CN113946767A - Method, device, equipment and storage medium for identifying stealing link behavior - Google Patents

Method, device, equipment and storage medium for identifying stealing link behavior Download PDF

Info

Publication number
CN113946767A
CN113946767A CN202111178182.8A CN202111178182A CN113946767A CN 113946767 A CN113946767 A CN 113946767A CN 202111178182 A CN202111178182 A CN 202111178182A CN 113946767 A CN113946767 A CN 113946767A
Authority
CN
China
Prior art keywords
user behavior
client
client device
behavior
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111178182.8A
Other languages
Chinese (zh)
Inventor
冯聪
王正华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN202111178182.8A priority Critical patent/CN113946767A/en
Publication of CN113946767A publication Critical patent/CN113946767A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9558Details of hyperlinks; Management of linked annotations

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The disclosure provides a method, a device, equipment and a storage medium for identifying a stealing link behavior, and relates to the technical field of internet, in particular to the technical fields of big data, cloud computing and the like. The specific implementation scheme is as follows: receiving a scheduling request from a client device, wherein the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature; acquiring user behavior characteristics of the client device based on the device identifier, wherein the user behavior characteristics are used for representing the current user behavior and the historical user behavior of the client device; and identifying whether the client equipment has the stealing link behavior according to the equipment characteristics and the user behavior characteristics to obtain an identification result. The method solves the technical problems that in the prior art, a loophole exists in time verification of a method for identifying the stealing behavior, and a stealer forges the identity of a client to obtain a large number of download addresses.

Description

Method, device, equipment and storage medium for identifying stealing link behavior
Technical Field
The disclosure relates to the technical field of internet, in particular to the technical field of big data, cloud computing and the like, and particularly relates to a method, a device, equipment and a storage medium for identifying a hotlinking behavior.
Background
The main mode of the existing technical scheme is to add time check in a download address dlink, for example, the effective link time is 8h, and overtime links are eliminated, so that fine tracking of traffic cannot be performed. As shown in fig. 1, firstly, a client requests a network disk download scheduling server to request to obtain a download address, the network disk download scheduling server generates the download address of a download server IDC or CDN according to characteristics of a file storage location, heat and the like, and injects a linked validity signature parameter expires into the download address, the validity signature parameter is signed with signature verification, so as to ensure that the network disk download scheduling server is not tampered; and after the client acquires the download address, sending a request to the IDC or the CDN to acquire the download address.
However, the existing method for identifying the stealing behavior has a leak in time verification, and a stealing person can forge the identity of a client to obtain a large number of downloading addresses, distribute the downloading addresses for the second time and distribute the downloading addresses to the client similar to a downloading tool of the stealing person, and the stealing person adopts the client to finish high-speed downloading.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The disclosure provides a method, a device, equipment and a storage medium for identifying stealing behavior.
According to an aspect of the present disclosure, a method for identifying a hotlinking behavior is provided, including: receiving a scheduling request from a client device, wherein the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature; acquiring user behavior characteristics of the client device based on the device identifier, wherein the user behavior characteristics are used for representing the current user behavior and the historical user behavior of the client device; and identifying whether the client equipment has the stealing link behavior according to the equipment characteristics and the user behavior characteristics to obtain an identification result.
Optionally, receiving a scheduling request of a client device includes: and receiving the scheduling request uploaded by the client device from the first communication channel, wherein the scheduling request is used for requesting a scheduling server to issue downloading address information, and the downloading address information is used for accessing the downloading server.
Optionally, the method further includes: establishing a second communication channel with the client device, wherein the second communication channel is independent from the first communication channel; acquiring the user behavior characteristics of the client equipment based on the equipment identification; and generating a user behavior log according to the user behavior characteristics acquired from the second communication channel, wherein the user behavior log is used for respectively storing the corresponding user behavior characteristics according to the device identifiers.
Optionally, the obtaining the user behavior characteristics of the client device based on the device identifier includes: and acquiring the user behavior characteristics corresponding to the equipment identification from the user behavior log.
Optionally, identifying whether the client device has a stealing link behavior according to the device characteristics and the user behavior characteristics to obtain an identification result, including: identifying the equipment characteristics and the user behavior characteristics by adopting a stealing link flow identification algorithm, and determining whether stealing link flow exists; and if the link stealing traffic exists, determining that the client equipment has the link stealing behavior according to the identification result.
Optionally, the method further includes: and if the identification result is that the client equipment has the stealing link behavior, outputting interception policy information to a download server, wherein the interception policy information is used for informing the download server of intercepting the download request of the client equipment under what condition, and the download server is used for judging whether to intercept the download request or not based on the interception policy information and returning the judgment result to the client equipment.
Optionally, the method further includes: if the identification result indicates that the client device does not have the stealing link behavior, acquiring download address information corresponding to the scheduling request; and issuing the download address information to the client equipment.
According to another aspect of the present disclosure, there is provided an apparatus for identifying a stealing behavior, including: a receiving module, configured to receive a scheduling request from a client device, where the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature; an obtaining module, configured to obtain a user behavior feature of the client device based on the device identifier, where the user behavior feature is used to characterize a current user behavior and a historical user behavior of the client device; and the identification module is used for identifying whether the client equipment has the stealing link behavior according to the equipment characteristics and the user behavior characteristics to obtain an identification result.
According to another aspect of the present disclosure, there is provided an electronic device including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor, and the instructions are executable by the at least one processor to enable the at least one processor to perform any of the above methods of identifying a piracy.
According to another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform any one of the above methods for identifying a hotlinking behavior.
According to another aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements any one of the above methods of identifying a hotlink behavior.
In the embodiment of the present disclosure, a scheduling request from a client device is received, where the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature; acquiring user behavior characteristics of the client device based on the device identifier, wherein the user behavior characteristics are used for representing the current user behavior and the historical user behavior of the client device; according to the equipment characteristics and the user behavior characteristics, whether the client equipment has the stealing behavior or not is identified to obtain the identification result, therefore, the technical scheme that the equipment fingerprint parameters are reported through a single channel, the equipment characteristics and the user behavior characteristics are combined to identify the cheating flow is adopted in the embodiment of the invention, and the purposes of downloading scheduling and flow tracking of the whole flow of the data stream are achieved, so that the technical effects of hitting common cheating means such as cracking ends and stealing links, reducing the operation cost of network disk service lines, protecting the safety of user information and maintaining the ecological and healthy development of network disk content are achieved, and the technical problems that the time verification of the identification method of the stealing behavior of the network disk has a leak, and a large number of downloading addresses are obtained by forging the identity of the client in the prior art are solved.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a schematic diagram of a method of identifying a stealing behavior according to the prior art;
FIG. 2 is a flowchart illustrating steps of a method for identifying hotlinking behavior according to a first embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a hotlink generation procedure according to a first embodiment of the disclosure;
fig. 4 is a schematic view of a scenario of a method for identifying hotlinking behavior according to a first embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a stealing behavior identification apparatus according to a second embodiment of the disclosure;
fig. 6 illustrates a schematic block diagram of an example electronic device 800 that can be used to implement embodiments of the present disclosure.
In the related technology, a cloud disk client obtains a download address dlink by requesting a cloud disk download scheduling server, the download address points to a distributed network server, and is specifically distributed on an IDC download server and a CDN download server. The cost of downloading bandwidth of cloud disk products is huge in the overall cost, and the cost and the pressure of the service flow of the cloud disk products are borne by the network disk service; a large amount of third-party software, such as a downloading tool pandownload, breaks through the downloading limitation of the network disk, helps a user to directly obtain high-speed downloading rights without purchasing rights and interests, and a hotlink website and a cracking end obtain profits by illegally obtaining network disk data and flow, thereby causing direct economic loss of network disk services. Due to the concealment of the technical means, direct economic loss can be caused to users in certain scenes, and the healthy development of the network disk service is seriously influenced by the existence of the hotlink.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
The embodiment of the present disclosure provides an embodiment of a method for identifying a stealing behavior as shown in fig. 2, where fig. 2 is a schematic flow chart illustrating steps of the method for identifying a stealing behavior according to a first embodiment of the present disclosure, and as shown in fig. 2, the method includes the following steps:
step S102, receiving a scheduling request from a client device, wherein the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature;
step S104, acquiring user behavior characteristics of the client device based on the device identifier, wherein the user behavior characteristics are used for representing the current user behavior and the historical user behavior of the client device;
and step S106, identifying whether the client equipment has the stealing link behavior according to the equipment characteristics and the user behavior characteristics to obtain an identification result.
In the embodiment of the present disclosure, a network disk scheduling server in a server is used to receive a scheduling request from a client device, where the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature.
It should be noted that, as shown in the schematic diagram of the hotlink generation principle shown in fig. 3, the network disk scheduling server, i.e., the cloud disk download scheduling server, is configured to provide a download address dlink; the method comprises the steps that a server side can directly obtain a download address dlink after receiving a download request from client side equipment, the client side requests an IDC download server and a CDN download server for the download address, whether a stealing link behavior exists in the client side equipment or not is identified according to equipment characteristics and user behavior characteristics, namely a stealing link risk point is identified, and specifically, an off-line verification mode can be adopted.
Optionally, the device characteristics of the client device may be characteristics of liveness, public parameters, and categories of the device, for example, the public parameters characteristics of the client device include common parameter characteristics carried in a download request (http protocol), for example: http protocol public reference-user-agent, referrer, end type, app version number, etc.; the device class feature is used to indicate the class/type of the client device, for example, the client may be any one of a mobile handset, a PC, a MAC, a NA, a virtual device, and the like.
Optionally, the device identifier refers to a device fingerprint, a device DNA, and the like, and the device identifier is generated according to the device feature under the condition that the user knows and agrees.
It should be noted that the normal device refers to a user terminal device, but the cheating end is likely to use a virtual device such as a group control mobile phone and a cloud server to simulate a request and an exception of a real user.
In the embodiment of the present disclosure, the user behavior feature of the client device is obtained based on the device identifier; and finally, identifying whether the client equipment has the stealing link behavior according to the equipment characteristics and the user behavior characteristics to obtain an identification result.
It should be noted that, as shown in fig. 4, the schematic diagram of the method for identifying the stealing link behavior is shown, the liveness feature of the device and the user behavior feature are obtained through a user behavior log, which is a means for recording the user behavior and records the device identifier (device DNA); before recording the user behavior using the user behavior log, user consent is obtained, and after the user consent, the download behavior of the device is tracked via the device DNA. The user behavior characteristics comprise current user behavior characteristics and historical user behavior characteristics, and the historical user behavior characteristics can be historical payment, historical download amount, stored file types, sharing, friend number and the like. The server identifies whether the client equipment has a stealing link behavior according to the equipment characteristics and the user behavior characteristics to obtain an identification result; and after the identification result is obtained, pressing the stealing link behavior according to the identification result.
It should be further noted that, as also shown in fig. 4, the execution main body for hotlinking includes two parts, namely an interception policy and a server: the server receives an interception strategy (such as a black bank interception strategy, a frequency control interception strategy and a multi-model combination interception strategy) and determines under what conditions to intercept; and the server finally judges whether interception is needed or not and returns an interception processing result to the client. The specific form is as follows: informing the client of a request error, prompting the user to perform manual verification and the like. The DNA deployment shown in fig. 4 refers to marking a unique device by using DNA (i.e., device identifier, also called device fingerprint), and is used to track the behavior of the device in the whole downloading process (including two main links of downloading scheduling and data stream downloading), and the reporting channel is also a link of deployment. The multi-model combination strategy shown in fig. 4 may be a common rule model, a machine learning model, or the like, and through the multi-model combination strategy, the hotlink traffic is suppressed, and is continuously updated and iterated, so as to optimize the accuracy and the recall rate of the strategy.
In an alternative embodiment, receiving a scheduling request of a client device includes:
step S202, receiving the scheduling request uploaded by the client device from the first communication channel, where the scheduling request is used to request a scheduling server to issue download address information, and the download address information is used to access the download server.
In this embodiment of the present disclosure, as still shown in fig. 3, the scheduling request, i.e., the downloading request, uploaded by the client device from the first communication channel; after receiving the request, the server obtains the download address information dlink based on the download request.
The download address information is used to access the download server.
In an optional embodiment, the method further includes:
step S302, establishing a second communication channel with the client device, wherein the second communication channel is independent from the first communication channel;
step S304, acquiring the user behavior characteristics of the client device based on the device identifier;
step S306, generating a user behavior log according to the user behavior characteristics acquired from the second communication channel, where the user behavior log is used to store the corresponding user behavior characteristics according to the device identifiers.
In this disclosure, a second communication channel for communicating with the client device is established by the server, and the user behavior characteristics of the client device acquired from the second communication channel are stored in the user behavior log based on the device identifier.
It should be noted that the second communication channel is a channel independent from the first communication channel, and the second communication channel is a separate channel, for example: a separate channel within the client app, not the channel requested by the user; can be understood as client background reporting which is not perceived by the user.
In an optional embodiment, the obtaining the user behavior feature of the client device based on the device identifier includes:
step S402, obtaining the user behavior feature corresponding to the device identifier from the user behavior log.
In the embodiment of the present disclosure, the user behavior log is a means for recording user behavior, and simultaneously records device DNA; and obtaining user agreement before recording the user behaviors by using the log, and under the condition of the user agreement, respectively storing the corresponding user behavior characteristics by using the user behavior log according to the equipment identifiers, and acquiring the user behavior characteristics from the user behavior log when needed.
In an optional embodiment, identifying whether the client device has a hotlinking behavior according to the device characteristic and the user behavior characteristic to obtain an identification result includes:
step S502, identifying the equipment characteristics and the user behavior characteristics by adopting a stealing link flow identification algorithm, and determining whether the stealing link flow exists;
step S504, if the link stealing traffic exists, determining that the identification result is that the client device has the link stealing behavior.
In the embodiment of the present disclosure, as shown in fig. 4, based on the device characteristics and the user behavior characteristics, a hotlink traffic recognition algorithm is used to perform cheating traffic mining and recognition on the characteristics; and if the link stealing traffic exists, determining that the client equipment has the link stealing behavior according to the identification result.
It should be noted that parameter information such as a report, a timestamp, a public parameter, a feature cluster, a knowledge graph, and the like can be obtained by using an identification algorithm through the user behavior features.
In an optional embodiment, the method further includes:
step S602, if the identification result indicates that the client device has the stealing link behavior, outputting interception policy information to a download server, where the interception policy information is used to notify the download server under what condition to intercept the download request of the client device, and the download server is used to determine whether to intercept the download request based on the interception policy information, and return the determination result to the client device.
In this disclosure, when the identification result indicates that the client device has the stealing link behavior, the interception policy information is sent to the server, and the server finally determines whether to intercept the client device and returns the result to the client. The specific form is as follows: informing the client of a request error, prompting the user to perform manual verification and the like.
In an optional embodiment, the method further includes:
step S702, if the identification result indicates that the client device does not have the stealing link behavior, acquiring download address information corresponding to the scheduling request;
step S704, issuing the download address information to the client device.
In this disclosure, when the identification result indicates that the client device does not have the stealing link behavior, the download address information is issued to the client device.
According to the embodiment of the disclosure, a scheduling request from a client device is received, wherein the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature; acquiring user behavior characteristics of the client device based on the device identifier, wherein the user behavior characteristics are used for representing the current user behavior and the historical user behavior of the client device; identifying whether the client equipment has a stealing link behavior according to the equipment characteristics and the user behavior characteristics to obtain an identification result; the method and the system strike common cheating means such as cracking ends, stealing links and the like, reduce the operation cost of the network disk service line, protect the information security of users and maintain the ecological healthy development of the network disk content.
Example 2
According to an embodiment of the present disclosure, there is further provided an apparatus embodiment for implementing the method for identifying a hotlinking behavior, where fig. 5 is a schematic structural diagram of an apparatus for identifying a hotlinking behavior according to a second embodiment of the present disclosure, and as shown in fig. 5, the apparatus for identifying a hotlinking behavior includes: a receiving module 50, an obtaining module 52, and an identifying module 54, wherein:
a receiving module 50, configured to receive a scheduling request from a client device, where the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature;
an obtaining module 52, configured to obtain a user behavior feature of the client device based on the device identifier, where the user behavior feature is used to characterize a current user behavior and a historical user behavior of the client device;
and the identifying module 54 is configured to identify whether the client device has a stealing link behavior according to the device characteristics and the user behavior characteristics, so as to obtain an identification result.
It should be noted that the above modules may be implemented by software or hardware, for example, for the latter, the following may be implemented: the modules can be located in the same processor; alternatively, the modules may be located in different processors in any combination.
It should be noted that the receiving module 50, the obtaining module 52 and the identifying module 54 correspond to steps S102 to S106 in embodiment 1, and the modules are the same as the corresponding steps in the implementation example and the application scenario, but are not limited to the disclosure in embodiment 1. It should be noted that the modules described above may be implemented in a computer terminal as part of an apparatus.
It should be noted that, reference may be made to the relevant description in embodiment 1 for alternative or preferred embodiments of this embodiment, and details are not described here again.
The above-mentioned device for identifying the stealing behavior may further include a processor and a memory, where the receiving module 50, the obtaining module 52, the identifying module 54, and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor comprises a kernel, and the kernel calls a corresponding program unit from the memory, wherein one or more than one kernel can be arranged. The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, and do not violate the good customs of the public order.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
Fig. 6 illustrates a schematic block diagram of an example electronic device 800 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 6, the apparatus 800 includes a computing unit 801 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM)802 or a computer program loaded from a storage unit 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data required for the operation of the device 800 can also be stored. The calculation unit 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.
A number of components in the device 800 are connected to the I/O interface 805, including: an input unit 806, such as a keyboard, a mouse, or the like; an output unit 807 such as various types of displays, speakers, and the like; a storage unit 808, such as a magnetic disk, optical disk, or the like; and a communication unit 809 such as a network card, modem, wireless communication transceiver, etc. The communication unit 809 allows the device 800 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
Computing unit 801 may be a variety of general and/or special purpose processing components with processing and computing capabilities. Some examples of the computing unit 801 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and the like. The computing unit 801 performs the various methods and processes described above, e.g., the method receives a scheduling request from a client device. For example, in some embodiments, the method of receiving a scheduling request from a client device may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 808. In some embodiments, part or all of the computer program can be loaded and/or installed onto device 800 via ROM 802 and/or communications unit 809. When the computer program is loaded into RAM 803 and executed by the computing unit 801, one or more steps of the method described above for receiving a scheduling request from a client device may be performed. Alternatively, in other embodiments, the computing unit 801 may be configured by any other suitable means (e.g., by means of firmware) to perform the method of receiving a scheduling request from a client device.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.

Claims (11)

1. A method for identifying stealing behavior comprises the following steps:
receiving a scheduling request from a client device, wherein the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature;
acquiring a user behavior characteristic of the client device based on the device identification, wherein the user behavior characteristic is used for representing the current user behavior and the historical user behavior of the client device;
and identifying whether the client equipment has the stealing link behavior according to the equipment characteristics and the user behavior characteristics to obtain an identification result.
2. The method of claim 1, wherein receiving a scheduling request of a client device comprises:
and receiving the scheduling request uploaded by the client device from the first communication channel, wherein the scheduling request is used for requesting a scheduling server to issue downloading address information, and the downloading address information is used for accessing the downloading server.
3. The method of claim 1, wherein the method further comprises:
establishing a second communication channel with the client device, wherein the second communication channel is independent from the first communication channel;
acquiring user behavior characteristics of the client device based on the device identification;
and generating a user behavior log according to the user behavior characteristics acquired from the second communication channel, wherein the user behavior log is used for respectively storing the corresponding user behavior characteristics according to the equipment identification.
4. The method of claim 3, wherein the obtaining user behavior characteristics of the client device based on the device identification comprises:
and acquiring the user behavior characteristics corresponding to the equipment identification from the user behavior log.
5. The method of claim 1, wherein identifying whether the client device has a stealing link behavior according to the device characteristic and the user behavior characteristic to obtain an identification result comprises:
identifying the equipment characteristics and the user behavior characteristics by adopting a stealing link flow identification algorithm, and determining whether stealing link flow exists;
and if the stealing link flow exists, determining that the identification result is that the stealing link behavior exists in the client equipment.
6. The method of claim 1, wherein the method further comprises:
and if the identification result is that the client equipment has the stealing link behavior, outputting interception strategy information to a download server, wherein the interception strategy information is used for informing the download server of intercepting the download request of the client equipment under which condition, and the download server is used for judging whether to intercept the download request or not based on the interception strategy information and returning the judgment result to the client equipment.
7. The method of claim 1, wherein the method further comprises:
if the identification result indicates that the client equipment does not have the stealing link behavior, acquiring downloading address information corresponding to the scheduling request;
and issuing the download address information to the client equipment.
8. An apparatus for identifying a hotlinking behavior, comprising:
a receiving module, configured to receive a scheduling request from a client device, where the scheduling request carries at least one device feature of the client device and a device identifier generated based on the device feature;
an obtaining module, configured to obtain a user behavior feature of the client device based on the device identifier, where the user behavior feature is used to characterize a current user behavior and a historical user behavior of the client device;
and the identification module is used for identifying whether the client equipment has the stealing link behavior according to the equipment characteristics and the user behavior characteristics to obtain an identification result.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of identifying a piracy as recited in any of claims 1-7.
10. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of identifying hotlinking behavior according to any one of claims 1-7.
11. A computer program product comprising a computer program which, when executed by a processor, implements a method of identifying a hotlinking behavior according to any one of claims 1 to 7.
CN202111178182.8A 2021-10-09 2021-10-09 Method, device, equipment and storage medium for identifying stealing link behavior Pending CN113946767A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111178182.8A CN113946767A (en) 2021-10-09 2021-10-09 Method, device, equipment and storage medium for identifying stealing link behavior

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111178182.8A CN113946767A (en) 2021-10-09 2021-10-09 Method, device, equipment and storage medium for identifying stealing link behavior

Publications (1)

Publication Number Publication Date
CN113946767A true CN113946767A (en) 2022-01-18

Family

ID=79330081

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111178182.8A Pending CN113946767A (en) 2021-10-09 2021-10-09 Method, device, equipment and storage medium for identifying stealing link behavior

Country Status (1)

Country Link
CN (1) CN113946767A (en)

Similar Documents

Publication Publication Date Title
CN110417778B (en) Access request processing method and device
CN108521405B (en) Risk control method and device and storage medium
CN107465693B (en) Request message processing method and device
CN109547426B (en) Service response method and server
CN107819743B (en) Resource access control method and terminal equipment
CN113191892A (en) Account risk prevention and control method, device, system and medium based on equipment fingerprint
CN113472542A (en) Network attack defense method and device based on SM3 algorithm, storage medium, client terminal and service terminal
CN109150790B (en) Web page crawler identification method and device
CN110764979A (en) Log identification method, system, electronic device and computer readable medium
CN115883187A (en) Method, device, equipment and medium for identifying abnormal information in network traffic data
CN114186206A (en) Login method and device based on small program, electronic equipment and storage medium
CN114513350A (en) Identity verification method, system and storage medium
CN110727934A (en) Anti-crawler method and device
US9723017B1 (en) Method, apparatus and computer program product for detecting risky communications
CN111310242A (en) Method and device for generating device fingerprint, storage medium and electronic device
CN113946767A (en) Method, device, equipment and storage medium for identifying stealing link behavior
CN114036364B (en) Method, apparatus, device, medium, and system for identifying crawlers
CN113709136B (en) Access request verification method and device
CN115396206A (en) Message encryption method, message decryption method, device and program product
CN113450149A (en) Information processing method and device, electronic equipment and computer readable medium
CN114726579A (en) Method, apparatus, device, storage medium and program product for defending against network attacks
CN114595481A (en) Method, device, equipment and storage medium for processing response data
CN109510816B (en) Service request validity verification method, client and server
CN113449167A (en) Data acquisition abnormity detection method and device, electronic equipment and readable storage medium
CN115906131B (en) Data management method, system, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination