;
generating a box diagram according to the calculated dynamic time warping distances, and calculating an upper limit value and a lower limit value of the box diagram.
3. The terminal security state identification method of claim 2, wherein said extracting a predetermined number of subsets of group control state data from a plurality of said subsets of group control state data comprises:
judging whether repeated data exist in a plurality of group control state data subsets or not;
and if the repeated data exists in the group control state data subsets, extracting a preset number of group control state data subsets containing the repeated data from a plurality of group control state data subsets.
4. The terminal security state identification method of claim 2, wherein prior to extracting a predetermined number of subsets of group control state data from a plurality of said subsets of group control state data, said method further comprises:
identifying whether null data is present in a plurality of said subsets of group control state data;
and if the group control state data subset has null data, deleting the group control state data subset with null data.
5. The terminal security state identification method of claim 3, wherein said extracting a preset number of subsets of group control state data containing duplicate data from a plurality of said subsets of group control state data comprises:
a preset number of subsets of group control state data comprising repeated data is extracted from a plurality of said subsets of group control state data in a downsampled manner.
6. The terminal security state identification method according to any one of claims 1 to 5, wherein before the acquiring of the usage state data set acquired by the sensor of the user terminal, the method further comprises:
monitoring whether the use position of the user terminal is out of a preset range, and executing the operation of acquiring the use state data set acquired by the sensor of the user terminal when the use position of the user terminal is out of the preset range; or alternatively
And monitoring whether the connection network of the user terminal is a non-preset network, and executing the operation of acquiring the use state data set acquired by the sensor of the user terminal when the connection network of the user terminal is the non-preset network.
7. The terminal security state recognition method of claim 1, wherein the sensor is an acceleration sensor.
8. A terminal security state recognition apparatus, the apparatus comprising:
the user terminal data acquisition module is used for acquiring a use state data set acquired by a sensor of the user terminal, wherein the use state data set comprises a plurality of use state data subsets with different time sequences;
the group control terminal data acquisition module is used for acquiring a plurality of group control state data subsets acquired by a sensor of the group control terminal;
a first calculation module, configured to calculate target dynamic time warping distances between a plurality of the usage state data subsets and a plurality of the group control state data subsets, respectively;
the box diagram characteristic value acquisition module is used for acquiring a lower limit value and an upper limit value of a box diagram constructed by dynamic time warping distances among the plurality of group control state data subsets;
the judging module is used for judging whether the plurality of target dynamic time warping distances are smaller than the lower limit value or larger than the upper limit value;
the second calculation module is used for calculating a first quantity of target dynamic time warping distances smaller than the lower limit value and a second quantity of target dynamic time warping distances larger than the upper limit value according to the judgment result;
A first determining module, configured to determine that the user terminal is in a security state if the sum of the first number and the second number is greater than a preset number;
and the second determining module is used for determining that the user terminal is in a non-safety state if the first number and the second number are smaller than the preset number.
9. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the terminal security state identification method according to any one of claims 1 to 7.
10. A computer-readable storage medium comprising a storage data area storing created data and a storage program area storing a computer program; a terminal security state identification method according to any of claims 1 to 7, characterized in that the computer program, when executed by a processor, is implemented.
CN202110720738.5A 2021-06-28 2021-06-28 Terminal security state identification method, device, equipment and medium Active CN113449309B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110720738.5A CN113449309B (en) 2021-06-28 2021-06-28 Terminal security state identification method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110720738.5A CN113449309B (en) 2021-06-28 2021-06-28 Terminal security state identification method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN113449309A CN113449309A (en) 2021-09-28
CN113449309B true CN113449309B (en) 2023-10-27

Family

ID=77813511

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110720738.5A Active CN113449309B (en) 2021-06-28 2021-06-28 Terminal security state identification method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN113449309B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108681908A (en) * 2018-05-17 2018-10-19 广州爱九游信息技术有限公司 Anti- cheat method, device, computing device and storage medium
CN109447701A (en) * 2018-10-24 2019-03-08 麒麟合盛网络技术股份有限公司 The anti-cheat method of application program, device and server-side
CN109688183A (en) * 2018-08-20 2019-04-26 深圳壹账通智能科技有限公司 Group control device recognition methods, device, equipment and computer readable storage medium
CN110210883A (en) * 2018-05-09 2019-09-06 腾讯科技(深圳)有限公司 The recognition methods of team control account, device, server and storage medium
CN110825818A (en) * 2019-09-18 2020-02-21 平安科技(深圳)有限公司 Multi-dimensional feature construction method and device, electronic equipment and storage medium
CN111260220A (en) * 2020-01-16 2020-06-09 贝壳技术有限公司 Group control equipment identification method and device, electronic equipment and storage medium
CN111371858A (en) * 2020-02-25 2020-07-03 同盾控股有限公司 Group control equipment identification method, device, medium and electronic equipment
CN111835561A (en) * 2020-06-29 2020-10-27 中国平安财产保险股份有限公司 Abnormal user group detection method, device and equipment based on user behavior data
CN112184241A (en) * 2020-09-27 2021-01-05 中国银联股份有限公司 Identity authentication method and device
CN112329847A (en) * 2020-11-03 2021-02-05 北京神州泰岳软件股份有限公司 Abnormity detection method and device, electronic equipment and storage medium
CN112819056A (en) * 2021-01-25 2021-05-18 百果园技术(新加坡)有限公司 Group control account mining method, device, equipment and storage medium
CN112926045A (en) * 2021-02-24 2021-06-08 北京通付盾人工智能技术有限公司 Group control equipment identification method based on logistic regression model

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11137323B2 (en) * 2018-11-12 2021-10-05 Kabushiki Kaisha Toshiba Method of detecting anomalies in waveforms, and system thereof

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110210883A (en) * 2018-05-09 2019-09-06 腾讯科技(深圳)有限公司 The recognition methods of team control account, device, server and storage medium
CN108681908A (en) * 2018-05-17 2018-10-19 广州爱九游信息技术有限公司 Anti- cheat method, device, computing device and storage medium
CN109688183A (en) * 2018-08-20 2019-04-26 深圳壹账通智能科技有限公司 Group control device recognition methods, device, equipment and computer readable storage medium
CN109447701A (en) * 2018-10-24 2019-03-08 麒麟合盛网络技术股份有限公司 The anti-cheat method of application program, device and server-side
CN110825818A (en) * 2019-09-18 2020-02-21 平安科技(深圳)有限公司 Multi-dimensional feature construction method and device, electronic equipment and storage medium
CN111260220A (en) * 2020-01-16 2020-06-09 贝壳技术有限公司 Group control equipment identification method and device, electronic equipment and storage medium
CN111371858A (en) * 2020-02-25 2020-07-03 同盾控股有限公司 Group control equipment identification method, device, medium and electronic equipment
CN111835561A (en) * 2020-06-29 2020-10-27 中国平安财产保险股份有限公司 Abnormal user group detection method, device and equipment based on user behavior data
CN112184241A (en) * 2020-09-27 2021-01-05 中国银联股份有限公司 Identity authentication method and device
CN112329847A (en) * 2020-11-03 2021-02-05 北京神州泰岳软件股份有限公司 Abnormity detection method and device, electronic equipment and storage medium
CN112819056A (en) * 2021-01-25 2021-05-18 百果园技术(新加坡)有限公司 Group control account mining method, device, equipment and storage medium
CN112926045A (en) * 2021-02-24 2021-06-08 北京通付盾人工智能技术有限公司 Group control equipment identification method based on logistic regression model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
无监督机器学习在游戏反欺诈领域的应用研究;徐瑜;周游;林璐;张聪;;信息网络安全(09);第40-44页 *

Also Published As

Publication number Publication date
CN113449309A (en) 2021-09-28

Similar Documents

Publication Publication Date Title
CN107766809B (en) Electronic device, bill information identification method, and computer-readable storage medium
WO2022095351A1 (en) Target area division method and apparatus, and electronic device and storage medium
Li et al. Unobservable re-authentication for smartphones.
CN112507936B (en) Image information auditing method and device, electronic equipment and readable storage medium
CN111931047B (en) Artificial intelligence-based black product account detection method and related device
CN109345417B (en) Online assessment method and terminal equipment for business personnel based on identity authentication
CN113688923B (en) Order abnormity intelligent detection method and device, electronic equipment and storage medium
CN111598122B (en) Data verification method and device, electronic equipment and storage medium
CN111783138A (en) Sensitive data detection method and device, computer equipment and storage medium
CN111882425B (en) Service data processing method, device and server
CN114049568A (en) Object shape change detection method, device, equipment and medium based on image comparison
CN114185622B (en) Page loading method, device, equipment and storage medium
CN109995751B (en) Internet access equipment marking method and device, storage medium and computer equipment
CN113449309B (en) Terminal security state identification method, device, equipment and medium
CN114202768B (en) Method and device for evaluating risk of insurance policy claim settlement, electronic equipment and storage medium
CN115119197B (en) Wireless network risk analysis method, device, equipment and medium based on big data
CN113221888B (en) License plate number management system test method and device, electronic equipment and storage medium
CN115659401A (en) Data security management and control method, device, equipment and storage medium based on big data
CN113537806A (en) Abnormal user identification method and device, electronic equipment and readable storage medium
CN114610980A (en) Network public opinion based black product identification method, device, equipment and storage medium
CN113157677A (en) Data filtering method and device based on trust behaviors
CN107995181B (en) Gait-based identity authentication method, device, equipment and storage medium
CN114925353B (en) Account password resetting risk identification method, device, equipment and storage medium
CN112364630B (en) License content error correction method, device and system
CN115225489B (en) Dynamic control method for queue service flow threshold, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant