CN113760674A - Information generation method and device, electronic equipment and computer readable medium - Google Patents

Information generation method and device, electronic equipment and computer readable medium Download PDF

Info

Publication number
CN113760674A
CN113760674A CN202110057944.2A CN202110057944A CN113760674A CN 113760674 A CN113760674 A CN 113760674A CN 202110057944 A CN202110057944 A CN 202110057944A CN 113760674 A CN113760674 A CN 113760674A
Authority
CN
China
Prior art keywords
user
historical
access log
current
behavior data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110057944.2A
Other languages
Chinese (zh)
Inventor
魏振江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Tuoxian Technology Co Ltd
Original Assignee
Beijing Jingdong Tuoxian Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Tuoxian Technology Co Ltd filed Critical Beijing Jingdong Tuoxian Technology Co Ltd
Priority to CN202110057944.2A priority Critical patent/CN113760674A/en
Publication of CN113760674A publication Critical patent/CN113760674A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3438Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3452Performance evaluation by statistical analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging

Abstract

The embodiment of the disclosure discloses an information generation method, an information generation device, electronic equipment and a computer readable medium. One embodiment of the method comprises: in response to receiving a user request sent by a target user through a terminal, acquiring a current access log and a historical access log corresponding to the target user; generalizing the access log to obtain a generalization characteristic; determining and combining request data, current behavior data, verification behavior data and historical behavior data corresponding to the target user according to the generalization characteristics to obtain index data corresponding to the target user; inputting the index data into a pre-trained illegal user identification model to obtain identification result information; and sending a corresponding request result to the terminal according to the identification result information. The embodiment improves the accuracy of identification.

Description

Information generation method and device, electronic equipment and computer readable medium
Technical Field
Embodiments of the present disclosure relate to the field of computer technologies, and in particular, to an information generation method, an information generation device, an electronic device, and a computer-readable medium.
Background
With the development of internet technology, great convenience is brought to the life of people. Meanwhile, some people access the platform by various cheating means to execute various illegal operations, which causes resource waste of the platform and influences normal access and operation of common users. Therefore, it is necessary to identify an illegal user. Related techniques typically employ rule-based identification.
However, when the above-described manner is adopted for the identification, there are often technical problems as follows:
first, since the rule is generally fixed and single, it cannot meet the actual requirement, and there is a need to improve the recognition accuracy.
Second, a threshold value is typically set for rule-based identification. The setting of the threshold is often determined by designation, and is greatly affected by subjective factors. In case the threshold setting is too high, the use by normal users may be affected.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. Some embodiments of the present disclosure propose information generation methods, apparatuses, electronic devices, and computer readable media to solve one or more of the technical problems mentioned in the background section above.
In a first aspect, some embodiments of the present disclosure provide an information generating method, including: in response to receiving a user request sent by a target user through a terminal, acquiring a current access log and a historical access log corresponding to the target user; respectively generalizing the current access log and the historical access log to obtain a current generalization characteristic and a historical generalization characteristic; determining request data, current behavior data and verification behavior data corresponding to the target user according to the current generalization characteristics; determining historical behavior data corresponding to the target user according to the historical generalization characteristics; combining the request data, the current behavior data, the verification behavior data and the historical behavior data to obtain index data corresponding to the target user; and inputting the index data into a pre-trained illegal user identification model to obtain identification result information, wherein the identification result information is used for representing whether the user is an illegal user or not.
In a second aspect, some embodiments of the present disclosure provide an information generating apparatus, the apparatus comprising: the terminal comprises an acquisition unit, a storage unit and a processing unit, wherein the acquisition unit is configured to respond to a received user request sent by a target user through the terminal and acquire a current access log and a historical access log corresponding to the target user; the characteristic generalization unit is configured to generalize the current access log and the historical access log respectively to obtain a current generalization characteristic and a historical generalization characteristic; the first determining unit is configured to determine request data, current behavior data and verification behavior data corresponding to the target user according to the current generalization characteristic; the second determining unit is configured to determine historical behavior data corresponding to the target user according to the historical generalization characteristics; the combination unit is configured to combine the request data, the current behavior data, the verification behavior data and the historical behavior data to obtain index data corresponding to the target user; and the identification unit is configured to input the index data into a pre-trained illegal user identification model to obtain identification result information, and the identification result information is used for representing whether the user is an illegal user or not.
In a third aspect, some embodiments of the present disclosure provide an electronic device, comprising: one or more processors; a storage device having one or more programs stored thereon, which when executed by one or more processors, cause the one or more processors to implement the method described in any of the implementations of the first aspect.
In a fourth aspect, some embodiments of the present disclosure provide a computer readable medium on which a computer program is stored, wherein the program, when executed by a processor, implements the method described in any of the implementations of the first aspect.
The above embodiments of the present disclosure have the following advantages: the accuracy rate of identification is improved. Specifically, by combining the current access log and the historical access log, the user can be identified in a longer time range, and the identification accuracy is improved. In addition, through the combination of the request data, the current behavior data, the verification behavior data and the historical behavior data, the diversity of index data is increased, different data can reflect whether a user is an illegal user from different dimensions, and then the identification result can integrate information of all dimensions, so that accidental errors caused by a single identification rule are avoided, subjective factors are also avoided, and the accuracy of the identification result is finally improved.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and elements are not necessarily drawn to scale.
FIG. 1 is a schematic diagram of one application scenario of an information generation method according to some embodiments of the present disclosure;
FIG. 2 is a flow diagram of some embodiments of an information generation method according to the present disclosure;
FIG. 3 is a flow diagram of further embodiments of an information generation method according to the present disclosure;
FIG. 4 is a schematic block diagram of some embodiments of an information generating apparatus according to the present disclosure;
FIG. 5 is a schematic structural diagram of an electronic device suitable for use in implementing some embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings. The embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 is a schematic diagram of an application scenario of an information generation method of some embodiments of the present disclosure.
In the context of the present application, the subject of execution of the information generation method may be the computing device 101. In practice, a user may perform various operations through the terminal, such as choosing a commodity from an e-commerce application installed on the terminal. In this application scenario, when the user performs an operation such as placing an order, the terminal is triggered to send a user request 102 to the computing device 101. In response to receiving a user request 102 sent by a target user through a terminal, the computing device 101 may obtain a current access log 103 and a historical access log 104 corresponding to the target user. Respectively generalizing the current access log 103 and the historical access log 104 to obtain a current generalization feature 105 and a historical generalization feature 106. On the basis, according to the current generalization feature 105, the corresponding request data 107, the current behavior data 108 and the verification behavior data 109 of the target user are determined. And then, according to the historical generalization feature 106, determining historical behavior data 110 corresponding to the target user. Then, the computing device 101 may combine the request data 107, the current behavior data 108, the verification behavior data 109, and the historical behavior data 110 to obtain the index data 111 corresponding to the target user. The index data 111 is input into the pre-trained illegal user identification model 112 to obtain identification result information 113, and the identification result information 113 is used for representing whether the user is an illegal user.
The computing device 101 may be hardware or software. When the computing device is hardware, it may be implemented as a distributed cluster composed of multiple servers or terminal devices, or may be implemented as a single server or a single terminal device. When the computing device is embodied as software, it may be installed in the hardware devices enumerated above. It may be implemented, for example, as multiple software or software modules to provide distributed services, or as a single software or software module. And is not particularly limited herein.
It should be understood that the number of computing devices in FIG. 1 is merely illustrative. There may be any number of computing devices, as implementation needs dictate.
With continued reference to fig. 2, a flow 200 of some embodiments of an information generation method according to the present disclosure is shown. The information generation method comprises the following steps:
step 201, in response to receiving a user request sent by a target user through a terminal, obtaining a current access log and a historical access log corresponding to the target user.
In some embodiments, various operations may be performed by the terminal. As an example, merchandise may be selected for purchase in an e-commerce type application installed on the terminal. At this time, when the user performs an operation such as placing an order, the terminal is triggered to send a user request. So that the execution subject of the information generation method (e.g., the computing device 101 shown in fig. 1) can receive the user request. In response to receiving a user request of a target user, the execution subject may obtain a current access log and a historical access log corresponding to the target user. The user request may include information such as a user identifier. Therefore, the execution main body can search the corresponding current access log and the corresponding historical access log from the database according to the user identification. The current access log may be an access log of the target user in a period of time closer to the current time, and the historical access log is an access log of a period of time generally farther from the current time. In practice, the time intervals corresponding to the current access log and the historical access log can be confirmed in a screening mode through specification or certain conditions. For example, when the access log exceeding the threshold value from the current time point is determined as the history access log, the access log smaller than or equal to the threshold value may be determined as the current access log by the threshold value.
Optionally, the obtaining of the current access log and the historical access log corresponding to the target user includes: and searching an access log corresponding to the user identification and the user access address as a historical access log. In practice, the access log can be searched jointly through the user identification and the user access address to obtain a historical access log, so that the searching mode of the access log can be increased. In addition, the user identification and the user access address are comprehensively considered, so that the access log can be searched more accurately, and the accuracy of the identification result information is improved.
Step 202, generalizing the current access log and the historical access log respectively to obtain a current generalization characteristic and a historical generalization characteristic.
In some embodiments, the execution subject may generalize the current access log and the historical access log respectively to obtain a current generalization feature and a historical generalization feature. According to different contents in the access log, generalization can be carried out in different ways. Through generalization, redundant information can be removed, so that the obtained generalized characteristics can better represent whether the user is an illegal user or not.
Generally, the access log includes, but is not limited to, at least one of: timestamp, user access address, client type, user identification, request path, traffic status information, access status information, and the like. Generalization can be made in different ways for different content. In practice, one content may be generalized into one feature, two or more features, or multiple contents may be generalized into one or more features as needed. It will be appreciated that for the case where multiple items of content are included in the access log, the current and historical generalization features can also include a corresponding plurality of features.
For example, a user access address may be directly determined as a feature. The client type can be generalized into two features, which are respectively: whether the type is null and whether it is a regular type. As another example, the time stamp (20/sep/2017:19:45:38+0800) can be generalized by extracting the time division therein, and a generalized characteristic (19:45) is obtained.
And step 203, determining the request data, the current behavior data and the verification behavior data corresponding to the target user according to the current generalization characteristics.
In some embodiments, the request data may be data related to the user request within the time interval corresponding to the current access log, including but not limited to: number of requests, number of different request paths, number of non-image different requests, etc. By way of example, the request data may be derived from current generalized characteristics corresponding to the request path, traffic status code, HTTP status code, etc. For example, the number of requests may be obtained by counting the number of user requests in the time interval. In general, the current generalization characteristics for different request paths are also different. Therefore, the number of different request paths can be obtained by counting different request path strain generalization characteristics in the time interval.
The current behavior data may be data related to user behavior in a time interval corresponding to the current access log, including but not limited to: number of request type, number of request status codes, number of different access addresses, number of agent access addresses, number of device fingerprints, whether it is a H5 page, whether the request source page identifies or not, etc. The verification behavior data may be data related to user verification behavior in a time interval corresponding to the current access log, including but not limited to: a verification time interval, a number of verification initiations, a number of times verification information is actually entered, etc.
And step 204, determining historical behavior data corresponding to the target user according to the historical generalization characteristics.
In some embodiments, the historical behavior data may be historical behavior-related data for a time interval corresponding to the historical access log. By way of example, historical behavior data may include, but is not limited to: number of sessions, non-graphical sessions, etc.
Step 205, combining the request data, the current behavior data, the verification behavior data and the historical behavior data to obtain index data corresponding to the target user.
And step 206, inputting the index data into a pre-trained illegal user identification model to obtain identification result information, wherein the identification result information is used for representing whether the user is an illegal user.
In some embodiments, the illegal user identification model may be a pre-trained artificial neural network. As the initial network, a network structure such as a Convolutional Neural Network (CNN), a Recurrent Neural Network (RNN), or the like may be selected as necessary. On the basis, the initial network can be trained by utilizing the training sample set, so that the illegal user identification model is obtained. As an example, a training sample in the set of training samples may include metric data and a label corresponding to the user. The label is used for representing whether the user is an illegal user.
In some embodiments, through the combination of the current access log and the historical access log, the user can be identified in a longer time range, and therefore the identification accuracy is improved. In addition, through the combination of the request data, the current behavior data, the verification behavior data and the historical behavior data, the diversity of index data is increased, different data can reflect whether a user is an illegal user from different dimensions, and then the identification result can integrate information of all dimensions, so that accidental errors caused by a single identification rule are avoided, subjective factors are also avoided, and the accuracy of the identification result is finally improved.
With further reference to fig. 3, a flow 300 of further embodiments of an information generation method is illustrated. The process 300 of the information generating method includes the following steps:
step 301, in response to receiving a user request sent by a target user through a terminal, obtaining a current access log and a historical access log corresponding to the target user.
In some embodiments, the specific implementation of step 301 and the technical effect thereof may refer to step 201 in the embodiment corresponding to fig. 2, and are not described herein again.
As an example, the execution subject of the information generation method may determine the session time interval according to a preset time length value with the timestamp as a start time. For example, the preset length of time may be 30min and the timestamp may be 20/sep/2017:19:45:38+ 0800. Then the session time interval may be 19:45, 20: 15. On the basis, the access log in the session time interval can be obtained as the current access log.
Step 302, generalizing the current access log and the historical access log respectively to obtain a current generalization characteristic and a historical generalization characteristic.
Step 303, determining the number of user requests, the number of request paths, and the number of first category request paths in the session time interval as request data according to the current generalization feature.
The user request quantity, the request path data quantity and the first-class request path quantity can reflect whether the user is an illegal user or not from different dimensions. For example, in multiple requests, the request paths corresponding to normal users are generally concentrated on several fixed request paths, but illegal users may frequently adopt different request paths through some cheating means. The number of request paths in the first category may be a non-graphical number of request paths. Wherein the number of non-graphics request paths may be the number of request paths that do not contain graphics. In practice, these data volumes can be obtained by counting the current generalization feature. The current generalization feature is obtained by generalizing an access log of the content for a period of time. An access log is formed each time a user requests it. Therefore, the current generalized features may include a plurality of user requests for corresponding features over a period of time. Therefore, as a set of the current generalization characteristics, statistics can be performed to obtain the number of the user requests, the number of the request paths, and the number of the request paths of the first category, which are determined as the request data.
And step 304, determining the times of calling the verification information generation interface, the times of calling the information verification interface and the verification time interval in the session time interval as verification behavior data according to the current generalization characteristics.
In some embodiments, the number of times the verification information generation interface is called, the number of times the information verification interface is called, and the verification time interval may also reflect whether the user is an illegal user from different dimensions. The verification information may be graphic verification information, short message verification information, and the like.
For example, a common user may only call the verification information generation interface a small amount of time, and an illegal user may call the verification information generation interface a large amount of time. For another example, after the common user calls the verification information generation interface to obtain the verification information, the common user performs a verification operation, such as inputting a short message verification code. However, the unauthorized user often calls only the authentication information generation interface without performing an actual authentication operation. For another example, due to manual operation, the ordinary user needs to perform a step of reading and inputting after receiving the short message verification code, so that the verification time interval is long. However, an illegal user performs automatic verification through some scripts, and the verification interval time is often much shorter than the manual operation interval.
Step 305, according to the current generalization feature, determining at least one of the following items in the session time interval as the current behavior data: session starting time, number ratio among different request modes, type number of request state codes, number of access addresses, number of proxy access addresses, session duration, number of device fingerprints and number of source page identifiers which are empty.
In some embodiments, the session start time, the number ratio between different request modes, the type number of the request status codes, the number of access addresses, the number of proxy access addresses, the session duration, the number of device fingerprints, and the number of source page identifiers marked as empty may reflect whether the user is an illegal user from different dimensions. For example, normal users use the agent less often, while illegal users use the agent access address in large quantities. As another example, a Source Page identification (Refer) may reflect which page the user came from. The source page identification of normal users is usually not null, while illegal users are often null.
And step 306, determining the historical conversation number and the historical non-graphic conversation number corresponding to the target user according to the historical generalization characteristics, wherein the historical non-graphic conversation number is the number of the historical conversations not containing the graphics.
And 307, combining the request data, the current behavior data, the verification behavior data and the historical behavior data to obtain index data corresponding to the target user.
And 308, inputting the index data into a pre-trained illegal user identification model to obtain identification result information, wherein the identification result information is used for representing whether the user is an illegal user.
As can be seen from fig. 3, compared with the description of some embodiments corresponding to fig. 2, the flow 300 of the information generation method in some embodiments corresponding to fig. 3 embodies the specific processes of determining request data, verifying behavior data, current behavior data, and historical behavior data. Through the selection of the features in each item of data, whether the data are illegal users or not is reflected from different fine granularities, the dimensionality of the features is greatly enriched, and the accuracy of the identification result is further improved.
With further reference to fig. 4, as an implementation of the methods shown in the above figures, the present disclosure provides some embodiments of an information generating apparatus, which correspond to those shown in fig. 2, and which may be applied in various electronic devices in particular.
As shown in fig. 4, the information generating apparatus 400 of some embodiments includes: an acquisition unit 401, a feature generalization unit 402, a first determination unit 403, a second determination unit 404, a combination unit 405, and an identification unit 406. The obtaining unit 401 is configured to obtain a current access log and a historical access log corresponding to a target user in response to receiving a user request sent by the target user through a terminal. The feature generalization unit 402 is configured to generalize the current access log and the historical access log, respectively, to obtain a current generalized feature and a historical generalized feature. The first determining unit 403 is configured to determine the request data, the current session behavior data and the verification behavior data corresponding to the target user according to the current generalization feature. The second determining unit 404 is configured to determine historical behavior data corresponding to the target user according to the historical generalization feature. The combining unit 405 is configured to combine the request data, the current session behavior data, the verification behavior data, and the historical behavior data to obtain index data corresponding to the target user. The identification unit 406 is configured to input the index data into a pre-trained illegal user identification model, resulting in identification result information, which is used to characterize whether the user is an illegal user.
In an alternative implementation of some embodiments, the access log includes a timestamp; and the obtaining unit is further configured to: determining a session time interval by taking the timestamp as an initial time according to a preset time length value; and acquiring an access log in the session time interval as a current access log.
In an optional implementation of some embodiments, the user request includes a user identification and a user access address; and the obtaining unit is further configured to: and searching an access log corresponding to the user identification and the user access address as a historical access log.
In an optional implementation of some embodiments, the first determining unit is configured to: determining the number of user requests, the number of request paths and the number of first-class request paths in a session time interval as request data; determining the times of calling the verification information generation interface, the times of calling the information verification interface and the verification time interval in the session time interval as verification behavior data; determining at least one of the following within a session time interval as current session activity data: session starting time, number ratio among different request modes, type number of request state codes, number of access addresses, number of proxy access addresses, session duration, number of device fingerprints and number of source page identifiers which are empty.
It will be understood that the elements described in the apparatus 400 correspond to various steps in the method described with reference to fig. 2. Thus, the operations, features and resulting advantages described above with respect to the method are also applicable to the apparatus 400 and the units included therein, and will not be described herein again.
Referring now to fig. 5, a schematic diagram of an electronic device (e.g., the electronic device of fig. 1) 500 suitable for use in implementing some embodiments of the present disclosure is shown. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 5, electronic device 500 may include a processing means (e.g., central processing unit, graphics processor, etc.) 501 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data necessary for the operation of the electronic apparatus 500 are also stored. The processing device 501, the ROM 502, and the RAM503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Generally, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 507 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, and the like; storage devices 508 including, for example, magnetic tape, hard disk, etc.; and a communication device 509. The communication means 509 may allow the electronic device 500 to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 illustrates an electronic device 500 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided. Each block shown in fig. 5 may represent one device or may represent multiple devices as desired.
In particular, according to some embodiments of the present disclosure, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, some embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In some such embodiments, the computer program may be downloaded and installed from a network via the communication means 509, or installed from the storage means 508, or installed from the ROM 502. The computer program, when executed by the processing device 501, performs the above-described functions defined in the methods of some embodiments of the present disclosure.
It should be noted that the computer readable medium described in some embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In some embodiments of the disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In some embodiments of the present disclosure, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: in response to receiving a user request sent by a target user through a terminal, acquiring a current access log and a historical access log corresponding to the target user; generalizing the access log to obtain a generalization characteristic; determining and combining request data, current behavior data, verification behavior data and historical behavior data corresponding to the target user according to the generalization characteristics to obtain index data corresponding to the target user; inputting the index data into a pre-trained illegal user identification model to obtain identification result information; and sending a corresponding request result to the terminal according to the identification result information.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in some embodiments of the present disclosure may be implemented by software, and may also be implemented by hardware. The described units may also be provided in a processor, and may be described as: a processor includes an acquisition unit, a feature generalization unit, a first determination unit, a second determination unit, a combination unit, and an identification unit. The names of these units do not form a limitation on the unit itself in some cases, and for example, the acquiring unit may also be described as a "unit that acquires a current access log and a history access log corresponding to a target user".
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is made without departing from the inventive concept as defined above. For example, the above features and (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (10)

1. An information generating method, comprising:
in response to receiving a user request sent by a target user through a terminal, acquiring a current access log and a historical access log corresponding to the target user;
respectively generalizing the current access log and the historical access log to obtain a current generalization characteristic and a historical generalization characteristic;
determining request data, current behavior data and verification behavior data corresponding to the target user according to the current generalization characteristics;
determining historical behavior data corresponding to the target user according to the historical generalization characteristics;
combining the request data, the current behavior data, the verification behavior data and the historical behavior data to obtain index data corresponding to the target user;
and inputting the index data into a pre-trained illegal user identification model to obtain identification result information, wherein the identification result information is used for representing whether the user is an illegal user.
2. The method of claim 1, wherein the access log includes a timestamp; and
the obtaining of the current access log and the historical access log corresponding to the target user includes:
determining a session time interval by taking the timestamp as an initial time according to a preset time length value;
and acquiring an access log in the session time interval as the current access log.
3. The method of claim 2, wherein the user request includes a user identification and a user access address; and
the obtaining of the current access log and the historical access log corresponding to the target user includes:
and searching an access log corresponding to the user identification and the user access address as the historical access log.
4. The method of claim 2, wherein the determining, according to the current generalization feature, request data, current behavior data, and verification behavior data corresponding to the target user comprises:
determining the number of user requests, the number of request paths and the number of first-class request paths in the session time interval as the request data according to the current generalization characteristic;
determining the times of calling a verification information generation interface, the times of calling an information verification interface and a verification time interval in the session time interval as the verification behavior data according to the current generalization characteristic;
according to the current generalization feature, determining at least one of the following items in the session time interval as the current behavior data: session starting time, number ratio among different request modes, type number of request state codes, number of access addresses, number of proxy access addresses, session duration, number of device fingerprints and number of source page identifiers which are empty.
5. The method of claim 4, wherein the determining historical behavior data corresponding to the target user according to the historical generalization feature comprises:
and determining the historical conversation number and the historical non-graphic conversation number corresponding to the target user according to the historical generalization feature, wherein the historical non-graphic conversation number is the number of the historical conversations not containing graphics.
6. An information generating apparatus comprising:
the terminal comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is configured to respond to a received user request sent by a target user through the terminal and acquire a current access log and a historical access log corresponding to the target user;
the characteristic generalization unit is configured to generalize the current access log and the historical access log respectively to obtain a current generalization characteristic and a historical generalization characteristic;
a first determining unit, configured to determine, according to the current generalization feature, request data, current behavior data, and verification behavior data corresponding to the target user;
the second determining unit is configured to determine historical behavior data corresponding to the target user according to the historical generalization characteristics;
the combination unit is configured to combine the request data, the current behavior data, the verification behavior data and the historical behavior data to obtain index data corresponding to the target user;
and the identification unit is configured to input the index data into a pre-trained illegal user identification model to obtain identification result information, and the identification result information is used for representing whether the user is an illegal user or not.
7. The apparatus of claim 6, wherein the access log comprises a timestamp; and
the acquisition unit is further configured to:
determining a session time interval by taking the timestamp as an initial time according to a preset time length value;
and acquiring an access log in the session time interval as the current access log.
8. The apparatus of claim 7, wherein the user request comprises a user identification and a user access address; and
the acquisition unit is further configured to:
and searching an access log corresponding to the user identification and the user access address as the historical access log.
9. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-5.
10. A computer-readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the method of any one of claims 1-5.
CN202110057944.2A 2021-01-15 2021-01-15 Information generation method and device, electronic equipment and computer readable medium Pending CN113760674A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110057944.2A CN113760674A (en) 2021-01-15 2021-01-15 Information generation method and device, electronic equipment and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110057944.2A CN113760674A (en) 2021-01-15 2021-01-15 Information generation method and device, electronic equipment and computer readable medium

Publications (1)

Publication Number Publication Date
CN113760674A true CN113760674A (en) 2021-12-07

Family

ID=78786299

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110057944.2A Pending CN113760674A (en) 2021-01-15 2021-01-15 Information generation method and device, electronic equipment and computer readable medium

Country Status (1)

Country Link
CN (1) CN113760674A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114417905A (en) * 2022-01-26 2022-04-29 多点(深圳)数字科技有限公司 Information sending method, device, equipment and computer readable medium
CN115471168A (en) * 2021-12-14 2022-12-13 国网上海市电力公司 Automatic flow processing method and device, electronic equipment and computer readable medium
CN116881974A (en) * 2023-09-06 2023-10-13 中关村科学城城市大脑股份有限公司 Data processing method and device based on data acquisition request and electronic equipment
CN116938598A (en) * 2023-09-14 2023-10-24 北京中科智媒融媒体技术有限公司 Information transmission method, apparatus, electronic device, and computer-readable medium

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115471168A (en) * 2021-12-14 2022-12-13 国网上海市电力公司 Automatic flow processing method and device, electronic equipment and computer readable medium
CN115471168B (en) * 2021-12-14 2023-07-18 国网上海市电力公司 Automated process processing method, apparatus, electronic device and computer readable medium
CN114417905A (en) * 2022-01-26 2022-04-29 多点(深圳)数字科技有限公司 Information sending method, device, equipment and computer readable medium
CN116881974A (en) * 2023-09-06 2023-10-13 中关村科学城城市大脑股份有限公司 Data processing method and device based on data acquisition request and electronic equipment
CN116881974B (en) * 2023-09-06 2023-11-24 中关村科学城城市大脑股份有限公司 Data processing method and device based on data acquisition request and electronic equipment
CN116938598A (en) * 2023-09-14 2023-10-24 北京中科智媒融媒体技术有限公司 Information transmission method, apparatus, electronic device, and computer-readable medium
CN116938598B (en) * 2023-09-14 2023-11-24 北京中科智媒融媒体技术有限公司 Information transmission method, apparatus, electronic device, and computer-readable medium

Similar Documents

Publication Publication Date Title
CN113760674A (en) Information generation method and device, electronic equipment and computer readable medium
CN111581291A (en) Data processing method and device, electronic equipment and readable medium
CN111291103A (en) Interface data analysis method and device, electronic equipment and storage medium
CN112084179B (en) Data processing method, device, equipment and storage medium
CN111061956A (en) Method and apparatus for generating information
CN112995712A (en) Method, device and equipment for determining stuck factors and storage medium
WO2022188534A1 (en) Information pushing method and apparatus
CN110908921A (en) Game problem positioning method and device, electronic equipment and storage medium
CN111858381B (en) Application fault tolerance capability test method, electronic device and medium
CN110347973B (en) Method and device for generating information
CN115361450B (en) Request information processing method, apparatus, electronic device, medium, and program product
CN114465919B (en) Network service testing method, system, electronic equipment and storage medium
CN113807056B (en) Document name sequence error correction method, device and equipment
CN115277261A (en) Abnormal machine intelligent identification method, device and equipment based on industrial control network virus
CN111628913B (en) Online time length determining method and device, readable medium and electronic equipment
CN111221424B (en) Method, apparatus, electronic device, and computer-readable medium for generating information
CN114205325A (en) Message sending method, device, server and storage medium
CN113486749A (en) Image data collection method, device, electronic equipment and computer readable medium
CN112084114A (en) Method and apparatus for testing an interface
CN116800834B (en) Virtual gift merging method, device, electronic equipment and computer readable medium
CN113282471B (en) Equipment performance testing method and device and terminal equipment
CN114039970A (en) Information downloading method and device, electronic equipment and computer readable medium
CN113722449A (en) Information processing method, device, electronic equipment and computer readable medium
CN113760590A (en) Fault processing method and device, electronic equipment and computer readable medium
CN116738184A (en) Application program fault analysis method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination