CN114091563A - Control method of Internet of things card and electronic equipment - Google Patents

Control method of Internet of things card and electronic equipment Download PDF

Info

Publication number
CN114091563A
CN114091563A CN202010855846.9A CN202010855846A CN114091563A CN 114091563 A CN114091563 A CN 114091563A CN 202010855846 A CN202010855846 A CN 202010855846A CN 114091563 A CN114091563 A CN 114091563A
Authority
CN
China
Prior art keywords
internet
behavior
things card
abnormal
category
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010855846.9A
Other languages
Chinese (zh)
Inventor
冯海玲
王宏
刘汉利
马浩
亚琛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile IoT Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile IoT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile IoT Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010855846.9A priority Critical patent/CN114091563A/en
Publication of CN114091563A publication Critical patent/CN114091563A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/75Information technology; Communication
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/20Analytics; Diagnosis
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/30Control
    • G16Y40/35Management of things, i.e. controlling in accordance with a policy or in order to achieve specified objectives
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems

Abstract

The invention provides a control method of an Internet of things card and electronic equipment, wherein the method comprises the following steps: acquiring behavior data of the Internet of things card; determining the target behavior abnormal category of the Internet of things card based on the behavior data; and executing a first control strategy corresponding to the target behavior abnormal category on the Internet of things card under the condition that the target behavior abnormal category is any one of preset abnormal behavior categories. The invention can improve the reliability of the control method of the Internet of things card.

Description

Control method of Internet of things card and electronic equipment
Technical Field
The invention relates to the technical field of Internet of things, in particular to a control method of an Internet of things card and electronic equipment.
Background
The Internet of things card is a mobile phone card which is provided for clients in the field of Internet of things and is used for mobile communication access service of Internet of things equipment, and supports communication modes such as short messages, data communication, voice and the like. The scale of users of the national internet of things cards reaches billions, and the scale development leads to the increase of illegal behaviors of the users of the internet of things cards and the increase of control difficulty while the large-connection industrial ecology is gradually formed. Because the price discount of the internet of things card package is strong and the control means is weak, the internet of things card package is often illegally re-sold for a second time and abused on non-internet of things services, and in addition, the internet of things card terminal equipment is usually unattended and is extremely easy to illegally take out, a riding opportunity is provided for illegal criminals, and the internet of things card is used or even maliciously used for telecommunication network fraud. The abnormity detection and processing control of the Internet of things card becomes a pain point to be solved urgently by each Internet of things client and telecommunication operator.
At present, when the internet of things card is controlled, the abnormal card is shut down, the control method of the internet of things card does not take the complexity of the actual service into consideration, and the reliability is low.
Disclosure of Invention
The embodiment of the invention provides a control method of an internet of things card and electronic equipment, and aims to solve the problem that a control method of the internet of things card in the prior art is low in reliability.
In order to solve the problems, the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a method for controlling an internet of things card, which is applied to an electronic device, and the method includes:
acquiring behavior data of the Internet of things card;
determining the target behavior abnormal category of the Internet of things card based on the behavior data;
and executing a first control strategy corresponding to the target behavior abnormal category on the Internet of things card under the condition that the target behavior abnormal category is any one of preset abnormal behavior categories.
In a second aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
a first processor to:
acquiring behavior data of the Internet of things card;
determining the target behavior abnormal category of the Internet of things card based on the behavior data;
and executing a first control strategy corresponding to the target behavior abnormal category on the Internet of things card under the condition that the target behavior abnormal category is any one of preset abnormal behavior categories.
In a third aspect, an embodiment of the present invention further provides a computer-readable storage medium, where a first computer program is stored on the computer-readable storage medium, and when being executed by a second processor, the first computer program implements the steps of the method for controlling an internet of things card as described above.
In the embodiment of the invention, the electronic equipment acquires the behavior data of the Internet of things card; determining the target behavior abnormal category of the Internet of things card based on the behavior data; and executing a first control strategy corresponding to the target behavior abnormal category on the Internet of things card under the condition that the target behavior abnormal category is any one of preset abnormal behavior categories. In the embodiment of the invention, the behavior data is acquired from a plurality of dimensions, any one of the preset abnormal behavior categories corresponds to a control strategy, and the preset abnormal behavior category and the control strategy of the Internet of things network card are subjected to multi-stage classification management and control.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a flowchart of a method for controlling an internet of things card according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating the anomaly detection and processing of the internet of things card according to the embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an abnormal behavior detection classification of an internet of things card according to an embodiment of the present invention;
fig. 4 is a schematic flow chart illustrating an audit process of an internet of things card with abnormal behavior according to an embodiment of the present invention;
FIG. 5 is a block diagram of an electronic device according to an embodiment of the present invention;
fig. 6 is a second structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," and the like in this application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Further, as used herein, "and/or" means at least one of the connected objects, e.g., a and/or B and/or C, means 7 cases including a alone, B alone, C alone, and both a and B present, B and C present, both a and C present, and A, B and C present.
Referring to fig. 1, fig. 1 is a flowchart of a method for controlling an internet of things card according to an embodiment of the present invention. The control method of the internet of things card according to the embodiment of the present invention may be applied to an electronic device, and as shown in fig. 1, the control method of the internet of things card may include the following steps:
step 101, acquiring behavior data of the Internet of things card.
The Internet of things card is a mobile phone card which is provided for clients in the field of Internet of things and is used for mobile communication access service of Internet of things equipment, and supports communication modes such as short messages, data communication, voice and the like.
The internet of things card can be the internet of things card to be detected. The internet of things cards can be detected in batches and also can be detected independently and individually, that is, the behavior data of the batch internet of things cards can be acquired in the step, and the data of the individual internet of things cards can be acquired, which is not limited. In this step, behavior data of the internet of things can be obtained in real time, and historical behavior data of the internet of things card can also be obtained. The behavior data of the internet of things card can be acquired from a plurality of network positions.
And 102, determining the target behavior abnormal category of the Internet of things card based on the behavior data.
After behavior data of the Internet of things card is obtained, the behavior data corresponds to one behavior abnormity category of a plurality of behavior abnormity categories according to a multi-level abnormity threshold rule, and each behavior abnormity category corresponds to a control strategy.
The multistage abnormal threshold rule refers to that preset abnormal behavior categories are divided into various behavior categories according to various potential safety hazard degrees of a terminal of the internet of things in actual complex business application, for example: extremely high abnormal behavior, higher abnormal behavior, medium abnormal behavior, low abnormal behavior, or safe behavior; each behavior category can also comprise various conditions, the various conditions refer to behavior data of various conditions of the Internet of things card, and the behavior data can comprise Internet surfing flow data, Internet surfing position data, Internet surfing terminal data, Internet surfing quality data, Internet surfing access address data, tariff package ordering data, ticket data and machine card separation data of the Internet of things card. The control method of the Internet of things also divides a safe white list, an abnormal behavior white list, a behavior limitation white list and the like for part of the Internet of things card. The method comprises the steps of judging the target behavior abnormal category of the Internet of things card according to behavior data of the Internet of things card, judging whether the Internet of things card has abnormal behavior or illegal behavior, taking preventive measures in time for the Internet of things card possibly having the abnormal behavior, executing a control strategy in time for the Internet of things card having the abnormal behavior, reducing adverse effects caused by illegal use of the abnormal Internet of things card, and timely preventing the abnormal behavior of the Internet of things card.
The behavior restriction whitelist further defines the minimum set of compliance behaviors that an internet of things card can take place. The abnormal behavior white list further defines an abnormal behavior set which can be generated by the internet of things card.
Step 103, executing a first control strategy corresponding to the target behavior abnormal category on the internet of things card under the condition that the target behavior abnormal category is any one of preset abnormal behavior categories.
In the embodiment of the invention, the electronic equipment acquires the behavior data of the Internet of things card; determining the target behavior abnormal category of the Internet of things card based on the behavior data; and executing a first control strategy corresponding to the target behavior abnormal category on the Internet of things card under the condition that the target behavior abnormal category is any one of preset abnormal behavior categories. In the embodiment of the invention, the behavior data is acquired from a plurality of dimensions, any one of the preset abnormal behavior categories corresponds to a control strategy, and the preset abnormal behavior category and the control strategy of the Internet of things network card are subjected to multi-stage classification management and control.
Optionally, the target behavior exception category includes: extremely high abnormal behavior, higher abnormal behavior, medium abnormal behavior, low abnormal behavior, or safe behavior;
the behavior data includes: at least one item of internet surfing position, internet surfing terminal, internet surfing access address, tariff package ordering data, ticket data and phone card separation data.
In this embodiment, in addition to the extremely high abnormal behavior, the higher abnormal behavior, the medium abnormal behavior, the low abnormal behavior or the security behavior, the target behavior abnormal category may also include other categories of behaviors according to the actual service scenario of the internet of things or the security management and control requirement. The implementation method does not limit the types and the number of the preset abnormal behavior categories, and the preset abnormal behavior categories of the internet of things card can include various categories according to the actual service condition of the internet of things card. For example, the target behavioral anomaly categories may include: extremely high abnormal behavior, higher abnormal behavior, medium high abnormal behavior, medium low abnormal behavior, extremely low abnormal behavior, or safe behavior. The preset abnormal behavior categories comprise various categories, so that the classification rationality of the Internet of things network card is improved, the preset abnormal behavior categories of the Internet of things network card are subjected to multi-stage classification control in a targeted manner, the complexity of the actual service of the Internet of things network card is fully considered, and the reliability and the accuracy of the control method of the Internet of things network card are improved.
The tariff package ordering data may include flow package ordering data, short message package ordering data and voice package ordering data of the internet of things card. Traffic services may be classified into directed traffic services and non-directed traffic services, short message services may be classified into directed short message services and non-directed short message services, and voice services may be classified into directed voice services and non-directed voice services.
In some embodiments, targeted traffic services may be understood as traffic services that define a target address and non-targeted traffic services may be understood as traffic services that do not define a target address. The targeted short message service may be understood as a short message service that defines a target object, and the non-targeted short message service may be understood as a short message service that does not define a target object. The non-directional voice service may be understood as a voice service without defining a target object, and the directional voice service may be understood as a short message service with defining a target object.
The internet traffic data may include time nodes of internet traffic of the internet of things card, a terminal IP, an access IP, consumption of uplink traffic, consumption of downlink traffic, access content, and the like, and may also include internet speed, network quality, access network type, attachment location, charging policy, and the like. The internet access terminal data may include a terminal identification number, a terminal type, a terminal system, a terminal brand, a terminal price, and the like of the electronic device associated with the internet of things card. The tariff package ordering data may include the flow of the internet of things card, voice or short message and other ordering data of various tariff packages. The ticket data may include details of actual usage of traffic, voice, or short messages. The acquiring of the behavior data of the internet of things card may include the following seven cases:
(1) collecting internet behavior data of an internet of things card from a P-GW (PDN GateWay) of a core network, wherein the internet behavior data comprises detailed information such as internet time, internet flow, internet position, internet terminal IMEI (International Mobile Equipment Identity), internet QOS (Quality of Service) and access address;
(2) acquiring service order relation data and bill data of an Internet of things card from an Internet of things service support system, wherein the service order relation data comprises various tariff package order data of the Internet of things card, and the bill data comprises the actual consumption detail information of the flow, voice and short messages of the Internet of things card;
(3) acquiring machine-card separation data and a power-on and power-off state of a terminal of an internet of things card from an HLR (Home Location Register) network element of a core network;
(4) acquiring Policy Rules associated with an Internet of things (IOT) card from a Policy and Charging Rules (PCRF) network element of a core network;
(5) collecting physical attribute information of an Internet of things card from a card manufacturer, wherein the physical attribute information comprises information such as whether the Internet of things card is a patch card or a machine-card interlocking card, and the information is a safe white list;
(6) acquiring an abnormal behavior set, namely an abnormal behavior white list, of the Internet of things card of the enterprise client, which is allowed to occur because the normal service is maintained, from the account opening information of the enterprise client or the operation management information of the Internet of things card;
(7) and collecting a minimum compliance behavior set, namely a behavior restriction white list, of the occurrence of the restricted Internet of things card of the enterprise client from the account opening information of the enterprise client.
After the behavior data of the internet of things card is acquired, the behavior data of the terminal of the internet of things card acquired in real time can be extracted and converted, and the behavior characteristic data of the internet of things card is extracted to prepare for detection and identification of subsequent links. For example, extraction, transformation, and cleansing of critical fields of behavioral data may be implemented using a sophisticated ETL (Extract-Transform-Load) technology component.
Optionally, the determining the target behavior exception category of the internet of things card based on the behavior data includes:
determining that the target behavior abnormal category of the Internet of things card is a first-level abnormal behavior under any one of the following conditions:
the internet of things card is in a roaming state, the internet surfing position of the internet of things card belongs to a preset risk area, and the tariff package ordering data comprises non-directional voice service or non-directional flow service;
the internet access terminal of the internet of things card belongs to a preset sensitive terminal, and the tariff package ordering data comprises non-directional voice service or non-directional flow service;
the internet access terminal of the Internet of things card belongs to a preset sensitive terminal, the machine-card separation data indicate that a machine-card separation action occurs between a first terminal and the Internet of things card, and the first terminal is associated with the Internet of things card.
In some embodiments, the default sensitive terminal may refer to a non-service terminal, such as a non-internet-of-things service mobile phone. The fact that the internet of things is in the roaming state can be understood that the mobile communication system is still in a state of providing communication service for the internet of things after the internet of things leaves a service area registered by the mobile communication system and moves to another service area.
The directional traffic may refer to data traffic generated when the internet access card selects a specific access point to use a specific service. Non-directed traffic may be understood as general traffic, unrestricted traffic usage, location of use, and end of use. Non-directional speech can be understood as generic speech, without restricting the call object, the manner of use, the location of use and the terminal of the speech. The non-directional short message can be understood as a general short message, and the sending object, the using mode, the using position and the using terminal of the short message are not limited.
Defining a multi-level abnormal threshold value rule according to the potential safety hazard degree of the abnormal behavior of the terminal of the Internet of things card in the actual service scene, and carrying out abnormal discrimination and classification by combining the behavior data of the terminal of the Internet of things card to be detected, which is acquired in real time, based on the preset abnormal threshold value rule.
The first level of abnormal behavior is also referred to as very high abnormal behavior, and the very high abnormal behavior threshold rule is as follows.
(1) The preset risk areas include, but are not limited to: and judging whether the terminal of the internet of things card to be detected uses roaming and subscribes to non-directional voice service or non-directional flow service in a preset risk area or not by combining the internet surfing position data and the subscription relation data of the internet of things card to be detected. If the judgment result is yes, determining that the Internet of things card has extremely high abnormal behavior.
(2) And judging whether the Internet of things card is used on a non-service terminal such as a mobile phone terminal and subscribes to non-directional voice or non-directional flow service or not according to a pre-stored terminal information base by combining the subscription relation data of the Internet of things card to be detected and the Internet access terminal data. If the judgment result is yes, determining that the Internet of things card has extremely high abnormal behavior.
(3) And judging whether the Internet of things card is used on a non-service terminal such as a mobile phone terminal and a machine-card separation action occurs according to a pre-stored terminal information base by combining the Internet surfing terminal data and the machine-card separation data of the Internet of things card to be detected. If the judgment result is yes, determining that the Internet of things card has extremely high abnormal behavior.
The first terminal may refer to a terminal where the internet of things card is placed for the first time or a terminal where a fixed binding relationship is established, and the association information of the internet of things card and the first terminal is recorded in a server of the management side of the internet of things card. The preset sensitive terminal includes but is not limited to a mobile phone type terminal. The machine-card separation behavior may indicate that the network interface card and a terminal where the network interface card is first placed or a terminal establishing a fixed binding relationship is separated from the machine card.
Optionally, the determining the target behavior exception category of the internet of things card based on the behavior data includes:
under any one of the following conditions, determining that the target behavior abnormal category of the Internet of things card is a second-level abnormal behavior:
the tariff package ordering data of the Internet of things card comprises non-directional voice service;
the internet access terminal of the Internet of things card belongs to a preset sensitive terminal;
the Internet of things card belongs to a card of a behavior limit white list, and the behavior data of the Internet of things card exceeds the preset behavior content of the behavior limit white list;
and the internet access address of the internet of things card belongs to a preset unreasonable access address.
The limit range of the behavior limit white list of each enterprise client of the internet of things card to the minimum compliance behavior set of the internet of things card can be different, that is to say, the authority of the white lists of different enterprise clients or different internet of things cards can be different.
The second level of abnormal behavior is also referred to as higher abnormal behavior. The higher abnormal behavior threshold rule is as follows.
(1) And judging whether the terminal of the Internet of things card subscribes the non-directional voice communication service or not by combining the subscription relationship data of the terminal of the Internet of things card to be detected. And if so, determining that the Internet of things card has higher abnormal behavior.
(2) And judging whether the Internet of things card is used on a non-service terminal such as a mobile phone terminal or not according to a pre-stored terminal information base and by combining the Internet surfing terminal data of the Internet of things card to be detected. And if so, determining that the Internet of things card has higher abnormal behavior.
(3) The behavior restriction white list further defines a minimum compliance behavior set that the internet of things card can generate, such as a calling and called number, a short message sending and receiving number or a use position of the internet of things card, and the like. And judging whether the calling and called numbers, the short message receiving and sending numbers or the use positions in the communication ticket of the Internet of things card exceed the voice numbers, the short message numbers or the use positions limited by the affiliated enterprise customers or not according to a pre-stored behavior limit white list and by combining the ticket data of the Internet of things card to be detected, the Internet surfing position data and other behavior data. And if so, determining that the Internet of things card has higher abnormal behavior.
The behavior data of the internet of things card exceeds the preset behavior content of the behavior limit white list, and it can be understood that the behavior data of the internet of things card exceeds the minimum compliance behavior set of the behavior limit white list, and the content related to the minimum compliance behavior set includes but is not limited to a calling and called number, a short message sending and receiving number or a use position of call ticket data and the like.
(4) And judging whether the access address of the terminal of the Internet of things card is unreasonably accessed or not by combining the Internet access behavior data of the terminal of the Internet of things card to be detected, such as a URL (uniform resource locator) address of a typical Internet of people. And if so, determining that the Internet of things card has higher abnormal behavior.
Optionally, the determining the target behavior exception category of the internet of things card based on the behavior data includes:
determining that the target behavior abnormal category of the Internet of things card is a third-level abnormal behavior under any one of the following conditions:
the charge package ordering data of the Internet of things card comprises non-directional flow service or non-directional short message service;
the machine-card separation data indicates that a machine-card separation action occurs between a first terminal and the Internet of things card, and the first terminal is associated with the Internet of things card;
the traffic, short message or voice usage in the ticket data of the Internet of things card exceeds a preset threshold;
the internet of things card is in a roaming state, and the internet surfing position of the internet of things card belongs to a preset risk area.
The usage amount of the short messages can refer to the number of the short messages sent or received, and the usage amount of the voice can refer to the duration of the outgoing call or the incoming call of the voice.
The third level of abnormal behavior is also referred to as medium abnormal behavior. The medium abnormal behavior threshold rule is as follows.
(1) And judging whether the Internet of things card orders non-directional traffic or short message communication service or not by combining the ordering relation data of the Internet of things card to be detected. If the judgment result is yes, determining that the Internet of things card has medium abnormal behavior.
(2) And judging whether the machine-card separation action of the Internet of things card occurs or not by combining the machine-card separation data of the Internet of things card to be detected. If the judgment result is yes, determining that the Internet of things card has medium abnormal behaviors.
(3) And judging whether the traffic, the short message or the voice consumption of the terminal of the Internet of things card exceeds a preset threshold value by combining the ticket data of the Internet of things card to be detected, for example, whether the traffic, the short message or the voice consumption of the Internet of things card exceeds available free resources of a package ordered by the Internet of things card, and the traffic is more than 2 times larger than the monthly average traffic consumption of three months. If the judgment result is yes, determining that the Internet of things card has medium abnormal behavior.
(4) According to the preset risk areas, the preset risk areas include but are not limited to: the method comprises the steps that areas listed as telecommunication fraud high-occurrence areas by specific departments, areas listed as telecommunication fraud high-occurrence areas by operators or enterprise customers or areas with other security events frequently monitored in a key mode and the like are combined with internet access position data of the internet of things card to be detected, and whether the internet of things card is used for roaming in a preset risk area or not is judged. If the judgment result is yes, determining that the Internet of things card has medium abnormal behaviors.
Optionally, the determining the target behavior exception category of the internet of things card based on the behavior data includes:
determining that the target behavior abnormal category of the Internet of things card is a fourth-level abnormal behavior under the following conditions:
determining a third behavior abnormity category of the Internet of things card based on the behavior data; and if the third behavior exception category is any one of the extremely high exception behavior, the higher exception behavior and the middle exception behavior, if the internet of things card belongs to the card of the exception behavior white list, the third behavior exception category belongs to the exception behavior allowed to occur in the exception behavior white list.
In this embodiment, the third behavior exception category of the internet of things card is determined based on the behavior data; when the third behavior abnormality category is an extremely high abnormal behavior, it may be understood that the target behavior abnormality category of the internet of things card is determined to be a first-level abnormal behavior based on the behavior data.
Determining a third behavior abnormity category of the Internet of things card based on the behavior data; when the third behavior exception type is a higher exception behavior, it may be understood that the target behavior exception type of the internet of things card is determined to be a second-level exception behavior based on the behavior data.
Determining a third behavior abnormity category of the Internet of things card based on the behavior data; when the third behavior abnormality category is a medium-level abnormality behavior, it may be understood that the target behavior abnormality category of the internet of things card is determined to be a third-level abnormality behavior based on the behavior data.
The fourth level of abnormal behavior is also called low abnormal behavior, and the low abnormal behavior threshold rule is as follows.
And judging whether the to-be-detected Internet of things card only has the allowed abnormal behaviors in the preset abnormal behavior white list according to the pre-stored abnormal behavior white list of the specific abnormal behaviors allowed to occur in the Internet of things card under the enterprise client. And if so, determining that the Internet of things card has low abnormal behavior.
Optionally, the determining the target behavior exception category of the internet of things card based on the behavior data includes:
determining that the target behavior abnormal category of the Internet of things card is a fifth-level abnormal behavior under the following conditions:
the Internet of things card belongs to a safe white list card.
In this embodiment, the fifth level of abnormal behavior may correspond to security behavior. And judging whether the to-be-detected internet of things card exists in the safe white list, such as whether the to-be-detected internet of things card is a patch card or a machine card interlocking card, according to the pre-stored safe white list such as the patch card or the machine card interlocking card. And if so, determining that the target behavior abnormal category of the Internet of things card is a safety behavior.
Based on the multi-stage abnormal threshold value rule, after distinguishing and classifying by combining the behavior data of the to-be-detected Internet of things cards, terminals of the to-be-detected Internet of things cards in batches are divided into the following categories: extremely high abnormal behavior, higher abnormal behavior, moderate abnormal behavior, low abnormal behavior, or safe behavior.
In the detection and processing of the abnormal behavior of the Internet of things card, the application provides a white list concept, wherein the white list comprises a safe white list, an abnormal behavior white list and a behavior limitation white list. The secure white list may include information of the internet of things card divided into the secure white list and a corresponding terminal of the internet of things card. The abnormal behavior white list may include information of the internet of things card divided into the abnormal behavior white list and the corresponding internet of things card terminal. The behavior restriction white list may include information of the internet of things card and the corresponding internet of things card terminal that are divided into the behavior restriction white list.
The safety white list and the abnormal behavior white list are used for filtering out the Internet of things card terminals of which the safety is ensured from the physical attribute level or filtering out the terminals of which part of the Internet of things card terminals are allowed to generate specific abnormal behaviors because the normal services are maintained in the abnormal detection process of the Internet of things card, so that the influence on the normal service after the Internet of things card is processed by mistake can be effectively avoided. The behavior limitation white list is used for detecting scenes that only minimum compliance behavior operation within a limited range can occur in actual service application of part of the Internet of things card, including but not limited to voice, short messages, Internet access behaviors or using positions and the like.
By the white list detection mode, on one hand, the influence on normal service after misjudgment of part of the safe internet of things can be effectively avoided, and on the other hand, accurate detection can be carried out on the internet of things terminal with relatively fixed behavior.
Optionally, the determining the target behavior exception category of the internet of things card based on the behavior data includes:
determining a first behavior abnormity category of the Internet of things card according to the behavior data;
receiving a second behavioral anomaly category for the behavioral data input;
and under the condition that the first behavior abnormity category is not matched with the second behavior abnormity category, determining the second behavior abnormity category as the target behavior abnormity category.
The first behavioral exception category and the second behavioral exception category not matching may mean that the first behavioral exception category and the second behavioral exception category are two different categories. For example, if the first behavioral abnormality category is a very high abnormal behavior and the second behavioral abnormality category is a medium abnormal behavior, the second behavioral abnormality category is determined as a target behavioral abnormality category, that is, the target behavioral abnormality category is a medium abnormal behavior.
According to a preset abnormal behavior automatic processing control strategy, automatically processing the internet of things card with the judgment result of the extremely high abnormal behavior, the higher abnormal behavior or the medium abnormal behavior according to a corresponding processing strategy, wherein the processing strategy comprises but is not limited to: the system is shut down, the internet surfing function is turned off, the voice function is turned off, the short message function or the flow speed limit is turned off, the illegal operation of the abnormal internet of things is avoided in time, and the timeliness of safety control is improved.
And storing the behavior data of the abnormal Internet of things card and the automatic processing result data thereof into a database to be audited, and waiting for auditors to perform secondary audit. The auditor can comprehensively evaluate by combining with the multidimensional behavior details of the abnormal internet of things card or offline channel verification and other modes, audits and confirms whether the terminals of the abnormal internet of things card belong to the service allowable range or belong to the bad violation operation, and performs secondary processing operation according to the audit result, for example, reprocessing the abnormal internet of things card which is not automatically processed or is unreasonably automatically processed, including but not limited to shutdown, reset, internet access function shutdown, internet access function startup, voice shutdown, voice function startup, short message function shutdown, short message function startup, flow rate limitation shutdown and the like.
Before auditing and confirmation are carried out by an auditor, carrying out automatic auditing treatment on the abnormal Internet of things card according to a preset automatic auditing rule: and judging whether the Internet of things card has the same abnormal behavior and is subjected to auditing treatment in a preset time period by combining the abnormal behavior data of the terminal of the Internet of things card, and if so, carrying out automatic auditing treatment according to the previous treatment mode, wherein the automatic auditing treatment comprises but not limited to shutdown, reset, Internet surfing function shutdown, Internet surfing function startup, voice function shutdown, voice function startup, short message shutdown, short message function startup, flow rate limit shutdown and the like. Through the automatic auditing rule, the number of the Internet of things cards needing manual auditing can be reduced, and therefore the problem of low efficiency in the auditing and confirming link is solved.
Optionally, the preset abnormal behavior category includes at least one of a first-level abnormal behavior, a second-level abnormal behavior, and a third-level abnormal behavior, and the first control policy includes at least one of shutdown, internet access shutdown, voice shutdown, short message shutdown, and traffic speed limit.
The first level of abnormal behavior is also referred to as extremely high abnormal behavior, the second level of abnormal behavior is also referred to as higher abnormal behavior, the third level of abnormal behavior is also referred to as medium abnormal behavior, the fourth level of abnormal behavior is also referred to as low abnormal behavior, and the fifth level of abnormal behavior is also referred to as safe behavior.
According to the method and the device, an efficient management and control closed loop for anomaly detection of the Internet of things card, audit of the abnormal Internet of things card and processing of the abnormal Internet of things card is formed, anomaly detection is performed by combining a plurality of behavior dimensions, high-risk or high-occurrence violation behaviors in an actual service scene of the terminal of the Internet of things card are covered, the detection accuracy is high, the real-time performance is strong, the management and control efficiency is high, and the method and the device are suitable for anomaly real-time monitoring and control of the terminal of the mass Internet of things card in most service scenes.
Fig. 2 is a schematic flow chart illustrating the anomaly detection and processing of the internet of things card according to the embodiment of the present invention. As shown in fig. 2, the anomaly detection and processing of the internet of things card based on behavior data may include the following steps:
(1) and acquiring the behavior data of the Internet of things card in real time.
(2) And classifying the abnormal behaviors of the Internet of things card to be detected according to a multi-level abnormal threshold rule, wherein the abnormal behaviors are classified into extremely high abnormal behaviors, higher abnormal behaviors, middle abnormal behaviors, low abnormal behaviors or safety behaviors.
(3) And automatically processing, auditing and confirming the terminal of the Internet of things card which is judged to be extremely high abnormal behavior, high abnormal behavior or medium abnormal behavior, and processing and controlling.
Fig. 3 is a schematic diagram illustrating an abnormal behavior detection classification of an internet of things card according to an embodiment of the present invention. As shown in fig. 3, the behavior of the internet of things card is determined to be an extremely high abnormal behavior, a medium abnormal behavior, a low abnormal behavior or a safe behavior according to the behavior data of the internet of things card.
Fig. 4 is a schematic flowchart of an audit process of an internet of things card with abnormal behavior according to an embodiment of the present invention. As shown in fig. 4, the auditing process of the abnormal behavior internet of things card includes the following steps:
(1) and the Internet of things card to be detected is judged and classified into extremely high abnormal behavior, higher abnormal behavior, middle abnormal behavior, low abnormal behavior or safety behavior according to the multi-level abnormal threshold value rule.
(2) And according to a preset automatic processing strategy, carrying out automatic processing management and control on the terminal of the Internet of things card with the judgment result of extremely high abnormal behavior, higher abnormal behavior or medium abnormal behavior.
(3) And storing the behavior data of the Internet of things card with the judgment result of extremely high abnormal behavior, higher abnormal behavior or medium abnormal behavior and the processing result data thereof into an audit database.
(4) And according to a preset automatic auditing rule, carrying out automatic auditing processing on the terminals of the physical network cards which have the same abnormal behavior before the preset time according to the previous auditing processing mode.
(5) And the auditor manually audits the terminal of the abnormal Internet of things card to be audited in the audit database.
The method and the device have the advantages that the multi-level threshold rules are provided, high-risk or high-occurrence abnormal behaviors in the actual business of the Internet of things network card are covered, the abnormal degree of the terminal of the Internet of things network card is judged from multiple aspects by combining multiple behavior dimensions, and relevant behavior characteristic values and threshold rules such as position dimensions, terminal type dimensions and ordering dimensions of behavior data are fully considered.
The application provides an efficient control closed loop for detecting the abnormality of the Internet of things card, auditing the abnormal Internet of things card and processing the abnormal Internet of things card. The method comprises the steps that an automatic processing strategy is provided, the abnormal Internet of things card can be automatically managed and controlled through a preset processing strategy, the automatic management and control treatment comprises but is not limited to shutdown, voice shutdown, Internet access shutdown, short message shutdown or flow rate limit and the like, and the illegal operation of the abnormal Internet of things card can be avoided by timely processing after the abnormity of the Internet of things card is found; the embodiment of the invention also provides an automatic auditing rule, and before the preset time, if the Internet of things card has the same abnormal behavior, the automatic auditing is automatically carried out according to the previous processing mode, so that the number of the Internet of things cards needing to be audited manually can be reduced, and the working efficiency of an auditing and confirming link is improved.
The method and the device for detecting the abnormal behaviors of the Internet of things more comprehensively cover the detection of the high-risk or high-occurrence abnormal behaviors of the Internet of things card, and are high in accuracy, strong in real-time performance and not limited by scenes. By defining a multi-level abnormal threshold rule, behavior data such as position dimension, ordering dimension, terminal dimension, ticket dimension, internet dimension and card physical attribute dimension are acquired in real time, behavior abnormality of the Internet of things card is judged by combining a plurality of behavior dimensions, high-risk/high-occurrence abnormal behavior detection existing in an actual service scene of the Internet of things card is classified into different abnormal levels, and compared with the detection judgment from a single behavior dimension or the simple classification into two results of abnormality and normal, the accuracy is higher, and the abnormal threshold rule more comprehensively covers abnormal violation behaviors of the actual service of the Internet of things card and is not limited by the scene. The control method of the Internet of things card is higher in reliability and accuracy.
Referring to fig. 5, fig. 5 is a block diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 5, the electronic device 500 includes:
a first processor 501, configured to:
acquiring behavior data of the Internet of things card;
determining the target behavior abnormal category of the Internet of things card based on the behavior data;
and executing a first control strategy corresponding to the target behavior abnormal category on the Internet of things card under the condition that the target behavior abnormal category is any one of preset abnormal behavior categories.
Optionally, the target behavior exception category includes: extremely high abnormal behavior, higher abnormal behavior, medium abnormal behavior, low abnormal behavior, or safe behavior;
the behavior data includes: at least one item of internet surfing position, internet surfing terminal, internet surfing access address, tariff package ordering data, ticket data and phone card separation data.
Optionally, the first processor 501 is specifically configured to:
determining that the target behavior abnormal category of the Internet of things card is a first-level abnormal behavior under any one of the following conditions:
the internet of things card is in a roaming state, the internet surfing position of the internet of things card belongs to a preset risk area, and the tariff package ordering data comprises non-directional voice service or non-directional flow service;
the internet access terminal of the internet of things card belongs to a preset sensitive terminal, and the tariff package ordering data comprises non-directional voice service or non-directional flow service;
the internet access terminal of the Internet of things card belongs to a preset sensitive terminal, the machine-card separation data indicate that a machine-card separation action occurs between a first terminal and the Internet of things card, and the first terminal is associated with the Internet of things card.
Optionally, the first processor 501 is specifically configured to:
under any one of the following conditions, determining that the target behavior abnormal category of the Internet of things card is a second-level abnormal behavior:
the tariff package ordering data of the Internet of things card comprises non-directional voice service;
the internet access terminal of the Internet of things card belongs to a preset sensitive terminal;
the Internet of things card belongs to a card of a behavior limit white list, and the behavior data of the Internet of things card exceeds the preset behavior content of the behavior limit white list;
and the internet access address of the internet of things card belongs to a preset unreasonable access address.
Optionally, the first processor 501 is specifically configured to:
determining that the target behavior abnormal category of the Internet of things card is a third-level abnormal behavior under any one of the following conditions:
the charge package ordering data of the Internet of things card comprises non-directional flow service or non-directional short message service;
the machine-card separation data indicates that a machine-card separation action occurs between a first terminal and the Internet of things card, and the first terminal is associated with the Internet of things card;
the traffic, short message or voice usage in the ticket data of the Internet of things card exceeds a preset threshold;
the internet of things card is in a roaming state, and the internet surfing position of the internet of things card belongs to a preset risk area.
Optionally, the first processor 501 is specifically configured to:
determining that the target behavior abnormal category of the Internet of things card is a fourth-level abnormal behavior under the following conditions:
determining a third behavior abnormity category of the Internet of things card based on the behavior data; and if the third behavior exception category is any one of the extremely high exception behavior, the higher exception behavior and the middle exception behavior, if the internet of things card belongs to the card of the exception behavior white list, the third behavior exception category belongs to the exception behavior allowed to occur in the exception behavior white list.
Optionally, the first processor 501 is specifically configured to:
determining that the target behavior abnormal category of the Internet of things card is a fifth-level abnormal behavior under the following conditions:
the Internet of things card belongs to a safe white list card.
Optionally, the first processor 501 is specifically configured to:
determining a first behavior abnormity category of the Internet of things card according to the behavior data;
receiving a second behavioral anomaly category for the behavioral data input;
and under the condition that the first behavior abnormity category is not matched with the second behavior abnormity category, determining the second behavior abnormity category as the target behavior abnormity category.
Optionally, the preset abnormal behavior category includes at least one of a first-level abnormal behavior, a second-level abnormal behavior, and a third-level abnormal behavior, and the first control policy includes at least one of shutdown, internet access shutdown, voice shutdown, short message shutdown, and traffic speed limit.
It should be noted that, the present embodiment is implemented as an electronic device corresponding to the above method embodiment, and therefore, reference may be made to the relevant description in the above method embodiment, and the same beneficial effects may be achieved. To avoid repetition of the description, the description is omitted.
The embodiment of the invention also provides the electronic equipment. Referring to fig. 6, the electronic device may include a second processor 601, a first memory 602, and a first computer program 6021 stored in the first memory 602 and operable on the second processor 601, where when the first computer program 6021 is executed by the second processor 601, any step in the embodiment of the method corresponding to fig. 1 may be implemented and the same beneficial effect may be achieved, and details are not described herein.
Those skilled in the art will appreciate that all or part of the steps of the method described above can be implemented by hardware associated with program instructions, and the program can be stored in a computer readable medium. An embodiment of the present invention further provides a computer-readable storage medium, where a second computer program is stored on the computer-readable storage medium, and when the second computer program is executed by a third processor, any step in the method embodiment corresponding to fig. 1 may be implemented, and the same technical effect may be achieved, and in order to avoid repetition, details are not repeated here.
The storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (12)

1. A control method of an Internet of things card is applied to electronic equipment, and is characterized by comprising the following steps:
acquiring behavior data of the Internet of things card;
determining the target behavior abnormal category of the Internet of things card based on the behavior data;
and executing a first control strategy corresponding to the target behavior abnormal category on the Internet of things card under the condition that the target behavior abnormal category is any one of preset abnormal behavior categories.
2. The method for controlling the internet of things card according to claim 1, wherein the target behavior abnormality category comprises: extremely high abnormal behavior, higher abnormal behavior, medium abnormal behavior, low abnormal behavior, or safe behavior;
the behavior data includes: at least one item of internet surfing position, internet surfing terminal, internet surfing access address, tariff package ordering data, ticket data and phone card separation data.
3. The method for controlling the internet of things card according to claim 2, wherein the determining the target behavior abnormality category of the internet of things card based on the behavior data comprises:
determining that the target behavior abnormal category of the Internet of things card is a first-level abnormal behavior under any one of the following conditions:
the internet of things card is in a roaming state, the internet surfing position of the internet of things card belongs to a preset risk area, and the tariff package ordering data comprises non-directional voice service or non-directional flow service;
the internet access terminal of the internet of things card belongs to a preset sensitive terminal, and the tariff package ordering data comprises non-directional voice service or non-directional flow service;
the internet access terminal of the Internet of things card belongs to a preset sensitive terminal, the machine-card separation data indicate that a machine-card separation action occurs between a first terminal and the Internet of things card, and the first terminal is associated with the Internet of things card.
4. The method for controlling the internet of things card according to claim 2, wherein the determining the target behavior abnormality category of the internet of things card based on the behavior data comprises:
under any one of the following conditions, determining that the target behavior abnormal category of the Internet of things card is a second-level abnormal behavior:
the tariff package ordering data of the Internet of things card comprises non-directional voice service;
the internet access terminal of the Internet of things card belongs to a preset sensitive terminal;
the Internet of things card belongs to a card of a behavior limit white list, and the behavior data of the Internet of things card exceeds the preset behavior content of the behavior limit white list;
and the internet access address of the internet of things card belongs to a preset unreasonable access address.
5. The method for controlling the internet of things card according to claim 2, wherein the determining the target behavior abnormality category of the internet of things card based on the behavior data comprises:
determining that the target behavior abnormal category of the Internet of things card is a third-level abnormal behavior under any one of the following conditions:
the charge package ordering data of the Internet of things card comprises non-directional flow service or non-directional short message service;
the machine-card separation data indicates that a machine-card separation action occurs between a first terminal and the Internet of things card, and the first terminal is associated with the Internet of things card;
the traffic, short message or voice usage in the ticket data of the Internet of things card exceeds a preset threshold;
the internet of things card is in a roaming state, and the internet surfing position of the internet of things card belongs to a preset risk area.
6. The method for controlling the internet of things card according to claim 2, wherein the determining the target behavior abnormality category of the internet of things card based on the behavior data comprises:
determining that the target behavior abnormal category of the Internet of things card is a fourth-level abnormal behavior under the following conditions:
determining a third behavior abnormity category of the Internet of things card based on the behavior data; and if the third behavior exception category is any one of the extremely high exception behavior, the higher exception behavior and the middle exception behavior, if the internet of things card belongs to the card of the exception behavior white list, the third behavior exception category belongs to the exception behavior allowed to occur in the exception behavior white list.
7. The method for controlling the internet of things card according to claim 2, wherein the determining the target behavior abnormality category of the internet of things card based on the behavior data comprises:
determining that the target behavior abnormal category of the Internet of things card is a fifth-level abnormal behavior under the following conditions:
the Internet of things card belongs to a safe white list card.
8. The method for controlling the internet of things card according to claim 1, wherein the determining the target behavior abnormality category of the internet of things card based on the behavior data comprises:
determining a first behavior abnormity category of the Internet of things card according to the behavior data;
receiving a second behavioral anomaly category for the behavioral data input;
and under the condition that the first behavior abnormity category is not matched with the second behavior abnormity category, determining the second behavior abnormity category as the target behavior abnormity category.
9. The method for controlling the internet of things card according to claim 1, wherein the preset abnormal behavior category comprises at least one of a first-level abnormal behavior, a second-level abnormal behavior and a third-level abnormal behavior, and the first control strategy comprises at least one of shutdown, internet surfing shutdown, voice shutdown, short message shutdown and flow rate limit.
10. An electronic device, characterized in that the electronic device comprises:
a first processor to:
acquiring behavior data of the Internet of things card;
determining the target behavior abnormal category of the Internet of things card based on the behavior data;
and executing a first control strategy corresponding to the target behavior abnormal category on the Internet of things card under the condition that the target behavior abnormal category is any one of preset abnormal behavior categories.
11. An electronic device, comprising a second processor, a first memory, and a first computer program stored on the first memory and executable on the second processor, wherein the first computer program, when executed by the second processor, implements the steps of the method for controlling the internet of things card according to any one of claims 1 to 9.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a second computer program which, when executed by a third processor, implements the steps of the method for controlling an internet of things card according to any one of claims 1 to 9.
CN202010855846.9A 2020-08-24 2020-08-24 Control method of Internet of things card and electronic equipment Pending CN114091563A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010855846.9A CN114091563A (en) 2020-08-24 2020-08-24 Control method of Internet of things card and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010855846.9A CN114091563A (en) 2020-08-24 2020-08-24 Control method of Internet of things card and electronic equipment

Publications (1)

Publication Number Publication Date
CN114091563A true CN114091563A (en) 2022-02-25

Family

ID=80295500

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010855846.9A Pending CN114091563A (en) 2020-08-24 2020-08-24 Control method of Internet of things card and electronic equipment

Country Status (1)

Country Link
CN (1) CN114091563A (en)

Similar Documents

Publication Publication Date Title
CN106791220B (en) Method and system for preventing telephone fraud
CN110830986A (en) Method, device, equipment and storage medium for detecting abnormal behavior of Internet of things card
CN109936556B (en) Monitoring method and device for account stealing event
CN110611929A (en) Abnormal user identification method and device
KR102200253B1 (en) System and method for detecting fraud usage of message
CN108322354B (en) Method and device for identifying running-stealing flow account
CN108537043B (en) Risk control method and system for mobile terminal
CN110113748B (en) Crank call monitoring method and device
CN114867025A (en) Method and device for preventing short message bombing
CN107872446B (en) Communication account management method and device and server
CN107888576B (en) Anti-collision library safety risk control method using big data and equipment fingerprints
CN110750784A (en) Safety prevention and control method and system for automatic vending equipment
Tarmazakov et al. Modern approaches to prevent fraud in mobile communications networks
CN109120808A (en) A kind of shutdown fee payment method and device
CN115442159B (en) Household routing-based risk management and control method, system and storage medium
CN114091563A (en) Control method of Internet of things card and electronic equipment
CN111698683B (en) Network security control method and device, storage medium and computer equipment
CN115767551A (en) Harassment fraud call identification method, device, equipment and storage medium
CN107086978B (en) Method and device for identifying Trojan horse virus
CN111294311B (en) Traffic charging method and system for preventing traffic fraud
CN112217764B (en) Risk identification method and device and electronic equipment
CN111932290A (en) Request processing method, device, equipment and storage medium
CN114168423A (en) Abnormal number calling monitoring method, device, equipment and storage medium
CN114444830A (en) Method and device for judging abnormality of Internet of things card
CN113723788A (en) Internet of things card risk identification method and system based on multi-dimensional correlation detection model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination